Welcome to WebmasterWorld Guest from 126.96.36.199
So I thought I understood 302 hijacking, but what I was really familiar with was one particular situation: The hacker sets up his own 302 redirect to one of your site's high-ranking pages, then gets Google to spider it, and, through an unlikely but possible series of events, ends up having the link for your high-ranking page in the SERP swapped out for a link to the hacker's original redirect page.
OK, but what I'm not familiar with is a scenario where the hacker hijacks your own tracking redirect script, getting your script to do a 302 redirect to, say, a warez site, and then the hacker gets Google to index a gazillion of these tampered redirect script links, so that a "site:" query for your domain suddenly shows all these new pages in Google's index that are nothing more than hijacked redirects to the warez site.
For example, you have a tracking script for your PPC ads that normally would be used to do two things: It writes a tracking code to a cookie and then redirects the user to the appropriate landing page. Here's how such a URL might look:
When the hacker discovers it, they replace your redirect URL with their own, and they're in business:
So the question is: Assuming your site already had good rankings for your target keywords, could having thousands of these hacked URLs suddenly showing up in Google's index actually hurt the rankings of your "good" pages, or would they keep their rankings independently of the presence of all these new crap pages?
I immediately removed the script and removed the page from Google.
The extra traffic died down over a period of about 5 days and there were no obvious problems caused at the time.
My site did however take a dive a few days before Xmas, which may or may not have been related.
I thought I had security reasonably under control but hadn't considered my redirect script (which was there to count clicks on links) and the occurrence must have damaged any "Trust Ranking"
I've been reading Stuntdubl's 2006 post "The Trust Knob is WAY too High - Google Trustbox" [stuntdubl.com], and it lists three primary elements of establishing a trust metric for any given site:
- The age of the web site
- The number and overall age of the site's inbound links
- The trust metric for each of the site's inbound links (which, among other things, might be influenced by the TLD: .edu, .gov, etc.)
It's probably hard to make the determination without another site to compare to, but when you think about those factors, would you say that your site might have been at all weak in any of those three factors? Or do you feel confident about the strength of those factors?
How about anybody else? If, all of a sudden, thousands of hacked redirect links under your site's URL appear in Google's index, does that erode your site's trust rank (or whatever it's called) and then lead to a drop in rankings?
So nobody has any idea whether suddenly having thousands of versions of a site's hacked redirect script show up in Google might hurt that site's rankings? Apologies if this is a dumb question; I just haven't found an answer yet.