302 Hijacking: An Old Danger Made New Again

Ralph Rocks is a fragrance by the Ralph Lauren company. Now Smell This is a popular blog about perfumes that wrote the top-ranked page for a search on the fragrance.

However, looking at the Google results, you’d never know that. The top search result belongs not to Now Smell This, but a fashion site called Stylefeeder (nofollowed).

Now Smell This is at the very bottom of the front page, tenth over all.

But if you click the Stylefeeder link, something strange happens, you get taken not to Stylefeeder’s site, but rather, to Now Smell This. Though the domain in Google clearly reads Stylefeeder.com, you land on Now Smell This’ Ralph Rocks page.

A simple look at the source code of the Stylefeeder page reveals the problem, it’s not a page at all. It’s a redirect. What happened is that Now Smell This has fallen victim to an almost ancient form of search engine spam, the 302 referrer hijack.

It’s an old threat, but as this case proves it is still around and it is a way for a spammer to steal your content and your ranking without ever copying a single word.

Hijacking 101

The 302 hijack is actually pretty straightforward. As Claus Schmidt explains in his paper on the subject, the 302 redirect is supposed to be used to temporary redirect users and search engines to a new site.

To a search engine or a browser, it is a way of saying that the content you seek is no longer here, but that it is, for the moment, at this new link. However, since the redirect is temporary, search engines hang on to the original link as it may change. Google, generally, continues to spider and index the 302 page in case it changes or redirects elsewhere.

The problem is that, since no page actually exists for the 302 referral, it is not a page but simply a script, search engines, in some cases at least, index the content from the new site and attribute it to the non-existent 302 page. This appears to be what happened with the “Ralph Rocks” case above.

In short, what happens is this:

  1. Google stumbles across the hijacker’s 302 redirect. Interprets it as saying “content over there for now”.
  2. Since Google sees that it is a temporary redirect, indexes the page as if it exists and then uses the content from the page it points to index the content.
  3. The original page, which is now the target of a 302 redirect, gets less weight with Google since it could, theoretically, change at any time and is supposedly just a temporary home.
  4. The redirect page, even though it doesn’t exist, can get moved up in the results for all of the keywords present in the original site.

When it is all said and done, the spammer has tricked the search engine into thinking that the original page is just a temporary site, a stop gap of sorts, and that its non-existent page is the original work.

It’s a devious trick and it gives spammers a means to scrape content without ever copying a single word. In the eyes of the search engines, they completely replace the original work.

Taking the Plane to Cuba

Once the spammer has control of the site’s search engine presence, he or she can do what they want with it.

Where traditional hijacking differs from what is going on with Stylefeeder is that, often times, the spammer will attempt to cloak their real intentions, offering the 302 redirect to the search engines, but sending human visitors to another site altogether.

However, the dangers of this redirect go well beyond mere spam. As Schmidt explains, it can also be used to redirect visitors to adult sites, set up false bank/credit card site or create false storefronts.

It is a very dangerous exploit and it is one that, theoretically, was closed of years ago. However, as cases such as this one and sites such as Google Jacking prove, this problem is still very real and very present.

It’s a scary problem for Webmasters, unlike scraping, which can be blocked, or plagiarism, which can be detected, 302 referral spam can not be blocked effectively and can not be detected until the spammer has already achieved their goal. According to Schmidt, once it has taken place, the damage is done and there is no easy way to claw back out.

That, in turn, makes taking precautions against such attacks very important. Something that is easier said than done.

Precautions

Schmidt goes on to recommend a series of steps that Webmasters can take to guard themselves against this kind of hijacking, they include the following.

  1. Redirecting non-www pages
  2. Use absolute internal linking on your site (full links with domain names)
  3. Have random, updated content on each page
  4. Use the “base” meta tag

Most of these precautions are simple to do, especially if you control your own server, and have no real impact on the end user. Thus, it makes sense, even if the potential reward is very small, to take the steps.

Some Good News

The good news is that, though it is clear 302 redirect spam is still a problem, it is also definitely on its way out. Most of the problem was dealt with by the search engines years ago and, though some are still able to exploit it, those who do so successfully seem to be few and far between.

In the case of Now Smell This, it is unlikely that the site in question would have gotten away with it if they had attempted to cloak their intentions. Google, by all accounts, has gotten a great deal better about detecting cloaking and that, in turn, has made this kind of spam much more difficult to execute.

Clearly, the heyday for this kind of spam is over. As devastating as it can be for content owners, it is a less of a concern now than it was a year ago and much less than it was three or four.

This is one area where the search engines have truly gotten smarter, just not smart enough to stamp out the problem completely as of yet.

Conclusions

Page hijacking, at least via 302 redirects, is not the problem it used to be. It’s harder than ever to get away with and it seems the major search engines have all done a decent job keeping it from overrunning their results.

However, the problem is not gone completely. 302 redirects can, and still do, affect search engine results and allow people to use your content against you, even if they never copy a single word.

Though it is not the concern it once was, it is still worthwhile to take a few simple precautions to prevent it from becoming a much larger issue. After all, only one site has to be successful with it to severely impact your own search engine ranking for a keyword and only a few have to be successful before your entire domain suffers.

But the real onus to stop this problem, as Schmidt points out, lies not with Webmasters but search engines. Though we can take precautions to help search engines tell the difference between a real redirect and a spam one, if the search engines don’t pick up on that, there is nothing that can be done.

Smarter search engines, ones not easily fooled by simple tricks, will be the real solution. Then again, that’s the same thing people have been saying about spam blogs for years and that problem has not gone away either.

Note: I attempted to contact Stylefeeder for this article and did not hear back in time to go to press. If I do hear from them, I will update this page.

Want to Reuse or Republish this Content?

If you want to feature this article in your site, classroom or elsewhere, just let us know! We usually grant permission within 24 hours.

Click Here to Get Permission for Free