Combat Black Hat SEO Infections with SEO Insights

Black hat SEO spam is the plague of the internet, and the big search engines take it seriously.

One of the worst spam tactics on the internet is becoming more common every day – innocent websites hacked, and their best pages begin linking to spam. These black hat SEO spam tactics are fighting for expensive, high-competition keywords like: viagra, payday loans, casino, and lately a lot of high fashion spam.

This is a topic we write about often – it is rampant, after all, but why does it happens, what makes your site such an attractive target, and what are the SEO tools that can help you?

Good SEO Takes Time and Generates Long-term Traffic.

Many website owners invest significant time and resources creating great content and optimizing it for search engines. It can take months or years to build a page to the top of the Search Engine Result Pages (SERP). By the time you get there, search engines will assume that your website has authority and value, and will then pass along some of your rank to the sites you link to, like a vote of confidence.

Therein lies the danger.

Targeting and Infecting Sites For Quick, Cheap SEO.

Attackers build tools specifically targeted to finding vulnerable websites – those with common platforms – which is why it’s so important to update when developers release security patches. Hacker tools can identify which pages have strong rankings (regardless of keywords), or ping Google with the “link” search operator on a site in order to find out which pages have fewer outbound links, allowing the cracker to target the most potent pages. Most of the process is automated, ending with your website, and hundreds like it, unknowingly participating in a link farm that the attacker can sell.

A penny per spammy backlink.
A penny per spammy backlink.
Black Hat SEO Spam Can Be Almost Invisible

Spam backlinks are usually placed in hidden iframes where no one, including the site owner, can see them via a browser. SEO spam looks to abuse the audience you have worked so hard for by generating precious link juice for their respective clients. In some cases, a rule is defined to only show spam links to search engine crawlers!

If you think that your website may be infected, you have a couple of options:

  1. Look at your website the way Google sees it by emulating the Googlebot user-agent.
  2. Leverage the ‘Fetch as Google’ option (found in your Google Search Console).
  3. Try the free SiteCheck website scanner.
  4. Try the free Unmask Parasites website scanner.
Search Engine Results Are What Google Sees

Sometimes, the hack goes a step further. To make the spam links seem relevant, they add keywords in Title and Description tags. This exposes the spam to users who search for your website:

Typical pharmaceutical SEO poisoning
Typical pharmaceutical SEO poisoning

In this case, new tags were added to posts that included the target keyword:

Post tags/categories add to the impact
Post tags/categories add to the impact

This one even created entire posts stuffed with keywords. Note that the top-level domain is .co.uk, and yet the keywords used have references to Canada.

New posts completely stuffed with keywords
New posts completely stuffed with keywords

In the examples above, site owners found out they were hacked only when customers complained. Not only is that embarrassing, but it can harm your website’s online reputation, and if you sell anything on-site, your users might question the security of your checkout process.

Additionally, webspam teams don’t take kindly to pages serving irrelevant links. Remember, blacklist authorities like Google or Bing have built entire companies on serving relevant links, so they have a vested interest in rooting out any site that is accepting payment for backlinks. Right now, your hacked website looks like it fits the bill.

The implications of this could lead to loss in SEO ranking, public notice of possible compromise in the SERP, and can include a blacklisting page when clients visit your website. Each of these contribute to loss in audience, traffic, and / or revenue.

Monitoring and Cleaning Black Hat SEO SPAM Infections

You should have a Google WebMaster Tools account for your site. The Security Issues section will give you a lot of insight if you’ve been hacked. However, since blacklisted sites can lose up to 95% of their organic traffic, most website owners will not want to wait for Google to blacklist them.

In addition, it’s incredibly important to mind your security posture. If you use WordPress, we’ve written extensively about security plugins that can help manage your security, including our own. Alternatively, our paid clients benefit from every day server-side and remote monitoring, plus alerts about SEO poisoning before Google’s blacklists does.

1. Cleaning Infected Tags, Posts, Comments…

You will often find the tags in your CMS appear to be unchanged. Usually your database is infected, making it more difficult for the average user to clean up on their own.

So what can you do?

If you are comfortable modifying your database, you can use PHPMyAdmin or Adminer to search for the spam. At the end of the day, you’ll still need to patch the hole that allowed your database to get infected in the first place. Sometimes updating your CMS, auditing your plugins, and scanning your database will do the trick.

2. Cleaning Up the Search Engine Result Pages

Once you’ve removed the infection, the original Title and Description tags will reappear, but the search results will be cached. Normally it can take days or weeks for Google to recrawl your site. We’ve prepared an exhaustive cheat sheet to help you through the process of clearing that cache and getting your SERPs clean.

To force Google to crawl your site immediately, log into Google Search Console and go to Crawl > Fetch as Google. From here, type the location of your sitemap or individual affected URLs, then click the Reindex button.

If you submit your sitemap, choose the option to Crawl this URL and its direct links – a nice trick to get your whole site done at once.

You can Fetch and Reindex from here
You can Fetch and Reindex from here

Just note that you get a 10-per month quota for crawling the URL and its direct links, and a 500-per month quota for crawling individual URLs.

You can also use the “site” Google Search Operator Guide to show your entire website in Google’s results pages at any time. It’s handy to verify the cleanup.

Accounting for Black Hat SEO SPAM

Websites that require frequent cleaning are usually suffering from SEO Poisoning (SEP) attacks, and have been identified for their high-value pages.

If the site often hosts out-of-date plugins and CMS installations or if the attacker has injected a backdoor, attackers can keep it on their radar for reinfection. With the amount of updating that often needs to be done to a website, from plugins to the CMS, it can be difficult to patch quickly.

A website needs credibility and security to make customers comfortable. Spam can be devastating in that respect. A hacker doesn’t care about the size of your website, so whether you’re just starting out or you’ve got lots of traffic, your site is always at risk.

Learn more about Dirty SEO and Blackhat SEO tactics and their impact to your website.

4 comments
  1. You should really do some basic research first. Blackhat and Hacking are two very different things. What you’re describing is an hacked site, not Blackhat SEO.

    1. What Alycia is talking about is correct. A hacked site is mostly in the hands of the hacker. The hackers use the blackhat seo spam infections to get higher rankings in google. You as a webmaster and your users dont even see the pages. These are cloaked pages only created for the search engines. You will receive a message in your webmaster tool when you are infected with this. Hope this cleared things up

    2. There are some Blackhat SEO’s out there that don’t use hacked sites, but instead build PBN’s to make a link farm. It’s still spam, IMO.

Comments are closed.

You May Also Like