What are the Marketing Costs of a DDoS attack?

chris dyson & SEO Doctor This Post is Written by Chris Dyson. Chris is an SEO Consultant for Hit Reach and blogs infrequently at TripleSEO.com


It seems like a month doesn’t go by without a story popping up on some tech news blog regarding another major DDoS attack.Only this past few days has Moz been suffering from a DDoS attack on their site.

The term “DDoS” stands for “Distributed Denial of Service” and it’s an attack that is commonly used by hackers to bring down a website temporarily. While this hack doesn’t really help anyone gain access to specific information on its own, it is a very useful tool for making a website unreachable by its intended audience. These attacks have been around for quite some time, but they were more recently popularized by those perpetrated by Anonymous against various large companies.

The Original Denial of Service


The way these attacks work is fairly simple. Websites servers are only able to provide access to a certain number of users at any given time due to bandwidth and other considerations. When too many people try to access the site on the server at once, the server cannot handle the load being placed on it and the site becomes unavailable. People use specialized software programs to access a website from many different IP addresses at once. When many people get together to target the same website at the same time, this can overload the host server and make the site impossible to reach. Some of these tools are made up of proprietary software, but some are open source to the public. For example, Anonymous has freely distributed the “Low Orbit Ion Cannon” software for free public use in DDoS attacks.

In the end, there’s a lot of argument over whether all DDoS attacks are pure vandalism or if some fall under the blanket of Hacktivism. After all, many of the most famous DDoS attacks did specifically target certain companies and organizations for very specific reasons. While that debate rages on, people will still continue to perform these attacks on websites.

The Impact to Your Website


DDoS attacks can hurt your revenues but there are of course other concerns too:

1. Brand and customer perception – inflicting potential brand damage at the same time as granting a competitive advantage to your rivals.

2. Email and contact centers – once network infrastructure and routers are targeted, DDoS attacks might bring down email and client contact centers, particularly if the call center is on a voice-over-IP (VoIP) network. During this incident, a DDoS attack can interrupt communication with customers, partners, vendors and even staff.

3. Stock price and market confidence – Some organisations hit by DDoS attacks have seen stock prices briefly fall and/or suffer volatile fluctuations because of market concerns for large brands this can be significantly expensive.

4. Search engine rankings – one negative consequence from DDoS attacks that usually gets overlooked is the potential affect it might have on rankings. We already know that if your web site isn’t accessible or crawlable, it could hurt your rankings. After all, Google needs to serve its users with quality results and websites that work. So, once your web site is down from a DDoS attack and Google sees that it’s “uncrawlable” it’s fair to assume that your rankings could take some form of impact.

It’s important to point out that the length of time your site is down plays a role in determining whether or not your rankings will be affected. According to everyone’s favourite Googler Matt Cutts, “If it [your site being down] was just for a day, you should be in pretty good shape. If your host is down for two weeks, then there’s a better indicator that the website is actually down and we don’t want to send users to a website that is actually down. So if it was only just a short period of downtime, I wouldn’t really worry about that [affecting your rankings].”

DDoS attacks are very often incorrectly associated with a service outage. In fact the biggest impact of DDoS/DoS attacks in 2013 was service degradation, which in most cases presents itself as a slow website.

A recent study by TRAC Research of 300 businesses, reported three very interesting things:

• Average revenue losses of $21k per hour of downtime.

• Average revenue losses of $4k per hour of performance slowdown.

• Website slow-downs occur up to ten times more frequently than website outages.

In other words, website slowdowns, can have a greater impact over time on your revenues as outages. While temporary outages cost more per minute, slowdowns take up significantly more time and can ultimately cost more.

And what about the impact on customer retention:

During a temporary outage, 9% of customers will permanently abandon your website.

• When your website is unacceptably slow; 28% of customers will permanently abandon it.

Or to put it another way: the permanent abandonment rate for a slow site is more than three times greater than the abandonment rate for a site that is temporarily down. Think about that for a minute.

Unfortunately, some black hat SEOs have already started using DDoS attacks against competitors as a tactic to damage their sales and rankings.

How to Identify a DDos Attack

Most cloud DDoS mitigation services are available on demand which means that customers will enable the service once they are the victim of a DDoS attack.

There are multiple monitoring tools you’ll be able to use to capture traffic changes, which might help confirm whether or not you’re under a DDoS attack.

#1. Internal server, network and infrastructure monitoring applications

Companies have plenty of monitoring package and applications to decide on from, however one of the morestandard pieces of software, referred to as Nagios, allows you to monitor internal infrastructure status and performance of applications, services, operational systems, network protocols, system metrics and network infrastructure.

For example, monitoring software packages will check your HTTP service to make sure that a web site or server is functioning properly, and if the service isn’t functioning, most software includes real-time notification. As a result most DDoS attacks target a web server or application server, monitoring software could show the HTTP service to be experiencing a problem with slowness, high CPU utilization or complete failure. While watching servers and infrastructure are useful, there’s no guarantee that DDoS is the issue. Abnormal spikes in traffic and usage do occur for legitimate reasons from time to time.

#2. External Performance watching Solutions within the Cloud

Companies that don’t host their own websites and use services like Amazon EC2 would get the most from third-party solutions. Network/infrastructure tools — that are sometimes put in within your network — external performance watching solutions are usually provided by a 3rd party and leverage various monitoring locations from round the world.

External watching tools will study many elements:

• Virtual browsers to check the basic web site over time and performance

• Real browsers to look for site / application performance, errors and repair degradation

• Network services like DNS, FTP and your email, among others

From a DDoS perspective, associated external third-party monitoring is the sensible answer. The aim of this kind of tool is to perpetually monitor an internet site, service or application and check for potential indicators of a DDoS attack.

That said, though a 3rd party external tool will work on capturing DDoS attacks, these solutions don’t seem to be foolproof. While external tools will point out that site performance is degrading or is failing, it cannot confirm the explanation.

Originally, the goal of third-party tools was to make sure that ISPs, hosting and servers were functioning as designed. Slow response times and outages may indicate a hosting provider or server being down.

How to Test your Sites Vulnerability

If you are a competent technical person and have a few friends you could try LOIC (Low Orbit Ion Cannon) or HOIC (High Orbit Ion Cannon) which were released to the public by Anonymous, but of course you could just spend $5 on Fiverr and get a report carried out for you to highlight the most common vulnerabilities. Regular DDOS attacks like those launched by LOIC work by overwhelming the server with complete requests. Slowloris works differently. It opens connections to the server but never actually completes them which ties up all the server’s sockets resulting in a DOS. The easiest way to mitigate this sort of attack is by denying many connections from a single client. But of course there’s a way to get around this using Tor and Pyloris a Python version of Slowloris.

hping is a command-line oriented TCP/IP packet assembler/analyzer. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks.

Of course SEO’s have made the ability to carry out a DDoS attack really easy for just about anyone. Russ Jones wrote an article that showed that free SEO tools that create XML sitemaps or crawl sites could be utilised all at the same time to cause a significant increase in bandwidth and CPU Usage.

You should do whatever you feasibly can to prevent DDoS attacks or at the very least mitigate against any attack that does hit your website. Make sure that you have systems in place to detect potential attacks and have a plan in place for responding to them as quickly and effectively as possible.

Blackhat CRO: The Dark Side of Conversion Rate Optimisation

The dark sie of cro

I really miss the good old blackhat days, but Google has done really well of ridding the interwebz of spam recently.  As I’ve been delving a lot into conversion rate optimisation (CRO) recently, I thought it would be good to look at blackhat CRO tactics. Like blackhat SEO, there are all different shades of grey depending on your morality, but with blackhat CRO you are deceiving real people not just search bots which is fine.

To carry out blackhat CRO you need to understand the main principles and techniques of CRO, then fake them.  Here’s how Wikipedia defines CRO:

conversion rate optimization (CRO) is the method of creating an experience for a website or landing page visitor with the goal of increasing the percentage of visitors that convert into customers. It is also commonly referred to as CRO

Key elements of CRO

CRO is about understanding the psychology of your visitors and providing them with the experience they need to reach your goals. There are many factors effecting a users decision making process, but they are always driven by emotions then reinforced with logic once the decision is made.  Many CRO techniques are taken from old marketing ideas around influence, like Cialdini’s Psychology of Persuasion.


The key element of CRO is to create credibility and trust on your landing page or website. You need to give the users the confidence to proceed and complete your goal whether  it’s subscribing to a newsletter, gaining a Facebook like or proceeding down an ecommerce buying funnel.  The ecommerce conversion funnel is more complex than a simple converting landing page,  each step creates risk of abandonment.  Each step of the funnel needs to be examined to find negative user sentiment so it can be eliminated, each of the steps can also include blackhat techniques.

Conversion funnel

What is Blackhat CRO?

Blackhat CRO is any tactic used to mislead a user to complete a desired goal.   Harry Brignall describes these as ‘Dark Patterns‘, which he describes below:

Dark Patterns are User Interfaces that are designed to trick people.
Normally when you think of “bad design”, you think of laziness or mistakes. These are known as design anti-patterns. Dark Patterns are different – they are not mistakes, they are carefully crafted with a solid understanding of human psychology, and they do not have the user’s interests in mind.

Google’s Blackhat Conversion Tactics

Even Google is partial to a few blackhat/greyhat conversion tricks.   Ever found it hard to detect Google’s sponsored links?  Moving your laptop screen around to see the colours?   That’s Google intentionally changing the adsense background colour to ‘trick’ people into clicking through.  To me this is pure deception.  Google used to get around 30% of adwords clicks with 70% going to the organic listings, but I would love to know the ratios now for a query like this.

Google SERP hidden ads

Another shady tactic is Google’s new arrow box on adwords.  I’ve actually clicked on one of these on my ipad thinking I as about to scroll right to the next page. With 25%  of ad clicks coming from mobile, I’m convinced this is done out of pure deception.

Adsense Arrow

Now we have seen examples of Google’s art of deception, lets look at some of the tactics used by other websites skating the grey boundaries of user experience (UX).

Blackhat Copy

The key element of blackhat copy is to get the user to convert as quickly as possible on the landing page or start them heading down the conversion funnel.  Tactics range from straight out lying to greyhat use of hidden truths.  Below are a few examples that I found.

Many sites will use the terms ‘FREE’, even though you will have to hand over your card details to register.  Sites will then conveniently not remind you after 30 days to cancel your subscription.  It’s more than likely you will forget.  This tactic is called forced continuity and can been seen on hundreds of websites, here is the stage of LoveFilm’s free trial.

LOVEFiLM free sign up

Once you have subscribed and given your card details, many sites will use the tactic of making it difficult to cancel the service.  This tactic can also be aided and abetted by 3rd party transaction houses.  I have noticed Paypal hide away your payment subscriptions. Try it now, log in and see how long it takes you to find all the websites and services you are subscribed to.  I recently did a Paypal review and found I was subscribed to over 30 services, which I have now reduced. You only see a paypal transaction on your bank statements so never see the service you are subscribed to.  2Checkout also makes it difficult to to see what the payments relate to.

Paypal Subscriptions

Greyhat copy is also seen where the whole truth or offering is misleading. Here are some examples that have been held up by the Advertising Standards Authority (ASA), who continue without taking down their false claims.  These sites are named and shamed on the ASA website until they change their copy.

Below Webhost was found to be using ‘100% customer satisfaction’ misleadingly as they could not provide evidence to the ASA.


Here Nuratrim were found to be using ‘scientifically proven‘ without any research to back up the statement.

scientifically proven

Here 25poundlogo make the date dynamically change to today’s date every day. The ASA found this to me misleading.  Time sensitive sales is a great conversion tactic used by many legit sites like Groupon and Qwertee.

offer never ends

The ASA concluded kidz5aday  did not provide a child with 5-per-day and used misleading claims.

5 a day powder

Widgets such as calculators can also be used to give people false information in the form of price ‘estimates’ encouraging the user to proceed.  Here daddycashforgold.co.uk were found to give totally misleading gold prices in their calculator.

Gold Daddy 2

Hidden Costs

Advertising a product or service with a disguised low price is a common problem online. As with the widget example above, the aim is to get the user to click through and proceed.  There are hundreds of pricing tricks out there, but here’s a couple of examples.

Hosting companies showing prices that are monthly but only if you sign up for more than 1 year.

pacific host

Here Pacifhost show monthly prices that you would assume are for a 1 year contract.  The $2.49 price is actually for 3 years and this basic package for 1 year is $4.99.  Even clicking through to compare the plans does not highlight the deal properly, you have to hover over the pricing to see the time spans.

Pacific Host CRO

 click to expand

Here ironeasy.co.uk broke the advertising standards code by quoting prices exclusive of V.A.T.  Ex VAT prices are also incorporated into many prices comparison calculators.

price ex VAT

Fake Endoresments & Testimonials

Social proof is an extremely powerful marketing tool to aid CRO.  Users have a strong psychological need to see what others have done in order to make the correct decision themselves.  Social proof is also one of the easiest to fake and least regulated, there must be hundreds out there. The ASA will also take action for the misuse of logos on a website, but they need a few complaints before they investigate the website.


misuse of logos 2

Here’s one using Kristi Hines’  image, feel free to call her Pamela from now on! :)

Krisi Hines

 Source: contentproz.net

This site’s whole ‘Testimonials’, ‘As seen on’ and ‘Featured Clients’ must be totally faked.  At the time of writing Kristi just got her images removed after much hounding.

krisi Hines fake testimonial

 click to expand

The above are totally fabricated, but what about using affiliates to promote your product and writing amazing reviews?  The Federal Trade Commission (FTC) in the US has previously fined websites in which the affiliates did not disclose the full intent of their promotional material. As started by the FTC’s head of consumer protection, David Vladeck:

Advertisers using affiliate marketers to promote their products would be wise to put in place a reasonable monitoring program to verify that those affiliates follow the principles of truth in advertising

As an affiliate of a few products myself, I’m not sure if I comply to these ‘principles of truth‘.

With the huge growth of the review market, I can see a few sites being fined in the future for falsifying reviews.   Last year Beony International was hit with a $13m judgement for producing fake news based around the miracles of the acai berry.

Adding dirt to the conversion funnel

Along with tricks to help conversion, some ecommerce sites will add extras in the conversion funnel to maximize profits.  Greyhat CRO tactics are not just about the conversion, but ensuring customers are converting on the products that are most profitable.

Adding extras to your shopping basket

This is my pet hate.  Here you will see 123Reg adding in other domains to my purchase by default. You have to deselect them otherwise you will buy 2 extra domains.


Making most profitable products default

Setting the most profitable option as default is also a common trick.  Sorry Buzzstream, we still love you but that Solo plan is really hidden away!!

buzzstream deception

 click to expand

Paying for extras

Making you pay for things that are essential, like a bag when you fly!  Ryanair.

Ryanair 1 bag

I hate you Ryan air (but that’s a separate rant), so I decided to pay for some user testing.  They make their whole conversion funnel so messy, even including adsense on the final pages.  I believe the tactic is to create a nasty experience so you rush through the order process adding their extras as you go.  The final assault is the big push to get you to buy ‘Ryanair talk’.   I plan to do some further testing on this site to investigate cookie based price manipulation.

ryan air funnel

 click to expand

Ryanair User Testing 


Another one of my pet hates and worth a user test. To be fair, they have cleaned up their whole site and sales process considerably.

The test highlighted Godaddy making the domain registration of a .com 2yrs by default. When the tester amended to 1year and hit the back button to test something, it reverts back to the 2 yr default.

Users are continually getting smarter with these types of tricks, I believe a clean user experience is the best way to increase conversion.  ASOS previously reduced their abandonment rate by 50% by using more transparacy in the checkout process.

Blackhat tactics for Social Media CRO

Conversion goals for social media include likes, shares, follows, comments etc . As companies are seeing real ROI from social media marketing, more dark tactics are being found across the Internet.   Again many shades of grey exist in this arena, you can decide what is white, grey and blackhat from the examples below.

Faking followers

Even big brands have been caught out creating fake profiles to either manipulate Facebook’s edgerank of to appear more popular.  Users are more likely to like a page if others have also done so, its back to social proof again.

Account automation

Not really blackhat but once you have trusting faithful followers you won’t have to do much to garner more likes and comments to keep your brand fresh in people’s mind for a future promotional opportunity.

Neil Patel2

‘Like’ to Play

I actually really love this campaign, even though it is slightly greyhat into deceiving FB users to share the Ecover page.  You cannot enter the competition without liking the page first.

Ecover Facebook Page

Creating ‘likes’ and ‘comments’ with fake status updates 

Here nothing actually happens, but has created hundreds of interactions.


 Oauth Misuse

From apps that kindly update your status for you to pure blackhat hacking of Facebook accounts, Oauth has plenty of room for misuse.

Like Jacking

Like jacking is the technique of making users like a page without them really knowing it, it stems from the old technique of clickjacking and is a social engineering attack.  You can get browser plugins to identify hidden widgets on a page.  Here you can see like jacking in action on a page

If you want to play with some like jacking codes, Martin Mcdonald did a post on it a while back, giving you all the code you need.

Have you seen any deceptive CRO techniques lately?  Let me know in the comments.  Thanks.

Interflora Google Penalty – A quick deep dive

[Update: This post was written before team DaveN found the mass of advertorial placements , which is the main cause for the manual penalty. Saying that, I’m sure my findings below will not help their recovery.]


As news broke yesterday of Interflora’s Google penalty, I thought it would be worth a quick dive into their link profile to see where it went wrong.

The penalty


Interflora visibity

The agency working for Interflora have been doing a big link removal campaign since last summer, they must have received a webmaster tools warning.

Interflora backlinks

There was talk of the penalty being related to Interflora sending flowers to bloggers, but I don’t believe this is the case.  Looking a ahrefs’ overview shows a huge amount of sitewide links.

Interflora.co.uk Google Penalty

deep dive inerflora


With sitewide links being a big part of the penguin update, I don’t think they removed these links fast enough. MajesticSEO also shows the use of possible link networks with 311 linking websites on 1 single ip address!!??  That’s some lazy seo.

Interflora Penalty

Bulk checking the Whois on these domains shows similar registration details or privacy protected. Link removal software also shows 60% suspicious linking domains:  (click image to expand)


interflora toxic links

Download the shitty suspicious links here > https://dl.dropbox.com/u/17565553/interflora%20shit%20links.xlsx


Link Building FAIL: 5 Kinds of Unnatural Links You Don’t Want


This is a guest post from Tad Chef  (Onreact), you can check out more of his blogging on SEO 2.0 and over at SEOptimise.

Over the years Google has maintained that inbound links can’t hurt your site yet many webmasters get notified via Google Webmaster Tools of “unnatural links” when they get penalized. What are unnatural links and how can you spot them? Aren’t all links great? How to prevent an epic link building FAIL?

The bad news: Not all links are created equal, some of them are evil. The good news: We know how the evil links look and we can spot them. There are even tools which assist you with this task.

As we all know good natural links grow on trees, so to say.

As on the Web there are no trees, unless in games like Farmville, you have to grow your organic links on websites. Unlike organic food sadly websites do not have clear badges proving that a site has certified organic links. Some sites may boast they have such links but you have to check and find out yourself whether it’s true.

[Read more…]

IP Delivery and Geo Targeting by SebastianX

This is a guest post from the elusive SebastianX , you can read more of his rants on his excellent blog Sebastian’s Pamphlets.

So Gareth James asked me to blather about the role of IP delivery in geo targeting. I answered “That’s a complex topic with gazillions of ‘depends’ lacking the potential of getting handled with a panacea”, and thought he’d just bugger off before I’ve to write a book published on his pathetic UK SEO blog. Unfortunately, it didn’t work according to plan A. This @seo_doctor dude is as persistent as a blowfly attacking a huge horse dump. He dared to reply “lol thats why I asked you!”. OMFG! Usually I throw insults at folks starting a sentence with “lol”, and I don’t communicate with native speakers who niggardly shorten “that’s” to “thats” and don’t capitalize any letter except off “I” for egomaniac purposes.

However, I didn’t annoy the Interwebz with a pamphlet for (perceived) ages, and the topic doesn’t exactly lacks controversial discussion, so read on. By the way, Gareth James is a decent guy. I’m just not fair making fun out of his interesting question for the sake of a somewhat funny opening. (That’s why you’ve read this pamphlet on his SEO blog earlier.)

How to increase your bounce rate and get your site tanked on search engine result pages with IP delivery in geo targeting

A sure fire way to make me use my browser’s back button is any sort of redirect based on my current latitude and longitude. If you try it, you can measure my blood pressure in comparision to an altitude some light-years above mother earth’s ground. You’ve seriously fucked up my surfing experience, therefore you’re blacklisted back to the stone age, and even a few stones farther just to make sure your shitty Internet outlet can’t make it to my browser’s rendering engine any more. Also, I’ll report your crappy attempt to make me sick of you to all major search engines for deceptive cloaking. Don’t screw red crabs. Related protip: Treat your visitors with due respect.

Geo targeted ads are annoying enough. When I’m in a Swiss airport’s transit area reading an article on any US news site about the congress’ latest fuck-up in foreign policy, most probably it’s not your best idea to plaster my cell phone’s limited screen real estate with ads recommending Zurich’s hottest brothel that offers a flat rate as low as 500 ‘fränkli’ (SFR) per night. It makes no sense to make me horny minutes before I enter a plane where I can’t smoke for fucking eight+ hours!

Then if you’re the popular search engine that in its almighty wisdom decides that I’ve to seek a reservation Web form of Boston’s best whorehouse for 10am local time (that’s ETA Logan + 2 hours) via google.ch in french language, you’re totally screwed. In other words, because it’s not Google, I go search for it at Bing. (The “goto Google.com” thingy is not exactly reliable, and a totally obsolete detour when I come by with a google.com cookie.)

The same goes for a popular shopping site that redirects me to its Swiss outlet based on my location, although I want to order a book to be delivered to the United States. I’ll place my order elsewhere.

Got it? It’s perfectly fine with me to ask “Do you want to visit our Swiss site? Click here for its version in French, German, Italian or English language”. Just do not force me to view crap I can’t read and didn’t expect to see when I clicked a link!

Regardless whether you redirect me server sided using a questionable ip2location lookup, or client sided evaluating the location I carelessly opened up to your HTML5 based code, you’re doomed coz I’m pissed. I’ve just increased your bounce rate in lightning speed, and trust me that’s not just yours truly alone who tells click tracking search engines that your site is scum.

How to fuck up your geo targeting with IP delivery, SEO-wise

Of course there’s no bullet proof way to obtain a visitor’s actual location based on the HTTP request’s IP address. Also, if the visitor is a search engine crawler, it requests your stuff from Mountain View, Redmond, or an undisclosed location in China, Russia, or some dubious banana republic. I bet that as a US based Internet marketer offering local services accross all states you can’t serve a meaningful ad targeting Berlin, Paris, Moscow or Canton. Not that Ms Googlebot appreciates cloaked content tailored for folks residing at 1600 Amphitheatre Parkway, by the way.

There’s nothing wrong with delivering a cialis™ or viagra® dealer’s sales pitch to search engine users from a throwaway domain that appeared on a [how to enhance my sexual performance] SERP for undisclosable reasons, but you really shouldn’t do that (or something similar) from your bread and butter site.

When you’ve content in different languages and/or you’re targeting different countries, regions, or whatever, you shall link that content together by language and geographical targets, providing prominent but not obfuscating links to other areas of your site (or local domains) for visitors who –indicated by browser language settings, search terms taken from the query string of the referring page, detected (well, guessed) location, or other available signals– might be interested in these versions. You can and should group those site areas by sitemaps as well as reasonable internal linkage, and use other techniques that distribute link love to each localized version.

Thou shalt not serve more than one version of localized content under one URI! If you can’t resist, you’ll piss off your visitors and you’ll ask for troubles with search engines. This golden rule applies to IP delivery as well as to any other method that redirects users without explicit agreement. Don’t rely on cookies and such to determine the user’s preferred region or language, always provide visible alternatives when you serve localized content based on previously collected user decisions.

But …

Of course there are exceptions to this rule. For example it’s not exactly recommended to provide content featuring freedom of assembly and expression in fascist countries like Iran, Russia or China, and bare boobs as well as Web analytics or Facebook ‘like’ buttons can get you into deep shit in countries like Germany, where last century nazis make the Internat laws. So sometimes, IP delivery is the way to go.


For more IP delivery information I recommend Refugeeks, refugeeks.com is worlds best seo website