James Bandara wrote/schrieb/scripsit:
To block this I suggest you edit your service to only accept links that end in image formats for images before the querystring.
That doesn't really help ─ the attacker can send a HTTP redirect from an innocent-looking URL.
-Stefan -- junior guru SP666-RIPE JID:stefanp@xxxxxxxxxxxxxxxx SMP@IRC