Welcome to WebmasterWorld Guest from 54.167.46.29

Forum Moderators: open

Message Too Old, No Replies

Hidden cloaking?

I'm stumped.

     
6:39 am on Oct 15, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2004
posts:1425
votes: 0


Very recently, a newspaper website ran an article with a link to my website. Traffic went up.
Access_logs for one day indicated 40 hits coming from:
www.newspaper.com/externallinks.php?url=www.mysite.net

Another 9 hits came from www.newspaper.com/article#12345.

I called up their page above, looked at the source code and sure enough there
was an honest looking <a href = mysite.net..> yadda yadda </a> type link.

When I moused over that hyperlink the first time, I saw the honest link.
The NEXT time i moused over it, I got the phony php link!

No matter what I do, source code shows only the honest <a=href..> link.

I figured it was because I browsed in from Google and they were cloaking,
showing me the source they prefer Google to see.

Sooooo .. I manually typed in the newspaper's story url in full.
Now there is no sign of honest link on mouseover, BUT source STILL shows the honest link.

Finally, I went to work and repeated all these tests from there, with a different
computer, different browser, host ISP, the works.
I STILL see my honest URL in source code, and get the phony one when I click or mouseover.

I presume this is some kind of cloaking. Questions are:

1) How the heck does that work? Has somebody found a way to show phony source code,
while executing different actual code?

2) If so, where did the 9 'honest' hits come from, the ones with <a href=?

3) May I presume that Google etc. will see the honest link and credit it?
If so, I can't get too upset about it.

I'm more curious than anything else. Any clues to this mystery much appreciated. -Larry

5:45 pm on Oct 15, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 22, 2001
posts:2450
votes: 0


Sounds like JavaScript to me. Definitely some client-side scripting going on. Doesn't sound like cloaking. Try mousing over/clicking the link with JavaScript disabled.
5:50 pm on Oct 15, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9063
votes: 2


Could be Javascript dynamically selecting anchors within a specified code block and sending JS-enabled users via a click-thru counter script. If this is the case, it isn't really cloaking as bots (which won't read the JS) will get the straight link. What this technique will do is give the site stats which won't include bots, only human visitors. Of course, it may be something else entirely. :)

<added>too slow ;)</added>

2:40 am on Oct 16, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 22, 2001
posts:2450
votes: 0


<added>too slow wink</added>

Matters not... your answer was a lot better than mine ;)

3:33 am on Oct 16, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 31, 2005
posts:1651
votes: 0


Javascript, that's it. Many webmasters do that.
Actually, doesn't google do that in the adsense ads?
1:20 am on Oct 17, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2004
posts:1425
votes: 0


Thanks for the help guys. Yes, it has to be javascript.

I disabled both java and javascript. Source code still shows the straight link.
Mouseover now ALSO shows straight link every time, and that's the one that executes.
No more php?url=mysite stuff. I see this as a benign thing really.
IF users have JS running, they presumably go thru an
outgoing hits-counter or the like.
IF a visitor has JS disabled, they still get thru with the straight link.
Google etc. see straight links and presumably credit them. No harm done at all. -Larry

2:12 am on Oct 17, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2004
posts:1425
votes: 0


Another note. I agree that strictly speaking, this wasn't cloaking.
Cloaking is when you serve up one page to the SEs, and quite another to the public.

Still, I'm curious just how they do this. I presume there is some code that
says in effect: " IF JS enabled, go to THIS page immediately."
IF I'm right, what would the code actually look like?
If I see that in the page source, it nails down the diagnosis pretty firmly. -Larry

6:33 pm on Nov 3, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:June 16, 2005
posts:89
votes: 0


Still, I'm curious just how they do this. I presume there is some code that
says in effect: " IF JS enabled, go to THIS page immediately."
IF I'm right, what would the code actually look like?
If I see that in the page source, it nails down the diagnosis pretty firmly. -Larry

It wouldn't be a javascript redirect... it would just search the page dynamically and replace external links. Using a detection looking for http: in the link and then adding their php link into the href.

10:18 pm on Nov 3, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2004
posts:1425
votes: 0


That could very well be. For me the main thing is that the Search engines
see the straight link, and credit that as an incoming link to my page. - Larry
8:56 pm on Nov 4, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 22, 2001
posts:2450
votes: 0


I didn't say it was a JavaScript redirect. It's more like a mouseover event, where the destination URL changes if the mouse curson hovers over the anchor.

As far as whether the link will be attributable to your site, Larry, if the link points to your site in the HTML (irrespective on any JavaScript mouseover events), then I believe it will in fact be attributable to your site.

9:48 pm on Nov 4, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2004
posts:1425
votes: 0


I looked over the newpaper article source code. There was no sign of mouseover shenanigans.
The link to my page is a straight html link. I was curious how they did that. -Larry
8:02 pm on Nov 6, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 22, 2001
posts:2450
votes: 0


Is there a linked .js document?
11:08 pm on Nov 6, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2004
posts:1425
votes: 0


Hi VolatileGX: YES there is javascript. Here's what I think is the relevant code (exemplified)

<script language="JavaScript" type="text/JavaScript">
<!--
function findexternallinks () {
dump='';
for (i=0; i<document.links.length; i++) {
host = document.links[i].host;
href = document.links[i].href;
protocol = document.links[i].protocol;
if ((host.search(/newmexican\.com/i) == -1) && (host.search(/207\.#*$!\.yyy\.zzz/i) == -1)
&& (protocol.search(/mailto\:/i) == -1) && (host.search(/trafficdeveloper\.com/i) == -1)
&& (host!= 'localhost') && (protocol.toLowerCase()!= 'javascript:') ) {
document.links[i].href = "/externallink.php?url=" + escape(href);
} } }

- - -

Note the /externallink.php bit. THAT is exactly how the redirected hits come in with my URL appended.
Mystery solved. Its JS with a .php redirect.

A FEW people, presumably with JS disabled, came in via the straight link.
That is how I found the URL of the originating page. -Larry

11:14 pm on Nov 7, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 22, 2001
posts:2450
votes: 0


Good detective work. I'm glad you solved the mystery :)

Dan

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members