|Link Attack - seemingly aimed at affecting my Google ranking|
In Yahoo Site Explorer I just noticed a link attack on my own site and a competitors'. His and my site are first and second for a "blue widget"-type search. I can't find other sites (3rd, 4th, etc) with the same problem.
The attack exists of different components (as far as I can see in Site Explorer):
1 blocks of apparently random text and links on hundreds of pages on dozens of domains (each site is attacked from a different set of domains). These pages have strange extensions, such as: /kqzim/exyj.php?t=485784, /wphet/xnxybx.php?rk=574041, etc. The links on these pages are directly to domain names (no www.) of the attacked sites, so in my case not visible in Google Webmaster Tools. The other links on these pages are to other, similar attacker pages on other domains (but these are not attacking my site; so there are no "link wheels"), to non-existing pages (removed attacker pages?), and to other attacked sites not related to mine. The attacked sites have their domain name as anchor text, but the other attacker pages linked have what seem random text fragments as anchor texts.
2 hidden links on a dozen or so front pages of high PR web sites not related to my site. The hidden links are placed between strange tags, such as <efskert3sewrt>hidden links<aoe4dell231rr> just before or after the </body></html> tags. The links are similar to those mentioned above, but there is no random text in between them;
3 dozens of pages on seodigger.com, generated for other competitors. This may be a co´ncidence, but I have not seen them before.
All pages (type 1 and 2) are different, in all it seems a huge network of attacker pages and hidden texts. In all there are 350 such links to my site visible in Site Explorer, and 250 to my competitor.
A quick IP address check shows that the site are hosted on a limited amount of servers (3-6 sites per IP address) which may mean servers are attacked or someone hosts the sites on a network of servers. All sites have different registrants, but the majority of them have "Domain Privacy" as admin, billing and tech contacts, and pipedns.com as dns service. This seems to point in the direction of false (or outdated) registrant names, with all sites in reality owned by one person. The field of my site is not internet-related, so I can't imagine this is done by a competitor by himself. I suspect this is done by an SEO company specialized in negative SEO, in other words rank clients in Google by attacking their competitors.
-has anyone seen this before?
-any ideas how to check further for the magnitude of the attack? I imagine I see just the tip of the iceberg.
-any ideas what I should so? My ranking is not affected sofar, so Google reinclusion request seems out of the question?
-my site is old and established so may not be affected, but should I lean back and wait? Doesn't feel good. On the other hand it doesn't feel good defending myself from such unethical behaviour either
What you're seeing is probably just auto-generated spam. There are millions of these pages continually being created by automated methods. A lot of them scrape their content from Google's SERPs, which would explain why your site picked them up. Google seems to be able to filter most of them out so that they don't affect rankings in most cases.
Thanks for your reaction, aristotle, but I find it hard to believe this is spam. There are no ads on the pages, and I see no purpose to these pages other then to devalue other people's rankings.
I had a closer look and now see that only the first group of attacker sites seem to be owned by the same person, and the second group does not. The sites in the second group seem hacked, so the owners are equally hit and may expect their rankings to drop because of the hidden links.
Any ideas about how to beat this before my rankings sink are welcome!
I know I'm asking for help in my individual case, but please be aware that this can hit any one of us at any time! My attacked site is not even in a very competitive field.
I have now found a third competitor that is attacked in the same way. His rankings seem to have dropped already.
Mentioning the affected sites here is probably against TOS, but I can send the URL's by PM to anyone particularly interested in beating this negative SEO.
These pages could be spam that was generated to try to promote some other websites by creating links to them. Links to a few reputable sites like yours could have been added to the pages to try to make them look more legitimate.
In any case, Google employees like Matt Cutts have often said that it's nearly impossible to hurt a site's rankings by creating toxic links to it.
|In any case, Google employees like Matt Cutts have often said that it's nearly impossible to hurt a site's rankings by creating toxic links to it. |
It's nearly impossible if you are a large and established website. If you have a few hundred links, it's ridiculously simple to remove a site from the SERPs for their targeted keyword. Just get thousands (2k-3k) of links to the target from low quality websites using the targeted anchor text. It also helps to buy links with the targeted anchor text on pages that are obviously paid links. It is not cost prohibitive if you are serious in your industry. You can do this for under $500 USD.
I see what you mean, aristotle. Well I hope I've been too paranoid and my rankings won't suffer. One of my competitors has already used shady tactics in the past, such as buying links, and copying my content, so I kinda suspect his SEO company to be the culprit. Especially so because 3 other top ranking sites in my field have the same problem, of whom one already has lost ranking.
I have already sent a spam report to Google, and now plan to file abuse reports with the hosting companies of the offending sites, and hope they remove them, and urge my competitors that were hit by the same thing to do the same. I may be overreacting here, but for me large part of my income is at stake.
Suggestions for further action are still very welcome.
errorsamac is 100% correct, you did the right thing Joost.
I just started mailing hosting providers from the first group of sites, and one removed all pages from 7 offending sites on their server within half an hour. So maybe those were also inserted during a server attack.
Any update to your situation here?
I just picked up a new seo client. And it seems that someone just attacked their site in December using this exact same technique you list here. It even uses the same <efskert3sewrt> tags on the other sites that are linking to theirs. I'm wondering if you saw any decline in your rankings throughout this incident...and did you you ever get all the links deleted? Any insight would be appreciated.
I got 90% of these links removed within a week or so, and almost all others within 2 weeks. This was done in the following matter:
-first I mailed all webmasters of the infected sites, asked them to solve the problem, and told them I would contact their hosting companies if they did not. About half of them reacted within days and solved the problem by contacting their server companies;
-then I mailed hosting companies of the sites that had not solved the problem, of which most US located ones reacted within hours and removed the offending pages or blocked the entire sites;
-then I called the remaining hosting companies (mostly European) and made my point in wordings I had better not repeat here. Reluctantly they acted withing days (some after several calls). I guess it helped a lot that I manage some faul language in most European languages ;-)
Finally a few links staid active on 4 sites (20 links in all), and I moved on.
My listings did not suffer until about December, 3 months later, but I think this is not related. I suspect the cause is that my site is English-language, but not hosted in an English-language country. In the country of hosting my ratings did not suffer.
I don't know how long these links were active when I found them, but from my experience I assume rankings will not suffer when swift action is taken, and the links removed quickly. I hope this helps.
Thanks joost. I plan to do the same. I appreciate the update.
Thanks for the update. It's good to hear that this went as well as it did. It helps to see the process explained clearly like this.