Spamdexing (SEO spam malware)
About SEO spam — is my website a target?
You’ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that someone has hijacked your site by inserting their own spam. You are a victim of SEO spam, otherwise known as spamdexing, web spam, search engine spam and more.
This malware comes in many forms. It is normally used by malicious hackers to bank on the good ranking of reputable sites to spread their links to as many users as possible.
Become a certified reverse engineer!
This threat is carried out through a number of tactics of SEO manipulation, including ways to create websites that trick search engine algorithms to high-rank spam content. It was first introduced in 1996, when the schemes used by spammers mostly revolved around excessively repeating unrelated phrases or increasing the number of links with the goal of attracting traffic.
Spamdexing evolved to include other techniques, including comment spam (used to build backlinks) that automatically posts irrelevant comments that provide no value to the discussion but are used to improve the webpage ranking. As search engines fine-tuned their algorithms, however, spamdexing has become more difficult to achieve for hackers. Yet is far from being a problem of the past.
What is spamdexing?
Spamdexing is the term used for a “website optimized, or attractive, to the major search engines for optimal indexing.” This SEO spamming involves getting a site more exposure than it deserves for its keywords and, as a result, more visible placement on search engine results pages (SERPs). Search engine poisoning (SEP) abuses the ranking algorithms and takes visitors to pages they did not intend to visit. In some cases, websites are artfully created exactly for that scope; in many others, however, they exploit legitimate sites.
As mentioned, spamdexing comes in different forms and has different features. Many of these tactics mimic legitimate techniques used in SEO optimization. However, while "white-hat SEO" aims to improve the overall high quality of a website and boost site ranking with authorized methods, "black-hat SEO" promotes useless content that lures users into visiting pages that just help fulfill malicious hackers’ agendas.
What does SEO spam look like? It can use content or links.
Content spam can come in the form of keyword stuffing, one of the oldest tactics involving the repeated use of keywords; article spinning, basically the re-purposing of content by merely changing words; gateway pages, sites that rank high artificially but that have no meaningful information for users that are asked to visit other pages for content; hidden text, not always a spam attempt but often used to disguise extra keywords in the page (it can use text color equal to the background, hide words behind images or even use a font with size zero); duplication of copyrighted content from high-ranking web sites.
Link spam, instead, is based on using links to rank pages higher. This technique is accomplished via hidden hyperlinks; cookie stuffing, transferring cookies on users’ computers (without their knowledge) to earn from affiliate sales; link farms, pages that link to each other and pages that are merely collection of hyperlinks; comment spam, several, meaningless comments to a post.
Is spamdexing still a problem?
“Spamdexing was a big problem in the 1990s, and search engines were fairly useless because they were compromised by spamdexing,” reports webspam.org. Then Google broke onto the scene and began tailoring algorithms and page ranking systems to promote good sites and good content. Spammy sites or pages that violated the guidelines set by the search engine were penalized in different ways from downranking to blacklisting. Nevertheless, spamdexing still continues, albeit at a lower level.
Cloaking, another form of spamdexing, was identified as existing on the SERP of Google in 2011. Cloaking is considered a violation of Google’s Webmaster Guidelines because it provides users with different results than they expected. In fact, this technique is based on presenting different content to users and search engines: for example, while users see images, the search engine sees HTML text.
The 2012 algorithm Google Penguin was deployed to address this and other search engine spam, including Black Hat SEO. It was only the first of many other more refined efforts by Google algorithm updates that have changed the SEO world several times through the years to come: Google Hummingbird in 2013, Fred in 2017.
In its Webspam Report 2017, Google already reported how it had doubled its efforts in “removing unnatural links via ranking improvements and scalable manual actions,” to the point that they were able to ensure less than 1% of spammy search results. The newest May 2020 Core Update, which was launched with the aim to reward good, relevant, original content for users, promises to improve these stats even more.
How to remove spam and provide protection for your site
Is spamdexing (SEO spam malware) a threat for website owners? Absolutely. It can have a negative impact on their site's search rankings, cause its removal from the search engine index and damage the webmaster’s and client’s reputations.
The easiest way to identify a Google Penalty is with the help of Google Search Console “Search Traffic” and “Manual Actions” features from the side bar.
If anything fishy is spotted, it’s advised to file a spam report (Google Account required). Google also encourages anyone who witnesses any unfair techniques to artificially inflate PageRank are asked to take immediate action and notify Google's web spam team, either through webmaster tools or their public spam report, to help combat spamdexing.
In addition, it is important to implement essential security measures and take steps for fixing any vulnerabilities on your site, such as:
- Apply anti-spam tools
- Enable spam filtering
- Get the most out of Google Alerts to monitor a site for spammy content or to help detect hacked pages
- Capitalize on Chrome extensions to report spam to help with Google’s scalable spam-fighting efforts
- Add a noindex robots meta tag on posts to demotivate spammers and to block non-search crawlers
- Take advantage of “disavow backlinks” to remove spammy, artificial or low-quality links pointing to your site
- Use a web application firewall (WAF) if you’re serious about preventing a search engine spam infection
- Monitor your backlinks and look for any abnormal link “spam issues” or patterns with Google Search Console. You can also receive alerts when Google encounters indexing on your site
- Exploit the “nofollow" attribute to deter spammers from targeting a site and give you more control
It is also worthwhile to browse how-to guides:
- Google has a guide to show how to check if your site is hacked. It shows an example of hacked content and cloaking
- Google also has a guide to identify the hack and then fix vulnerabilities on a site
Conclusion
Spamdexing has been an issue for decades and has evolved through times with the use of different techniques. Many search engines, including Google, routinely update their algorithms, check for instances of spamdexing and will remove these pages from their indexes. They may block an entire website if unethical methods are used to make the site rank highly.
In fact, Google has stated: “We continued to protect the value of authoritative and relevant links as an important ranking signal for Search. We continued to deal swiftly with egregious link spam, and made a number of bad linking practices less effective for manipulating ranking.”
Nevertheless, users and webmasters should always be on guard against these tactics and learn to recognize signs of spamdexing early.
Become a certified reverse engineer!
Sources
- The A-Z SEO Guide, Online Marketing Gurus (OMG)
- Spamdexing, Webopedia
- What is SEO spam and How it will Affect You?, Business & Marketing in Edmonton
- What Is SEO Spam and How to Remove It?, MalCare
- Search Engine Spam, MarketingTerms.com
- SEO Spam: What is Spamdexing?, Web Spam
- Spamdexing: What is SEO Spam and How to Remove It, Sucuri Inc.
- What is Spamdexing (SEO Spam Malware) & How to Fight It, YouTube Webinar
- What is a Search Engine Spam Penalty?, Digipro Marketers
- The Ultimate Guide to Bad SEO Practices, Digital Marketing Institute
- Cloaking on Google’s SERP – search engine spamdexing?, ResearchGate
- How SEO Poisoning Campaigns Are Mounting a Comeback, Security Intelligence
- How Search Engines Work: Crawling, Indexing, and Ranking, Moz, Inc.
- Google’s 200 Ranking Factors: The Ultimate List (2019), BYU Digital
- How Google penalizes websites for violation of rules and spamdexing, The Tips Guru
- How to Tell If Your Website Is Penalized by Google? [Updated], Rankwatch
- Google Penalties And How To Fix Them, hangtenseo.com
- Google updates Penguin, says it now runs in real time within the core search algorithm, Search Engine Land
- 9 Top Google Algorithm Updates, Traffic Radius
- 8 major Google algorithm updates, explained, Search Engine Land
- How to help Google identify web spam, Google Webmaster Central Blog
- How we fought webspam - Webspam Report 2017, Google Webmaster Central Blog
- 8 Best Anti-Spam Tools and Software, Comparitech Limited
- 5 Common Types of SPAM & How You Can Protect Yourself Against Them, cognitiveSEO
- Keyword Stuffing is Bad for SEO: how to Rank Better without it, WriteBetter
- Why You Shouldn’t Use Meta Keywords for Search Engine Ranking, SeoTipsAndSolution.com
- How to Filter Spam Bots in Google Analytics [Step by Step Guide], HostGator.com
- An Up-to-Date Guide on Good SEO Content vs. Bad SEO Content, SearchEngineJournal.com
- The 3 Biggest Spam Trends According to Google’s 2019 Webspam Report, IMPACT
- Difference Between White Hat SEO Strategy and Black Hat SEO Strategy, Best SEO Services Company
- Exam Pass Guarantee
- Live expert instruction
- Hands-on labs
- CREA exam voucher
In this Series
- Spamdexing (SEO spam malware)
- How AsyncRAT is escaping security defenses
- Chrome extensions used to steal users' secrets
- Luna ransomware encrypts Windows, Linux and ESXi systems
- Bahamut Android malware and its new features
- LockBit 3.0 ransomware analysis
- AstraLocker releases the ransomware decryptors
- Analysis of Nokoyawa ransomware
- Goodwill ransomware group is propagating unusual demands to get the decryption key
- Dangerous IoT EnemyBot botnet is now attacking other targets
- Fileless malware uses event logger to hide malware
- Nerbian RAT Using COVID-19 templates
- Popular evasion techniques in the malware landscape
- Sunnyday ransomware analysis
- 9 online tools for malware analysis
- Blackguard malware analysis
- Behind Conti: Leaks reveal inner workings of ransomware group
- ZLoader: What it is, how it works and how to prevent it | Malware spotlight [2022 update]
- WhisperGate: A destructive malware to destroy Ukraine computer systems
- Electron Bot Malware is disseminated via Microsoft's Official Store and is capable of controlling social media apps
- SockDetour: the backdoor impacting U.S. defense contractors
- HermeticWiper malware used against Ukraine
- MyloBot 2022: A botnet that only sends extortion emails
- Mars Stealer malware analysis
- How to remove ransomware: Best free decryption tools and resources
- Purple Fox rootkit and how it has been disseminated in the wild
- Deadbolt ransomware: The real weapon against IoT devices
- Log4j - the remote code execution vulnerability that stopped the world
- Rook ransomware analysis
- Modus operandi of BlackByte ransomware
- Emotet malware returns
- Mekotio banker trojan returns with new TTP
- Android malware BrazKing returns
- Malware instrumentation with Frida
- Malware analysis arsenal: Top 15 tools
- Redline stealer malware: Full analysis
- A full analysis of the BlackMatter ransomware
- A full analysis of Horus Eyes RAT
- REvil ransomware: Lessons learned from a major supply chain attack
- Pingback malware: How it works and how to prevent it
- Android malware worm auto-spreads via WhatsApp messages
- Malware analysis: Ragnarok ransomware
- Taidoor malware: what it is, how it works and how to prevent it | malware spotlight
- SUNBURST backdoor malware: What it is, how it works, and how to prevent it | Malware spotlight
- ZHtrap botnet: How it works and how to prevent it
- DearCry ransomware: How it works and how to prevent it
- How criminals are using Windows Background Intelligent Transfer Service
- How the Javali trojan weaponizes Avira antivirus
- HelloKitty: The ransomware affecting CD Projekt Red and Cyberpunk 2077
- DreamBus Botnet: An analysis
- Kobalos malware: A complex Linux threat
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Malware analysis
Malware analysis
Malware analysis
Malware analysis