Poorly Coded Site Search can Kill Your Rankings
Usually when a developer thinks of bad code affecting search rankings, they think in terms of how poorly written HTML will bonk SERPs. A search engine will get over a table in your HTML, probably even a broken link. It will snicker at your inclusion of the keywords meta-tag and move on, happy to keep you indexed and ranked based on your other redeeming factors.
But like all relationships, there are lines you can’t cross without getting dumped, and leaving yourself open to a xxx site littering your site with links is a sure way to make Google question your relationship. Sites will get hacked and exploited (here’s an interesting lotek way to keep an eye out for shenanigans on your site). But having a lame password or unsecure blog version aren’t the only ways you can leave yourself vulnerable to link injection attacks.
Developers are intelligent and proud, a combination which sometimes leads them down a bad path- building it themselves. If your developer tells you he or she wants to code their own site search, give them the same look as if they just told you they were going to build their own helicopter. Even people who do this for a living have a tough time getting it right (go to a .NET site with search powered by Lucene, type * in the search box and watch the application crashy goodness). And I wouldn’t trust open source either – people who know what they are doing read though change logs to find past vulnerabilities that have been fixed, then just do some searching for the lazy people who haven’t updated.
Writing your own site search is just asking for it.
See the problem, if a site search is willing to say “Your search for asdfghjk yielded no results”, it might be willing to make a url like www.thissiteisjustaskingforit.com/search?query=asdfghjk, and it just might be willing to say “Your search for <a href=’http://www.OhGodMyEyesHowDoIUnseeSomething.com’>Spammy Keyword</a>”. And you’ve just added another link to a blackhat SEO’s list of conquests at the cost of your site’s reputation. And while Google might be hip to such tactics, Bing and Yahoo are a little like Winnipeg way out in middle of the Canadian prairies – a little behind the times in terms of the latest Paris fashions.
Old news, common sense site security, no one would do that.
But they would – I was forwarded a link for a site made by local company for a fair sized project, sponsored by a farm of logos at the bottom of the page, featured in the local media. When I searched for something, I noticed the search term in the url. For giggles, I threw a blink tag around my search term, and there it displayed, in all it’s horrific blinking glory, a hole waiting for it’s opportunity to rob the site of seo value, or worse, a message from Google like this:
We’ll review the site. If we find that it’s no longer in violation of our Webmaster Guidelines, we’ll reinclude the site in our index. Please allow several weeks for the reconsideration request.
Why not see if there’s something out there you can use and see if you can get ChromeOS on your netbook if you’re looking for a hobby project.