I was impacted by this a few month ago. Here is the thread I started relating to the issue:
[webmasterworld.com...]
I wasn't specific in my thread but it was exactly the same. TL:DR I did two things, I filed a spam report with Google and I blocked hot-linking. I blocked the hot-linking before I even discovered this issue.

First off, the sites are cloaking, if one simply goes to the URL there is pron, or malware or some other spammy crap. But, if you go to the site using a spoofed Googlebot UA it will show you how Google sees it. In the Google view the sites were hotlinking my images. Just before (1 or 2 month before) discovering this garbage I implemented hotlink blocking. So when I checked the sites as Gbot all the links to my site were already dead.

I'm not sure if it was the spam reporting or the hotlink blocking or both that did, but the issue resolved itself.

Thank you for the information. Sounds like we are almost battling the same thing..

When attempting to stop it, it will morph to different types of attacks.

Did your rankings ever recover? Or are you just being attacked through different means now....

After fixing certain things, new things will morph up like spoofing emails (somehow they can get the DKIM correct) and you need to make sure they do not pass the SPF (hardfail).

It's been a year, but the list goes on...

I wonder which niche you are in? It seems these links are after certain topics only.

And yes, all of the links either redirect to affiliate offers, virus's, Chrome Extensions or pron links and it's only getting worse... not better.

These same hacked servers are being sold as (proxies or just being used to slam your site) and are ALL mostly in the cloud environment or cloudflare.

If anybody else can throw their 2cents in, would love to know more.

Would be great if you could leave an example keyword so others can see the mess (it's almost 80% of the links!) and they all have the simplest preg_match to flag them. They are all the same and I can't understand why I am not able to show anybody.

how about: Go to Google and type any random 3 letter combination and look for the past hour and you will most likely see them everywhere.

Exact keyword discussion, especially in relation to webspam/cloaking/malware attacks has served to alert the bad actors before their actions can be documented by webspam workers. Yes, it might temporarily benefit the affected sites. But for long term relief for all of us, it is better to let them be caught in the act. Yes, that's easier to say if you're not the one being slammed.

There used to be lots of info at https://www.stopbadware.org/badware but since it is publicly visible, specific details on link spam are no longer discussed there. They mostly help victims of hacking and malware.

As far as I know, Google has taken their teams out of public view for that reason, it was hinted at over 10 years ago. At that time there was a Google Group where you could go to report it, now handled only via their webspam form. Their specific projects that used to be public are quiet (private) now. It is no longer interactive except to accept complaints via the form. That form is found here: [support.google.com...] in case you missed it. Relief is not instant but they take it seriously.

I have reached out to Google for "Relief" and every time I do they report my post, like within minutes and never respond. I've done it a few times over the course of the last two years. All with just about this same information... and through other forms and other methods and anyway I could.

The last one said

"Hi Steve,
Thank you for this post.
I'm reporting this topic."

Now my post says "Deleted" and when I navigate to it, it says:

"This page is no longer visible to the public because your question violates the Community Policy."

[support.google.com...]

I'm posting in the "Security, Malware and Hacked Sites" forum section.

I'm not going to sit there and post Captcha's for thousands and thousands of these domains.... I've reported hundreds of them. They are unlimited and Google treats each subdomain as a new domain.. so it's really pointless.

It's almost been 2 years of these and it's nothing new.. The exact same url structure, the exact same spun text. The exact same everything ?keyword ?a=keyword

How many people are being infected by this? The last Chrome Plugin I was redirected to had 900 installs... I wonder what it does. Click ads? Who knows. I don't understand.

Their support forum won't accept the information. The place to report it is by filling out their form, at the link I posted above. There is a text area to post a list or to alert them that there are 200 domains you wish to report.

Can you please paste me the direct link for report form you are speaking of?

The only forms I see have a spot to report "1 link" and allow you to type only 300 characters maximum and I do not know the website selling links or website buying links. I have my gut assumptions, based on the activity in my niche. 1 main thing that makes them stand out is how they try to copy everything I do, the second I do it and their Facebook reach is over 500,000 (everybody else in the niche is 10,000 or less).

I've filled these out. I even filled out reports to talk to Adsense and anything I could think of.

If I ever get a response from any company, they just look at the 1 domain filed (ignore all the text) and the 1 domain is removed or say there's nothing they can do. Spam is just one of those things.

Maybe somebody here can fix this? Just type any 3 random combination into Google and check the past hour to see what i'm talking about.

I've defended myself against the attack, at least to the best of my ability so far and have not really been affected. They zig I zag. I'm only concerned because I see it happening to others in the niche.. and there are less than a handful left now.

What do you know about Electronic Harassment (of course you will read lots of BS on the internet)? For me it started the same day as these links. Here's a great website with more information: [thehum.info...] I've been far and wide (even Winslow like everywhere suggests). The only place that is free is Holbrook, AZ, which is ran by the mexican cartels right off route 66. "It doesn't control your mind, it just makes it so you can't think!) I like thinking and I am high functioning.

"With a crime rate of 64 per one thousand residents, Holbrook has one of the highest crime rates in America compared to all communities of all sizes - from the smallest towns to the very largest cities. One's chance of becoming a victim of either violent or property crime here is one in 16."

The information I posted is from the last time I used it. Google evolves, and now it appears to be within GSC.
https://www.google.com/webmasters/tools/spamreport

I can't get to a link to share because you need to be logged in there and my link would not help you.

So you're saying to find each link, enter it into the spam report link add (300 characters or less), complete the captcha and submit it for thousands and thousands of domains?

I am only 1 person and I cannot keep up with the thousands of links.

Maybe if others in the forum do a random 3 letter search in the past hour, they can start reporting some links. I can't tell you the amount of fun you will have!

There are lots of patterns that should make it pretty easy to stop, or at least cut in half or more. It looks like the .it domains appear to all be registered through:

Registrar
Organization: OVH
Name: OVH-REG

@steven29 I only ever filled out a single spam report. If I remember correctly I took one representative spammy link as the report target but in the report write-up described the pattern and listed a few more of the links. I clearly stated that the sites in question numbered in the thousands if not more.

I should say, I am very skeptical that the report made any sort of a difference in my case. As mentioned in my post above, these sites were all linking to mine via an image hotlink. When I blocked the hotlinking it killed all those links, I attribute the latter action for the resolution of my problem.

Did your rankings ever recover?

Since the issue was resolved my rankings have been going back up. It impossible to say whether or not it directly attributable to this or if the rise in ranking is due other factors such as algo updates.

After fixing certain things, new things will morph up like spoofing emails (somehow they can get the DKIM correct) and you need to make sure they do not pass the SPF (hardfail).

I have not had any issues with email, that have come to my attention.

How exactly are these spam sites impacting you? In my case when I searched for my domain name, it appeared in 1st position but then every other result was a spam site, 8 to 10 pages deep.

"Since the issue was resolved my rankings have been going back up. It impossible to say whether or not it directly attributable to this or if the rise in ranking is due other factors such as algo updates."

I'm glad, hopefully they will return to where they originally were before this happened, which is why i'm trying to bring attention to this.

"I have not had any issues with email, that have come to my attention."

Do you have DMARC setup on your emails to confirm this?

"How exactly are these spam sites impacting you? In my case when I searched for my domain name, it appeared in 1st position but then every other result was a spam site, 8 to 10 pages deep."

They are slamming my website, creating bad backlinks, getting urls indexed I do not want indexed, screwing up searches for the niche and more. I believe the viruses being installed are also being used to pump fake likes to the competitor websites and generate fake traffic for themselves.

I'd also say some links are being used to actually HELP seo, if after x amount of months it's not detected as spam it can be redirected to help competing websites (hidden PBN links).

Once your rankings start to recover and you start outranking the scrapper websites, you will be DDOS'd until your rankings go back down. It happens everytime, I will get woken up at 2 AM to an alert my website is offline until your rankings go back down.

[i.ibb.co...]

The list goes on...

My rankings are starting to recover again after lots of more work. Let's see what they have next up their sleeve. I've learned lots, thanks to them.

The sad thing is I can now see it happening to the last few competitors left (the real ones) and they do not understand at all what is happening.

This should be fixed from the higher ups and each individual should not have to deal with this.

Sigh, nobody seems to care each report takes care of 1 domain and 100 more replace it. If this is happening to you, look at your surroundings. I've moved a few times and every time I do within a few days one of these are installed and my problems come back:<snip>

It's a "Li-Fi" network, not to be confused with "Wi-Fi" or "5G" network. It's basically "light for data transmission" that are not on the radio spectrum. Wait, I thought the next push was for 5G and i've never even heard of "Li-Fi".... have you? How can I use one of these Li-Fi networks? Or it's just being installed for "one of these days"?

--

Mod's note: Removed clickable link to possible malware source.

[edited by: Robert_Charlton at 11:08 pm (utc) on Dec 8, 2019]
[edit reason] Removed link [/edit]

Steven29, Sorry I need to remove the clickable link you posted, but it very possibly might be a source of infection to others. Not sure what you are thinking by posting it.

To exemplify, I did a Google search for

"badsite.tld" in Google...

...ie, just the domain and tld you posted, without the specifics to a page or shortened link, and Google displayed numerous reports that it was a download site that was the source of AdWare/ malware infections. Removal suggestions for deinstalling the associated program(s) were posted in several of the results that Google returned.

We absolutely never allow posting of specifics when it comes to hacked machines, as the payloads are often dangerous. Look to a source like Malwarebytes for further removal instructions. Some of these things are built to conceal themselves and hang around.

Hi Robert,

I have never seen a link that suggests it might be a site that is a source of adware/malwafe infections... Why would they show the links in the first place then?

It looks like Google is finally addressing this problem! Overnight they did changes and are trying to finally stop these links, it is also stopping some legitimate links.. but its a start. Now you will see

"It looks like there aren't any great matches for your search
Tip: Try using words that might appear on the page you’re looking for. For example, “cake recipes” instead of “how to make a cake.”
Need help? Check out other tips and tricks for searching on Google.
You can also try these searches"

Rather than all of the spam links. In most cases it shows absolutely nothing at all, hopefully this is just the start to fixing it.

And overnight it's back.

Through the weekend, it appeared as if something was being fixed or updated in regards to these searches. Now the links are all back, almost 2x. There is not 1 keyword you can search for in the past 1 hour and see roughly 50%+ spam.

Does nobody else see this? Or is it a more of a "it's not happening to me so I don't care". It will make it's rounds and you will one day go through this.