Page 1 of 1

Please Do Not Post Shortened URLs

Posted: Tue Oct 20, 2009 2:15 pm
by Wolfchild
Shortened URLs such as TinyURL.com or bit.ly will no longer be allowed in posts. When drafting the rules for this site, I canvassed a lot of other forums and most of them had a rule against shortened URLs. At the time I didn't see a need to disallow them. However since then it has been pointed out to me how they pose a security risk to users. Although to my knowledge they have never been abused here, I don't want it to ever happen. A summary version of the problem with shortened URLs is:
Unfortunately, attackers can easily exploit a shortened URL to lure users into accessing malicious Web sites. Because the shortened URL is a random collection of characters that has nothing to do with the actual URL, users cannot easily determine whether it is legitimate.
Sorry for the inconvenience.

Re: Please Do Not Post Shortened URLs

Posted: Tue Oct 20, 2009 6:09 pm
by stormbringer951
It's good practice to disallow URL redirects. Bulletin Boards are vulnerable to begin with, and shortened URLs can compound this. I can't remember a lot of the exploits, but is HTML code disabled on here?

Re: Please Do Not Post Shortened URLs

Posted: Tue Oct 20, 2009 8:47 pm
by Wolfchild
No, as an admin you would have to go out of your way to be able to have users post raw HTML here. This is good, because there is almost no circumstance where it would be a good idea.