homepage Welcome to WebmasterWorld Guest from 54.163.72.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

    
New Method of Hijacking with Inurl?
leave off the .com and be surprised
Lorel




msg:754063
 3:14 pm on May 9, 2006 (gmt 0)

I was checking the inurl command for a site looking for hijackers and accidentally left off the .com on the end and found another domain with the target domain as the subdomain,i.e.:

TargetDomain.TheirDomain.org

It also had TargetDomain in the title and mentioned in the description several times.

I clicked on the link and it appeared like a blank page until I noticed there was a scroll bar on the right so I scolled down and there was a lot of jibberish filled with extremely bad neighborhood language with the TargetDomain (which was their two main keywords) spattered throughout the text and then below was a large block of text with 100% those keywords--must have been 800 repeats of those words with a space between them i.e., "widget1 widget2").

This was obviously an attempt to do harm to that site, not only by linking to the site with bad language but trying to outrank the site (the target domain came up #1 and #2, the other #3). There was no 302 redirect on that page.

I reported it to Google Spam.

but then this morning I checked another domain with that erronerous command and found almost 400 sites that had used that domain.com as one of their directories and linked to one of the other domain's pagesi.e.,

BadDomain.com/www.OtherDomain.com/OtherDomainsPage.html

the titles all looked like this:

/www.OtherDomain.com/ URL moved, Please visit BadDomain.com

I checked several of them and they went to the BadDomain.com and most of them had a 404 error written in the text of the page, not a popup. I checked the server header checker and it showed a 200, not a 404. So it's a fake 404.

This looks like an attempt to do the OtherDomain harm in some way. The rest of the sites had framed the OtherDomain but it popped out cause it had a pop out of frame script on all pages.

The OtherDomain had installed full urls on all pages and basehref so hopefully this protected the OtherDomain from any harm.

Can someone check out this command on other sites and let me know what you see?

Should these fake 404s be reported to Google? And if so what would the classification for spam be?

What do you suppose is the propose of doing this when there is no text on the page and no redirect?

There was one of these pointing at almost every high ranking page on the OtherDomain.

 

milanmk




msg:754064
 5:55 pm on May 9, 2006 (gmt 0)

I too found two such websites hijacking my domain using inurl command.

First site was just 404 type. Title and URL was "baddomain.com/mydomain.com/" and there was only one line text of "404 Error. Page Not Found.".

Second site was having my domain in an iframe with 100% height and width and the title was "mydomain.com/subdirectory/ URL moved, Please visit baddomain.com/subdirectory/"

I dont know what these guys are upto and whether they are doing any harm to my search rankings.

Milan

JimLahey




msg:754065
 6:18 pm on May 9, 2006 (gmt 0)

Wow, I see what you mean. I found hundreds of sites that have simply added my urls to theirs with a

"URL moved (mysite.com), Please visit spamsite.com"

Yes, they all show a 200 status code, but the page simply displays text for a 404 error. Not sure what they are trying to do, but it can't be good.

egomaniac




msg:754066
 6:56 pm on May 9, 2006 (gmt 0)

I found 30 or so similar pages with this fake 404 error on them and URLs that include mydomain.com in them after theirdomain.com.

I don't know what they are trying to do here.

So far there has been no damage to me that I am aware of. At least not in Google. My rankings have held up well in Google.

JimLahey




msg:754067
 7:13 pm on May 9, 2006 (gmt 0)

The cached page shows where Google is getting the title and description from...usually along the lines of:

/www.mysite.com/mypage.html
URL moved, Please visit spamsite.com

All that is on the current page is the fake 404 text.

Lorel




msg:754068
 7:54 pm on May 9, 2006 (gmt 0)

Ahhhhh Interesting

If you click on the cache you can see the database where these results come from:

[72.14.207.104...] at least on my local google.

then if you read the "pages dropping out of Google" thread there might be a connection.

montefin




msg:754069
 8:11 pm on May 9, 2006 (gmt 0)

Yikes. 3 instances here too.

Thanks, Lorel.

But what to do?

wetcoast




msg:754070
 8:32 pm on May 9, 2006 (gmt 0)

I found 35+ for my website.

I checked the whois for 10 of the "forwarded to" sites and all appeared to be based in <edited> and using a hosting company located in <edited>

[edited by: tedster at 9:11 pm (utc) on May 9, 2006]

Terabytes




msg:754071
 8:40 pm on May 9, 2006 (gmt 0)

I've got about 30+ also...

I Noticed the domain doing this has about 230,000 pages doing exactly the same thing for some huge domains.

since nobody has stated "who" is it safe to assume that we're all talking about the exact same domain that's doing this?

JimLahey




msg:754072
 8:48 pm on May 9, 2006 (gmt 0)

since nobody has stated "who" is it safe to assume that we're all talking about the exact same domain that's doing this

I have at least 40 domains using the tactic with my site.

montefin




msg:754073
 9:00 pm on May 9, 2006 (gmt 0)

Hmmmmm...inurl: and allinurl: results are all legit now.

Luckily I bookmarked the offending urls. They're still there.

Bears watching.

tedster




msg:754074
 9:10 pm on May 9, 2006 (gmt 0)

It's excellent to spot a new hijack technique and describe how it works. It's even better to share ideas on how to defend against these tactics. But please, do not post the specifics of any particular domain that may be using these practices -- that is not our purpose here.

Report that detail directly to Google if you are so moved. See the Forum Charter [webmasterworld.com] for more details.

For spam reporting, use this form on the Google website:
Google: Search Quality and Your Feedback [google.com]. Be
precise but brief in your note to Google. Report both the
actual search keywords and explain the problem you see.

Lorel




msg:754075
 9:55 pm on May 9, 2006 (gmt 0)

Hi Tedster;


It's excellent to spot a new hijack technique and describe how it works. It's even better to share ideas on how to defend against these tactics

This was my aim in posting the info here but before we can figure out how to defend against it we need to figure out what harm it might be doing to our sites.

So far it looks like they are just linking to these sites but with the fake 404 message (designed to confuse newbies) there has got to be something else up.

milanmk




msg:754076
 9:56 pm on May 9, 2006 (gmt 0)

then if you read the "pages dropping out of Google" thread there might be a connection

I dont think the real websites are affected by such shady techniques as i have never seen those hijacking sites in SERPs, at least for Google. I cannot certainly prove it because my site is quite new and its still in sandbox but other members with some old authority website can surely tell whether or not their site rankings had been affected with such hijacking methods.

Maybe they are targeting other search engines?

Anybody got that "connection"? Lorel, any ideas?

Edit: I see one of such sites having my title, keywords and description (iframe hijacked). In the body part they have few lines copied from my homepage and added 100+ links to porn sites plus some 15 lines of such vulgar keyword stuffing. Is there any chances of duplicate/spam/adult penalty?

Milan

reseller




msg:754077
 10:23 pm on May 9, 2006 (gmt 0)

Hi Folks

Just for the benefit of further discussion I wish to recall a GoogleGuy post from last year:

[webmasterworld.com...]

======================================
GoogleGuy
Senior Member

view member profile
joined-Oct 8, 2001
posts:2850
msg #:105 11:59 pm on Apr 18, 2005 (utc 0)

We've been steadily improving our heuristics for 302s based on the feedback that you've sent us. There have been two recent changes that I know of. We changed things so that site: won't return results from other sites in the supplemental results. We are also changing some of the core heuristics for the results for 302s. I believe that most of these changes are out, but there may be a few more in the pipeline.

Note that for inurl: and allinurl: searches, results from other sites are perfectly valid. So if you own yoursite.com and do a search allinurl:www.yoursite.com, it's a completely valid result to get a url from www.someothersite.com/resources?url=www.yoursite.com, for example. That's how inurl: and allinurl: are supposed to work--they match all docs with the requested terms in the url, not just docs on www.yoursite.com. That doesn't imply any problem/hijacking/issue; just that someone else had your domain name in their url.

Thank you for the feedback that people have given us about 302s. I'd be interested to hear if anyone sees a result where site:yoursite.com returns urls from domains other than yoursite.com. You might want to wait another few days before checking though, to give things time to get fully out. I have to duck out right now, but I'll try to stop by and give more details as things are more fully deployed.
=====================================

Need More Hits




msg:754078
 10:26 pm on May 9, 2006 (gmt 0)

Can someone please PM me a URL of one of these sites
Thanks

wetcoast




msg:754079
 10:52 pm on May 9, 2006 (gmt 0)

When I click on the "cache" link under one of these URLs the Google "as retrieved" dates are for August 2005! (My pages all have "normal" 2006 cache dates.)

Lorel




msg:754080
 3:08 pm on May 10, 2006 (gmt 0)

GoogleGuy said:


Note that for inurl: and allinurl: searches, results from other sites are perfectly valid.

That may be true for someone who just puts your url in their url. However, if you check some of the inurl results they will have 302 redirects. The question is ---is it just a tracking 302 or a deliberate attempt to hijack your site and steal your PR.

I've seen 2 such 302 redirects cause 2 different sites to loose all their PR and all (but home) pages drop out of the index (we managed to get both offending websites removed from the internet by reporting them to their host which removed the site completely so this is a serious offence). So every unrecognizable link in the inurl search should be investigated.

Now back to this inurl search, which had NO .com on the end (you don't get the same results for this search as the one above):

I have seen, and so has someone else, the text on the page being full of very bad language with links to the target site and the page being full of spam. I'm pretty confident that someone linking to your site from such a bad site can't do harm to your site--the harm occurs only if YOU are linking to their site.

However, what I'm concerned about is some kind of redirect or other linking method that only Programmers or DNS people would understand and not the general webmaster that could be the reason these pages are occuring, i.e., there is something going on we don't know about. The fake 404s is a sign this is not normal. I don't know enough about it and that's why I posted this thread so hopefully someone can figure it out.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved