Weekly SEO news: 17 February 2009

Welcome to the latest issue of the Search Engine Facts newsletter.

This week, we're taking a look at a Google warning. Is your website abused through open redirects? Do spammers take advantage of your website?

In the news: Google, Yahoo and Microsoft announce support for a new link element, Yahoo seems to send less traffic through its ads, Google tests SearchWiki in its ads and more.

Table of contents:

Facts of the week
Search engine news and articles of the week
Success stories (this could be yours!)
Previous articles

We hope that you enjoy this newsletter and that it helps you to get more out of your website. Please pass this newsletter on to your friends.

Best regards,

1. Google warning: is your site abused through redirects?

Google recently wrote in one of its official blogs that it is possible for spammers to take advantage of your website without ever setting a virtual foot in your server. Spammers can do this by abusing open redirects.

What are open redirects?

Many websites use links that redirect their website visitors to another page. Some redirects are left open to any arbitrary destination. These redirects can be abused by spammers to trick web surfers and search engines into following links that seem to be pointing to your website although they redirect to a spammy website.

That means that people who think that they visit your website will be redirected to highly questionable web pages that might contain adult content, viruses, malware or phishing attempts.

Which redirects on your website could be abused?

Spammers are very inventive. According to Google, they have managed to use the redirect spam on a wide range of websites, including the websites of large well-known companies and the websites of small local government agencies.

For example, the following redirection types can be abused:

Scripts that redirect users to a file on the server can be abused by spammers. The links on your website could look like this:

http://www.example.com/download.php?url=http://www...
http:///www.example.com/get/pdf/?http://www...

Site search result pages with automatic redirect options. If the result pages of your internal site search feature contain an URL variable that sends your website visitors to other pages, spammers might be able to exploit them:

http://www.example.com/search?q=keyword&page=1&url=...

Affiliate tracking links. Affiliate tracking links often allow people to direct website visitors to other pages. Spammers might enter their own URLs in the tracking links. Example:

http://www.example.com/track.php?affid=123&url=...

Proxy pages. Proxy sites send people through to other websites and they can be abused by spammers:

http://myproxy.example.com/?url...

Interstitial pages. Some websites show an interstitial page when users leave a website to let users know that the information found on the link is not under their control. These URLs usually look like this:

http://www.example.com/redirect/http://www...
http://www.example.com/out?http://www...
http://www.example.com/cgi-bin/redirect.cgi?http://www...

How to find out if your website is abused

Even if you find none of the URLs above on your website, your site still may have open redirects. Do the following to check if your website is abused by spammers:

Make a site search on Google

Go to Google.com and search for "site:yourdomain.com". Replace yourdomain.com with your own domain name. If you see web pages that have nothing to do with your website then it's likely that someone exploits a security hole on your website.

Check your web server logs for URL parameters like "=http:" or "=//". If your redirection URLs get a lot of traffic, this could also be caused by spammers.

If you get user complaints about content or malware that you know cannot be found on your website then your website users might have seen your URL before they were redirected to the malware site.

What you can do to protect your website

It's not easy to to make sure that your redirects aren't exploited. The reason for that is that an open redirect is not a bug or a security flaw. There are some things that you can do to protect your website:

Check the referrer. Your redirect scripts should only work if they area accessed from another web page of your website. The redirect script should not work if the user accesses the script directly or from a search engine.

If possible, make sure that the script can only redirect to web pages and files that are on your own websites. You could use a whitelist of allowed destination domains.

Use the robots.txt file of your website to exclude search engines from the redirect scripts on your website. That will make your website less attractive for hackers.

Add a signature or a checksum to your redirect links so that only you can use the script.

Open redirect abuse is a big issue for Google right now. If you secure your scripts, spammers will move over to other websites and leave your website alone.

If you want to know how your website can be on the first result page on Google for keywords that really matter, take a look at this.

Back to table of contents - Visit Axandra.com

2. Search engine news and articles of the week

Google, Yahoo, and Microsoft announce support for a new link element

"Carpe diem on any duplicate content worries: we now support a format that allows you to publicly specify your preferred version of a URL.

If your site has identical or vastly similar content that's accessible through multiple URLs, this format provides you with more control over the URL returned in search results. It also helps to make sure that properties such as link popularity are consolidated to your preferred version."

Webmasters observe a drop in traffic from Yahoo's ad network

Many Yahoo advertisers reported in an online discussion forum that the traffic from Yahoo's Search Marketing Network has decreased. Some webmasters receive about 50% of the traffic that they normally receive from Yahoo.

The downfall of geo modifiers

"Geo targeting, browser location awareness, and other tools have helped searchers receive relevant results (mostly sponsored). Google has released a search update where it prompts the user for a city or zip whenever it detects a local search, then displays local results. This has increased overall local search traffic and increased Onebox traffic."

How Google decides to pull the plug

"Google recently set the blogosphere abuzz by announcing that it was pulling the plug on several products.

The victims included Lively, a virtual world that was Google’s answer to Second Life; Dodgeball [...], Catalog Search [...] and Notebook [...]. Google also said it would stop actively developing Jaiku, a microblogging service similar to Twitter."

Google testing searchwiki on AdWords

"Google seems to be testing part of SearchWiki, Google's way of promoting and removing results, to be spotted in the AdWords or sponsored ads section of the Google search results. Some people are noticing the X icon, which allows searchers to delete results from Google, in the sponsored listings."

Search engine newslets

"1234567890 Day" Google logo appears for brief time.
Google changes its policies for ringtone ads.
Suggesting sites to DMOZ: finding the correct category.
Yahoo Search service will have variety of commercial models.
Microsoft adCenter Desktop beta is now available.
An update on Yahoo's homepage testing.
Yahoo! gets partial victory in Akaushi keyword lawsuit.
Russia's biggest search engine Yandex launches Yandex Answers.

Back to table of contents - Visit Axandra.com

3. Success stories

"IBP helps me to keep conversion costs low."

"I have been using IBP Standard Edition since version 8. I use Google AdWords and Yahoo ads to find the keywords that generate the most impressions.

I then use IBP to optimize my landing page for these keywords. The goal is to get my landing page in the top 5 listing of organic results.

When IBP has helped me to get my website in the top 5 for a keyword, I stop using Google AdWords and Yahoo ads for this keyword.

Last month alone, I reduced my AdWords cost on Google by $3,500 with no measurable decrease in traffic to the target URLs and an increase in orders coming from the landing page.

Of course, I continue to refine the landing pages to improve conversion from the traffic. The key is to keep the conversion cost low. AdWords keeps it high, IBP helps me keep driving it lower.

I've tried other tools, but none perform for me and my campaigns as well as IBP."
Rob Goodwin, www.coldoneinc.com

Do you want to have top 10 rankings on Google?

High rankings on Google mean more website visitors, more customers and more sales. Watch the video for further information:

160,000 readers will see YOUR website

Let us know how IBP has helped you to improve your website and we might publish your success story with a link to your website in this newsletter. The more detailed your story is, the better.

Back to table of contents - Visit Axandra.com

4. Previous articles

Back to table of contents - Visit Axandra.com

Do you have a minute?

Please use the buttons at the bottom of this page to inform your friends about the information above.
You can use our articles on your own website. Details can be found here.
If you haven't done it yet, subscribe to our newsletter now. It's spam-free.

Do you have a minute?

Get our weekly newsletter for free:

Free content for your own website