Name and Shame Secret Cloaking Website

12
June 20, 2008 // Internet News

Just over a month ago I decided to start looking at click tracking using heat maps. Heat maps track the mouse movements and clicks on a page which can help with usability. I found a free one here http://www.labsmedia.com/clickheat/index.html by someones recommendation. The install was easy and the data started pouring in. Now I kept this running for a good month before deciding to remove the code from my site. The data was useful and I was grateful to the site by providing good content – right? Well not at all unfortunatly, as I decided to look at the code “through the eyes of a search engine” using SEO Browser I noticed something odd.

Hacka

As you can see there was a link appearing to the search engines, now sometimes I get a bit of flack for having a short term memory but I would remember adding a link at the top of my own blog right? So to investigate further I looked at the site, no visible text.

hackab

So I obviously checked the source code too, nothing visible either.

So looking at the source through Plesk I located the header file for the blog where I had originally included the tracking code and to my surprise a little piece of code had appeared!

hackaa

This was swiftly deleted with stern presses of my keyboard. I looked at other websites I had once used this tracking for and sure enough a succession of hidden links popped up, most IT related or Russian links.

I do warn people not to use these guys at all costs. I consider myself lucky that I wasn’t penalized by the search engines for this even though it was not my fault. I think I was more annoyed that I had been leaking link juice to these random websites for a period of time!

The other side of the coin suggests this method is obviously working for them and it was not detected by Google at all – guess the guys at the “Big G” should download a copy and try it out lol!




Matt Ridout

About the author

My name is Matt Ridout, I've been working in digital marketing for 9 years; worked for agencies and currently Head of SEO at fashion startup called Farfetch. Try to test my own theories.

12 Comments

  1. Pingback: 5 Heatmap Site Analytics Solutions | SEO Scoop

  2. Oh, those dirty, sneaky spammers. I’ve removed them from my list of heat map providers over on SEO Scoop. Good catch. Sure glad you noticed before you got penalized.

  3. Thanks Donna – I wouldn’t be surprised if their other tools contained the same

  4. Hidden code like that really gives a lot of people heartburn. It would be really great if there was a way to completely, and confidently, block junk like that from happening.

  5. Outrageous! I know that blackhat can be a bit dodgy but this is just, well, rude!!

    Good job for catching it!

  6. Pingback: obzervant» » Using Click Heatmaps to Optimize Web Design

  7. I’ve looked into this a bit further. It looks like the Javascript snippet required to use Clickheat simply has a tag which includes a link back to the Clickheat website with some keywords like “SEO” “Marketing”, etc. A bit sneaky, but simply removing the content in the tag seems to eliminate the problem.

    After removing the code I checked my website on seo-browser.com and it appears to be working fine.

    ~Jared

  8. Pingback: Heatmaps, hot or not? | www.paulolyslager.com

  9. Jared: Nice work!

    Would you be able to let us all know which JS file and which lines you removed so that we can all benefit from this?

  10. @Andrew
    When the tracking code is generated for you, it ads a link within noscript containers. Just delete the entire noscript line before you save it to the site (just above the closing body tag) and the ‘hidden’ link won’t appear on the site.

    If you’re bored and want to take it a step further and ensure that it never gets generated in the 1st place, take a look around lines 234 to 248 of the /js/admin.js file. There’s a list of links defined within linkList, which are randomly called within the else statement.

  11. Thanks Lenwood – some useful info

  12. Hello guys,

    I’m the one from Labsmedia who set this up. I know it’s not «cool» and so on, but remember that this tool and the support is free, and if you know what you do, you know how to remove those «so fucking annoying links». Here’s how: just remove the whole text starting by to the . And that all, no harm done.

    But I must say that there has never, and will never be some strange links to strange site. There is ONLY links to labsmedia.com, so if you have something else, then blame the one who installed the software/send you the zip file.

    We don’t do bad things as it’s written here: if you really analyze our javascript code, you CAN’T find any «it faq» or Russian links. And you can have a look at all the releases on SourceForge.net, you won’t find any of these.

    Note that almost every free tracking tool (except Google’s one, as they don’t need any more credits, do they?) has a tag, with a link to their website.

Leave a Comment