Mobile SEO

Look Google, No Links – Or a Recipe for a Major Disaster


I know quite a few people who read this blog are involved in gambling, either as operators or as affiliates. So here’s a question: name the largest gambling affiliate site as of today?

Good try everyone. Now the surprising bit. Whoever named anything other than “verified casinos dot com” is wrong. But how come you say, it’s not even ranking anywhere in any meaningful gambling SERPs, not even for the longest of the long tails?

Indeed it doesn’t, and never seems to have been:

Screen Shot 2014-09-10 at 16.12.18 Screen Shot 2014-09-10 at 16.12.05

Neither does it have a lot of links in comparison to any other spam effort in the gambling vertical:

Then why does it matter at all, you may ask me and why even talk about it?

Thing is, last night I got a heads up about this thread at the GPWA forum alerting the gambling community about a hacker going loose on millions a large number of domains, hacking them and basically placing his landing pages targeting any imaginable gambling keyword out there.

 

8.5 million results just for one query – impressive or what?

Now, while hacking sites for the sake of creating parasites is nothing new (sadly), what does seem noteworthy about this specific case is not only the sheer volume (the OP claims millions of domains, it’s not really millions of domains as there will likely be multiple URLs off the same hacked domains ranking for different queries or even multiple times for the same query – but that’s beside the point, the volume is still greater than I have ever seen before). Several other things also stand out:

  • This is the highest quality, most technically advanced and most authentic looking landing page I have ever seen existing as a parasite – so the conversion rates will probably be quite high for these pages once they rank and get traffic;
  • This is the kind of spam that cannot be detected by any existing link tools – infact what MajesticSEO does detect for this particular domain is a small portion of redirects from the parasites to the “parent” domain where the hacker sends the traffic to further send it to the affiliate programs:

It’s a setup that’s quite difficult for the affiliate programs to identify as hacking, even if they wanted to take measures. Technically, this is how it’s all set up: click any link on the parasite page and you’ll be sent to a corresponding page on verifiedcasinos.com from where you will be redirected to the actual casino via an affiliate link. But on the parasite page, all you see in the source code is a relative link within the current domain:

If you look at the page head, however, you will see a large script setting verified casinos.com as the base URL via loads of conditional clauses and the like.

We have already seen that these redirects are hardly visible for MajesticSEO, to give you yet another idea of how stealthy this is, neither Google nor NerdyData (a code search engine) return any results for searching for any bit of this code or the code in its entirety (well, Google has never been particularly good for searching for code snippets).

The only clue that identifies the magnitude of the issue is the URL structure – and yes, there are multiple parasite pages on hacked domains:

 

The hacker does not seem to spam links to the hacked pages at the moment – it is difficult to say whether he intended to or he was just hoping for some of these pages to rank on their own due to the domain authority. Hence, identifying a hacked domain by its external links is not viable in this case.

One important point: all hacked sites are using WordPress. I have not checked the version beyond the first few, and I have no idea if WordPress 4.0 takes care of whatever vulnerability the hacker is using as their release page says nothing about security issues, but it might be worth updating to the latest version, as usual in such cases. However, WordPress being one of the most popular platforms on the web, makes it a prime target for hackers and these are just a few vulnerabilities discovered over the last couple months:

If this is any similar to the code inserted by a hacker I have recently been looking into, the code is likely to be inserted into each and every PHP file on the server so when fixing the damage on a hacked domain, each and every file should be cleaned, and because of different random variables and other elements in the code it might not be able to find it all by a simple search. Anyway, if you need help cleaning up your domain or suspect you might have been hacked and want to check it for sure, feel free to get in touch.

As to the original poster’s complaints to Google and the domain registrar, they would hardly have any effect because, as shown above, nothing malicious is actually happening on the hacker’s own domain. Even if Google were concerned with the issue and wanted to do something about it, what can they really do? set up a team of researchers to go after every single hacked domain and remove the hacked pages from the index? I highly doubt they will ever do anything of the sort. None of the recent updates (I’m talking about the last 2 years) has addressed the issue of sites getting hacked, but each and every one of them has been pushing certain individuals in the direction of hacking sites and getting traffic via parasites.

Google has started the war on links, and this is the result it brought about: something much worse than spammy links. This is worse than blackhat SEO, this is actually a criminal activity, hacking into the property of others and modifying their sites without their knowledge and consent. Google wanted to police the links, now who will police this? Apparently not Google.