Recovering from Black Hat/Negative SEO with a twist
-
Hey everyone,
This is a first for me, I'm wondering if anyone has experienced a similar situation and if so, what the best course of action was for you.
Scenario
- In the process of designing a new site for a client, we discovered that his previous site, although having decent page rank and traffic had been hacked. The site was built on Wordpress so it's likely there was a vulnerability somewhere that allowed someone to create loads of dynamic pages; www.domain.com/?id=102, ?id=103, ?id=104 and so on. These dynamic pages ended up being malware with a trojan horse our servers recognized and subsequently blocked access to.
We have since helped them remedy the vulnerability and remove the malware that was creating these crappy dynamic pages.
- Another automated program appears to have been recently blasting spam links (mostly comment spam and directory links) to these dynamically created pages at an incredibly rapid rate, and is still actively doing so. Right now we're looking at a small business website with a touch over 500k low-quality spammy links pointing to malware pages from the previously compromised site.
Important: As of right now, there's been no manual penalty on the site, nor has a "This Site May Have Been Compromised" marker in the organic search results for the site. We were able to discover this before things got too bad for them.
Next Steps?
The concern is that when the Penguin refresh occurs, Google is going to notice all these garbage links pointing to those malware pages and then potentially slap a penalty on the site. The main questions I have are:
- Should we report this proactively to the web spam team using the guidelines here? (https://www.google.com/webmasters/tools/spamreport?hl=en&pli=1)
- Should we request a malware review as recommended within the same guidelines, keeping in mind the site hasn't been given a 'hacked' snippet in the search results? (https://support.google.com/webmasters/topic/4598410?hl=en&ref_topic=4596795)
- Is submitting a massive disavow links file right now, including the 490k-something domains, the only way we can escape the wrath of Google when these links are discovered? Is it too hopeful to imagine their algorithm will detect the negative-SEO nature of these links and not give them any credit?
Would love some input or examples from anyone who can help, thanks in advance!
-
I never mentioned anything about Pigeon?
-
Um....IQ? Did you miss the Pigeon update of a couple of months ago?
Tons of talk on same, my own fav from Mike here -
http://blumenthals.com/blog/2014/10/05/post-pigeon-geo-assessment-how-did-traffic-change-by-city/
-
Should we report this proactively to the web spam team using the guidelines here? No
**Should we request a malware review as recommended within the same guidelines, keeping in mind the site hasn't been given a 'hacked' snippet in the search results? **
No
**Is submitting a massive disavow links file right now, including the 490k-something domains, the only way we can escape the wrath of Google when these links are discovered? Is it too hopeful to imagine their algorithm will detect the negative-SEO nature of these links and not give them any credit? **
Yes
This sounds to me like you need to be thinking 'damage limitation', and by submitting a disavow now, you will be doing just this. Don't worry about the fact there are so many domains there, that is what the tool is all about. However, Penguin hasn't had a refresh in some time (12 months), so one might consider this and think that while you have time on your side to fix it, a refresh could be round the corner - so hop on it
-Andy
-
Sounds like fun!
I did write a lovely answer which unfortunately got lost so I'll summaries a bit below-
1. I wouldn't recommend telling Google as you might not have a penalty now but you might be temping Googles wrath
2. As you've not been marked as malware and you've removed it you should be fine but you can always try if you want to sleep better
3.Disavow proactively is a great idea Google like this approach too, It also means rather than hoping Google might ignore the links its will defiantly ignore them with the disavow list.. Further to this I've got two more options for you. you can block wildcard/dynamic pages in your Robots which will help stop Google even getting to them to find out you've got some bad links assuming you don't need the pages for your site. If you check your referring domains weekly and update the disavow list as well if you're still "under attack".
Just a quick heads up after disavowing the link you may drop down in rankings as you're removing the links however there is also a chance you can go up if you're under a algo penalty.
You can find some good tips here too - http://www.searchenginejournal.com/combat-recover-negative-seo-attack-survival-guide/114507/
Hope some of that helps and I wish I could of posted my reply but I don't have the time to rewrite it I'm afraid. Good luck to you!
-
I have a lot going on right now, but if you PM the domain, I can take a look in a week or so.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Are links on sites that require PAD files good or bad for SEO?
I want to list our product on a number of sites that require PAD files such as Software Informer and Softpedia. Is this a good idea from an SEO perspective to have links on these pages?
White Hat / Black Hat SEO | | SnapComms0 -
Do you choose PA/DA over PR when purchasing expiring domains?
Hey guys, So a lot has been said about private blog network. I have but only 1 question: Do you choose PA/DA over PR when purchasing expiring domains or PR is most critical? Thanks a lot!
White Hat / Black Hat SEO | | nicenike0 -
Black linking exploitation
Hi all After watching our ranking for some primary keywords drop on Google from page 1 to 20 and then totally off the charts in relatively short period I've recently discovered through moz tools that our website along with other competitor sites are victims to black linking (may have the terminology wrong). Two primary words are anchor linked to our domain (www.solargain.com.au) being sex & b$tch through over 4000 compromised sites - mostly Wordpress - many which are high profile sites. Searching through the source code through half a dozen compromised sites I noticed that competitors are also linked using other derogatory terms, but the patterns indicate batch or clustered processing. The hacker has left some evidence as to whom they are representing as I can see some credible discussion forums which contain negative feedback on one particular supplier also among the links. Although this is pretty good evidence to why our ranking has dropped there are some interesting questions: A) is there any way to rectify the 4000 or so black links, mass removal or other. (Doesn't sound feasible)
White Hat / Black Hat SEO | | mannydog
B) some competitors who dominate organic ranking through better optimization don't seem to be affected or apparently affected as much as our site at least. Which questions how much we are affected as a direct result from this hack.
C) is there action or support for industrial espionage?
D) can you request from google to ignore the inbound links and would they not have a duty of care to do so? I'm fairly new to this ugly side of the Internet and would like to know how to approach recovery and moving forward. Thoughts ideas very welcome. Thanks in advance.0 -
SEO problems with PR Newswires
Just been investigating PR newswires for the first time (despite having worked in PR for over a decade!) One of my clients has asked my to send out a news release via a newswire of my choice. I will not be posting the news release on my client's website, to avoid the most obvious duplication issue. Has anyone had SEO probs from newswires though? I just saw one which offered: "Minimum guaranteed number of media websites on which your release is posted" alarm bells!
White Hat / Black Hat SEO | | McTaggart0 -
Google Penguin w/ Meta Keywords
It's getting really hard filtering through the Penguin articles flying around right now so excuse me if this has been addressed: I know that Google no longer uses the meta keywords as indicators (VERY old news). But I'm just wondering if they are starting to look at them as a bigger spam indicator since Penguin is looking at over-optimization. If yes, has anyone read good article indicating so? The reason I ask is because I have two websites, one is authoritative and the other… not so much. Recently my authoritative website has taken a dip in rankings, a significant dip. The non-authoritative one has increased in rankings… by a lot. Now, the authoritative website pages that use meta-keywords seem to be the ones that are having issues… so it really has me wondering. Both websites compete with each other and are fairly similar in their offerings. I should also mention that the meta-keywords were implemented a long time ago… before I took over the account. Also important to note, I never purchase links and never practice any spammy techniques. I am as white hat as it gets which has me really puzzled as to why one site dropped drastically.
White Hat / Black Hat SEO | | BeTheBoss0 -
Is using twiends.com to get twitter followers considered black hatting?
Hi, I've been struggling to get followers on Google Plus and Twitter, and recently stumbled upon twiends.com. It offers an easy service that allows you to get twitter followers very quickly. Is this considered black hating? Even if Google doesn't consider the followers as valid, am I likely to be punished if using their service? Even if it doesn't help rankings, it is nice to have lots of followers so that they will see my tweets which has the potential to drive more traffic to my site, and give awareness to my business. What are your thoughts?
White Hat / Black Hat SEO | | eugenecomputergeeks0 -
Ever seen a black hat SEO hack this sneaky?
A friend pointed out to me that a University site had been hacked and used to gain top Google rankings. But it was cloaked so that most users wouldn't notice the hack. Only Googlebot and visitors from Google SERPs for the spam keywords would see a hacked version. See http://www.rypmarketing.com/blog/122-how-hackers-gained-an-easy-1-google-ranking-using-a-university-website.whtml (my blog) for screenshot and specifics. I've dealt with hacks before, but nothing this evil and sneaky. Ever seen anything like this? This is not our client, but was just curious if others had seen a hack like this before.
White Hat / Black Hat SEO | | AdamThompson0
