Welcome to WebmasterWorld Guest from 54.242.193.41

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

Odd referrer link in my server log

Am I a linkjack victim or not?

     
9:35 pm on Aug 5, 2014 (gmt 0)

Junior Member

5+ Year Member

joined:May 17, 2011
posts:170
votes: 0


I'm not sure this forum is the proper one for this query. That said, I've been looking over my server logs, which I do only sporadically, and noticed something peculiar among my top referrers. It's a URL at one of the Web's most popular and trusted information sources, with a bevy of paid writer/bloggers for every imaginable topic. One of the topical pages on that site has linked to my site for a number of years now. The URL in my log looks like it's a page in a 2nd-level subdirectory at their domain. Today I decided on a whim to copy and paste the link into my browser, then head on over to that page. What returned was the following message (I'm paraphrasing here):

You've clicked on a link that will direct you away from our site without viewing any of our content, possibly because a site is using our redirect link to maliciously redirect you to their site -- a practice known as email spoofing. Proceed at your own risk.

What am I to make of this? Is it quite innocent -- i.e., it's just how the site responds to deep-link entry from other sites or directly from a browser's URL bar? That wouldn't make sense to me.

Could something nefarious be afoot? (BTW, their site has been famously hacked once or twice, which is one reason I'm a bit concerned.) Please stop me before I disavow what I though was my best backlink.
10:03 pm on Aug 5, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15705
votes: 812


Naming no names, that sounds an awful lot like the standard format for a facebook referer. It's a compromise between clinging to their users for dear life, and allowing their users to aid their friends by offering links to outside sites.

You can experiment by replacing the your-page part of the original URL with some other page on your site. You should get the same transitional "Are you absolutely positive you want to leave the comfort and safety of our site?" message.
6:03 pm on Aug 6, 2014 (gmt 0)

Junior Member

5+ Year Member

joined:May 17, 2011
posts:170
votes: 0


Okay, I figured out what's going on. The big-time site is framing me, and so the link showing up in my logs is to the frame. Hence when I follow the link I get the sweet message but no link to actually direct me to my site.

BTW, their banner ad and their logo sit just above my superior content. Coincidentally, both their site and mine use a spare design, white background, and even the same font and font size. So most visitors might not know that they're reading my content instead of theirs. Of course, framing violates my express terms of use and always has.

[edited by: numnum at 6:55 pm (utc) on Aug 6, 2014]

6:45 pm on Aug 6, 2014 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4352
votes: 299


Browsers don't care about no stinkin' terms, but they do obey javascripts and other methods to prevent your content from being framed. Depending on the type of site you have, there are preferred methods to keep that from happening. Is this a static html site? Wordpress, or something else?
6:59 pm on Aug 6, 2014 (gmt 0)

Junior Member

5+ Year Member

joined:May 17, 2011
posts:170
votes: 0


Browsers don't care about no stinkin' terms, but they do obey javascripts and other methods to prevent your content from being framed. Depending on the type of site you have, there are preferred methods to keep that from happening. Is this a static html site? Wordpress, or something else?


If you're referring to my site, it's static HTML. The big-time publisher uses its own (proprietary) CMS, in all likelihood. It's my strongest backlink, and I'm loathe to block it via htaccess or other means. Mexican standoff?
7:42 pm on Aug 6, 2014 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4352
votes: 299


OK, a quick trial, pop this javascript into the header (just before the </head tag) of the page they have framed. Clear your cache and visit their URL again - click on one of your framed links.

<script type="text/javascript">
if (window!= top) top.location.href = location.href;
</script>


Of course, that depends on others to have a javascript enabled browser which most of them are, but not 100%.

BTW, while it may be flattering to have a major site showing off your site, the message you get is not likely to bring you much traffic, and as you mentioned, it really looks like it is on their site.
7:10 am on Aug 7, 2014 (gmt 0)

Junior Member

5+ Year Member

joined:May 17, 2011
posts:170
votes: 0


OK, a quick trial, pop this javascript into the header (just before the </head tag) of the page they have framed. Clear your cache and visit their URL again - click on one of your framed links.

<script type="text/javascript">
if (window!= top) top.location.href = location.href;
</script>

Of course, that depends on others to have a javascript enabled browser which most of them are, but not 100%.

BTW, while it may be flattering to have a major site showing off your site, the message you get is not likely to bring you much traffic, and as you mentioned, it really looks like it is on their site.


I'm not flattered by the link to my site. The issue is simply the site's ostensible authority and hence the backlink's value weighed against the fact that they're framing me without my permission and benefiting from doing so, albeit to a very small degree.

Thanks very much, N2E, for the JS snippet. I was going to prevent framing across the board with X-FRAME-OPTIONS (htaccess) but had second thoughts because of the possibility of losing this one backlink. Frame busting was of course my other option. I've popped that line of JS into my scripts.js file. Mission accomplished, unless they decide to bust the frame-busters, which for reasons unrelated to bits and bites I doubt they'll do.

Just to be clear, visitors to BigtimeSite.com who had clicked on the link to my site did NOT see the warning about leaving BigtimeSite.com. What they saw was my page framed beneath the Bigtime logo and banner ad. The warning popped up when I attempted to view the framed URL directly, which makes sense since no such URL exists outside a frame. This leads me to wonder whether I'm credited for the backlink at all, since it looks like they've renamed my URL for framing purposes and then redirected. Hmm.
7:21 am on Aug 7, 2014 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4352
votes: 299


Unless they have an actual link I don't know that Google calls an iframe a backlink. Does GWT show the site has linked to yours? In that case either they do have an actual link or Google credits the iframe. I do not know how that works, would need to look at some old iframes in my archives.

The htaccess version would prevent it, the javascript ensures you get the clicks if any. I would not allow a page from my site to be iframed, partly because it shows identical content as your site, and with higher authority, yours could be seen as the "copy" though it is the original. Again, I really don't know how G views framed content.
4:08 am on Aug 8, 2014 (gmt 0)

Junior Member

5+ Year Member

joined:May 17, 2011
posts:170
votes: 0


The htaccess version would prevent it, the javascript ensures you get the clicks if any.

Which is why I've implemented the JS script and not htaccess DENY. Visitors clicking on the link now go directly to my site (no iframe), so I get that benefit.

Unless they have an actual link I don't know that Google calls an iframe a backlink ... Again, I really don't know how G views framed content.

Okay, I'd really like to get to the bottom of this, for curiosity's sake if nothing else. Assume you're at BigtimeSite.com. If you mouse-over the link to my site, you'll see my url at the bottom left of the browser window. No problem so far. Click on the link, and a new BigTime.com window opens (_blank) with my page framed. Now go back to the page with the link to my site, and mouse-over the link again. What is displayed at bottom left is no longer my URL but rather:

www.bigtimesite.com/directory/filename.htm?zi=1/XJ&zTi=1&...

So clicking the link initiates this URL change. Here's the (slightly edited) HTML from the source code:

<div class="ListItem">
<a href="...myurl.htm" zT="-o1/XJ" target="_blank">Title of My Site</a><p>This site provides....</p><div class="ExternalLinks"><a href="...myurl.htm" zT="-o1/XJ" target="_blank"></a></div>
</div>


What's going on here? It looks to me like OnClick calls a script that opens and reveals the actual target URL, which is not mine (mine is framed within it). So do crawlers record my URL or the URL revealed and opened on click? That's the question you asked, not2easy. If the latter, then there's no backlink value, right? I'm just speculating here.
5:12 am on Aug 8, 2014 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4352
votes: 299


I really don't know, it is a question that came to mind reading your post. Have you looked at their page's source code? It looks like a redirect of some sort, but I couldn't guess from the URL format. If it was my site being framed, I would use a header checker and go in to click and record the headers. There is a Header Checker here in the Free Tools (at the top of the page) but I have only used the FireFox browser's LiveHeaders Tool to check headers with.

I would compare the source code to the headers to see how they differ.
4:09 pm on Aug 8, 2014 (gmt 0)

Junior Member

5+ Year Member

joined:May 17, 2011
posts:170
votes: 0


I really don't know, it is a question that came to mind reading your post. Have you looked at their page's source code? It looks like a redirect of some sort, but I couldn't guess from the URL format. If it was my site being framed, I would use a header checker and go in to click and record the headers. There is a Header Checker here in the Free Tools (at the top of the page) but I have only used the FireFox browser's LiveHeaders Tool to check headers with.

The pertinent source code from their page is bolded in my previous comment. I applied the Header/Link Checker tool (thanks for the tip), and the link is to my site with no redirect.

Now I'm thinking they've actually done the right thing (well, sort of) by linking directly to me as far as the crawlers know, but then on-click running a script that opens a blank page and frames my page. The source code in bold (my previous comment) considered together with what I observe suggest so, although I wouldn't know exactly how that's done.