Welcome to WebmasterWorld Guest from

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Hackers Exploiting Canonical Tags

12:55 am on May 12, 2011 (gmt 0)

Administrator from US 

WebmasterWorld Administrator goodroi is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 21, 2004
votes: 225

I came across a website with canonical tags setup on all of their pages and they were pointing to a spam site. I suspect someone hacked in and changed the canonical tags to siphon link juice. Now that cross cross-domain canonical tags are supported I would not be surprised if this becomes more common.

The canonical tag is a small line of code that is easy to overlook despite its large implications.
12:29 am on May 18, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 25, 2011
votes: 0

It's a quick and easy way to steal some link juice. You could put hidden links too, but in most situations that's probably not as good as using this.

Then again, it's almost as easy to drop a content generating script on a server, and that will make way more money than just using it for links.
1:24 pm on May 18, 2011 (gmt 0)

New User

5+ Year Member

joined:Mar 17, 2011
posts: 4
votes: 0

I'm running an experiment to try to exploit Rel-canonical in the <body>, and, consistent with Matt's statement, it doesn't seem to work (even on the same domain). The comment about a a bad <head> (unclosed or doubling-up) may be worth testing, but I think Google is pretty good about ignoring secondary <head> sections.

On the other hand, every experience I've had with Rel-canonical suggest that it's VERY powerful and much more than just a suggestion. Even cross-domain canonicals seem to be working much more often than I would've originally expected.
4:37 pm on May 23, 2011 (gmt 0)

New User

5+ Year Member

joined:Mar 11, 2011
votes: 0

I was recently involved in cleaning up several sites on a hacked server - and much to my surprise I found the canonical tag hacked in just this manner. It was a Joomla site, and the actual Joomla template had been modified by the hacker.

The only way I noticed it was that I had a FireFox plugin (SearchStatus) that I was experimenting with. It places a "C" icon in the location (right next to the RSS icon) and I'd never noticed it before. I clicked on it a was taken to the hacker's spam site.
This 33 message thread spans 2 pages: 33

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members