SEO Doctor™

Freelance SEO Consultant

  • About Gareth James
  • Freelance Services
    • Link Building Service
    • Online PR for High End Link Building
    • Local SEO Packages
    • Best WordPress Speed Optimization Service
  • Blog
    • How to Buy Turnkey Dropship Websites
  • Contact

September 22, 2016 By Gareth

Blackhat Link Building: Payday Loans, Link Injection and WordPress

Blackhat link building: A case study of pay day loan hacking websites to build backlinks.

Most blackhat link building tactics that you see in forums these days have been around for years and are not blackhat in my opinion. These are greyhat tactics, they are not illegal, just outside of Google guidelines.

Typical stuff you see is:

Comment spam using GSA
Link networks
Private blog networks (PBNs)
Tiered link building
etc etc

Fiverr greyhat link building services for sale

I used to do loads of this type of stuff, but over time prefer building quality for my own sites and for clients. I’ll still play with some new stuff I see on test sites, this should be standard as an SEO even if you are holier than the holiest.

True blackhat link building is based around illegal activities, primarily hacking websites and placing links on the sites.  Link building that you could be arrested for under the computer misuse act 1990, though most of this act relates to stealing data.  But there is a another link building method that skates very closely on the blackhat edge- link injection via scripts.   This type of link building is scaled commercially by the Russian link network SAPE.  The network consists of 90,000+ sites all with the link injection scripts on them, mainly placed on them knowingly by webmasters or administrators that manage the sites. A small percentage of the sites are actually hacked and the link injection script placed on them.

Another way link injection scripts are added to sites is through vulnerable plugins, particularly on the WordPress.org platform.

Link Injection Case Study Example

The recent example I’ve seen was in the payday loan niche. One website was ranking #2 for a long time with seemingly only a handful of links. “How the fuck are they there?” – an SEO’s daily conundrum.  Initially I thought it was from shitload of cross-domain canonical links which are not picked up by any link analysis tools.

The domain in question was paydayloansnow.co.uk. Google has finally caught up with them and they’ve received a monster slap, totally banished from the SERPs.

After some digging, I discovered the site’s SERP position was being propped up by backlinks injected into websites, then cloaked so only Google could see them. The site owners would have been totally oblivious to what was going on.

Example:

Oracle Finance – as seen by users and domain owner

user view of cloaked website

What Google was seeing:

link injection via wordpress plugin

Now the hack has been sorted and the cloaking turned off, Majestic started quickly picking up the lost links.  These were previously hidden from all link analysis tools:

link spike

How was it done?

It looks like the links were inserted into websites from a WordPress plugin (404-301) , highlighted by Wordfence in this article – a plugin with 70K installs.  Wordfence stated that the sites were not technically hacked, as you had to agree to the following to download the plugin:

By clicking the button here below, you agree to the terms and conditions and give permission to place text links on your website when search engine crawlers access it.

I have spoken to the developer, who is mortified, and he pointed me in the direction of his response.  It seems like he was totally unaware of what was actually going on when he teamed up with another developer.

Though the sites were not technically hacked, it’s still beyond grey and verging on the black.  You won’t go to jail for this kind of stuff and the owner probably made some decent cash in the #2 position. The site is part of the Quint Pingtree which pays from £0.50 – £120 per lead. Form submissions are sent to a range of the top payday loan providers who bid on them depending on the quality of the lead.

Update: I’ve had it on good authority that the site should have been making around £10k/day – that’s from someone who has been in the niche for years and made a lot of money.

Though the sites were not technically hacked, there are plenty of other link injection scripts being placed on sites through hacking, mainly through vulnerabilities of the CMS.

WordPress Vulernabilities and Link Spam

Of all the content management systems (CMS) on the market, WordPress is by far the most vulnerable to attacks. Infact, WordPress is a complete joke.

hacking wordpress for links

Source

The rise of hacking has increased dramatically over the last few years, mainly for seo spam.  Though some hacks are done for Ad injection, spread malware, just to deface and even reports of ISIS hacking sites to spread propaganda.

growth of hacking for link building

Sucuri also breaks down how these hacks were carried out and the most used plugins.

dodgy wordpress plugins

Woprdpress Plugins – The weakest link

how are wordpress sites hacked - top 5 are plugins, brute force, core, themes and via your wordpress hosting.

Source

Google’s algo cannot keep up

Though Google sometimes can detect website hacks/changes most often they don’t.

search cosole warning over content injections

You only have to search for ‘buy viagra’ and refine search to last week to see recent hacks.

Link and content injections can be spotted using waybackmachine and Google’s cache of website.

Before
https://web.archive.org/web/20131207081038/http://silvers.ca/silvers.ca/Home.html

After
http://webcache.googleusercontent.com/search?q=cache:p_BSIK_RqVUJ:www.silvers.ca/+&cd=1&hl=en&ct=clnk&gl=uk

Google really needs to do better with this type of link spam – surely it’s not that hard for them to detect website changes through hacking or even link injection scripts.  But as they continue to work, people will keep using these methods. Let’s see what the penguin 4.0 has to offer.

Secure your WordPress site

I’m not going to write about securing your site there are plenty of good posts out there, but here is a good quick checklist >  Wordfence’s checklist

Tools to scan the vulnerability of your website

Securi site check – if you are running a large, profitable site I would recommend investing in their paid options.

Hacker target wordpress scan

Wpscan

WordPress exploit scanner plugin

Further reading

https://www.blackhat.com/docs/us-16/materials/us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study.pdf

https://www.imperva.com/docs/Imperva_HII_Black_Hat_SEO.pdf

http://null-byte.wonderhowto.com/

email
print

Filed Under: Link building

Comments

  1. Gary McKinnon says

    September 22, 2016 at 2:24 pm

    Informative and knowledgably-written 🙂

    You should have set up an aff with Sucuri, i just bought their pro plane for a month to test it.

    • Gareth says

      September 22, 2016 at 4:01 pm

      Cheers Gary – Hope all is good with you. Yer should have done that!!

  2. JB says

    September 23, 2016 at 2:17 pm

    Is there any data that shows hacking of wordpress vs. other platforms as a percentage of total installs… I know wordpress has a lot of hacked sites, but given the volume of sites using wordpress, it seems logical that volume-wise they would have more hacks.

    • Gareth says

      September 23, 2016 at 2:31 pm

      That’s true JB – will have a dig about

  3. Martin Woods says

    September 28, 2016 at 9:19 pm

    I always find it amazing when I hear people say black hat SEO doesn’t work. I heard someone only this week (promoting their SEO training workshop & splogg to the next eager room of fresh-faced greenhorn business owners) telling them, just get any old free WP theme and install any plugins you want…. and get ‘Inbound marketing’. Ignore technical SEO, links etc it’s all about the inbound these days. He should point them to this article..

Copyright SEO Doctor© 2021