I have been in the SEO world since 2002. In that time I have optimized well over 300 websites (I stopped keeping track) successfully and then designing and developing SEO software for thousands more to optimize their own website.
Being involved in the SEO world for so long I have come across some pretty crazy techniques and black hat strategies. I have to admit, dishonest people are pretty creative. I guess its easy to be creative when the devil himself is helping you.
From keyword stuffing in the olden days, to hidden text using CSS etc etc. If these people can figure out a way to get something past Google they will try it.
Well I recently took on an SEO client in the finance industry. I could tell right away that something wasn’t right with the SEO. Thousands of pages of unique content and very few search results in Google.
So I started doing some research. In light of all of the recent Google updates I naturally first went to look at their link profile over at Majestic.
Immediately I noticed something strange. A bunch of links were showing up for this finance site that had anchor text for key phrases in the car led light category.
I mean I have seen links from some really non-relavent domains in my day and that kind of thing doesn’t surprise me. But non-relavent anchor text? I struggled to wrap my brain around how my client got all of these led light anchors pointing to his site.
I knew he didn’t do it but who did? And it wasn’t just a few, it was well over 1300 links from different domains.
You have to be really deliberate and calculated to send that many non-relavent links to someones website.
Was this a competitors attempt to get my client banned in Google?
So I dove deeper. The links were all pointing to url’s in a folder called /Bulbs which of course my client knew nothing about said folder.
So I looked closer and that’s when I figured out that these links were not non-relavent links after all. Whoever had done this had created all kinds of content that was relevant to led lights and placed it in this Bulbs folder.
And now they were sending thousands of links to those pages to use the authority of my clients website to rank for led light terms.
But that still sent traffic to my clients website. So these rat holes needed one more step to complete their black hat strategy.
They set up an automatic redirect from every page in that folder so if anyone tried to visit one the Bulbs pages they would immediately get redirected to the website of an led light dealer.
But Google would see this redirect right? They wouldn’t allow any of these hijacked pages to rank for anything right? This is something that is in direct conflict with their webmaster guidelines.
At least I assumed Google would see it and discount all SEO. But as of today they haven’t.
Here is a snapshot from Google analytics for key phrases my client’s website is showing up for in Google’s search results:
These are just the top 10 key phrases. There are 24 more phrases that my clients website shows up for when I do a Google search.
I guess Google isn’t perfect after all. It seems very surprising to me that Google wouldn’t be able to see the immediate redirect happening and totally discount any SEO done to those pages. But there is the proof.
My clients website is showing up in the search results for all of these led lights key phrases and has dropped from many of their rankings that they actually want to rank for.
All of this happened in about 1 month. If we allowed this to go on for 6 more months these guys would be ranking for hundreds if not thousands of car led light phrases.
You can imagine that if they have hijacked 10 websites who all have no idea that this is happening how these guys could end up dominating the search results for months before anyone realized it.
Especially since Google doesn’t like to report most of the key phrases that drive traffic to your website so it may take a long time to see any of the hacked key phrases showing in your analytics.
Too many business owners spend little to no time looking at analytics and might never realize this has happened.
Think about how deviantly brilliant this SEO scam is. These hackers hijack your website, start adding tons of spun content in a folder on your site that you would never know about, and then point thousands of spammy links to this spun content.
If the website actually gets rankings in Google then they reap the traffic with a redirect. If Google decides that the links they have acquired are too spammy and penalizes the website, only the victim of the scam (my client) suffers. The hackers just move on to the next victim and the led light dealer is totally safe from penalty.
These kind of unethical dishonest black hat SEO tactics makes me sick. When I see something like this (especially when it directly affects someone I know) I make it my personal mission to bring these people down.
The worst part of all of this is these guys actually understand how to do good SEO. They understand how to build a natural link profile and clearly they know how to get a website ranking quickly for long tail key phrases. Unfortunately they have decided to use that knowledge to deceive and hurt other legitimate businesses.
So webmasters, I implore you, keep watch on your search traffic in analytics. If you start seeing phrases that make no sense to your website or are totally unrelated, take action fast.
I’ve been hit by this SEO scam. Now what?
1. Update WordPress
The first thing you need to do is update your current version of wordpress. The guys over at wordpress are pretty good about finding security issues and fixing them fast.
2. Update your plugins
Hackers can also get access to your site through some of the plugins you use in wordpress. Make sure all of your active plugins are up to date.
3. Delete Files From Your Website
It looks like these guys just create one folder where all of the spam content is stored. So you can simply login to your ftp account and delete that folder and all of its contents and that should take care of all of the problems on your site.
4. Disavow Your Spam Links
Google now offers a way for any website owner to report any unwanted links so they don’t count for you or against you. It is their disavow links tool. You’ll just have to find all of the links that link to these pages.
This is actually pretty simple to do if you use Majestic’s site explorer tool. Just click the backlinks tab and then download an Excel CSV file and then sort the list alphabetically by target url and you will see all of the links the hackers got for you.
Then make a txt file of those links and submit them to the disavow tool.
5. Sign up for Vaultpress
Wordpress offers a security and backup service called vaultpress that you can sign up for at $5/mo and they will protect you from further hacks and clean up any infected code in your site.
6. Keep an eye on things
Make sure you are looking at analytics and web traffic on a regular basis.
I hate having to write posts like this because it means that many innocent website owners are being taken advantage of. I just hope that by exposing these scam artists for who they really are we can shut them down completely and Google will create the system to recognize and ban these guys for good.