This might be only semi related.

I had my .htaccess set up so that in case of 404, 403 errors etc the user would be directed to my index page instead of the default 'file not found' page.

I noticed recently when doing a site: check that pages I had removed were showing up, but with the title and snippet from my index page.

It seems google was taking the content on the index page as belonging to the non-existant file.

I changed my .htaccess so that a custom 404 page comes up.

After reading this thread I went searching and found one page of my site being highjacked focused on animations (which doesn't affect me that much as that is not my primary business focus --other than that page has dropped in rank, and I found a whole sub domain of mine (a poetry site for kids to post their poetry) which was hijacked also--which really ticks me off.

I then went searching to see if any of my clients were affected and found one who had the home page hijacked. Their web link in Google is showing the dreaded URL only so it has affected the rank and this site hasn't grown much since I put it online and now I now why.

[edited by: ciml at 3:06 pm (utc) on Dec. 1, 2004]
[edit reason] Edited as per author request. [/edit]

Hi All,

I found another person using a tracker2.php code to hijack one of my pages. He has his own server, so I can't write his host, and his email from his domain data isn't working (of course).

Is there another way to find out who to report this to?

Lori

Lorel

Good job, maybe that will get some results. I hope so.

Lorel,

Is there another way to find out who to report this to?

Yes, do a trace route and look for who is higher up in the food chain. He has got to have his server colocated somewhere -at his ISP's data-center, or at a telco colo facility.

Put them on notice, get them involved. It may take time, but it will work -in most cases.

I've noticed that one travel-related site seems particularly prolific. It goes after almost every site that does well in the SERPs for anything remotely related to travel. Accoding to google, it has 243,000 pages.

This TRAVEL site seems to have really MASTERed this technique. Has anyone else noticed this?

Interesting! the site that bit one of my pages has exactly the same amount of listings in Google! My site has absolutely nothing to do with travel however.

groan!

On the other hand I suppose I should be flattered that he thought my page was good enough to hijack.

I ran his site through Google site check and he has even stolen a page from DMOZ and Yahoo.

I wrote Google to report him. There must be thousands of webmasters affected by this guy so hopefully he will be dust soon.

[google.co.uk...]

64k results.

It would be nice to think that g were on to this crap.

The people who do this are lower than dog excrement.

This TRAVEL site seems to have really MASTERed this technique. Has anyone else noticed this?

Out of interest I just checked to see if they had us... they do. They don't seem to be having any affect on the serps though. If you find them with an allinurl, G shows 314 results, with 303 of them our pages, and the other 11 mostly that tracker2.php crap. But those hijacks are on the second to last page, about 300-310. Why does it affect some sites more than others? Our site has several PR6 pages, and the rest 5 and 4. 2+ yr old site.

Has there been any response from Google on this issue? I first raised it well over a year ago. Will it require something serious (like an online banking site getting hijacked and used for fraud) before they do something?

I thinking the knocking out of user websites is pretty serious as it is Dan, wouldn't you agree?

I believe I've answered my question wrt that grubby Travel site, (Mastered it etc). With all that hijacking, they're still at a PR3. Pitiful. They can hijack our pages all they want, it won't accomplish anything. Out of our 303 pages in G, I believe there are only a handful as low as PR3, and they tend to be .doc's and .dat's

All the same, I don't understand why G can't easily correct this and boot them. Their entire site is made up of hijacked pages.

Hi Folks,

I had GREAT success reporting one tracker2 hijacker (not the one mentioned above--this one sells music cds). I wrote to the hosting company, quoting their own TOS and pointing out the rules being broken by this hijacker, and included the hijacker's domain info and a copy of the bounced letter trying to contact the hijacker, and I received the following reply within 24 hours:

I have emailed the user. I have given him 24 hours to remove the information. If he does not, we will remove his account tomorrow at 12:30pm est, Nov. 18th. Please email me around 12:30pm tomorrow and let me know if your information has been removed.

PS. here is the reply I got from Google when I reported this hijacker in the spam abuse contact page:

Thank you for your note. Google aggregates and organizes information
published on the web; we don't control the content of these pages. In this
instance, we suggest that you directly address the webmaster of the page
in question. For more information about our Terms of Service, please visit
[google.com...]

If you encounter sites that are trying to deceive our web crawlers, please
submit a report at [google.com...] We use
these reports to collect data that our engineers use to devise scalable
solutions to fight spam in our search results. While we do not always take
action on individual sites as a result of these reports, please be assured
that we are using the information to make large-scale improvements to our
system.

We appreciate your assistance in maintaining the quality of our search
results.

Regards,
The Google Team

Thanks to everyone for your tips on how to stop these hijackings.

Lori

Is there any way to prevent the hijackings? Like blocking referrals with "tracker2.php" in the url etc... and giving google a 404 page when it follows the redirects?

I tried this and it works when I changed the url on my site so that the page the hijacker redirects to get's a 404 error page not found. Then I used google's url removal tool to remove the hijacker url. ssshhh don't tell google...

So if I had something that would automatically do that it would help a ton. just something that would give a 404 responce to anyone with "tracker2.php" in the referrer string would work.

That would prevent this from happening again.

Any ideas?

What about 'on mouseover' Refresh? I am seeing a site that has Lots of spam pages that rank high in Google for some terms the user clicks on the website and if they move they're mouse, the page refreshes to the websites home page.

I reported it to google, And let the website owner know its against the Google TOS. We are not in direct competition yet, but moving into the market and looking to make room for my NON spammy, sweat and tears made website :)

I thought Google got rid of this problem I remember when it was 'big' but they still rank high!?!

A similar thing happened on one of my Forums, although it was mainly porn sites adding 1x1px images with an onload event that changed the document url to their site.

I have fixed this by banning any posts with "onload" in the text.

Hi there

I think the simplest way to battle this is to go to the offending domains ISP and shove thier TOS in their face to force them to take action.

Next is to post the offending sites name on line.

Another thing you can do is build a page with the keywords
"pages hijackers" "webste hijacker" webpage hijacker" and then go on a 700 word rant about the scum. Dont forget to use your keywords a few times and then submit the page to google ;-> Watch it get picked up quickly.

Really want to have some fun..submit the scum sites e-mail addresses to porn sites, pharmacy sites and gambling sites.

Next sign up to Google Groups and start a rant on Googles redirect failure. Bet google takes notice real quick.

Also Google has lots of investors if anyone has an extra $80.00 they can sign up at www.prweb.com for full service press release, Write a press release explaining Googles algorithims errors....The one way links back to your site doing this would probably boost your Google PR 3 points or so.

Also if you live near a major city most police departments have an internet crimes division and they can be of assistance.

You can do a google search on the law by typing in "crimes by computer"

Also if the offending site is not in the same state or country as yours the FBI or your local law enforceent could become involved since it involves "hijackings" which is illegal no matter what the goods are that are being transported.

Several other terms that you can research or use to write to the sites ISP:

"copyright infringement"
"trademark infringement"
"theft by deception"
"crimes by computer"
"crimes over the internet"
and with a sharp lawyer
"identity theft"

One could probably even go so far as to notify the domain name registar as well.

Also couldnt adding a meta to your pages like so beat this?

<META HTTP-EQUIV="refresh" CONTENT="2; URL=http://www.mydomain.com">

Oh an another though...take it to the blogs and other seo forums.

Use keyword terms like "Google Ripoff" "Google Error" "Google Investor Alert" in your forum signatures and blogs.

Signed
An insane seo with a wicked revenge streak who cant stand blackhat seo

Clint

Are the hijackers making any real money doing this?

OK this is some interesting reading, I also have lost some big ranking, so how do you see if you got hijacked and what can you do - please a biginner guide.

For Zeus

You have a PR5

www.checkpagerank.com

What did you have?

How old are links to your site?

Google did an Internet Backlink Update last month and dropped PR on many sites due to stale links.
Google has also moved to continual indexing as opposed to monthly indexing.

Clint

PR is always about 5-6, backlinks increased by 65 new ones and the site is 2-3 years old, ok this is a big problem loosing 80% of my visitors but thats not the isue here, its about hijacking and I do not know how to check a site if this is happening.

Hi Zeus,

OK this is some interesting reading, I also have lost some big ranking, so how do you see if you got hijacked and what can you do - please a biginner guide.

Search google for the following:

inurl:www.domain.com

Look for URLs with "tracker2" included in the url with a redirect to your own site similar to the following:

www.hijacker'sdomain.com/tracker2.php?url=http://www.innocentvictum'sdomain.com/subpagegoeshere.html

Then look for any other URL that has a redirect hidden in the title of the page i.e., FILE NOT FOUND, which redirects from their page to yours.

Run your mouse over every url and watch the bottom of your browser and see where it goes. If you suspect foul play click on the link to see what happens.

Then gather domain name data, contact email off the offending web site (if there is any) and write the culprit. If the email contact bounces then contact the hosting company and write them. The hosting company is listed at the bottom of the domain name data. If there is only IP numbers use this site to gain more info:

[freeality.com...]
scroll down to <b>domain name search</b> and input the IP address into:
<b>EONS reverse IP address</b> and it will give you the name and contact data of the hosting Co.

Thanks Lorel

Ok I dont think I have seen that but I will have a look I have seen many with //mydomaname.com.otherdomain.com and then with text on the site with my domain name.

P.s Damn I just found some, what can they get out of that? and shall I also report it to Google

There are many different kinds of scripts etc causing this problem. But tracker2.php is the biggest. there are also sites that use mod rewrite to cause urls like theirsite.com/mysite.com.html

There are also redirects like this too.
theirsite.com/outhttp://mysite.com.html

People are finding all kinds of different variations of the same problem.

It does seem like google is trying to work on it because stuff is changing but as for my sites the problem is still there.

I guess it takes longer for google to update now that their database is twice as big. But we'll see what happens in the next few weeks.

Now all we need is logs proving that Googlebot behaves the same way with redirects from one domain to another.

Additional testing using redirects from one domain to another reveals:
-301 redirect test page is no longer indexed
-302 redirect test page is no longer indexed
-meta refresh test page (0 seconds delay) shows a page from before the redirect was implemented in Google's cache and the indexed URL points to the meta refresh test page

Google appears to be making good progress with this problem although it's taken a looonnng time. Sites currently hijacked can probably expect a delay of several months before hijacks are fully unindexed/reindexed and PR is fully restored.

Hi All,

Re the tracker2 hijacker that I reported to his hosting company (the music cd company). The host threatened to remove their site if they didn't remove the link and while it was still up yesterday (24 hours later) it's dissappeared from Google already today.

I haven't had the same luck with the other tracker2 hijacker's Host however. I'll have to climb higher up the tree I guess.

I posted the following in a new thread a few days ago (thinking this thread had died).

Having uploaded a huge update to my site a few days ago, I decided to do a site: search to see how things are going. Imagine my surprise when this yielded three results, the urls of which all point to other sites.

All these pages use meta redirects with a two-second delay to initiate the download of files from my site.

So it would appear that Google have changed something with respect to meta redirects, but it looks like a bodge rather than a proper fix.

This does suggest that diagnosing a page-hijack by redirect is easier now - just do a site: search.

I have been too busy to follow this problem recently, so I apologise if the above has already been discussed.

Kaled.

If you find someone doing any blackhat seo tactics you can report them at this url once you fix the link

htt p://ww wgoo gle.com/co ntact/spamreport.html

Clint

DaveAtIFG stated:

Additional testing using redirects from one domain to another reveals:
-301 redirect test page is no longer indexed
-302 redirect test page is no longer indexed
-meta refresh test page (0 seconds delay) shows a page from before the redirect was implemented in Google's cache and the indexed URL points to the meta refresh test page

Thanks for sharing these results, Dave. Promising, indeed.

Is this something you noticed recently?

When did this new and imprpoved handling of 301/302 redirects across different domains went into effect?

Thanks again for these very interesting test results.