Menu
homeSocial network

Online check for mobile redirect. What is a mobile redirect and how to deal with it. Mobile redirect and search engines

We continue to introduce readers to widgets that threaten the security of the site or visitors. Today we will talk about the call back service Chaser.ru. The service offers the webmaster to install a widget on a commercial resource to increase conversion.

A couple of days ago, a client contacted us with a complaint about a hidden mobile redirect. According to him, the site redirected visitors coming from mobile devices to the paid subscription service (in short - wapclick redirect). As is usually the case, redirection occurs once per mobile device per day. And only if the visitor came via mobile Internet, not via WIFI.

UPD March 27 18:30— the service developer discovered a hack in the service and fixed the problem:

Scanning the site files did not reveal any malicious scripts that could cause redirects, so the next step was to analyze the traffic at the moment the site page was loaded.

Based on the results of the analysis, a wapclick redirect was discovered that occurs along the following chain:

chaser.ru » mc.yaship.ru » mobempire.ru » watchland.space » moipodpiski.ssl.mts.ru

It turned out that when accessed from different browsers, the Chaser.ru widget loads different versions of the javascript file http://chaser.ru/widget/1.1/js/chaser.js. The version for mobile devices contains dynamic injection of a script from the mc.yaship.ru domain (a phishing domain masquerading as Yandex.Metrica). This script, when downloaded from the 3G/LTE network of a cellular operator, performs a redirect to the Wapclick affiliate mobempire, and then redirects visitors to paid SMS subscriptions, which we have already written about more than once.

The details of an HTTP session look like this:

If you open the site in a regular browser, the mc.yaship.ru injection will not be in the file. When downloading a file from a mobile device, a fragment appears in the code of the static file, which is highlighted in the screenshot:

This is not the first time that seemingly legitimate widgets have caused problems for webmasters and commercial site owners. Moreover, the source of the redirect essentially becomes the webmaster himself, who voluntarily places a dangerous widget on the site’s pages. The problems that a webmaster condemns his site to primarily relate to sanctions from search engines: search engines are excellent at detecting “wapclicks” and other types of hidden redirects, as a result of which they punish site owners by excluding sites from mobile search results or pessimizing them in search results .

Additionally, I would like to point out that callback widgets that use “clickjacking” to recognize a visitor’s profile on social networks are now gaining popularity. For this “cheating,” the search engine also severely bans the site. Be careful!

And to check the reliability of the service, you can use our web scanner or contact us at

One morning, while checking my email, I discovered a “chain letter” from Yandex, in which I was notified that one of the sites poses a threat to users and is marked in the search results as malicious. A visit to the webmaster’s personal account confirmed the problem.

I access the site from a smartphone via Yandex. And I get this picture on the screen.

I started researching the problem on the internet. It turned out that if the file. htaccess is not changed, then the problem is on the hoster's side. And because All my files on the server are protected from overwriting and making changes without my knowledge is impossible, so we write to the hosting support.

your message(11/11/2013 11:32:00) In recent days, when logging in from mobile devices, getpdainfo.com is redirected here and offers to update the flv player. Moreover, if you log in a second time from the same IP, it no longer redirects. When you come in from another one, it transfers again. .htaccess is clean. All site files have been scanned by several antiviruses. Online check of DrWEB and others says that everything is clean. The site has the Wordfence antivirus plugin - it also says that everything is clean. We suspect that this redirect is attached to the page on the fly on the web server. Look here please!

We get the answer.

Support message (11.11.2013 16:11:49)

Hello.
On the site sayga12.ru you have quite a lot of redirects in the “.htaccess” file, probably the reason for the redirection of mobile traffic is in one of them.

There are no redirections from the web server side.

Well, as expected... The site files were downloaded to the computer and scanned by antivirus software. All is clear. Critical files of the site theme and admin panel were also manually checked. Also no change. The site was checked by several online scanners, including DrWeb. No hints of problems with the site files. Just in case, I put in a clean one. htaccess. But when logging in from a smartphone, we get a redirect to a viral site again.

We write to the hoster again.

your message (11.11.2013 16:40:02)

The same redirects are registered on three more sites and this problem does not exist there.
There is a blacklist of sites listed there. I'll try to install clean htaccess but I'm more than sure that the problem will remain. This file has been standing for six months already, and the problem has just appeared.

Well, again the hoster unsubscribes.

Support message (11.11.2013 19:37:02)

Please check the code of your site for vulnerabilities, apparently it was hacked, and the attackers wrote the redirect code in .htaccess

We continue to hammer the hoster, because... everything has been rechecked several times. The problem is clearly on the hosting server. The question is how to convince them of this...

your message (11.11.2013 19:42:42)

Htaccess set to \"naked\". The problem, as I expected, remained. Guys, you seem to have a virus on your web server. Look at what server the site sayga12.ru and my other sites are on. The problem is only with sayga12.ru.

your message (11.11.2013 19:48:58)

Regarding hacking, this is unrealistic. There is a ban on changing all files for six months. Any change is sent to me by email. The redirect hooks on the fly when accessing the site; its code is not in the site files. The problem with this redirect is known - it is hosted. Since the summer of 2013, she has been hammering all hosters starting with RU-center. Whatever I do now with the site files is useless, because... they are clean.

Finally the host gives up. 11 hours have passed since the first call.

Support message (11.11.2013 22:04:45)

Okay, we'll check the server software.

By the end of the day, I began to look with horror at the decline in the site’s positions on all LI charts. Yandex tagging reduced daily traffic by 3 times! Transitions from Yandex from an average daily rate of 84 people over the last week fell to 4!

However, in the morning I receive this letter from the hoster.

Support message (12.11.2013 01:38:11)

Hello,

1) thank you for contacting
2) today, based on your complaint, we have carried out a thorough analysis of the situation,
thanks to your request, we found a compromised module for the web server,
at the moment the module is already disabled and there are no redirects, how did this happen and
why this could happen at all - we are looking into it
according to our data, this happened on “Nov 9 21:48”. We also conducted a full analysis
all other machines - only ftp30 was compromised

3) within the next 24 hours (or rather, within the next 12 hours) all software
the software on this server will be updated (kernel and system software),
and the configuration files will be re-uploaded from the repository

4) I offer you my deepest apologies for the inconvenience caused -
and I repeat, we will make every effort to investigate this fact

5) as compensation, I credited you with six months of service for free

6) if you are worried about the content of your sites
you can use the backup service in the control panel and order
restoring the backup for November 9, there will be no foreign content in this archive
shouldn't
I would also recommend that you compare mysql passwords in the control panel
(as well as in configuration files)

7) if you wish, we can transfer your account to another server

Thanks again for reaching out
All the best!

I also received a second letter about bonuses being credited to my account.

An application to Yandex to re-check the site was sent the day before. We are waiting for the results. And in half a day we get it. There was traffic right away.

The last site check on November 13, 2013 did not reveal any pages containing malicious code. The site appears unmarked in search results.


Sincerely,
Yandex.Webmaster

The problem was resolved within 24 hours. It’s good that there were adequate people in the hosting support who correctly assessed the situation and, most importantly, were not afraid to admit their problem. And at the beginning of the correspondence, I already began to think about changing the hoster, because a lot of money and effort have been invested in the sites, and such incidents nullify everything that has been done for years.

I hope my article will help you solve your problems with mobile redirect if you encounter it on your websites.

Hello, Habr! We all love it when a website works great on any device, regardless of screen size, control methods and interaction. Often, content needs to be adapted slightly to the device on which the user is viewing it: for example, optimizing for a small smartphone screen involves changing images and other content elements. To improve the experience for mobile visitors, developers often use a pop-up navigation bar. If such modifications are implemented properly and are intended to improve your experience, we do not consider them a violation of Google's policies.

The same applies to redirects to mobile sites. Smartphone users will find it more convenient to work not with the regular version of the site, but with the mobile one. Therefore, redirecting, for example, with example.com/url1 on m.example.com/url1 justified. However, silently redirecting mobile users to unrelated pages is disruptive and violates Google's Webmaster Guidelines.

An example of a violation: the search results page on a computer and a mobile device shows the same URL. By clicking on this link, a desktop user will be taken to the landing page, while a smartphone user will be redirected to another URL.

What where When?

Today there are many ways to create a website. From ready-made engines, plugins and themes, to comfortable IDEs that require virtually no knowledge in the field of layout. Many large or old resources have long ago (back in the days of regular phones with JAVA browsers) had a mobile version, which can be very different from the “full-fledged” one. However, we believe that the content of the site and the information provided should be substantially the same on all devices. Let's look at the main challenges of retargeting mobile users.

Problematic mobile device processing
Sometimes webmasters themselves set up redirection of mobile visitors, usually in violation of our recommendations. If this is harmful to users, we manually take action to resolve the issue (read more about this at the end of the article). However, we are also aware of cases where hidden redirection is performed without the knowledge of the site owner.

Deliberate redirection for advertising purposes
A script or element placed on a site to display advertising or monetize content may redirect mobile users to a site of a different topic without the knowledge of the webmaster. It doesn’t matter whether you posted the “problematic” script yourself or your site was hacked: if you don’t understand the source code of the plug-ins, it’s easy to get a Trojan horse.

Redirection of mobile users as a result of website hacking
If your site is hacked, it could redirect mobile users to domains that distribute spam, illegally collect personal data, or steal money from bank cards. What to do if you become a victim of such redirects?

The general program of action is as simple as one-two-three: identify, isolate, prevent. Get to work!

How to detect hidden redirects for mobile devices?

To competently deal with a problem, it must be identified. You may not even realize that someone is “stealing” your mobile users until someone complains or you yourself accidentally stumble upon the results of malicious scripts.

Messages from visitors may contain little useful information and cause panic: “I opened your website, and it made me Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaand it offers rotten fruit at wholesale prices”. No problem page, no device or browser information.

So step one: find the problem. The advice may seem obvious, but experience has shown that when it comes to real problems, many users and webmasters are lost and don’t know where to start. You should start with the simplest:

  • Open the site on your smartphone and see if you are taken to another resource
    We recommend checking your site by navigating to it from Google search results on your smartphone. With the current diversity in the mobile device market, it is more convenient to debug using mobile device emulation in computer browsers. This feature is supported by Chrome, Firefox and Safari. In the latter case (Safari), you will need to open the browser settings and check the box “Show the Develop menu in the menu bar.”
  • Study customer reviews
    Users may see your site differently than you do. Some people have an old browser, others have a mountain of extensions (they may also come under attack and start sneaking in ads/redirecting users). Always read customer reviews and pay attention to their complaints in order to identify problems in time. If necessary, ask clarifying questions, ask to send a screenshot or tell how exactly the user got to the problematic page.
  • Track visitor actions and analyze site statistics
    Unusual mobile user behavior can be detected by examining web analytics data. Statistics are a powerful tool that allows you to identify problems where single checks and tests show nothing. For example, if the average time spent on the site by mobile device owners (and only them) has sharply decreased, this may be caused by redirects.

    To immediately recognize significant changes in mobile user behavior, you can set up custom alerts in Google Analytics.

    Consider creating an alert for a sudden drop in time spent by mobile visitors or a decrease in the number of mobile visitors. It should be remembered that significant changes in these indicators are not always a direct consequence of hidden redirection, but the decrease in traffic is still worth studying. You didn’t just make the site like that, did you?

A hidden redirect for mobile users has been detected on my site. What to do?

Let's say you found a problem? What's next? How to deal with it? Step two: isolate the source of the problem. There can be two sources of redirection - external or internal influence.

In the first case, someone gained access to your site (vulnerabilities for popular engines are regularly found and are not always fixed promptly). In the second, you, unwittingly, planted a “time bomb” by inserting some script without checking its contents. Optionally, the site engine could independently update elements from some repository that had been hacked. In any case, the algorithm for eliminating such problems is the same.

  • Check if the site is hacked
    Open section Security issues in Search Console: if we have detected a hack, you will find a corresponding notification inside.
    In addition, it is worth studying additional information about the typical signs of hacked sites and examples from our practice. If you use any engine or framework, look at the news of the corresponding community, maybe you are not the only one facing the problem.
  • Check if there are any extraneous scripts and elements on the site
    If your site is not hacked, check if there are any third-party scripts or elements that perform redirects. To do this, follow these steps:
    1. Attention! Before making any changes to a running site, create a backup copy of the site and check its functionality.
    2. Find the page that redirects users. If there are other people's scripts and elements on it, feel free to delete them one by one.
    3. After each deletion, check from your mobile device or through an emulator whether redirection occurs.
    4. After localizing the element responsible for hidden redirection, remove it from all pages. If an element is critical and necessary for the site to function, ask its supplier to help you with debugging.

Protecting the site

Step three: prevent recurrence. Everything is simple here. You found the reason for the redirect - script, element, module, whatever. If you know where it came from, you might want to stop using this source of extensions. If not, check the list of known vulnerabilities for your engine or framework or set of libraries. Perhaps the developers managed to release urgent updates.

The human factor should not be excluded. If there was no hacking and you did not post scripts/libraries/elements, but they appeared, look at the history of access to the site; perhaps proactive moderators or content administrators could have intentionally or unintentionally introduced the infection to the site.

Check read/write permissions in certain folders; if writing is not required, set the read only attribute; it will prevent attackers and malware that got through a narrow loophole from registering in working folders and increasing the level of privileges.

Use Search Console

If the user is redirected to other pages with the intention of showing content different from what is presented in the search results, this is a violation of Google's webmaster guidelines. You can read more about hidden redirects.

Google's Search Quality team may take action against such sites, such as removing the URL from our index. If this happens, you, as the site owner, will see corresponding alerts in Search Console. This is just one of the reasons why we recommend that you sign up for an account with Search Console. The service itself is extremely flexible and allows you not only to receive timely notifications about problems, but also to analyze the current state of the site, as well as send requests to Google for re-checking. Fast, convenient, and most importantly - in one place.

One more thing

Choose advertisers that won't direct your visitors to unexpected pages. If you are striving to develop trusting relationships in the industry, check out the recommendations for working in advertising networks. You can start by reviewing the IAB guidelines for site quality assurance.

There are many ways to monetize content for mobile devices that provide a high level of user experience without removing your site from search results. Use them.

Viruses that are embedded in the website code and redirect visitors who came to your resource from search engines (the so-called search redirect) have become widespread. Those. a user goes to your site and is redirected to another location.

It is extremely difficult to detect such a virus. Only if you yourself regularly go to your site from search engines. Because When you visit the site normally, this virus does not manifest itself in any way.

Mobile redirect

Similar to a search redirect, this virus is embedded in the files of your website, but it redirects only those visitors who accessed your website using mobile devices (phones, tablets, etc.). This virus steals all your mobile traffic.

You can only detect it if you regularly access your website using different devices.


Where do these viruses infiltrate?

In most cases, to the .htaccess file (htaccess redirect);
- into the site’s configuration files, which are included on all pages;
- into js files (scripts) - both “local” and externally connected;

Removing such viruses is usually not very difficult. The most important thing is to detect and neutralize them in time, so as not to lose search or mobile traffic!


Potential victims

According to statistics, most cases of virus infection occur on sites created on the basis of ready-made control systems, for example, DLE, WordPress, Joomla, etc. Attackers know all the potentially dangerous places in these systems if the site owner neglects the security settings. Self-written systems can also be infected if there are errors in the settings.

Also at risk are sites hosted on shared hosting, where dozens of other sites are located. Infecting one person with viruses can lead to infection of everyone else.

In addition, third-party js scripts that you include on your site (i.e. those that are loaded from another site) pose a danger.

How do you know if a site has a search or mobile redirect?

monitorus will instantly notify you (by email, SMS message and other methods, including on social networks) that a search or mobile redirect has been detected on your website.

We will regularly access your website using different devices (mobile and desktop PCs), from different search engines, and different browsers. Go through the pages and check for redirects.

Forewarned is forearmed!
You can quickly neutralize the virus and restore traffic flow.


We will provide:

Regular monitoring of your website for search or mobile redirects;

Instant notification (up to 30 different contacts) in case of detection;

Free

Set your site to monitor for redirects:

Free test period - check the quality of our services!

Important: in order to put your site to monitor the presence of a redirect, you need to put your site under a scan with the type “Checking the site for viruses and presence in different databases” - it is in this check that the monitoring search and mobile redirect. And besides this, in the same check, you will have access to (at no additional charge):
- full site scan for viruses.
- monitoring the Roskomnadzor register for the presence of your site in it.
- monitoring of blacklists, antiviruses, Yandex and Google databases.