1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

302 Redirect Hijack replacing my website with theirs in Google SERP

Discussion in 'Cloaking and Content Generators' started by burnzrogo, May 22, 2016.

  1. burnzrogo

    burnzrogo Newbie

    Joined:
    Jan 12, 2010
    Messages:
    17
    Likes Received:
    5
    HI Guys,

    I need help. This is getting way out of hand and my websites have been replaced by a competitor and is using other sites putting hacked code that scraps my site and redirects in the Google Search results to his sites. It is really getting out of control and happening to more and more sites. All my rank is gone and replaced with the hacked sites. Seems like I am not the only one this is happening to it is also happening here: http://www.blackhatworld.com/seo/recovery-and-prevention-from-a-site-clone-302-redirect-highjack-type-attack.827091/

    It seems they are getting this service from Chinese and people sell these high PR sites to put the 302 redirect on. These are .gov .org and use a 302 redirect and it replaces all my rankings with the hacked sites. I have lost all of my traffic and don't know what to do. Please help anybody if they know how to fix this. Thank you.
     
  2. ladyboyboom69

    ladyboyboom69 Regular Member

    Joined:
    Feb 15, 2016
    Messages:
    309
    Likes Received:
    103
    Occupation:
    Tony Stark
    Location:
    Your closet
    Do you have access to your host? they probably added malicious code to your htaccess. You can also correct this in Google search console
     
  3. burnzrogo

    burnzrogo Newbie

    Joined:
    Jan 12, 2010
    Messages:
    17
    Likes Received:
    5
    This has nothing to do with my host. It has to do with other sites high PR sites being hacked and using a 302 redirect hack script taking my PR and replacing my site with theirs. Its a hack that has been going on for years and now has exploded. Its basically a Google bug and if anyone has experience with this happening to them please share on what they did. I was told to report this on Google groups and Google will take care of it but I want to know why they haven't fixed this. It is disgusting how Google is not fixing this hack. Anybody search for 302 redirect hack on Google search and you will know what I mean. ladyboyboom69 you need to educate yourself on this as you don't know what this is. Has nothing to do with my site it has to do with Google fixing this issue. They are hacking other sites and putting a 302 redirect code that scarps my site on the fly and replacing all my ranking with competitors. Anybody have experience with this and what to do?
     
  4. ChanzGrande

    ChanzGrande Elite Member

    Joined:
    Feb 16, 2008
    Messages:
    2,487
    Likes Received:
    1,179
    Occupation:
    Accountant
    Location:
    Northern Woods Counting Money
    Yes its true they are manipulating an ever present bug, and they have the capacity to easily move in and overtake niches relatively quickly utilizing this exploit due to the overall enormous size of their network. You appear to recognize the general severity of this situation, but the problem for G is that their entire model is built around what these folks re-create and simulate in their massive "blog farms."

    They have a virtual endless supply of domains, hosting accounts, various classes of IP addresses, various geologic server locations, and they simply change a couple lines of code in their algorithm, and poof - you're basically gone.

    In my opinion they haven't added malicious code to your site(but it is possible). There are some SQL injections and cross-site scripting vulnerabilities, and other things, but a large old school "blog farm" springs to mind as the most likely culprit here.

    Maybe someone else knows the specific exploit if they did somehow infect your site. Generally you should start with inoculation procedures like virus and malware scans. Your provider may even be able to suggest a good "scrub down" procedure.

    If you have a compromised theme(perhaps nulled), this is also often a culprit. You could try some general scan and repair operations on your database. But in the end you'll probably have to wait it out ... as they may be unlikely to rank there for a long time unless they regularly retarget the niche. Sometimes you can overcome them with a concerted and consistent content PLUS seo strategy. More often people ditch these niches. These pirates are deadly once they latch on to something.

    When people steal all your content this way one thing some webmasters do is bring it to the attention of G directly. Start to gather data like time-stamps on your published content ... watermark everything lightly with a text background (even the text of articles - just very lightly) ... Send everything you know about the situation to G, and try to out the PBN/(Blog Farm).

    Scary this still happens, but it always seems unavoidable.
     
  5. burnzrogo

    burnzrogo Newbie

    Joined:
    Jan 12, 2010
    Messages:
    17
    Likes Received:
    5
    This is not that type of bug. They are exploiting other sites not mine and scaping my content on the fly. It steals the PR and ranking of my site and replaces it with theirs. No matter what content I change, picture anything, it will take it on the fly when someone clicks on a search result in Google. It only works on Google search results if you put the exact link on a browser it doesn't redirect only works in Google search results. You guys really need to research this as many sites are being affected and everybody is getting confused on what this actually is. There is nothing we can do about this only Google can fix this. Good talking about this is here: https://productforums.google.com/forum/#!topic/webmasters/fYhFH7Lb110;context-place=topicsearchin/webmasters/authorid$3AAPn2wQdTbg11mrP4EYlLA09vpa8k4MBRH3SjzDousy_f_zemoqmzOi8s7ewO7mKkYZ94n3HmYsPz|sort:date|spell:false
     
    • Thanks Thanks x 1
  6. ChanzGrande

    ChanzGrande Elite Member

    Joined:
    Feb 16, 2008
    Messages:
    2,487
    Likes Received:
    1,179
    Occupation:
    Accountant
    Location:
    Northern Woods Counting Money
    That's a great reference. As this situation has literally been happening since the dawn of G, I suggest some of the things from a 2005 article:

    http://www.leetupload.com/database/Misc/Papers/Phlak/Web Hacking/google-302-page-hijack.htm

    Code:
    Precautions against being hijacked
    I have tracked this and related problems with the search engines literally for years. If there was something that you could easily do to fix it as a webmaster, I would have published it a long time ago. That said; the points listed below will most likely make your pages harder to hijack. I will and can not promise immunity, though, and I specifically don't want to spread false hopes by promising that these will help you once a hijack has already taken place. On the other hand, once hijacked you will lose nothing by trying them.
    [LIST]
    [*]Always redirect your "non-www" domain (example.com) to the www version (www.example.com) - or the other way round (I personally prefer non-www domains, but that's just because it appeals to my personal sense of convenience). The direction is not important. It is important that you do it with a 301 redirect and not a 302, as the 302 is the one leading to duplicate pages. If you use the Apache web server, the way to do this is to insert the following in your root ".htaccess" file:
    RewriteCond %{HTTP_HOST} !^www\.example\.com
    RewriteRule (.*) http://www.example.com/$1 [R=301,L]
    Or, for www-to-non-www redirection, use this syntax:
    RewriteCond %{HTTP_HOST} !^example\.com
    RewriteRule (.*) http://example.com/$1 [R=301,L]
    [*]Always use absolute internal linking on your web site (i.e. include your full domain name in links that are pointing from one page of your site to another page on your site)
    [*]Include a bit of always updated content on your pages (e.g. a timestamp, a random quote, a page counter, or whatever)
    [*]Use the <base href=""> meta tag on all your pages <--NOT SURE ABOUT THAT AT ALL!
    [*]Just like redirecting the non-www version of your domain to the www version, you can make all your pages "confirm their URL artificially" by inserting a 301 redirect from any URL to the exact same URL, and then serve a "200 OK" status code, as usual. This is not trivial, as it will easily throw your server into a loop.
    [/LIST]
    removal of all the script URLs from Google's index - i.e. request removal of all items listed in "robots.txt". Contrary to popular belief, including an URL that is already indexed in "robots.txt" does not remove it from Google's index. It only makes sure that Googlebot does not revisit it. You have to request it removed to get it removed.
    [LIST][*]If you discover that you are listed as having hijacked a page in Google, make the script in question return a 404 error and then request removal of the script URL from Google's index[/LIST]
    the RFC, but treat cross-domain 302 redirects just like a normal link.
    
    Meta redirects and other types of redirects should of course be treated the same way: Only according to RFC when it's within one domain - when it's across domains it must be treated like a simple link.
    
    Added: A Slashdot reader made me aware of this:
    
    RFC 2119 (Key words for use in RFCs to Indicate Requirement Levels) defines "SHOULD" as follows:
    
    3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course. So, if a search engine has a valid reason not to do as the RFC says it SHOULD, it will actually be conforming to the same RFC by not doing it. 
    No real solutions, but another old interpretation. Sorry my original response was less than pointed. Obviously this exploit has continued to evolve, so this really old article hopefully doesn't mislead anyone into thinking it's got definitively working solutions in it.

    It's going to be tough to recover from this perhaps. Sorry!

    I think it's possible some of the "infected" devices that have great metrics and are leveraged to perform these exploits were likely left on former open Amazon EC instances. Someone had a thread a while back on scanning those and recovering the associated accounts for nefarious purposes. Seems very much like the cross-site exploit described above with some added flair.
     
    Last edited: May 22, 2016
  7. drogon

    drogon Elite Member Premium Member

    Joined:
    May 28, 2010
    Messages:
    2,342
    Likes Received:
    1,167
    Last edited: May 22, 2016
  8. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    164
    Likes Received:
    80
    You say they scrap your content on the fly so what you can do is access their website a few time and check your access log:
    - If they always use the same IP block it
    - If they always use the same user-agent block it (only if it's a special User agent you don't want to end up blocking all Firefox or Chrome user)

    Now if they are using a lot of IPs and multiple user agents you could record the raw HTTP request and check if there is not a pattern you can identify and block.
    Last solution would be to to force a captcha verification for everyone who doesn't have Javascript enable (since they probably don't use something like an headless browser to scrap your website)
     
  9. burnzrogo

    burnzrogo Newbie

    Joined:
    Jan 12, 2010
    Messages:
    17
    Likes Received:
    5
    HI Guys,

    I have finally fixed this for many of my sites that were attacked using a 302 redirect google hijack. Clever way I figured out on how to fix this but I did. If anybody is having the same issue I did with a 302 redirect hijack please contact me. I can help you. Don't let your website fall victim to these scumbags taking your rankings in the search engines. Took me about 6 months to track and find this fix and it is working. Anybody needs help let me know. You can PM. Cheers. This 302 Redirect Hijack is a Google issue but you can defend this.
     
  10. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,765
    Likes Received:
    11,424
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    So Google is still susceptible to 302 attacks as well as 301 in the year 2016? I've seen this more and more in help threads on Reddit and elsewhere.
     
  11. jone232

    jone232 Newbie

    Joined:
    Jul 10, 2016
    Messages:
    2
    Likes Received:
    0
    Gender:
    Male
    Hello I need your help regarding this issue.
     
  12. niteshy

    niteshy Newbie

    Joined:
    Mar 1, 2016
    Messages:
    5
    Likes Received:
    0
    I need help. pls contact me.
     
  13. niteshy

    niteshy Newbie

    Joined:
    Mar 1, 2016
    Messages:
    5
    Likes Received:
    0
    Hi, I need your help. PLs contact me.