• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Spamdexing: What is SEO spam and how do I get rid of it?

Spamdexing: What is SEO Spam and How to Remove It

February 10, 2020Art Martori

FacebookTwitterSubscribe

Editorial: This post was last updated October 18th, 2022.

Contents:

  • What is SEO spam?
  • What’s the purpose of SEO spam?
  • What are the types of SEO spam?
  • How to find and fix SEO spam
  • How to protect your site from SEO spam

What is SEO spam?

If you’re wondering what is SEO spam, a good way to gain an understanding is finding this wily beast in the wild. In your favorite browser, search with the terms buy viagra cialis. (You might want to check over your shoulder first.)

Now, without clicking anything, scroll through the results. Doesn’t it seem odd that seemingly non-pharmaceutical websites are advertising these medications?

Example of Spamdexing

You’ve just spotted a few likely examples of spamdexing, where innocent websites have been hacked and injected with keywords intended to lure traffic to bad actors’ scams. These guys aren’t actually in the male enhancement business, they’re infected websites and unwillingly participating in a scam.

What’s the purpose of search engine spam?

Search engine spam is an attempt to manipulate search engine rankings, so traffic is lured to a scam designed by bad actors. To do this, the hackers gain access to a normal, healthy website, and then inject keywords and links to another web property they’ve set up to rip people off.

This practice is known as spamdexing. Victims believe they’re going to a site to buy something like male enhancement drugs (which we just saw), sports gear, or designer accessories — but actually they get scammed.

So, why don’t hackers just create their own websites? Well, they probably wouldn’t have much success. Search engine algorithms are designed to ignore scam websites. That’s why hackers manipulate search engines through spamdexing.

By gaining access to legit websites and injecting links and keywords, bad actors create a path to their scammy web properties. Rather than getting ranked the way most legit websites do, bad actors piggyback off a normal site’s credibility in the eyes of search engines.

What types of SEO spam are out there?

Turns out, search engine spam can appear even in the last places you’d imagine. We’ve even seen hackers get pretty creative with infecting WordPress websites. But let’s ignore the edge cases for now and instead focus on the most common places you might see spamdexing.

Spammy links

Links are super important to scammers. Otherwise, there wouldn’t be a way to drive traffic to a shady web property. You’d think Viagra shoppers would know better than trying to buy meds from a museum or floral shop (as we saw above), but our own research shows SEO spam remains the number-one type of website infection.

Spammy keywords

Keywords are central to spamdexing. When shady keywords appear in the content of a credible website, search engines assume it’s safe to index the site for those terms. And when people search online — say for male enhancement or other meds, sports gear, essay writing, loan services, (the list gets long…) — results often include scams where they’ll pay for something but never receive it.

Spammy ads

If a hacked website displays banner ads or calls to action (CTAs), hackers can easily replace the content or create new elements in order to drive traffic to their scams. This can be particularly effective, often because these clicks happen once a shopper’s mind is made up. They might not even question why a CTA is displaying where it is.

Spammy posts & pages

For the nuclear option in spamdexing, hackers can create and optimize entire web pages or blog posts dedicated to getting ranked for a spammy search term. This is especially effective when a legit site already has a good search engine ranking, as much of a hacker’s work is already done.

How to find and fix SEO spam

If your site has been infected with search engine spam, it’s critical to act quickly. This isn’t something that’ll eventually fix itself. It isn’t a task you can put off until the time for handling it magically appears.

Every second your website remains infected with SEO spam, you risk serious penalties. You could get blacklisted by search engines, so you don’t show up in their results. Or visitors could go to your site to do business, see the SEO spam, and then leave never to return.

Removing SEO spam can take time, so be proactive with it. Follow these instructions to find and fix SEO spam on your site.

1 – Make a website backup

Having a functional backup that you can restore from can be a lifesaver. Before you make any changes to your website, backup your website files and database.

2 – Run SQL commands to remove unwanted spam posts

After backups have been made for your posts table and other website files, survey your website files and pinpoint the date of the infection. Then, run these SQL commands to remove spam posts found after a certain date.

  1. Log in to WordPress and view your posts.
  2. Determine the common spam content theme.
  3. Open Adminer or phpMyAdmin and take note of your database prefix. (It’s often wp_ unless you have a custom prefix.)
  4. Enter the following SQL command to move spam posts to the trash after a certain date:
UPDATE `wp_posts` SET `post_status` = 'trash' WHERE `post_status` = 'publish' AND `post_type` = 'post' AND `post_date` > '2018/03/08';

3 – Run SQL commands to tidy up postmeta and commentmeta

Now that you’ve gotten rid of the spam posts, you’ll want to clean up your meta tables. Use the following SQL command to remove any post_meta where post_id has been removed.

DELETE FROM `wp_postmeta` WHERE `post_id` NOT IN ( SELECT ID FROM `wp_posts` );

4 – Remove spam comments

If your site has no use for comments or has been littered with spam comments and you want to delete all the comments from your database, this simple query will do the trick:

TRUNCATE TABLE `wp_comments`;
TRUNCATE TABLE `wp_commentmeta`;

You can also opt for our professionals to clean up SEO spam for you. Either way, don’t endure downtime or blocklisting because of hackers. Help make the internet a safer place for everyone.

How can I protect my site from SEO spam?

Spamdexing is always a threat for website owners, but, fortunately, fending off these hackers is mostly a matter of adhering to a few best practices:

Run updates

Plugins or other website applications need updates. Don’t ignore them. Updates often include security patches to keep hackers out. Without those updates, your entire site has a wide-open backdoor for an SEO spam infection.

Create strong passwords

A password like admin123 might be really easy to remember, but, unfortunately, it’s also pretty easy to guess. Make you’re using strong passwords, especially when they’re protecting access to sensitive areas of your site.

Scan regularly

Fixing an SEO spam infection starts with being aware of it. Too often, website owners have no idea they’ve been hacked until penalties happen, such as search engine blacklisting or lost credibility. Just like a medical checkup, it’s smart to run scans on a regular basis.

Get behind a firewall

If you’re serious about preventing a search engine spam infection, a web application firewall (WAF) is an absolute must-have. It protects you by constantly updating definitions of known threats, kind of like a bouncer turning away neighborhood creepers. A WAF will even significantly speed up load times for your site.

FacebookTwitterSubscribe

Categories: Security Education, Website Malware Infections, Website SecurityTags: Hacked Websites, SEO Spam

About Art Martori

Art Martori is Sucuri’s Copywriter who joined the company in 2019. His main responsibilities include developing content to highlight Sucuri’s products and services, and to educate the public about website security. Art’s professional experience covers more than a decade of journalism, creative writing, and marketing. When Art isn’t drafting blog posts or writing web pages, you might find him riding his motorcycle or hunting for new restaurants. Connect with him on LinkedIn.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.