Has Your Website Been Hacked by Search Engine Spammers?

Spammers have found a new way to get high rankings on Google.

The new trick involves hacked websites and the canonical tag. Is your website at risk? What can you do to avoid this?

What exactly has happened?

In an online forum, webmasters reported a new spam method. Hackers inserted the canonical tag on websites of other people:

“I came across a website with canonical tags setup on all of their pages and they were pointing to a spam site. I suspect someone hacked in and changed the canonical tags to siphon link juice.

Now that cross cross-domain canonical tags are supported I would not be surprised if this becomes more common. The canonical tag is a small line of code that is easy to overlook despite its large implications.”Google’s Matt Cutts confirmed this in a Twitter tweet: “A recent spam trend is hacking websites to insert rel=canonical pointing to hacker’s site. If U suspect hacking, check 4 it.”Why is this a problem?

The original purpose of the rel=canonical tag is to help website owners eliminate self-created duplicate content. The canonical tag tells search engine spiders the original source of a file.

For example, a search engine robot might visit the web page “www.example.com/page4.htm”. If that page contains the tag <link rel=”canonical” href=”http://www.originalpage.com/”&gt; then search engines will show originalpage.com in the search results instead of example.com.

If hackers add the canonical tag to your web pages and point it to another website then your website content will help another website to get high rankings while your own website will lose all of its rankings.

Matt Cutts: a rel=canonical corner case

“We take rel=canonical urls as a strong hint, but in some cases we won’t use them:

For example, if we think you’re shooting yourself in the foot by accident (pointing a rel=canonical toward a non-existent/404 page), we’d reserve the right not to use the destination url you specify with rel=canonical.

Another example where we might not go with your rel=canonical preference: if we think your website has been hacked and the hacker added a malicious rel=canonical.

On the ‘bright’ side, if a hacker can control your website enough to insert a rel=canonical tag, they usually do far more malicious things like insert malware, hidden or malicious links/text, etc. […]

Should Google trust rel=canonical if we see it in the body of the HTML? The answer is no, because some websites let people edit content or HTML on pages of the site.”

How to check if your website is exploited?

Open a page of your website in your browser and select “View HTML source” in your browser. If you can see a rel=canonical tag that points to an unknown domain in the head section of your page then your website has been hacked.

Unfortunately, hackers might have changed your web server so that it only shows the canonical tag to Google’s indexing robot. In that case, you have to check how Google sees your web pages:

  • Download and install iBusinessPromoter (IBP)
  • Select “Tools > Search engine spider simulator”
  • Select Google’s spider
  • Check the HTML source in the spider simulator report for the canonical tag

This works with the free demo version of iBusinessPromoter. You do not have to buy IBP to check your web pages with the spider simulator.

Google is aware of the problem. Unfortunately, it is very difficult to find out if a webmaster intentionally inserted a canonical tag to a website or if the tag was inserted by a hacker.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s