To Catch a Spammer: Uncovering Negative SEO |
To Catch a Spammer: Uncovering Negative SEO Posted: 31 Jul 2012 03:05 PM PDT Posted by russvirante This post was originally in YouMoz, and was promoted to the main blog because it provides great value and interest to our community. The author's views are entirely his or her own and may not reflect the views of SEOmoz, Inc. Google recently updated its claims regarding the ability of other webmasters to affect your rankings via negative SEO. While questions about the efficacy of negative SEO continue to exist, it does not seem to be slowing down the growth of what is arguably the most contemptible part of the search industry. On July 9th, a good friend of mine reached out to me with a problem. As a very risk-averse webmaster, he constantly plunges into the numbers, especially anchor text diversity, in order to make sure his site is as penalty-proof as possible. The latest updated data in SEOmoz's MozScape revealed a massive shift towards anchor text over optimization for several primary terms. It took only a few minutes to identify the culprit. Diagnosing the Damage The first step was to dig down into all the link data to identify just how deep the damage was. We downloaded all the links available on SEOmoz, MajesticSEO and AHrefs to make sure that we had every possible outlet covered. It didn't look good. On a primary keyword, the number of unique linking domains with exact anchor text went up 20x in a matter of two days. Below is an example of one of the spam posts.
Now the leg work began of identifying as many negative links as possible. But this is when it got interesting. We were able to quickly identify that there were several sites involved in the attack. Wait, what? Did you just read what I read? Distilled, the venerable white-hat SEO company was being attacked along side several bingo sites and an insurance liability website. This was too interesting to give up. At that point, I knew my day was shot. Footprints, Footprints, Footprints Let me go ahead and get this out - if you are thinking about doing negative SEO and are not a regular practitioner of black hat SEO, you are going to get caught. Sorry, but you just haven't thought it through enough to cover your tracks. What follows is a perfect example of that. After digging through several of the XRumer spammed backlinks, most hitting up old .cgi guestbooks and bulletin boards, I noticed a handful of sitewide links coming from poor quality blogs. My first instinct was that these were from hacked sites.
But something was different about these. Normally hackers hide their links in the posts with display:none tags so that the webmasters never actually see the bad links. It is a very effective strategy, but in this case they were fully exposed. So I checked another site that seemed to follow the same pattern.
In this example, the links were included in a post. It is very strange for a "hack" to follow such different patterns, sometimes dropping links sitewide and other times just in posts. So, it was time to investigate these anomalies. Off to one of my favorite sites, DomainTools. For some reason, people still think that private registration is enough to cover all your tracks. Sure, it helps if you register a new domain and establish private registration at the point of acquiring the domain, but if at any point in your history you had accurate domain registration data, we can get to it. Anyone can. Using the DomainTools Registration History, we were able to track down the original registrant email address to info@-------.com A Quick Note on Outing As you have no doubt noticed so far in this post, I am not going to out the perps. We know the motive, and we know the likely perpetrator, but I can't prove that the parent company knew of the actions, nor even that the SEOs responsible for their accounts were aware of the actions taken on their behalf. I will not allow myself to be responsible for the downfall of a company that may have merely been ignorant rather than malicious, and I certainly won't open myself up to false flag attacks. That being said, the likely culprits are members of this community, and I believe they have much to lose if they continue in their ways. I can't prevent you all from connecting the dots, but I won't paint the picture myself. So, back to the Investigation. Now that we had a domain, we had a strong position from which to catapult our investigation. We quickly turned the domain into a twitter account, a twitter account into a link building company out of India. Aside from Distilled, a seemingly random business liability website was lumped into the attack. We were able to determine that the likely culprit owned a site which competes directly with this business liability insurance site. But we were stuck, until my good friend came through and did a quick analysis of the perpetrator's follow list on Twitter.
After a cursory look, he was able to identify a stinging indictment. Of the 41 individuals the likely culprit was following on Twitter, two worked for a direct competitor of the targeted bingo sites, one of which was the CEO of the company and the other the head of Web Marketing. He also followed Distilled, perhaps waiting to see how they responded when the attack was revealed.
This isn't quite the smoking gun yet, though, because the connection is not reciprocal. It is a strong indication, but not a nail in the coffin so to speak. But, alas, twitter is only one social media site. After digging deeper and deeper, we were able to find direct conversations of a personal, non-business, nature between the head of Web Marketing for the competitor sites and the likely culprit on Google+.
Of course, this still only shows a link. But, as if the icing on the cake couldn't get any thicker, here is a nice comment the Director of Web Marketing left on a post about negative SEO just a few weeks ago. As you notice, he is contemplating Google's updated statement that negative SEO is possible. Seriously, could you make this any easier?
So, what exactly does the evidence tell us...
What do we not know?
The Aftermath If you are a victim of negative SEO, there are a handful of steps you simply have to tag to prevent potential damage to your site.
The Good News At least at the moment, it appears that the negative SEO attack has been as effective as their ability to cover it up. For the time being, none of the sites appear to have been dramatically impacted by the campaign. However, with looming updates to Penguin, there is no telling. The best bet for any SEO is to stay on top of their backlinks, watching closely to make sure nothing nefarious makes its way into your profile. Editor's Note After the author wrote this post, Google announced a way to download your most recent links in Google Webmaster Tools that could prove very useful in this situation. Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don't have time to hunt down but want to read! |
You are subscribed to email updates from SEOmoz Daily SEO Blog To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 20 West Kinzie, Chicago IL USA 60610 |