Google 302 Exploit Knocks Sites Out 410
clsc writes "The exploit: Redirect via 302 to another page of your choice, then watch as the URL of your redirect script replaces the URL of that carefully selected page in Google's search results. Once this happens, feel free to redirect any visitor that is not Googlebot to any other page of your choice. Also applies to other search engines as well (not Yahoo! though)."
Oracle Application Server (Score:4, Interesting)
Most of the redirects are innocuous, for example with an application whose context-root is
Since the product can't be changed, I'd probably change Google's behavior.
WTF (Score:2, Interesting)
How is this hijacking? How is this any different from me simply adding the text and title of the other page to my page? Sure, I can change the redirect later, or change it for anyone except for googlebot, but I can do that with the content just as easily (more easily, in fact).
Furthermore, I suspect google has at least a few bots which don't announce themselves as googlebots just to check for such discrepancies.
Re:yawn (Score:2, Interesting)
But then again, I'm just being pedantic.
This hijacking thing is becoming a real PITA, and his recommendations to the search engines at the end of the article are reasonable.
The fix i personally recommend is simple: treat cross-domain 302 redirects differently that same-domain 302 redirects. Specifically, treat same-domain 302 redirects exactly as per the RFC, but treat cross-domain 302 redirects just like a normal link.
Can I use this to knock out a fraudulent site? (Score:5, Interesting)
I hope Google et al don't support IDN (Score:3, Interesting)
Re:Fake Banks (Score:5, Interesting)
Not news.
Fun (Score:5, Interesting)
Wow. That's a fun exploit... I can't wait to go tell my boss why our site links to a pron site on google.
All kidding aside this could be a major problem for some of the more controversial websites. Akin to the Googlebombing [slashdot.org] that was just mentioned yesterday this could be the next major attack scheme on the net. Imagine a pro-life site subverting a pro-choice site, Neo-nazi's subverting a site intended for Jewish children, the US government subverting Al Jazera...
Not a whole lot of fun IMHO. I trust google to return what I search for, if this changes I and a whole lot of other nerds are going to be left wandering aimlessly around the net.
good news for the bombers.... (Score:2, Interesting)
This really is a big deal. (Score:5, Interesting)
Historically, good content meant good search engine placement. Now that this little trick is being more publicized, it just decreases the amount of time required for someone to hijack your entire site and remove it completely from the search engine results.
Duplicate content (Score:2, Interesting)
I've seen this effects of this first hand and it's a slightly nastier problem than people realise.
It's not uncommon for search engines to penalise sites for duplicate content, i.e. identical content on multiple domains. So with this problem all it takes is a couple of other sites to link to you, completely innocently with a 302, and *bang*, your site disappears down the listings.
Google Search Results Redirected to Ebay (Score:4, Interesting)
I've noticed that a lot of my google searches get redirected to an Ebay search page even though the displayed url in the search results is a non-ebay url. I checked the Google cached result and it was not the same as the re-directed page.
It's very annoying as I haven't been able to figure out what is going on. The same Ebay search results show up under dozens of urls in the Google search results
Re:yawn (Score:1, Interesting)
I don't get it (Score:3, Interesting)
Nothing new? (Score:2, Interesting)
http://www.tonyspencer.com/mt/archives/2004/12/
This has clearly been documented before. I'm surprised it has not been fixed after all this time. The slashdot post and the clsc.net page gave me the impression this was something new.
Re:yawn (Score:2, Interesting)
Quote: [Fundamentalist religions] do put conditions on sex,...
This has to be the understatement of the month. Sex is what people very much want to do. Religions usually restrict their members to have sex with only one person ever, of the opposite sex, and only for reproduction. These are very severe restrictions that people only put up with because religions hold their eternal soul hostage, i.e. you don't do as we say, you go to hell. Most religions are guilty of this abuse, and I do not like them better for it (to put it mildly).
Quote: ...but it's up to the individual to follow them
If you do not mind being excommunicated/told you'll go to hell/publicly called a whore/stoned to death. Surely, religion has no adverse effect on people who do not obey.
chl