It was not a pretty sight. I watched the look on his face as he was shown a page from his domain that should not have been there. Precisely how it got there, no one knows, but it was clearly placed on his site by search spammers, out to get an advantage for some of their Web sites. It was a lovely little page about prescription drugs chock full of links to other places. How could that page have gotten there? And what was it there for? Welcome to the seedy little world of black hat SEO. If you don't know if your site is vulnerable, you need to find out, so that you can make sure your own site is properly protected.

A stereotypical caricature of a villain.

Image via Wikipedia

So let's first examine why anyone would put such a page on a website. That one is simple. The links from that site were highly valuable to spammers. In this case, not only was it a well-known site, but it was a .org site, whose links are even more valuable than .com sites, because they are more likely to be genuine expressions of quality. Except in this case.

How is it that the site owner didn't know the page was there? That one's easy, too. The spammer did not link to the page from anywhere on the real site, so the only way you'd discover it would be if you knew the URL. Or you were checking the server for stray pages.

How can you protect yourself? That question is a bit tougher, but your Webmaster needs to answer it:

  • Protect your userIDs. Carelessly leaving default passwords on well-known IDs (such as root) or using easy-to-crack passwords leaves you wide open for a drive-by spammer. Did you know that software programs can try millions of passwords over time to find the one for your site? Don't make it easy for them.
  • Keep up with security patches. Your Webmaster ought to be keeping up with exploit notifications for any software installed on your web server. Always applying the latest security updates makes it much harder for spammers to sneak in through an unguarded spot.
  • Monitor suspicious traffic. Your server logs all traffic to your site and you can install programs that search the logs for failed access attempts and other odd patterns. Some people block suspicious IP addresses but I think that the real villains just troop off to a new IP address from their bank. The real reason to monitor traffic is so you'll see that cracker program trying a million passwords and it causes you to be especially vigilant because you know you are under attack.
  • Monitor stray pages. You were waiting for this one, right? If you know what pages should be on your site, you can check the server for any that don't belong. Often, greedy spammers put them right in the top-level www directory because the closer to the home page on the site, the more that the link might be worth.

Understand, I used to manage the Webmasters at, but I am not a real Webmaster. Real ones know that this was the Bert and Ernie explanation of web security. If you are using a shared hosting plan, then your web hosting company probably does this stuff for you, but if you are using dedicated or partial server or cloud server hosting, you might be expected to do it yourself. If you host your own servers, you definitely need someone to protect your site.

But don't overlook one last possibility of how that spammy page got on that poor .org site: the inside job. It's possible that their SEO company did it, but even more likely that their employee did it, perhaps even their Webmaster. Anyone could try to boost up another site, either for personal gain or in exchange for some cash from the spammer.

If you haven't been policing your servers, don't be surprised if someone is squatting on a few pages that you don't even know are there.

Enhanced by Zemanta

March 16, 2011

Mike is an expert in search marketing, search technology, social media, publishing, text analytics, and web metrics, who regularly makes speaking appearances.

Mike's previous appearances include Text Analytics World, Rutgers Business School, SEMRush webinar, ClickZ Live.

Mike also founded and writes for Biznology, is the co-author of Outside-In Marketing (with James Mathewson) and the best-selling Search Engine Marketing, Inc. (now in its 3rd edition, and sole author of Do It Wrong Quickly, named by the Miami Herald as one of the 11 best business books of 2007.


That is a really good piece of warning and I am glad you shared the experience with all of us as that will make us feel more secure and carry out security patches daily .

This is really good advice. It's always good to be up to date on all of the black hat techniques. I'm not going to lie, it's a pretty clever technique but taking the basic precautions as you mentioned should help out a lot in identifying these problems.


This is a nice piece of information to know and I will have to add some of these precautions to my websites. Pretty clever tricks some of these people use.

By the way Mike, I found this page as I was going through your other website ...I've posted a comment on that page to encourage your readers to read this article.

Thanks for the info!


See this happen all too often. Mike I love using some of the different live analytics programs out there like woop**.(Sorry don't want to advertise) I love the ability to see who is looking at myself and logging and saving IPs that visit my sites numerous times. Sometimes you can even watch your competitors hop on the site and check out your goods. It is always good to be one step ahead.

Comments closed after 30 days to combat spam.

Search Engine Guide > Mike Moran > Are you policing your domain from spammers?