Google warning: is your site abused through redirects?

Google recently wrote in one of its official blogs that it is possible for spammers to take advantage of your website without ever setting a virtual foot in your server. Spammers can do this by abusing open redirects.

What are open redirects?

Many websites use links that redirect their website visitors to another page. Some redirects are left open to any arbitrary destination. These redirects can be abused by spammers to trick web surfers and search engines into following links that seem to be pointing to your website although they redirect to a spammy website.

That means that people who think that they visit your website will be redirected to highly questionable web pages that might contain adult content, viruses, malware or phishing attempts.

Which redirects on your website could be abused?

Spammers are very inventive. According to Google, they have managed to use the redirect spam on a wide range of websites, including the websites of large well-known companies and the websites of small local government agencies.

For example, the following redirection types can be abused:

1. Scripts that redirect users to a file on the server can be abused by spammers. The links on your website could look like this:

   http://www.example.com/download.php?url=http://www…

   http:///www.example.com/get/pdf/?http://www…

2. Site search result pages with automatic redirect options. If the result pages of your internal site search feature contain an URL variable that sends your website visitors to other pages, spammers might be able to exploit them:

   http://www.example.com/search?q=keyword&page=1&url=…

3. Affiliate tracking links. Affiliate tracking links often allow people to direct website visitors to other pages. Spammers might enter their own URLs in the tracking links. Example:

   http://www.example.com/track.php?affid=123&url=…
   

4. Proxy pages. Proxy sites send people through to other websites and they can be abused by spammers:

   http://myproxy.example.com/?url…
   

5. Interstitial pages. Some websites show an interstitial page when users leave a website to let users know that the information found on the link is not under their control. These URLs usually look like this:

   http://www.example.com/redirect/http://www…

   http://www.example.com/out?http://www…

   http://www.example.com/cgi-bin/redirect.cgi?http://www…

How to find out if your website is abused

Even if you find none of the URLs above on your website, your site still may have open redirects. Do the following to check if your website is abused by spammers:

1. Make a site search on Google

   Go to Google.com and search for “site:yourdomain.com”. Replace yourdomain.com with your own domain name. If you see web pages that have nothing to do with your website then it’s likely that someone exploits a security hole on your website.

2. Check your web server logs for URL parameters like “=http:” or “=//”. If your redirection URLs get a lot of traffic, this could also be caused by spammers.
3. If you get user complaints about content or malware that you know cannot be found on your website then your website users might have seen your URL before they were redirected to the malware site.

What you can do to protect your website

It’s not easy to to make sure that your redirects aren’t exploited. The reason for that is that an open redirect is not a bug or a security flaw. There are some things that you can do to protect your website:

1. Check the referrer. Your redirect scripts should only work if they area accessed from another web page of your website. The redirect script should not work if the user accesses the script directly or from a search engine.
2. If possible, make sure that the script can only redirect to web pages and files that are on your own websites. You could use a whitelist of allowed destination domains.
3. Use the robots.txt file of your website to exclude search engines from the redirect scripts on your website. That will make your website less attractive for hackers.
4. Add a signature or a checksum to your redirect links so that only you can use the script.

Open redirect abuse is a big issue for Google right now. If you secure your scripts, spammers will move over to other websites and leave your website alone.

How long does it take to get top rankings on Google?

Many people who start a website think that it is possible to get high rankings on Google within a few days. Unfortunately, this is not possible. Competition on the Internet is fierce and there are several factors that influence how long it takes until Google lists your website.

1. How old is your website?

If you have a brand new website then you have to wait. You can submit your website to Google but Google will only index your website if other websites link to your site.

In addition, you have to prove that your website is not spammy. Google has several filters for new websites and you have to earn Google’s trust before your website can get lasting high rankings. A new website can get good rankings for less competitive keywords but it usually takes about 6 months to gain the minimum level of trust that is necessary to get high rankings.

2. How optimized was your website before?

If you have an old and established website that was blocking search engine robots due to a broken robots.txt file or a bad website navigation then it can be relatively easy to show up in search engines.

If you remove the factors that keep search engine robots from your web pages then search engines will list your website relatively quickly. Of course, this doesn’t work if you have a new site.

3. How many inbound links does your website have?

If you have an old website that has very few links then it will take longer to get high rankings on Google. If your website has many inbound links, then Google will pick up the optimized pages on your website much quicker. The more quality links your website has, the quicker your optimized web pages will show up in Google’s results.

4. Which keywords do you target?

This is a very important factor! The more competitive your keyword is, the longer you will have to wait to get high rankings and the more links and optimized pages you need. Start with multiple word keywords that are related to your business and then proceed to the more competitive keywords when your website has good content and inbound links.

5. Who are your competitors?

If the website that are ranked in the top 10 results for your keyword all have thousands of inbound links and more than thousand pages then it’s not likely that your website will be able to get in the top 10 results if it has 10 inbound links and 20 pages. You can either wait for along time until you get top 10 rankings for that keywords (i.e. when you have a similar amount of pages and inbound links) or you can start with other keywords.

How many days, weeks or months does it take exactly?

Provided that your website has good inbound links and optimized web pages, you can get high rankings on Google within a few months if you have a brand new site and choose a very specific keyword that consists of several words. Old and established sites usually need some weeks for such a keyword.

If you target industry keywords, which usually consist of two or more words, brand new sites usually need six months to a year to get high rankings. An established site might get the same result within 3 months.

Highly competitive one word keywords usually require thousands of good inbound links. A brand new website can need several years to get high rankings for such a competitive keyword and even established sites can sometimes need more than a year.

How to convince webmasters that they should link to your site

Suppose that you have a great website with great content. Your web pages are perfectly optimized for visitors and search engines and you have found many related websites that could link to your site.

How do you convince these websites that they should link to your website? Here are five tips that will help you to convince other webmasters.

1. Offer something in return

The easiest thing that you could offer is a link in return. However, not all webmasters want to exchange links.

There are many things that you could offer in exchange for a link. This could be a discount for your products, an ad on your website or even a simple hint.

If you find a broken link on a website, inform the webmaster about the link. Tell him that your own website might be a good replacement for the broken link (if it is).

2. Ask your current link partners

If another website already links to you then they might add another link to a different page on your website.

Getting a second link from existing link partners is much easier than getting new links because you don’t have to explain yourself anymore. The other webmaster already knows you and your site.

3. Make friends with people from your industry

Networking can help you to get links to your website. This works best with blogs that are related to your website.

Contact the blog owners and compliment on their sites. Do not ask for a link in your first contact. When you’ve a good relationship with the blog owner, you might inform him about a new product or a new article that you’ve written.

Chances are that you’ll get a link from the blog then. These links from related blogs have a great impact on the position of your website in Google’s search results.

4. Show that other webmasters already linked to your website

It’s easier for people to do something if they see that other people have done the same thing before. If many other websites link to your website, you could mention this in your link request.

If a well known website mentioned your site, that’s even better: “As you might have seen on NYTimes.com, we’ve published a new product. This might be interesting to the visitors of your website.”

5. Offer something that other people don’t have

This is the easiest way to get links. If you have a report with ground-breaking new information or something other that’s very interesting and only available on your website then it will be very easy to get links to the page that contains that information.