Of course, SEO Spam Hack on compromised websites may be common, as we cover them quite frequently. Yet, shedding light on a blackhat tactic used to infiltrate a Whois domain lookup result for a domain name is complex and unique, as it is not a common occurrence.
“Whois” is a protocol that is used to verify who owns a unique domain name. Simply put, these records are available to everyone with the goal of creating trust online through the visibility of the website owner’s name, address, and phone number.
Yet, if a website owner is interested in safeguarding their personal information, they are required to purchase the WHOIS server protection service.
When you enter a domain into the search bar at the uniregistry.com/whois, a request is sent to the public WHOIS database. In that case, to that of your domain name registrar (like GoDaddy) or domain registry (like josephmuciraexclusives.com).
What is SEO Spam?
Hackers gain entry using some vulnerability that’s present on your WordPress sites, like a weak password or a security gap in an outdated plugin.
Once inside, they start doing things to hijack your SEO accomplishments (Search Engine Optimization). They find your top-ranking pages and insert their own hyperlinks and spam keywords.
Ranking on Google takes a lot of effort but with it comes great benefits. These hackers would rather let you do all the hard work of SEO and digital marketing, and then use your website to promote their product/service. This is why SEO spam is also known as spamdexing or search engine poisoning (SEP).
The hack is so popular because it can target WordPress websites of all sizes and not necessarily just the large ones. The most common victims are small websites, NGOs, and WordPress blogs, that are not secured by SSL certificates or do not have any security measures in place.
This hack is well-disguised and hidden away from the plain-sight of the owner. Therefore, it is one of the most difficult ones to detect. You could be hacked for a long time without even knowing it.
What is a Whois SEO Spam Hack?
Recently, a WHOIS service user got really upset about the changes in his records, as well as email notifications he received that were carrying spam content. The research revealed that hackers had taken advantage of customers’ domain expiration by purchasing a previously legitimate WHOIS server.
They then included arbitrary and unauthorized ads in this newly purchased old South African WHOIS server records. The country code .co.za is used for a top-level domain official in South Africa.
A search to locate the official WHOIS server for a client (CNAME whois.coza.net.za.) came back with nothing wrong. But, the changes made in the WHOIS server contained details of what was changed and this was where things got really interesting.
The WHOIS changelog demonstrated a new set of spam links that were included on all out-going email notifications. Even though all the spam emails looked similar, there was a strong clue at the end of each email redirecting users to another site – “Why would queries go to whois.co.za instead of whois.coza.net.za?”
Researchers immediately ran a query to dig deeper on “whois victim-site.co.za whois: za.whois-servers.net:”.
You guessed it: the results indicated that the domain name had something to do with the issue. So, performing a root cause analysis by installing Brew with an updated version of WHOIS 5.2.12 caused a different result where the client information had been redacted.
The fetched results paved the way to further narrow down on the real problem!
Which are the Types of SEO Spam Hack?
Once a hacker breaks into your website, there’s a long list of malicious tactics they can use.
An SEO spam hack is just one of them and can be used in combination with other types of hacks.
Bearing in mind, I’ve listed out the most common tactics that we see take place when a website is facing a search engine spamming hack:
1. Spam Keyword Insertion
SEO Spammers want to rank for their products or services.
They use what is called black-hat SEO techniques and stuff their keywords all over your site. It will mostly be invisible to you and your users.
When someone searches for these keywords on Google, your website will rank.
2. Spam Link Injection
They insert external malicious links that will redirect visitors to a website of their choice.
They can also use a tactic called clickjacking wherein they insert hidden links under regular clickable content, thus deceiving the user.
Upon clicking it, they’ll be directed to another website – usually, one that sells/promotes illegal products and content.
3. Creating New Pages
Hackers can also take over your website by creating new web pages, sometimes even thousands of them. These pages are designed to manipulate search engines.
4. Spam Emails
If they have access to your customer database, they can start sending emails to promote their product.
The email will be sent from your legitimate email address which customers will think is trustworthy. Only upon opening it will they be exposed to the hacker’s tricks.
Once customers start flagging your emails as spam, mail servers will mark you as spam. This is hard to recover from and you can lose valuable customers for good.
5. Displaying Banners and Ads
They can also hijack any banners, pop-ups, ads or CTAs (Calls to action) and replace it with a promotion for their products and content on your site.
What is Negative SEO?
As an example, in 2016 an incident involving a Russian, Vitaly Popov, who went on to register websites that use the Cyrillic version of letters.
Like C and K in lifehacker.com swapped out for с and к, and Cyrillic ɢ replaced the first G in google.com. And which may appear the same, but instead are not and direct visitors elsewhere.
They would then spam Google Analytics with pro-Trump messages redirecting people to these websites.
Negative SEO refers to the practice of using black hat and unethical techniques to sabotage a competitor’s rankings in search engines.
What are the Forms of Negative SEO Spam Hack?
- Hacking your website
- Building hundreds or thousands of spammy links to your website
- Copying your content and distributing it all over the internet
- Pointing links to your website using keywords like Viagra, poker online, and many others
- Creating fake social profiles and ruining your reputation online
- Removing the best backlinks your website has
How does an SEO Spam Hack Work?
In a hack like this, malicious code is injected into your website’s files. Next, to disguise it, the code is reversed and then stored. This is why a spam injection hack is so difficult to detect.
Next, there is something known as a PHP function that comes in, flips the code back to normal and then executes the hack. All this is done to hide the hack from you and to manipulate the search engine bots.
To you, your website will look and function just fine. But a Google bot or any other search engine bot will see what the hackers want them to see when they crawl and index your website.
The malicious code will inject keywords, links, and whatnot into your site. It can also change the title tag and meta descriptions of your pages and posts. This is how they get your website to rank for these keywords in search engine result pages.
How do I Protect my Site from SEO Spam Hack?
The entire SEO industry experienced a major transformation over the past two years. As a result, many online marketers have dramatically changed their strategies. Ranking high in Google for competitive keywords is not as easy as it was three years ago.
Because black hat SEO is harder and harder to execute, and less and less likely to deliver results, a new type of SEO has emerged called “negative SEO.”
This is a guide that will help you understand what negative SEO is and how you can protect your business from becoming a victim. If you are serious about building your brand online and keeping it safe, this is something you should not ignore.
Is Negative SEO Spam Hack a Real Threat?
Of course, Yes! No doubt about that. Negative SEO is real, and numerous websites have had to deal with this problem. Preventing it is much easier than fixing it.
If you conduct a search on Fiverr for “negative SEO,” you will find over 15,000 people willing to do the work for only $5.
Also, black hat forums are full of stories from people who have succeeded with this technique.
How do I Prevent a Negative SEO?
Google has released the Disavow Tool to help webmasters deal with this problem. But, the tool should be used with caution and only as a last resort.
Check out Matt Cutts’s answer to negative SEO:
It usually takes 2-4 weeks for the tool to work. Can you afford to have your website penalized for 1 month? No one can!
I will show you how you can prevent these attacks and keep your business safe.
1. Set up Google Webmaster Tools Email Alerts
Google can send you email alerts when:
- Your website is being attacked by malware
- Your pages are not indexed
- You have server connectivity problems
- You get a manual penalty from Google
If you haven’t already, connect your website to Google Webmaster Tools.
Log in to your account and click “Webmaster Tools Preferences.” Enable email notifications and choose to receive alerts for all types of issues. Click “Save.”
2. Keep Track of Your Backlinks Profile
This is the most important action to take to prevent spammers from succeeding. Most often, they will perform negative SEO against your website by building low-quality links or redirects. It is vitally important to know when someone is creating links or redirects to your website.
You can use tools like Ahrefs or Open Site Explorer, from time to time, to manually check if someone is building links to your website, but the one I recommend you use is MonitorBacklinks.com. It’s one of the best and easiest tools that can send you email alerts when your website gains or loses important backlinks.
Instead of having to manually check your backlinks every morning, Monitor Backlinks sends everything you need to know to your inbox. Here’s how you can use it:
Once you have created your account, it will require you to add your domain and connect it with your Google Analytics account.
It usually shows your backlinks immediately, but sometimes it can take a few minutes. By default, your settings are set to send you email notifications when your website receives new backlinks.
3. Protect Your Best Backlinks
Very often, spammers will try to remove your best backlinks. They usually contact the website owner of the link, using your name, and they request the webmaster to remove your backlink.
To prevent this from happening, you can do two things:
- When you communicate with webmasters, always use an email address from your domain, instead of using Gmail or Yahoo. This way, you will prove that you work for the website and that it’s not someone else pretending to be you. Your email should look like this: [email protected].
- Keep track of your best backlinks. For this, you can use Monitor Backlinks again. Go to your list of backlinks and sort them by Page Rank or social activity.
Add tags to the backlinks you value the most so you can verify if any of them get removed.
4. Secure Your Website from Malware and Hackers
Security is extremely important. The last thing you want is spam on your website without you even knowing about it. There are several things you can do to secure your website:
If you are using WordPress, install the Google Authenticator Plugin and create a 2-step verification password. Each time you log in to your WordPress website, you will be required to add a code generated by Google Authenticator on your smartphone (available on iOS and Android).
Create a strong password with numbers and special characters. Thereafter, create backups of your files and database on a regular basis. Finally, if your website lets users upload files, talk to your hosting company and ask them how you can install an antivirus to prevent malware.
5. Check for Duplicate Content
One of the most common techniques spammers use is content duplication. They copy your website content and post it everywhere they can. If most of your content is duplicated, there’s a big possibility that your website will be penalized and lose rankings.
You can check if your website has duplicate pages on the internet using Copyscape.com. Simply add your website or the body of the article you want to verify, and it will show you if your content is being published somewhere else, without your permission.
6. Monitor Your Social Media Mentions
Sometimes, spammers will create fake accounts on social media using your company or website name. Try to remove these profiles by reporting them as spam before they start to get followers.
To find out who is using your brand name, you can use tools like Mention.net. As soon as someone mentions your name on any social media or website, you will be informed, and you can decide whether you should take action.
Create an account and click “Create alert.” Name your alert, and add the keywords you want to be alerted about. You can use multiple languages, too. Click “Next step.”
Select the sources you want Mention.net to look for, and add the domains you want to be ignored. Click “Create my alert,” and you will receive alerts every time your keyword (company name) is mentioned on social media, blogs, forums, and news.
7. Watch Your Website Speed
If your website suddenly has a very high loading time, make sure it’s not because someone is sending thousands of requests per second to your server. If you don’t act fast to stop this, spammers may put down your server.
A great tool that can help you monitor your server uptime and loading time are Pingdom.com.
Create an account and activate “email alerts,” so you will know when your website is down. If your site is being attacked, contact your hosting company and ask for support as soon as possible.
8. Don’t be a Victim of Your Own SEO Strategies
Make sure you are not hurting your website rankings by using techniques that are not acceptable to Google.
These are some of the things you should not do:
- Firstly, don’t link to penalized websites.
- Secondly, don’t buy links from blog networks, and don’t buy links at all for SEO.
- Again, don’t publish a massive number of low-quality guest posts.
- Also, don’t build too many backlinks to your website using “money keywords.” At least 60% of your anchor texts should use your website name.
- And finally, don’t sell links on your website without using the “nofollow” attribute.
9. Don’t Make Enemies Online
There is no reason to create enemies. Don’t ever argue with clients because you never know who you are dealing with. There are three types of spammers and the reasons why they spam:
- For fun
- For revenge
- To outrank the competition in search engines
These hacks are rarely targeted at a particular WordPress site. Gone are the days of hackers manually breaking into individual sites. They create bad bots that are constantly crawling the internet to find and hack any website that’s weak.
So the size of your website or the popularity of it is insignificant. These bots run through all sites, once they find an entry point into yours, they come in and insert their scripts.
This is a summary of the things you can do to prevent negative SEO:
- Create email alerts from Google Webmaster Tools.
- Track your backlinks profile and get email alerts when you get new links, with tools like MonitorBacklinks.com.
- Secure your website from malware and hackers. Use the Google Authenticator plugin for WordPress.
- Check for duplicate content with Copyscape.com.
- Find mentions of your company name on social media and websites with Mention.net.
- Monitor website uptime with Pingdom.com.
- Don’t accidentally use negative SEO against your website.
- Don’t make enemies.
Having said that, What other methods are you using to prevent negative SEO Spam Hack? Have you experienced an SEO Spam Hack? What other tools are you using to prevent SEO Spam Hack?
And by the same token, you can share your questions, suggestions, additional links, etc. in the comments box below this blog post.