0

I have a website with embedded videos. Each iframe comes from different website. The problem is that some of them, are redirecting my visitors to their assigned destination without actions (click, hover, etc). And now Google is listing my website as suspicious. Is there any php script to track every single exit link from my pages to another website? Let's say i'm using Wordpress and have already created $table_name tracking 1-timestamp, 2-my page that was redirected, and 3-the destination of the external website/domain.

function the_function() {
// if there is any function
}

if ( the_function() == true // or false )
{
$wpdb->insert($table_name, array(
'timestamp' => $timestamp,
'page' => $my_page_redirected_to_a_different_domain,
'destination'=> $destination,
));
}

Or if there is any js script, no problem

Avel
  • 111
  • 1
  • 2
  • 9
  • Consider basics here: PHP can't be call async, so you'll have to use AJAX to track user events. – vard Oct 05 '15 at 13:29
  • I tried a simple Jquery beforeunload, but is tracking all users. I need a kind of script that works only when a page is redirecting to another website without users action – Avel Oct 05 '15 at 17:19
  • You need to track down how those redirections works: are they coming from `header()` in php or in js? – vard Oct 06 '15 at 07:02
  • Well that is the problem. That's why i want to track the page that redirects and how it redirects. I have more than 3000 pages. A month ago i had the same problem but i was lucky to catch the redirection by my self, visiting that page by chance. I have removed that page immediately and after 1 hour Google unlisted my website as suspicious. The redirection is occasionally, most of them depends on users IP. However i think they coming in JS. – Avel Oct 06 '15 at 09:39

1 Answers1

2

There is no way to track down redirects in a general way - you have to trigger an event right before the redirect is processed, so you have to know how this happen.

Why ? Because a JS redirection is processed by the browser and not on the server side - which means the only way to trigger an SQL insert is to know how the redirection is triggered. This is basically what you want to achieve:

enter image description here

What you can do to locate the redirection

  • Search for every occurences of window.location in your JS files - you could search for the URL that you've been redirected too (all your local js files and the external ones you include)
  • Disable (with comments) the external <iframe> you're using. An iframe can do a window.top.location.href to redirect the main page.
  • An other way to redirect the page would be to trigger a click event on a link through JS. I guess by searching for the redirect URL in your js file you could locate that too.
  • Last, if the redirection happens before the page is load, it could a PHP redirection - looking for header calls that redirect to the URL in your php files would catch that.

What can be done when the redirect is found

  1. It's a JS redirection (window.location)

If it's inside a local file, you can just comment it if you want to disable it, if you want to keep it but track it, add this code right before the window.location call (it's jQuery, it will make an AJAX request to /log-redirects.php) :

$.post( "/log-redirects.php", function( data ) {
  // ADD the window.location line here
});

It's really important that you move the window.location call inside the AJAX callback, so the redirection will be made only when the ajax call is finished.

If the redirection happens in an external js, you could not probably do anything besides removing the whole JS file - maybe get the JS file content, remove the redirection and include it locally.

One thing you could try is to add a listener on the beforeunload event - though you'll have to do the correct check on the event object to see if it's the redirection you're looking for, as it'll catch any unload events.

window.addEventListener("beforeunload", function (e) {
  // do something
  return false; // will result to a prompt to the user asking him if he really want to redirect
  // return this only for the redirect you're looking for
});

Please note that this method doesn't seems to be completely reliable.

  1. It's from an <iframe>

You can add the sandbox attribute to the iframe to prevent it to do any redirect. Please note that this attribute is not supported in IE9 and lower.

<iframe src="http://youriframeurl.com/" sandbox=""></iframe>
  1. It's a click event triggered through JS

You can do the same thing as for the first point. You just want to add a listener to the link (using on if it's generated after DOM is load) :

$('a#mylink').on('click', function(e) {
  // do something
  e.preventDefault(); // add this if you want to cancel the redirection
});
  1. It's a header redirection (PHP)

That's an easy case - just add the code you want before the header call.

Conclusion

I suggest to work first with the beforeunload event to track the redirection - doing a console.log(event); could give you some insights on the cause of the redirection.

Good luck!

Community
  • 1
  • 1
vard
  • 4,057
  • 2
  • 26
  • 46
  • That's a great explanation. Thank you very much. Right now i finished an ajax function tracking pages, and ips. Maybe i'm wrong, but if there is a php redirection, i should get servers ip. The server it could be on cloudflare, but i'trying to make it better with all these info that i got from you. `$(document).ready(function(){ $(window).on('beforeunload', function(){ var url = "/log.php"; var data = ({ page: window.location.host + window.location.pathname + window.location.search }); $.ajax({ type: "POST", url: url, data: data }); }); });` – Avel Oct 06 '15 at 16:25
  • You'll want to add the option `async: false` to the ajax function, or the page will be redirected before the AJAX call had time to finish. – vard Oct 06 '15 at 16:35
  • However, the first thing i tried was the `sandbox=""`. But for some reason some of the videos not displaying. I tried also `sandbox="allow-forms allow-scripts etc etc"` but without success – Avel Oct 06 '15 at 16:37
  • Could you try with `sandbox="allow-forms allow-pointer-lock allow-popups allow-same-origin allow-scripts"` ? That should allow everything except the redirect. – vard Oct 06 '15 at 16:39
  • Yes i did, not working neither. All i see is a black screen. I knew there is an option `allowscriptaccess="sameDomain"`, and i though this was the issue. But when i checked their js players some of them had `allowscriptaccess="always"` but still not working, same black screen. – Avel Oct 06 '15 at 16:57
  • I see. May I ask from what website you try to include videos? Is it Youtube? – vard Oct 06 '15 at 17:07
  • Youtube included. But there is no problems with YT videos. The content on my web is all obtained automatically. I mean videos are gathered by automated spiders. That's why i cannot track the videos that are redirecting my pages. – Avel Oct 06 '15 at 17:21
  • Well yes the YT videos shouldn't do anything like that. Did you tried to track the `beforeunload` event? I suggest to serialize the `event` object and send it to your script to get more details. – vard Oct 06 '15 at 17:23
  • What i think to do, is tracking the timestamp, IP and page of visitors. Basically, i will write a script, tracking when visitor comes and when leaves. One db_table tracking even events IPs (entering and leaving) and another db_table tracking odd events IPs , leaving visitors (using `beforeunload` event). Theoretically a visitor comes and leaves, but a php redirect only leaves and i should get a single IP event: leaving. So all i have to do is checking the db_table containing odd events. This is the only solution that i think i can do so far i know coding :) – Avel Oct 06 '15 at 17:54