A new type of spam cloaking is getting more popular: spammers hack into popular websites that have high rankings on Google and then insert keyword rich links and redirects to other websites. What can you do to make sure that your website is not abused by spammers?
What is cloaking?
Cloaking is a spamming technique in which the content presented to the search engine spider is different from the content presented to regular users.This is done by delivering content based on the user-agent HTTP header of the user requesting the page, the IP address of a user or the referring page:
- When a user is identified as a search engine spider, a server-side script delivers a different version of the web page.
The search engine spider can be identified based on the IP address and on the user-agent HTTP header.
- When a user comes from a particular page (for example a Google search result page), the web server delivers a different version of the page than users get when they enter the URL of the page directly in the browser.
These methods can be combined. A web page can be cloaked based on the IP address, the user-agent, referring web page or any combination of these three factors.
How do spammers abuse your website?
Many websites have security holes. Spammers use them to hack into your server and to change the content of your web pages. They can do the following with your pages:
- They insert keyword rich links to spammer sites on your web pages. These links are only visible to Google's indexing spider. For Google, it looks as if your website is endorsing the spammer website with a link.
- They redirect your website visitors to their own pages. Google gets your regular page. People who visit your web pages after clicking on your website listing on Google's search results will be redirected to the spammer website.
How can you find out if spammers abuse your site?
There are several ways to find out if spammers change your web pages:
- Download the free IBP demo version and select "Tools > Search engine spider simulator". Enter the URL of one of your web pages and select "Googlebot". The spider simulator will show you how Google sees your web pages.
This method enables you to check if someone returns different pages based on the user-agent.- Search Google for "site:yourdomain.com" (replace yourdomain.com with your own domain). Browse through the search result pages and check the titles and descriptions that Google uses for your web pages.
Click on a listing to make sure that visitors are directed to the correct page.- Click on the "Cached" link on Google's search result pages for your domain to see the content that Google has indexed on your pages.
Look for links, Javascript and other elements that don't belong on your page.
Use the tips above to find out if hackers have changed the content of your web pages. To make sure that hackers cannot abuse your website, use the latest version of your content management system and install the latest security updates.
No comments:
Post a Comment