In that article, I wrote about how such hacks work and how cyber-criminals can use this hard-to-detect attack to hijack search results of compromised sites. You can also find a short review of a real “rel=canonical” attack that affected quite a few websites.
As always, I wrote about tools and techniques that can help you diagnose hacks that try to make Google think that your site has moved to a new domain name. Unfortunately, at this point no tools that I know of specifically check for rogue “rel=canonical” instructions. However, more universal file integrity monitoring solutions can be really efficient as they will inform about any unexpected modifications.
You can read the full article on StopBadware blog.
To help webmasters diagnose rel=canonical hacks, I’ve added a new feature to my Unmask Parasites tool. Now if a web page contains a rel=canonical instruction that points to a page on a different domain, you will see the following warning in an Unmask Parasites report.
While it is perfectly normal to have rel=canonical pointing to a different domain (for mirror sites and for sites that are in the process of moving to a new domain), I still find it very important to notify webmasters about such instructions as they can help reveal both SEO and security problems that can be easily overlooked otherwise.