SEO Spam, also called Spamdexing, is the practice of search engine spamming. SEO spam involves a number of methods, such as link building and repeating unrelated phrases, to manipulate the relevance or prominence of search terms indexed by search engines. Search engine spam is an attempt to change search engine rankings so that website traffic is redirected to a scam designed by a hacker. To do this, hackers gain access to a normal, healthy website, and then inject keywords and links to another website they have set up that is designed to defraud people.
Victims believe they are going to a legitimate website to buy something – usually male enhancement drugs, designer clothing, or sports gear – but they actually get scammed.
Hackers don’t create their own sites because the search engine algorithms are already good enough that they ignore the scam websites. By gaining access to legitimate websites and injecting links and keywords, hackers create a direct path to their scam websites. These hackers are piggybacking on your legitimate website ranking to get noticed.
A good way to understand this better is to open up your favorite browser and search with the terms “buy viagra cialis”. You may not want to do this at the office.
Now, without clicking anything, scroll through the results. Doesn’t it seem strange that the top result is a page on a museum shopping site? The third result is a page on a florist website. The last result is a page on the County Veterans Service Officers of Wisconsin. These are all examples of websites that have been hacked for spamdexing.
What types of SEO Spam are there?
Links are critically important to scammers. Without the links, there is no way to drive traffic to their scam website.
When shady keywords appear in the content of a credible website, search engines assume that it’s safe to index the site for those terms. And when people search online – for medicine, male enhancement drugs, sports gear, loan services, etc. – search results often include scams where the buyer pays for something she never receives.
Sometimes a hacked website includes banner ads or calls to action (CTAs) that directs traffic to their scam website. This can be a fairly effective scam – especially if the hacker has hacked the code behind the call to action.
Spammy posts and pages
This is the worst case example. When a legitimate site already has a good search engine ranking, the hackers will create fake posts and pages dedicated to ranking for a spammy search term.
How can I protect my website from SEO spam?
Unfortunately spamdexing is always a threat for website owners, but the best way to defend yourself from these hackers is by strictly adhering to a few best practices:
- Run updates – plugins and themes need updates constantly. Don’t ignore these. Updates almost always include security patches to keep hackers out. Without these updates, your entire website has an open backdoor for an SEO spamdexing.
- Create strong passwords – easy passwords like pass1234 might be easy to remember, but unfortunately they are also too easy to guess. Make sure you are using strong passwords when they are protecting access to your website.
- Create strong usernames – don’t use admin or administrator as your username.
- Use a firewall – if you’re serious about preventing spamdexing on your website, a web application firewall is an absolute must-have. It protects you by updating definitions of known threats, kind of like a bouncer at a bar.
- Scan regularly – the first step to fixing an SEO spam infection is to be aware of it. Too often, website owners have no idea they have been hacked until it’s too late.
- Make sure your site is backed up – if you do get hacked, it’s always good to have a backup – just make sure the backup goes back before the hack.
- Hire someone to do this if you don’t know how to yourself – this is the most important best practice on the list. Don’t step over dollars to pick up a penny. If you don’t know how to do all this or know that you won’t do it on a regular basis, hire someone to adhere to these best practices to defend yourself from seo spam.
What if I already have an SEO spam infection?
If your website is already infected with SEO spam, it is very important that you act quickly. This will not fix itself and it’s not a task that you can put off until you have time.
Every second that your website remains infected with SEO spam, you risk serious penalties. You could get blacklisted by search engines so you don’t show up in search results even after you clean your site. Or worse, your customers could go to your website to do business, see the SEO spam, and then never return.
Be patient. Removing SEO spam can take time. If you’re infected, fix it now and protect your visitors and your reputation. And if you don’t have SEO spam, make sure you are protecting yourself by following the best practices listed above.