• About
    • History of Dallas SEO
  • Contact
  • Topics
    • Bing
    • Blogging
    • Branding
    • Domain Names
    • Google
    • Internet Marketing
    • Link Building
    • Local Search
    • Marketing
    • Public Relations
    • Reputation Management
    • Search Engine Marketing
    • Search Engine Optimization
    • Search Engines
    • Social Media
  • Tech
  • Advertise
  • Services
    • Search Engine Optimization
    • Ongoing SEO Services
    • SEO Expert Witness
    • Google Penalty Recovery
    • Mini SEO Audit
    • Link Audit
    • Keyword Research
    • Combine Websites SEO Services
    • PPC Management
    • Online Reputation Management
    • Domain Name Consultant
    • Domain Names & Expired Domains
    • Domain Name Appraisal

Bill Hartzer

GoDaddy Airo: Register your .com domain name today!
Home » Search Engine Optimization » This Reverse-Proxy Negative SEO Attack That Can Wipe You Out Overnight

This Reverse-Proxy Negative SEO Attack That Can Wipe You Out Overnight

Posted on February 20, 2026 Written by Bill Hartzer

reverse proxy negative seo

A post in Reddit’s TechSEO forum describes a situation that gives legitimate site owners a familiar sinking feeling: rankings drop, traffic falls off a cliff, and Google Search Console shows a canonical URL that does not belong to the real site.

The site owner says their project, Nobella.app, started losing organic visibility after a third-party domain, olxlibre.com, appeared to be serving a “perfect copy” of the site through a reverse proxy. A reverse proxy is a server that sits in front of another server and fetches content on demand, then serves that content to visitors as if it were its own. In plain terms, it can mirror a website in real time without storing a static scrape.

The part that stings is the canonical issue. A canonical URL is the page Google treats as the primary version when multiple copies exist. In this case, the post claims Google selected the scam domain as canonical, treating the real domain as the duplicate.

Jump To

Toggle
  • What the Site Owner Noticed First
    • Traffic tanked, then Search Console told the ugly story
    • The clone updated instantly when the real site changed
  • What They Tried, and Why Each Step Matters
    • Client-side JavaScript redirects
    • Absolute canonical tags
    • DMCA submission through Google
    • Submitting a disavow file
  • The Real Problem: The Proxy Origin Is Hidden
  • What a Practical Response Plan Looks Like
    • Step 1: Confirm the proxy behavior with server logs
    • Step 2: Tighten origin access rules
    • Step 3: Strengthen server-side signals that prove ownership
    • Step 4: Use provider channels that get action
    • Step 5: Watch Google’s canonical choice like a hawk
  • Why This Attack Works at All
    • Related Posts

What the Site Owner Noticed First

Traffic tanked, then Search Console told the ugly story

According to the post, the warning signs were not subtle. Organic traffic dropped sharply. Google Search Console then showed the cloned domain as the canonical URL. That combination often signals Google believes the copy is the “main” site.

The clone updated instantly when the real site changed

The site owner reported that content changes on the real site appeared on the clone right away. That detail points to a live proxy setup, not a one-time scrape. It also explains why standard “stop the scraper” advice can feel useless at first.

What They Tried, and Why Each Step Matters

Client-side JavaScript redirects

The owner added a JavaScript check that redirects visitors back to the real hostname. That can help human users who land on the fake domain. It does not fully solve search engine indexing because Googlebot can still fetch server-side HTML from the clone before any browser code runs.

Absolute canonical tags

The owner updated canonical tags to absolute URLs, such as https://nobella.app/page, instead of relative paths. That is a sound move. Absolute canonicals reduce ambiguity and create a clean, repeated signal across pages. It is one of the few on-page signals that Google can process at scale when duplicates show up.

DMCA submission through Google

A DMCA request is a copyright removal process. It is not an SEO tool, yet it can remove infringing URLs from search results. It can also create a paper trail that supports later escalations. It is often slow, and it is often worth doing anyway.

Submitting a disavow file

The owner submitted a disavow file tied to the scam domain. Disavow is a link-related tool. It tells Google to ignore certain backlinks when evaluating a site. It does not remove a cloned site, and it does not stop a proxy. In a proxy-canonical scenario, disavow can be a distraction unless the attack also includes spam links aimed at the real domain.

The Real Problem: The Proxy Origin Is Hidden

The owner said the next step is blocking the proxy’s server IP so the proxy receives a 403 Forbidden (access denied) or another error response when it tries to fetch content. That approach attacks the root mechanism: the proxy’s ability to retrieve pages from the real site.

The reported obstacle is common. The scam domain appears to sit behind Cloudflare, and the registrar setup is also part of the smokescreen. Cloudflare can mask the origin IP of the scam site, and it can also make attribution harder when abuse reports bounce around between providers.

What a Practical Response Plan Looks Like

Step 1: Confirm the proxy behavior with server logs

If you control the origin server, start with evidence. Check access logs for repeated fetch patterns that line up with the clone’s behavior. Look for unusual user agents, high-frequency hits, or consistent header fingerprints. If the proxy is using Cloudflare, you may still see consistent request behavior even if the source IP rotates.

Step 2: Tighten origin access rules

The goal is simple: let real users in, block automated fetchers that mimic a browser and pull full HTML repeatedly. Many site owners start with rate limiting and request filtering at the edge. Rate limiting caps request volume. Request filtering blocks patterns that match the proxy fetch behavior.

This is where “block by IP” can fail in practice. Many abusive fetch setups rotate IPs or use large networks. IP blocking still has value when logs show a stable cluster of sources. It is not the only lever.

Step 3: Strengthen server-side signals that prove ownership

Canonical tags help, yet Google can still get confused when it sees two identical sites. Add repeated ownership signals that the proxy cannot easily rewrite server-side:

  • Make sure every page emits absolute canonicals and consistent internal links back to the real hostname.
  • Use consistent structured data tied to your brand entity, such as Organization schema with the real domain listed as the URL.
  • Publish a clear “About” or “Contact” page with unique, verifiable business details that appear across the web and match known profiles.

Step 4: Use provider channels that get action

DMCA is one lane. Abuse reporting is another. File complaints with the host, the CDN provider, and the registrar. Provide side-by-side proof: your real URL, their cloned URL, and timestamps. Screenshots help. Logs help more. When you write these reports, treat them like evidence for a dispute, not like a rant in a ticket form.

Step 5: Watch Google’s canonical choice like a hawk

In Google Search Console, track the canonical selection over time. Track indexing status. Track crawl stats. Track the “Duplicate, Google chose different canonical than user” type signals. The objective is to see the moment Google flips back to your real domain, then keep it there by repeating consistent signals.

Why This Attack Works at All

This type of negative SEO attack succeeds because it exploits two things at once. First, the proxy creates a duplicate that looks perfect. Second, canonical selection is an algorithmic decision, and algorithms can be fooled when the copy appears more accessible, more consistent, or simply gets crawled under conditions that make it look “cleaner.”

If this sounds unfair, that’s because it is. Google is good at de-duplication at web scale. It still makes bad calls, and the bad calls hit real businesses.

The takeaway is blunt: if someone reverse-proxies your site and Google starts treating the clone as canonical, you need two parallel tracks. One track blocks or degrades the proxy’s ability to fetch your origin. The other track floods Google with consistent ownership signals tied to your real hostname. Do both, document everything, and keep pressure on the providers until the clone stops working and Google reassigns the canonical where it belongs.

Related Posts

  • Legal Tech Media Group Bets Big on AEO
  • Remembering Bruce Clay: The Father of SEO and a Friend Who Changed an Industry
  • Why Paid AI Mentions Could Become the Next Google Penalty
  • Can Real Human Traffic Improve Organic Rankings? Here’s What the Data Shows
  • Google Confirmed It: “AI SEO”, GEO, and AEO Are Still Just SEO

Filed Under: Search Engine Optimization

About Bill Hartzer

Bill Hartzer is the CEO of Hartzer Consulting and founder of DNAccess, a domain name protection and recovery service. A recognized authority in digital marketing and domain name strategy, Bill is frequently called upon as an Expert Witness in internet-related legal cases. He's been sharing his insights, expertise, and research here on BillHartzer.com for over two decades.

Bill Hartzer on Search, Marketing, Tech, and Domains.

Hartzer Domains

Bare-Metal Servers by HostDime

DFWSEM logo

 

 

Brand Ambassador for:

Majestic logo

Oncrawl logo

Industry Friends

  • David Daniels
  • WTFSEO
  • SEO By the Sea
  • Jeff Lenney
  • Jeff Gabriel
  • Scott Hendison
  • Dixon Jones
  • Brian Hartzer
  • Navah Hopkins
  • DNAccess
  • SEO Dallas
  • Confirmed Stolen
  • Hartzer on IT.com
  • Jason Olson

Connect With Bill Hartzer

  • Bill Hartzer on X
  • Bill Hartzer on BlueSky
  • Bill Hartzer on Instagram
  • Hartzer Consulting on Facebook
  • Bill Hartzer on Facebook
  • Bill Hartzer on YouTube

Recent Posts

  • Which AI Model Should You Use? A Practical Guide by Task
  • Legal Tech Media Group Bets Big on AEO
  • The Domain Name Gap: What GoDaddy’s 2026 Most Entrepreneurial Cities List Reveals About Digital Presence in America’s Growth Markets
  • Remembering Bruce Clay: The Father of SEO and a Friend Who Changed an Industry
  • Former Apple Executive Launches PersonaShield to Fight Deepfakes
  • AudioEye’s 2026 Report: AI Search Is Routing Users to the Worst Pages on Your Website
  • Bluehost Study: 87% of Small Businesses Use AI — Only 20% Know What They’re Doing
  • New AI Study Finds Early Adopters Are Winning Raises, Promotions, and Extra Income While Others Fall Behind
  • PropellerAds Launches Paid Social Traffic
  • New AI Tool Kinetik Claims It Can Predict Social Media Growth Before It Happens
Note: All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only, and are mentioned only to help my readers. All other trademarks cited herein are the property of their respective owners. Use of these names, logos, and brands does not imply endorsement.

  Hartzer Consulting

Website, Content, and Marketing by Hartzer Consulting, LLC.
Disclaimer - Privacy Policy - Terms of Use - AI Instructions

Copyright © 2026 ·