SEO negative attack? 12-step guide to help you reverse the damage.

Authors

Sam Afsari

Sr. SEO Specialist

Shab Hadi

SEO Director

Scroll Down

  • What is a negative SEO attack?
  • Is negative SEO illegal?
  • Importance of protecting your website from negative SEO
  • Signs of a negative SEO attack
  • Here is a 12-step guide on how to protect your website from negative SEO attacks
  • Final thoughts on spamming and black hat SEO

This guide walks you through everything you need to know about negative SEO, also known as black hat SEO, from spotting the signs of an attack to fighting back and protecting your hard-earned rankings. Whether you’re a seasoned SEO pro or just starting, this guide is your essential toolkit for negative SEO protection. It is recommended that you have a basic understanding of SEO (Search Engine Optimization) and SEO vs PPC (Pay-Per-Click) advertising.

What is a negative SEO attack?

In essence, a negative SEO attack is a form of digital sabotage where a competitor employs unethical, “black hat” SEO tactics to deliberately harm your website’s organic search rankings. Think of it as digital sabotage, aimed at dragging your site down in the search results so theirs can climb higher.

It’s a harsh reality: there’s a whole underground economy thriving on the idea of sabotaging your online competitors. Today, you don’t even have to get your hands dirty; shady “black hat” services on platforms like Fiverr are all too ready to do the dirty work for you.

Sadly, many businesses succumb to the temptation and engage in negative SEO attacks. The internet’s a fierce battleground for visibility, and not everyone’s willing to fight fair. That’s where OWDT SEO services steps in, acting as a shield to safeguard your business from these malicious tactics.

Is negative SEO illegal?

While negative SEO, or black hat SEO, generally operates in an ethical gray zone, it’s not always entirely legal. Some of the tactics employed in these attacks can cross the line into illegal territory.

For example, hacking a competitor’s website to deface content or manipulate backlinks is a clear violation of cybercrime laws. Similarly, launching a DDoS attack to overwhelm a site’s servers and render it inaccessible can have serious legal ramifications.

However, other negative SEO tactics, like creating spammy backlinks or generating fake negative reviews, might fall into a more ambiguous legal area. While these actions are undoubtedly unethical and can significantly harm a business, they might not always be explicitly prohibited by law.

It’s crucial to remember that even if a specific negative SEO tactic isn’t technically illegal, it can still severely damage your online reputation and lead to penalties from search engines.

In the murky world of negative SEO, the line between unethical and illegal can be thin. It’s always best to prioritize ethical, white hat SEO practices to build a sustainable and successful online presence

If you find yourself targeted by negative SEO, pursuing legal action against your competitors might not be the most effective or practical solution in most cases. Instead, focus on proactive measures to mitigate the damage and protect your website.

Importance of protecting your website from negative SEO

A negative SEO attack can be very damaging. If a new website is launched and it doesn’t really have any history or other credible backlinks, a negative SEO campaign can completely wipe a new website off the map getting completely de-indexed by Google. Wherein a website that has been around for a while will be able to withstand the attack and weather the storm.

To stay ahead of these challenges, it’s also crucial to adapt to new trends in SEO, such as optimizing for voice search SEO. As more users turn to voice assistants and smart devices for search queries, ensuring your content is optimized for voice search can help you maintain a competitive edge and safeguard against various forms of SEO manipulation.

Signs of a negative SEO attack

You may notice things like a drop in your ranking on the search engine results page (SERP), a drop in traffic, or possibly an increase in traffic from less-than-reputable sources… If you’re reading this, you likely suspect your website has been hit and you’re ready to take action.

Here are some more specific signs to look out for:

  • Sudden traffic drops: A significant and unexpected decrease in your website traffic can signal a negative SEO attack.
  • Unusual backlink profile: A sudden influx of backlinks from low-quality or irrelevant websites is a red flag.
  • Keyword ranking fluctuations: Unexplained and dramatic changes in your keyword rankings, especially drops, could indicate a problem.
  • Security warnings: If your website visitors or browsers start flagging your site as unsafe, it may be due to a negative SEO attack.
  • Spammy comments: An increase in spam comments or irrelevant links within your website’s comment sections can be a sign of an attack.
  • Increase in bounce rate: A sudden rise in your bounce rate (percentage of users leaving your site after viewing only one page) can indicate a problem.
  • Google penalties without cause: If you receive a Google penalty and are unsure of the reason, it’s worth investigating for negative SEO.
  • Other suspicious activity: Any other unexpected changes to your website’s performance or appearance should be investigated.

Here are the tools I will be using in these examples and what you should consider getting access to in order to counter a negative SEO attack

  • Google Search Console (Webmaster Tools) (1)
  • Google Analytics (2)
  • Ahrefs (3)

First, you must determine how your website has been hit before launching a full SEO recovery plan. To answer this question… what tipped you off? There are many types of negative SEO techniques.

  • Have they sent a bunch of spammy forum comments to your web page?
  • Have they infiltrated your site and built pages or subdomains of your main domain?
  • Perhaps they hijacked your comments section and sent links to weird?

Take Action

Learn more about our SEO services and options available to you, or contact our specialists to discuss how we can realize your vision.

Here is a 12-step guide on how to protect your website from negative SEO attacks

Safeguard your website against the damaging effects of negative SEO attacks with this comprehensive 12-step guide. From identifying suspicious backlinks and traffic spikes to disavowing harmful links and submitting reconsideration requests, this actionable plan empowers you to proactively protect your website’s rankings and reputation.

1. Check manual actions

Log into the Google search console and check to see if they have hit you with any manual actions. This will help confirm exactly what the attack was. In this case, the action was ‘Unnatural links to your website.’ If you see a penalty, diagnosing the issue will make it easier.

  • Unnatural links to your website penalty
  • Unnatural links from your website penalty
  • User-generated spam penalty
  • Hacked website penalty
  • Pure spam penalty
  • Spammy structured markup penalty
  • Hidden text or keyword stuffing penalty
  • Thin content with low or no added value penalty
  • Cloaking or sneaky redirects penalty
  • Spammy-free host penalty

If you don’t see a manual action, that doesn’t mean you haven’t been hacked (it just means Google hasn’t officially caught it yet with a manual penalty)

2. Monitor Google Analytics

This is where you may be tipped off that something is wrong. Keep a lookout for any abnormal spikes in traffic. As you can see here, we were hit around September, which drove our traffic up in Google Analytics.

google analytics

Audience overview in Google Analytics showing SPAM increase.

3. Check security issues

Move down in the search console and check the security issues. If you see something here, again, that is a good sign because it means Google has caught something and is notifying you. From here, it is easy to follow up on what actions to take because Google will help lead you into the process.

If you don’t see any notification in the security issues tab, again, that doesn’t mean you haven’t been hacked or that your site isn’t compromised… it just means Google hasn’t caught it yet. So let’s move on to the next steps, do some detective work, and find the spam.

4. Check backlinks

backlinks

The question… who is linking to my website? What is SPAM, and what isn’t?

Use Ahrefs to view your backlink profile. It is a great tool for seeing what domains are linking to your website and what pages on your website are getting the most links sent to them. This is a great tool for identifying spam and backlink cleanup. Keep this in mind as you view the next couple of screenshots.

You should be able to use the free trial. Set up an account and log in. Once you are in, enter your website domain and see the main timeline.

Pro-tip #1 – Use Ahrefs alerts & disavow the feature

You can use Ahref backlinks alerts to get notified about any unwanted backlinks. Always track your new backlinks. The referring domains graph in the Ahref tool is very helpful in detecting any sudden changes in your backlinks. So that you can always fix it on time before it can affect your site ranking.

Ahref recently launched a new feature to its wide features, “Disavow links.” It’s a bit costly but worth trying if you can fit it into your budget.

Watch this video to learn more about how the Ahref Disavow link works. Read more about how to disavow spammy links at the Loud Techie blog.

Alok Rana, Founder – Loud Techie

Pro-tip #2 – Use a backlink monitoring tool

Setting up a backlink monitoring tool is a must if you are trying to prevent negative SEO or spam from affecting your site. After all, you can’t stop what you can’t see.

Currently, there is no tool in the market that can prevent bad links from being built to your site. But by effectively monitoring the links being built to your online properties, you can stop and actively deal with attacks as they happen, which can help significantly reduce the damage caused by those types of negative links.

Ramon Khan, Online Marketing Director – National Air Warehouse

Pro-tip #3 – Linkody can be a good option to monitor backlinks

Several tools can help prevent a harmful attack and send you timely updates once suspicious activity has been spotted. One of them is Linkody. This tool helps you to monitor all your backlinks and their metrics and sends you daily or weekly updates of your link profile.

Once you start monitoring your backlinks, pay attention to these backlink metrics:

  • Backlinks from websites with high Spam Scores – 17/17 is the highest, 0/17 is the lowest and safest score. Everything above seven should be Disavowed.
  • Check for a lot of links with unrelated Anchor Texts, low Domain Authority scores, and links from unrelated industries and/or foreign languages.
  • Check for hidden links – those are links that use anchor text as a “white” text or ”    ” a lot of spaces.

These are the basics of making sure you have a healthy link profile.

Once you have spotted the harmful links, Linkody has a “one-click” Disavowal option that you should definitely use if you spot “red flags” in your link profile.

Helvis Smoteks, Marketing Specialist at Linkody

5. Be aware of any large spikes in traffic.

In September 2016, we were hit with a negative SEO campaign. You can see from the screenshots above that there was an abrupt jump in traffic in September-December. No matter what tool you use, you need to monitor your website for any unusual spikes in traffic. There are many tools you can choose from that our experts recommend.

Pro-tip #4 – Sign up for Google webmaster alerts

Spammers and negative backlinks can hamper your SEO efforts. Keep on top of both negative and positive backlinks by signing up for email alerts in Google Webmaster Tools. You can track your backlinks profile and get email alerts automatically.

Be mindful of tracking your top backlinks to make sure that you aren’t accidentally creating negative SEO by linking from low-quality sites. If you feel you have been hit with an attack, contact the negative sites’ webmaster or the hosting provider to remove the link to your site.

Mark Tadman, Top Template Engineer at NinjaCat

Thank you, Mark. Next, we’ll drill down into these graphs to see what this odd traffic is all about.

6. Check the anchor text of your backlinks

Ahrefs is a great tool that will reveal who is linking to you and what anchor text they use. This is useful in finding a potential motive for the attack. In this case, there seem to be pills and pharmaceutical spam. When you get to this page and have a list. In this case, they are sending traffic to a bunch of fake directory links.

Pro-tip #5 – Filter your backlinks

Using backlink services such as Majestic or Ahrefs, filter the backlinks based on Anchor text (if a known anchor text is associated with the negative SEO), or filter the backlinks based on link quality (both Majestic and Ahrefs use different quality scores so you would need to come up with a threshold for each) then use Google Search Console Disavow tool (4)  to tell Google that these are spammy backlinks to your site.

-Tony Hsieh, SEO Specialist at Digital Ready Marketing

Go to the bottom left of the page and export these links. (This will come in handy later)

Ahrefs tool is great for finding spammy anchor text backlinks

7. Check 404 crawl error page backlinks

404While you are already in detective mode, open up your crawl errors window to see if there are any irregularities.

You want to look and see if any of these pages are taking on any strange external links. I don’t believe there is a negative impact on the Google results page from spam links to your already 404’d pages but what you want to do is add any weird external links that you find as you go through your pages to the spreadsheet that you have already created from the Ahrefs exported CSV. Make a list of any pages that have weird links built into them.

Check the Google Search Console 404 ‘linked from’ tab for more detail.

8. Disavow bad backlinks

Now it’s time for action. So how do I remove bad backlinks?

First, format that spreadsheet of weird links you compiled from Ahrefs and your 404 crawl errors into a Txt file. Remember to strip out all the extra sub-domains and directories from the URL and just list out the main domain. You can put a comment at the top of the file as well.

Example disavow file:

# I tried to get these spammers off my page, but they insist on sending me bad backlinks

Example.com
Spammers.org
Badbacklinks.com

That’s it! Just open the disavow tool and upload your file. Now it is out of your hands, and you have done all you can do at this point to remove bad backlinks pointing to your website.

Pro-tip #6 – Automation: streamlining the disavow process

Suppose someone uses a spam creation tool like GSA Ser to assault you with thousands of bad links. Of course, doing Disavow manually can be pretty painful. A better use of your time is going to be to create a Standard Operating Procedure for link removal.

Once you get this systemized and super simple to follow, hire out a VA for a couple of hundred dollars to go and do it for you while you focus on continuing to grow your business and serve your customers.

-Greg Elfrink, Content Manager – Empire Flippers

Pro-tip #7 – Have faith in Google’s Penguin 4.0 algorithm update

I believemost attempts at negative SEO via link building will fail. It took Google a really long time to come out with its new version of the Penguin algorithm in late 2016. I think that one of the reasons why it took so long for them to do this is because they were working hard to produce an algorithm that would not reward spammy link building but, rather, would just ignore those links so that innocent sites would not get hurt.

I think that prior to the release of Penguin 4.0, the ability for someone to effectively get a site demoted by building spammy links was small. After Penguin 4.0, it’s even harder to accomplish this.

In most cases, if a site owner contacts me because they suddenly notice an influx of spammy links to their site, I advise them to keep an eye on traffic and do nothing. This is even true if you are seeing ultra-spammy porn and pharmacy links. I really do feel that Google is good at ignoring these.

However, this is not a popular opinion. Usually, when I say that I feel that negative SEO via links is close to impossible, I’ll have blackhats argue with me and tell me how they were able to take a site down by pointing bad links at it. However, I’ve yet to see a case where I felt that negative SEO had worked.

I think there is no harm in using Google’s disavow tool to ask them not to count these links. However, I also think that time could be better spent working on other things.

-Marie Haynes, Owner – Marie Haynes Consulting Inc.
(You can find more insights from Marie in her SEO newsletter)

9. Report webspam in Google

Now it is time to double down on your efforts. The defense doesn’t end with just simply disavowing bad backlinks. Now it’s time to report those domains to Google for spamming. This may take some time upfront, but this should help Google take action quickly if you also take this step to report the offending websites.

Try to be as specific as possible when submitting a SPAM Report. You will have several options to choose from.

Excellent!

We have neutralized the external websites that are pointing to our site. Now, what about our website itself? It is time to take the fight to internal pages that have been compromised.

10. How to identify compromised internal SPAM pages

Now Let’s look in the mirror (at our website) and begin the process of cleaning the house of any junk spam that could be living there. So let’s take a look at our website and see if any of our internal pages are compromised.

Pro-tip #8 – Response to getting spammed with fake parameters

Protecting yourself from fake parameters

This negative SEO technique is used when attackers use fake parameters pointing to URLs on your site. For example, they can create irrelevant keywords as parameters, such as “marijuana.” These instances would prompt Google Panda to penalize your site and hurt your site’s credibility, relevance, and search rankings.

How to protect yourself?

The best way to protect yourself is to prevent this instance from happening. You can do this by using a canonical URL to specify a preferred version of your web page. A canonical URL points search engines to the preferred URL and, therefore, will be ranked that way by Google.

This ensures that no other URL versions will be indexed and ranked. Another way to prevent this attack is to configure your server to “no index” unknown parameters.

Blake Hooser, CEO – Ilfusion Creative

Pro-tip #9 – WordPress hacking defense checklist 101

wordpress

SQL injection or FTP brute-forcing is the most common way of hacking websites, especially WordPress websites. Since most of the developers use standard folder & file structures, database layouts & names, and FTP ports, as well as easy-to-hack passwords, one of the easiest solutions for preventing spam-generating websites hacks is to:

  1. Use long, secure passwords;
  2. Rename/change standard admin folders or paths;
  3. Rename/change standards database table names and layouts;
  4. Change FTP access port;
  5. Limit access to FTP to known hosts/computers.

Dmitrii Kustov, Founder – Regexseo

Pro-tip #10 – Watch out for email SPAM & plagiarism

Unfortunately, it can be fairly difficult to identify if your website has fallen victim to a malicious negative SEO attack if you don’t know what to look for. There are, however, a few actions you can take in order to increase your chances of avoiding a negative SEO attack.

When looking to avoid negative SEO, you should first analyze your search traffic (via Google Analytics and Google Search Console). By constantly being up to date with your traffic data, you can pinpoint the time if something goes wrong (i.e., a sudden drop in your traffic).

Another action you can take is to check all the content on your website for plagiarism. If you have really amazing and engaging content, someone else might want it for their own website. Sometimes other websites will simply just copy and paste entire pieces of content.

While this is a common issue now, in the future of content, there might be more advanced tools and stricter regulations to prevent plagiarism. Until then, if you find another website has copied your content, make sure you report them to Google

Also, it is important to check from time to time if someone uses an email spam campaign with your email address (or something very similar). This doesn’t happen very often, but it is still important to check as this can see you receive a penalty from Google as well as doing untold damage to your business’s reputation.

Lucas Bikowski, CEO – SEO Shark

Remember the step in Ahrefs where we compiled a list of anchor text and bad, spammy domains? Now we will do internal searches to see if any of these terms can be seen within the site itself. We will do this by using a series of Google operators.

First, let’s use the search operator “site:” on our example website to see if any spam is indexing.

Search operator example: site:example.com (put “site:example.com” in the Google search engine to see if any spam is indexed. Go through all of the indexed pages by Google to see if there is any spam.

See what we find in our example:

This is bad. Why would a physical therapy office in Auburndale be indexing Chinese language pages in Google? The answer? This website has been hacked, and these pages need to be removed. We’ll cover that in the last step.

Want to be double or even triple sure you got everything? Do a Google site search in Google using the spam terms that you were able to pick out in your earlier Ahrefs spreadsheet you put together. For instance…

Try using a Google operator along with a spam term, like so:

Site:example.com escorts
And let’s see what we find…

Detect spam on your website with Google search operators

Let’s click through the specific page to see where the hack occurred.

Comment section SPAM showing those classic spammy backlinks.

In this case, the hackers took over the comments section and posted many spammy links to escort services in India! Yikes – not what we are about at all. These are pure spam backlinks. So the next question is… How do we remove this kind of junk from the Google index?

11. Google URL removal tool (Spam Removal Tool)

To remove content permanently, you must remove or update the source page. That means you need to log into your CMS or FTP and remove these pages manually so that they return a 404 error or a 410.

Once this is the case, you can have a better chance that these pages will be removed using the temporary removal tool. After you have deleted the page, put the link into the removal tool.

This is a manual process that may take a while, but it is the only way to remove these bad pages from the search engine. Once complete, this process will remove negative search engine results.

If Google’s algorithms become more adept at identifying and penalizing black hat SEO tactics, the need for manual removal requests may decrease. In the future of SEO, Google will likely enhance its algorithms to combat black hat SEO more effectively. This could diminish the need for the Google URL removal tool (Spam Removal Tool).

Pro-tip #11 – Be aware of your brand with Google Alerts

Competition is common in every industry, and blogging/SEO is not an exception, but not everyone follows the same ethics.

Negative SEO is a shame, and I wish people should stop doing it. Frankly, taking the time to fix it can be a handful once you’re a victim. The good news is that Google is getting smarter every day and can ignore negative SEO.

From your side, you should keep track of any newly created backlinks and brand mentions. If you find any suspicious in your backlink profile, immediately make a list of spammy backlinks and Disavow them using Google webmaster tools.

I recommend webmaster tools to keep track of backlinks, and if you can afford some money, consider Ahrefs too. Further, Google Alerts is a service that generates a SERP based on the criteria you provide – which sends this data right to your email.

This service is used for many reasons, such as monitoring your company’s web brand mentions, keywords, and competition. It will show you the list of newly generated links to your site, along with anchor texts. So you are able to discern whether they are normal links or just SPAM. Also, you can create an alert in Google Alerts to find which website is talking about your site.

-Amar Ilindra, CEO – Geek Dashboard

12. Reconsideration request

Once your website has been fully cleaned, all spam is disavowed and removed. Now it is time to go back to Google and get back into their good graces. Suppose a manual action or security alert had been set off during this procedure.

After you have made the proper adjustments in this action plan, send Google a ‘reconsideration request’. This means you are notifying Google that you have taken action against the offending action and that the problem no longer exists.

Moeugene from Webcarpenter adds, “When submitting a reconsideration request, It is highly recommended to provide a detailed explanation and well-documented report on what you changed and why. This will help Googlers conduct their investigation effectively and possibly reduce the processing time for the reconsideration request (which usually takes weeks).

For example, if your website got hit by a spam link, include the link (ensure that it is accessible), post date, anchor texts, and every other information that will assist Googlers in their investigation.” Once you submit this request, Google will crawl your website and send you a notification that your site is clear. You should see your rankings improve in turn over the next few weeks.

Once you submit this request, Google will crawl your website and send you a notification that your site is clear. You should see your rankings improve in turn over the next few weeks.

From there, use an anchor text percentage monitoring tool like Linkio to get a jump on anyone trying to spam your website again. Otherwise, you can have an SEO agency handle your Google reconsideration requests for you.

-Moeugene, Founder – Webcarpenter

To further boost your website’s safety and keep your SEO strategy on point, explore our detailed guide on AI SEO optimization. It’s packed with valuable insights to help you stay ahead in the ever-evolving digital landscape.

Take Action

Learn more about our marketing services and options available to you, or contact our specialists to discuss how we can realize your vision.

Final thoughts on spamming and black hat SEO

Spammers and Hackers aren’t going anywhere. As we move into the future, we can expect this sort of activity to continue and adapt to anti-spam techniques.

Google is an online real estate, and businesses will do what it takes to gain visibility from potential customers. The better real estate you have and the more properties you own on the SERPs, the more traffic and, ultimately, the business you can build. As long as there is competition for placement at the top, competitors will do whatever it takes to get an edge.

If you are a large corporation or have a lot of capital, negative SEO may not affect you so much. On the other hand, if you are a new business trying to be competitive, an expertly crafted negative SEO campaign can completely torpedo your business to the point your website gets flagged and removed from Google to the point you need to start over with a new domain completely.

If this process is too involved, it is sometimes best to have an SEO company do this to make life easier.

Don’t let that happen to you. A negative SEO attack can destroy your business.

The best solution to thwart hackers and spammers is to remain vigilant, monitor your backlinks and traffic, and be aware of your website. Always be on the lookout to defend against negative SEO! If you see anything weird happening to your website, dive right in, follow this quick guide, and protect your website.

We at OWDT (web design Houston Company) take SEO (positive and negative) very seriously. Our team of marketing experts and network engineers can help your company maintain a strong online presence to minimize the effects of an attack. Or we can help restore your raking and reputation if you have already been victimized.


Sources

[1] https://search.google.com/search-console/about
[2] https://analytics.google.com/analytics/web/
[3] https://ahrefs.com/
[4] https://support.google.com/webmasters/answer/2648487?hl=en.