Know Your Risk: Penguin Analysis | Panda Risk

DDoS, Negative SEO, etc.

This has been an interesting week for myself and Virante. First, some of you may know that Virante runs two free anti-spam services – OpenCaptcha (a free, distributed CAPTCHA system) and LinkSleeve (a free, distributed link spam detection API). This Monday, we were hit with what appears to have been a poorly orchestrated DDoS. I say poorly orchestrated because we were able to effectively control the attack within about 8 hours. Distributed Denial of Service attacks use a large number of computers to flood a server or website with so many requests that the site can no longer function. However, their attacks were not strong enough to prevent us from still being able to access the server via SSH (ie: the attack crippled Apache/MySQL but not our bandwidth nor our server’s overall responsiveness). Subsequently, we were able to write custom code to drop all the IPs that were attacking, and were able to write code to capture future ones as well. While this wasn’t the first we have seen, it was the largest to hit OpenCaptcha. As you can imagine, there are a lot of folks out there who would be happy to take down a CAPTCHA service.

The second interesting tidbit was the discovery of some particularly malicious ongoing Negative SEO against one of our clients. It is rare that I blog about client work just because I don’t want to reveal anything about them, so I will have to tread carefully, but here goes.

The client is a competitive and lucrative financial space and for the better part of a year and a half with us has ranked in the top 5 for the primary term. Recently, they saw substantial drops in that ranking and we were mystified as to the cause. Eventually, we were able to identify some particularly disgusting links via SEOMoz’s Site Intelligence API that were pointing to the site. They were a part of a massive .edu parasitic hosting link spam campaign. We found hundreds, but there are probably thousands more like it. The anchor text used in these spam links was unrelated to our space, so I have no reason to believe that it was our client trying out some new spam toy either. That being said, we have certainly brought it’s attention to the Google spam team and are awaiting their response.

And finally, I thought there was something worth looking at that came via my two favorite sites on the web – Reddit and Google. Recently a user on reddit, CarlH, complained about his RipOffReport listing in the top of the search results for his name Carl Herold. Redditors, including myself, worked on his behalf to get other content to show in the top 10, and it was overwhelmingly successful. However, something else occurred to me in the process. Not only is the Rip-Off Report listing pushed back to page 5, Google no longer thinks the actual article on Carl Herold is the most important about him on the site. It is one thing to get other pages to rank above a competitor, and yet another to find a way to devalue a page itself. There are a handful of spam links pointing to that page now, but I think they were picked up by auto-site-gen based on google trends for his name (he popped up when everyone on reddit was searching google for Carl Herold). Anyway, I think it is worth further investigation to see if some intelligent Redditor discovered a way to negatively impact a specific page.

DDoS, Negative SEO, etc. by No tags for this post.

2 Comments

  1. Johnny
    Aug 20, 2011

    Great Post, but kind of ironic that you’re talking about SEO spam and people trying to take down a CAPTCHA service, yet the (so far) only comment to this post is obvious comment spam ;)

  2. Michael
    Sep 7, 2011

    I have a questions. I found your article doing a Google search for “negative seo”. In the search SeoRoundTable’s site also came up with the post that they did titled “Negative SEO is possible, yet difficult says Matt Cutts”. The article quotes Google’s Webmaster Guidelines that says “There’s almost nothing a competitor can do to harm your ranking or have your site removed from our index,”

    Then the article quotes Matt from the Forbes magazine article as saying: Matt Cutts, a senior software engineer for Google, says that piling links onto a competitor’s site to reduce its search rank isn’t impossible, but it’s extremely difficult. “We try to be mindful of when a technique can be abused and make our algorithm robust against it,” he says. “I won’t go out on a limb and say it’s impossible. But Google bowling is much more inviting as an idea than it is in practice.”

    Then Matt Cutts comments on this post as the first poster and says in the following in response to his statement about it being possible:

    For example, here are three examples of negative SEO that would work:
    - denial-of-service attack
    - hacking your competitor’s website and putting spam on it
    - identity theft to take ownership of a competitor’s domain.

    Note that all of these are illegal, but would work. That’s why I avoid using the word “impossible.” But we work hard to try to prevent a competitor from hurting your website.

    By this comment it sounds like he is saying these are the ways it would be possible and not from someone posting multiple thousands of backlinks to your site in. Google has said several times spam links pointing to your site won’t hurt your ranking but you have a client who has experienced what Google says will not happen to a site.

    It does not seem like an almost impossible thing to do like Google says it is, it seems to be the opposite, all a competitor needs to do is use one of the spam link programs that can build tons of backlinks from forum profiles, blog comments, etc and they can cause a competitor’s site to lose rankings. Obviously they could not harm an Amazon, a Microsoft, a Twitter, etc but they could do it to much smaller operations.

    So what is going on here? Why does Google say this is almost impossible when it is not?

    Also what happened with your client. Did Google rectify the situation? You said the link spam was done with keywords that did not match his site. What if a competitor does link spam with keywords that did match the site. I would suspect Google would not likely believe the person as they would if they were keywords unrelated to the site. And would all a person who does have a butch of link spam with his target keywords in them have to say is “I didn’t do it, must have been a competitor” will Google say oh, OK we believe you as simple as that and now your former rankings are restored? I seriously doubt it. Any feedback you can share is much appreciated.

    Author Response: Thanks for all your questions. First, I would like to say the good news is that the client’s site did recover eventually. We made sure everything was clean, worked on natural link building campaigns to counter-balance the negative work, and were able to restore rankings after a reconsideration request which explained the situation. That being said, I do believe that negative SEO is difficult. Perhaps it is not quite as difficult as Google would have you believe, but it is not easy. The success of a negative SEO campaign is really based on the vulnerability of the target site. You will probably never effectively perform a negative SEO campaign on a site like Wikipedia, but when your competitor launches a brand new site, you have a chance.

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>