Posts RSS Comments RSS 16 Posts and 4 Comments till now

Stopping Page Rank Hijacking

,

Today, I received an email from a marketing agency enquiring about advertising opportunities on my website. The confusing thing was that the website domain mentioned in the email isn’t owned by me!

On further investigation (by typing the “mystery” url into a browser) and to my utter amazement, up comes my own website content! It appears that some idiot has set their domain DNS records to point to my website! The “mystery” domain in question sounds very asian smut orientated. Here is what I found by digging further:-

  • The “mystery” domain has only been registered recently.
  • It has already acquired the same Google Page Ranking (PR) as my own website with a 7 year old domain name!


I believe that I have uncovered a worrying (perhaps new?) exploit in black-hat Search Engine Optimisation (SEO)! It seems entirely possible to quickly gain good page ranking simply my pointing the DNS of your newly purchased domain to a well established website that already has a good PR. When the PR gets to where you want, simply change the DNSback to your own web host and voilĂ :- Instant Good Page Ranking!

This is great if you are the owner of the new domain as you get to avoid the time and effort associated with building a website, reputation and links. Unfortunately, it’s the legitimate site owner that suffers as they get penalised in search engines for duplicate content. As the legitimate site owner, your position in search engines can be adversely affected through no fault of your own.

After the initial shock of having all my sites content effectively duplicated on at least one other site, it was time to decide how to deal with the problem. Many options came to mind (including redirecting requests from the “mystery” domain to the dodgiest porno sites that I could find!). However, I came up with a very elegant solution as follows:

  • Detect the HTTP Host from the request.
  • If the HTTP host doesn’t match the legitimate value (e.g. www.my-legitimate-site.com), do a permanent [HTTP response code 301] redirect to my site.

This works great in that it not only redirects traffic to the correct domain name (i.e. mine!) but it also notifies search engines to revise pages already indexed under the “mystery” domain to point back to your own site! Hence, you get double payback:-

  • Your own (legitimate) site re-gains some of its lost position in search engines.
  • The “mystery” domain owner finds that their ploy to gain PR quickly has backfired! All their PR advantage should be re-set to zero:)

Here is the .htaccess (Using Helicon ISAPI ReWrite) to accomplish this:

RewriteCond %{HTTPS} (on)?
RewriteCond %{HTTP:Host} ^(?!w{3}?.my-legitimate-domain.com)(.*)$ [NC]
RewriteCond %{REQUEST_URI} (.+)
RewriteRule .* http(?%1s)://www.my-legitimate-domain.com%3 [R=301]

On a final note, I would recommend,if possible, implementing host headers on all websites as this protects against this kind of attack in the first place.

Share This

Rowland :: Dec.19.2007 :: Development, Software and Internet :: No Comments »

Trackback this post | Feed on Comments to this post

Leave a Reply

You must be logged in to post a comment.

Close
E-mail It