Well Ted's announcement that we will be clamping down on people trying to game the system didn't go down too well, with a great many of you concerned that you'd suddenly be banned for making an honest mistake. There's also been a great deal of confusion over just what it is we're going after. So, let's start over, and I'll explain exactly how it's going to work.
First a bit of background. I don't condone hacks, spoofs, exploits or anything like that. As a programmer though I can certainly understand what would drive someone to work this stuff out, and honestly some of the 'solutions' out there are impressive, to say the least. That said, we're not talking about anything here that you could ever do by accident. It's next to impossible that you'd have set your blog up and quite by accident dump a ranking spoof in there.
What we're looking for are ways that people 'boost' their rank through nefarious means. I'll explain, one by one.
The Google Page Rank Exploit
This one is quite old, and a few sites out there detailing how it's done now claim that it doesn't work any more. It does. We came across a couple of sites recently doing just this exploit. They either stopped doing it, or went elsewhere after we spoke with them.
The principle is shown in figure 1 above. Either using Javascript, or else by modifying the web server's request handling behavior, a different result is served based on whether the request came from a web browser, or one of Google's many automated spiders.
The idea is a simple one. If a web browser asks for a page, then we'll show it. If on the other hand it's Google crawling the site, redirecting them to a much higher traffic site effectively makes Google think that we are a part of the bigger site. When Page Rank lookups are done, the page rank that's returned is actually the page rank of the much bigger site(amazon.com, microsoft.com, apple.com are all common targets) rather than my blog. Simple, devious, and not nice. Don't do this.
The Alexa Image Redirect exploit
This is a relatively new exploit, but it's been a round in different forms for quite some time. It's a way for a group of 'friends' to share alexa rank and is achieved by embedding invisible images on a page that are loaded through Alexa redirecting out to the other sites.
For example, if I post an image on my site and you go ahead and link it on yours, that's fine. You obviously found my image useful in some way, and the readers of your blog will be driving traffic to mine because they are interested in the image too. It's part of the content of the blog.
However, if you go ahead and embed an invisible image on your blog and force that image to be loaded through an Alexa redirect then that begs the question of "why?". It's not an advertising tracking dot from us or anyone else, since they would never ever go through Alexa's redirect.alexa.com url. It's not content on your blog either, since it's invisible. The only reason anyone would ever embed an image on a blog that loads through Alexa redirect is to 'spoof' traffic. The idea is that we all share the same type of dots and thus any visitors to my site, your site or anyone else we're involved in this with causes a hit across all our sites, but through Alexa. The net result is a sizeable jump in Alexa ranks.
The most common tag you'll see doing this in a page looks like this
<img src="http://redirect.alexa.com/redirect?http://www.mypalssite.com/ .
images/someimage.jpg" style="width: 3px; height: 3px;" rel="nofollow">
...there's usually some formatting around this as well to make sure the image doesn't show up, or to make it appear as something different (a small green square, a red dot, and so on). If I really wanted to link to the other site and give them traffic I could just do this
<img src="http://mypalssite.com/images/someimage.jpg">
It would have the same effect, almost. The big difference is that the traffic is not being forced through Alexa and thus causing Alexa to gather inaccurate data on a site.
Please note though, this is very different to a blog roll. If you have a blog roll on your site, then you clickable links or images that take the browser elsewhere. For example:
<a href="http://www.payperpost.com">PayPerPost.com</a>
and
<a href="http://codehappy.wordpress.com">My own blog</a>
Those links could be set up to redirect through alexa when clicked, and that would be fine. The reader of the site genuinely wanted to go to those sites, since they clicked the links. The problem is only when the links are images that are automatically loaded through Alexa when the page loads.
Hope that clears everything up for everyone.
Finally, these are just the two most prominent ranking exploits out there. I started messing around with the idea of scripting the identification of these two a week or two back, and that's basically the script that we're going to run to identify wrongdoers. There are others though, other ways of doing dishonest things like this, and I will be extending the script as I come across them.
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e008c4ed5d883400e3982767d38833
Listed below are links to weblogs that reference Exploits, spoofs and other annoyances explained:
» Lies, Darned Lies and Web Stats from Ugh!!'s Greymatter Honeypot
Interesting post on TechCrunch today about how Alexa thinks that YouTube is more popular than Google. According to Alexa, who use their toolbar to measure popularity of various websites around the web, YouTube has more page hits than Google does. Howev... [Read More]
Comments (RSS)
Patrick D. said...
I give credit where it's due and this is great. The tone is respectful and the piece is incredibly informative. This should have been the first post. Kudos to you, PPP. This is very well done!
Aug 13, 2007 5:25:51 PM
Marisa said...
What Patrick said.
And thank you Pete.
Aug 13, 2007 5:46:48 PM
Ghosty said...
A most interesting post, and explains a lot. Thanks for a great post!
Aug 13, 2007 5:57:56 PM
Kat said...
This is how the first post should have been. Explain to us what the problem is, not just threaten people for things they may not know/or are not doing wrong.
Thank you Pete for clarifying this. Now I know what those things are and will be sure to never get involved with such a scheme.
Aug 13, 2007 5:59:48 PM
Pete Wright said...
You're welcome.
Aug 13, 2007 7:40:00 PM
skeet said...
Pete, mahalo for the explanation and the respectful way it was given.
I was one of those involved in the Alexa experiment and I apologize to my fellow posties and to PPP staff for my part in this. I really did see it as "poking Alexa with a stick," tantamount to thumbing our noses at them and showing them how useless they are. A naughty but harmless prank. However, two long-term posties I greatly admire and whose ethics I trust stated misgivings about it. I should have let that guide me. I'm sorry. I made a very poor decision and the blame lies with me and others who chose to participate.
Aug 13, 2007 8:12:20 PM
Cass said...
Thank you, Pete!
Aug 13, 2007 9:35:33 PM
Tim said...
I continue to be humbled by how little I know.
Aug 13, 2007 10:05:39 PM
Ron said...
Well done, Pete! Excellent example of making a complex concept clear and enjoyable to read! In a way, I am glad that Mr. Murphy's initial post was more of emotional and passion. Had he written it with the objective style of your post, we wouldn't have had the chance to read your very lucid article.
Aug 14, 2007 7:57:52 AM
Andrew Ian Dodge said...
Exactly what we needed to see. Thanks for this most excellent post.
Aug 14, 2007 12:22:56 PM
Alan said...
Thanks for this post, it really clarifies things here.
I'm glad to know that my alexa badge and my blogroll aren't exploits! :)
Aug 14, 2007 4:41:00 PM
kd said...
This really cleared things up for me. Thanks!
Aug 14, 2007 10:22:51 PM
Antti said...
It was very interesting to learn a little from these exploits.
Like you said some of the methods are pretty impressive. They really work for their exploits.
I'm glad that you work there too and find these people.
regards
Antti
Aug 15, 2007 1:59:41 AM
Allan Cheng said...
I really enjoyed this post. Very informative and it's great to see PayPerPost take a stand against these types of ranking manipulation.
Aug 15, 2007 5:32:48 AM
Cynthia Blue said...
This, for sure, should have been the first post. I didn't even know these things were possible. Hrm.
Aug 15, 2007 11:35:37 AM
tony said...
Great post pete.. it clearly draws the line what should and what should not be done. Thanks !
Aug 16, 2007 2:45:50 PM
Jenny said...
I don't get it. Or understand it. But at least people now know that you're cracking down on it and maybe they'll stop cheating.
Aug 24, 2007 10:01:23 PM
adeline said...
Thank you for this post.The idea is a simple one. Is very creative and very interesting post and here is mmmm instresting story...
Oct 30, 2007 9:03:57 PM
Is alexa widgets or using redirection myth? said...
My website http://www.fortunehotels.in isn't having good position in Alexa. I have downloaded alexa toolbar & placed alexa widgets on the website but no improvement there. Even I read on many sites that that alexa widget, redirections are myth. Is that true? I need your feedbacks.
Oct 31, 2007 3:56:17 AM
Fortunehotels ranking in Alexa said...
If you depend on link or site selling as a form of monetization you’ll definitely want to increase your http://www.alexa.com/data/details/main?url=www.fortunehotels.in Alexa rank, because it’ll increase your bargaining power when it comes to ad pricing.
Apr 3, 2008 4:47:18 AM