Spammers have found a new way to get high rankings on Google. The new trick involves hacked websites and the canonical tag. Is your website at risk? What can you do to avoid this?
What exactly has happened?
In an online forum, webmasters reported a new spam method. Hackers inserted the canonical tag on websites of other people:
"I came across a website with canonical tags setup on all of their pages and they were pointing to a spam site. I suspect someone hacked in and changed the canonical tags to siphon link juice.
Now that cross cross-domain canonical tags are supported I would not be surprised if this becomes more common. The canonical tag is a small line of code that is easy to overlook despite its large implications."
Google's Matt Cutts confirmed this in a Twitter tweet: "A recent spam trend is hacking websites to insert rel=canonical pointing to hacker's site. If U suspect hacking, check 4 it."
Why is this a problem?
The original purpose of the rel=canonical tag is to help website owners eliminate self-created duplicate content. The canonical tag tells search engine spiders the original source of a file.
For example, a search engine robot might visit the web page "www.example.com/page4.htm". If that page contains the tag href="http://www.originalpage.com/" rel="canonical" then search engines will show originalpage.com in the search results instead of example.com.
If hackers add the canonical tag to your web pages and point it to another website then your website content will help another website to get high rankings while your own website will lose all of its rankings.
How to check if your website is exploited
Open a page of your website in your browser and select "View HTML source" in your browser. If you can see a rel=canonical tag that points to an unknown domain in the head section of your page then your website has been hacked.
Unfortunately, hackers might have changed your web server so that it only shows the canonical tag to Google's indexing robot. In that case, you have to check how Google sees your web pages:
1. Download and install iBusinessPromoter (IBP).
2. Select "Tools > Search engine spider simulator"
3. Select Google's spider.
4. Check the HTML source in the spider simulator report for the canonical tag.
This works with the free demo version of iBusinessPromoter. You do not have to buy IBP to check your web pages with the spider simulator.
Google is aware of the problem. Unfortunately, it is very difficult to find out if a webmaster intentionally inserted a canonical tag to a website or if the tag was inserted by a hacker.
Other helpful sites you might find interesting below
Affordable SEO
Search Engine Placement
PPC Management
Precast Concrete Wall
Fresno Travel Agent
Fresno Delivery Service