Recently, rustybrick at SEO Roundtable mentioned that some publishers are selling links, but then adding cloaked nofollows. That is: The links appear to “follow” and pass page rank to normal visitors, but say “nofollow” to Google.
Clearly, this sort of “nofollow” is lessens the value to advertisers who think they are paying for the both link juice and traffic, but get traffic only.
This type of cloaking is fairly easy to do. But, I want to warn any ninja bloggers out there: it’s also it’s easy to catch! 
How can advertisers detect cloaked no follows?
There are two ways: One is quick, and will often work; the second takes more time, but is more effective.
Here’s how:
- Visit pages using User Agent Switcher and Search Status:
Search Status makes “nofollow” links easy to detect by highlighting them in pink. User Agent Switcher lets switch your “user agent” to “Googlebot” and surf the web seeing it the way the Googlebot does (at least usually.)Used together, you should be able to catch most publishers who cloak to show “nofollows” only to the Googlebot. If you use both, you will usually see all cloaked nofollows will be shown in pink when you set your user agent to Googlebot. They will not be pink when you set your user agent to default.
Unfortunately, this method is not foolproof, because a) Spam plugins like Bad Behavior will notice you aren’t really the Googlebot and refuse to show you the pages. This is an entirely legitimate way for a publisher to protect their page. b) Some “clever” publishers may cloak by detecting IP in addition to user agent. This could foil detection using the User Agent Switcher.
Luckily, you can always rely on method 2:
- Check cached page at Google: Periodically, while the your contract is in place, visit Google and check the cached copy of all pages with paid links. Obviously, if the Googlebot is shown “nofollows”, it will cache a page containing nofollows. So, this method is foolproof.
Will I be writing a cloaking plugin?
I’m tempted to write a cloaking extension to NoOldSpamLinks plugin. It would be great for traffic. But, I’ve decided against it.
I’m all for letting bloggers control their nofollows. I think bloggers should be able to do whatever they prefer with their links within the law and contractual obligation.
But, I’m afraid I can’t bring myself to help bloggers show “follows” to advertisers who pay for them, and “nofollows” to Google. If you want to sell “nofollow” links, negotiate that with the advertiser; then show the nofollows to both the public and Google. If you as a blogger want to cloak to show nofollow to Google, and “follow” to your paying customers, I’m not telling you how to do it!
I would really rewrite the useragent part of the article as it sounds … childish. No offense but a real cloaker will add nofollow using the header X-Robots-Tag, recently added by Google, hence undetectable.
Just had to mention this.
What if you serve the header tags only to google bot??? I posted something on my site. Check it out.
It’s pointless. I’m talking about HTTP headers not the HEAD tag in HTML. Check the page linked under my name and see what I mean!
Also check this to see the HTTP headers your site outputs:
http://www.vipsem.com/cgi-bin/http-header-viewer.pl?url=http://money.bigbucksblogger.com/
Good luck.
You could warn about this trick on your post and provide a valid (not nofollow) link to me
Still I like this new trick as I’m not keen on link exchange and maybe it will decrease a bit in the future and get sites to fight from the same level.
Individual links will not work. Any change in HTML will be visible. You simply lock everything … but considering the value of the link exchange pages it will be no loss for the evil haxor.
I assume by default that blogs have nofollow so I did not check
This can not be done securely in .htaccess. You need a dynamic page so you can add the headers. I’m not sure if you can add Xtended headers in .htaccess but, even if you did, you will not be able to know which is or is not googlebot except by user agent which is unreliable. IF you add all google ip ranges in htaccess, that will be a lot of ip ranges. Not viable solution.
! So … no htaccess. PHP, ASP and so on.
My site blocks the evil bots too bot my website is my own custom job. Self made so I got more control over it
error 500 actually send the http error and the spoof get nothing. not nofollow , nothing! http error.
For a HTML site .htaccess can be combined with PHP to alter Robots tag based on URL and no changes would be needed to HTML files.
Let’s say you get a client who has a site in html. 1000+ pages split in 5 directories. And you need to put nofollow on one directory.
if you have .htaccess control you can pass requests to that directory though only 1 php file and first feed the new headers and then send the original page by reading it and dumping it. so you do not have to edit all the file just to block google from parsing them.
you do not have to work on that file you just add the header in php. hope you understood me!
PS: I’m non English player!
Yes. You use this before anything else but after you connect to database so Bot Verifications can be cached.
So : You verify bot like this:
$verifyBot = new eVerifyBot();
$botID = $verifyBot->verifyAgent();
$botValid = ($botID===true) ? true : is_string($botID);
$botValid = false if it’s not real googlebot or yahoo or msn.
You then do what you wish.
header(“X-Robots-Tag: nofollow”);
make sure no headers are sent before. do some testing in different locations at top of blog and see what headers_sent() returns. If it return 0 it’s safe to output headers.
You forget that being included in the Google cache is entirely optional…
I would never swap a link with a non cached page
And I think this is a rule of thumb between link exchangers.
I feel the best solution to this whole mess is for Google to permit us to add a list of paid links on our verified sites through Webmaster Tools. No cache, no cloaking, nothing hidden. One clean transaction with the purchaser resulting in one clean link. One clean transaction with Google resulting in avoiding penalties.
I don’t believe in money for links. I don’t sell or buy. And if I really need many … I spam
This whole trick I mentioned on my site is meant to get one way links from link exchanges.
The paid links is something else and I actually agree with Google on the paid links should not pass link juice policy. Let’s see how many would buy links after the &#@$ hits the fan.
Or Google will nuke them all like it happened in the Florida update when too many websites were leveled compeletely. Back then they were after commerce / affiliate sites. Now they’ll take down link sellers.
We are at Google’s mercy.
[...] Why it is almost always a bad idea to do this. There are other, easier ways, to make it hard for advertisers to see them- but they aren’t truly invisible. You can detect these other ways using the methods described in Two Quick Ways to Detect Cloaked Nofollows. [...]