Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Googlejacking? What's "Googlejacking"?

Googlejacking? What’s “Googlejacking”?

One of the both exciting and frustrating things about this industry is the
rate at which new terminology appears. “Googlejacking” just showed up recently
and refers to a technique to use someone else’s content to appear as it if was
on your site. The apparent intent is to achieve higher overall Google ranking
for your own site and content, or to otherwise get more traffic.

Unfortunately, Googlejacking is also a side effect of a very valid technique
many sites use to manage external links and to track visitors leaving their
sites.

Sites like Ask Leo!

Yes, I am an inadvertent googlejacker.

Become a Patron of Ask Leo! and go ad-free!

First we need to define something called “redirection”. Redirection is a
technique where a web server can respond to a request for one URL by saying, in
effect, “oh, you really want that URL over there”. It’s a technique used by the
URL shortening services like http://clicktrustats.com or http://tinyurl.com.
Using these services you can define a that a short URL, say:

http://tinyurl.com/3qtd6

actually take you to a different URL, like:

http://ask-leo.com/how_do_i_keep_my_computer_safe_on_the_internet.html

The short version being more convenient for email and less prone to
wrapping.

This kind of service operates by redirecting the shorter URL to the
longer one.

I use the same technique on Ask Leo!, but
for a different reason. I have my own redirector and most any link that takes
you away from Ask Leo! is run through the
redirector. For example:

http://ask-leo.com/d-ms

will redirect to:

http://microsoft.com

I do this for several reasons:

  • The redirection is logged. That means when someone clicks on http://ask-leo.com/d-ms, it shows up in my web server logs.
    This allows me to measure what external links people are clicking on when they
    visit my site.

  • The redirection can be changed. While it’s unlikely in this example, if I
    ever wanted http://ask-leo.com/d-ms to go
    to some other location, it’s a single, simple change for me, and everywhere
    I’ve used that link will now go to the new location without my having had to
    change them all.

  • It’s shorter. When writing a web page that’s not as much of an issue, but
    like the tinyurl example above, it’s still more convenient to write a shorter
    URL.

OK, so redirection is handy for a few reasons. Where does Googlejacking come
in?

Googlejacking

A few months ago, if you looked for “LSASS” on Google, you would get the
following hit on the first page of results:

Microsoft
Security Bulletin MS04-011: Security Update for …

Vulnerability Details. LSASS Vulnerability – CAN-2003-0533: A … system.
Mitigating Factors for LSASS Vulnerability – CAN-2003-0533: …
http://ask-leo.com/d-40508a – 101k – Feb 10, 2005

Examine that carefully.

The link, http://ask-leo.com/d-40508a, is a link I use in the article

What are “LSASS”, “LSASS.EXE” and “Sasser” and how do I know if I’m infected?
What do I do if I am?
to link people to a Microsoft Security Bulletin which
resides on the Microsoft site. If you click on that link, that’s where you end
up: Microsoft Security Bulletin MS04-011, on the Microsoft web site.

Google had decided that my redirection link (http://ask-leo.com/d-40508a) was the way to get to
Microsoft’s web page (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx).

That’s Googlejacking. Getting your link to someone else’s content
to rank higher than the content’s own URL.

My case is accidental, based on legitimate scenarios. But Googlejacking can
also be used for nefarious reasons as well. For example a company could seek to
Googlejack their competition’s web pages in the hopes of reducing the
competitions Google rankings and as a result, scoring higher themselves.

As a website owner or programmer who’s using redirections, it’s theorized
that you can avoid inadvertent Googlejacking by using a 301 (Moved Permanently)
instead of a 302 (Moved Temporarily) redirect. 302 seems to be the default in
many cases, so if you’ve done nothing then you could be an inadvertent
Googlejacker :-).

As a website owner who’s being Googlejacked, you actually have very little
recourse. You can try to contact the offending site or Google itself, but it’s
unclear what success you may have. The good news is that Google’s continually
improving their algorithms. For example, my example above no longer works –
Microsoft’s own page ranks highly, and my redirection link is nowhere to be
found.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

5 comments on “Googlejacking? What's "Googlejacking"?”

  1. It could also be used for even more nefarious purposes. A scripted page that checks the UserAgent can send bots to genuine content while everyone else
    gets sent to a page with malicious content. For example: A googlejacked link for Katrina victims would show up on google as if it was the real deal because for any crawling bot
    it would be, but everyone else would be sent to MaliciousSite.blah

    Reply
  2. Leo – I am very sorry I entered the wrong address for the site which was google jacked above. So it does not appear that I am trying to “stuff” your blog I will just say the offended site was a .net not a .org. I did forget to add that until my site was google jacked I had a #2 rank on the specific search terms for my niche site (which I built for my wife).

    R. Joe

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.