November 3, 2015 at 13:13How to detect and eliminate sneak redirects for mobile devices
- Transfer
Hello, Habr! We all love it when the site works perfectly on any device, regardless of screen size, management methods and interactions. Often, content has to be slightly adapted to the device on which the user is viewing it: for example, optimization for a small smartphone screen involves changing images and other content elements. To make it easier for mobile visitors, developers often use a pop-up navigation bar . If such modifications are implemented properly and their goal is to improve usability, we do not consider them as a violation of Google’s policies.
The same applies to redirecting to mobile sites. Smartphone users will be more comfortable working not with the regular version of the site, but with a mobile one. Therefore, redirecting, for example, from example.com/url1 to m.example.com/url1 is justified. However, covert redirection of mobile users to third-party pages interferes with work and violates Google’s recommendations for webmasters .
Violation example: the search results page on the computer and mobile phone displays the same URL. By clicking on this link, the computer user will be taken to the landing page, and the smartphone user will be redirected to another URL.
Today, there are many ways to create a website. From ready-made engines, plug-ins and themes, to comfortable IDEs that do not require almost any knowledge in the field of layout. Many large or old resources for a long time (even in the days of ordinary phones with JAVA browsers) have a mobile version, which can be very different from the "full" one. Nevertheless, we believe that the content of the site and the information provided should coincide in essence on all devices. Let's look at the main problems of redirecting mobile users.
Problematic processing of mobile devices
Sometimes webmasters set up forwarding mobile visitors themselves, as a rule, in violation of our recommendations. If this harms users, we manually take measures to solve the problem (read more about this at the end of the article). However, we also know cases where covert redirects are performed without the knowledge of the site owner .
Intentionally redirecting for advertising purposes A
script or element placed on a site to display advertising or monetize content can redirect mobile users to a site of a different subject without the knowledge of the webmaster. It doesn’t matter if you yourself posted a “problem” script or hacked your site: if you don’t understand the source code of the plug-ins, getting a Trojan horse is as easy as shelling pears.
Redirecting mobile users as a result of hacking a site
If your site is hacked, it can redirect mobile users to domains that distribute spam, illegally collect personal data or steal money from credit cards. What if you become a victim of such redirects?
The general program of action is simple, just one, two or three: identify, isolate, prevent. To the cause!
To competently deal with a problem, it must be defined. You don’t have to guess that someone is “stealing” your mobile users until someone complains or you yourself accidentally stumble upon the results of malicious scripts.
Messages from visitors can carry little useful information and cause panic: “I opened your site, and it’s me Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! and offers rotten fruit at wholesale prices . ” No problem page, no information about the device or browser.
So, step one: find the problem. The tips may look obvious, but as practice has shown, when it comes to real problems, many users and webmasters are lost and do not know where to start. Start with the simplest:
Suppose you find a problem? What's next? How to deal with it? Step two: isolate the source of the problem. There can be two sources of redirection - external or internal impact.
In the first case, someone got access to your site (vulnerabilities for popular engines are regularly found and do not always quickly close). In the second, you, unwittingly, planted a “time bomb” by inserting some script without checking its contents. Optionally, the site engine could independently update the elements from some repository that was hacked. In any case, the algorithm is the same to fix such problems.
Step Three: Prevent Repetition. Everything is simple here. You have found the reason for the redirection - a script, element, module, whatever. If you know where it came from - maybe you should stop using this source of extensions. If not, check the list of known vulnerabilities for your engine or framework, a set of libraries. Perhaps the developers managed to release urgent updates.
The human factor should not be ruled out. If there was no hacking and you did not post scripts / libraries / elements, but they did appear - look at the history of access to the site, perhaps initiative moderators or content administrators could have intentionally or unintentionally infected the site.
Check permissions to read / write to specific folders, if writing is not required - set the attribute read only, it will prevent attackers and malware caught in a narrow loophole from registering in working folders and raising privileges.
If a user is redirected to other pages in order to display content other than that presented in the search results, this is in violation of Google’s recommendations for webmasters. Read more about covert redirects here .
The Google Search Quality Assessment Team can take action on such sites, such as removing the URL from our index. If this happens, you, as the site owner, will see relevant alerts in the Search Console. This is just one of the reasons we recommend that you register an account.in Search Console. The service itself is extremely flexible and allows not only to receive timely notification of problems, but also to analyze the current state of the site, as well as send requests for re-verification to Google. Fast, convenient, and most importantly - in one place.
Choose advertisers who won’t direct your visitors to unexpected pages. If you are striving to develop trusting relationships in the industry, read the recommendations on working in advertising networks. You can start by exploring IAB site quality guidelines .
There are many ways to monetize content for mobile devices, providing a high level of convenience for users and not leading to the removal of your site from search results. Use them.
If you have questions or comments about forwarding for mobile devices, leave them here or post them on the webmaster forum or in our Google+ webmaster community .
The same applies to redirecting to mobile sites. Smartphone users will be more comfortable working not with the regular version of the site, but with a mobile one. Therefore, redirecting, for example, from example.com/url1 to m.example.com/url1 is justified. However, covert redirection of mobile users to third-party pages interferes with work and violates Google’s recommendations for webmasters .
Violation example: the search results page on the computer and mobile phone displays the same URL. By clicking on this link, the computer user will be taken to the landing page, and the smartphone user will be redirected to another URL.
What where When?
Today, there are many ways to create a website. From ready-made engines, plug-ins and themes, to comfortable IDEs that do not require almost any knowledge in the field of layout. Many large or old resources for a long time (even in the days of ordinary phones with JAVA browsers) have a mobile version, which can be very different from the "full" one. Nevertheless, we believe that the content of the site and the information provided should coincide in essence on all devices. Let's look at the main problems of redirecting mobile users.
Problematic processing of mobile devices
Sometimes webmasters set up forwarding mobile visitors themselves, as a rule, in violation of our recommendations. If this harms users, we manually take measures to solve the problem (read more about this at the end of the article). However, we also know cases where covert redirects are performed without the knowledge of the site owner .
Intentionally redirecting for advertising purposes A
script or element placed on a site to display advertising or monetize content can redirect mobile users to a site of a different subject without the knowledge of the webmaster. It doesn’t matter if you yourself posted a “problem” script or hacked your site: if you don’t understand the source code of the plug-ins, getting a Trojan horse is as easy as shelling pears.
Redirecting mobile users as a result of hacking a site
If your site is hacked, it can redirect mobile users to domains that distribute spam, illegally collect personal data or steal money from credit cards. What if you become a victim of such redirects?
The general program of action is simple, just one, two or three: identify, isolate, prevent. To the cause!
How to detect sneaky redirects for mobile devices?
To competently deal with a problem, it must be defined. You don’t have to guess that someone is “stealing” your mobile users until someone complains or you yourself accidentally stumble upon the results of malicious scripts.
Messages from visitors can carry little useful information and cause panic: “I opened your site, and it’s me Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! and offers rotten fruit at wholesale prices . ” No problem page, no information about the device or browser.
So, step one: find the problem. The tips may look obvious, but as practice has shown, when it comes to real problems, many users and webmasters are lost and do not know where to start. Start with the simplest:
- Open the site on your smartphone and see if you get to another resource.
We recommend checking your site by going to it from the Google search results on your smartphone. With the current diversity in the mobile device market, debugging is more convenient using emulation of mobile devices in computer browsers. This feature is supported by Chrome , Firefox and Safari . In the latter case (Safari), you will need to open your browser settings and check the box "Show the" Development "menu in the menu bar." - Read visitor reviews.
Users may not see your site the way you do. Someone has an old browser, someone has a mountain of extensions (they can also be attacked and begin to palm off ads / redirect users). Always read customer reviews and pay attention to their complaints in order to identify problems on time. If required, ask clarifying questions, ask to send a screenshot or tell how exactly the user got on the problem page. - Track the actions of visitors and analyze site statistics.
Unusual actions of mobile users can be detected by studying data from web analytics. Statistics is a powerful tool that allows you to identify problems where single checks and tests do not show anything. For example, if the average time spent on the site by the owners of mobile devices (and only them) has sharply decreased, this could be due to redirects.
You can set up special alerts in Google Analytics to immediately recognize significant changes in the behavior of mobile users .
Try to create an alert about a sharp decrease in the time spent by mobile visitors on the site, or a decrease in their number. It should be remembered that significant changes in these indicators are not always a direct result of latent call forwarding, but the decrease in attendance is still worth exploring. You didn’t just do this site?
A hidden redirect for mobile users has been detected on my site. What to do?
Suppose you find a problem? What's next? How to deal with it? Step two: isolate the source of the problem. There can be two sources of redirection - external or internal impact.
In the first case, someone got access to your site (vulnerabilities for popular engines are regularly found and do not always quickly close). In the second, you, unwittingly, planted a “time bomb” by inserting some script without checking its contents. Optionally, the site engine could independently update the elements from some repository that was hacked. In any case, the algorithm is the same to fix such problems.
- Check if the site has been hacked
Open the Security Concerns section of the Search Console: if we find a hack, you will find an alert inside.
In addition, it is worth exploring additional information about typical signs of hacked sites and examples from our practice . If you use any engine or framework - look at the news of the corresponding community, maybe not only you are faced with a problem. - Check if there are any extraneous scripts and elements on the site.
If your site is not hacked, check if there are any third-party scripts or redirected elements on it. To do this, follow these steps:- Attention! Before making any changes to a working site, create a backup copy of the site, check its operability.
- Find the page that redirects users. If other scripts and elements are on it, feel free to delete them one at a time.
- After each deletion, check from a mobile device or through an emulator whether forwarding occurs.
- After localizing the element responsible for covert redirects, delete it from all pages. If the element is critical and necessary for the functioning of the site - ask its provider to help you with debugging.
- Attention! Before making any changes to a working site, create a backup copy of the site, check its operability.
Protecting the site
Step Three: Prevent Repetition. Everything is simple here. You have found the reason for the redirection - a script, element, module, whatever. If you know where it came from - maybe you should stop using this source of extensions. If not, check the list of known vulnerabilities for your engine or framework, a set of libraries. Perhaps the developers managed to release urgent updates.
The human factor should not be ruled out. If there was no hacking and you did not post scripts / libraries / elements, but they did appear - look at the history of access to the site, perhaps initiative moderators or content administrators could have intentionally or unintentionally infected the site.
Check permissions to read / write to specific folders, if writing is not required - set the attribute read only, it will prevent attackers and malware caught in a narrow loophole from registering in working folders and raising privileges.
Use Search Console
If a user is redirected to other pages in order to display content other than that presented in the search results, this is in violation of Google’s recommendations for webmasters. Read more about covert redirects here .
The Google Search Quality Assessment Team can take action on such sites, such as removing the URL from our index. If this happens, you, as the site owner, will see relevant alerts in the Search Console. This is just one of the reasons we recommend that you register an account.in Search Console. The service itself is extremely flexible and allows not only to receive timely notification of problems, but also to analyze the current state of the site, as well as send requests for re-verification to Google. Fast, convenient, and most importantly - in one place.
One more thing
Choose advertisers who won’t direct your visitors to unexpected pages. If you are striving to develop trusting relationships in the industry, read the recommendations on working in advertising networks. You can start by exploring IAB site quality guidelines .
There are many ways to monetize content for mobile devices, providing a high level of convenience for users and not leading to the removal of your site from search results. Use them.
If you have questions or comments about forwarding for mobile devices, leave them here or post them on the webmaster forum or in our Google+ webmaster community .