I submitted a story to 2600 magazine in the summer of 2005 about a shady technique for getting pageviews called “Googlejacking”. The story was accepted, and I received a few issues of the mag, a shirt, and a bit of internet fame in the coming months.

For those of you who don’t have an IV needle in to the internet like I do, googlejacking is a technique using either a HTML 302 redirect or a META REFRESH to redirect from one page to another. When you performed the redirect from your site to a target site, YOUR REDIRECT LINK (for example, “http://www.iswapyou.com/redirect.php?www.cnn.com”) would be published by google, msn live search, Ask Jeeve’s, or any other search engines spiders instead of the destination link. If you find out that this is happening you can then steal all of the search engine traffic from your redirections destination (!), as described in the article.

Click here to view my original article on googlejacking.

To successfully exploit this bug on google specifically you usually but not always needed to have a high pagerank in the search keywords of the target article. However, if you do this repeatedly the redirects will help you build this up over time. For example: if you are linking through redirects to articles that will get a high pagerank in a set of keywords, your sites own pagerank will go up in those keywords.

Google has since closed the bug and no longer allows redirects in their listings, although the code in that article will still likely work for the smaller search engines i included in the exploit. To this day I am still awed by the power of – and in a way deathly afraid of – redirects.

Heres a shocking thought – lets take the search engines out of the equation entirely. Say you are a niche blogger, and comment on the posts of other bloggers in the same niche. You occasionally post links to other people’s articles in these comments to further the blog discussion, as I often do.

Let us further say you post these links through a redirect script, because hell, no one can tell the difference. One day you find out that a certain one of your redirect scripts to a certain article, linked in the blog comments you made on a certain day, is receiving a LOT of traffic. You certainly could steal this traffic, by simply changing the link in the 302 or META REFRESH part of your redirect script. Say you wanted to repost the same article on your site, with your own google adwords. Or say you wanted to now redirect the user to a similar article that you wrote on your site, instead of the original article you posted about. Really, too easy, though a bit evil for my taste…

This entry was posted on Tuesday, June 12th, 2007 at 12:06 pm and is filed under Code, HTML, Hacking, Nerdgasms, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.