<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

How to stop doorway pages damaging your domain's reputation

Nov 12, 2019 5:16:19 PM / by Naveen Velusamy

unnamed (3)

Introduction

Doorway pages are a great way to improve a website’s SEO ranking.

They’re also a great way to get your domain blocked by major search engines.

So why are they still prevalent? How do they work, and why should you care if your web server hosts them?

That’s what I’ll cover in this article.

What is a Doorway page?

Imagine a web page that ranks highly on search engines for specific keywords, one that can attract millions of viewers, and increase traffic by a thousand percent.

Who doesn’t want that? It’s the goal of anyone selling services, products, or ideas on the web.

Hence, the idea of doorway pages (also known as bridge, entry, gateway, jump, or portal pages), pages that act as a doorway from the search engine results page (SERP) to the doorway pages' links.

However, over the years the practice has become increasingly disreputable, and since 2015 Google penalize keyword-stuffed doorway pages. The reason is clear.

Search engines thrive or dive depending on the usefulness of their results, or rather, the usefulness of the material linked to from the SERP.

Keyword-stuffed pages promise a lot but deliver little.

In some cases, following the links in a doorway page gives you nothing. In many cases, you’ll find yourself watching inappropriate or distasteful content, or downloading malware.

This reflects badly on the search engine, which is why they have changed their policies and algorithms to more accurately represent the nature of the content being indexed.

Why should I care? (I don’t have doorway pages)

Because you may already be hosting doorway pages without your knowledge.

It is not commonly appreciated that your web site can host pages that you can’t see but are still indexable by the major search engines.

Once a search engine discovers a doorway page, it can choose to down-rank everything within the same domain, even when most of the links in the doorway page are to other sites (usually owned by whoever planted the doorway on your site).

Your website can experience a sudden drop in visitor numbers as your site is added to blacklists that inform browsers of unsafe or undesirable content.

Being blacklisted is more than just an administrative inconvenience.

If you rely on traffic to generate revenue, your business can go under in the time it takes to get de-listed from each search engine’s blacklist.

Another problem is that doorway pages are not designed to be read by humans. A doorway page speaks directly to the search engine algorithm.

IM-201911-DoorwayExample
Example of a doorway page

Why doorway pages exist

As I mentioned before, you may be hosting a doorway page without knowing it. And if you didn’t put it there, someone else did.

One of the ways this can happen is an undetected hacking event, where a hacker has gained access to your web server.

Instead of (or as well as) planting malware or backdoors, the hacker can create a simple doorway page to feed traffic from your site to hundreds of others, earning advertising revenue and diverting visitors to possible malware-laden sites.

In doing this, the end-point sites benefit from your domain’s higher search engine ranking.

Here’s an example of a hacked website that was being used to serve a doorway page designed to look like a search engine results page.

IM-201911-DoorwayExampleSERP
SERP Doorway Example

As you can see, this ‘spammy pharmaceutical store’ is hosted on a hacked .org domain, which is fully legitimate. This serves as a back-link from a high-authority domain, which makes Google rank the page higher in its search results.

However, looking at the HTML source for a page like this clearly shows its mischievous intentions.

IM-201911-DoorwayExampleSERPSource
SERP Doorway Example Source

How to detect doorway pages

Not easily. That’s part of the problem.

Some legitimate landing pages might be classed as doorway pages if written by an over-enthusiastic web developer unaware of modern SEO practices or the empirical behavior of search engines.

If we try to define the key characteristics of a doorway page, we might try this.

  • Large numbers of keywords.
  • Large numbers of unrelated links.
  • Many redirections to identical pages from geographically diverse origins.
  • Large numbers of almost-identical pages.

But what is ‘large’? Only the search engine algorithms can answer that question, because there is no commonly-accepted quantifiable description of a doorway page.

How to prevent legitimate landing pages being classified as doorway pages

When developing a website or beginning a marketing campaign, keep in mind how a page might be interpreted by a search engine.

For example, if you have a landing page for a lead generation campaign, it is most likely optimized for specific keywords, and the page has yet to be linked to your website’s main menu.

Pages should use the noindex tag, so they are not included in search engine results.

That signals the search engine to ignore the content. (Don’t forget to remove the tag after you have tweaked the keywords count and linked the page to your main menu.)

For example, to tell search engines to skip the entire page, add a <meta> tag to the header of the page:

<head>
<meta name="robots" content="noindex">
...

Defending against doorway pages and other infections

I began looking at the role of doorway pages after seeing some stats coming from Imunify360, our flagship cybersecurity product.

Recently, there’s been a surge of infection reports showing that doorway pages are making a comeback, with tens of thousands of incidents per day.

IM-201911-IM360Stats
Doorway page infection statistics from Imunify360

Clearly, preventing intrusions means having cybersecurity software in place that can detect and block these attempts, or at least tell you about any suspicious files lurking in your file system, especially new files created by unknown processes.

But what else can you do?

Here’s my top three recommendations for keeping your web server safe.

  1. Watch for changes

    Like malware, doorway pages want to stay hidden, and will be planted in unlikely directories deep within your file system.

    One way to watch for them is to regularly scan your web server’s log files, making sure the web server is configured to keep track of new and changed files. If you have a malware scanner, check your reports page for suspicious HTML files. Here’s how it looks in Imunify360.

    IM-201911-IM360Rep
    Imunify360 Report
  2. Search your own site

    Another method to detect doorway pages in your site is to use the search engines' own indexes.

    For example, Google supports some advanced search options that you can use to monitor your website for doorway pages.

    Entering site:yourwebsite.com into Google’s search bar followed by commonly used spam keywords lets you see whether your web site domain is returning any results for those keywords.

    IM-201911-GoogleSearch
    Google Search Example

    Google also lets you create an alert for any search results. That way, you don’t have to keep repeating the search.

  3. Keep your system up to date

    One of the easiest, cheapest and most effective ways to keep a system secure is to make sure it’s always got the latest patches and updates. That means not only a server’s operating system, but also its applications, databases, CMSes and CMS plugins.

    Make sure you’re signed up for notifications from your software stack’s vendors, or keep track within the applications for any available updates.

Conclusion

I’d thought doorway pages were a crude relic of the past, but I was wrong. Our data shows an increase in infected sites harboring doorway pages, and each domain that hosts them is loosing money and its reputation.

Keeping pace with changes in the cybersecurity landscape is a full-time job—I should know because that’s what I do as part of the Imunify Malware Intelligence Team.

Running a web hosting business is also a full-time job, so it’s no wonder many site owners find their sites compromised by the never ending profusion of malicious software and automated hacking attempts.

It just reminds me that system security can no longer be thought of as a luxury, only needed by banks and super-rich corporations. Now, it’s a business necessity, like staff or a bank account, security is something you can’t run a business without.

 

Topics: website, security, seo, Advice, Analytics

Naveen Velusamy

Written by Naveen Velusamy

Naveen is a Malware Analyst in the Imunify360 antivirus team, researching and investigating malware samples and trends on day-by-day basis. He is a web security researcher, bug hunter, CTF lover and cryptocurrency enthusiast. He also loves gaming and killing time by counting stars.

    Subscribe to Email Updates

    Ready to try Imunify?

    30-DAY TRIAL

    Recent Posts