Okay, so you’ve just opened your email and you see a threatening message jumping out at you. Someone’s trying to get you to pay them money or they’ll launch what they call a ‘black hat SEO attack’ and you’ve got no idea how to respond.
Luckily you’ve found this article, so close your email for 10 minutes and learn…fast!
Black Hat SEO = Negative SEO
If you’ve heard of the latter then you already know what I’m talking about. If not, keep reading.
Black Hat SEO refers to all of the dubious techniques sites can use to boost their search engine ranking. The key thing is that they do so solely by targeting the search engines themselves. People know what search engines are looking for, so they only add that to their sites. This may sound like fair game, but when you consider that a search engine works in a very different way to a human user then it’s not such a great idea.
Yes, it will improve your ranking, but it will also mean that a search displays stuff that browsers couldn’t care less about. Clearly this is no good from the search engine’s point of view as it will harm their reputation.
Why Do People Launch Attacks?
The idea behind launching a black hat SEO attack is pretty simple. If you’re found guilty of black hat techniques then sites like Google reserve the right to delist you all together. Clearly, if someone can threaten you with this then their expectation is that you’ll pay them a small fortune not to go ahead. Makes sense right?
Here are a few reasons someone might target your site:
- Malice: Doing it purely because they can as a malicious tech activity
- Personal Vendetta: You could be targeted by a disgruntled business partner or former employee
- Extortion: This is the most common reason because it’s seen as a victimless way to quickly earn a large amount of money with very few repercussions
How can we stop them? Read on…
#1 Search for Irrelevant Anchor Text
According to SEO experts, a common thing that intruders will do to ruin your SEO is to change the display text of your links. If you suddenly notice a drop in traffic to your site on Google Analytics then it would be worth manually auditing the link text shown on your site.
Here’s a few key things that you’re looking for:
- Have any of the display texts been changed recently?
- Is the text far longer than the 2-5 keyword optimum you will have used?
- Does the text no longer appear relevant to the content of the link?
- Is the display text offensive, prejudicial, or inflammatory in anyway?
You may want to compile a spreadsheet that lists all of the links on your site if practically possible. That way you can view everything in one place without having to click from page to page.
#2 Identify 301 Redirects
We’re not going to get into the detail of what a 301 redirect does and how it works. For the purposes of surviving an attack it’s sufficient to know that they will take up to 99% of the SEO contribution from your link and send it to the redirected page. This is a powerful parasitic technique for draining the SEO of a legitimate site.
The problem with this is that it will be harder to identify as it’s usually reserved for sites with huge numbers of links. Use a bulk redirect checker such as Screaming Frog and you’ll be able to see what’s going on.
#3 Find Duplicate Content on Your Site Using Copyscape
If you’re not sure why duplicate copy could harm your SEO then take a quick look at this handy SEO refresher.
The key thing to know is that search engines don’t like you duplicating because it’s unnatural and of no use to users. A malicious intruder could very quickly clone your pages thousands of times without you realizing. Often they won’t add the new pages as bolt-ons to your legitimate site as you’d spot that straight away.
What they’ll do is create hundreds of other sites that post the exact same content as you. That way as far as Google is concerned you’re just spamming people to try and rank higher in search.
Run your own content through Copyscape so that you can see whether it is unique or not. If it’s been cloned then retrieve the emails of site owners and contact them directly. You’ll also want to jump straight to Tip #8.
#4. Check All of Your Links are Real Using URL Profiler
Another common tactic is to embed links in your site that don’t go anywhere. Google flags these up as black hat SEO because they’re a sure fire way to annoy a user.
It’s often impractical to check your links manually so follow these steps:
- Create a spreadsheet of all of your links
- Run them through a bulk scanner like URL Profiler
- Highlight in red those links that go nowhere.
Because these links don’t go anywhere it should mean that you only have to remove them from your site and they’re gone. If you find that some actually go somewhere real then you have a little more work to do (we’ll get to that in a bit).
#5. Scan for Malware using Site Checker
Anyone who asks is ‘black hat SEO legal?’ would do well to remember that it often involves installing malware. Google hates this for obvious reasons, and it’s also by far the most malicious of the attacking options as it can be indiscriminate.
Attackers who hide malware in your site don’t care if your users get hurt in the crossfire. They’re just cannon fodder and the cost of doing business. Worse still, users will blame you because it looks like you’re the one that gave it to them!
Here’s an example of a security warning issued by Google Chrome signaling about the possible presence of malware.
You need to take your website down as quickly as possible by speaking to your hosting service. From there you can use a free site scanner such as Google Site Checker to comb through every line of code.
#6. Use Open Site Explorer to Perform a Backlink Audit
Backlinking is something that you’re going to have to get to the bottom of too. The problem here is that they can so complex to track manually that you’re going to need a tool.
Open Site Explorer is as good a tool as any as it will allow you to scan your site in bulk. You may think that all you have to do is identify the backlinks that you removed, but you’re not done.
This sadly is not the case because of the following reasons:
- Backlinks will have a corresponding data point at the other end — the site you’re being linked to
- These sites are often innocent third parties that have been linked to en mass by the black hat attackers
- You will have to contact the owners of these links and ask them to take them down at their end
- Extract the owner’s email address from the link information using OSE where possible to make things easier
Techniques to Try Outside your Website
#7 Search for Ghost Profiles
A ghost profile is any unauthorized profile that is pretending to be you. These could be social media profiles, blogging pseudonyms, or cloned websites.
What the attackers are doing here is trying to ruin you by posting all manner of junk and malicious content under your name. Clearly if Google get wind of this they will immediately suspend you as they won’t have evidence that you’re being impersonated.
A quick way to get up to speed is seeing if you can search your name, and variants of it. This will help you see if accounts have been created that could be draining your SEO. If you’ve already seen an unexplained drop in traffic then try and match up the registration times with the dips.
#8. Tell Google
Last but by no means least you need to contact the search engines. You may see this as an admission of failure on your part, but swallow your pride and do what needs to be done.
Here’s why Google can help:
- They will have far more firepower and expertise than the attackers
- They tackle these kinds of attacks every single day
- They will want to help you and can provide access to free tools and the scanning software that can help you
- They will know that you’re not intentionally deploying black hat techniques to artificially boost your ranking in search
Conclusion: Hopefully this has given you plenty of advice and shown you that you’re not alone when it comes to tackling black hat techniques. Deploy the right software, tell the search engines, and stand your ground.
The worst thing you can do is immediately make payment to a threatening email as they’ll only come back for even more. You also can’t afford to ignore sudden sharp dips in traffic as this may indicate an attack is already in progress. Follow the tips above and you’ll be able to stay a step ahead.