Identifying a Negative SEO Attack
I am not going to get into too much detail here. Suffice it to say if you are not using ahrefs and majestic to monitor link velocity and link types, AND updating your link disavowals regularly, go here and read this first. In any event, when you check your site’s new links daily, and see a huge spike in things like forum blog comments, and directories, you can pretty much bet that one of your competitors, or an NSE (“Negative Search Extortionist”) has hit you on purpose using negative SEO.
In a nutshell, these extortionists have reverse engineered the Google algorithm(s) based upon the knowledge that Google will issue keyword and webspamming filters on to websites that Google suspects of spamming for ranking manipulation purposes. A hacker, or NSE is the broker, or “go between” who can help SEO companies and your competitors to build the types of links that Google punishes. The ultimate goal with NSEO is to get your site dropped in rank, or even de-indexed.
This frees up one of the 10 available organic search result slots on page one of Google for the latest SEO company trying to justify charging a duped lawyer $2,000 plus per month for basically nothing. Whereas before (pre April 2012) people paid money to get their website links placed into or onto pages of these automated linkbuilding types of Scrapebox, and Xrumer exploitable sites, now domain owners are now actually paying to get their links removed from these sites. In fact, as will be shown below, Google now punishes sites that look like they paid for, or built “bad links” on purpose, in an “un natural” way (whatever that is – it’s all totally “subjective”.)
Google says it is not a “penalty,” but an algorithmic filter. Congress and the president also said Obamacare wasn’t supposed to be “treated as a tax for purposes of this legislation,” but once it was no longer legislation and was the law, the SCOTUS said it looked, walked and talked like a duck. What matters is what it pans out to be. In this case, it has the same effect as a penalty. It hurts you. That’s all you need to know.
Google SERPS Are Not Dynamic Like they Used To Be?
Back in the day, Google would move sites up or down, almost immediately, based upon smart changes to your site. This was called “dynamic” updating. But now, if your legal website gets hit with this “filter,” we have seen periods of up to a year before Google acts to remove the filter, and only after you have Orca’d the site, or completely cleaned it up.
The effect of the filter is to push your site down in the SERPS in an un-natural way even after you have ended the “un-natural” issues both on and off site. This is evinced by the most recent Penguin update of 2014. It took actually over a year for that to update, and there is still a negative SEO issue, especially for sites that had been algorithmically, and not manually penalized.
During these long, languishing periods, consumers and law firms will certainly be adversely affected by not so excellent Google search results being returned due to improved negative SEO spamming techniques, such as bad code injections into WordPress exploitable sites. Because of this “Penguin” and “Panda” turbulence, and constant testing, many veteran Googlers are taking a fresh look at other search engines for sometimes much better results than are being returned presently under the current Google configurations targeting linkbuilders (Source.)
Types of Link Extortion Post Penguin 2012 – Covert and Overt
There are full blown, overt link extortion networks, such as those criminals who will threaten you that you must pay for protection, “or else,” or those who pretend that it was you OR SOMEONE YOU PAID who added the links, and therefore, you must pay to have these caustic links that appeared overnight removed, and pay a protection fee to assure it won’t happen again, to the more covert, such as trojan horses and Word Press malicious code site injections, etc.
Today, we will be discussing injection and overt link extortion. Note that not all NSEO is for extortion purposes.
Some NSEO, such as site code injections, is designed to destroy the sending and receiving site’s rankings and trust, while parasitically benefiting temporarily, a site receiving the parasitic links, such as a porn, Cialis, or gambling site, and even your site temporarily, until the filter kicks in. Once Google has whacked that mole, and your site, it usually moves on to the next poorly defended site(s).
The NSEO Issues We Will Discuss Today
These two types of NSEO exploits are the ones our law firm has had to deal with these past few weeks, so we figured we would try inter alia, to answer some questions about the messed up state of the law in the area of negative SEO, copyright enforcement and some ideas for dealing with in particularly nasty and unfriendly host countries.
In this article, we will also take a look at some examples, explanations, and some ideas for taking down caustic links, extortion networks, and other NSEO friendly hosts hiding within the borders of lawless countries. We will also ask the simple question. Why can’t Google just discount bad links instead of “filtering” a site to be lower in ranking.
The Google White List
We certainly know that Google White Lists certain websites it likes, and basically protects them from these types of NSEO attacks, leaving their rankings in place. We also know there is a major anti trust case in Europe over this type of favoritism. Unless you’re in tight with Google, your only way to defeat NSEO is get educated and get busy. Now that we have covered all that, let’s get down to brass tacks.
Ok Ok So I have Identified a Huge Un Natural Link Spike Pointing to my Legal Website – Big Deal – Google Says that “Rarely Works” Right?
Context and semantics are key when trying to unravel the often vague, ambiguous and subjective Google TOS and their statements from their representatives. The statement and official position by Google that negative SEO is rare GENERALLY speaking, is not really a myth or dishonest.
Think about it, Google is not being dishonest when it says NSEO is rare. There are millions of search results for a given search term, such as “personal injury attorney,” for example. So yes, in a vacuum, NSEO is rare since hackers and extortionists rarely build caustic links to results not on page 1 or 2. It would be interesting to see some official numbers on negative link building to first 20 organic listings on Google.
There are only ten organic slots on the first page of Google. And I am here to tell you that NSEO is taking place 100% of the time everyday on the first page results of Google. It is NOT RARE for sites lucky enough to have ended up on page one for a particularly competitive search term, such as “car accident attorney,” for example.
A Short History – Slowly Opening the Negative SEO Floodgates
As seen below in this snippet from Marie Haynes, basically, as Google clamped down on “spammers,” it inadvertently opened the flood gates for negative SEO extortionists. This all started when it slowly changed its policies, first in 2003, and then more drastically, in about March of 2012, a month or so before the release of excellent results killer, Google Penguin.
Prior to January of 2003, Google had a page on their site that said the following, “There is nothing a competitor can do to harm your ranking or have your site removed from our index. ”
And then in 2003, they changed the wording to say, “There is almost nothing a competitor can do to harm your ranking….”
Then, in March of 2012, about a month before Penguin, Google made a new, shocking announcement to everyone, that it would now be even easier to exploit a well ranking site’s results, stating:
Google works hard to prevent other webmasters from being able to harm your ranking or have your site removed from our index. If you’re concerned about another site linking to yours, we suggest contacting the webmaster of the site in question. Google aggregates and organizes information published on the web; we don’t control the content of these pages.
Initially, only a few trained experts, such as SEO By The Sea’s, Bill Slawski, really understood the relationship between positive and negative SEO. Few if any NSEO experts existed, but there were some guys out there who were using it in heavily competitive industries. No doubt, there surely had to be some former Google employees and now SEO people, who were aware of the direction Google was headed in making it easier for a third party to tank a site’s rankings, under the auspices of making the internet a “better place.”
Certainly there were winners and losers in the ranking shake up of April 2012. The Happy Times were over. Indian directories, in particular, were crushed by Penguin. People were, and still are begging and paying to have their automated links removed. In many cases, links had been built to businesses for one reason or another that had nothing to do with trying to rank. But Google may not have seen it that way.
The ultimate effect of the Google policy and Penguin changes, is that now, not just a few people understand how to exploit NSEO, everyone does. Those Indian directories are now adding businesses and demanding payment to remove the bad links, and they are hosting their sites in outlaw countries who will NEVER take your links down in some cases. Matt Cutts was even saying it might be better to trash your website if you don’t like the results post Penguin (Source.)
The Evolution of NSEO Vulnerability
As evinced by the evolution of the Google TOS and official positions on NSEO, this a commonly known vulnerability and has undergone 3 evolutions in terms of ease to hackers. The search engine giant admits that it has become easier over time for your detractors to do NSEO and tank your “competitive” site.
The evolution went from:
- “it’s not possible” (pre 2003);
- “it’s possible” (2003) (2012.)
- “works hard to prevent” NSEO (2012.)
I am also here to tell you that regardless of your domain history, a huge link spike, or any other indicator, even if these trickling links are disavowed quickly, can tank your attorney website. If for example, Google is in the middle of a Penguin algo update, and you don’t disavow in time, or some other switch was thrown in the Hummingbird that says you did “evil,” your site could tank. Google has created no domain blacklist of attacking sites, or safe harbor database to protect us from bad sites. If it has we don’t know about it)
We know for example, on the last Penguin update, Google said that unless you had already uploaded a disavow file, any new ones would not be considered in that update. It took more than a year for that update. So it is really quite easy to spam someone’s site with NSEO and since Penguin is not updating regularly, you are basically screwed.
As a result, site owners are spending time and money they would have used for PPC campaigns, to monitor caustic links, and for reputation clean up and link removal. If NSEO hacks knew that Google had released a published list of sites they ignore, NSEO hacks would realize that few would pay them to remove the bad links. PROBLEM SOLVED, at least some of it.
Non Google Options at Identifying NSEO and Caustic Spam
Web Of Trust is creating a black-list of link disavowal files. Hopefully someone at Google will at least give its blessing and tell us site owners that we don’t have to worry about these links hurting us or not. In the meantime, staying on page one of Google is more about fighting off bad links than gaining good ones. It is simply too hard to build good links in a fashion that could overwhelm any sustained attack.
Under detente with the former Soviet Union, the U.S., NATO and the Warsaw Pact had all agreed that an attack on one would be an attack on and by all, and that there would be Mutually Assured Destruction, or MAD, of both sides. It is easy to envision a day where sites on page one of Google are launching cyber attacks against eachother. My contention is that day is already here and has been so in a big way since April of 2012.
As a result we are sure to see a mutually assured destruction of eachother’s sites when we who are on page 1 start seeing a steady flow of caustic links to our sites. We will all just assume it is another site on page 1, and respond like with like. It is the natural state of man to seek revenge. I believe that now more than ever, Penguin and negative SEO is the tempest in the teapot that could revitalize Yahoo! and Bing and turn Google into another Excite. It was not too long ago after all that Google leased its algo to Yahoo! when Yahoo! was the king.
Furthermore, it is NOT rare to see NSEO on page one sites, as discussed. In fact, recent studies conducted by the same experts I would now hire to help me prove causation and damages shows that with around $50 bucks, or maybe less, you can tank just about any site on page 1 of Google (Source 1, Source 2.) There are many many more examples online.
Things to Do Right Now If You Were Attacked!
Immediately, you must:
- Create Link Disavow File, and PRAY TO GOD that Google doesn’t blame the link spike on you. My belief is, that even more than anchor text, Google is looking at velocity, and punishing the ranking of sites that get links blasted to them in a short period (Click Here.)
- Report the Spam Domain Farms, or other attack device as Spam (Click Here.) Your ONLY prayer is to disavow those caustic links as you find them, and try and create a public record, perhaps in the Google Help Forum about your problem (See Example Here.)
- Contact Web-O-Trust.Org and upload your url blacklists.
- Report any NSEO extortionists on the Google Help Forum and try and get a Google Employee to escalate the matter. (See Example Here.)
- Try and Use a DMCA Takedown. This assumes they scraped your site AND that the host is not in an anti DMCA country like Canada, France, Vietnam, or the Netherlands, etc.
- Report Bogus Whois data to the Domain Reseller. Most of the time these sites use bogus addresses and numbers and don’t want to spend $ to do a private registration. Report them to the reseller. Often times that domain network will get taken down.
Nitty Gritty – Example of a Negative SEO Attack
In the below example, you see an ahrefs Jpeg that indicates a huge spike of hundreds of links all added overnight, starting around April of 2015. You will note as we explore further, that the spike is from links to our law firm website from identical PHP directories, all containing the same content and domain owner. Of course each one of these mirror sites also has a remove link feature for the paltry sum of about $700 U.S. dollars.
In the spike shown in above example, these links are from inter alia, the following low quality directory spam sites:
reflinkwebsolutions.com aprotrain-aptech.comsmartechexpo.com lexingtontechnologyforum.com techforpro.com webstudionis.comcomputech-ics.com kittechetc.com datawebex.com ballbugweb.com dayalhitech.com fajrweb.com webprodoctors.comitsoft-technology.com projectechonevada.com elationwebmarketing.com latinowebcafe.com mywebsiteprofits.com techlink24.com weblogicspecialist.com webplier.com webeandome.com hightechhobby.com graggseo.com meisentech.com web4academy.com opensysweb.com mrstubbsweb.com ideabiotech.com cleantechpro.com webme-usa.com woodstonewebworks.com webs4him.com transcreationweb.com creailtuoweb.com aztechsupply.com technocontext.com systx-web.com
The NSEO Extortionist Reply Email
“Greetings, We can remove these links at cost of $7 per link… Are you interested?”
Of course, each one of the directories shoots back the same response. So I responded with more or less, hey, I did not add these, you did. Why should I pay $700 plus dollars to you?
On Sunday, April 5, 2015 3:55 AM, Rajat Sharma <firstname.lastname@example.org> wrote:
No Safe Harbor – Notice Notice
Another Example of an OVH Hosted Hacked Site
In the above examples, you will see what many cynical people call Google’s “best friend.” When Google really unleashed Negative SEO in around March of 2012, a new industry arose and Pay Per Click spends quickly rose. All you had to do now was to create enough bogus links to your competitor, and there would be a chance that you could tank his site.
Google won since the only way old schoolers could rank was PPC, and NSEO guys and hackers all cleaned up. You saw clean domains with zero link history blowing everyone else away, even those who had an established online presence for sometimes 20 years [POOF]. But you quickly saw those newer, “clean” sites could also be hammered and dropped off of page one as well, with just a few well placed bad links.
Modernly, just as quickly as you report the attack to Google, or disavow it, another one pops up like “whack a mole.” These hackers are creative as well. They know that porn is one thing Google targets as potential spam. So if a hacker can inject your template into a site with porn links and foul language, preferably one hosted by OVH, the victim is pretty much helpless, at least that is our personal experience. How do I know?
It happened to me. Our firm website’s home page template was hijacked/ and injected/placed onto several OVH hosted sites. These host sites had been exploited with malicious code and injected with porn terms that are linked back to our business website. Well, I have reported this French hospital site several times to OVH, since they have obviously been hacked, and also are hosting my stolen template. Take a look at this! http://loireadd.org/smuggler/trade-wife-pics-forum-kwik/ This particular site below, is also listed as having been hacked in the SERPS by Google itself.
As you can see below, this is the template of www.ehlinelaw.com, but in has been injected into a website in France for some hospital. Nasty language was superimposed on the template, along with silly pictures. Clearly a pro is trying to tank my site. You can even see that they have copied verbatim, my home page content, which can have the effect of diluting its value and making it “duplicate”content, risking us a penalty or de index. BELOW IS OUR LAW FIRM TEMPLATE HIJACKED ONTO PORNO with Links to Us:
Google Even Deindexed the Site and STILL OVH France Has Done Nothing
I personally sent several complaints to OVH France AND Canada over this hack. When they refused to contact their client, or take down the hacked site, I went ahead and filed a DMCA Takedown with Google. Below is the screenshot proving that Google deindexed the site’s results for those pages:
It is standard policy for Google to notify hosts when their results are deindexed due to copyright infringements. But here, as you can see, OVH France has done nothing about this. And don’t think you are out of the woods yet. Google still follows links from no followed/no indexed pages on sites. This means you are potentially still being penalized for the bad acts of the NSEO hacker whether the pernicious site is deindexed or not. Getting the content and links removed is the only sure way to know that threat is ended.
Identifying/Contacting a Negative SEO Extortionist
In our last example, loireadd.org, the only option is to pray the site owner doesn’t want a hack to remain on his site. But I have sent faxes, emails and even tried to call the domain owner in France, with zero success. I even traced them to Facebook and Twitter and used the Google Translate Tool to try and initiate a chat. So as you can see, especially with the French or French Canadians, unless there is cooperation at the host or reseller level, this is a tough cookie.
In the above example, it is much more difficult to identify the source of the attack, other than the site that was injected. These are usually fire and forget attacks and the reward for the spammer is seeing you fail. Identifying the extortionist who wants money is easy. Just email them or look on their site. Sometimes they will actually email you! Usually there is a link to paypal to remove the link. (One might also consider complaining to Paypal.)
In my case, I simply typed in the spammers fake internet name listed on the whois data, and voila, he showed up right there in the Google Help Forum as an SEO “Extortionist!” (Link)
Example of Negative SEO Extortionist Terms and Conditions
In the above example, you see that the NSEO extortionist uses the same exact content and terms of service on each of his 400 plus websites that all use the same listings and templates in the same order. He also uses bogus Indian whois data, and bogus phone numbers that ring to nowhere.
I note that this particular site is owned by AKC Web Tech. Apparently, it is Savita and Arvandh Singh of India, own apparently own this network of OVH Canada hosted spam sites. They responded to a Google Plus chat and said they do not own these sites. Each of these spam sites all use the same exact templates and content. Many of them are brand new domains, or ones that recently expired. Each use the same:
Note: “For Link removal we charge $7 for each link”
Not convinced, check out this email chain with the negative SEO Spammer I had.
Check out this brazen response.
So anyways, this guy is slick and he sends me an attachment with a Google Mail acct and a Vietnam IP address, and implies that it was me who added these BS links to his BS directories. Check this out.
After emailing back and forth, and reading reports by other businesses, I realized quickly that the end game here is pay this guy off, or risk Google taking down my url. Of course, as you read on, you will see there is more than one way to skin a cat.
In any event, I blame Google for this. Google created this type of caustic SEO environment, and my PPC spend is now being used to deal with this NSEO extortion. This whole Penguin disaster just reversed the game from spammers selling links, to businesses paying spammers to have them removed, which is far more lucrative to Indian churn and burn companies anyways.
Suing Google for an injunction to get the bogus gmail acct taken down might help. After all, clearly this is a case of stolen identity. But how hard is it to set up another one and keep on trucking? Not hard at all. But yeah, there is a definite crime of identity theft here.
The NSEO spammer is setting up BS gmail accounts using our domains and my actual Christian name, as the acct titles. Obviously Google could easily look at this and assume it is the legitimate business owner [me] trying to spam. This could easily prompt the filter and hurt my legit business, which is what the NSEO spammer wants. See the tangled web that NSEO has created for Google and everyone else? Business owners are in a state of perpetual attack and uncertainty. There is no end in sight.
Dealing with a Negative SEO Extortionist
When a domain owner who polices his site is confronted by a negative SEO extortionist, he or she is usually left with only a few solutions. None of them are easy. None of them give you back your lost time and treasure in dealing with the miscreants who caused the problem.With Google never giving a clear statement as to what is, or is not spam, all we can do is brace for the algorithm when a third party deliberately sculpts our linking profiles in order to hurt us.
Here is how to deal with this as discussed above:
- Create Link Disavow File (Click Here.)
- Report the Spam Domain Farms (Click Here.)
- Contact Web-O-Trust.Org and upload your url blacklists.
- Report any NSEO extortionists on the Google Help Forum. (See Example Here.)
- Try and Use a DMCA Takedown.
- Report Bogus Whois data to the Domain Reseller.
- Of course you can always pay the extortion fee.
Option 7 is no option for me. All solutions and their likely or not so likely successes will be discussed here. My first thought is to see if the offending site scraped my content. If so, I am thinking DMCA. But most NSEO spammers figured this out, and now seek a “safe haven host.” One of the biggest alleged hosts of spam, based upon what we have seen online, is OVH in France. Indeed, almost all of our problems emanate from OVH hosted domains.
The OVH Refusal to Honor My Copyright Problem
The first thing you will want to do when you have identified an attack, is to get on who.is and try and find out as much info as you can about the site owner and host. As discussed, 9 times out of 10, the whois data is a lie. So next is to look at the IP address of the host and see who it is. If it is a U.S. company, AND the negative SEO site scraped your content, then you may be able to get the content removed along with the bad links.
But most NSEO guys figured this out, so they try and host on their version of the internet’s Afghanistan. They already have their own Taliban waiting for them with open arms, and cheap hosting to hide behind as they drop bombs on businesses and families.
What do I mean? Well, all of us with sites pretty much realize by now that European companies in the Netherlands, and especially OVH France and their Canadian branch, OVH Canada, routinely ignore U.S. copyright law (Source.) In fact, a cursory search of black hat forums, and even higher quality forums will show several threads directing hackers to hosts that won’t enforce victim’s rights without a court order. Some countries like Vietnam would probably not even let a lawsuit against a host to get to the court order stage.
OVH comes up as the solution to many many hackers who are tired of getting de hosted. OVH has been called a friend to Wikileaks, and has been embroiled in multiple legal problems. Negative SEO spammers, porn and other illegal criminals flock to hosts that do not police their networks. In fact, multiple reports of porn and link spamming on the OVH networks by yours truly, go unresolved to this day.
Even when Google has honored DMCA requests and deindexed entire OVH hosted domains, I have never seen any OVH hosted site get taken down by OVH itself. This means that OVH has apparently made itself as safe haven for unsavory types, and that you, as a victim are on your own when you have a problem with a site hosted by that company. Of course, you can always hire a French, or Canadian French attorney, and institute a legal action. This is next on our list. We at Circle of Legal Trust are creating partnerships with overseas lawyers to assist our members in forcing spam hosts to honor our universal legal rights.
But enough of that for now. Let’s discuss dealing with the issue at hand.
Posts by Michael Ehline
- PR, Social Media, Content Marketing & SEO – A World of Rapid Changes
- How Will Google's EU Fines Affect PPC Bids?
- EU Slaps Google with More Antitrust Allegations
- Google Lawyers Up Over Extensive Probe
- Fight Between EU and Google Just Warming Up
- Tech Lobbying Money a Troubling Trend
- Google Seeks Self Driving Car Safety Exemption
- The "Right to be Forgotten" and Legal Precedent
- Gmail a Potential Security Minefield
- Fight Between Google and EU Just Warming Up