homepage Welcome to WebmasterWorld Guest from 54.161.175.231
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Marketing and Biz Dev / Cloaking
Forum Library, Charter, Moderator: open

Cloaking Forum

    
Hidden cloaking?
I'm stumped.
larryhatch




msg:679034
 6:39 am on Oct 15, 2005 (gmt 0)

Very recently, a newspaper website ran an article with a link to my website. Traffic went up.
Access_logs for one day indicated 40 hits coming from:
www.newspaper.com/externallinks.php?url=www.mysite.net

Another 9 hits came from www.newspaper.com/article#12345.

I called up their page above, looked at the source code and sure enough there
was an honest looking <a href = mysite.net..> yadda yadda </a> type link.

When I moused over that hyperlink the first time, I saw the honest link.
The NEXT time i moused over it, I got the phony php link!

No matter what I do, source code shows only the honest <a=href..> link.

I figured it was because I browsed in from Google and they were cloaking,
showing me the source they prefer Google to see.

Sooooo .. I manually typed in the newspaper's story url in full.
Now there is no sign of honest link on mouseover, BUT source STILL shows the honest link.

Finally, I went to work and repeated all these tests from there, with a different
computer, different browser, host ISP, the works.
I STILL see my honest URL in source code, and get the phony one when I click or mouseover.

I presume this is some kind of cloaking. Questions are:

1) How the heck does that work? Has somebody found a way to show phony source code,
while executing different actual code?

2) If so, where did the 9 'honest' hits come from, the ones with <a href=?

3) May I presume that Google etc. will see the honest link and credit it?
If so, I can't get too upset about it.

I'm more curious than anything else. Any clues to this mystery much appreciated. -Larry

 

volatilegx




msg:679035
 5:45 pm on Oct 15, 2005 (gmt 0)

Sounds like JavaScript to me. Definitely some client-side scripting going on. Doesn't sound like cloaking. Try mousing over/clicking the link with JavaScript disabled.

encyclo




msg:679036
 5:50 pm on Oct 15, 2005 (gmt 0)

Could be Javascript dynamically selecting anchors within a specified code block and sending JS-enabled users via a click-thru counter script. If this is the case, it isn't really cloaking as bots (which won't read the JS) will get the straight link. What this technique will do is give the site stats which won't include bots, only human visitors. Of course, it may be something else entirely. :)

<added>too slow ;)</added>

volatilegx




msg:679037
 2:40 am on Oct 16, 2005 (gmt 0)

<added>too slow wink</added>

Matters not... your answer was a lot better than mine ;)

fischermx




msg:679038
 3:33 am on Oct 16, 2005 (gmt 0)

Javascript, that's it. Many webmasters do that.
Actually, doesn't google do that in the adsense ads?

larryhatch




msg:679039
 1:20 am on Oct 17, 2005 (gmt 0)

Thanks for the help guys. Yes, it has to be javascript.

I disabled both java and javascript. Source code still shows the straight link.
Mouseover now ALSO shows straight link every time, and that's the one that executes.
No more php?url=mysite stuff. I see this as a benign thing really.
IF users have JS running, they presumably go thru an
outgoing hits-counter or the like.
IF a visitor has JS disabled, they still get thru with the straight link.
Google etc. see straight links and presumably credit them. No harm done at all. -Larry

larryhatch




msg:679040
 2:12 am on Oct 17, 2005 (gmt 0)

Another note. I agree that strictly speaking, this wasn't cloaking.
Cloaking is when you serve up one page to the SEs, and quite another to the public.

Still, I'm curious just how they do this. I presume there is some code that
says in effect: " IF JS enabled, go to THIS page immediately."
IF I'm right, what would the code actually look like?
If I see that in the page source, it nails down the diagnosis pretty firmly. -Larry

Sathallrin




msg:679041
 6:33 pm on Nov 3, 2005 (gmt 0)

Still, I'm curious just how they do this. I presume there is some code that
says in effect: " IF JS enabled, go to THIS page immediately."
IF I'm right, what would the code actually look like?
If I see that in the page source, it nails down the diagnosis pretty firmly. -Larry

It wouldn't be a javascript redirect... it would just search the page dynamically and replace external links. Using a detection looking for http: in the link and then adding their php link into the href.

larryhatch




msg:679042
 10:18 pm on Nov 3, 2005 (gmt 0)

That could very well be. For me the main thing is that the Search engines
see the straight link, and credit that as an incoming link to my page. - Larry

volatilegx




msg:679043
 8:56 pm on Nov 4, 2005 (gmt 0)

I didn't say it was a JavaScript redirect. It's more like a mouseover event, where the destination URL changes if the mouse curson hovers over the anchor.

As far as whether the link will be attributable to your site, Larry, if the link points to your site in the HTML (irrespective on any JavaScript mouseover events), then I believe it will in fact be attributable to your site.

larryhatch




msg:679044
 9:48 pm on Nov 4, 2005 (gmt 0)

I looked over the newpaper article source code. There was no sign of mouseover shenanigans.
The link to my page is a straight html link. I was curious how they did that. -Larry

volatilegx




msg:679045
 8:02 pm on Nov 6, 2005 (gmt 0)

Is there a linked .js document?

larryhatch




msg:679046
 11:08 pm on Nov 6, 2005 (gmt 0)

Hi VolatileGX: YES there is javascript. Here's what I think is the relevant code (exemplified)

<script language="JavaScript" type="text/JavaScript">
<!--
function findexternallinks () {
dump='';
for (i=0; i<document.links.length; i++) {
host = document.links[i].host;
href = document.links[i].href;
protocol = document.links[i].protocol;
if ((host.search(/newmexican\.com/i) == -1) && (host.search(/207\.#*$!\.yyy\.zzz/i) == -1)
&& (protocol.search(/mailto\:/i) == -1) && (host.search(/trafficdeveloper\.com/i) == -1)
&& (host!= 'localhost') && (protocol.toLowerCase()!= 'javascript:') ) {
document.links[i].href = "/externallink.php?url=" + escape(href);
} } }

- - -

Note the /externallink.php bit. THAT is exactly how the redirected hits come in with my URL appended.
Mystery solved. Its JS with a .php redirect.

A FEW people, presumably with JS disabled, came in via the straight link.
That is how I found the URL of the originating page. -Larry

volatilegx




msg:679047
 11:14 pm on Nov 7, 2005 (gmt 0)

Good detective work. I'm glad you solved the mystery :)

Dan

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Marketing and Biz Dev / Cloaking
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved