Google Redirector - referer in my server logs - Google Search and SEO forum at WebmasterWorld

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Google Redirector - referer in my server logs

arnarn

6:19 am on Nov 2, 2007 (gmt 0)

What is the google redirector.. who uses it and for what purpose?

I've tried to find more about some log entries which have referral content similar to the following:

http://www.google.com/url?&q=http://example.com/

if you use the query part ("q="), it results in a valid page being served and that happened (on the example log entry.)

In 2006 a similar question was posted in the Google Adwords forum by someone else but there were no comments.

The IP address in my log belongs to <edit> and checking for things like what services are at the address and traceroute don't seem to offer any more insight into who or what generated the log entries.

[edited by: tedster at 3:45 pm (utc) on Nov. 2, 2007]
[edit reason] removed specifics [/edit]

arnarn

5:20 pm on Nov 2, 2007 (gmt 0)

bump (sorry).. but I just found some new info (in case anyone has additional comments).. from January 2006

" Google Redirection Hole Used For Phishing ...
Google’s redirection hole is now being used as a phishing redirector. .. redirection without some way to whitelist is dangerous ... bad for your [customers] when they trust your link and go to a phishing site.."

Can someone explain what the above means? Most of the info I'm finding is from back in 2006.. has anything changed? Should we be concerned about this? If so, what is the recommended approach?
.

tedster

6:00 pm on Nov 2, 2007 (gmt 0)

Google's intended use for their Redirector is click tracking. The issue back in 2006 was that the Google Redirector worked "invisibly" and did not give you the interim page that it does today. This created a hole that various spam and especially phishing emailers exploited to cloak the links in their email and make them look like a Google url to gain the reader's trust. Today, you get that interim page, which is Google's way of short circuiting the trick.

A similar email link trick has been using the code that trips Google's "I'm Feeling Lucky" functionality. Of course, to make that work, the phisher needs to be sure that their url is #1 for the query they use.

More information at the SANS Institute's Internet Storm Center:
[isc.sans.org...]

So how might that Redirector link end up as a referer in YOUR server logs? I think that Redirector link takes people to a page that held an ad for your website and your visitor clicked on it. Because the traffic arrived at the referring page through the Google Redirector instead of directly, the referring url could be the Redirector version of the url.