SEO Sabotage – Can you trust your SEO Provider ?

I picked up a new project recently and was shocked and appalled to become embroiled in an ‘SEO Sabotage’ conducted by the previous SEO service provider – clearly an organisation with no professional ethics.

The client’s site was blocked from Google and instantly plummeted out of ranking. Site Users were deleted and worse a hacked file was installed into the site. With Simon Perrin’s valuable assistance we discovered code buried in the site that enabled the SEO service provider to remotely control the site’s Google performance as they pleased.

In the beginning

It all started shortly after commencing a new SEO project when my WordPress user ID suddenly disappeared. I restored access using the client’s hosting details to access the MySQL database.  Then a horror story of blatant sabotage started to unfold.

Site compromised but what did they do?

Simple History – an activity logger plugin I had fortunately installed captured a activity log reflecting a frightening story of professional deceit. Someone located in Melbourne accessed the site; deleted all other users then installed WP-FileManager then 24 minutes later deactivated it.

My concern about what happened in that 24 minutes was vindicated when I found the site spirally out of ranking.

The original robots.txt had been overwritten with one configured to ‘block all’ crawlers – ie remove the site from Google. On further investigation I found two robots noindex metatags buried in the site’s code which did the same thing. Someone was serious about killing this site!

Remote control on the Site’s SEO performance

One blocking meta tag was removed from the site’s header template but I had to resort to expert WordPress help from Simon over at Duografiks to locate the second meta tag – This was very concerning as the meta tag was controlled remotely from a non-public area in the SEO service providers website; i.e. the SEO Service Provider could turn the site’s Google performance on and off remotely as they wished – I wonder how many other client sites they remote control like this ?

I’m still trying to come to terms with the ethics of a business that would do this. A debt management strategy perhaps? My new client claims he didn’t owe money.

What should you do to avoid this ?

Nobody wants the get tangled up in these situations, but clearly they do happen so what should you do to manage risk in these situations ?


Keep up-to-date off-line backups of your website – my personal favourite is BackWpUp a free backup plugin for WordPress. It allows backups to be automatically pushed out to DropBox which will in turn copy the backups onto your local PC. Importantly BackWPUp copies WordPress files as well as the database.

Audit Trails

Simple History helped me identify what this person did, including time and date, activity and even IP and network details – somewhat naively the hacker used a fixed Telstra IP address in Melbourne – easily identifiable to authorities should my client decide to escalate the matter. Keeping track on what people are doing in your site is important.

Find a Reputable SEO Agency

Its abundantly clear this hack originated from the previous SEO Service Provider – there’s multiple layers of evidence including a direct tie to their website, but maybe this action was a disenchanted staff member and hopefully not company policy…

You’d hope its not a strategy they use to snare or blackmail clients – go else where and your ranking will fall – the embedded code to remote control Google ranking concerns me greatly….

Where’s the SEO Industry going?

Either way it’s a disappointing comment on my SEO industry. Client experiences reported to me suggest the SEO/SEM industry is increasingly plagued by dubious operators – local and off-shore.

Now we see evidence of blatantly unprofessional activity from an Australian multi-state SEO company. I’m very disappointed!

Beware of a ‘Negative SEO’ Scam

Please be aware that there are ‘Negative SEO’ extortion emails currently circulating. These may represent a real risk to your business.
What is Negative SEO ?
Google has been penalising websites it believes don’t comply with its ‘WebMaster Quality Guidelines‘  Unfortunately it is possible make an ‘innocent’ website appear to be non-compliant, and after Google applies a penalty, that site’s exposure can be dramatically reduced, along with the businesses online commercial opportunities.
Google have historically dismissed the existence of Negative SEO, and even their current position remains ambivalent. There is growing speculation among the SEO Community that Google’s penalty strategy is to covertly drive businesses to use its primary income stream – AdWords – rather than rely on ‘uncertain’ organic search.
Are you already penalised ?
I’m surprised by the number of websites that are already unknowingly being impacted by Google penalties. Many don’t realise that there is increasing aspects of traditional website ‘craft’ that may put your website and business at risk for example:
  • Innocent acknowledgements of your business (eg sponsorship on a local sporting club site)
  • Submitting your business to ‘low quality’ directory sites
  • Footer Links from other sites
  • Website defects
  • Poor mobile device support
  • Commonly re-used content eg supplier provided product information
  • Slow or unreliable web hosting
  • and many more…
What can you do ?
If you receive a Negative SEO extortion email you could:

– Ignore it… (high risk)
– Take Google’s suggestion “report it to law enforcement” (good luck with that 😉
– If the senders email is a GMail email account report it  
– Report it to your Internet Marketer

My advice is ‘Be Prepared’ 
Sadly Google doesn’t normally declare if it has penalised your site, so removing one starts with trying to determine which penalty maybe the problem. Monitoring your site’s performance over time enables traffic drops to be accurately matched to Google updates, giving your Internet Marketer a head start on identifying which penalty has been applied and maybe how to solve it.
Am I already penalised ?
If you believe your website under-performs contact me and I can provide a quick ‘penalty risk’ evaluation
If that raises any red flags then I can research and provide a detailed report including a penalty removal strategy
Here’s a sample of a Negative SEO Extortion Email

The email reads:

Subject: I Want To Buy. Please Guide Me.
Read this email very carefully.
This is an extortion email.
We will do NEGATIVE SEO to your website by giving it 20,000 XRumer forum profile backlinks (permanent & mostly dofollow) pointing directly to your website and hence your website will get penalised & knocked off the Google’s Search Engine Result Pages (SERP) forever, if you do not pay us $1,500.00 (payable by Western Union).
This is no false claim or a hoax, download the following Notepad file containing 20,000 XRumer forum profile backlinks pointing to (this is our website and go and see on this website, you will find our email address [email protected] from which this email right now is being sent to you) :
Just reply to this email to let us know if you will pay just $1,500.00 or not for us to refrain or not from ruining your precious website & business permanently. Also if you ignore this email and do not reply to this email within the next 24-48 hours, then we will go ahead and build 20,000 XRumer forum profile backlinks pointing directly to your website.
We are awaiting your wise decision.

April 2017 Update

The guys at have a great post on anti-SEO prevention strategies that is well worth a read

Will ACCC stop false online reviews?

Several clients have expressed concern about the damage of negative reviews that they believe were ‘planted’ by unscrupulous competitors (even a bitter Ex in one case)  There just didn’t seem to be a way to persuade the ‘review platform’ to have these removed, but that is now being addressed by the Australia Competition and Consumer Commission (ACCC).

ACCC’s new section on Advertising and Promoting your Business places a level of accountability on the reviewing business and also the ‘review platform’ as outlined in this extract:

  • If your business or the ‘review platform’ are aware a review is fake then they are breaching the Competition and Consumer Act 2010.
  • Reviews may mislead consumers if they are presented as impartial, but were written by:
    • the reviewed business
    • a competitor
    • someone paid to write the review who has not used the product
    • someone who has used the product but written an inflated review to receive a financial or non-financial benefit.
  • The ACCC considers conduct such as the following to be misleading. You should not:
    • encourage family and friends to write reviews about your business without disclosing their personal connection with your business in that review
    • write reviews when you have not experienced the good or service reviewed or which do not reflect a genuinely held opinion
    • solicit others to write reviews about your business or a competitor’s business if they have not experienced the good or service.

Further, this article at provides more specific details and recent background and is well worth a read. Many thanks to Nick Morris for bring this subject to my attention.

ACCC also provides these related references:


Domain ‘renewal rescue’ service | A service or a rip off?

An expired domain? Arggh!

From time to time I’m asked to assist with restoring a website where the domain has expired.
These are typically very stressful situations for the business. The domain expiry will not only stop the website from working, but more importantly stops the business emails from working – an absolutely critical business communications medium.

Given modern business communication is largely underpinned by emails this means the business can’t receive or respond to client enquiries – often they can’t even send an email to say sorry our emails are down…

Domain ‘Ownership’

Usually in these situations the domain ‘owner’ forgot to renew their domain, often not realising that the domain registration and webhosting are two different services often from different suppliers each with their own fees.

Its also worth noting that you don’t own the domain you licence it through AUDA appointed domain registrars so if you don’t renew your licence, any other eligible person can potentially seize your domain.

Domain Rescue Service

I’ve recently become aware of Domain Rescue a WA based business that ‘drop catches’ expired domains and then contacts the ‘previous licencee’ (Registrant in domain-speak) offering to restore the domain for them.

This is a great service and would help prevent accidentally expired domains from falling into the wrong hands and I commend Domain Rescue for setting this up.

My only issue is their renewal fee of $129, when the going price number for a domain registration/renewal is around $60 and even down to $38 for 2 years for some domain registrars.  Still, it’s better than being confronted by a domain stalker demanding $1,000’s to get your domain back and/or the ensuing legal battle costs.

How much does a domain cost?

If you think you are paying too much for your domain .AU Australian Domain Registration Ltd (AUDA) lists approved domain registrars as a great place to start pricing & service comparisons. Don’t forget to factor-in any transfer costs your current registrar may levee too! caveat emptor (buyer be ware)

Be aware also that dot com domains are not managed by AUDA and there’s much less rigour behind domain ownership and renewal so even more caution is required if you are using a dot com domain for your busines website.

Expired domains and Google SEO

Google quickly removes expired domains from its search results and consequently sales leads cease and in this case it took 21 days to restore the previously dominant ranking position. That’s 21 days with their ‘virtual showroom’ closed!
Just imagine what it costs the business in lost sales leads…

Risk management for domain renewals

Having ‘control’ over your business domains is a no-brainer. You wouldn’t risk loosing other elements in your branding so don’t take risks with your domain.
Ensure that the domain contact email for renewals goes to a valid email address checked by someone in the business who is acutely aware of the importance of this notice if they receive it. This notice is usually (but not always) viewable through a ‘whois’ – an internet enquiry to check the details of your domain.

Try this whois to see who the contacts are for your domain:

If present, the renewals will be sent to the billing contact.