Stop 302 Redirects Hijacking Web Page PR (Page Rank)
and Stop Scrapers from Using Your Content

This article was written to show innocent parties, who have experienced having their website or keyword rank hijacked with 302 Redirects, meta refresh redirects, no follow meta tags, other deceptive redirects and Scraper Directories using their content, and how to recognize when someone is hijacking your web page and how to stop it.

About 302 Redirects

302 redirects tell the search engine that the page's information has moved temporarily to the hijackers web site and that information now belongs to the hijacker. Scraper Directories "scrape" content off your site and put it on their site to steal your keyword rank.

Once a web page is hijacked with a malicious 302 redirect, or the content is scraped, the PR (page rank) of the victim site quickly drops in Google as Google wrongly attributes the victim's content to the hijacker/scraper website so the problem needs to be removed before it destroys the web site completely.

Some of these 302 redirects are merely tracking URLS and are not a deliberate attempt to hijack your web page so please read all of the following before taking action.

Update: As of mid April 2005 Google said it implemented changes in it's algorithm so it wouldn't attribute malicious 302 redirects to the wrong site anymore. However, it also removed the means to find them via a site command. This doesn't necessarily mean the 302 redirect problem is solved, only that we have to look elsewhere to find them.

Often what people think are problems from a 302 are usually just problems with their code either causing indexing problems or something they are doing has been recently outlawed by Google and is causing a Keyword Ranking Problem. For an indepth analysis of your website see the Website Evaluations page.

What Benefit is there in Hijacking or Scraping A Web Site?

The reason a hijacker installs 302 redirects, or another type of deceptive redirect, is for the purpose of stealing your traffic, your Keyword Rank and/or PR (page rank).

The 302 redirect hijacker gets the benefit of the PR and Keyword Rank that you have worked so hard for and thus you may not only loose what rank your website has gained in the search engine you may also be penalized for various reasons depending on the method being used by the hijacker.

A Scraper is a website that scrapes your whole website or just copies one page and puts them on their site because they are too lazy to write their own content. Google devalues copies so their website may be able to outranks your site for your own content. More info here: Stop Stolen Content

See more information on How to Find a Hijacker

How to Tell if your Website has been Hijacked or Scraped:

1. ID Redirects 2. Meta Refreshes 3. 302 Redirects 4. Frames 5. Your Title in Their Title 6. Bad Links = Split Domain

 Hijacking Example 1 with an ID Redirect

If the link includes another sites URL and then your domain on the end, with some code in between, then your site is being redirected. Sometimes they use an ID number such as ID=4125 instead of the url to your website and then their program will attribute that number to your URL so if you see ID in the url click on it and see what happens. It may move so fast you can't see it, in which case you need to check a server header checker (explained below).

Here is an example of one of these redirected URL's. The code before and after your URL will contain various forms of redirecting it (bogus urls are being used below with http removed so this page validates):

HijackersWebSiteURLgoeshere/id-codecausingRedirect goes here.?site=
www.YourWebSiteURLGoesHere.com

 Hijacking Example 2 with Meta Refresh

Sometimes the URL will look innocent but will go to the dishonest site and there will be code on that site that will redirect to your site with a Meta Refresh Tag (automatically redirecting the browser to your site). The Meta Refresh is a favorite of spammers so search engines may ban your site for using a meta refresh. To see if a site is using a Meta Refresh, view the code by clicking on view/source in your browser menu and see if there are any meta refresh tags in the code at the top of that page. Look for a meta redirect tag set for "0" seconds, that is redirecting to your site, similar to the following:

meta http-equiv="refresh" content="0"; url=http://www.YourOwnDomainNameHere

However there are ways of hiding a redirect so that the general viewer can't see it, as follows:

 Hijacking Example 3 with a Server Side 302 Redirect in .htaccess

A hijacker may also set up 302 Redirects in an .htaccess file telling the server to redirect to your site. 302 redirects tell the search engines their site, or page, has moved temporarily to your site and to credit the content of your site to their site and thus stealing your PR. Many directories used to 302 redirects on the links in their directory to track clicks, resulting in the same problem. However, most directories now use a search engine friendly 302 redirect so be sure to check all such links in a server header checker (see below).

You can't determine a 302 redirect by just viewing the URL, you need to copy the link into a server header checker. If the results show they are using 302 redirects then the directory may be stealing your page rank. If it shows a 200, then the page is probably OK (if this search produces an error make sure there are no breaks in the link).

One way to prevent unknowingly submitting to a site like this is to ALWAYS check out a directory's links with a server header checker before submitting your link to their site or it may cause your site irreparable harm instead of helping your page rank. See Directories to Avoid for more information.

See message #54 in the following Webmaster World's Discussion forum for a very clear discussion on how the search engines treat 302 redirects and why they harm your site in BEWARE: Your site is at risk from hijackers. For more info read Google's 302 Redirect Problem

 Hijacking Example 4 - Your Site Captured in a Frame

Another method that dishonest webmasters use to benefit their own site and provide no benefit to your own site is to copy your pages and then install code that draws your whole web page (including images and working links) into a frame so your whole web page is displayed on their site. This is dishonest because they are using your design and content and displaying it as their own without your permission.

The reason they do it is to provide content for their site because they are too lazy to write their own articles. Search engines can't see it and thus you'll probably never know it's there. This also steals traffic from your site because people often see what they wanted on the scraper's web site without even visiting your web site. You also get no benefit of the PR from that link because the link is inside a frame on their web site which most search engines can't read.

Following is a sample of this kind of url (http was removed and bogus URLs also removed so this page will validate):

HijackersWebSiteURLgoeshere/opensite.cfm?site=
www.YourWebSiteURLGoesHere.comandYourIDnumbergoes hereID=____, etc.

Here is a site that lists several different break out of frames scripts. Be sure and check to see if the one you choose works on all browsers. Following is the script I install on all pages I design (not mentioned in the above article) because it's the only one I've found that works on a Mac as well as a PC:

<script type="text/javascript">
if(top!= self) top.location.href = self.location.href
</script>

 Hijacking Example 5 - Scraper Directories putting your Business Name or Title and or URL in their Title

Often Scraper Directories (that you may have submitted to yourself) will take your web page (if it's ranking well in the search engines) and set up a separate web page, often called "more info" or "details" with your business name in their title and/or your URL in their title and also your most important text on your page that brings keyword rank to your site. If your site is new or has very little PR this will enable them to out rank your website for your own business name.

See How to find Scraper Directories for more info

See also How to Report a 302 Redirect or Scraper Directory

 Hijacking Example 6 - Bad Links causing a Split Domain

If you have submitted your site to search engines as www.YourDomain.com and somone links to your site with just YourDomain.com, i.e., without the WWW in front, Google will think you have two sites under the same domain and penalize your site with a duplicate content penalty. This is known as a Split Domain. It can take months to recover from this after the fact so best to prevent it by doing the following:

• Put a base href tag with the full address of that page, on every page on your site
• Set up a 301 redirect in your .htaccess file. so all traffic to YourOwnDomain.com will go to www.YourOwndomain.com or whichever one has the most PR.
• Change all relative URLS on your site to full URLS (include the full address on all internal links) EXCEPT for the home page (do not list index.html, just list the domain for all links to the home page or Google will think you have two home pages). See merging example.com and example.com/index.html

Hijackers are even starting to link to sites with a http/, i.e., they left out the colon and two slashes or with a www.domain.com . with a space on the end. The space will show up in your site: command search as www.domain.com%20. So check every link coming into your site carefully for other new techniques designed to put you out of business.

---

A 302 Redirect Could be a Google Bug

Some of the above examples have been the result of a Google bug and not necessarily deliberate attempts to hijack your site or your PR, because Google is following these redirects and attributing the resulting PR to the offending site and then penalizing your site for duplicate content.

A very good step-by-step explanation of what happens with one of these redirected URLs can be found in Webmaster World's discussion on this matter in the Your Site is at risk from Hijackers thread. See post # 157 on page 11 of this thread for a very good explanation of other steps to take not listed here..

Google Bug via shared IP Address or Shared Hosting

Some of these Google bugs are a result of 2 sites who are both on the same shared IP address, i.e., one site sets up a 302 redirecting a page on their site to another page on their site and your site is affected because it has the same IP address and Google thinks your site's content has moved to the other site. Sometimes Google will list the other sites Title in your title if it's on the same IP address. I haven't seen this occur for a few years so Google may have solved this bug. The best way to avoid this is by getting a dedicated IP address (usually only $1.00 more a month on a good host). Don't confuse this with a dedicated server which is hundreds of dollars more per month.

---

All of the above 302 hijacking examples have one result- stealing your traffic or PR and getting your web site penalized and dropping out of sight in Google which translates into lost traffic and income for your business. Until Google fixes this 302 redirect bug completely there are measures you can take to eliminate the problem:

If you would like your web site analyzed because it's been Hijacked or any other reason please check out the Website Evaluations page.

See also How to Report a 302 Redirect

Testimonies from those Having their PR Hijacked

I occasionally advise clients who have had their websites hijacked or content stolen and inform them what they can do about it. Following are some testimonies:

Lori,
Thanks to your information about web site "hijacking" we were able to determine that "hijacking" was the cause of a 7-month long problem we've had with our google rankings! Now we can take the appropriate measures to solve the problem!
Adam Berman Latin Love Search

Also see testimonies from those having their content stolen on Stop Stolen Content

Lori Eldridge
© November 17, 2004, last update 12-6-08
All rights Reserved

---

More Information on Website Hijacking

Other methods of hijacking websites

Spammers Hijack Web Site Listings in Google

Affiliate Commision Hijacking Alert

Dupe content checker - 302's - Page Jacking - Meta Refreshes
Webmaster World's Forum, Google News, discussing these hijackings.

Anti-Comment-Spam Tag Exploits. Set up Recip-checkers to look for rel=nofollow?

Lost in Google - No Title, No Description for your site as a result of 302 redirects, etc and what you can do about it.

Xencraft has a very good article on Preventing Web Site Hijacking.

Millions of Pages Google Hijacked via Open Directory feed