Bill Hartzer

Bill Hartzer on Search, Marketing, Tech, and Domains.

Semrush Free Trial

Home » Google » 3 Google Negative SEO Exploits, Website Owners Have No Recourse

3 Google Negative SEO Exploits, Website Owners Have No Recourse

Posted By Bill Hartzer on at

There have been three major flaws and exploits of the Google search algorithms recently, and they all involve negative SEO. The problem is that all of these three exploits (bugs or holes) in Google’s organic search algorithms allows others to attack a website, causing severe search engine ranking drops, and a loss of business. If you’re a business whose website has been attacked by one of these exploits in Google’s algorithms, there currently is no easy recourse to “recover” from such an attack. Google’s not providing a way to recover from negative SEO attacks, and one Google rep even went as far as stating that it “can take up to a year” for it to all be straightened out.

What is Negative SEO?

Negative SEO is, simply, when someone specifically targets a website (usually a competitor), uses an exploit or a hole in Google’s search algorithms to cause another website’s search engine rankings to go down or get worse.

One example of negative SEO is where one website (the victim) was targeted by someone else using the negative seo canonical tag exploit that I uncovered last week. Another website targeted the victim’s website, causing their organic search engine rankings to go from ranking #1 for a keyword to #78 for that keyword. That caused a loss of search traffic and a loss of sales for the victim. This is considered negative SEO, where it’s obvious that someone else is targeting this particular website, in an effort to cause harm to their rankings and to their business.

Unfortunately, when negative SEO occurs, currently there is no recourse for the business. And, other than spam reports submitted to Google, there is no way for a business to report to Google that they are a victim of negative SEO. In fact, Google has repeatedly denied that negative SEO exists, not even acknowledging it in their Google Webmaster Guidelines. Yet in recent months at least three different Google search negative SEO exploits have come to light and been presented publicly. I am sure there are more out there, but we currently know of these three.

What are the 3 Major Google Search Negative SEO Exploits?

In recent months, there have been three major Google search negative SEO exploits that have come out publicly. I call each of these a negative SEO exploit, as someone can use one of these techniques (or exploits) to negatively affect the search engine rankings of another website that they don’t have control over (a site they don’t own).

  • Google Sitemaps – Tom Anthony from Distilled was able to hijack the Google search results using sitemaps.
  • Open Redirects – Kristine Schachinger found negative SEO being used against a website using open redirects.
  • Cross-domain Canonical Tags – I posted recently about cross-domain canonical tag negative SEO attacks occurring against websites.

As I mentioned, each of these can be used negatively against a website that you don’t own. Currently, Google has publicly stated that one of these exploits was, in fact a bug, and they offered a bug bounty of about $1300 to the person who reported it to Google.

One of the exploits, the open redirects exploit, is known by Google reps, and could take quite some time to resolve. So, if your website is negatively affected by the open redirects issue, the search traffic you lost (because of what someone else did to your website) won’t come back quite a long time. That is absolutely, undeniably wrong–a business should NOT have to suffer for a long time if someone else has targeted your website using this negative SEO technique.

The other exploit, the negative SEO canonical tag issue I pointed out recently, was briefly addressed by a Google representative, John Mueller, who was quick to point out that “it doesn’t work”, while not even having the full facts and URLs of the case I wrote about. I have since forwarded details of the negative SEO canonical tags issue to Google and have not received a response from them. The issue still exists to this day, and the website (the victim’s website) has not recovered from this negative SEO attack.

lose trust, negative SEO
Trust may be a search engine ranking factor. If your site is hit by negative SEO, your site can lose rankings because it loses some trust.

If You Are a Victim of Negative SEO, How Do You Recover?

At this point, there are, in fact, there are not many options for your website if you truly have been attacked by negative SEO. Many of the options involve changing your website’s URLs, which, in fact, is a pain to do. For example, with the negative SEO canonical attack, you could change your URLs from HTTPs://www to HTTPs:// (change from www to non-www) and essentially the cross-domain canonical tags would no longer be working. But, that assumes that person doing the negative SEO won’t update the canonical tags on the websites that are attacking your website.

Another extreme option would be to actually change domain names. I know this may not be an option for many businesses, but if you have a lesser-known website, and you just can’t “catch a break” so to speak and recover from the negative SEO, you may consider moving to a new domain name. Even if you redirect your old domain name to the new domain name, there’s a chance that the negative SEO effects will not be passed on to your new domain name. Unless, of course, the person doing the negative SEO chooses to also attack your new domain name, as well.

What Can Be Done?

I recently spoke with Michael Stricker, a Digital Marketing Consultant at MSDesign about what some of the options are–for Google and for website owners. Here’s what he told me:

“Pinging sitemaps is a mere convenience. Close it down like a crime-ridden 7-11 Store. There will still be three other means by which Google and other major search engines can detect XML sitemaps.

Open redirects are detectable and defensible, both as one-off circumstances and especially by using best practices to prevent inbound link traffic from bearing any but white listed parameters. We can’t expect Google to police all of the links on the web… some responsibility must fall on IT webdev and admins (and website owners).

But, canonical tags ARE different. They resemble a gentle agreement by which publishers may accrue value to an original, domains can indicate preferred URLs among masses of dupe content, crawlers benefit from more efficiently-shaped crawls, and searchers gain a better, more distilled selection of results. Cross-domain canonical tags help authors and publishers, and operators of complex sites with subdomains. That those ‘attack vectors’ are apparently undetectable users by current methods makes me wish for a big brother to protect me against negative SEO. But, I’ve had enough of Big Brother. And, we’d all suffer if Google were to limit their response to canonical tags in some way.

Unless webmasters were given a suggestion device, similar to “URL Handling” in Google Search Console (GSC). GSC presents the latest batch of detected canonical tags, and webmasters respond, “these domains should NOT be canonicalizing to mine”. Still, that’s slow and inefficient.

My counter-proposal for that would be, focus the massive crawler and log-file processing power of the SEO tools on monitoring and detection. Is SEMrush, AHREFs, Majestic listening? Fear is a powerful motivator. So, if the prevalence of such attacks were known to be growing, and the effectiveness were measurable, then one could sell a huge amount of subscriptions based on bulletproofing domain names against a known vulnerability.”

So, Mr. Stricker is suggesting that SAAS tools provide the canonical and link data needed to detect such negative SEO attacks. I can tell you that Majestic, in the case of the negative SEO canonical attack, pointed out to me that there was a negative SEO attack occurring with the canonical tags.

Truly Nothing You Can Do If You’re Attacked?

Currently, there are no official recourses for website owners can do to alert Google that they’ve been the victim of negative SEO. If your website has been hacked, you can request a review from Google. They actually have a good resource and explanation of what you need to do if your website has been hacked. You can read more about it here. But, currently, there is no way to request a review if you’ve been a victim of negative SEO.

What I recommend is that Google add a process (similar to the hacked site review) for requesting a review for negative SEO. As Michael Stricker pointed out, this may be inefficient, but there should be a way for website owners to point out the negative SEO being done to their websites. But, the problem here is that if Google created a method for telling them about negative SEO, they would actually have to admit that negative SEO exists (which they have not acknowledged publicly yet).

If you’ve recently lost search engine rankings and lost website traffic, consider getting an website traffic loss audit of your website. During the audit, one can typically figure out if your website is a victim of one of these types of negative SEO.

Update: I was on The Launch with Tim Vasquez, where I discussed the recent negative SEO issues. I have more details on the show:

About Bill Hartzer

Bill Hartzer is CEO of Hartzer Consulting, LLC, an SEO Consulting firm that includes services such as search engine optimization, technical SEO audits, domain name consulting, and online reputation management.