Sorry this site requires JavaScript to be enabled in your browser. See the following guide on How to enable JavaScript in Internet Explorer, Netscape, Firefox and Safari. Alternatively you may be blocking JavaScript with an advert-related or developer plugin. Please check your browser plugins.

In what appears to be a reversion back to the way Google originally handled 302 redirects a few years ago, it looks as if now it has again become possible to hijack websites in the serps.
Comments9 Comments  

Comments

Avatar
from tomcritchlow 2177 Days ago #
Votes: 0

Does anyone have any more concrete proof of this? I’ve seen some werid things going on with 302s recently too...

Avatar
from mvandemar 2177 Days ago #
Votes: 2

Tom, do you mean more evidence of them showing the source url and the target content? That’s easy to find. Or do you mean more evidence of actual hijacked urls?Unfortunately when I tried digging up more examples, Google kept hitting me with the whole "We’re sorry... but your query looks similar to automated requests from a computer virus or spyware application." bull, just because I was using the "inurl:" command. They really need to fix that, but from what I can tell it’s just something they don’t really care all that much about.

Avatar
from iBrian 2176 Days ago #
Votes: 0

I thought we saw this happening again in June?

Avatar
from MattCutts 2175 Days ago #
Votes: 0

Tried to leave a comment but PuzzCAPTCHA ate it. Our heuristics almost always go with the destination url, but we do leave some rare cases to show the source url (as does Yahoo). I think I know why this was a corner case, but I reported it to the relevant people at Google anyway.

Avatar
from mvandemar 2175 Days ago #
Votes: 0

Matt, thanks. I know you had said before that the cases would be something like less than half of a percent, and up until a few days ago I almost never saw cases of this. What I saw though wasn’t a rare instance, which is why I blogged it. Just scroll through these serps to see what I mean:[inurl:wp-admin intitle:login]As to PuzzCAPTCHA eating your comment, sorry about that. I tracked it down to what I think is a bug in Chrome, and came up with a workaround (Thanks JohnMu and neyne for helping me test!). It works fine now, and I put in a bug report here. It’s working in Chrome now, and while I was at it fixed an issue it was having with Opera as well.

Avatar
from indyank 2174 Days ago #
Votes: 0

Matt take your own time but fix this forever :)the problem is widespread and not a rare one...there are many many examples out there....why is it that you prefer the source url even for rarities?atleast if the 302 is across domains, google should prefer the destination i suppose...

Avatar
from indyank 2174 Days ago #
Votes: 0

and mvandemar...getting your login or admin pages spidered is dangerous...fix it right away...

Avatar
from mvandemar 2174 Days ago #
Votes: 0

and mvandemar...getting your login or admin pages spidered is dangerous...fix it right away...There is no danger at all in having Google spider your login page, that’s usually open to the public, and my admin pages aren’t spidered... it’s the admin url, but it’s still just the login page they are showing the content of. That was the point actually. :)

Avatar
from indyank 2173 Days ago #
Votes: 0

I can understand that it is now serving as a good example for this issue...but what i actually meant is it looks like an open invite to someone who stumbles on it via a search engine...forget the wastage of PR juice from an SEO perspective...

Upcoming Conferences

Search Marketing ExpoSearch Engine Land produces SMX, the Search Marketing Expo conference series. SMX events deliver the most comprehensive educational and networking experiences - whether you're just starting in search marketing or you're a seasoned expert.



Join us at an upcoming SMX event: