I spent yesterday sending four or five emails with a reader who couldn't believe that search listings on Google actually could get hijacked. Yes, I told him -- they do. Today, there was a great example to show him. Google itself had one of its own listings hijacked.
... Google AdSense is a fast and easy way for website publishers
of all sizes to display relevant Google ads on their website's
content pages and earn money ...
www.all-in-one-business.com/adsense/ - 16k -
Cached - Similar pages
Notice the URL:
That's definitely not Google's! Yet if you click on it, you end up at the official Google page, located here:
What's happening? The URL that's listed is using a meta redirect command like this:
META HTTP-EQUIV="Refresh" CONTENT="0; URL=https://www.google.com/adsense/"
That fast redirect is being treated by Google as if it is a 302 temporary redirect. And in that case, it may substitute the page being pointed at by the redirect with the address of the page doing the pointing.
Claus Schmidt did a bang-up explaining this in great detail back in March. See his Page Hijack: The 302 Exploit, Redirects and Google for more on it.
FYI, Yahoo seems to have solved this problem by going against the way redirects are officially supposed to be treated. Barry Schwartz explains more at the end of this post: Redirects and Rewriting
I heard from someone out at SES Toronto that despite this, Yahoo was still having problems similar to Google with redirection hijacking. However, I talked with Claus today, and he's not heard of this coming back as a problem. Neither have I. Which begs the question, if Yahoo can do it, why can't Google?
For more background, see links in these past posts:
- Google Addressing 302 Redirection Hijacking Issues
- Google Ranking Alternative Domain Tops For Searches On Google
- Google's Redirect Hijacking Problem Gets Slashdotted
- Redirection Problems With Google, Yahoo
Want to discuss? You'll find chatter at Threadwatch and WebmasterWorld, as well as at our own Search Engine Watch Forums, in the Google AdSense Page Highjacked thread. That thread also covers how another site has managed to hijack the backlinks to Google itself. Instant PR 10 site!Postscript: Google sent me this comment yesterday: "We are aware of the problem and working to remedy the situation."
Introducing SES Online
Want to view one of the sessions you missed or listen to an especially informative presenter a second time? SES New York sessions are available for purchase on ClickZ Academy's new e-Learning site. SES is now Online!