Search Engine Watch
SEO News

Go Back   Search Engine Watch Forums > Search Engines & Directories > MSN Search
FAQ Members List Calendar Forum Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
Old 11-09-2006   #1
AussieWebmaster
Forums Editor, SearchEngineWatch
 
AussieWebmaster's Avatar
 
Join Date: Jun 2004
Location: NYC
Posts: 8,154
AussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant future
Hack Your Competition Out of Organic Search

Seems there are some holes in the algo at Microsoft. Check out this little blog entry:
http://www.boogybonbon.com/2006/11/0...from-msn-live/
AussieWebmaster is offline   Reply With Quote
Old 11-09-2006   #2
Brian M
Member
 
Join Date: Oct 2005
Posts: 103
Brian M is just really niceBrian M is just really niceBrian M is just really niceBrian M is just really nice
Nice find - But it's not just MSN...

Hi AussieWebmaster,

Very nice find, but now that it's public, I guess we can talk about it. It's not limited to MSN (although it shows up more quickly there). All the search engines have this problem with duplicate content caused by query strings, and yes, you can hack your competition off the page one SERPs using this technique, but I wouldn't want to be caught doing this by the search engines...

I had to fix a site by putting out 404s for every query string so we could track incoming PPC traffic, rather than the using the 301 approach recommended in this blog. That site is safe from these kinds of attacks, but a 404 creates its own set of problems.

The 404 is done to keep the engines from indexing PPC codes in query strings from other sites, but it is causing havoc with MSN's automated verification in adCenter, since the web site is seen as "unavailable" each time it looks for the destination URL.

I just wish there was a query string that was off-limits to the robots, such as ?track=

This would make things a lot simpler for us webmasters...

Brian M
Brian M is offline   Reply With Quote
Old 11-10-2006   #3
AussieWebmaster
Forums Editor, SearchEngineWatch
 
AussieWebmaster's Avatar
 
Join Date: Jun 2004
Location: NYC
Posts: 8,154
AussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant future
The whole canonical issue is in play here and yes all engines are subject to this play in some form.
AussieWebmaster is offline   Reply With Quote
Old 11-11-2006   #4
tb1234
Member
 
Join Date: Jun 2006
Posts: 41
tb1234 is on a distinguished road
I can add some more issues to remember for site security for the thrats like this generating spam pages:

1. Always check on on you 777 folders.
2. Add robots with the extension you are allowing. Suppose your site is in php the block other extensions like .aspx, .phtml etc via robots.

Many other things are also in consideration (like, proper paging in site.) but it depends on your site's infrasturcture.

Mine site has same problem but the mastermind has uploaded misc script in my 777 folder. 20000 pages had been generated but now i am a bit out of it...
tb1234 is offline   Reply With Quote
Old 11-11-2006   #5
AussieWebmaster
Forums Editor, SearchEngineWatch
 
AussieWebmaster's Avatar
 
Join Date: Jun 2004
Location: NYC
Posts: 8,154
AussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant future
Quote:
Originally Posted by tb1234
I can add some more issues to remember for site security for the thrats like this generating spam pages:

1. Always check on on you 777 folders.
2. Add robots with the extension you are allowing. Suppose your site is in php the block other extensions like .aspx, .phtml etc via robots.

Many other things are also in consideration (like, proper paging in site.) but it depends on your site's infrasturcture.

Mine site has same problem but the mastermind has uploaded misc script in my 777 folder. 20000 pages had been generated but now i am a bit out of it...
Effective use of the robots.txt file is a smart move that everyone should follow.
AussieWebmaster is offline   Reply With Quote
Old 11-16-2006   #6
HealthQuotes
Member
 
Join Date: Jun 2004
Posts: 11
HealthQuotes is on a distinguished road
How to defend an ASP.NET application

Hi, this issue is a real eye opener.

My web site is an ASP.NET application, and in my code behind for my default.aspx page if the querystring items are not found then by default it displays the home page of my site.

After having read this article this default behavior scares me, does anyone have any ideas how I should handle this?

P.s. we are now completely gone from MSN Live, I've checked for bogus URLs but do not see any. I have a feeling its connected to our blog.
HealthQuotes is offline   Reply With Quote
Old 11-16-2006   #7
Brian M
Member
 
Join Date: Oct 2005
Posts: 103
Brian M is just really niceBrian M is just really niceBrian M is just really niceBrian M is just really nice
As long as it is a 301...

Hi HealthQuotes,

As long as your re-direct to the home page is done via a 301 in the code behind, you should be safe from these attacks. You can see that by entering any URL with a query string in a server header checker and then follow the path in the server headers.

As for the drop from MSN that you mention in another thread - this is an early warning that you may also soon drop in the other search engines, so you need to correct that quickly. A quick glance at your examples shows a lot of duplication that will eventually cause problems, and it may be that you've finally crossed over the limit.

Please read up on duplicate content, and PM me if you need more help.

Brian M
Brian M is offline   Reply With Quote
Old 11-16-2006   #8
AussieWebmaster
Forums Editor, SearchEngineWatch
 
AussieWebmaster's Avatar
 
Join Date: Jun 2004
Location: NYC
Posts: 8,154
AussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant futureAussieWebmaster has a brilliant future
There is a good overview on double content in one of the write ups of PubCon sessions.
Just do a search.
AussieWebmaster is offline   Reply With Quote
Old 11-16-2006   #9
HealthQuotes
Member
 
Join Date: Jun 2004
Posts: 11
HealthQuotes is on a distinguished road
Thanks for the input :)

Thanks for the input

Actually I don't use 301 redirects in my code behind, I have a Select statement, and I dynamically load user controls into a default.aspx page. This default.aspx page displays numerous "pages" via two querystring items (e.g. Page and Section variables), and loads the approriate user controls in the aspx page.

In the Else statement I just load the home.ascx user control, should I be using some sort of 301 redirect here?

As to the duplciate content, I've strived not to allow any ... I do not understand where you are seeing this Brian?

Here is a sample of my default.aspx page's code behind:

Case "BlueVisionExpressPlan"
Select Case Request("Page")
Case "Quote"
myBody = Page.LoadControl("BlueVisionExpressPlan/Quotes.ascx")
sPageTitle = "Express Plan Quotes"
Case "Home"
myBody = Page.LoadControl("BlueVisionExpressPlan/Home.ascx")
sPageTitle = "Express Plan from Blue Vision, Ontario Blue Cross"
Case "Else"
myBody = Page.LoadControl("BlueVisionExpressPlan/Home.ascx")
sPageTitle = "Express Plan from Blue Vision, Ontario Blue Cross"
End Select
HealthQuotes is offline   Reply With Quote
Old 11-17-2006   #10
Alchemweb
Newbie
 
Join Date: Aug 2004
Posts: 4
Alchemweb is on a distinguished road
TB1234 said

Quote:
Add robots with the extension you are allowing. Suppose your site is in php the block other extensions like .aspx, .phtml etc via robots.
Do you mean robots.txt?
How do you block file extensions?
Alchemweb is offline   Reply With Quote
Old 11-17-2006   #11
HealthQuotes
Member
 
Join Date: Jun 2004
Posts: 11
HealthQuotes is on a distinguished road
I don't know how the robots.txt file is associated with loading user controls into an ASP.NET default.aspx page?
HealthQuotes is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off