Negative SEO Attacks

published May 22, 2018

A while ago I did search engine optimization for a website and encountered with such a "phenomenon" as negative SEO attacks. I learnt this subject and want to share with you how foes or competitors can kill your website in search results. Preventing it isn't something in your power, but detecting the attempt early enough to reverse the damage is possible.
Link Explosion
An attacker can buy a lot of "bad" links to your website. "Bad" links are links from link farms, spammy or adult websites. Usually the same anchor text is used for the most of these links.

Especially, it will damage young websites (1–4 months of life). If a website has not been promoted before and suddenly 100 links appears on the Web to this website, and all of these links are from spammy or adult websites, then search engines will easily indicate that your website is not worth to be in search results.

To prevent it, increase a number of your links regularly and constantly. Also you need to monitor your link growth. If you see your website ranking is being harmed by low-quality links you do not control, you can ask Google not to take them into account when assessing your website. Disavow them in Google Webmaster Tools.
Duplicate Content
An attacker can copy all your content to blogspot or livejournal blogs. Such blogs are indexed by search engines quickly. It can be especially harmful for young websites and websites where content is being refreshed not often. When search engine crawlers visit such websites to index their content (weekly or monthly), this content can be already indexed on blog where an attacker pasted it. Search engine crawlers visit promoted blogspot or livejournal blogs several times per day. So, your content will become non-unique and your website positions in search results can be worsen quiet significantly.

There is no 100% protection from duplicate content. But you always can switch off keyboard shortcuts (Ctrl+A, Ctrl+C), right-click and text highlighting, hide the html code of your website.
Duplicate Content with a Trailing Slash
Avoid duplicate content by enforcing trailing slash in URLs — e.g., https://yourwebsite.com/about.html and https://yourwebsite.com/about.html/ An attacker can buy spammy links to your website with and without slash. For search engines it will be two different websites with the same content and such website can be penalized for duplicate content.

To protect your website from duplicate content with a trailing slash, in .htaccess file configure 301 redirect from the pages with slash to the pages without slash (or vice versa, as you like). The main thing is that the only one kind of pages should be on your website. Besides, you can write in the rel="canonical" tag, that displayed in HTML page source, and point at the main URL.
Incorrect Domain Configuration to www and non-www URL
Search engines try to cope with this problem by determining which address is the main — with www or without www. But often, they do it incorrectly and many websites are available in search results with and without www. Each page of such websites has the same content, but exists at two different URL addresses. As in previous case (Duplicate Content with a Trailing Slash) an attacker can use it against you.

To prevent it, in .htaccess file configure 301 redirect from the url without www to the url with www. In Google Webmaster specify the main mirror with www.
Incorrect Processing of 404 Errors
404 Page Error indicates that the server was unable to find the requested address. It means that the page has already been deleted or never existed. In this case, search engine crawlers should get 404 response — the page was not found.

But very often, this error is processed incorrectly or isn't processed at all on many websites, and the search engine crawlers get 200 or 302 responses. Using fake parameters, an attacker can create multiple URLs to nonexistent pages on your website — e.g., https://yourwebsite.com/legitimate-url?spam-fake-parameters and buy spammy links to these URLs. As these URLs return 200 response, they are treated by search engines as normal and genuine pages. So, if there are only 100 useful pages on your website, and an attacker has created 3000 useless pages, then your website can be filtered or penalized by search engines.

To protect your website from this attack, check your server response to nonexistent pages.
DoS Attacks
DoS or denial-of-service attacks occur when an attacker floods servers with traffic in order to overwhelm it and make server difficult or impossible for legitimate users to use. The server does not have time to respond and your website becomes unavailable. It will provoke website crawl errors and can prevent your website from appearing in search results.

To protect your website from DoS attacks, use reliable hosting providers.

You see how websites are fragile and vulnerable to attacks. So, stay alert, watch what happens. And even though I did not cover everything, you can take some steps after reading this article, to protect your website.
Did you like this article?
Share article on social networks
Worked on the article:
Oksana Budnikova
Senior Software Project Manager
Made on
Tilda