Forum Moderators: Robert Charlton & goodroi
Googlebot will not see the redirect when it spiders, and a direct visit to your page through the location bar or a link elsewhere will not be redirected -- only the first click by an end user on a Google result will be redirected.
I first heard one single report like this last fall, but apparently the hack is now growing in the wild. I wonder how many traffic anomalies we hear about are related to this type of hack. If your Google traffic seems too low for your SERP position, this is worth looking into.
John closes with this observation:
Recognizing something like this algorithmically on Google's side would be possible with the Googlebar-data. Assuming all shown URLs are recorded, they could compare the URL clicked in the search results with the URL finally shown on the user's browser (within the frames). At the same time, the setup could be used to detect almost any kind of cloaking.[johnmu.com...]
This hack is no mere defacement, and not even parasite hosting for links. It's out and out traffic theft.
This information is 2 years old by now
Thanks, clearly I didn't notice that. His RSS feed just published it again for some reason, and I took off running.
So if it says
HTTP/1.x 200 OK
does that mean everything is ok? I am not sure which line to look at?
You know if your page redirects, right? So if your server should not redirect the request for your page but it does, then you've got this kind of problem.
Which line to look at in HTTP headres? There may be lots of chatter in the http headers when you click on Google search result, depending on your toolbars, add-ons etc. You're looking for the section with your server's response to the browser request "GET [your suspect url] Host:[your hostname]". It will come immediately soon after (usually immediately after) the google server chatter.
Not every related hack will be a 302, there may be a 301 or whatever.
What is odd is that the same page will normally not redirect, but sometimes does. For example, in the same log we can find both of lines shown below, the first one is redirect, the second one is what we would normally expect.
GET /robots.txt HTTP/1.1" 301 349 "-" "Mozilla/5.0 (compatible; Charlotte/1.1; http://www.searchme.com/support/)
GET /robots.txt HTTP/1.1" 200 2017 "-" "Mozilla/5.0 (compatible; Charlotte/1.1; http://www.searchme.com/support/)
We also have:
GET / HTTP/1.0" 301 327 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)
GET / HTTP/1.0" 200 21848 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
I have also noticed that most of entries where the user agent is Slurp/3.0 is 301 redirect.
Any ideas how I can find out what is going on and what would be the best course of action to take?
Many thanks
The subject of this thread is an entirely different issue.
The reason why I posted is here is:
You know if your page redirects, right? So if your server should not redirect the request for your page but it does, then you've got this kind of problem.
I have a number of GET statements in logs where the page requested is actual html page which should not redirect (and also should not have backslash at the end), so it is not backslash issue and your response does not explain occasional 301 on robots.txt.
I know pages that should not redirect.
GET /example.html
GET /example1.html
etc...
All these should not redirect. And looking in the logs, in most cases they don't, but then I can see some GET requests where they do, and the request is exactly the same request (the user agent may or may not be the same, it varies).
And such redirects are never followed by another request to our site by the same user agent.
