Skip to main content

How to defend yourself against an ongoing negative SEO campaign

You know what negative SEO is (and isn’t). You know how to audit your site to determine if you’ve been hit. You know how to protect yourself to limit your exposure. Now it is time to discuss how to defend yourself against an ongoing negative SEO campaign.

Who is attacking you?


There are a variety of ways to unmask the people targeting you and your site with a negative SEO attack. Some depend on the type of attack you’re experiencing. No matter how they are coming at you, you will need to collect some information in order to shut them down.

Let’s look at common attack methods and see how we can turn the tables and use what they’re doing to us — against them.

Inbound links


Using your favorite link analysis tool, you will need to segment the links you expect to have (your old links) to the new ones you believe are coming from an attack. This step is very easy to oversimplify because link scoring varies significantly, depending on your philosophy of links, risk tolerance and which tool you use to score links. The end result of this step is a list of links you think are part of an attack.

Check to see if the links being used against you are related or follow similar footprints:

Are you seeing a lot of links from low-quality blogs, scraper sites, bookmarking sites, wikis or directories?

  • Did a large number of new inbound links pop up at the same time?

  • Are a lot of your new links coming from the same IP address or countries?

  • Are the new links using the same anchors over and over?

This massive influx of inbound links can be the work of an individual or group using spam software. Spam software tends to leave some telltale traces, such as a high number of links using the same anchors or a concentration of links from a single specific footprint. An example of this might be links inserted in footers like this: “Powered by phpBB © 2000.”

If you were to look at your backlinks in your favorite link analysis tool, you might not immediately notice specific patterns or certain types of links. Look for unusual patterns such as adult and pharma anchor text phrases in new links, or a high volume of links you cannot attribute to any of your marketing activities. These types of links may indicate a negative SEO attack implemented by someone using a spam tool, or possibly someone using a network of sites.

If someone is using a network of sites (or blog network) in their attack against you, you may want to give a little visual context to your link data and graph those links using a tool like TouchGraph.com or Gephi.org. These tools will give you a visual representation of your inbound links and allow you to spot patterns and footprints. This is much easier than sorting through mountains of data in a spreadsheet.

Injected content and links

If someone has managed to modify your existing site, you will need access to your server logs to determine which internet protocols (IPs) were used for the content or link injection. Some attackers hide the activities behind a series of proxies, but occasionally they slip up and don’t do so, which makes them much easier to find.

If the content created includes URLs you are unfamiliar with, it is even more important to capture IP information on the new URLs, as attackers often return to their targets to check on their work. Sometimes they forget to properly proxy themselves, giving you a glimpse of where they are coming from. There’s a greater chance you can identify the attacker visiting the same unusual URLs from multiple IPs over older links.

Comment spam




Comment spam links are usually built in one of two ways: manually or by using a spamming software. What makes data collection and interpretation easier when it comes to comment spam is the ability you have to access server logs and isolate which IPs were used in the posting attempts.




Comment spam is pretty easy to spot and easier to fix. You can turn off comments until you can add stronger CAPTCHAs and spam traps like Akismet.com. Personally, I would leave comments off unless you absolutely need them, as I have yet to encounter a CAPTCHA that hasn’t been cracked.

Hotlinking

Hotlinking can be hard to notice until a lot of damage has been done. It’s a practice that can negatively affect your site’s performance, since people embed your images on their site by linking directly to them. This practice uses your bandwidth, which makes offenders easy to discover by looking at traffic coming in via your analytics and data usage in your raw logs. The domains hosting your images can be exported into an attackers list.

User signals


While not an ideal situation by any means, the best part of someone manipulating user signals is the trail they leave behind. Trails can be easy to follow and are often reported in analytic programs.


The hard part is determining and isolating what we “think” may be manipulated. We have to determine what is purposely being done versus what can be naturally occurring. If the manipulated user signal is unsophisticated, you’ll likely see spikes of spammy traffic on specific pages, which allows you to quarantine that traffic in your server logs to isolate IPs and user agents. In some cases, you may be lucky enough to trace the referral traffic back to a service or tool.


If the user signal manipulation is any kind of distributed denial of service (DDoS) attack, stop and bring in a forensic expert.

Time to make changes


I have listed the more common negative SEO attack vectors, but for the purposes of introductory data collection, this is enough. The main reason for listing the various steps toward creating a list of attacking sites and ways to stop an attack is to show your attacker you are willing and capable of finding him or her. This makes your site a less appealing victim in the future.

Once you have collected the list of offending IPs and domains, you can attempt to unmask your attacker manually by combing through WHOIS domain registrations and zone files (a text file that exists to describe a DNS zone) looking for registration commonalities. By far the best service to help someone looking to find the person behind a set of IPs and domains is BitDiscovery.com, run by two very famous white-hat hackers, Jeremiah Grossman and Robert Hansen.

The next step before the recovery process can begin is to stop the attacks as best you can and tighten up your site to be less of a target in the future. Here are some main points to consider:

  1. Think about moving to a dedicated host if you aren’t already on one and layering on a content delivery network for DDoS protection.

  3. Patch your host and content management system (CMS) with updated security to lessen a future DDoS and point-of-entry attack.

  5. Make any necessary CMS modifications to decrease the chance of duplicate content, injected content by unnecessary search pages and proper canonicalization.

  7. Ensure robots.txt is working.

  9. Turn off comments!

  11. At your host settings, your content delivery network (CDN) or WordPress, disable hotlinking of your images.

  13. Run malware checks.

  15. Send a warning shot in the form of a cease and desist to the individual or group you’ve unmasked as being the attackers of your site.

  17. Report the attackers for competitor spam.

  19. What comes next is the recovery process, which we’ll cover in our next article.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

SEO Tools: The Complete List (2018 Update)

SEO Tools: The Complete List (2018 Update) on  July 18, 2018 If you want to see the best SEO tools in one place, then you’ll LOVE this (updated) guide. I personally tested and reviewed  188  free and paid tools. And you can filter through the list to find the best SEO software for you. Check it out: I want SEO tools that help with: Link Building     Technical SEO     Keyword Research     Rank Tracking     Content Optimization     Backlink Analysis     Video SEO I want tools that are: Free     Paid     Freemium     New    Show only Brian's favorite tools: Yes     No    LINK BUILDING TOOLS AuthoritySpy Link Building Paid AuthoritySpy is designed to help you find the top influencers in your space. It discovers these movers and shakers by searching in places like AllTop, Twitter and Followerwonk. Officia...
Post a Comment
Read more

The Ultimate Guide to Off-Page SEO

Off-page search engine optimization is not just about  links . It goes deeper than that. For example, brand mentions (your site URL or brand name mentioned on another site without a hyperlink) are an integral aspect of off-page search signals. As smart bloggers and content marketers, we usually start with  on-page SEO . But we don’t stop there. Because, to a large extent, the things that matter to Google often happen away from your web site. Depending on your marketing goals, the time you spend on off-page search engine optimization will vary. Dr.  Pete Meyers  from Moz observed that many web site owners spend about 30% of their time on off-page factors, and 70% on on-page factors. For other web site owners, those percentages are reversed. Off-page SEO simply tells Google what others think about your site.  For example, if you’ve got a lot of valuable links pointing to your pages, search engines will assume that you’ve got great content – the...
Post a Comment
Read more

Why does structured data matter for SEO?

Structured data represents a huge opportunity for SEOs to communicate key information with search engines, boost content visibility, and reach target audiences. It makes it easier for search engine crawlers to extract and understand specific information related to the content, in this case, the kind of product, the aggregate rating, available offers, and product reviews. This allows the crawler to understand your content with increased accuracy. This report from Botify describes how structured data can give SEOs a competitive advantage and lead to significantly increased levels of search visibility and engagement rates.Visit Digital Marketing hardik ghadiya  “Structured Data: Why now is the time to optimize.”
1 comment
Read more