Lately, we’ve been seeing a lot of SEO poisoning cases and felt it necessary to spend a little more time explaining them.
SEO (Search Engine Optimization) is all the rave these days. Anybody that owns a website and is trying to make an impact or working to improve their traffic has heard the term, and undoubtedly have become an SEO expert. If you’re not familiar with SEO, here is your quick definition:
“SEO stands for “search engine optimization.” In simple terms, SEO means the process of improving your website to increase its visibility in Google, Microsoft Bing, and other search engines…” Source: Search Engine Land
Many organizations will actually enlist the help of marketing consultants to assist in this optimization process. Ranking on the first page is highly coveted by many. In essence, if you are able to rank on the first page for a specific keyword, phrase, subject, etc. then you have the ability to generate a lot of traffic to your site. This in turn increasing the odds of visits. If you’re an ecommerce site, this equates to purchases. And if you’re a services company, this often equates to new clients. The idea is simple and highly effective. What is even better is that most search engines like Bing, Yahoo, and Google offer set criteria designed to improve your ranking within their searches.
It all sounds pretty awesome right?
Unfortunately, you’re not the only one who knows this. Today, SEO spam is one of the top five attacks we’re seeing on the web, and it’s quickly pushing its way up to number one. SEO attacks becoming so prevalent, we felt the need to do some homework to better understand them.
In the process we found a useful video by Matt Cutts of Google in Youtube. In the video Cutts answered a interesting question about SEO in Google point of view:
Question: Does Google consider SEO to be spam?
Short answer: No
Long answer is below:
Google don’t consider SEO to be spam. Now a few really tech savvy people might get angry at that. So let me explain in a little more detail.
SEO stands for Search Engine Optimization
And essentially it just means trying to make sure that your pages are well represented within search engines. And there’s plenty of white-hat, great quality stuff that you can do as a search engine optimizer. You can do things like making sure that your pages are crawlable. So you want them to be accessible. You want people to be able to find them just by clicking on links. And in the same way, search engines can find them just by clicking on links. You want to make sure that people use the right key words. If you’re using industry jargon or lingo that not everybody else uses, then a good SEO can help you find out, oh, these are key words that you should have been thinking about. You can think about usability, and trying to make sure that the design of the site is good. That’s good for users and for search engines. You can think about how to make your site faster.
Not only does Google use site speed in our rankings as one of the many factors that we use in our search rankings. But if you can make your site run faster, that can also make it a much better experience. So there are an enormous number of things that SEOs do, everything from helping out with the initial site architecture and deciding what your site should look like, and the URL structure, and the templates, and all that sort of stuff, making sure that your site is crawlable, all the way down to helping optimize for your return on investment. So trying to figure out what are the ways that you are going to get the best bang for the buck, doing AB testing, trying to find out, OK, what is the copy that converts, all those kinds of things.
There is nothing at all wrong with all of those white hat methods
Now, are there some SEOs who go further than we would like? Sure. And are there some SEOs who actually try to employ black hat techniques, people that hack sites or that keyword stuff and just repeat things or that do sneaky things with redirects? Yeah, absolutely. But our goal is to make sure that we return the best possible search results we can. And a very wonderful way that search engine optimizers can help is by cooperating and trying to help search engines find pages better.
SEO is not spam. SEO can be enormously useful
SEO can also be abused. And it can be overdone. But it’s important to realize that we believe, in an ideal world, people wouldn’t have to worry about these issues. But search engines are not as smart as people yet. We’re working on it. We’re trying to figure out what people mean. We’re trying to figure out synonyms, and vocabulary, and stemming so that you don’t have to know exactly the right word to search for what you wanted to find. But until we get to that day, search engine optimization can be a valid way to help people find what they’re looking for via search engines.
We provide webmaster guidelines on google.com/webmasters. There’s a free webmaster forum. There are free webmaster tools. There’s a ton of HTML documentation. So if you search for SEO starter guide, we’ve written a beginner guide where people can learn more about search engine optimization. But just to be very clear, there are many, many valid ways that people can make the world better with SEO. It’s not the case that, sometimes you’ll hear SEOs are criminals. SEOs are snake oil salesmen. If you find a good person, someone that you can trust, someone that will tell you exactly what they’re doing, the sort of person where you get good references, or you’ve seen their work and it’s very helpful, and they’ll explain exactly what they’re doing, they can absolutely help your website. So I just wanted to dispel that misconception. Some people think Google thinks all SEO is spam. And that’s definitely not the case. There are a lot of great SEOs out there. And I hope you find a good one to help with your website.
But.. SEO has evolved in many areas.
The challenge with that is how SEO has evolved. In our own experience, it is no longer this simple, and the majority of the SEO attacks revolve around pharmaceutical injections. A recent study actually discusses why the pharmaceutical affiliate marketing model has become so effective and highly coveted with blackhats today. If you’re wondering why, it’s because of how economically rewarding it is. That’s a post for another day though.
The good news is that principles of these SEO spams are still the same today. In 2010 Sophos described the following:
At the heart of the SEO attack is the ability to feed search engine crawlers content to index and redirect users to malicious sites.
Today that is still key, but their methods have evolved. We’re seeing highly complex malware injections that are intelligent by being able to adapt to incoming traffic. Many are targeting the search engine IPs like Bing and Google, while others are being wrapped into conditional logic that only presents itself when specific conditions are met, and yet others are being tied into Command and Control nodes that are dictating what the site should do on visit.
More and more of them however are integrating themselves into the Pharmaceutical affiliate model as described above. What is perhaps most interesting about this is that those sites are rarely distributing drive-by-download payloads. Instead they are being maintained in pristine condition with no other anomalies other than the improper redirection.
We are also seeing no real preference on the brand or traffic of the site. In fact it appears that they are more than content with low-hanging fruit than they are in penetrating a high-ranking site with a well-known brand. This we find exceptionally interesting.
Many have undoubtedly experienced the impact of these SEO attacks. They often lead to the inevitable warning by Google, “This site may be compromised!” or “Something’s not right here!” We wrote a post describing these warnings earlier this year.
Unfortunately, there is no real solution to this problem. The threat landscape in which most websites live is just too large and most website owners really don’t care about it. That’s probably today’s biggest issue.
So where does that leave things today?
If you have any questions or comments about this post please leave a your comment at our contact page.