≡ Menu

IIS Flaw Causes Google duplicate content

I have a new site that our company is working on. I noticed that in google all of a sudden we have all of our pages listed in Google with very weird things added to our URLs.

http://www.mysite.com/(A(XobqNFPtxwEkAAAAMzk3ZTU
4NzQtZGFjZS00OGUxLWExYzYtZDBiYjc1Mzg1N2YwP7fq1em0HKYJ5
vYMP8lm4NCf3241))/subdirectory/Default.aspx

I found out that this works on any IIS server. Even on www.microsoft.com. I have no idea what this is. I do know it is a bad thing for SEO and any site hosted on IIS needs to address this. This goes back to what I say about site architecture. Your site needs to have a URL policy set up and enforced. Nobody can go to any page unless that URL is already known to the site owner. This means no page can be access from 2 or more differnt urls. The site owner needs to redirect any rogue URL to the correct one and 404 anything you can’t predict. What this does is create duplicate content that the search engines do not like and can even hurt a sites rankings.

From my testing I found that it follows rules. (A(this-is_a-test) The capital A can be any capital letter but will not work with lower case letters. You can put that inbetween any 2 forward slashes in a URL on IIS. Here are some tests using www.microsoft.com

Works

(A(asdfa-123))

(A(asdfa-sdf))

(C(asdfasdf))

(A(asdfA_123))

Does not work

(c(asdfasdf))

(())

(Z()a)

(A(#$%))

(1(asdfasdf))

((A(asdfa-sdf)))

You can do this on any IIS website from what I can see. I even got it to work on myspace.

http://www.myspace.com/(A(asdfa-123))/Modules/Search/Pages/Search.
aspx?t=208,&q=related:www.microsoft.com/default.aspx

[tags]microsoft, IIS vulnerability, Google [/tags]

{ 4 comments… add one }

  • Eliena Andrews August 9, 2007, 10:30 am

    i guess microsoft is scared of this flaw, have you reported this to Bill Gates ?

    Eliena Andrews

  • Custom Software Consulting February 27, 2008, 12:52 pm

    Yes, bill gates should know about this immediately!

  • Horsham Web Designer December 14, 2008, 8:47 am

    IIS not working right? Shocking! I’ll be sticking with Apache all the way!

  • Tyler - Accommodation Geneva March 13, 2009, 7:22 am

    Hmmm… very interesting discovery you’ve done… Personnaly I have never noticed it before you said… Just now I googled and found out that it is really so!!! Strange… Nice that you’ve found some explanations to it…

Leave a Comment