Was about to write.. this really is security 101... and then noticed that a page I wrote around 6 years ago has the same vunerability. Oops :-[ ]
But in my defence: 1- I now know better 2- I was only learning dynamic web pages at the time and 3- I was not a multi billion dollar company!!
Must go over 7 year old Perl code now...
Google redirection you say?
If you're inventive with the q and as_sitesearch parameters you can have hours of fun. People see a Google query and don't think to check for the site.
30 Second Effective Fix.
99% of these redirect scripts can be secured through the use of a referrer check.
Have they really cleaned up their act?
Um well about 75% of the spam I get has has links referred to by AOL, MSN, Yahoo and, yes, still Google. news.google.tw seems to be the favourite. So I don't think Google has cleaned up its act at all; I think it is effectively supporting spammers (maybe not phishers though, but effectively they are all the same now). Appalling behaviour I'd say.