URL Hijack by Spam Trackbacks through 302 Redirection in WordPress is getting a very popular method nowadays again. The major target are blogs with >80 % traffic from Google Search Engines.
What is this URL Hijack is?
People will arrive to your webpage by any means (suppose from the Google Search Result pages); after few seconds will be redirected to the spammer / hacker’s own webpage.
What is 302 and 301 redirection?
To redirect a page, multiple methods can be used.
---
Well recognized for redirections are status codes 301 and 302. 301 redirect is permanent redirection ( that is content moved from one domain to another permanently).
The 302 redirect is temporary redirection; the main page remains valid to Google Search. Obviously, The effect of the two redirections are also different to the search engine.
How URL Hijack is performed using spam Trackbacks?
How URL Hijacking can happen, was written by Joost de Valk in Yoast in two years ago:
This is were, in my opinion, WordPress goes wrong, as that redirect is a 302 redirect. On line 65 of wp-trackback.php, it says the following:
wp_redirect(get_permalink($tb_id));So it uses the function wp_redirect to redirect you back to the original post. This function lives in wp-includes/pluggable.php, and by default, sends a 302 redirect. You can make it send a 301 redirect by simply changing the code to:
wp_redirect(get_permalink($tb_id),301);
We will not discuss on how URL Hijack is actually done by using which line of code. This post will be exploited to use by the hackers for URL Hijack, who are still not aware of the method.
How to prevent URL Hijack by spam trackbacks in WordPress blog?
- Use Disallow Tracbacks, Comments, Comment feeds from Robots.txt.
perfectly in post to fight duplicate content issue.
- Use Ultimate Security Check like plugins to check other security loop holes.
- Use Exploit Scanner like plugin to check if your WordPress theme has any problem itself.
- Always manually check who is actually giving the link that you are getting as a Trackback. This is what we suggest to do to prevent URL Hijack or allowing spam trackbacks.
- Copy paste the URL of the trackback (if suspicious) to any text Editor to see what it looks like. Simply delete the URL and allow Trackback / delete it if you guess anything suspicious.
- Never use “Free Premium Themes” ; other than illegal it can itself inject codes to facilitate the URL Hijack. We recommend using good Premium themes or if you do not afford, use official free themes from WordPress as scaffold and create your own Child Theme.
- Certain plugins can do this URL Hijack, try not to download WordPress plugins outside of WordPress repositary.
- Update WordPress and plugins regularly to prevent URL Hijack.
Other methods of URL Hijack
- Manipulating the .htaccess file : hacker needs access to the root. Difficult task for the hacker to exploit for doing a URL Hijack as it is almost impossible to gain access with a good setup. But this is very effective for doing the URL Hijack : visitor will practically not notice the redirection; everything will happen instantaneously.
- Malicious Java Scripts of bad Advertisers. We can just say, these Advertisers do not perform any URL hijack through advertising: Google Adsense, Adbrite, LakeQuincy Media, Technorati Media, Tribal Fusion, Chitika. For all others, be cautious, we have not tested. We discovered 3 (till now) who do these.

Thanks a lot :)
always i used to read smaller posts that as well clear their motive, and that is also happening with this post which I am reading here.
Amazing blog! Is your theme custom made or did you download it from somewhere?
A theme like yours with a few simple adjustements would really make my blog stand out.
Please let me know where you got your design. Cheers
This is custom designed theme. The designers are of our company. If you are interested to get quote, please use the contact us form (link at bottom of every page). We will change the theme, so you can grab it as sole license holder.
all the time i used to read smaller articles or reviews that also clear their motive, and that
is also happening with this piece of writing which I am reading
here.
Good article. I’m facing many of these issues as well..
I like to share understanding that I have accumulated with the yr to help improve group functionality.
Nice post. I learn something totally new and challenging on sites I stumbleupon on a daily
basis. It’s always useful to read content from other writers and use a little something from their websites.
Hi! I’ve been following your web site for a long time now and finally got the
bravery to go ahead and give you a shout out from
Kingwood Texas! Just wanted to mention keep up the excellent
work!
Here is my webpage: seo bedford, getjealous.com,
Great goods from you, man. I’ve understand
your stuff previous to and you’re just extremely fantastic.
I really like what you have acquired here, really like
what you’re stating and the way in which you say
it. You make it entertaining and you still care for to keep it sensible.
I cant wait to read much more from you. This is
actually a great website.
Quality articles or reviews is the important to invite the
users to go to see the web site, that’s what this site is providing.