Another SEO Attack – Getting More Technical

Technical SEO Attack - Web Reputation Bleed

Web Reputation Bleed

In a previous post, we shared a case study of our own website getting hit by a link farm. In the post, were actual screenshots and detailed step-by-step guide for troubleshooting and solving the problem, as a first-level troubleshooting reference for anyone attempting DIY SEO.

Just one month after, we discovered that we have been hit by yet another SEO attack. And this time, it’s more technical. We’re going to call this one ‘Web Reputation Bleed’. And what it basically means: is to slowly bleed out a website’s SEO score by methods that presents the website’s reputation as shady and not well maintained to search engines.

Let’s go step-by-step here on how we identified, how to troubleshoot and how to fix.

1 – Website Organic Traffic Surge

You probably will see a sudden increase in your website’s organic traffic like we did, and think, “Wow, that’s great, I must be doing something right!”. Stop. Hang on, don’t celebrate yet.

Any organic traffic graph in Google Analytics that looks like this, meaning, any sudden surge or obvious anomalies, no matter how good they seem, is never good news.

2 – Identify Affected Landing Pages

The next thing we did, was drill down into the organic traffic landing pages for that particular day, 2 February 2021. Consequently, identifying a sinister looking landing page URL.

So we went ahead to go to the actual page to see further what might be going on. And found that there’s incoming traffic to a webpage on our website that does not exist, returning a 404. Potentially returning a lot of 404 server response Which is definitely not going to help with the overall SEO score and web reputation.

3 – Do the Math – Organic vs Referral Traffic

Next we cross checked some numbers from the affected landing page. Apparently, the total number of traffic going to that ghost page, is more than the total coming from organic source.

So we checked our referral traffic sources, and found that the same naming convention showed up in the Google Analytics referral traffic report as follows:

4 – Check the Referral Traffic Source

Well you can imagine that we would be curious, as would anyone else. So we checked out the website. (Important note: Make sure your computer security is up to par, and is well protected before checking out fishy websites to prevent hacks, spyware and injections).

Apparently, the website redirects to another website that appears to be involved in buying and selling web traffic. Now imagine if your website was in any way related to such business, how would search engines perceive your website and business reputation?

With one of the many free redirect checker tools, you can verify what type of redirect was placed.

5 – The Fix

There are 2 potential ways to fix this problem. The first is probably the more straight forward way.

Fix #1

Go to Google Search Console, check your ‘actual’ website’s server status reports. If the stats don’t match with Google Analytics traffic to the ghost page, most likely you’re dealing with a Ghost Traffic problem. Which basically is about injecting false traffic data to your website report.

Which appeared to be the case for us.

In this case, you can follow one of the many available step-by-step guides for removing ghost traffic numbers from your Google Analytics reports by using filters and so on and so forth. Here’s a good one you can follow: how to get rid of ghost traffic.

Fix #2

If it appears that the Google Analytics and Google Search Console numbers match, you’re going to want to do 3 things fast.

1 – Ensure your default 404 page is up and running or set one up if you haven’t. And redirect the 404 alerts to the default 404 page. Doing this sends a completely different message to crawlers and search engines. It says: yes, we know there’s a lot of 404 problems right now, but we’re actively taking good care and maintenance for our website. We’re doing our best to ensure continual good user experience for our website visitors.

2 – Using a domain lookup tool such as, check where the website in question is hosted as such:

Next, get in touch with the host and/or domain registrar requesting for contact information to the said website due to so-and-so concern (be sure to explain with screen captures and what the damage are to your website and business).

Since such problems do in fact damage your business one way or the other, through your website portal, you may escalate the concern to a ‘take down’ notice’. This involves concluding with actions from the host service to take down the website in question.

3 – Block the incoming bot traffic at firewall level. You can do this by blocking whole IP classes and networks. We recommend cloudflare, which provides a free cloudflare for individual plan. You might as well set-up your website firewall to prevent future website performance problems and SEO attacks such as DDoS attacks at server level.

And yes, like we mentioned in our previous article, no website is immune. Not even digital marketing services and specialist websites. Just 2 months into 2021 and we’re already seeing 2 negative SEO and website attack problems.

The good new is, like with everything online, there always is a digital footprint. No matter how much you try to cover that footprint, whether it’s through proxies and so on and so forth, there are ways to discover how and where such website problems and attacks originate from.

Our recommendations for webmasters is to always monitor and protect. Cybersecurity is not only about privacy or data protection, but also about preventing SEO attacks and damages to your business through the misuse of SEO.