I’ve heard of negative Search Engine Optimization (SEO), but never really seen it – until now. The gist of the concept is that you buy a bunch of spam web links pointed at your competition’s web site and they will get penalized by Google and drop from the rankings. This may work against small sites with little reputation. However, it’s a significant amount of effort that you could simply put into your own site.
In this instance, visiting Google Webmaster Tools told us about the apparent attack. There were warnings about our site not being reachable with one of the first URLs of our home page with “/?sparkle-prom-dresses” appended. Our sites are of course technology related and have nothing to do with dresses of any kind. The first reaction was that the site had been hacked. We checked the code and found no suspicious files or scripts. Several tools were used to scan the site for malicious code with no results. Making some changes to the home page and republishing the whole site made no difference. If you checked the source of the home page, there was nothing in the code about sparkle prom dresses. However, if you added the “/?sparkle-prom-dresses” you saw our updated home page and viewing the source there was in fact some form code referencing sparkle prom dresses.
Next, we contacted support for the web host, Network Solutions. A couple of years back they had a major problem with WordPress sites getting hacked. Our site was straight HTML5, but they had to have some kind of breach. Right. Well, no. Wrong. Netsol Support confirmed there was no malicious code on our site and there was no redirection/security breach for us or any other of the thousands of Netsol customers.
It turns out you can take any URL like http://www.company.com and append /?whatever-you-like to make http://www.company.com/?whatever-you-like. Try it for yourself in any browser and then view source and you’ll find the phrase injected into whatever home page you test. If you post these fake links and Google indexes, then there is more spam in the web searches. Since our site doesn’t use any query strings with the question mark, we simply disallowed any URLs with question marks in our robots.txt file:
The strange thing is even though we have Google alerts set for our site, none of these fake URLs were alerted. Fortunately, immediately after disallowing the query strings and notifying Google, the fake spam stuff disappeared the next day. Thankfully, we caught the attack in about a week so the spammers really had no affect on our search rankings. Hopefully, this posts helps others to protect their sites and reputation.