I’ve had a lot of fun recently reading this post by Michael Gray a.k.a. Graywolf – to be honest I always enjoy his rants, whatever they are about. Whatever it is he’s writing about, you know he really means it and some stuff he comes up with is totally hilarious.
Anyways back to Digg. If you’ve been living under a rock, I’ll have you know that it has killed off all external links recently and when you click the link from the submitted post to a site you get taken to a framed page that has the infamous Digg toolbar on top and the target site’s content below it. In the code of the page it looks like this:
<iframe id="diggiFrame" name="diggiFrame" noresize="noresize" Β src="http://www.your-target-site.com" frameborder="0"></iframe>
Well so, that’s your XSS done backwards – pretty much. Not you hacking into an authority site but the authority site hijacking your content. Michael goes on to suggest it can be still used as parasite hosting – but TBH, I’ve yet to see a single one of those Digg short url pages indexed or better yet ranking in Google. The submission pages at Digg do get indexed as well as ever before – but the short URLs are kinda hmm… I have checked the submission page code to see what causes it and found this:
<a href="http://www.your-target-site.com" class="offsite ct-lifestyle" rel="dc:source,[your short URL]" property="dc:title" target="_blank" onclick="gotoLink('12021587');">Your Submission Title</a>
The link to the actual submitted site page is cloaked – only hoomins get there but not the Googlebot. Of course this effectively prevents Google from indexing the short URL – without Digg being too explicit about it, like stating it in its (terribly formatted) robots file or inserting stupid nofollows nobody really cares about etc.
But Graywolf, being Graywolf, as skilled as he is in all the darker-than-white arts and exploits, couldn’t have failed to notice this bit. I see people accusing him of shite in that post’s comments – but I believe he has a reason to post what he has posted. I do honestly thing Michael has a plot to get Digg banned – and here’s the bit that proves it, his list of steps to follow to “abuse” it:
- Set yourself up with a nice spammy lander page and submit it to digg, like this (http://digg.com/d1kRNK)
- It doesnβt matter if it get voted, up, down, sideways, or even gets buried
- Go get yourself some links, beg, borrow, steal, do whatever it takes
- Buy links, lots of links, quality is irrelevant, you want massive quantities (you do know that paid crappy links work differently when pointed at trusted sites right?).
- Sit back and wait for rankings to come, and collect your affiliate checks
(The italicising is mine to draw your attention to these points.)
A site linking to spammy pages / bad neighborhood? A site with purchased links, especially such that look like they have a “stab me I’m a paid link” sign on their back? All of the above done en masse? If this does not look like a recipe to get Digg banned by Google then I don’t know what does. (Sorry Michael if you intended to keep this secret plot secret, it was just too hilarious for me not to post about it).
But we also know that Graywolf is known for critisizing Google, right? I don’t know any questionable innovation from Google that he has not posted about and exposed its evil nature. So, I also believe that he is feeding Google its own poison: you like authority sites? you don’t like paid links? Eat your own sh#t then!
Hilarious beyond measure.
The hilarious thing is digg use the ‘canonical’ tag to try and give juice to the story submitted but I’m 99% sure that only works internally.
one to watch I think!
xentech – indeed canonical doesn’t work cross site π so who is Digg fooling π
It’s genius! But yeah, the canonical tag won’t work – Digg’s not stupid, they’re old enough to know that iframing other people’s content isn’t cool.
Looks like Digg smartened up and applied the noindex meta tag, no more abusing Digg for fun and profit it seems.
well not really – the tag they have in place is
< meta name = "robots" content = "noindex, follow" / >– notice the “follow” bit π
Yeah, looking into further it does still offer a nice opportunity, albeit in a different way outlined Michaels initial post. π
Well, there’s another point to solve here. If you don’t want Digg’s to navigation to work, all you should do is to put the following script in your header:
if (top.location.href != self.location.href)
top.location.href = self.location.href;
That will remove the Digg header from your site and might force Digg to change its tactics
mugile – yea true that – and this should generally help against anybody’s attempts to frame your site which I see being done quite some (although not quite as much as it used to be done a few years back)