You’ve Won the Battle but not the War: 10 Ways to protect your site from negative SEO

rankings_robber2.jpgLast month there was an interesting article in Forbes about the search engine marketing saboteurs. These so-called “SEO professionals” proudly proclaim their job to be damaging the hard-earned rankings of their clients’ competitors. I understand a lot of people would do anything for money, but it’s still unsettling to see such people trumpet their efforts with such gusto. A huge thumbs down to all those mentioned in the article.

Earning high search engine rankings is challenging enough. Now we need to work twice as hard to protect the rankings once we earn them. The Forbes article lists seven ways you can damage someone else's website. I can think of three more — but instead of adding more wood to the negative SEO fire, I’ve decided to create a list of things you can do to detect, prevent and protect your rankings from these types of attacks.

Here are Hamlet’s countermeasures. (You may want to read the Forbes article first to better understand the terms.)

  1. Anti-Google bowling. This attack makes your link structure look spammy, potentially causing Google and other search engines to believe your rankings are undeserved. The way to protect your site from this is to monitor your incoming links and their anchor text. Google’s webmaster central provides all the information you need for this purpose. Any site-wide links you are not familiar with, links with strange anchor text (usually porn), etc. are a clear indication that your site is being attacked. Contact the site owners that host the links and politely request they take them down. A cease and desist letter should do the trick, too—but only as a last resort.

  2. Anti-Tattling. This attack is possible thanks to Google's encouragement of reporting paid links for ranking purposes. The best way to avoid this attack is not to buy text links at all. A competitor can purchase links for your site and report it. I assume Google's spam team is smart enough to tell if those paid links are making any difference for the search engine rankings and demote the links instead of banning the website. Again, monitor your incoming links profile and request take-downs where necessary.

  3. Anti-Insulation. This one is basic— creating more pages about the same topics as your site’s pages to make yours less relevant. Preventing your competitors from pushing down your pages means that you will have to work even harder to make your pages more popular and relevant to keep their highly-deserved rankings. As you know, this is why SEO is an ongoing battle.

  4. Anti-Copyright take-downs. Make sure all your content is original. This might sound obvious, but if you pay content writers to create your content, it is good practice to do a Google search for portions in their work to make sure it is original. I have turned down more than one “content writer” because of a simple Google search. If someone does file a bogus complaint against your site, the legal option is the best. Make sure their unscrupulous actions backfires to them. 

  5. Anti–Duplicate content take-downs. If you content is original and it gets copied by another webmaster, contact the webmaster to have him/her take it down. It’s also a good idea to file a DMCA complaint with the search engines before that might affect you.

  6. Anti–Denial of Service Attacks (DOS). There are hardware and software solutions to protect your site from DOS attacks. Most are very expensive. For my most profitable websites, I have been subjected to heavy DOS attacks, followed by an alleged 'Chinese hacker' asking for ransom. Personally, I’ve found that a reverse proxy with mod_evasive is good enough if you have the bandwidth to sustain the attacks. This is how you can protect yourself inexpensively:
    1. Set up a separate web server with Apache mod_proxy and mod_evasive.
    2. Set up mod_proxy as a reverse proxy server. That way, all requests will be forwarded to the real web server.
    3. Set up mod_evasive and adjust the number of simultaneous requests per second to a low value. Use a number that does not cause legitimate traffic to be filtered.
    4. Set up iptables on your real server so that you block all direct HTTP traffic not coming from the reverse proxy. All the web traffic must pass through the DOS filter.

  7. Anti-Click fraud. Not exactly SEO-related, but also mentioned in the article. The best indication of click fraud is a sudden amount of clicks and no conversions when you have a history of strong conversion rates. The new click-fraud reports provided by the search engines help, as do some tools by specialized analytics providers.

  8. Anti–SERP hijacking. This one wasn’t mentioned in the article, but SERP hijacking is another way to steal your rankings. As I explained in a previous post, before this was possible via HTTP 302 redirects, and these days with cgi proxy servers. Here is how you can protect your site from an attack:
    1. Se tup HTTP-USER-AGENT detection and reverse-forward dns verification to confirm that it is actually the search engine crawler pulling pages from your website.
    2. Some hijackers's proxies will not report as a search engine robot to avoid such detection. For this second case, here is a more advanced approach that involves cookies and IP blocking:   
       1. For each new IP address that is not a search engine robot (your script will need to keep track of each IP), encode the IP with optional information (user_agent, time, etc.) and insert it into the HTML as a comment or other invisible element that is returned to the requester.   
       2. When you find a hijacked URL, check the content of the page and look for the encoded text. Decode it and add the IP address to an access control list. You can block the IPs in Apache or in your iptables' based firewall.

  9. Anti–Website hacking. Also not mentioned in the article, but perfectly possible (I read a thread at Digital Point Forums where this happened) is the hacking of your website to make the pages spammy. This includes adding hidden links or text, etc. If such a thing happens to you, remove the spam immediately, harden your server, and submit a re-inclusion request explaining what happened. In order to prevent this from happening make sure your server has all the latest security patches and any unnecessary Internet services shut down. All web scripts should 'sanitize' their input and treat it as not trusted.

  10. Anti–Domain hijacking. This one wasn’t mentioned in the article either, but is probably very common. Hijackers can steal your domain names if you forget to renew them or with a fraudulent domain transfer. It is one of the most difficult attacks to recover from. If you value your domain property, it is imperative that you always keep your domains in a 'locked' state and that you set them up to auto renew at your registrar. It is also good practice to trademark your domain names if you are doing something serious. If you ever lose your domain, your best chances are by disputing it with the ICANN. Basically, you’ll need to prove that you own a trademark to the domain name and/or that the current registrant is using the domain in bad faith (to profit from your branding efforts for example).

Achieving high search engine rankings for competitive terms is hard enough. Every day is a new battle and we need to fight continually to keep winning the war. If you’re like me, you’ve spent a lot of your time improving your sites and content and it would be a colossal waste to let negative SEOs demote your rankings.

As always, let me know in the comments section if you find the tips useful and if you have any of your own to add.


18 replies
  1. Tom
    Tom says:

    Great post hamlet – I was going to write something on this exact subject (and it was going to be a top 10 list too!) but you've gone into a lot more technical detail which is good.

    (loving the pic as well!)

    One point I think you missed is that you should always make sure your canonicalisation is fixed – if both the www. version of your site and the non www. version both resolve to the same content it's possible to cause problems with the Google duplicate content filters if you send links to the wrong one. (I know this is a very basic point but it's one that I come across time and time again)

    • Hamlet Batista
      Hamlet Batista says:

      Thanks for your comment. How funny that we were thinking in the same lines 🙂

      Remember that the list is about counter-measures for negative SEOs. The reason I omitted the canonical issue is that is very unlikely a (smart) competitor would use it to harm you site. If they did, a simple 301 redirect rule would turn the table in your favor 😉

      • Paul Montwill
        Paul Montwill says:

        Hamlet, this picture is hilarious. It made my day. About the post, it is All tips are very useful, especially regarding DOS attacks.

        As you are very technical guy, can you write a post in the future regarding redirections? Starting with basics and finishing with more advanced tips? It is an important area and I would like to learn more about it
        and fill my knowledge gaps. Thanks

  2. Kirk
    Kirk says:

    Hamlet your list is full of useful information and I thank you for posting it.

    However as someone who really only knows the basics of HTML and web development and also uses a windows server (and ASP code) in their website, do you have or offer an "idiots guide" on implementing the above techniques?



    • Hamlet Batista
      Hamlet Batista says:

      do you have or offer an “idiots guide” on implementing the above techniques?

      Kirk – Thanks for your comment. Unfortunately I do not have such guide. I'd probably need to write a 50-page guide to make this post easier to understand to the general public. If there is enough interest, I may be able to find time to get it done. I'd need some research for windows/asp based servers.

      My blog is aimed primarily at advanced marketers, but I can help you clarify any specifics you need.

  3. Keniki
    Keniki says:

    Hi great article, all of the above is true.
    There is now a more advanced way to damage peoples content. Black hats simply use search engine syndication and at present I am told there is no way inwhich you can prevent search engines syndicating your content to any site causing google bowling and many of the other problems mentioned above such as dilluting your content.

  4. Amit
    Amit says:

    Hi Hamlet nice post providing real information on negative seo. Since i myself is new towards the seo, learning the basics from all research work.

    Well i never thought of negative seo. But, after reading your post i updated my knowledge base.

    Thanks for guiding all seo's including me.

  5. Bob At Blogging For
    Bob At Blogging For says:

    As far as spotting your content on the web is concerned, there are a couple of things I do when posting articles — I use a very unique name (foriegn names do well) as the author title, and will often also use a few uniquelly speled (catch that?) phrases in the article body. It then becomes very easy to set up a Google alert for the author name and unique body text. You'd be suprised at how many people post your stuff on the web without any modification at all.

  6. pravish thomas
    pravish thomas says:

    HI Hamlet,

    This is what i needed
    An awesome post
    Gr8 work
    The evil always stay there na – i don't get y ppl go for this BLACK hat ? Why the hell they don't be innovative and do something good for the world
    Don't know when the day would come 🙂
    But yeah – Gr keep the good work



Trackbacks & Pingbacks

  1. […] Even if you protect your search engine rankings by canonicalizing your URLs, it’s still possible that someone can steal your rankings. And with your own content on their site. Scary but true. Read SEO Fast Start’s article Google Proxy Hacking [via Sphinn]. While you’re at it, also read Hamlet Batista’s 10 Ways to Protect Your Site From Negative SEO. […]

  2. […] a nice little tip: use Google Webmaster Tools to view all your back links to your web site.  By looking at your back links you can potentialy catch and prevent people from creating unwanted anchor text links to your site […]

  3. […] SEO expert/blogger Hamlet Batista isn’t amused. He says: These so-called “SEO professionals” proudly proclaim their job to be damaging the hard-earned rankings of their clients’ competitors. I understand a lot of people would do anything for money, but it’s still unsettling to see such people trumpet their efforts with such gusto. A huge thumbs-down to all those mentioned in the article. […]

  4. […] Google in an attempt to get you penalized. A great article about how to effectively combat this is You’ve won the battle but not the war: 10 ways to protect your site from negative SEO by Hamlet […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *