Welcome to WebmasterWorld Guest from 34.238.192.150

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Injected links - the new SEO?

     
7:31 am on Sep 30, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1191
votes: 41


I'm seeing a growing number of sites rising up the SERPs as a result of links injected into CMS sites. This isn't new, it's been around for a long while but I've watched it growing substantially for many months now. A lot of the sites that are promoted in this way are very professionally done so this doesn't look like just a back street black hat operation.

What bothers me is that this type of abuse is so easy to spot. The links are created within a javascript script, which prevents them from being visible on the page. I would have thought that Google could easily spot this but it doesn't seem to be a priority.

I'm in the UK, in the finance sector. Is this an issue elsewhere, in other countries too?
11:59 am on Sept 30, 2016 (gmt 0)

Preferred Member

5+ Year Member Top Contributors Of The Month

joined:Sept 12, 2014
posts:384
votes: 68


Are the sites with the injected links hacked?
12:03 pm on Sept 30, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1191
votes: 41


I would imagine so.
1:28 pm on Sept 30, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Scenario...

Professional looking, white hat site needs ranking boost so they hire an SEO compamy that boasts quick results.

SEO company takes money but instead of doing the real work, chooses black hat link injection to vulnerable CMS sites.

Voila, quick boost in ranking until SE algo catches the game and imposes penalty.
5:48 pm on Sept 30, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 16, 2009
posts:1087
votes: 83


I've seen this done well enough (UK finance sector also) that the link added doesn't stand out like a sore thumb. They were noticeable but only because they were a little out of character for the text that surrounds them - and sometimes just plonked randomly in the middle of some text. You'd think that with the effort that goes into the hack (surely at least some) the perpetrators would do as little as possible to draw attention to the link - but then maybe it's different groups that hack and place. You can buy access to a certain amount of compromised sites, how clever you are in your use of them is up to you.

I wouldn't be surprised if there are people that place the links well enough so that they look totally natural and are undetectable except by the author of the page. If so, good luck to Google spotting that.
1:05 pm on Oct 3, 2016 (gmt 0)

Full Member from GB 

5+ Year Member Top Contributors Of The Month

joined:Mar 26, 2013
posts:270
votes: 36


Without going into much detail, I can guarantee you that from the examples we have seen, no effort has gone into the hacks.
1:24 pm on Oct 3, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Agreed... doesn't take much effort to run a relatively inexpensive script aquired from the dark web & run it from drone accounts.
7:23 am on Oct 5, 2016 (gmt 0)

New User

joined:Apr 30, 2015
posts:37
votes: 9


Hacking into a website to place a follow link hidden or not, this is improving there SERP position, this is what's happening?

Sounds a bit unlikely to me, I doubt any site that is sloppy enough to being hacked is going to be strong enough to improve any other sites, especially in the financial sector which is viciously competitive to get high in the SERP. I recall PPC prices of up to 15 back in 2004-6 for a mortgage co I looked after!

Is there not something else pushing them up?

Out of interest I would like to see the hacked sites you are referring too.
12:02 pm on Oct 6, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 30, 2002
posts: 2661
votes: 103


What bothers me is that this type of abuse is so easy to spot. The links are created within a javascript script, which prevents them from being visible on the page. I would have thought that Google could easily spot this but it doesn't seem to be a priority.

I'm in the UK, in the finance sector. Is this an issue elsewhere, in other countries too?
Yes. It is a major problem. The most common links are obscured using CSS rather than Javascript so that they don't appear on a user's visible screen area. Most of the ones that I see each month in the web usage surveys are on Wordpress or Joomla sites that have been compromised via a vulnerable plug-in or out-of-date CMS version.

Regards...jmcc
3:43 pm on Oct 6, 2016 (gmt 0)

New User

joined:Apr 30, 2015
posts:37
votes: 9


Eh? What exactly is the discussion here?

Apparently this is a "Major problem" that is pushing up sites in arguably one of the most competitive SERP positions. That is also "so easy to spot".....

Yet Google are totally blind to this activity which has been known for years?... Really?.. this is really what's going on with Google?

Come on people, you need to back this sort of talk up with some evidence, why not show us these hacked sites and the sites they are pushing up so as we all can see with our own eyes.
6:57 pm on Oct 6, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1191
votes: 41


Come on people, you need to back this sort of talk up with some evidence, why not show us these hacked sites and the sites they are pushing up so as we all can see with our own eyes.


It's against the TOS. Take a good look around, you'll soon find some.
6:42 am on Oct 7, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 16, 2009
posts:1087
votes: 83


If you spend enough time crunching through link profiles you will see them. And you're only looking at links on sites that the link discovery bots from the paid crawlers like Majestic and Ahrefs are not blocked from. Some hosts block these bots at a server level.
2:05 pm on Oct 7, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:July 15, 2015
posts:117
votes: 43


One site that is ranking on page one in my niche for a very high traffic keyword has been hacked and in its footer there are hundreds of spam links (mostly those exam test result sites). This site has been like this for ages now and has been untouched by penguin.
2:42 pm on Oct 7, 2016 (gmt 0)

Administrator from US 

WebmasterWorld Administrator goodroi is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 21, 2004
posts:3528
votes: 398


First let me subtly remind everyone NO LINK DROPS IN THIS THREAD Why? Exposing sites often backfires causing a bunch of problems which can AND have hurt innocent webmasters ... so don't do it.

As for injected links, I wouldn't say it is new. Some of the variations are newer but injecting links has been around for years.

If you want to inject links it works best when you are subtle. Don't go for 100 footer links, go for swapping out specific keywords embedded in relevant content with links. If possible cookie users and only show the injected links on the first visit. This way if the site owner sees the links no longer appearing when they reload the page, they will think its was a temporary glitch and stop trying to remove your hack. Another variation is to only show the injected links if a user is coming from Google serps but this is becoming a little less popular due to http & https issues. But honestly you shouldn't inject links because a) you suck as a human & b) you have crossed the line into illegal stuff which means jail time.

If a webmaster wants to protect their site from injected links regularly scan your site for all outbound links. You should already be doing this to find any broken links to good sites from your real outbound links. Also pay attention to your Google's webmaster report which shows the top content keywords. Some hackers have started to upload massive amounts of full pages with themed content filled with embedded links. This will change the top content keywords for your site. Use incognito mode to search Google for your site (which you should already be doing to know how Google is showing your site to real users) Of course update your site whenever there is a new update. Don't use easy passwords and don't use any scripts or programs that you don't need. If your website is how you generate your weekly paycheck, take security as serious as you would for your online bank account.
3:53 am on Oct 9, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 3, 2015
posts:132
votes: 64


I'll often find injected links when doing different research projects. If it's a straighforward site that appears unaware of the injected links, I'll send an email describing the link and the location in the code.
To date: I have received no "thank you's", how do we fix this, who the hell are you replies.

If I'd only been doing it for a month or two, yeah that would be normal. But, I've tried to make the web a better place for years. Still, just crickets.

And that is why I pretty much have understood that most websites and the people behind them don't really understand the web and/or their website interaction with the web.

World Wide Web, or Wild Wild West. Take your pick.
5:19 am on Oct 9, 2016 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12402
votes: 410


Walt Hartwell, I've had experiences similar to yours when letting sites know that they've been hacked. Quite often the victims are non-profit sites with a large public profile, but lacking adequate site maintenance. And, yes, sadly they are often not grateful. Sometimes the injected links are cloaked for Googlebot, so the links aren't visible unless you've come in via Google or view as Googlebot.

Here are two of our classic threads on various models of hacking, which provide good general overview and contain links to other references....

Understanding hacked sites that rank in Google
April, 2013
https://www.webmasterworld.com/google/4561487.htm [webmasterworld.com]

tedster's 2008 thread gives a hint how tricky some of these hacks are in terms of hiding what's been done. Combinations of cloaking for Googlebot and using cookies, eg, can make these very hard to track down...

How Hacked Servers Can Hurt Your Traffic
Dec, 2008
https://www.webmasterworld.com/google/3802274.htm [webmasterworld.com]

5:37 am on Oct 9, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 3, 2015
posts:132
votes: 64


You nail it with the non-profits, Robert. While I will sometimes forage for links from large public profile sites, the links should be freely given or obtained, not injected. But they are certainly a target.
6:30 am on Oct 9, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 30, 2002
posts: 2661
votes: 103


The ubiquity of Google in the US/EU markets that blinds posters to the reality that there are other search engines and other markets. Yandex, Baidu and a few others also spider these sites. Western hosters/registrars account for some of the dodgy domains that are being promoted in this way but many of the dodgy link domains are not hosted in North America or the EU. There are some new gTLDs that have been promoted by free registrations and heavily discounted registrations and this has added to the problem. Some of these gTLDs are heavily used in these injected link operations. If a .top appears in a US or EU website's link graph, it is almost certain that the site has been hacked. Most of the dodgy links are pushing drugs/counterfeit goods/etc. Spamhaus had a TLD badness rating based on spam e-mail. It might be possible to generate a TLD badness based on this kind of activity. It would be simple enough to correlate the links with hosters/registrars to identify these dodgy links with a simple algorithm.

The brochureware aspect of websites often means that a site owner pays a webdev for a site but then does not get a maintenance contract. The site owner tends to treat it like print advertising that only has to be updated once a year or so. The problem is that out of date plug-ins and CMS software have vulnerabilities. It is not uncommon to see sites repeatedly compromised with a new set of dodgy links on each monthly survey. (I run monthly web usage and categorisation surveys on various markets and TLDs each month. This gives me a somewhat better view of the problem than the average web developer.) Defacements are becoming rarer. The cynical view is that this kind of activity is a feature of the webscape and no amount of preaching about keeping plug-ins and software current is going to change it because website owners don't care.

Regards...jmcc