Welcome to WebmasterWorld Guest from 54.159.26.69

Message Too Old, No Replies

Solutions to 302 Hijacking

     

chadmg

8:48 pm on Mar 11, 2005 (gmt 0)

10+ Year Member



I haven't fallen victim to this scam yet, but I'd rather prevent this than react to it. So I'm enlisting WebmasterWorld's help in coming up with a hopefully only temporary solution. Here's one idea I've had. Maybe we can improve upon it or come up with a better one.

  1. When someone visits a page on your site, you detect whether the referrer is from an outside website. (Yes, I know that the referrer is not guaranteed correct, but it's all I've got.)
  2. You check this referrer against a list of trusted referrers, whether from a database or text file or other means.
  3. Optional: Check the server headers of the referrer for a 302 redirect.
  4. If the referer is yet untrusted (and a 302), you log the referer and display a meta tag on the page, such as

    <META NAME="GOOGLEBOT" CONTENT="NOINDEX">

    This way other SE's will still index you.
  5. Then you look through your referrer log on a regular basis to see if you can trust any of the your new referrers

ciml

3:06 pm on Mar 12, 2005 (gmt 0)

WebmasterWorld Senior Member ciml is a WebmasterWorld Top Contributor of All Time 10+ Year Member



That is a nice idea chadmg, but Googlebot doesn't send the 'referer'.

Also, if there happened to be a redirect to your home page, along with many other links, then you wouldn't want to instruct the robot to de-list that page,

john316

4:15 pm on Mar 12, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I posted this earlier in the long thread but it may have gotten lost in the noise.

I did this to one ripper:

it is two steps, you need their IP, htaccess and php:

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^111\.111\.111\.111$
RewriteCond %{REQUEST_URI}!^/redirect\.php$ [NC]
RewriteRule ^(.*) /redirect.php [R]

That will send requests from their IP to your redirect.php file that contains:

<?php
header("Location: [where*you*send*them.com...]
exit;
?>

That will send the request coming from their IP to lala land so when doofusbot requests h*tp://www.example.com/gotosite.asp?ccxxyyourstuff.com it gets www.where*you*send*them.com/whatever.html, I would recco a few destinations, but that is up to you (bad neihborhoods come to mind).

It takes a few weeks for the interlopers cache of your stuff to disappear.

elklabone

5:48 pm on Mar 12, 2005 (gmt 0)

10+ Year Member



OK, so now is there a way to automatically detect if someone is trying to do this to you? Maybe someone smarter than me could put an open-source package together that was written in PHP, and ran on a crontab and checked once a week or so for sites that are doing this, then could automatically notify the webmaster to add the appropriate rewrite rule to htaccess. That would be awesome.

--Mark

thnkfst

5:31 pm on Mar 13, 2005 (gmt 0)

10+ Year Member



I was actually able to successfully get the fool who hijacked my site to remove the link.

Does anybody know how long it takes to recover from such a hit?

Has anyone been able to recover any of their rankings?

BigDave

7:04 pm on Mar 13, 2005 (gmt 0)

WebmasterWorld Senior Member bigdave is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Has anyone tried moving their URL and putting in a 301 on the address that has been hijacked?

martingale

8:17 pm on Mar 13, 2005 (gmt 0)

10+ Year Member



None of this will work. Googlebot does not "follow" a link from the other page to yours; and it doesn't matter one whit whether you stop other people from doing so. All that matters is Googlebot. Nothing else.

catch2948

3:24 am on Mar 14, 2005 (gmt 0)

10+ Year Member



Hmmm ... I am trying to do this, but once I add the lines to my .htaccess file, my entire site becomes unviewable (eg - server returns 403 errors for all pages. I have the correct IP of the jacker ... WHat could be happening?

The following line appears in my error log:

Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/virtual/site1/fst/var/www/html/

oagady

3:49 am on Mar 14, 2005 (gmt 0)

10+ Year Member



I believe that chadmg's idea may work. In this case when Google follows that questionable redirect, it gets the meta tag "<META NAME="GOOGLEBOT" CONTENT="NOINDEX"> ". When it follows other links, it doesn not get this meta tag. The question is - can it hurt your position in Google (the fact that sometimes it gets "NOINDEX" and sometimes not)?

Olga

catch2948

3:55 am on Mar 14, 2005 (gmt 0)

10+ Year Member



Figured out that I had to add the Options +FollowSymLinks line in htaccess. But it is still not working for some reason. Just not returning 403 errors anymore.

Edouard_H

4:37 am on Mar 14, 2005 (gmt 0)

10+ Year Member



The two solutions offered in this thread may work in other scenarios, but not in the case of page jacking (301 > 302 from non cachable pages with meta refresh). The redirect pages are not the referrer nor are they the REMOTE_ADDR.

ciml

10:20 am on Mar 14, 2005 (gmt 0)

WebmasterWorld Senior Member ciml is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Googlebot does not send the 'referer'.

chadmg

3:23 pm on Mar 15, 2005 (gmt 0)

10+ Year Member



Alright, I must have been very tired to forget that Googlebot does not have a referer.

Does anyone who has had this happen to them know what happens when you take the page that is 302 redirected to and do a 301 redirect to another page? Does this have any effect on fixing the problem after you've been hijacked?

Reid

5:38 am on Mar 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



RewriteRule ^example\.html$ h**p://www.example.net/example.html [R=301,L]

what bout doing this to each and every page?

edit in - this way your server will never return a 200 always a 301 you can set up a .htaccess in each directory for the files in that directory.

Reid

7:40 am on Mar 17, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



cmon guys we need a solution NOW!

there are e-books 'how to make $'s on the internet right away' 'how to become rich instantly' 'the secret to making money on the internet' these are all about how to build a scraper site and hijack google with 302's.

There is SEO sofware "instant results" it is automated 302 hijacking software. People are buying it up. We can't wait for Google or MSN to fix it, we need a bulletproof solution right now.

Any guru's out there? How would googlebot respond to no 200's just 301's every page every time?

BigDave

8:40 am on Mar 17, 2005 (gmt 0)

WebmasterWorld Senior Member bigdave is a WebmasterWorld Top Contributor of All Time 10+ Year Member



cmon guys we need a solution NOW!

If you need a solution (I certainly don't) then try doing some experimentation on your own site. I can't do anything because I don't have the problem.

How would googlebot respond to no 200's just 301's every page every time?

Uh, you have to eventually give it a 200. Setting up an infinite loop of 301s ain't going to help your ranking, traffic or conversions.

Take one of your pages that is having problems with this. Change the name of the file, and set up a RedirectPermanent and tell us what happens.

indigojo

9:01 am on Mar 17, 2005 (gmt 0)

10+ Year Member



Can't we have the TOS rule lifted just this once and compile a list of all the known hijackers. Surely this is for the greater good...

T_Rex

8:09 am on Mar 18, 2005 (gmt 0)

10+ Year Member



John316, an excellent idea. I love it. Is it possible to just leave out the the second mod_rewrite condition and the rewrite it offsite [R=301,L] to their homepage. Doesn't have to be with PHP does it?

Lorel

11:50 pm on Mar 18, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member




Can't we have the TOS rule lifted just this once and compile a list of all the known hijackers. Surely this is for the greater good.

They would be sued by every one of them (which is the reason for the TOS) and besides it would use up all of WebmasterWorld's bandwidth just for that one thread.

Bobby

12:14 am on Mar 19, 2005 (gmt 0)

10+ Year Member



cmon guys we need a solution NOW!

I know this might sound off the wall but...

What would it take for Google to simply set up a system where a special 'spider' verifies whether or not pages (which are suspected as hijackers and have been submitted thru a form by the hijackee) are indeed using a 302 or whatever clever script they've got to steel the content from another site?

Once the hijacker is detected the domain could be put on a black list or forever banned preferably.

The form might include both the hijacker as well as the hijackee so as to facilitate verification.

T_Rex

4:06 am on Mar 19, 2005 (gmt 0)

10+ Year Member



Lorel: If you want the info, (other than vague wha-wha about who did it) you can go elsewhere to pick up on a little of that. I posted a similar inquiry for a new thread earlier this evening that was automatically machine-diabled (put on hold) and still is. Probably I triggered a Lawyer-related stopword, but I donít know how to dance around them. Maybe they donít have so many Laywers*)&%* in Germany. Try this: [forum.#*$!.com...]

T_Rex

4:16 am on Mar 19, 2005 (gmt 0)

10+ Year Member



Lorel: Sorry that the URL didn't get through. If you do a search for "In a german discussion board I found a very simple solution to that" you can find it that way. I guess I'm not having a very good IT night. But then I'm not even an IT professional. I'm just some guy with a Master's in Engineering who is trying to learn and does this for a hobby and supplimental income. I have developed a sucurity plan to move forward with this topic; I'm not resting on my laurals waiting for "it can't happen Here" so let google fix it.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month