Spotting Google Hijacks and How to Handle Them


I would like to spot if anyone is trying to hijack my site through a redirect by running a script to look in referrer information, but my programmers tell me they have run experiments and there is nothing in referrer about the site performing the redirect. Referrer info only contains information about the previous site they clicked through from.

To compound this problem if the referrer is cloaking and directing only Google to my site, and sending human users elsewhere the only user coming via the redirect will be Googlebot. I don't know if Googlebot even gives referrer info.

Has anyone tried to write a tool to spot hijacks? Did you have success?

Added by Nick
See DaveN's post a little further down for some practical advice on stopping a Hijack before it starts.


The full story about Google and highjacks


Hard to say...

There is actually more than one way. Sometimes just a simple redirect script link will do the trick (will hijack the page it links to), and to take it further you can do all the stuff I mentioned above.

I don't think it has to be 100% duplicate but the closer it is to that, the more likely it is going to work.

Hi Jeff

There was nothing in those pages about 302. But if you are telling me for 100% that Google will not index the rogue page if it does not have dupplicate content on it I will bow to that :)

SEOMike - yes, I didn't understand. I would not want to risk cloaking on my good sites, so I have to live with that possibility.

Maybe you didn't understand...

Not all cloaks are redirects. Some are swaps and some are a combination of both. If you rank for code that only a search engine sees because you swap it a file that users don't see then you elimate the possibilty of EVER getting jacked. As long as you add the noarchive tag in the SE swap.

It is THE ONLY way to keep your site safe since anyone can easily spider a complete site down using blackwidow and then cloak it on a domain with better PR in less than an hour. Sad but true.

Am I telling you to cloak? Nope I'm just stating the fact that the only way to secure your copywritten material PERIOD is to go against a search engine's guidelines. They haven't been able to fix this problem and I'm sure they are begging for examples since it is a fairly new technique.

uh uh

They do the 302 as well (unless those were the wrong links, oh boy).

Scrape google's cache of target page, throw it on a site with better PR, cloak a 302 for google and serve your choice of pages to the user. Visit the google cache of the target page with your crawler and look for any changes, if there are... grab that version and start serving it, rinse, wash, repeat.

This is not the same thing is

This is not the same thing is it? There is no redirect involved there. Those pages just steal the position by having higher pagerank.

So you need a duplicate there

So you need a duplicate there for Google to index the rogue site?


Definitely Noarchive your site so that they would have to hit you to get the data to show google a duplicate with. If they can't just scrape G's cache and get rid of G's crap at the top, they'll have to come to your site and you'll have a better chance of catchin' 'em. But as DaveN said, it's not an easy thing to do after the fact (not easy before either).

Usually you have to keep hitting the G cache to make sure your copy is the same as the page you're hijacking.

Fantom gave us a solution long ago called spiderspy.txt

Damn spammers ruined it though by abusing the ability to cloak. Thats the only real way to safeguard your code. keep it between you and the spiders. So until they fix it cloaks all around! *comes back to reality*

Funny thing would be to cloak your content that gets you to rank then set up your visible stuff to crosslinks with bad neighborhoods and all sorts of spam boys. Then when someone jacks your ON PAGE content they start to trip all sorts of alarms and get what they deserve. ROFLMAO :) Of course I'm totally not being serious...

Page jacking is low I think those that do should do time for it. Too much time is invested in sites now a days for us not to throw the books at these jerks.


Not sure what you're driving at there?

Cloaking on my site won't make any difference to what the Search Engine sees via a redirect or if they visit my site directly. It's when the redirecting site cloaks and redirects not the SE but your visitors.... you got a big problem.

No worries

The real problem is google they should fix it not us !

Thanks Dave

That's a bit of a headache :)

But at least it can be done. Thanks for the tip.

Spotting a Google Hijacks and Handling


SlyOldDog : if the 302 is in

SlyOldDog : if the 302 is in place and cloaked ... you done mate sorry it really hard to catch ... but hey that would be fire fighhting

what you need is a script in place that checks the referrer before the hijack happens, most hijacks don't cloak until the Gbot has done it's bit, but maybe that will change now, lol..

you need a script that just grabs any referrer lets face facts most people test the link !! then server header check them ... build a data base of backlinks to your site .. people should always do this anyway and then spider the links weekly or daily if you like check to make sure that a) the link is still there and that the page header returns a vailid response..

you can to build a database of sites that link to you, if you use the linkdomain and &vd=m3 in yahoo you get t
he last 3 months worth ( well updated in the last three month anyway ) and do the same with Google

it's not easy to catch but if everything is in palce at least you will have the ammunation to fight back...


Not sure you can

Im not sure there is a way of doing it via a script though I do vaguely recall DaveN saying something about this...