homepage Welcome to WebmasterWorld Guest from 54.161.202.234
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

This 713 message thread spans 24 pages: < < 713 ( 1 ... 8 9 10 11 12 13 14 15 16 17 [18] 19 20 21 22 23 24 > >     
302 Redirects continues to be an issue
japanese




msg:748407
 6:23 pm on Feb 27, 2005 (gmt 0)

recent related threads:
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]



It is now 100% certain that any site can destroy low to midrange pagerank sites by causing googlebot to snap up a 302 redirect via scripts such as php, asp and cgi etc supported by an unseen randomly generated meta refresh page pointing to an unsuspecting site. The encroaching site in many cases actually write your websites location URL with a 302 redirect inside their server. This is flagrant violation of copyright and manipulation of search engine robots and geared to exploit and destroy websites and to artificially inflate ranking of the offending sites.

Many unethical webmasters and site owners are already creating thousands of TEMPLATED (ready to go) SKYSCRAPER sites fed by affiliate companies immense databases. These companies that have your website info within their databases feed your page snippets, without your permission, to vast numbers of the skyscraper sites. A carefully adjusted variant php based redirection script that causes a 302 redirect to your site, and included in the script an affiliate click checker, goes to work. What is very sneaky is the randomly generated meta refresh page that can only be detected via the use of a good header interrogation tool.

Googlebot and MSMBOT follow these php scripts to either an internal sub-domain containing the 302 redirect or serverside and “BANG” down goes your site if it has a pagerank below the offending site. Your index page is crippled because googlebot and msnbot now consider your home page at best a supplemental page of the offending site. The offending sites URL that contains your URL is indexed as belonging to the offending site. The offending site knows that google does not reveal all links pointing to your site, takes a couple of months to update, and thus an INURL:YOURSITE.COM will not be of much help to trace for a long time. Note that these scripts apply your URL mostly stripped or without the WWW. Making detection harder. This also causes googlebot to generate another URL listing for your site that can be seen as duplicate content. A 301 redirect resolves at least the short URL problem so aleviating google from deciding which of the two URL's of your site to index higher, more often the higher linked pagerank.

Your only hope is that your pagerank is higher than the offending site. This alone is no guarantee because the offending site would have targeted many higher pagerank sites within its system on the off chance that it strips at least one of the targets. This is further applied by hundreds of other hidden 301 permanent redirects to pagerank 7 or above sites, again in the hope of stripping a high pagerank site. This would then empower their scripts to highjack more efficiently. Sadly supposedly ethical big name affiliates are involved in this scam, they know it is going on and google adwords is probably the main target of revenue. Though I am sure only google do not approve of their adsense program to be used in such manner.

Many such offending sites have no e-mail contact and hidden WHOIS and no telephone number. Even if you were to contact them, you will find in most cases that the owner or webmaster cannot remove your links at their site because the feeds are by affiliate databases.

There is no point in contacting GOOGLE or MSN because this problem has been around for at least 9 months, only now it is escalating at an alarming rate. All pagerank sites of 5 or below are susceptible, if your site is 3 or 4 then be very alarmed. A skyscraper site only need create child page linking to get pagerank 4 or 5 without the need to strip other sites.

Caution, trying to exclude via robots text will not help because these scripts are nearly able to convert daily.

Trying to remove a link through google that looks like
new.searc**verywhere.co.uk/goto.php?path=yoursite.com%2F will result in your entire website being removed from google’s index for an indefinite period time, at least 90 days and you cannot get re-indexed within this timeline.

I am working on an automated 302 REBOUND SCRIPT to trace and counteract an offending site. This script will spider and detect all pages including sub-domains within an offending site and blast all of its pages, including dynamic pages with a 302 or 301 redirect. Hopefully it will detect the feeding database and blast it with as many 302 redirects as it contains URLS. So in essence a programme in perpetual motion creating millions of 302 redirects so long as it stays on. As every page is a unique URL, the script will hopefully continue to create and bombard a site that generates dynamically generated pages that possesses php, asp, cigi redirecting scripts. A SKYSCRAPER site that is fed can have its server totally occupied by a single efficient spider that continually requests pages in split seconds continually throughout the day and week.

If the repeatedly spidered site is depleted of its bandwidth, it may then be possible to remove it via googles URL removal tool. You only need a few seconds of 404 or a 403 regarding the offending site for google’s url console to detect what it needs. Either the site or the damaging link.

I hope I have been informative and to help anybody that has a hijacked site who’s natural revenue has been unfairly treated. Also note that your site may never gain its rank even after the removal of the offending links. Talking to offending site owners often result in their denial that they are causing problems and say that they are only counting outbound clicks. And they seam reluctant to remove your links....Yeah, pull the other one.

[edited by: Brett_Tabke at 9:49 pm (utc) on Mar. 16, 2005]

 

japanese




msg:748917
 1:33 am on Mar 15, 2005 (gmt 0)

boredguru,

Good observation but you are a bit late to point out the flaw in my suggestion. It was previously pointed out that other problems could arise.

However, Are you suggesting that the average site give way to the demands of the big boys like am**on? and what works for them is the most favored option?.

I think still that at least I made a suggestion and it was based on putting an end to the hijacking.

If you look at my post in detail, the loophole is blocked for googlebot to make an error and the hijacker is stopped in his path.

Then google can work on easier solutions to accomodate big sites requirements.

If am**on want to keep moving and directing their pages internally, then surely that is their problem and not the problem of hijacked websites.

Do you hear am**on complaining about the average website being hijacked? could they care less?

My suggestion is a brick wall against hijacking and it would work. Yes, it would have implications.

I would rather see implacations than the hijacking of sites.

Are you aware of how vulnerable your site is?

ps, In defense of Claus, and I hope he does not mind,

He actually meant that the legitimate site is normally worse off and reading his post again I could not see anything wrong with it that seemed double standard that you have suggested. I interpreted that he is indeed on our side of the fence.

OK, I admit, you certainly know your stuff and I raise my hat in honour of that, but our frustration and this gargantuan thread is really all about how google is handling the "302 found".

Can you let us know if you have read this thread from top to bottom?

theBear




msg:748918
 1:46 am on Mar 15, 2005 (gmt 0)

japanese,

I went through my logs and there is no consistent handling in terms of order so my research hit a wall.

I am currently looking at another way but haven't put together a test bed yet.

On the "news" front there are security type folks that might be interested in this and have the ability to understand what the problem is.

I can (pun intended) see the CAN number now.

idoc




msg:748919
 1:47 am on Mar 15, 2005 (gmt 0)

Well, I think I need to do some thinking about how to implement some level of this type am**on technique myself. I dont plan to sell books or clicks, so I just need to appear that I do or at least use some of these techniques that have "sacred cow" status and I should be o.k... if the theory holds. Problem is I don't have issues right now with MSN or Y and I don't want any. So, maybe I need a separate site dediated to the new G... and hijack my own original site with it. Only partial sarcasm here. ;)

theBear




msg:748920
 1:57 am on Mar 15, 2005 (gmt 0)

boredguru,

The flaw was pointed out about not following the location for the 301 in particular.

My solution is for Google to store what was at location under that location which means if the page retrieved at the end of the chain was www.example.com then it would get stored in www.example.com/ and be considered (which the screwed up url already is according to Googles site: search) to be part of the target site.

This stops the injection (security flaw) of duplicate content and/or maliciuos code. This is in fact a code injection bug. This can be used to point google to all sorts of things (pOrn sites, warez, etc. etc ..) if www.scumbag.com wants to point to such fine places they can.

Now I've got a ton of work to get done. Keep talking folks.

Reid




msg:748921
 2:11 am on Mar 15, 2005 (gmt 0)

Hey japanese is that your page about 302 hijacking at Loris web?

A page that talks all about how to detect the various methods of 302 hijacks and what to do about it.

It is a very comprehensive page, showing various hijack methods and how to detect them, the solution however is along the lines of whois search and contacting hosts for TOS violations.

There are so many methods it's mind boggling. Most of them don't get your site banned they just steal PR and SERP's. It's so common everyones doing it.

My suggestion to all who have smaller sites and are just trying to build up your SERP's, go to every inbound link you can find to your site, all those fly by nite directories you joined for a free link or even paid inclusion links, run their link to you through a server header checker. If it says "302 found" do all you can to get rid of that link. This is the fastest and best thing you can do to get YOUR PR BACK Start by asking nicely and then get nasty if they wont delete it. They are stealing your SERP and your PR and your inbound link rating in some cases.
I had one case when I did site:mysite all pages were fine except the homepage, It was my title and description but another sites link. I asked then to remove it and they did, my traffic doubled instantly. I don't know why and don't care why, 302 links are pagejacking - end of discussion.

I don't care what the 'norm is', my policy from now on is if you are linking to me with a 302, you are a pagejacker and will be treated as such until you remove that link, I have lots of cannonical links pointing to me and I use cannonical outbound links on my site.
Anyone want the link to this good page about it - sticky me. I don't know her, just found it in the SERP's.

Reid




msg:748922
 2:25 am on Mar 15, 2005 (gmt 0)

I don't care what the 'norm is', my policy from now on is if you are linking to me with a 302, you are a pagejacker and will be treated as such until you remove that link,

let me re-phrase that.
If you show up in site:mysite you are a pagejacker and will be treated as such. Or if you show up in Links:mysite with MY PAGES as supplemental to your link you will be treated in the same way.

BigUns




msg:748923
 3:07 am on Mar 15, 2005 (gmt 0)

In case it hasn't been posted on this 500+ posts thread yet, here is a related WebmasterWorld thread entitled "Dupe content checker - 302's - Page Jacking - Meta Refreshes" - 39 pages - starting in September 2004. And if that isn't enough background reading, msg #7 in that thread has links to 9 other WebmasterWorld related threads, and if that isn't enough ...

[webmasterworld.com ]

Seriously, this thread is worth a read if you haven't already.

Stefan




msg:748924
 3:29 am on Mar 15, 2005 (gmt 0)

What the hec, I'll bump it up another notch....

I don't know how GG has the nerve to post anything in this forum until he's adressed the 302 issue. What exactly is the point of him posting in any thread, if he can't address something like 302 hijacking? Just to fob us all off as part of some PR crap? (I know MSN has the same problem with hijacking too, but at least we don't have Bill showing up here pretending he's part of the community).

fischermx




msg:748925
 5:05 am on Mar 15, 2005 (gmt 0)

Does anybody has notice if this same bad effect also occurs in sites using asp/asp.net for redirect? or is it just with PHP scripts?

As I told some pages ago (and was ignored, but no problem), I do practice the 302 redirection for outbound links in a little directory I have.

I took the list of sites and want to manually check them one by one. I've not found my site, which uses asp.net, among the sites, I list. HOWEVER, I did found another similar niche directory similar to mine appearing in other's site!
It happens that this other directory is using PHP, while I'm with asp.net

Any thoughts?

fischermx




msg:748926
 5:12 am on Mar 15, 2005 (gmt 0)

Wait a minute, there's a little big difference between the PHP and the ASP.Net redirection :

Looking at the HTTP headers using web sniffer, I found the following :

PHP responds :
HTTP Status Code: HTTP/1.1 302 Found
and a blank response is sent.

ASP.Net responds :
HTTP Status Code: HTTP/1.1 302 Found
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='http://theothersite.com/'>here</a>.</h2>
</body></html>

Could be this PHP lack of HTML response the cause of the problem and the reason why the asp.net redirection does not cause page hijacking?

jeremymgp




msg:748927
 5:32 am on Mar 15, 2005 (gmt 0)

HI,

There seems to be a general understanding that it's lower PR sites that are most at risk. While this is true I'm aware of URLs that held a longterm PageRank 8 and due to hijacking now have a PageRank 2. I understand then that all sites from at least PR0-PR8 are susceptible to hijacking, which must account for the very large majority of sites indexed by Google.

Jeremy

stargeek




msg:748928
 6:22 am on Mar 15, 2005 (gmt 0)

Does anybody has notice if this same bad effect also occurs in sites using asp/asp.net for redirect? or is it just with PHP scripts?

yes the problem is in google's handling of the 302 directive which is part of the http protocol, not specific to php, or any language.

php's header() function uses the sends raw headers directives and by using the 'Location:' directive a 302 is invoked and i'm sure there is a way to do it with asp i'm just not familiar with how it works.

Reid




msg:748929
 9:18 am on Mar 15, 2005 (gmt 0)

Does anybody has notice if this same bad effect also occurs in sites using asp/asp.net for redirect? or is it just with PHP scripts?

First of all Japanese has a very good understanding of the problem he did also mention asp scripts. It seems it is a 302 problem in general but it only happens under certain conditions (PR vs PR or something like that) although some jackers are altering scripts to make it even worse. (getting the victim banned for duplicate content)
I'm getting rid of another now - displaying my page in a frame (through a cgi type 302)and appearing in site:mysite. I also read about some using .htaccess to invoke 302 and jacking pages.

Reid




msg:748930
 9:36 am on Mar 15, 2005 (gmt 0)

I guess it shouldn't be called pagejacking - what it is is SERPjacking.

MY page title
MY page description
MY SERP
not my URL

boredguru




msg:748931
 10:30 am on Mar 15, 2005 (gmt 0)

Hi Japanese
Yes i did read through this whole thread. I did not understand what you meant when you said about claus. Did i say something about him?

And is anyone who is a victim willing to try the solution at msg #:507. My domain is currently healthy and has been able to ward off most of the hijacking attempt. But i wrote this code in preperation for the day when and if it fell sick. I would like to see this medicine administered to a sick domain.

Is there anybody in there?
Jus nod if you can hear me.

surfgatinho




msg:748932
 11:25 am on Mar 15, 2005 (gmt 0)

Do I need to get my site removed from Overture as I notice I get a lot of 302 type links on sites using overture content?

claus




msg:748933
 11:36 am on Mar 15, 2005 (gmt 0)

>> If Google had any criteria where the best page wins, then all these root URLs would have no problems with a single link killing them.

Crobb305, Steveb:
- i used the "best page wins" only as a figure of speech. Clearly it is neither the best page nor the right page that wins in these hijacks. It's not even a real page, just a script.

>> fence

Just to clear up any misunderstandings: I don't like page hijacking and i'm not in favour of it. I don't hope any post has led to another conclusion, as i think i've stated this a lot of times in the past years.

Where i perhaps differ from some is that i don't see this as something that evil webmasters do to innocent webmasters. Some might very well do this deliberately, but most does not. Besides, there's an even more important point: While some will do this only for ranking it is very wrong to think of this as just limited to de-ranking other pages. This is a serious security flaw (or "an exploit" in security terms) and the error and responsability lies with the search engines alone.

Yes, you can easily make CNN advertise child pr0n with this, or set up a fake bank frontend, or whatever.

(theBear is sofar the only one that has picked this up in msg #524)

>> publicity

My post #54 of this thread is still available for republishing, so go ahead and grab it and do a writeup on top of it - that's easy, free, and relevant content for your site and it will increase the pressure on the search engines to do something about this.

I know of just a few that has done so already. Also, there's more coming up, it seems (but don't let that stop you from publishing your own writeups - we need this hole to be closed). My own writeup has a lot of details, including the word "exploit" - it was published only yesterday on my main site, but it's not indexed by Googlebot yet.

theBear




msg:748934
 12:24 pm on Mar 15, 2005 (gmt 0)


fischermx,

It may well be the lack of a response section that causes part of the problem.

This might even be considered a buffer usurp and execution of random html (oh boy, what fun)

However the response (as well as the status) is what the search engine should check. This is probably what is fouled up. If it were just a regular normal 302 it would be far more of a problem, and there wouldn't be the site spliting that is taking place.

claus,

all kinds of lights went on after looking at few things in gory detail. The real kicker is that the offending site can remove its links and Google will continue to keep the domain poisoned.

zeus




msg:748935
 12:48 pm on Mar 15, 2005 (gmt 0)

Googleguy can not do anything here, google is now a public company and for a topic a serious as this googlejacking, where the serps are a real mess, no one from google would say anything specific about the situation, there stock would go down huge, OK the stock is at a 3 month low now, but anyway dont expect a clear comment, because of the serious issue this is.

Googleguy is here to help with the small things website/google related and a big thanks for that.

kaled




msg:748936
 1:09 pm on Mar 15, 2005 (gmt 0)

GoogleGuy may not be able to comment, however, there is nothing to stop him opening his mailbox and saying, "please send me some examples".

That would hardly be setting a precedent since he has done this in the past with other problems.

Kaled.

AndyA




msg:748937
 1:27 pm on Mar 15, 2005 (gmt 0)

GoogleGuy may not be able to comment, however, there is nothing to stop him opening his mailbox and saying, "please send me some examples".

That has already been done, and to no avail.

My site has been buried in the SERPs since December 17th, for whatever reason. And I'm getting lots of E-mails from people telling me they are glad my site still exists, and expressing frustration over not being able to find it in Google.

These people are my customers, and Google's as well. I don't feel I've done anything to fail them, but Google certainly has. I'm now recommending they search for my site using MSN, Yahoo, Ask Jeeves, or any other search engine. What does that say to them about Google?

It tells them that Google IS BROKEN! Every other search engine can't be wrong, and Google be right. When there is a unique page with unique content, and someone searches for that page using its exact title, it should come up somewhere in the Top 10 if it's the only page that matches the query, don't you think? That isn't what's happening.

I would think at the very least GG could advise that they are "looking into it." I realize silence is often the best way to protect integrity, but it's becoming fairly well known that something's not right with Google. I wonder if that's why the stock is dropping?

Bobby




msg:748938
 1:46 pm on Mar 15, 2005 (gmt 0)

The occasional 302 redirect is one thing, what I am looking at is a group of clever individuals who have registered over 100 domains that I am aware of (and the number is probably in the thousands) all using the same template and redirect in order to get their sites (which pretend to be search engines) at the top of the SERPs at the expense of others.

I have over 20 clients who have been affected by this and lost substantial business.

What can we do to denounce such activity?
Can we set up a bulletin board of known hijackers, names, IP addresses etc.?

dazzlindonna




msg:748939
 3:09 pm on Mar 15, 2005 (gmt 0)

Claus, your excellent post is my post for the day in my seo scoop blog. I also encouraged others to do the same and reminded them to follow your rules for doing so. Like many others, I've been trying to make this issue more widespread for quite a while, but am now hoping that your post can go viral and really bring it out. Did my part...hope others do as well.

JanFer




msg:748940
 3:31 pm on Mar 15, 2005 (gmt 0)

crobb305 mentioned using this tag: <meta name="redirection" content="noredirect"> may help.

Since a site of mine which previously did well has been hijacked AND copied and, of course, Google has pretty much given it the old heave-ho after a long time of great serps, I'm interested if this tag will help at all. Still riding the Yahoo serps, but slipping in MSN.

Does anyone have further thoughts about the 'noredirect' meta tag?

ciml




msg:748941
 3:51 pm on Mar 15, 2005 (gmt 0)

Welcome to WebmasterWorld, JanFer.

The major problem with a 'noredirect' tag is that it will mostly be used by a bunch of webmasters who read search engine related forums and blogs.

The wider population of webmasters will not know about the tag, so it would make sense for Google to look for a better solution.

idoc




msg:748942
 3:54 pm on Mar 15, 2005 (gmt 0)

I am thinking a subdirectory of my original domain that is disallowed to all bots except google and 302 hijack my own content to this subdomain. It wouldn't hurt me with ther other bots as I will disallow them from the subdirectory and I could generate an unlimited number of virtual pages containing the tiniest degree of variations of my own site for G's sake. It seems to be what they want.

boredguru




msg:748943
 3:59 pm on Mar 15, 2005 (gmt 0)

hi iodc
why do you want to create a sub domain. Can you use the technique sugested in msg 507.

walkman




msg:748944
 4:19 pm on Mar 15, 2005 (gmt 0)

someone posted this 302 thing on Slashdot
[slashdot.org...]
I hope the link is OK

grits




msg:748945
 4:45 pm on Mar 15, 2005 (gmt 0)

I have to say all of this is way over my head. There has been something going on that I have been wondering about. My index page is not cached in G., but it has a page rank of 5 and it is #2 in the SERPs. How do I know if my site is being abused.

kilonox




msg:748946
 5:07 pm on Mar 15, 2005 (gmt 0)

boredguru,
Good observation but you are a bit late to point out the flaw in my suggestion. It was previously pointed out that other problems could arise.
However, Are you suggesting that the average site give way to the demands of the big boys like am**on? and what works for them is the most favored option?.
<snip>
Can you let us know if you have read this thread from top to bottom?

whoa there cowboy. the information from boredguru is probably some of the most helpful in the thread sofar. Nobody is admitting that we need to all start redirecting to dynamic urls as a solution. But for someone to say they havent been hijacked and they use a dynamic url generation for every unique user save googlebot is useful imo if your site is suffering.

A another way that you could do this is start a session on whatever browser criteria you desire to match and then write the ssid into a url- a well-used method on many sites. I'm curious if anyone has dynamic urls with things that have the ssid written into the url that are serpjacked.

kilonox




msg:748947
 5:10 pm on Mar 15, 2005 (gmt 0)


someone posted this 302 thing on Slashdot
[slashdot.org...]
I hope the link is OK

great news. I'm sure G is enjoying the PR.

This 713 message thread spans 24 pages: < < 713 ( 1 ... 8 9 10 11 12 13 14 15 16 17 [18] 19 20 21 22 23 24 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved