Here Are Two Quick Ways to Catch Cloaked Nofollows
Recently, rustybrick at SEO Roundtable mentioned that some publishers are selling links, but then adding cloaked nofollows. That is: The links appear to “follow” and pass page rank to normal visitors, but say “nofollow” to Google.
Clearly, this sort of “nofollow” is lessens the value to advertisers who think they are paying for the both link juice and traffic, but get traffic only.
This type of cloaking is fairly easy to do. But, I want to warn any ninja bloggers out there: it’s also it’s easy to catch! 
How can advertisers detect cloaked no follows?
There are two ways: One is quick, and will often work; the second takes more time, but is more effective.
Here’s how:
- Visit pages using User Agent Switcher and Search Status:
Search Status makes “nofollow” links easy to detect by highlighting them in pink. User Agent Switcher lets switch your “user agent” to “Googlebot” and surf the web seeing it the way the Googlebot does (at least usually.)Used together, you should be able to catch most publishers who cloak to show “nofollows” only to the Googlebot. If you use both, you will usually see all cloaked nofollows will be shown in pink when you set your user agent to Googlebot. They will not be pink when you set your user agent to default.
Unfortunately, this method is not foolproof, because a) Spam plugins like Bad Behavior will notice you aren’t really the Googlebot and refuse to show you the pages. This is an entirely legitimate way for a publisher to protect their page. b) Some “clever” publishers may cloak by detecting IP in addition to user agent. This could foil detection using the User Agent Switcher.
Luckily, you can always rely on method 2:
- Check cached page at Google: Periodically, while the your contract is in place, visit Google and check the cached copy of all pages with paid links. Obviously, if the Googlebot is shown “nofollows”, it will cache a page containing nofollows. So, this method is foolproof.
Will I be writing a cloaking plugin?
I’m tempted to write a cloaking extension to NoOldSpamLinks plugin. It would be great for traffic. But, I’ve decided against it.
I’m all for letting bloggers control their nofollows. I think bloggers should be able to do whatever they prefer with their links within the law and contractual obligation.
But, I’m afraid I can’t bring myself to help bloggers show “follows” to advertisers who pay for them, and “nofollows” to Google. If you want to sell “nofollow” links, negotiate that with the advertiser; then show the nofollows to both the public and Google. If you as a blogger want to cloak to show nofollow to Google, and “follow” to your paying customers, I’m not telling you how to do it!
Related Posts:
- Useless Link Detector: Is it useful?
- How To Cloak Nofollows on Individual WordPress Articles
- Seven Ways to Drive Web Traffic: Wall Street Journal
- Optimize Wordpress for Search: No more sercret duplicate content!
Comments
20 Responses to “Here Are Two Quick Ways to Catch Cloaked Nofollows”
Leave a Reply
I would really rewrite the useragent part of the article as it sounds … childish. No offense but a real cloaker will add nofollow using the header X-Robots-Tag, recently added by Google, hence undetectable.
Just had to mention this.
Verify bots. How is using nofollow in the header tags undetectable? Header tags can be read by people and robots.
What if you serve the header tags only to google bot??? I posted something on my site. Check it out.
If you only display headers to the googlebot, they can be detected when you visit the page using the google user agent and check the page out. Of course that might not work if– for reasons I explained above.
Then you visit the cached page. The headers show there in the cached version. Google will cache what it you show it — including headers. Go look.
Google can keep adding whatever they like. The Firefox extension will keep being upgraded to show any and all nofollows. If the nofollows are in metatags the whole page shows a blaze of pink links.
It’s pointless. I’m talking about HTTP headers not the HEAD tag in HTML. Check the page linked under my name and see what I mean!
Also check this to see the HTTP headers your site outputs:
http://www.vipsem.com/cgi-bin/http-header-viewer.pl?url=http://money.bigbucksblogger.com/
Good luck.
I see what you mean. I was thinking the older meta tags (the ones you refer to in your article about proper link exchanges.)
I’m not rewriting, primarily because there will be a group of “not real” cloakers out there who will be trying to only cloak the subset of paid links that are on sponsored posts while still passing link juice to their friends, and the sites they like.
But yes, advertisers are going to have to watch out for this way too.
You could warn about this trick on your post and provide a valid (not nofollow) link to me
Still I like this new trick as I’m not keen on link exchange and maybe it will decrease a bit in the future and get sites to fight from the same level.
Well… you already have 3 valid “follow links”. This is a dofollow blog. Come back and take a look.
I will be blogging about the new trick and giving you an in post link– but I need to digest a bit about precisely how the trick is fully implemented. I read your php verification bit, Bad Behavior already does that at my blog. I can’t view my blog as the google bot because of this.
Do you have links that explain the rewriting serving of the headers bit in htacess. (I suck at htaccess.)
I will blog about the trick you describe though.
Out of curiosity, can you nofollow individual links this way? Or are you forced to no-follow every link on the page. (I think I know the answer.. but hey! Better to ask. I anticipate loads of paid posters will greatly prefer cloaking and nofollowing link-by-link for a variety of reasons.)
Individual links will not work. Any change in HTML will be visible. You simply lock everything … but considering the value of the link exchange pages it will be no loss for the evil haxor.
I assume by default that blogs have nofollow so I did not check
This can not be done securely in .htaccess. You need a dynamic page so you can add the headers. I’m not sure if you can add Xtended headers in .htaccess but, even if you did, you will not be able to know which is or is not googlebot except by user agent which is unreliable. IF you add all google ip ranges in htaccess, that will be a lot of ip ranges. Not viable solution.
! So … no htaccess. PHP, ASP and so on.
My site blocks the evil bots too bot my website is my own custom job. Self made so I got more control over it
Most blogs are nofollow by default. But there are lots that use dofollow plugins to alter that.
The reason I asked about the .htacess is on one of you blogs you say:
“For a HTML site .htaccess can be combined with PHP to alter Robots tag based on URL and no changes would be needed to HTML files.” So, that confused me.
Anyway, I think I understand what you are saying:
Run the php verification code before everything. Verify the search engine (or not) Deliver the appropriate header. Then the whole page is nofollow (or not).
This will cloak and you can’t detect it the way I describe.
However, it won’t be what lots of paid bloggers want to do. What many will often want to do is only cloak the individual paid links in the paid post. Many want to give links to their friends etc. (Or maybe I’m wrong. Maybe they want to cheat everyone!)
error 500 actually send the http error and the spoof get nothing. not nofollow , nothing! http error.
For a HTML site .htaccess can be combined with PHP to alter Robots tag based on URL and no changes would be needed to HTML files.
Let’s say you get a client who has a site in html. 1000+ pages split in 5 directories. And you need to put nofollow on one directory.
if you have .htaccess control you can pass requests to that directory though only 1 php file and first feed the new headers and then send the original page by reading it and dumping it. so you do not have to edit all the file just to block google from parsing them.
you do not have to work on that file you just add the header in php. hope you understood me!
PS: I’m non English player!
Very good on the English.
I think I understood about how .htacess is involved. I also understand about the error 500.
But, I’m anticipating many of those wanting to cloak will be bloggers because many paid services are for bloggers now.
So, on cloaking in a blog– stick the ‘bot verification header right at the top of the blog as it’s loading, and rewrite the headers there, right?
I’m trying to think if there is a way for Wordpress bloggers to easily cloak just the sponsored posts. After all, generally speaking blogger like to give links to posts they like!
Yes. You use this before anything else but after you connect to database so Bot Verifications can be cached.
So : You verify bot like this:
$verifyBot = new eVerifyBot();
$botID = $verifyBot->verifyAgent();
$botValid = ($botID===true) ? true : is_string($botID);
$botValid = false if it’s not real googlebot or yahoo or msn.
You then do what you wish.
header(”X-Robots-Tag: nofollow”);
make sure no headers are sent before. do some testing in different locations at top of blog and see what headers_sent() returns. If it return 0 it’s safe to output headers.
You forget that being included in the Google cache is entirely optional…
I would never swap a link with a non cached page
And I think this is a rule of thumb between link exchangers.
I feel the best solution to this whole mess is for Google to permit us to add a list of paid links on our verified sites through Webmaster Tools. No cache, no cloaking, nothing hidden. One clean transaction with the purchaser resulting in one clean link. One clean transaction with Google resulting in avoiding penalties.
I don’t believe in money for links. I don’t sell or buy. And if I really need many … I spam
This whole trick I mentioned on my site is meant to get one way links from link exchanges.
The paid links is something else and I actually agree with Google on the paid links should not pass link juice policy. Let’s see how many would buy links after the &#@$ hits the fan.
@Vince– I’m not forgetting that you don’t have to cache. But I did forget to mention: If someone doesn’t cache, be very suspicious about paying for links.
There are big services selling links now. A lot of people are going to want to sell links and hide them.
@Nooblimal. Some people will still buy links for traffic, but they’d like the link juice too. Also, many link sellers are going to give the link juice. Google is going to fail on that.
Or Google will nuke them all like it happened in the Florida update when too many websites were leveled compeletely. Back then they were after commerce / affiliate sites. Now they’ll take down link sellers.
We are at Google’s mercy.
[…] Why it is almost always a bad idea to do this. There are other, easier ways, to make it hard for advertisers to see them– but they aren’t truly invisible. You can detect these other ways using the methods described in Two Quick Ways to Detect Cloaked Nofollows. […]