Spamdexing: What is SEO Spam and How to Remove It

If you’re wondering what is SEO spam, a good way to gain an understanding is finding this wily beast in the wild. In your favorite browser, search with the terms buy viagra cialis. (You might want to check over your shoulder first.)

Now, without clicking anything, scroll through the results. Doesn’t it seem odd that seemingly non-pharmaceutical websites are advertising these medications?

Example of Spamdexing

You’ve just spotted a few likely examples of spamdexing, where innocent websites have been hacked and injected with keywords intended to lure traffic to bad actors’ scams. These guys aren’t actually in the male enhancement business, they’re infected websites and unwillingly participating in a scam.

What’s the point of search engine spam?

Search engine spam is an attempt to manipulate search engine rankings, so traffic is lured to a scam designed by bad actors. To do this, the hackers gain access to a normal, healthy website, and then inject keywords and links to another web property they’ve set up to rip people off.

This practice is known as spamdexing. Victims believe they’re going to a site to buy something like male enhancement drugs (which we just saw), sports gear, or designer accessories — but actually they get scammed.

So, why don’t hackers just create their own websites? Well, they probably wouldn’t have much success. Search engine algorithms are designed to ignore scam websites. That’s why hackers manipulate search engines through spamdexing.

By gaining access to legit websites and injecting links and keywords, bad actors create a path to their scammy web properties. Rather than getting ranked the way most legit websites do, bad actors piggyback off a normal site’s credibility in the eyes of search engines.

What types of SEO spam are out there?

Turns out, search engine spam can appear even in the last places you’d imagine. We’ve even seen hackers get pretty creative with infecting WordPress websites. But let’s ignore the edge cases for now and instead focus on the most common places you might see spamdexing.

Spammy links

Links are super important to scammers. Otherwise, there wouldn’t be a way to drive traffic to a shady web property. You’d think Viagra shoppers would know better than trying to buy meds from a museum or floral shop (as we saw above), but our own research shows SEO spam remains the number-one type of website infection.

Spammy keywords

Keywords are central to spamdexing. When shady keywords appear in the content of a credible website, search engines assume it’s safe to index the site for those terms. And when people search online — say for male enhancement or other meds, sports gear, essay writing, loan services, (the list gets long…) — results often include scams where they’ll pay for something but never receive it.

Spammy ads

If a hacked website displays banner ads or calls to action (CTAs), hackers can easily replace the content or create new elements in order to drive traffic to their scams. This can be particularly effective, often because these clicks happen once a shopper’s mind is made up. They might not even question why a CTA is displaying where it is.

Spammy posts & pages

For the nuclear option in spamdexing, hackers can create and optimize entire web pages or blog posts dedicated to getting ranked for a spammy search term. This is especially effective when a legit site already has a good search engine ranking, as much of a hacker’s work is already done.

How can I protect my site from SEO spam?

Spamdexing is always a threat for website owners, but, fortunately, fending off these hackers is mostly a matter of adhering to a few best practices:

  • Run updates — If plugins or other website applications need updates, don’t ignore them. Updates often include security patches to keep hackers out. Without those updates, your entire site has a wide-open backdoor for an SEO spam infection.
  • Create strong passwords — A password like admin123 might be really easy to remember, but, unfortunately, it’s also pretty easy to guess. Make you’re using strong passwords, especially when they’re protecting access to sensitive areas of your site.
  • Scan regularly — Fixing an SEO spam infection starts with being aware of it. Too often, website owners have no idea they’ve been hacked until penalties happen, such as search engine blacklisting or lost credibility. Just like a  medical checkup, it’s smart to run scans on a regular basis.
  • Get behind a firewall — If you’re serious about preventing a search engine spam infection, a web application firewall (WAF) is an absolute must-have. It protects you by constantly updating definitions of known threats, kind of like a bouncer turning away neighborhood creepers. A WAF will even significantly speed up load times for your site.

What if I already have an SEO spam infection?

If your site has been infected with search engine spam, it’s critical to act quickly. This isn’t something that’ll eventually fix itself. It isn’t a task you can put off until the time for handling it magically appears.

Every second your website remains infected with SEO spam, you risk serious penalties. You could get blacklisted by search engines, so you don’t show up in their results. Or visitors could go to your site to do business, see the SEO spam, and then leave never to return.

Removing SEO spam can take time, so be proactive with it. If you’re infected, fix it now and protect your visitors — either on your own or have a professional do it for you. Either way, don’t miss a beat because of hackers. Help make the internet a safer place for everyone.

*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Art Martori. Read the original post at: