Googlejacking? What's "Googlejacking"?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Summary: Googlejacking is a valid technique that programmers may use on their web pages, but unfortunately there are more devious ways of using it as well.

One of the both exciting and frustrating things about this industry is the rate at which new terminology appears. "Googlejacking" just showed up recently and refers to a technique to use someone else's content to appear as it if was on your site. The apparent intent is to achieve higher overall Google ranking for your own site and content, or to otherwise get more traffic.

Unfortunately, Googlejacking is also a side effect of a very valid technique many sites use to manage external links and to track visitors leaving their sites.

Sites like Ask Leo!

Yes, I am an inadvertent googlejacker.

•

First we need to define something called "redirection". Redirection is a technique where a web server can respond to a request for one URL by saying, in effect, "oh, you really want that URL over there". It's a technique used by the URL shortening services like http://clicktrustats.com or http://tinyurl.com. Using these services you can define a that a short URL, say:

http://tinyurl.com/3qtd6

actually take you to a different URL, like:

http://ask-leo.com/how_do_i_keep_my_computer_safe_on_the_internet.html

The short version being more convenient for email and less prone to wrapping.

This kind of service operates by redirecting the shorter URL to the longer one.

I use the same technique on Ask Leo!, but for a different reason. I have my own redirector and most any link that takes you away from Ask Leo! is run through the redirector. For example:

http://ask-leo.com/d-ms

will redirect to:

http://microsoft.com

I do this for several reasons:

The redirection is logged. That means when someone clicks on http://ask-leo.com/d-ms, it shows up in my web server logs. This allows me to measure what external links people are clicking on when they visit my site.
The redirection can be changed. While it's unlikely in this example, if I ever wanted http://ask-leo.com/d-ms to go to some other location, it's a single, simple change for me, and everywhere I've used that link will now go to the new location without my having had to change them all.
It's shorter. When writing a web page that's not as much of an issue, but like the tinyurl example above, it's still more convenient to write a shorter URL.

OK, so redirection is handy for a few reasons. Where does Googlejacking come in?

Googlejacking

A few months ago, if you looked for "LSASS" on Google, you would get the following hit on the first page of results:

Microsoft Security Bulletin MS04-011: Security Update for ...
... Vulnerability Details. LSASS Vulnerability - CAN-2003-0533: A ... system. Mitigating Factors for LSASS Vulnerability - CAN-2003-0533: ...
http://ask-leo.com/d-40508a - 101k - Feb 10, 2005 -

Examine that carefully.

The link, http://ask-leo.com/d-40508a, is a link I use in the article What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am? to link people to a Microsoft Security Bulletin which resides on the Microsoft site. If you click on that link, that's where you end up: Microsoft Security Bulletin MS04-011, on the Microsoft web site.

Google had decided that my redirection link (http://ask-leo.com/d-40508a) was the way to get to Microsoft's web page (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx).

That's Googlejacking. Getting your link to someone else's content to rank higher than the content's own URL.

My case is accidental, based on legitimate scenarios. But Googlejacking can also be used for nefarious reasons as well. For example a company could seek to Googlejack their competition's web pages in the hopes of reducing the competitions Google rankings and as a result, scoring higher themselves.

As a website owner or programmer who's using redirections, it's theorized that you can avoid inadvertent Googlejacking by using a 301 (Moved Permanently) instead of a 302 (Moved Temporarily) redirect. 302 seems to be the default in many cases, so if you've done nothing then you could be an inadvertent Googlejacker :-).

As a website owner who's being Googlejacked, you actually have very little recourse. You can try to contact the offending site or Google itself, but it's unclear what success you may have. The good news is that Google's continually improving their algorithms. For example, my example above no longer works - Microsoft's own page ranks highly, and my redirection link is nowhere to be found.

Related:

Kuro5hin - Google and the Mysterious Case of the 1969 Pagejackers
SearchEngineWatch Forums - Google looking for examples of Googlejacking?
Puget Sound Software - redir.pl, a free redirection CGI script.

Article C2279 - February 11, 2005

Recent Comments

5 Comments

Can someone tell me how do I know if godaddy.com uses 301, 302 or 200 for redirects?

How can I tell?

Thanks,
Fran

Posted by: Fran at August 14, 2005 10:35 AM

I use a tool called "Curl" (http://curl.haxx.se) - unfortunately it's fairly techie to get the right version and set up, but once you have it you can do something like this (in a command shell):

curl -I http://ask-leo.com/d-ms

which returns what's called the "header" information. In that case it'll show that that URL is a 301 redirect to http://microsoft.com.

Posted by: Leo at August 14, 2005 11:37 AM

It could also be used for even more nefarious purposes. A scripted page that checks the UserAgent can send bots to genuine content while everyone else
gets sent to a page with malicious content. For example: A googlejacked link for Katrina victims would show up on google as if it was the real deal because for any crawling bot
it would be, but everyone else would be sent to MaliciousSite.blah

Posted by: anon at September 15, 2005 8:35 AM

After my site http://www.smallshoes.org was Google Jacked I set up a site trying to get an idea of how many sites have been Google Jacked at http://www.googlejacking.org since I have not been able to find any stats on this.

R. Joe

Posted by: R. Joe at May 19, 2006 11:47 AM

Leo - I am very sorry I entered the wrong address for the site which was google jacked above. So it does not appear that I am trying to "stuff" your blog I will just say the offended site was a .net not a .org. I did forget to add that until my site was google jacked I had a #2 rank on the specific search terms for my niche site (which I built for my wife).

R. Joe

Posted by: R. Joe at May 19, 2006 11:53 AM

Post a comment on "Googlejacking? What's "Googlejacking"?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

I can't respond to every comment. And I can't vouch for the accuracy of others who do.
Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...