When you’re winning in lucrative or extremely competitive niches, you should expect negative SEO attacks on your brand. We’d not advocate undertaking an attack, but all businesses should be prepared to defend against them or risk a massive drop in visibility when the inevitable happens.
Here is a list of common negative SEO attacks to be wary of:
The 404 attack
A common negative SEO attack involves running up a vast number of 404 errors on a client’s websites in a very short amount of time:
The attacker creates links to pages on your site that don’t exist. When Google follows these links, they’re met with a 404 page. If this is done to scale (literally in the tens of thousands) then your site tends to be dropped from Google’s index pretty quickly.
This is effective because the attack gives the illusion to search engines that you aren’t properly managing your content.
To combat this, we need to configure our server to return something other than a 404, but only to those that requests that we believe to be a part of the attack.
Luckily, whenever something like this is done to scale, there’s normally an identifiable pattern in the URLs of the pages being requested, and we can have the site serve a 410 “Gone Forever” header response in order to start to reduce the number of 404s being requested.
During this process, it becomes important to monitor and keep on top of the “Crawl Errors” report in Google Search Console (formerly Webmaster Tools).
The Link Spam attack
One of the first things we check when rankings plummet is for a spike in the number of backlinks and/or referring domains being reported by link intelligence tools like Majestic.
We’re looking for a sudden influx of links, often on a single date in close proximity to the drop off in traffic.
The sudden burst in unnatural looking links makes Google think you’re trying to game the system, and you’ll either fall foul of Penguin or receive a “manual” penalty notice directly to your Google Search Console account.
Because once again, this attack relies on a volume approach, it’s fairly easy to identify and combat. Use Majestic to generate a report of the links in the spike and look for patterns. You might notice that all links share:
- The same target page on your site
- The same anchor text
- Elements of the same source URLs after the root domain
- Similar Trust Flow (TF) – Majestic’s score 0 – 100 on how trust worthy a given site is
Once you’re satisfied that you’ve found all the suspect links, add them to your disavow file at domain level, in order that Google discount them against your link profile.
The disavow tool can be found in your Search Console account.
As an added level of protection, you can file a spam report to Google, letting them know which sites are hosting the suspect links.
Anchor Text Over-optimisation
This attack resembles the above, but will make use of extremely repetitive anchor text as well, which gives the appearance that you are over-optimising your most profitable keywords.
Again, once you’ve found all the links, you should add them to your disavow file, and file spam reports against the domains hosting the links.
Fake link removal requests
We have seen fake link removal requests circulated targeting our gaming clients since the very first penguin release, when attackers hoped that the popularity of link removal emails would allow theirs to slip through with little or no scrutiny from the website owner.
The attacker identifies your best links, then emails them, posing as either yourself or your SEO agency. The email asks that their link to you is removed immediately because of a penalty. The webmaster panics and removes the link, fearing that they’ll be penalised for unnatural “outbound” linking.
Regular audits and monitoring of your “lost” links using Majestic is the best strategy to combat this, ensuring that you investigate any missing links straight away, before Google start to drop your rankings.
Redirect a penalised domain
Once webmasters realised that redirects did not prevent a link penalty from being passed to a new domain, they started redirecting their penalised domains to point to their competitors.
Luckily, this is fairly easy to remedy, as Majestic will report on redirected links in the same way as any others, allowing you to disavow them swiftly.
Canonical redirect a penalised domain
Whilst I’ve not seen this work in a live environment first hand, it’s certainly possible, and advocates of negative SEO have talked openly about its effectiveness in Black Hat eBooks.
The method is simple, your content and website design is copied, complete with canonical tags, and then spam links are built into it. Google honour the canonical tag and transfer the link equity (or in this case, penalty) through to your site.
There are a two ways to try and verify if this is the attack being used on your site.
- Some link intelligence tools will tag the inbound link as a canonical redirect.
- You can use Google to search for duplicate versions of your content, and check the canonical tag manually, as well as the site’s backlinks.
Fake Parameter Attack
This attack works in a very similar way to the 404 error attack. The idea is that links are set up across a number of sites pointing to existing URLs on your site, but with fake parameters affixed to them.
For instance, www.example.com/genuine-url?spammy-parameter-including-questionable-keywords
This attack works for two reasons. Firstly, it creates duplicate versions of your pages, which can see your website fall short of algorithmic penalties like Google Panda, and secondly, the keywords cause relevancy issues.
Because these pages will often return a 200 response (i.e. resolve normally) there are treated as legitimate pages, and as with a lot of attacks, prevention is easier than trying to find a cure.
The best way to combat this kind of attack is to ensure that the pages you want to rank are canonicalised using the canonical attribute in the <head> of your page:
This tag ensures that only the canonical version of the page can rank, and any garbage parameters affixed to the end, ignored. Secondly, you might ensure that any parameters (aside from those you actually need) trigger a meta robots “noindex” tag to prevent indexation.
Lastly, if you have fallen foul, in addition to the above, you can exclude specific parameters in webmaster tools:
This one is pretty hard to combat, but generally, the attack works by manipulating Google’s auto suggestion by adding “scam” or “fraud” to the end of your brand name.
There’s not a huge amount you can do to prevent this from happening, but you might try and rank some “positive” content for the scam terms that are starting to appear.
Aside from searching Google yourself, you can diagnose this attack by checking your queries / impressions in Webmaster Tools, and keeping an eye out for anything that doesn’t look right:
Hacking takes many forms. When it comes to hacking for SEO, most won’t be looking to damage your rankings, but rather, build their own. Hackers hide links in your content in order to leverage your website’s hard-earned authority, and pass it onto their own websites. Sometimes, they even create hundreds of new pages with relevant on-page copy in order to make the links look more “natural”.
The danger is, of course, that if these links or pages are discovered, then you run the risk of having your website penalised, or you could potentially receive the “this website may be hacked” message next to every one of your search results.
That said, no matter the intent, when your rankings are at risk, it’s best to be prepared. The best form of defence against hacking is to keep on top of updates for your website, use some form of double authentication for users, and to keep an eye out for notifications in WMT so any vulnerabilities are identified quickly and easily:
If you think you might have been the victim of a negative SEO attack, then contact Receptional Digital Marketing Agency whose penalty recovery experts will be on hand to assist.