Negative SEO Worries and Cloaked Links

After reading this article looking for a clear provable case of negative SEO from Rand Fishkin from Moz.com this week I’ve been thinking about negative SEO, what people really mean by it, and my own run-ins with it.

Does Negative SEO even exist?

My opinion (which I think is a pretty common one) is that negative SEO is out there and is possible, but attacks are pretty rare and successful attacks are extremely rare.

To those who claim it’s not possible; as long as it’s possible to hurt your own link profile with paid links or spammy external tactics, why wouldn’t it be possible for someone else to apply the same spammy tactics to your site? It’s not like Google knows who created your spammy links, paid or otherwise. Google essentially admits harming your competitors is possible in their guidelines, as Search Engine Roundtable has reported.

While there is some pretty compelling examples out there already of successful attacks, hopefully Rand will follow up with another and perhaps a particularly strong, clear example.

Should I worry about it?

I think what most conversations about negative SEO are really about though is how feasible it is and how much we have to worry about it.

My answer is that you probably don’t have to worry about it. Trying to run an attack against an established site with any sort of decent link profile and history just isn’t going to work in any but the most unusual circumstances.

As Rand pointed out in his article, he offered up his own domain randfishkin.com as a test yet nothing happened. I highly doubt that Google took any manual action to remedy an attack; it’s more likely that a site like his with a decent link profile just isn’t attackable in that way. If it didn’t work against randfishkin.com you can be sure it won’t get anywhere against mattcutts.com.

Who might it work against? Well, smaller sites with a limited link profile and not a lot of history (duh). That’s still a lot of sites though, so why shouldn’t you be worried?

Firstly — because it still probably won’t work. Even if you think your site is small/new/niche/etc. you’ve still probably got some decent links already, and a unnatural looking run of spam isn’t likely to be enough to turn that profile sour. Even if it does work, it’s in many cases not that hard for the attacked site to remedy. You may get a Google Webmaster Tools unnatural link warning, you can disavow those links, or maybe you can get the in-linking sites to scrub their links. One of Rand’s points is you shouldn’t have to do that, which is a reasonable point and something I’m sure Google is concerned about.

Put yourself in your competitors’ shoes — here’s all the things that would need to happen for that attempted attack to even make sense:
1. Your site is small, but so is your competitor. (If they are big they are probably going to outrank you the normal way)
2. You’re near the top of the keyword space in question, despite being small. (If you’re on the fifth page you aren’t exactly a target, so we’re talking either niche or long-tail keywords)
3. Your competitor thinks it’s sensible to spend time & effort on a negative attack on you rather than working on their own positive SEO (which is much easier and more proven).
4. Your competitor can find a black hat SEO that can pull this off. (It’s hard enough for most sites to find a good white hat SEO, let alone black hat).
5. Your competitor is unethical enough to even entertain this in the first place.

But the web is a big place, and so these stars will align enough that most experienced SEOs will have a story. I found this story from Ker Communications quite compelling. Basically their SEO company’s site was attacked, but the attack didn’t work and they was even able to out the attacker. The Ker Communications site fits my 5-point checklist above as a target, but in the end it was at worst an annoyance and made for a great story. My recent experience with a negative SEO attempt may have had some more fallout, but in the end the site did eventually recover.

An Unusual Type of Attack

One of the sites I work on is mintyduds.com, a men’s clothing shopping comparison site similar to shopstyle.com or polyvore.com, but for men’s clothing only. The site launched last October, and after some false starts by December was doing pretty well just in time for Christmas shopping. So we had a good holiday season, but then in January got hit pretty hard in Google Organic with a loss of about 80%:

jan-drop

 

At first I wrote this off to being labelled as thin affiliate content. The site *is* affiliate content after all, and while I do think we add value in a number of ways (like with price history data not found elsewhere) I understand being caught by that and can’t really complain too much. Plus the site’s link profile is nothing spectacular and it is a very crowded and competitive space.

Here’s where it gets weird though, when I looked in Webmaster Tools console I found tons of spammy links to the site that I didn’t create, links like:
http://architect.digidoct.info/Product/233
http://sweaters.aspibima.info/Cuffed%20Crew%20Neck
http://suit.vephys.info/Front%20Pant%20Navy
http://spartans.tradim.info/Midweight%20Full%20Jacket

Almost all to my site’s homepage; not to any of our content (which remember is all affiliate-sourced content anyways, so no point in targeting us for scraping).

Hundreds of these links from about 75 different domains that had started showing up mostly in November & December, and overran our list of about 10-20 legitimate links.

These links all 404 now, but when I first saw them they were very standard affiliate product spam pages on the same kind of templates for each domain, pages that look like this:

aff-spam

Typical Affiliate Product Spam Pages

You know the type, where every click you make takes you through the affiliate tracking and to the original merchant. Versus Minty Duds, which tries to add some useful stuff and is clear about where you click and what it does:

md

Affiliate-based Content, but Value Added

The links from these spam sites back to my site mintyduds.com just did not exist anywhere on the page. They weren’t in the DOM, didn’t ever show up as referrals, and never showed themselves in any external link tracker like ahrefs, opensiteexplorer, etc. They only showed in two places, Google Webmaster Tools and in one case Bing Webmaster Tools. On top of that, I couldn’t see what it looked like to Google because the pages were set (suspiciously) with a meta noarchive tag, so in SERPS they showed as:

inurl

The only explanation that I could come up with is that these links were being cloaked. But it wasn’t just user-agent cloaking either, because I couldn’t see the links with a faked Googlebot user-agent, so it was not just a dumb script, but probably cloaking software.

I imagine that claim may be hard to believe for many people — I found it hard to believe too, but I have no other obvious answer. If the links were transient the timing is extremely unlikely; no other link crawler found them and I never saw it despite seeing them come in over a spam of multiple months.

But why? Well, presumably the technique is to get the attacked site caught by Google for spammy links, maybe even with the bonus of getting the attacked site caught for cloaking. It’s like any other negative SEO attack based on spam links, but the attacker doesn’t know about the links until they eventually show up in Webmaster Tools — so just monitoring a 3rd party link checker wouldn’t be enough.

It’s kind of like a negative SEO version of the pharma link spamming via hidden links injected into PHP templates that I saw a lot of last year (see this article); where the attacked site doesn’t know they have been compromised for quite some time because users won’t ever see the links.

I disavowed all of these links as soon as they showed up in Webmaster Tools, but I was always behind the curve with that because of the delay of new links showing up and then presumably the delay in those disavows being processed. If the links came in over a period of time at a decent rate (which they did), there would always be dozens of them or more that Google knew about but I had not yet seen & disavowed.

Was this attack successful? Is that what caused my drop in January? I don’t know. We never got an unnatural links warning either. I haven’t seen a new link like that come in since February (they started 404-ing sometime after that) and then last week the site was partially restored:

jun-up

There hasn’t been any real changes to the site since January, the only SEO change was a 301 redirect of a separate old domain with some existing rank & links to mintyduds.com on May 5th (not something I recommend doing or would normally do, but I was ready to try anything). Maybe that was enough link profile improvement to overcome either the bad links or the thin affiliate flagging, though my previous experience is that restoration from thin affiliate flagging has been a slow restoration rather than a “pop” like that.

The Payday Loan 2.0 “B” update which supposedly launched sometime after Jun 12th and may have dealt with some negative SEO loophole closing (article here), so that  maybe was involved even though my restoration was a couple days too early.

Whatever the reason was, it’s nice to be out of the cellar for now. This also shows that it can be really hard to differentiate between affiliate content used in a useful ways vs. a spammy ways without relying on external quality factors.

This is a tough area for Google, and the quality in the long tail for this kind of merchandise is pretty poor once you get past the first couple results. In that first example from above [ Architect Wrinkle Resistant Flat Front Pant ], over 50% of links in the first two pages remains clear low-quality affiliate spam.

After all that, why do I still think negative SEO is nothing to worry about? Because if a sophisticated attack over months like what I’m describing on a new site with a weak link profile that had some spammy signals of its own at worst only worked for a few months, then what do you have to worry about?