Negative SEO Attacks
published May 22, 2018
A while ago, I searched engine optimization for a website and encountered such a "phenomenon" as negative SEO attacks. I learned this subject and want to share how foes or competitors can kill your website in search results. Preventing it isn't something in your power, but detecting the attempt early enough to reverse the damage is possible.
A while ago, I searched engine optimization for a website and encountered such a "phenomenon" as negative SEO attacks. I learned this subject and want to share how foes or competitors can kill your website in search results. Preventing it isn't something in your power, but detecting the attempt early enough to reverse the damage is possible.
Link Explosion
An attacker can buy a lot of "bad" links to your website. "Bad" links are links from link farms, spammy or adult websites. Usually, the same anchor text is used for most of these links.
Especially, it will damage young websites (1–4 months of life). If a website has not been promoted before and suddenly 100 links appear on the Web to this website, and all of these links are from spammy or adult websites, then search engines will easily indicate that your website is not worth being in search results.
To prevent it, increase the number of your links regularly and continuously. Also, you need to monitor your link growth. If you see your website ranking being harmed by low-quality links you do not control, you can ask Google not to consider them when assessing your website. Disavow them in Google Webmaster Tools.
Especially, it will damage young websites (1–4 months of life). If a website has not been promoted before and suddenly 100 links appear on the Web to this website, and all of these links are from spammy or adult websites, then search engines will easily indicate that your website is not worth being in search results.
To prevent it, increase the number of your links regularly and continuously. Also, you need to monitor your link growth. If you see your website ranking being harmed by low-quality links you do not control, you can ask Google not to consider them when assessing your website. Disavow them in Google Webmaster Tools.
Duplicate Content
An attacker can copy all your content to BlogSpot or LiveJournal blogs. Such blogs are indexed by search engines quickly. It can be especially harmful to young websites and websites where content is being refreshed not often. When search engine crawlers visit such websites to index their content (weekly or monthly), this content can be already indexed on the blog where an attacker pasted it. Search engine crawlers visit promoted Blogspot or LiveJournal blogs several times per day. Your content will become non-unique, and your website's positions in search results can worsen quite significantly.
There is no 100% protection from duplicate content. But you can always switch off keyboard shortcuts (Ctrl+A, Ctrl+C), right-click and text highlighting, hide the HTML code of your website.
There is no 100% protection from duplicate content. But you can always switch off keyboard shortcuts (Ctrl+A, Ctrl+C), right-click and text highlighting, hide the HTML code of your website.
Duplicate Content with a Trailing Slash
Avoid duplicate content by enforcing trailing slash in URLs — e.g., https://yourwebsite.com/about.html and https://yourwebsite.com/about.html/ An attacker can buy spammy links to your website with and without the slash. For search engines, it will be two different websites with the same content, and such websites can be penalized for duplicate content.
To protect your website from duplicate content with a trailing slash, in the .htaccess file, configure 301 redirect from the pages with a slash to the pages without a slash (or vice versa, as you like). The main thing is that only one kind of page should be on your website. Besides, you can write in the rel="canonical" tag displayed in the HTML page source and point at the main URL.
To protect your website from duplicate content with a trailing slash, in the .htaccess file, configure 301 redirect from the pages with a slash to the pages without a slash (or vice versa, as you like). The main thing is that only one kind of page should be on your website. Besides, you can write in the rel="canonical" tag displayed in the HTML page source and point at the main URL.
Incorrect Domain Configuration to www and non-www URL
Search engines try to cope with this problem by determining which address is the main — with www or without www. They often do it incorrectly, and many websites are available in search results with and without www. Each page of such websites has the same content but exists at two different URL addresses. As in the previous case (Duplicate Content with a Trailing Slash), an attacker can use it against you.
To prevent it, in the .htaccess file, configure 301 redirect from the URL without www to the URL with www. In Google Webmaster, specify the primary mirror with www.
To prevent it, in the .htaccess file, configure 301 redirect from the URL without www to the URL with www. In Google Webmaster, specify the primary mirror with www.
Incorrect Processing of 404 Errors
404 Page Error indicates that the server was unable to find the requested address. It means that the page has already been deleted or never existed. In this case, search engine crawlers should get a 404 response — the page was not found.
This error is often processed incorrectly or isn't processed at all on many websites, and the search engine crawlers get 200 or 302 responses. Using fake parameters, an attacker can create multiple URLs to nonexistent pages on your website — e.g., https://yourwebsite.com/legitimate-url?spam-fake-parameters and buy spammy links to these URLs. As these URLs return 200 responses, they are treated by search engines as usual and genuine pages. If there are only 100 useful pages on your website and an attacker has created 3000 useless pages, your website can be filtered or penalized by search engines.
To protect your website from this attack, check your server response to nonexistent pages.
This error is often processed incorrectly or isn't processed at all on many websites, and the search engine crawlers get 200 or 302 responses. Using fake parameters, an attacker can create multiple URLs to nonexistent pages on your website — e.g., https://yourwebsite.com/legitimate-url?spam-fake-parameters and buy spammy links to these URLs. As these URLs return 200 responses, they are treated by search engines as usual and genuine pages. If there are only 100 useful pages on your website and an attacker has created 3000 useless pages, your website can be filtered or penalized by search engines.
To protect your website from this attack, check your server response to nonexistent pages.
DoS Attacks
DoS or denial-of-service attacks occur when an attacker floods servers with traffic to overwhelm them and make the server difficult or impossible for legitimate users to use. The server does not have time to respond, and your website becomes unavailable. It will provoke website crawl errors and can prevent your website from appearing in search results.
To protect your website from DoS attacks, use reliable hosting providers.
You see how websites are fragile and vulnerable to attacks. So, stay alert, watch what happens. And even though I did not cover everything, you can take some steps after reading this article to protect your website.
To protect your website from DoS attacks, use reliable hosting providers.
You see how websites are fragile and vulnerable to attacks. So, stay alert, watch what happens. And even though I did not cover everything, you can take some steps after reading this article to protect your website.
Did you like this article?
Share article on social networks
Worked on the article:
Oksana Budnikova
Senior Software Project Manager
