Welcome to WebmasterWorld Guest from 54.196.175.173

Forum Moderators: open

Message Too Old, No Replies

Hidden cloaking?

I'm stumped.

     

larryhatch

6:39 am on Oct 15, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Very recently, a newspaper website ran an article with a link to my website. Traffic went up.
Access_logs for one day indicated 40 hits coming from:
www.newspaper.com/externallinks.php?url=www.mysite.net

Another 9 hits came from www.newspaper.com/article#12345.

I called up their page above, looked at the source code and sure enough there
was an honest looking <a href = mysite.net..> yadda yadda </a> type link.

When I moused over that hyperlink the first time, I saw the honest link.
The NEXT time i moused over it, I got the phony php link!

No matter what I do, source code shows only the honest <a=href..> link.

I figured it was because I browsed in from Google and they were cloaking,
showing me the source they prefer Google to see.

Sooooo .. I manually typed in the newspaper's story url in full.
Now there is no sign of honest link on mouseover, BUT source STILL shows the honest link.

Finally, I went to work and repeated all these tests from there, with a different
computer, different browser, host ISP, the works.
I STILL see my honest URL in source code, and get the phony one when I click or mouseover.

I presume this is some kind of cloaking. Questions are:

1) How the heck does that work? Has somebody found a way to show phony source code,
while executing different actual code?

2) If so, where did the 9 'honest' hits come from, the ones with <a href=?

3) May I presume that Google etc. will see the honest link and credit it?
If so, I can't get too upset about it.

I'm more curious than anything else. Any clues to this mystery much appreciated. -Larry

volatilegx

5:45 pm on Oct 15, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Sounds like JavaScript to me. Definitely some client-side scripting going on. Doesn't sound like cloaking. Try mousing over/clicking the link with JavaScript disabled.

encyclo

5:50 pm on Oct 15, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Could be Javascript dynamically selecting anchors within a specified code block and sending JS-enabled users via a click-thru counter script. If this is the case, it isn't really cloaking as bots (which won't read the JS) will get the straight link. What this technique will do is give the site stats which won't include bots, only human visitors. Of course, it may be something else entirely. :)

<added>too slow ;)</added>

volatilegx

2:40 am on Oct 16, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



<added>too slow wink</added>

Matters not... your answer was a lot better than mine ;)

fischermx

3:33 am on Oct 16, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Javascript, that's it. Many webmasters do that.
Actually, doesn't google do that in the adsense ads?

larryhatch

1:20 am on Oct 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks for the help guys. Yes, it has to be javascript.

I disabled both java and javascript. Source code still shows the straight link.
Mouseover now ALSO shows straight link every time, and that's the one that executes.
No more php?url=mysite stuff. I see this as a benign thing really.
IF users have JS running, they presumably go thru an
outgoing hits-counter or the like.
IF a visitor has JS disabled, they still get thru with the straight link.
Google etc. see straight links and presumably credit them. No harm done at all. -Larry

larryhatch

2:12 am on Oct 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Another note. I agree that strictly speaking, this wasn't cloaking.
Cloaking is when you serve up one page to the SEs, and quite another to the public.

Still, I'm curious just how they do this. I presume there is some code that
says in effect: " IF JS enabled, go to THIS page immediately."
IF I'm right, what would the code actually look like?
If I see that in the page source, it nails down the diagnosis pretty firmly. -Larry

Sathallrin

6:33 pm on Nov 3, 2005 (gmt 0)

10+ Year Member



Still, I'm curious just how they do this. I presume there is some code that
says in effect: " IF JS enabled, go to THIS page immediately."
IF I'm right, what would the code actually look like?
If I see that in the page source, it nails down the diagnosis pretty firmly. -Larry

It wouldn't be a javascript redirect... it would just search the page dynamically and replace external links. Using a detection looking for http: in the link and then adding their php link into the href.

larryhatch

10:18 pm on Nov 3, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



That could very well be. For me the main thing is that the Search engines
see the straight link, and credit that as an incoming link to my page. - Larry

volatilegx

8:56 pm on Nov 4, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I didn't say it was a JavaScript redirect. It's more like a mouseover event, where the destination URL changes if the mouse curson hovers over the anchor.

As far as whether the link will be attributable to your site, Larry, if the link points to your site in the HTML (irrespective on any JavaScript mouseover events), then I believe it will in fact be attributable to your site.

larryhatch

9:48 pm on Nov 4, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I looked over the newpaper article source code. There was no sign of mouseover shenanigans.
The link to my page is a straight html link. I was curious how they did that. -Larry

volatilegx

8:02 pm on Nov 6, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Is there a linked .js document?

larryhatch

11:08 pm on Nov 6, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi VolatileGX: YES there is javascript. Here's what I think is the relevant code (exemplified)

<script language="JavaScript" type="text/JavaScript">
<!--
function findexternallinks () {
dump='';
for (i=0; i<document.links.length; i++) {
host = document.links[i].host;
href = document.links[i].href;
protocol = document.links[i].protocol;
if ((host.search(/newmexican\.com/i) == -1) && (host.search(/207\.#*$!\.yyy\.zzz/i) == -1)
&& (protocol.search(/mailto\:/i) == -1) && (host.search(/trafficdeveloper\.com/i) == -1)
&& (host!= 'localhost') && (protocol.toLowerCase()!= 'javascript:') ) {
document.links[i].href = "/externallink.php?url=" + escape(href);
} } }

- - -

Note the /externallink.php bit. THAT is exactly how the redirected hits come in with my URL appended.
Mystery solved. Its JS with a .php redirect.

A FEW people, presumably with JS disabled, came in via the straight link.
That is how I found the URL of the originating page. -Larry

volatilegx

11:14 pm on Nov 7, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Good detective work. I'm glad you solved the mystery :)

Dan

 

Featured Threads

Hot Threads This Week

Hot Threads This Month