Skip to main content

“SEO Poisoning”, “Black hat SEO”, “Dirty SEO” – Malicious SEO hacking is known by many names, it doesn’t matter what it’s call, the result is always the same: your site visitors are greeted with a warning from Google that your site may be hacked. Many website owners don’t even realize their site has been affected until it has been blacklisted or their hosting account is suspended. SEO hacking can lead be reputation destroying and that’s what makes it so important to safeguard against.

Malicious SEO aka Blackhat SEO example

The second result shows what the malicious code does to your search results

The goal of this type of malware is to enable the hacker to use your site’s top search results and best pages and relink them to spam sites. At the root of the hack, hijacking many, many authentic links, they’re gaming the system to boost their own rankings.  Your links are usually redirected to high-profit scams like online casinos, viagra sales, or pornography.  Your search results are replaced with whatever the hacker chooses.

Identify and find a Malicious SEO Hack

In most cases, you’ll find out about this hack when a customer or your web host contacts you. This is because the malware only displays itself in search results. You might as well assume the actual hack happened quite a while ago. It has been in place long enough for code to be injected and then indexed by search engines. Depending on the type of malware, it may have changed the displayed titles of your site, pages, descriptions or links.

Here’s the fun part, tracking down the malware, it is designed to only be visible under certain circumstances. For example, only viewable to a Search Engine bot that is indexing your site, and then when a visitor searches for your site. You can expect the hack to be hidden in either legitimate or disguised files, you can also assume the hacker created a backdoor or two for easy reentry into your site. Here are three ways you can identify if your site has been compromised:

  1. Use Fetch as Google tool in Google Search Console.
  2. Try Sucuri’s free Sitecheck Scanner.
  3. Unmask Parasites scanner a great free tool.

Clean the malware from your site

Since Blackhat SEO spam is almost invisible to website owners, how can you clean it up?

  • The original hack most likely compromised or added PHP and Javascript files. Go through your site and clean out the infected code.
  • Examine your database for code hidden in tables and suspicious user accounts
  • Both active and unused site installs and code can be compromised so you should never use your server to store old code. This is especially true with WordPress versions, themes, and plugins. Fix your WordPress security Part 1: sections 2 and 3.

A successful cleanup may not immediately remove spam from your search listing, it is dependent on the type of hack, indexing, and caching. Google has published steps you will need to take to have them remove the hack warning. You’ll need to contact other blacklist authorities, each has their own procedures, and your site could be on multiple blacklists. Having Google re-crawl your cleaned site and removing any spam URLs that have created 404 errors will help speed up the process of removing the spam search results.

How to prevent Blackhat SEO hacks

  1. Poor passwords! Always use strong, unique passwords. Take our advice on password strength.
  2. Running WordPress?
    1. Hacked WordPress Administrators. Limit the Admin users in your site to the few that actually need those privileges. Author or Editor roles are more than adequate for day-to-day upkeep and are much safer.
    2. Software. Security holes in themes, plugins or even WordPress core files are easy targets for exploits. A quick, automated scan of your site will tell a hacker what software you’re using and they can swiftly move in. Know what software your site is running, use tools like WP Scan Vulnerability Database to keep up on vulnerabilities, and manage your updates on a regular basis. Monitor activities with a tool like iThemes Security.

Use proactive monitoring techniques to identify issues. Create an account on, and understand how to use Google Search Console. They’ve built tools that can help ID potential reputation and security problems. Monitor your site on a blacklist watch list and immediately investigate if your IP or domain show up.

Most importantly, don’t ignore this problem. Invest in the resources to monitoring, prevention, and reaction. The loss in terms of customers and dollars can easily exceed your wildest estimates.

Part 1: What is Black Hat SEO?
Part 2: Are my competitors using Negative SEO techniques against me?

Or simply hire My Brother Darryl

Simply put, many businesses find that the most effective way to protect their online reputation is to outsource their security and maintenance to us. Let’s have a chat and see if My Brother Darryl is a good fit for you!

Leave a Reply