Cloned Websites Stealing Google Rankings

We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a website using automated scripts, usually with the intention of stealing content or completely cloning the victim’s site. Lately we have been seeing quite a high number of clients affected by these so-called scraper sites. We’ll take a look at this kind of attack in an advanced form that results in the cloned site showing up in search results in place of the original site. These plagiarized sites abuse the way Google ranks content by sending fake organic traffic and by modifying internal backlinks on the cloned website so they no longer point to the victim’s website.

How Search Results Rank Website Content

Search engines want to return the best and most relevant pages in their search results to ensure that users have the best experience and find what they are looking for. As such, pages with the same or similar content on more than one page, or more than one site are not likely to rank high in the search results. One of the factors they take into consideration is the site’s organic traffic performance. This helps determine where that site should be ranked. In addition to many other factors, Google uses redirects to track which results the searcher clicks on within the search engine results page (SERP), and whether the searcher returns to click other results because they did not find what they were looking for.

As per study by Chitika in 2013:

Sites listed on the first Google search results page generate 92% of all traffic from an average search.

It makes sense that any kind of SEO targeting attack aims to get the best results they can within Google Search results can so that their activity can be successful and generate as much revenue as possible, or simply damage the SEO of the targeted website.


Read More

Troubleshooting Mixed Content Warnings with HTTPS

Really-simple-ssl

Much of the web continues to march towards creating secure communications between devices through the use of things like HTTPS/TLS (aka SSL). We've seen Google talk about giving SSL a ranking boost and flagging non-HTTPS websites within the browser (
Read More

SEO Spam Technique Designed to Avoid Detection

colorspam

Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you recall when most sites used clashing colors, font types, and animated gifs? It seems that
Read More

Ask Sucuri: What is an XSS Vulnerability?

XSSVulnerability

Question: What is an XSS vulnerability? Should I be concerned about an XSS vulnerability? XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to
Read More

Ask Sucuri: Differentiate Between Security Firewalls

security firewalls

Question: How should a website owner differentiate between Firewalls? What do they do? The term "firewall" is not new. It is common terminology in the world of technology and security, and possibly common enough that even non-technical people have
Read More

Sucuri Firewall: Free LetsEncrypt SSL Certs for Everyone

04132016_LetsEncrypt_V1r3

Last year we partnered and sponsored the LetsEncrypt initiative. Today we're happy to announce that we have fully integrated with them and we are now offering their free SSL Certificates to all customers who leverage the Sucuri Firewall. We're
Read More

Website Ransomware – CTB-Locker Goes Blockchain

04112016_Ransomeware

During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second most prominent wave of malware that makes money by directly selling "malware r
Read More

Sucuri – 2016 Redesign

sucuridesign

Update: It was an April fools joke, if you did not realize it by now. The site is back in place and the ascii/web3.0 design is still accessible here if you want to see how it looked. A few weeks ago, while enjoying lunch on a bright sunny day in
Read More

Beware of Unverified TLS Certificates in PHP & Python

03302016_Beware

Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your website, or clear your CDN’s cache. The HTTPS protocol is used to secure the connection with
Read More

Hacked Websites Redirect to Porn from PDF / DOC Links

03292016_PornRedirect_v3

We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we’ll tell you about yet another interesting blackhat SEO attack that we’ve been wat
Read More