With the full release of MSN Live last month many new flaws have been found in MSN’s new ranking algorithm. If you have been a long time reader of my blog you probably remember when I recommend using BlogSpot to spam MSN, and then just weeks later I showed you how one could take out the top 9 spots on MSN for just about any keyword.
Today I’m going to show you something even more vicious then I have ever written about!
In this post I’m going to be revealing a flaw in MSN’s new anti-spam algorithm that will remove just about any website out of their index, as well as how to combat this attack, at least until MSN fix’s it’s algorithm.
Before I get started you will need to familiarize yourself with a couple tools, and header responses codes that are common with how websites respond to request.
One of the tools you will need to use to check if a website is vulnerable to your attack is a HTTP Status Codes Checker. At this point you need to have a understanding of what type of header responses websites are capable of returning and what are the meaning of them.
The 4 types of response codes that you will want to keep an eye out for are 200, 404, 302, and 301 as they will quickly tell you how the website responded to the request. For our attack to work, you will want to find websites that return the 200 OK response after you have done your attack.
The 200 response for newbie’s mean that the website was able to process your request and successfully return the content that you have requested.
One of the big things that all SEO professionals know is that you should never have dupe content. Otherwise your website will be hit with a large ranking penalty or will be removed completely from the search engine’s index.
For this attack to work you have to somehow get your competition to make a bunch of duplicate pages on their domain… Good luck right?
It’s really not that hard, you don’t even have to ask them to dupe all their pages as you can do it for them!
All search engines see any URL on a site as a unique URL. Matter of fact they also see any GET URL as a unique URL (ie somedomain.com/index.html?test=test).
This is where we can take advantage of MSN’s crappy algo, and remove our competitors or at minimum hurt their ranking!
Go to your competitors website, then up in your address bar add an extra little bit to the URL. Something like ?test=12334, or ?remove=bye-bye. It can be anything you want it to be as long as it’s a _GET URL that the search engines can read and is unique each time.
If all goes well, your competitor’s website will show the same page that you had seen before you had put in the extra info in the URL. Once that has happen grab the new URL and take it to your favorite header checker and see if the website returns a 200 OK status, if it does keep that URL for later.
If you competitors website does return a status 200 when you add a GET vars to the end of their domain name, all you have to do is keep changing the string that you posted to your competitors website and keep them in a text file for later.
Once you have made a couple hundred new URL’s on your competitor’s website on the index or on every page of the domain you will then need to add all the new URL’s to a website where MSN will be able to find them and index them.
Once MSN has managed to find the new URL’s it will start to index the site’s content. Unfortunately for your competitor; MSN’s anti-spam algo is so bad that its does not have the brains to just not count the new URL’s because of dupe content, but instead just removes the page or entire website from it’s index.
Does this work? Hell yeah, because I just finished cleaning up after some ass-hat that did it to me and got my entire website removed from MSN Live!
Now for the good part; how to fix it!
If this has been done to you, I pray that you have PHP pages, because otherwise you’re going to have to convert your entire HTML based website to PHP because it is the only way I have found to write my own MSN patch for such an attack.
In all your headers of the pages that have been attacked you will need to add the following code as well as change the part with yourdomain.com to be the page all users should be at.
if($_GET) {
ignore_user_abort(true);
header (”Pragma: no-cache”);
header(”Cache-Control: no-store, no-cache, must-revalidate”);
header(”HTTP/1.1 301 Moved Permanently”);
header(”Location: http://www.yourdomain.com/ “);
header(”Connection: close”);
exit;
}
?>
The above code tells the search engines that the fake GET post URL has moved to a new location, and because of this MSN will remove the content from their index as you have told them the new location of the page and they removed the old page(s) because of that.
Closing thoughts
This type of hack is very bad for our industry and I hope MSN will take quick steps to fix this ASAP, because I know many people will quickly go out and start removing their competition with this hack as soon as they can.
If you want to know why I posted it, read the above!
If you don’t have PHP pages, you can fix it in your htaccess (or ISAPI rewrite) I haven’t checked it, but it would look something like this, yea?
RewriteCond %{REQUEST_URI} nukedfile.php
RewriteCond %{QUERY_STRING} ^[a-zA-Z]+$
RewriteCond ^(.*)$ http://www.boogybonbon.com [R=301,L]
Someone correct that please.
[ Edited by Levi; I changed the domain so the url would not point at a junk site. So remember to change boogybonbon.com in the above url to your domain ;p ]
You can also add this to your htaccess file, or your httpd file(I think thats the name of the file).
AddType application/x-httpd-php .html
The above tells apache to run all .html as php, so you can plug php into the html and have fun. ;p
Levi
Any suggestions for a fix for a .cfm site?
90% sure this attack happened on 2 of my sites. I found plenty of duplicate content out there when I searched the first line of my web pages in quotes too.
Seems the scraper sites have taken it to a new level.
This hack is more about your own site making dupe content. The best way to check that with MSN is to use the site command and start going down all the pages. If you start finding urls on your domain that is not their then you will need to try to find a fix if you get a 200 status.
MSN has wrote me Friday and I responded to them Monday night. Im hoping they will get back to me as well as fix this bug. Dont know if they will or not as they asked questions, and said they needed more info so they could respond better to the problem.
Dont know if they mean to respond as in a fix or just do some PR spinning to cover up the problem.
People have reported that dax’s mod_rewrite is not working. You can find a thread at WMW http://www.webmasterworld.com/apache/3174971.htm with more options that do work along with a bunch of other threads on the topic of fixing it for all types of websites.
Dear Sir,
Thanks for your article. As normal MSN made a stupid program again
Somebody has done this to my website :
Some how It has got 2nd ranking on “free greetings” keyword and Soon it has been disappeared. Now I checked on yahoo I can find lot crappy URLs are there On the web. Only my doubt is if the above code will effect the legitimate GET command??
That is right sajith, so you need to allow some _GET on some pages if you want them and on others not allow it. I recommend using _POST
Dear Sir,
My website is performing well in Google. However, its worst in MSN. The only thing I noticed with my website is that I have created subdomains for two categories at my website and some of the pages are repeating in all three websites i.e. mysite.com, sub1.mysite.com, sub2.mysite.com
Please note that 60% of the content is same in all three pages. Does it matters to decrease my ranking in MSN/Live??
I’ll really appreciate your kind comments in this regard.
Thanks,
It is hard to say without looking Abraham. On the most part MSN is one of the easiest search engines to rank in compared to Google requirements.
I would say to checkout what type of links you have to these sub-domains and try to get the % of dupe content on each sub-domain way-way down.
I would checkout stefan juhl’s blog as he has covered some of the topics of dupe sub-domains, and the right and wrong way of managing them.
Hi,
Can you remove a website from Google in the same way? If not, is there any known way of removing something from a google search finding?
An e-commerce store of mine was completely removed from Live Search which previously had #1 rankings for a number of keyword groups. It had ranked better for some over Google, so I was shocked to see that none of the keywords were getting any responses!
Thanks for calling attention to this. I doubt MS will do anything pro-active for the rift of damage done.
I’m wondering, is there a legal recourse for this if you can identify which competitor had bumped you?
“IF” you could find who did it, then yes you could go after them in court for damages in my mind.
The best thing you can do is start bugging MSN. It took me 4 months before I was able to bug MSN to the point that they put us back into the index. That included me writing a patch to stop people from doing that to my website and 301′ing the old links to the index.
Best of luck!