Forum Moderators: Robert Charlton & goodroi
Many unethical webmasters and site owners are already creating thousands of TEMPLATED (ready to go) SKYSCRAPER sites fed by affiliate companies immense databases. These companies that have your website info within their databases feed your page snippets, without your permission, to vast numbers of the skyscraper sites. A carefully adjusted variant php based redirection script that causes a 302 redirect to your site, and included in the script an affiliate click checker, goes to work. What is very sneaky is the randomly generated meta refresh page that can only be detected via the use of a good header interrogation tool.
Googlebot and MSMBOT follow these php scripts to either an internal sub-domain containing the 302 redirect or serverside and “BANG” down goes your site if it has a pagerank below the offending site. Your index page is crippled because googlebot and msnbot now consider your home page at best a supplemental page of the offending site. The offending sites URL that contains your URL is indexed as belonging to the offending site. The offending site knows that google does not reveal all links pointing to your site, takes a couple of months to update, and thus an INURL:YOURSITE.COM will not be of much help to trace for a long time. Note that these scripts apply your URL mostly stripped or without the WWW. Making detection harder. This also causes googlebot to generate another URL listing for your site that can be seen as duplicate content. A 301 redirect resolves at least the short URL problem so aleviating google from deciding which of the two URL's of your site to index higher, more often the higher linked pagerank.
Your only hope is that your pagerank is higher than the offending site. This alone is no guarantee because the offending site would have targeted many higher pagerank sites within its system on the off chance that it strips at least one of the targets. This is further applied by hundreds of other hidden 301 permanent redirects to pagerank 7 or above sites, again in the hope of stripping a high pagerank site. This would then empower their scripts to highjack more efficiently. Sadly supposedly ethical big name affiliates are involved in this scam, they know it is going on and google adwords is probably the main target of revenue. Though I am sure only google do not approve of their adsense program to be used in such manner.
Many such offending sites have no e-mail contact and hidden WHOIS and no telephone number. Even if you were to contact them, you will find in most cases that the owner or webmaster cannot remove your links at their site because the feeds are by affiliate databases.
There is no point in contacting GOOGLE or MSN because this problem has been around for at least 9 months, only now it is escalating at an alarming rate. All pagerank sites of 5 or below are susceptible, if your site is 3 or 4 then be very alarmed. A skyscraper site only need create child page linking to get pagerank 4 or 5 without the need to strip other sites.
Caution, trying to exclude via robots text will not help because these scripts are nearly able to convert daily.
Trying to remove a link through google that looks like
new.searc**verywhere.co.uk/goto.php?path=yoursite.com%2F will result in your entire website being removed from google’s index for an indefinite period time, at least 90 days and you cannot get re-indexed within this timeline.
I am working on an automated 302 REBOUND SCRIPT to trace and counteract an offending site. This script will spider and detect all pages including sub-domains within an offending site and blast all of its pages, including dynamic pages with a 302 or 301 redirect. Hopefully it will detect the feeding database and blast it with as many 302 redirects as it contains URLS. So in essence a programme in perpetual motion creating millions of 302 redirects so long as it stays on. As every page is a unique URL, the script will hopefully continue to create and bombard a site that generates dynamically generated pages that possesses php, asp, cigi redirecting scripts. A SKYSCRAPER site that is fed can have its server totally occupied by a single efficient spider that continually requests pages in split seconds continually throughout the day and week.
If the repeatedly spidered site is depleted of its bandwidth, it may then be possible to remove it via googles URL removal tool. You only need a few seconds of 404 or a 403 regarding the offending site for google’s url console to detect what it needs. Either the site or the damaging link.
I hope I have been informative and to help anybody that has a hijacked site who’s natural revenue has been unfairly treated. Also note that your site may never gain its rank even after the removal of the offending links. Talking to offending site owners often result in their denial that they are causing problems and say that they are only counting outbound clicks. And they seam reluctant to remove your links....Yeah, pull the other one.
[edited by: Brett_Tabke at 9:49 pm (utc) on Mar. 16, 2005]
Adsense is just ONE of the money makers. Many of them are affiliate or other PPC publisers too. You could spend all day identifying them and tracking down their affiliates, etc.
There is no 'remove url' but there is a 'report bad links' so I just blocked them and reported them.
Also I have a looong cgi type one there too - no title no description just this link from about. They display one of my pages in a frame. I was thinking to just put a framebuster on that page.
I assume we all could together and fill up the spam reports :
[google.com...]
[add.yahoo.com...]
The act will be against your principles and you will not be able to sleep knowing you pointed a gun at someone innocent.
well it just seems we'll have to choose our target carefully. There are plenty of large corporations that maybe innocent in this 302 hijacking issue, but are far from innocent on the grand scale of things.
A little bit of hacktivism to kill 2 birds with one stone perhaps?
O.K. but you will need to deny Google's spiders for this to work. When the googlebot visited the redirecting site they recorded the link to your site as a temporary repository for content belonging to the redirecting site's URL. Later, another spider follows that link TO your site. To prevent the redirecting site from getting credit for your page... you would need to ban googlebot from access... then the redirecting site will get zero. But then again so will you. It's a no win for you. I will repeat this again though it seems to do no good... there is no real difference in representing a third party websites copyrighted work as belonging to a URL you control from actually cutting and reposting it.
On a side note these folks DO sometimes use link checkers to see that their redirect targets are still live. I am of the belief that denying this activity does help as it causes the redirect site owner to believe the link to be bad and they will change it to point at somebody elses site. For this reason I ban the i.p. address blocks of discount web hosts and bargain basement colocation facilities as I come across them. Home cable modem and DSL users that display this type activity get trapped one at a time.
Do a search for site:rds.yahoo.com and you'll see thousands of inurl:somedomain.com. Perform a manual get of the links and you'll find that even Yahoo is using 302 redirects to send visitors to the destination page. Hijacked by Yahoo? Thousands (millions?) of other websites use outbound click-tracking, the majority use some form of redirect/refresh.
The Internet is not the problem.
Google is not the Internet.
All this energy could better be directed at the folks actually responsible for the SERPs. (hint, starts with 'G')
Perhaps you are correct. If enough people here wish I may lay down a blueprint of how it can be acheived.
We could pump out CGI controlled 302 redirects to say an entire network of a targetted site.
Provide the paths for googlebot to go to the site via a 302 directive. Including paths via search results in Alexa, Yahoo and other search engines and directories who have loopholes in the production of their results by them displaying the address of the result. A website full of links leading to the 302 in all possible ways.
Monitor the results and compare to before we did it to see if an effect had been acheived.
We must first check its inurl: make sure it is clean, then we pump it untill it goes down in rankings.
Big possibility.... Let me know if enough volunteers.
It may also be possible that google is aware of this thread. I deliberately pointed out how easy this trick can be done. They now know that if enough people see this thread then it may play havoc on their system and other websites.
Their engineers would also know I left out a few key factors that causes googlebot to create a duplicate page. It involves their freshbot and deepcrawl which I mentioned in this thread. I am near 100% sure of the conditions that are needed. I lack the skill of a professional blackhat who does it day in day out. You simply keep pumping away at the target relentlessly providing the bots with the linking paths to the redirects. RELENTLESSLY until the site goes down or duplicate pages start to appear.
Don't be surprised if the 302 problem goes away in the near future.
But before we do this to a website, we must all agree to warn the targetted site. Hey, it is not illegal so they should not mind and welcome it. We are only testing all sorts of things like how well our 302 method works and monitoring the number of robots pass through our 302 on the way to their site. I don't think any site will mind it.
Please contact a high ranking site as soon as possible, let them know what we are going to do so that we get on with it as soon as possible. Try calling them by telephone to get their approval to speed things up.
also I just want to block that one link from that one directory - if that means I have to block a range of IP's belonging to that company then so be it - they don't send me any clicks anyhow.
you don't seem to be understanding this, You cannot block an "link".
Google goes to the hijacker's site, sees the url that is nothing more than a 302 redirect and sticks it in its database.
later googlebot (from google's IPs) comes and spiders that URL and is redirected to your content. Gbot never realizes that the url is not really where the content is.
please tell me what IP you plan to block? the page that is linking to you? it will do no good. the only Ips that ever access your site are the IPs of people/bots that are viewing your site.
I'm one volunteer and i'm an experienced PHP developer who is ready to do some serious coding if need be.
Lets do this, enough talking.
Google is not the Internet.
Unfortunately, for about 70% of the people who use the internet, G is.
Claus, if you use only absolute referencing in your pages and no relative, should you still install this?
now that i think of it i have a few we could use, they'd need some incoming links to get the bots really moving but they'd work.
and who are major google investors with websites we could target?
Somebody please contact a high ranking site that gets about 10,000 unique hits per day and inform them that a group of webmasters are planning to pass a vast number of CGI, GO-PHP META REFRESH and other variant scripts that cause 302 redirects relentlessly to their network of web pages 6 levels deep. It is not against the law and that they have no right to refuse us.
We want to implement our testing within the next few days and that our ultimate goal is to expedite the creation of as many dulicate pages of their website as possible in googles results. We will monitor results and inform them of our findings as we go along. Our main target page will be their index pages within subdomains and folders. But we will not exclude any internal pages because we want to see how many of those we can also cause duplicates of in google's databases.
I will be very interested to see if the website agrees. They already are being 302'd by Yahoo, Alexa etc etc, so it should make no difference to them.
Why do I think they will reply with legal threats! We will see.
