Good positioning in search engines plays a vital role in the success of a web project, since, if a page appears in the first positions in the results list, it is very likely that Internet users will direct their steps towards it. Not in vain, optimization for search engines or SEO has been counted, for years, among the most relevant disciplines of web development. This consists, on the one hand, in finding and integrating the most suitable keywords for the project and, on the other, in optimally adjusting the page structure to the search engine evaluation principles. And that without forgetting another of the objectives, which is to increase the popularity of links (link popularity) by generating incoming links from other pages, the so-called backlinks.
If you have an optimized basic structure, it is normal to expect an increase in traffic, something very likely when the overall concept of the page is consistent. If, despite the optimization measures adopted, no growth is observed or even traffic is lost , this could be due to the lack of effect of these measures, but it could also be suspected that they have been the victim of so-called domain hijacking . of domains), which removes the page from the search engine’s index, hiding it from all potential visitors.
Definition Domain Hijacking
Domain hijacking defines the procedure by which a URL is replaced by a false one in the search engine’s index. This new domain, although it leads to the authentic page, does not do so directly, but by using a redirect. Since this domain hijacks the ranking of the original page, domain hijacking can lead to massive theft of visits.
What is domain hijacking?
Domain hijacking refers to a form of cybercrime that removes a page from the results list and replaces it with another . This second page links to the real page, but not by a direct link with the HTML <a> tag, but by a redirect . This example links to your-page.es from the page-that-links.es with a redirect :
DNProbe.com/redirect.php?target=www.YOUR-DOMAIN.comWhen the search engine comes across a link of this type, it interprets that both pages are identical, which has the consequence that it deletes one of them from the index , as if it were a duplicate.
To carry out this action, the browser is guided by the HTTP status codes of the redirects. Code 301 indicates a permanent redirection (Moved permanently) to the indicated domain, code 302 is used to indicate a temporary redirection (Found) and, while the first one is not problematic, with the second the situation is different, becoming the main reason that hijacking is possible . This type of temporary redirection, which does not involve any verification of the relationship between the two pages, suggests to the search engine crawler that the page to which it is linked only exists for a limited period of time and that the linked one is the real one, so thatthe false website becomes part of the search engine’s index , thus receiving the positioning of the true one.
Redirect 301 and 302: when and why are they used
Domain redirection is carried out for different reasons. A widespread practice consists of using the 301 code to permanently divert domains with typographical errors to the correct one, so that if you type googel.es instead of google.es in the browser’s search bar, the main page opens . of the seeker. It is also common to forward to the correct homepage address : When opening the Spanish Wikipedia homepage at es .wikipedia.org, a 301 redirect leads to the URL es.wikipedia.org/wiki/Wikipedia:Portada . Administrators also use permanent redirects when, after achange of domain , it is intended to direct visits to the new domain or correctly mark the contents of pages with a new web address.
In contrast, 302-type redirects have the primary function of presenting content on a different domain on a time-limited basis, for example, in the event of maintenance work. When a webmaster generates this manual redirect, it is usually with the intention that the content will reappear on the original page at some point. However, there are three temporary redirect scenarios that can lead to or even target domain hijacking:
- Inadvertent use of 302 redirection – It is possible for administrators to link to an external project via a temporary redirect without any malicious intent behind it. This could be a bug, because a permanent redirect should have been coded instead. The Apache server’s URL rewrite module, mod_rewrite , also creates 302 redirects by default.
- Dynamically Generated URLs – PHP is key in web development. Server-side scripts written with this popular programming language are a simple and practical way to create dynamic content for the web, but there are also PHP scripts that dynamically bind addresses in a URL, using the status code. 302. This type of script is used, above all, in directories for web addresses, but also in many content management systems.
- Hijacking with criminal intentions : Those malicious people, known as hijackers, are also familiar with the temporary forwarding code and make good use of it to boost the indexing of their own content, “hijacking” those pages that are better positioned. This action, neither sustainable in the long term nor, in fact, legal, is among the unpopular techniques of the so-called black hat SEO .
How you can protect your project from domain hijacking
When working on improving the positioning of a page, you soon realize how demanding this task is. The higher a website climbs to the top of the search engine, the more likely it is to be targeted by a hijacker. Unlike what happens, for example, in an attack determined by a vulnerability in the project, the operation of hijacking is closely linked to an elementary SEO discipline such as link building and, therefore, very difficult to prevent. with security software. Consequently, it is necessary to regularly analyze incoming links, both new and existing ones, to filter out conflicting domains.
To do this, there are a large number of online tools and services such as SEMrush , LinkResearchTools , SISTRIX or Google Search Console . The latter contains a URL stripping tool , which allows you to remove from the search index redirects to a web project that shouldn’t be there . Before doing so, it is advisable to contact the corresponding administrator to adjust the redirection, so that the links are not lost. For this purpose, the status code 307 (Temporary Redirect), available since HTTP 1.1, allows temporary redirects to be carried out without the risk of hijacking.
When the original page has already been removed from the index, then the best thing would be to contact the search engine provider once the harmful link has been removed and request a recovery of the previous ranking .