1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What kind of black hat method is this?

Discussion in 'Black Hat SEO' started by theblackhat, Jun 8, 2016.

Tags:
  1. theblackhat

    theblackhat Regular Member

    Joined:
    Feb 24, 2008
    Messages:
    256
    Likes Received:
    39
    I was searching for a random query in google and stumbled upon a url,

    Code:
    https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjM9N_PjpjNAhXDsY8KHadADygQFggcMAA&url=http%3A%2F%2Fwww.bikershighway.in%2F%3Fv%3Dfree-cosmetic-samples&usg=AFQjCNEDRKFHko8YIfCAP4BPy1AfmPJg5A&bvm=bv.124088155,d.c2I
    while the actual url just points to,
    Code:
    http://www.bikershighway.in/?v=free-cosmetic-samples&usg=AFQjCNEDRKFHko8YIfCAP4BPy1AfmPJg5A&bvm=bv.124088155,d.c2I
    the redirection happens only when clicked from the g search page. and when you try to load it directly, you see a different pae.

    Could someone pls explain what kind of method he is using?
     
  2. I know SEO

    I know SEO Marketplace Mod Moderator

    Joined:
    Nov 29, 2012
    Messages:
    16,534
    Likes Received:
    6,185
    This is google running it through a redirect script so they can collect data on the domain from what search terms people are using to visit this website and other data.

    If you right click on any SERP result in google and click copy url you will see this.
     
  3. theblackhat

    theblackhat Regular Member

    Joined:
    Feb 24, 2008
    Messages:
    256
    Likes Received:
    39
    i'm no expert in blackhat methods, but still it is obviously visible that the guy is using some kind of method there and its not by chance. He knows what he is doing. besides, why would google run through a redirect script..? nope, g never does that!
     
  4. Darnez123

    Darnez123 Registered Member

    Joined:
    Jun 6, 2016
    Messages:
    51
    Likes Received:
    11
    Gender:
    Male
    Could it perhaps be it is something that has to do with this? Link.
     
  5. I know SEO

    I know SEO Marketplace Mod Moderator

    Joined:
    Nov 29, 2012
    Messages:
    16,534
    Likes Received:
    6,185
    Where did you see the link?

    Of course they measure these things, they run it through the script to measure things like click through rates for each result. They monitor everything and this is how they probably collect the data.
     
  6. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,599
    Likes Received:
    34,732
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    It is either a Hacked site or the guy is using cloaking/doorway pages to send people to the different sites/pages.

    [​IMG]
     
  7. 0xxi3

    0xxi3 Jr. VIP Jr. VIP

    Joined:
    Mar 25, 2016
    Messages:
    238
    Likes Received:
    84
    Gender:
    Male
    Occupation:
    Collecting Government Benefits
    Location:
    SJW Kingdom
    It's not that. theblackhat is right, there is something strange going on.
    After inspecting HTTP request, I can say following.

    All GET requests to http://www.bikershighway.in/ (e.g. /?variable=value) go through /xmlrpc.php file.
    I'm unfortunately unfamiliar with XML-RPC, so I'm not sure what's exactly going on there. However, all incoming GET requests where header contains:
    Code:
    Referer: https://www.google.com/
    Will redirect you to some ching-chong webpage that will take you further to wholesale webpage whatever.

    TL;DR All users coming from google will get redirected to some third-party website.
     
    • Thanks Thanks x 1
  8. theblackhat

    theblackhat Regular Member

    Joined:
    Feb 24, 2008
    Messages:
    256
    Likes Received:
    39
    yep.. thats right.. i just inspected in fiddler and it seems there is redirection if the referrer is google. if you paste the url directly, nothing happens.
    also, this is the code after first redirection,
    Code:
    <script src="http://s11.cnzz.com/stat.php?id=1258110290&web_id=1258110290" language="JavaScript"></script>
    <script>window.location.href='http://www.9prom.info/google.php';</script>
    
    if you go through the first source, there is a lot of code and im not a coder. I am pretty sure i've seen this method in this forum but completely in a limbo now. definitely there are ppl here who knows whats happening. pls guys, shed some light here
     
  9. 0xxi3

    0xxi3 Jr. VIP Jr. VIP

    Joined:
    Mar 25, 2016
    Messages:
    238
    Likes Received:
    84
    Gender:
    Male
    Occupation:
    Collecting Government Benefits
    Location:
    SJW Kingdom
    I assume this website has been hacked.
    It makes very little sense for the owner of the website to do something like that.
     
  10. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,599
    Likes Received:
    34,732
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:

    I posted the answer above the guy is cloaking.

    http://lmgtfy.com/?q=seo+cloaking

    [​IMG]

    Check it with this: http://www.seotools.com/seo-cloaking-checker/
     
  11. whackhat

    whackhat Junior Member

    Joined:
    Jul 25, 2008
    Messages:
    117
    Likes Received:
    40
    I have seen this injected into a hacked magento store, it was a script that stole all referred SE traffic and redirected it out.
     
  12. disposableher0

    disposableher0 Newbie

    Joined:
    Sep 25, 2015
    Messages:
    16
    Likes Received:
    1
    Like Asif WILSON Khan said, he's either cloaking or someone has hacked htaccess to redirect google traffic to their shitty site
     
  13. mazilla

    mazilla Newbie

    Joined:
    Apr 22, 2016
    Messages:
    25
    Likes Received:
    4
    It's not a cloaking. Just hacked website ( through .htaccess file I think) with a doorway
     
  14. JakeSully

    JakeSully Junior Member

    Joined:
    Mar 30, 2016
    Messages:
    100
    Likes Received:
    9
    Location:
    PANDORA
    it seems like cloaking
     
  15. drogon

    drogon Elite Member Premium Member

    Joined:
    May 28, 2010
    Messages:
    2,340
    Likes Received:
    1,164
    302 Hijacking. Happened to me earlier this year.
     
  16. MikeyMikey13

    MikeyMikey13 Supreme Member

    Joined:
    May 25, 2014
    Messages:
    1,437
    Likes Received:
    398
    how did you secure your site to prevent this?