Beware Of Canonical Redirect Hacking

May 16, 2011 • 8:54 am | comments (3) by twitter Google+ | Filed Under Search & Web SEO Spam
 

Google SEO Canonical Tags HackingA year and a half ago Google began supporting the cross domain canonical tag and some people were concerned there would be ways to abuse the system. Well, even Google was concerned, which is why they waited ten months to introduce the cross domain version of the canonical tag.

I've haven't heard much of people complaining that their site was negatively impacted by the tag.

But now, it seems like hackers who focus on SEO hacking, have been recently targeting vulnerable sites and stealing (or hijacking) their traffic with this tag.

A WebmasterWorld thread has well-known moderator, goodroi, reporting he is seeing hackers exploit this tag now.

It isn't an issue with the canonical tag specifically, but rather hackers gaining access to a server and the site's code and basically redirecting the domain name to a third-party site. goodroi said:

I came across a website with canonical tags setup on all of their pages and they were pointing to a spam site. I suspect someone hacked in and changed the canonical tags to siphon link juice. Now that cross cross-domain canonical tags are supported I would not be surprised if this becomes more common.

The canonical tag is a small line of code that is easy to overlook despite its large implications.

It is so important to stay on top of your security patches and make sure your sites are hacker-free - if there is such a thing. The canonical tag is almost as strong and setting up a 301-redirect from a domain to a different domain. So be careful!

Forum discussion at WebmasterWorld.

Update: Matt Cutts of Google wrote a blog post just now on the topic, without referencing either the thread or this post directly, saying:

Another example where we might not go with your rel=canonical preference: if we think your website has been hacked and the hacker added a malicious rel=canonical. I recently tweeted about that case. On the “bright” side, if a hacker can control your website enough to insert a rel=canonical tag, they usually do far more malicious things like insert malware, hidden or malicious links/text, etc.

How would Google know if it is hacked? Well, they are pretty good at knowing that. But also, if the rel=canonical is not in the header, i.e. rather in the body - Google won't trust it. In fact, if you want the rel=canonical to work, Matt recommends you "make sure that the rel=canonical is the first or one of the first things in the HEAD section."

Got that?

Previous story: Google Panda Kick Online Forums?
 

Comments:

contentsynergy

05/23/2011 04:33 pm

I was recently involved in cleaning up several sites on a hacked server - and much to my surprise I found the canonical tag hacked in just this manner. It was a Joomla site, and the actual Joomla template had been modified by the hacker.    The only way I noticed it was that I had a FireFox plugin (SearchStatus) that I was experimenting with. It places a "C" icon in the location (right next to the RSS icon) and I'd never noticed it before. I clicked on it a was taken to the hacker's spam site. 

contentsynergy

05/23/2011 04:33 pm

I was recently involved in cleaning up several sites on a hacked server - and much to my surprise I found the canonical tag hacked in just this manner. It was a Joomla site, and the actual Joomla template had been modified by the hacker.    The only way I noticed it was that I had a FireFox plugin (SearchStatus) that I was experimenting with. It places a "C" icon in the location (right next to the RSS icon) and I'd never noticed it before. I clicked on it a was taken to the hacker's spam site. 

Guest

03/14/2013 03:17 am

So I'm pretty sure this has happened to my site....any tips on how to fix it??

blog comments powered by Disqus