Google warning: is your site abused through redirects?

Google recently wrote in one of its official blogs that it is possible for spammers to take advantage of your website without ever setting a virtual foot in your server. Spammers can do this by abusing open redirects.

What are open redirects?

Many websites use links that redirect their website visitors to another page. Some redirects are left open to any arbitrary destination. These redirects can be abused by spammers to trick web surfers and search engines into following links that seem to be pointing to your website although they redirect to a spammy website.

That means that people who think that they visit your website will be redirected to highly questionable web pages that might contain adult content, viruses, malware or phishing attempts.

Which redirects on your website could be abused?

Spammers are very inventive. According to Google, they have managed to use the redirect spam on a wide range of websites, including the websites of large well-known companies and the websites of small local government agencies.

For example, the following redirection types can be abused:

1. Scripts that redirect users to a file on the server can be abused by spammers. The links on your website could look like this:

   http://www.example.com/download.php?url=http://www…

   http:///www.example.com/get/pdf/?http://www…

2. Site search result pages with automatic redirect options. If the result pages of your internal site search feature contain an URL variable that sends your website visitors to other pages, spammers might be able to exploit them:

   http://www.example.com/search?q=keyword&page=1&url=…

3. Affiliate tracking links. Affiliate tracking links often allow people to direct website visitors to other pages. Spammers might enter their own URLs in the tracking links. Example:

   http://www.example.com/track.php?affid=123&url=…
   

4. Proxy pages. Proxy sites send people through to other websites and they can be abused by spammers:

   http://myproxy.example.com/?url…
   

5. Interstitial pages. Some websites show an interstitial page when users leave a website to let users know that the information found on the link is not under their control. These URLs usually look like this:

   http://www.example.com/redirect/http://www…

   http://www.example.com/out?http://www…

   http://www.example.com/cgi-bin/redirect.cgi?http://www…

How to find out if your website is abused

Even if you find none of the URLs above on your website, your site still may have open redirects. Do the following to check if your website is abused by spammers:

1. Make a site search on Google

   Go to Google.com and search for “site:yourdomain.com”. Replace yourdomain.com with your own domain name. If you see web pages that have nothing to do with your website then it’s likely that someone exploits a security hole on your website.

2. Check your web server logs for URL parameters like “=http:” or “=//”. If your redirection URLs get a lot of traffic, this could also be caused by spammers.
3. If you get user complaints about content or malware that you know cannot be found on your website then your website users might have seen your URL before they were redirected to the malware site.

What you can do to protect your website

It’s not easy to to make sure that your redirects aren’t exploited. The reason for that is that an open redirect is not a bug or a security flaw. There are some things that you can do to protect your website:

1. Check the referrer. Your redirect scripts should only work if they area accessed from another web page of your website. The redirect script should not work if the user accesses the script directly or from a search engine.
2. If possible, make sure that the script can only redirect to web pages and files that are on your own websites. You could use a whitelist of allowed destination domains.
3. Use the robots.txt file of your website to exclude search engines from the redirect scripts on your website. That will make your website less attractive for hackers.
4. Add a signature or a checksum to your redirect links so that only you can use the script.

Open redirect abuse is a big issue for Google right now. If you secure your scripts, spammers will move over to other websites and leave your website alone.

Official Google statement: how to get high rankings

This month, the Google Webmaster blog published an article in which Google’s Maile Ohye officially explained what it takes to get a high ranking in Google’s search result pages.

The blog article confirms that the methods that are used by Complete SEO to get high rankings are correct. But read it for yourself:

Inbound links are important but content is even more important

Google’s Maile Ohye writes the following about inbound links in his article:

“Inbound links are links from pages on external sites linking back to your site. Inbound links can bring new users to your site, and when the links are merit-based and freely-volunteered as an editorial choice, they’re also one of the positive signals to Google about your site’s importance.”

Nothing new here. If many related websites link to your site, and if these links look natural, this will help you rankings on Google a lot.

However, links are not the most important ranking factor. Maile Ohye gives a concrete example:

“Let’s say I have a site, example.com, that offers users a variety of unique website templates and design tips. One of the strongest ranking factors is my site’s content. Additionally, perhaps my site is also linked from three sources — however, one inbound link is from a spammy site.

As far as Google is concerned, we want only the two quality inbound links to contribute to the PageRank signal in our ranking. “

The website’s content is mentioned as one of the strongest ranking factors. The inbound links are additional. That makes sense. The content of your website tells Google what your website is about.

If you want to get a high ranking for the keyword “used cars in dallas” but your web pages are about microwave ovens then you won’t get high rankings for that keyword.

For that reason, it is very important that you optimize your web pages for the keywords for which you want to get high rankings before you try to get links from other sites.

Google analyzes over 200 ranking factors

According to the article in Google’s blog, Google analyzes more than 200 signals (we call them ‘ranking factors’) to specify the position of a web page in the search results:

“Given the user’s query, over 200 signals (including the analysis of the site’s content and inbound links as mentioned above) are applied to return the most relevant results to the user.”

It’s a simple two-step process

Getting high rankings on Google is a simple two-step process:

1. You must optimize your web page contents so that Google can find out what your website is about. Optimize your web pages for your keywords so that Google knows that your website is relevant to these keywords and your topic.
2. Other websites must confirm that your website is about that topic. That’s what inbound links are for.

It’s as simple as that. If your website passes Google’s analysis of all ranking factors, it will get a top 10 ranking.

 

Does Google ever forgive a penalized website?

Getting high rankings on Google is so important for the success of a website that some webmasters try anything to get on Google’s first result page.

Unfortunately, many of the methods that promise high search engine rankings are basically spam. Google doesn’t like spam at all and if Google finds out that your website contains spam elements, your website will be penalized.

Which web page elements are cosidered spam by Google?

Google considers quite a few things as spam. The most popular ones are automatically generated doorway pages, cloaking and false redirects, keyword stuffing, hidden text or hidden links, paid links and automated linking systems.

What does Google do to penalize websites?

When Google penalizes a website, the website will either be removed completely from the index or the positions of a website in the search results will be lowered.

Does Google ever forgive a penalized website?

In a discussion in an online forum, webmasters shared their experience with re-inclusion requests on Google. One webmaster reported that it took over one year until a website had its old rankings back:

“One of my clients was completely banned from Google for a spammy link exchange program; we cleaned ‘em all up and filed a reinclusion request, and they are currently #1-3 for just about every relevant search phrase you could think of.

They’re ranking higher now than they ever did before the penalty – but it did take about a year to work their way up to that point.”

Another webmaster confirmed that it takes long until Google re-gains trust in a website:

“That’s what I’ve seen, too. A long, slow release from ‘probation’ as trust builds.

I do think Google always has a record of the past penalty somewhere, and any future infractions might be dealt with quite harshly. But you definitely can see a site get completely released from the ranking effects of a penalty.”

It’s very likely that Google keeps a record of all previous penalties that have been applied to a website.

What does this mean for your website?

You should avoid shady SEO methods at all costs. Do not participate in automated linking schemes. If someone promises you a quick and easy solution that requires no or little work then it is very likely that it’s spam.

If your website has been penalized, remove all spam elements from your website and file a re-inclusion request on Google.

It seems that Google does forgive penalized websites but it takes a long time until a penalized site has its rankings back. During that time, you’ll lose a lot of visitors and sales.

Five mistakes that keep search engine robots away from your website

Many webmasters don’t get high rankings on Google and other search engines just because Google’s indexing robot has difficulty to index their web pages.

Search engine robots are very simple software programs. If an indexing robot cannot find the content of your website immediately, it will skip your site and go to the next link in the list. For that reason, it is very important to make sure that search engine robots can index your web pages without problems.

Here are the top 5 elements that drive search engine robots away:

Reason 1: Your robots.txt file is damaged or it contains a typo

If search engine robots misinterpret your robots.txt file, they might completely ignore your web pages.

Double check your robots.txt file and make sure that you use the disallow parameter only for web pages that you really don’t want to have indexed.

Reason 2: Your URLs contain too many variables

URLs with many variables can cause problems with search engine robots. If your URLs contain too many variables, search engine robots might ignore your pages.

Here’s Google’s official statement about web pages with many variables:

“Google indexes dynamically generated webpages, including .asp pages, .php pages, and pages with question marks in their URLs. However, these pages can cause problems for our crawler and may be ignored.”

Reason 3: You use session IDs in your URLs

Many search engines don’t index URLs that contain session IDs because they can lead to duplicate content problems. If possible, avoid session IDs in your URLs. Better use cookies to store session IDs.

Reason 4: Your web pages contain too much code

Of course, your web pages can contain JavaScript code, CSS code and other script code that is not directly related to your content. Visit your website with a web browser and select “View source” or “View HTML source”.

If it is difficult for you to spot the actual content of your website then search engines might also have difficulty to parse your pages.

Reason 5: Your website navigation causes problems

Fancy JavaScript or DHTML menus cannot be parsed by most search engine robots. Flash or AJAX menus are even worse when it comes to website navigation.

As mentioned above, search engine robots are very simple programs. They can follow HTML links, all other links can cause problems.

Optimized web page content and good inbound links are crucial for high search engine rankings. However, the best content and the best links won’t help you much if search engines cannot index your pages.

Make sure that search engine spiders can index your web pages without problems so that your web pages can get the rankings they deserve.