Professional Search Engine Optimization (Seo). Developer’s Guide to SEO

Ajax software Free javascripts
↑

Main Page

301 redirects to

http://too.much.spam/

, a search engine would interpret that the content at

http://

www.example.com

was moved to

http://too.much.spam/

, effectively giving credit to the latter site.

If you use such a redirection script in your site, there are three possible solutions to prevent 301 attacks:

Use a 302 redirect instead of 301

Use

robots.txt

to exclude

redirect.php

Use a database-driven solution, so that

http://www.example.com

redirects only known links

Any of these solutions will suffice. The last is usually unnecessary for most sites, but it’s mentioned here

because, theoretically, leaving a script like that can be used by a social engineer to assert that your site

advocates any other site to a non-sophisticated layman — phishing.

Using a 302 Redirect

As discussed in Chapter 4, 302 redirects do not transfer any link equity, and therefore have little value from

a spammer’s perspective. However, they may potentially have a use to “phishers,” as mentioned later.

<?php

$new_url = $_GET[“url“];

header(‘HTTP/1.1 302 Found’);

header(“Location: $new_url”);

Using robots.txt to Exclude redirect.php

This technique can be used in addition to using a 302 redirect. It, however, does not prevent “phishing,”

either. Read Chapter 5, if you haven’t already, for more details on the

robots.txt

file.

User-agent: *

Disallow: /redirect.php

Using a Database-Driven Solution

You could store the URL (either embedded in the script itself, or in a database), instead of embedding it

visibly in the URL:

<?php

// define URL lookup table

$lookup_table = array(

This practice can also be applied to humans, and, in that case, is called “phishing.”

The attacker tries to suggest, to human visitors and to search engines, that your

site (

http://www.example.com/

) is in some way is associated with

http://

too.much.spam/

. Popular, old web sites should be particularly careful, because

the potential benefits that can be achieved through phishing are significant.

An example involving a previous Google “phishing” vulnerability is cited here:

http://ha.ckers.org/blog/20060807/google-spam-redirects/

195

Chapter 8: Black Hat SEO

c08.qxd:c08 10:59 195

Ajax software Free javascripts
→