LWD logoLori's Web DesignLWD logo

How to Find a Hijacker using 302 Redirects


Has your rank dropped suddenly in Google? If you have ruled out penalties via Google's Penguin or Panda Updates or an algorithm change it could be because someone (usualy a competitor) has hijacked your website or one of your pages with redirect code and stolen your Page Rank (PR) and keyword rank.

A 302 redirect tells the search engine the content on your site has been moved temporarily to the hijacker's site. If it's a 301 redirect then it's telling the search engine your content has moved to the hijacker's site permanently which is even more malicious. Your PR and your Keyword Rank will start dropping from the time they put up the link for any of your major keywords on the page they have linked to.

To see if there are any hijackers stealing your rank with 302 redirects use the following steps:

Search Google for Sites with your Domain in their URL

Enter this command in Google search:
inurl: YourDomain.com -site:YourDomain.com (insert your own domain)

This will bring up a list of websites that have your domain in their URL and eliminate pages from your own site. Just having your domain in their URL is not evidence of a hijacking. It could be a legitimate link to your site.

Go to the end of the results in Google and click on the "Repeat the Results" link because Google doesn't list all the links in the first pass.

Click on every link. If it automatically goes to your site and not the site listed then it has some kind of redirect on the link. It could be a 302 redirect, a meta tag redirect, a JavaScript Redirect or it may have captured your site in a frame (there will be a small header above your site with the other sites info in the header). If you find a javascript redirect on a site you submitted yourself, is a useless link as search engines cannot read Javascript. If you submitted to that site they have just ripped you off.

Verify it is indeed a 302 redirect

Check every link with a Server Header Checker looking for 302 Redirects

Copy the top link in each entry in the inurl search that goes automatically to your website and enter in a server header checker . Be sure the http is included or the program won't work right.

If the HTTP result for the link from the hijacker's site is a 200 then it's just a normal link and you can ignore it (unless it took you to your site automatically then it may have a JavsScript redirect on the link or a meta refresh redirect). It may also have captured your site in a frame however, and if so this may show up in the url, so check all 200 links visually for the word "frame".. If you click on the link in the inurl search you will see your page underneath the header of the other site. Install a Pop Out of Frames Script to stop this one.

If the HTTP result is a 302 redirect for the hijacker's site there should also be a 200 for your own site listed below. This usually means you have been hijacked (barring other reasons for a 302).

Google doesn't always list all links from malicious hijackers so go one step further to see if the hijacker has more 302 redirects pointing at your site. Enter the following in Google (insert the correct domains without the .com on the last one):

site:HijackersDomain.com YourDomain

If the HTTP header shows a 404 it means that page no longer exists on your site or they removed the link already but Google still has it in their index.

Sometimes there will be a series of 302 redirects (moved temporarily) and 301 redirects (moved permanently) for sites that are being redirected to new owners but if there is a 302 redirect on the end pointing at your site it is still being hijacked.

NOTE: There are some 302s that are not actually hijacks. These are usually evidenced by SessionIDs being displayed in the results and are actually designed to track traffic. Most sites have found another method to track traffic because of being confused with malicious 302 redirects. You can tell which is which by clicking on the link. If it does not automatically go to your site it's probably just tracking traffic.

You can also find these links in a good site meter that provides referral links.

If you unknowingly submitted to this site yourself check your records for a more acccurate date as to when the link went online on the hijacker's site as it will help if you have an approximate date this happened in your report.

How to Stop a Hijacker's 302 Redirect

If you are taken to your own site when you click on the link in the inrul command in Google and you also find a "302 found" in the server header checker then copy the results into a new text document so you can report this to Google spam report and if they are using Google AdSense you can report them to Google AdSense Violations. Read Google's AdSense violations rules first to let Google know which rules have been broken. Also search Yahoo and see if their site comes up and if so report them to Yahoo's Spam Report. Also report them to the Hijacker's Host. There are instructions How to report a hijacker here.

See more information on other kinds of 302 redirects that can harm your website.


Google


Lori Eldridge
Copyright © 4-7-06 - Updated 8-4-13
Lori's Web Design
All Rights Reserved

Twitter     Google+     Facebook     linked in