Hackers might be abusing the Cross-domain Canonical Link Element on your site

Posted on 16. May, 2011 by in Digital Marketing



There are rumours this week that some websites might have seen the canonical link element abused by hackers. This exploitation consists in changing the website that the canonical link element is pointing to so that all the link juice for one site will go into the hacker’s website without the consent of the website owner who would be totally unaware of this.

What is the Canonical Link Element?

In February 2009 Google announced the introduction of the Canonical Link element as an alternative solution for websites with internal duplicate content. This issue is arguably one of the most widespread on the internet. Many sites end up having the same content presented via different ways, sometimes due to a polihirearchical navigation on the site, others due to poor configuration from the content management systems, and most likely caused by the need of some business to present the same content to different markets.

Before the introduction of the Canonical Link Element some sites were unable to fix the internal duplicate content issues, so the news of a possible solution were incredibly well received.

On the 17th December 2009 Google announced a further enhancement to the canonical link element, the cross-domain rel=”canonical” which enabled site owners to handle duplicate content issues across multiple domains. For instance, if you had different sites with the same content www.example1.com, www.example2.com, www.example3.com with the new cross-domain canonical link element you can now specify that your preferred version is www.example.com therefore all the SEO strenght will be passed on to your chosen canonical version, and the rest of the sites would no longer be seen as duplicate sites.

How can the canonical link element be abused?

Entering into the details of how this canonical link element might have detrimental effects. The reality is that technically it is possible for a hacker to abuse the cross-domain rel=”canonical”, and change the URL that this code is providing to a site of the hacker’s choice. In this way, all your sites with the cross domain canonical link element might be passing all their link value to a hacker’s site without you even noticing.

Bigmouthmedia has not come across any particular instances yet, but there some very early reports of this problem on the web.

 If you are using the cross-domain canonical link element, I highly recommend you do the following:

  1. Ensure that your site is verified with the Google Webmaster Console. Google has internal tools to help website owners detecting malicious code on your site.
  2. Check how your site is seen by the Googlebot or any other search engine robots
  3. Get a Technical SEO expert from Bigmouthmedia to do a sanity check on your site

One key learning from me is that we should really avoid Internal Duplicate content issues between your different sites. This will prevent you from having to use the cross-domain canonical link element and in return you will have no risk of hackers abusing this part of your site.

Tags: ,