|Hijacking a site's tracking script - so there's a 302 redirect to hacker site|
| 2:32 am on Jan 8, 2009 (gmt 0)|
Apologies in advance: I'm sure this has been answered before, but I've tried to do due diligence by going through some of the famous threads about Google and 302 redirects / page hijacking [webmasterworld.com], and I'm still unclear about a particular scenario.
So I thought I understood 302 hijacking, but what I was really familiar with was one particular situation: The hacker sets up his own 302 redirect to one of your site's high-ranking pages, then gets Google to spider it, and, through an unlikely but possible series of events, ends up having the link for your high-ranking page in the SERP swapped out for a link to the hacker's original redirect page.
OK, but what I'm not familiar with is a scenario where the hacker hijacks your own tracking redirect script, getting your script to do a 302 redirect to, say, a warez site, and then the hacker gets Google to index a gazillion of these tampered redirect script links, so that a "site:" query for your domain suddenly shows all these new pages in Google's index that are nothing more than hijacked redirects to the warez site.
For example, you have a tracking script for your PPC ads that normally would be used to do two things: It writes a tracking code to a cookie and then redirects the user to the appropriate landing page. Here's how such a URL might look:
When the hacker discovers it, they replace your redirect URL with their own, and they're in business:
So the question is: Assuming your site already had good rankings for your target keywords, could having thousands of these hacked URLs suddenly showing up in Google's index actually hurt the rankings of your "good" pages, or would they keep their rankings independently of the presence of all these new crap pages?
| 8:51 am on Jan 8, 2009 (gmt 0)|
This scenario happened to at the beginning of November with google indexing about 15000 extra pages (my site normally had around 1000 pages indexed) although the script was blocked in my robots file.
I immediately removed the script and removed the page from Google.
The extra traffic died down over a period of about 5 days and there were no obvious problems caused at the time.
My site did however take a dive a few days before Xmas, which may or may not have been related.
I thought I had security reasonably under control but hadn't considered my redirect script (which was there to count clicks on links) and the occurrence must have damaged any "Trust Ranking"
| 7:00 pm on Jan 8, 2009 (gmt 0)|
Thanks for the reply, denisl. So, to recap, you're thinking that, as a result of those 15,000 spam pages that were showing up in Google's index in early November, your site ended up losing some "trust rank" or otherwise triggering Google's trust filters, which led to the site's rankings starting to drop in mid-to-late December.
I've been reading Stuntdubl's 2006 post "The Trust Knob is WAY too High - Google Trustbox" [stuntdubl.com], and it lists three primary elements of establishing a trust metric for any given site:
- The age of the web site
- The number and overall age of the site's inbound links
- The trust metric for each of the site's inbound links (which, among other things, might be influenced by the TLD: .edu, .gov, etc.)
It's probably hard to make the determination without another site to compare to, but when you think about those factors, would you say that your site might have been at all weak in any of those three factors? Or do you feel confident about the strength of those factors?
How about anybody else? If, all of a sudden, thousands of hacked redirect links under your site's URL appear in Google's index, does that erode your site's trust rank (or whatever it's called) and then lead to a drop in rankings?
| 5:40 pm on Jan 12, 2009 (gmt 0)|
It's been a few days, so I just wanted to ask once more for the record:
So nobody has any idea whether suddenly having thousands of versions of a site's hacked redirect script show up in Google might hurt that site's rankings? Apologies if this is a dumb question; I just haven't found an answer yet.