Anyone know how this redirect is working?

Forum Moderators: open

Message Too Old, No Replies

Anyone know how this redirect is working?

spamming Google with over 750k doorway pages

MarshallClark

11:36 pm on Jun 7, 2004 (gmt 0)

A large SEO/Spam Shop is using this mouseover redirect on over 750K client pages on Google. I'm amazed that Google hasn't banned all the pages yet and i think it has something to do with the unusual format of the redirect info:

<body onMouseOver="eval(unescape('[snipped]'));"

What is this written in unicode, hex?

/-m

[edited by: volatilegx at 2:37 pm (utc) on June 8, 2004]
[edit reason] no specifics please [/edit]

Dreamquick

11:39 pm on Jun 7, 2004 (gmt 0)

Hex character escape codes would be my guess.

(one very quick and dirty code hack later)

Yay I was right - it was an ascii escape sequence... what do I win? The unescaped and examplified code is;

location.href='http://www.example.com/';

Surprisingly effective for a very simple encode.

- Tony

MarshallClark

11:52 pm on Jun 7, 2004 (gmt 0)

Yup - just found a Hex to ASCII converter that translated it to the URL I found the page pointing to. These guys are shady and are using this trick on client websites. Not long for this world I'm guessing, although I've heard them talked about on this forum for years so....