SEO Sabotage – Can you trust your SEO Provider ?

I picked up a new project recently and was shocked and appalled to become embroiled in an ‘SEO Sabotage’ conducted by the previous SEO service provider – clearly an organisation with no professional ethics.

The client’s site was blocked from Google and instantly plummeted out of ranking. Site Users were deleted and worse a hacked file was installed into the site. With Simon Perrin’s valuable assistance we discovered code buried in the site that enabled the SEO service provider to remotely control the site’s Google performance as they pleased.

In the beginning

It all started shortly after commencing a new SEO project when my WordPress user ID suddenly disappeared. I restored access using the client’s hosting details to access the MySQL database.  Then a horror story of blatant sabotage started to unfold.

Site compromised but what did they do?

Simple History – an activity logger plugin I had fortunately installed captured a activity log reflecting a frightening story of professional deceit. Someone located in Melbourne accessed the site; deleted all other users then installed WP-FileManager then 24 minutes later deactivated it.

My concern about what happened in that 24 minutes was vindicated when I found the site spirally out of ranking.

The original robots.txt had been overwritten with one configured to ‘block all’ crawlers – ie remove the site from Google. On further investigation I found two robots noindex metatags buried in the site’s code which did the same thing. Someone was serious about killing this site!

Remote control on the Site’s SEO performance

One blocking meta tag was removed from the site’s header template but I had to resort to expert WordPress help from Simon over at Duografiks to locate the second meta tag – This was very concerning as the meta tag was controlled remotely from a non-public area in the SEO service providers website; i.e. the SEO Service Provider could turn the site’s Google performance on and off remotely as they wished – I wonder how many other client sites they remote control like this ?

I’m still trying to come to terms with the ethics of a business that would do this. A debt management strategy perhaps? My new client claims he didn’t owe money.

What should you do to avoid this ?

Nobody wants the get tangled up in these situations, but clearly they do happen so what should you do to manage risk in these situations ?

Backups

Keep up-to-date off-line backups of your website – my personal favourite is BackWpUp a free backup plugin for WordPress. It allows backups to be automatically pushed out to DropBox which will in turn copy the backups onto your local PC. Importantly BackWPUp copies WordPress files as well as the database.

Audit Trails

Simple History helped me identify what this person did, including time and date, activity and even IP and network details – somewhat naively the hacker used a fixed Telstra IP address in Melbourne – easily identifiable to authorities should my client decide to escalate the matter. Keeping track on what people are doing in your site is important.

Find a Reputable SEO Agency

Its abundantly clear this hack originated from the previous SEO Service Provider – there’s multiple layers of evidence including a direct tie to their website, but maybe this action was a disenchanted staff member and hopefully not company policy…

You’d hope its not a strategy they use to snare or blackmail clients – go else where and your ranking will fall – the embedded code to remote control Google ranking concerns me greatly….

Where’s the SEO Industry going?

Either way it’s a disappointing comment on my SEO industry. Client experiences reported to me suggest the SEO/SEM industry is increasingly plagued by dubious operators – local and off-shore.

Now we see evidence of blatantly unprofessional activity from an Australian multi-state SEO company. I’m very disappointed!

Beware of a ‘Negative SEO’ Scam

Please be aware that there are ‘Negative SEO’ extortion emails currently circulating. These may represent a real risk to your business.
What is Negative SEO ?
Google has been penalising websites it believes don’t comply with its ‘WebMaster Quality Guidelines‘  Unfortunately it is possible make an ‘innocent’ website appear to be non-compliant, and after Google applies a penalty, that site’s exposure can be dramatically reduced, along with the businesses online commercial opportunities.
Google have historically dismissed the existence of Negative SEO, and even their current position remains ambivalent. There is growing speculation among the SEO Community that Google’s penalty strategy is to covertly drive businesses to use its primary income stream – AdWords – rather than rely on ‘uncertain’ organic search.
Are you already penalised ?
I’m surprised by the number of websites that are already unknowingly being impacted by Google penalties. Many don’t realise that there is increasing aspects of traditional website ‘craft’ that may put your website and business at risk for example:
  • Innocent acknowledgements of your business (eg sponsorship on a local sporting club site)
  • Submitting your business to ‘low quality’ directory sites
  • Footer Links from other sites
  • Website defects
  • Poor mobile device support
  • Commonly re-used content eg supplier provided product information
  • Slow or unreliable web hosting
  • and many more…
What can you do ?
If you receive a Negative SEO extortion email you could:

– Ignore it… (high risk)
– Take Google’s suggestion “report it to law enforcement” (good luck with that 😉
– If the senders email is a GMail email account report it  
– Report it to your Internet Marketer

My advice is ‘Be Prepared’ 
Sadly Google doesn’t normally declare if it has penalised your site, so removing one starts with trying to determine which penalty maybe the problem. Monitoring your site’s performance over time enables traffic drops to be accurately matched to Google updates, giving your Internet Marketer a head start on identifying which penalty has been applied and maybe how to solve it.
Am I already penalised ?
If you believe your website under-performs contact me and I can provide a quick ‘penalty risk’ evaluation
If that raises any red flags then I can research and provide a detailed report including a penalty removal strategy
Here’s a sample of a Negative SEO Extortion Email

The email reads:

Subject: I Want To Buy. Please Guide Me.
Hello,
Read this email very carefully.
This is an extortion email.
We will do NEGATIVE SEO to your website by giving it 20,000 XRumer forum profile backlinks (permanent & mostly dofollow) pointing directly to your website and hence your website will get penalised & knocked off the Google’s Search Engine Result Pages (SERP) forever, if you do not pay us $1,500.00 (payable by Western Union).
This is no false claim or a hoax, download the following Notepad file containing 20,000 XRumer forum profile backlinks pointing to http://www.negativeseo.cn.pn/ (this is our website and go and see on this website, you will find our email address issmt1@yahoo.com from which this email right now is being sent to you) :
http://www.mediafire.com/download/eizjwnpq2rsrncu/20000-XRumer-Forum-Profile-Backlinks-Dofollow.txt
Just reply to this email to let us know if you will pay just $1,500.00 or not for us to refrain or not from ruining your precious website & business permanently. Also if you ignore this email and do not reply to this email within the next 24-48 hours, then we will go ahead and build 20,000 XRumer forum profile backlinks pointing directly to your website.
We are awaiting your wise decision.
RS

April 2017 Update

The guys at www.siteoscope.com have a great post on anti-SEO prevention strategies that is well worth a read