Bill Hartzer

Bill Hartzer on Search, Marketing, Tech, and Domains.

Home » Search Engine Optimization » New Undetectable Type of Negative SEO Attack Uncovered

New Undetectable Type of Negative SEO Attack Uncovered

Posted on Written by Bill Hartzer

negative seo

There is a new type of virtually undetectable type of negative SEO attack that I discovered. This type of negative SEO attack is a particularly nasty type of attack, as it’s virtually undetectable by you (if you are a victim of the negative SEO). It takes advantage of a fairly new tag (the canonical tag) that search engines like Google and Bing support–but uses it in a very mischievous way. In fact, as a technical SEO myself, having practiced organic SEO for 20 years, I normally wouldn’t have been able to spot this type of negative SEO attack on my client’s web site. But, just like a lot of criminals out there, they can be sloppy, which ultimately lead to this negative SEO attack being discovered.

What is this New Undetectable Type of Negative SEO?

Traditionally, the “old style” of negative SEO involved links. Google has, in fact, publicly stated that they can (and do) spot negative SEO because it involves links. Google, after Penguin, has gotten pretty good at spotting links and dealing with them. This new, more sophisticated type of negative SEO doesn’t involve links per se–it involves canonical tags, and, more specifically, cross-domain canonical tags. So, the site doing the negative SEO isn’t linking to your web site. They’re using canonical tags.

Here’s how this new undetectable type of negative SEO works. Note that while I can’t publicly give any specific example URLs due to NDAs, but below I do offer a screen shot of how I detected this negative SEO. The person doing the negative SEO slipped up and “outed themselves”, so to speak:

  • Let’s say someone wants to do negative SEO to a competitor’s web site and they want to “take down” or cause a big drop in rankings on Site A. Site A is the victim’s web site.
  • They take Site B, which is either a hacked site or a domain name that has bad links (a burned domain/spammed domain). On Site B they copy the “head” of Site A’s pages (line by line) and put them on pages on Site B.
  • Site B pages have canonical tags pointing back to the Victim/target site Site A.
  • Google ends up combining both the content on Site A and the content on Site B, because of the canonical tags on Site B. The bad content on site B gets passed onto Site A. Site A then drops like a rock in the search engine rankings.
  • In some cases, they may copy the entire page of Site A and put it on Site B, but add off-topic (usually adult) content on the page. Sometimes it’s only the “head” of the page (which includes the canonical tag) which is copied, the rest of the page contains the adult content. But, in all cases, the “head” of the page, the page’s header, is copied from Site A to Site B, the bad site.

This is typically tough to spot, since it’s not involving links. But in this case I spotted it because the Site B also links out to some other sites. So, with Majestic’s new data (which includes canonical data), the links from Site C (which Site B linked to) is showing up as a link. Then Majestic shows the canonical tag data. If you follow the links, follow the canonical tags on the pages, and look at the content, you can identify the negative SEO being done to Site A, the victim’s web site.

Why Is This Negative SEO Virtually Undetectable?

This type of negative SEO attack is virtually undetectable, as 99 percent of the negative SEO attacks typically involve some sort of link building or linking. In many cases, the person doing to negative SEO will build or create links to the victim’s web site. Most link tools, including Majestic, ahrefs, Link Research Tools, and even Googles Search Console will show you the links to the victim’s web site. In order for the negative SEO to work, they person doing the negative SEO may try to hide the links from showing up in third-party tools such as Majestic, ahrefs, etc., but the links won’t be hidden from Google. So, they will show up in Google Search Console.

This new type of negative SEO attack, though, does NOT involve links. So, because links aren’t involved, it’s very difficult to detect that negative SEO is being done.

Another way negative SEO can be done involves hacked web sites and hacking into a web site. Or through link injections or injecting malicious code into a web site. In those cases, though, the web site owner can potentially see this, see that their web site has been compromised, and potentially clean it up.

But this type of new negative SEO is virtually undetectable because it doesn’t involve hacking into a website and it doesn’t involve links. It involves the canonical tag and a malicious use of the canonical tag. In this case, the person doing the negative SEO is, in fact, not creating links; they’re not hacking into the victim’s web site: they’re copying a portion of your web site (the header area only) and putting it on what I would call a “bad web site” or “bad domain”. Then, they combine bad content with the header area of your web site, and Google (or another search engine), because they see the canonical tag back to the victim’s web page, combines the bad web site content with the victim’s web page, and the search engine rankings of the victim’s web page goes down. In one case, I’m seeing a #1 ranking for a keyword drop to position 78.

How Did I Detect This Negative SEO Attack?

So, how did I figure out that my client’s web site was the victim of this new type of nasty negative SEO attack? Well, first of all, the web site owner (my client) asked me to investigate why their search engine rankings, for many keywords, dropped so drastically all of a sudden. So, I put on my Sherlock Holmes Hat (OK, well, actually it’s a Majestic.com Space Man Helmet) and got to work. I went into Google Search Console and looked at the Search Analytics, I crawled the web site, I looked at Google Analytics data. Then, I started to investigate the links to the web site. I looked at Majestic.com to see the links–I looked specifically at the links they lost and the new links to the web site.

It turned out that on April 11, 2018, there were 1,877 new links identified by Majestic. In fact, this is a large number of new links to the web site, as it’s a B2B type of web site. The site usually gets 50-150 new links a day according to Majestic. So, 1,877 new links is out of the ordinary:

1877 new negative seo links

Take a look at what I found in the Majestic backlinks–those new 1,877 links that the web site got:

negative seo attack example canonical tag

There a few things worth noting here:

  • The links that are showing up don’t contain a link to the victim’s site.
  • The Trust Flow is bad (zero).
  • The Citation Flow is really high (50).
  • The anchor text and title tags of the sites are adult-related or off-topic to the client’s web site.
  • Majestic shows that this is a Canonical tag involved (this is new and an awesome Majestic feature!!).
  • The links are fairly new, as I can tell, as they link to the HTTPs version of the client’s site. The client’s site was moved to HTTPs only a while back (maybe a year ago), so the attack is fairly new (versus links that were done years ago).

The mistake that the person doing the negative SEO made was that they “linked out” to other bad web sites that they own. So, since they linked out to the other web site(s), those web sites they’re linking TO show up as links to the victim’s web site (my client’s web site. If they had NOT linked out to the other web sites that they own, I believe that the negative SEO would have still worked just fine–and I would have never detected that negative SEO was being done to the victim’s web site (my client’s site).

How Do You Get Rid of this Type of Negative SEO?

Well, so how do you get rid of this type of negative SEO attack, even if you are able to identify that it’s happening? That’s a very good question. There are few options:

  • Do nothing and hope it goes away. Well, that’s an option, but actually as SEOs, we have to deal with it–we need to do something to help the victim’s web site (my client). But, sometimes it will actually just go away at some point, the person paying someone to do the negative SEO to the victim’s web site might run out of money, or they might become disinterested in pursuing it further. Or, Google will find a fix and it will no longer work.
  • Change domain names. You could, actually, change your domain name and move your content to another site. This might not be an option for some, but it could be an option. Keep the same domain name, but, using canonical tags, the ‘new domain name’ could rank in organic search.
  • File a Spam Report with Google. I do recommend this, but I personally don’t know how long it could take for Google to act on it–and, even if they could act on it, I’m not sure Google’s systems are set up in a way that they’re able to actually deal with this type of negative SEO or spam. You see, it involves cross-domain canonical tags, and they’d literally have to change how they deal with them. Perhaps only make them work if both sites are verified by the same site owner?
  • File a DMCA. If someone has stolen content and put it on their domain name, you can file a DMCA with the web host and with Google. But, this has a few caveats: you must know that the negative SEO is being done to your web site, you must identify all the sites that are doing it to you, and those sites must be hosted in the USA. The DMCA, as far as I know, only applies to sites hosted in the USA.
  • Change from HTTPs://www or to HTTPs:// . If the canonical tags pointing to your site from the bad domain name are pointing to the HTTPs://www version of your site, then you might take a chance and move to HTTPs:// which is a different version–the person or site doing the negative SEO might not notice, and they may still point to the other version of your site.
  • Change the URLs on your web site. You could actually change each and every URL on your web site so that the URLs the negative SEO are pointing to don’t exist anymore. Just adding an additional directory (or removing a directory) in your URL structure will do the trick. Then, you’d want to make sure those old URLs serve up a “410 Gone” status code, and make sure they’re removed from the sitemap.xml file(s). But, according to another highly technical SEO expert I know, they’ve done something like this: and it took up to a year for Google to recognize and fix the canonical tag issue. I don’t know many web sites that can wait a year.

While there are options here, none of them are a really good options, given the fact that you pretty much do something on your end to combat this negative SEO. I mean–once you actually identify it and all of the web sites that are doing this to your web site or to your client’s web site, you must change your URLs, move to another domain name, and wait for Google to figure it all out. And as I mentioned, most sites don’t have a year to wait until Google fixes the situation.

What Can You Do About This Now?

Well, what can you do about this right now? How do you identify if your web site is a victim of negative SEO? First of all, you need to take a look at your web site’s backlinks–both in Google Search Console, and I recommend looking at them in Majestic.com, as well. Majestic.com will show you the backlinks that have canonical tags pointing to your web site. And, if the person doing the negative SEO to your web site has made a mistake, then you will potentially spot these links and identify it. But, if they’re more sophisticated, and they do a good job of hiding their tracks, then there won’t be any outgoing links, and, like I said–it’s virtually impossible to detect at this point.

Unfortunately, there still is nothing in the Google Webmaster Guidelines about negative SEO–the sites doing this undetectable negative SEO should be immediately be banned in Google, and they should receive a manual action.

Update: I was on The Launch with Tim Vasquez, where I discussed the recent negative SEO issues, including this one. I have more details on the show:

About Bill Hartzer

Bill Hartzer is CEO of Hartzer Consulting, an SEO Consulting firm that includes services such as search engine optimization, technical SEO audits, domain name consulting, and online reputation management. As an SEO Expert, Mr. Hartzer frequently serves as an SEO Expert Witness and Domain Name Expert Witness in legal cases worldwide. He also oversees DNAccess.com, a company that provides brand protection and monitoring, domain name background checks, and stolen domain name recovery services.