Combat Blackhat SEO Infections with SEO Insights

6 minute read

Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously.

One of the worst spam tactics on the internet is becoming more common every day: innocent websites are hacked, and their best pages begin linking to spam. These Blackhat SEO spam tactics are fighting for expensive, high-competition keywords like: viagra, payday loans, casino… and lately a lot of high fashion spam.

This is a topic we write about often – it is rampant, after all. This time we’re going to dig into why it happens, what makes your site such an attractive target, and the SEO tools that can help you.

Good SEO Takes Time and Generates Long-term Traffic.

Many website owners invest significant time and resources creating great content and optimizing it for search engines. It can take months or years to build the authority required to bring a page to the top of the Search Engine Result Pages (SERP). By the time you get there, search engines will assume that your website has authority and value, and will then pass along some of your reputation to the sites you link to, like a vote of confidence.

Therein lies the danger.

Targeting and Infecting Sites For Quick, Cheap SEO.

Attackers build tools specifically targeted to finding vulnerable websites. Most of those tools rely on similar foundations, which is why it’s so important to update when developers release security patches. Hacker tools can show which pages have strong rankings (regardless of the keyword), or can ping Google with the “link:” search operator on a site in order to find out which pages have fewer outbound links, allowing the cracker to target the most potent pages. Most of the process is automated, and ends with your website and hundreds like it unknowingly participating in a link farm that the attacker can sell.

A penny per spammy backlink.

A penny per spammy backlink.

Blackhat SEO Spam Can Be Almost Invisible

Spam backlinks are usually placed in hidden iFrames where no one, including the site owner, can see them via a browser. SEO spam looks to abuse the audience you have worked so hard for and generate precious link juice for their respective clients. In some cases, a rule is defined to only shows spam links to search engine crawlers!

If you think that your website may be infected, you have a couple of options:

Search Engines Results Are What Google Sees

Sometimes, the hack goes a step further. To make the spam links seem relevant, they add keywords in Title and Description tags. This exposes the spam to users who search for your website:

Typical pharmaceutical SEO poisoning

Typical pharmaceutical SEO poisoning

In this case, new tags were added to posts that included the target keyword:

Post tags/categories add to the impact

Post tags/categories add to the impact

This one even created entire posts stuffed with keywords. Note that top-level domain is, and yet the keywords used have references to Canada.

New posts completely stuffed with keywords

New posts completely stuffed with keywords

In the examples above, site owners found out they were hacked only when customers complained. Not only is that embarrassing, but it can harm your website’s online reputation, and if you sell anything on-site, your users might question the security of your checkout process.

Additionally, web spam teams don’t take kindly to pages serving links that aren’t relevant. Remember, blacklist authorities like Google or Bing have built entire companies on serving relevant links, so they have a vested interest in rooting out any site that is accepting payment for backlinks. Right now, your hacked website looks like it fits the bill.

The implications of this could lead to loss in SEO ranking, Public notice of possible compromise in the SERP and can include a Blacklisting page when clients visit your website. Each of these contribute to loss in audience, traffic, and / or revenue.

Monitoring and Cleaning Blackhat SEO SPAM Infections

You should have a Google WebMaster Tools account for your site. The Security Issues section will give you a lot of insight if you’ve been hacked. However, since blacklisted sites can lose up to 95% of their organic traffic, most website owners will not want to wait for Google to blacklist them.

In addition, it’s incredibly important to mind your security posture. If you use WordPress, we’ve written extensively about security plugins that can help you manage your security, including our own. Alternatively, our paid clients benefit from server-side and remote monitoring, every day, and receive alerts about SEO poisoning before Google’s blacklists does.

1. Cleaning Infected Tags, Posts, Comments…

You will often find the tags in your CMS appear to be unchanged. Usually your database is infected, making it more difficult for the average user to clean up on their own.

So what can you do?

If you are comfortable modifying your database, you can use PHPMyAdmin or Adminer to search for the spam. At the end of the day, you’ll still need to patch the hole that allowed your database to get infected in the first place. Sometimes updating your CMS, auditing your plugins and scanning your database will do the trick.

2. Cleaning Up the Search Engine Results Pages

Once you’ve removed the infection, the original Title and Description tags will reappear, but the search results will be cached. Normally it can take days or weeks for Google to recrawl your site. We’ve prepared an exhaustive cheat sheet to help you through the process of clearing that cache and getting your SERPs clean.

To force Google to crawl your site immediately, log into WebMaster Tools and go to Crawl > Fetch as Google. From here, type the location of your sitemap or individual affected URLs, then click the Reindex button.

If you submit your sitemap, choose the option to Crawl this URL and its direct links – a nice trick to get your whole site done at once.

You can Fetch and Reindex from here

You can Fetch and Reindex from here

Just note that you get a 10-per month quota for crawling the URL and its direct links, and a 500-per-month quota for crawling individual URLs.

You can also use the “site:” Google Search Operator Guide to show your entire website in Google’s results pages at any time. It’s handy to verify the cleanup.

Accounting for Blackhat SEO SPAM

Websites that require frequent cleaning are usually suffering from SEO Poisoning (SEP) attacks, having been identified for their high-value pages.

If the site often hosts out-of-date plugins and CMS installations or if the attacker has injected a backdoor, attackers can keep it on their radar for reinfection. With the amount of updating that often needs to be done to keep a website up-to-date, from plugins to the CMS, it can be difficult to patch quickly enough.

A website needs credibility and security to make customers comfortable. Spam can be devastating in that respect. A hacker doesn’t care about the size of your website, so whether you’re just starting out or you’ve got lots of traffic, your site is always at risk.

Learn more about Dirty SEO and Blackhat SEO tactics and it’s impacts to your website.

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...