DDoS, Negative SEO, etc.
This has been an interesting week for myself and Virante. First, some of you may know that Virante runs two free anti-spam services – OpenCaptcha (a free, distributed CAPTCHA system) and LinkSleeve (a free, distributed link spam detection API). This Monday, we were hit with what appears to have been a poorly orchestrated DDoS. I say poorly orchestrated because we were able to effectively control the attack within about 8 hours. Distributed Denial of Service attacks use a large number of computers to flood a server or website with so many requests that the site can no longer function. However, their attacks were not strong enough to prevent us from still being able to access the server via SSH (ie: the attack crippled Apache/MySQL but not our bandwidth nor our server’s overall responsiveness). Subsequently, we were able to write custom code to drop all the IPs that were attacking, and were able to write code to capture future ones as well. While this wasn’t the first we have seen, it was the largest to hit OpenCaptcha. As you can imagine, there are a lot of folks out there who would be happy to take down a CAPTCHA service.
The second interesting tidbit was the discovery of some particularly malicious ongoing Negative SEO against one of our clients. It is rare that I blog about client work just because I don’t want to reveal anything about them, so I will have to tread carefully, but here goes.
The client is a competitive and lucrative financial space and for the better part of a year and a half with us has ranked in the top 5 for the primary term. Recently, they saw substantial drops in that ranking and we were mystified as to the cause. Eventually, we were able to identify some particularly disgusting links via SEOMoz’s Site Intelligence API that were pointing to the site. They were a part of a massive .edu parasitic hosting link spam campaign. We found hundreds, but there are probably thousands more like it. The anchor text used in these spam links was unrelated to our space, so I have no reason to believe that it was our client trying out some new spam toy either. That being said, we have certainly brought it’s attention to the Google spam team and are awaiting their response.
And finally, I thought there was something worth looking at that came via my two favorite sites on the web – Reddit and Google. Recently a user on reddit, CarlH, complained about his RipOffReport listing in the top of the search results for his name Carl Herold. Redditors, including myself, worked on his behalf to get other content to show in the top 10, and it was overwhelmingly successful. However, something else occurred to me in the process. Not only is the Rip-Off Report listing pushed back to page 5, Google no longer thinks the actual article on Carl Herold is the most important about him on the site. It is one thing to get other pages to rank above a competitor, and yet another to find a way to devalue a page itself. There are a handful of spam links pointing to that page now, but I think they were picked up by auto-site-gen based on google trends for his name (he popped up when everyone on reddit was searching google for Carl Herold). Anyway, I think it is worth further investigation to see if some intelligent Redditor discovered a way to negatively impact a specific page.