08.03.07

IIS Flaw Causes Google duplicate content

Posted in Microsoft, web design, SEO, Other Search Engines, Google at 1:10 pm

I have a new site that our company is working on. I noticed that in google all of a sudden we have all of our pages listed in Google with very weird things added to our URLs.

http://www.mysite.com/(A(XobqNFPtxwEkAAAAMzk3ZTU
4NzQtZGFjZS00OGUxLWExYzYtZDBiYjc1Mzg1N2YwP7fq1em0HKYJ5
vYMP8lm4NCf3241))/subdirectory/Default.aspx

I found out that this works on any IIS server. Even on www.microsoft.com. I have no idea what this is. I do know it is a bad thing for SEO and any site hosted on IIS needs to address this. This goes back to what I say about site architecture. Your site needs to have a URL policy set up and enforced. Nobody can go to any page unless that URL is already known to the site owner. This means no page can be access from 2 or more differnt urls. The site owner needs to redirect any rogue URL to the correct one and 404 anything you can’t predict. What this does is create duplicate content that the search engines do not like and can even hurt a sites rankings.

From my testing I found that it follows rules. (A(this-is_a-test) The capital A can be any capital letter but will not work with lower case letters. You can put that inbetween any 2 forward slashes in a URL on IIS. Here are some tests using www.microsoft.com

You can do this on any IIS website from what I can see. I even got it to work on myspace.

http://www.myspace.com/(A(asdfa-123))/Modules/Search/Pages/Search.
aspx?t=208,&q=related:www.microsoft.com/default.aspx

Technorati Tags: microsoft, IIS vulnerability, Google

Permalink