Name and severity of this type of redirect fraud

On my server, I track clicks to external websites that serve as references. Recently, visitors from Russia have been clicking on http://emotionathletes.org/redir?url=http://freedatingsiteall.com, for example, and I found it listed on this chinese website among others:

http://www.epropertywatch.com/email/75b8755ffe434c20bb5363e490172ba1/track/click?url=https%3A%2F%2Ffreedatingsiteall.com
http://emotionathletes.org/redir?url=http://freedatingsiteall.com
http://toonsfactor.com/cgi-bin/at3/out.cgi?l=tmx7x302x16457&s=55&u=http://freedatingsiteall.com

I changed the source code to 404 all external websites that are not in source code. I checked the SSH logs and the server has not been compromised.

At most, a user who clicked on that link would be redirected to the masked link. So I don't understand why a fraudster would do this. It could be click fraud to increase results of a campaign (some links have utm GET parameters) or a way to increase traffic to a website by masking it as another.

Does such a method have a name, and is it low risk as I expect?

Solution 1:

The name of this security issue is Open Redirect, and is a highly dangerous way of phishing. Never trust any request parameters ;)

It is listed as Common Weakness Enumeration 601:

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. Extended Description An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.