Please Do Not Post Shortened URLs

Postby Wolfchild » Tue Oct 20, 2009 2:15 pm

Shortened URLs such as TinyURL.com or bit.ly will no longer be allowed in posts. When drafting the rules for this site, I canvassed a lot of other forums and most of them had a rule against shortened URLs. At the time I didn't see a need to disallow them. However since then it has been pointed out to me how they pose a security risk to users. Although to my knowledge they have never been abused here, I don't want it to ever happen. A summary version of the problem with shortened URLs is:

Unfortunately, attackers can easily exploit a shortened URL to lure users into accessing malicious Web sites. Because the shortened URL is a random collection of characters that has nothing to do with the actual URL, users cannot easily determine whether it is legitimate.


Sorry for the inconvenience.
User avatar
Wolfchild
 
Posts: 2821
Joined: Sat Apr 25, 2009 8:26 pm

Re: Please Do Not Post Shortened URLs

Postby stormbringer951 » Tue Oct 20, 2009 6:09 pm

It's good practice to disallow URL redirects. Bulletin Boards are vulnerable to begin with, and shortened URLs can compound this. I can't remember a lot of the exploits, but is HTML code disabled on here?
Image
User avatar
stormbringer951
 
Posts: 203
Joined: Sun Jul 19, 2009 4:34 pm

Re: Please Do Not Post Shortened URLs

Postby Wolfchild » Tue Oct 20, 2009 8:47 pm

No, as an admin you would have to go out of your way to be able to have users post raw HTML here. This is good, because there is almost no circumstance where it would be a good idea.
...the story derives a lot of its appeal from its sense of despair and a darkness in which the love of Eli and Oskar seems to shine with a strange and disturbing light.
-Lacenaire

Visit My LTROI fan page.
User avatar
Wolfchild
 
Posts: 2821
Joined: Sat Apr 25, 2009 8:26 pm