Let’s say your site’s security is bulletproof.
Your password is memorable to you, but uncrackable. Moreover, your forum’s moderators are sleepless and relentless: nobody gets away with spamming you, and the only followed links you allow forum posters to contribute is a single followed link on their profile page. Plus, you don’t let people mass-create accounts.
So you’re safe from spammers, right?
Hardly. Sites that fit that profile are being targeted by a clever set of hacks: hackers exploit vulnerabilities on other sites, and “launder” their links by pointing them to individual profiles on larger, trusted sites.
Where They Get Links
In some ways, this is a classic link-spamming operation: hackers target sites using older content management systems with known vulnerabilities; they take control of the site and insert dozens or hundreds of spammy links.
These links are mostly disregarded by search engines, and nearly all discounted at first—but it can take time for the search engines to fully catch on, and in that time, the target site will get a rankings boost.
What differentiates this from traditional link-spamming is the target site: instead of linking directly to the page they want to promote, they link to another page, usually a profile page, on a site that allows user-generated content. This generally happens on large forum sites on which users have a profile page with a followed link. That link goes to the target site.
The upshot of this is that everyone being exploited has a harder time detecting what’s going on: the hacked site sees links to a fairly legitimate site, and the forum page just has one spammy link from an inactive profile — making ithard to notice in the first place.
Why “Laundering” Works
Link laundering takes advantage of the non-spammy link profile of the middle-tier site—the forum with a single link back to the spammer’s site. That page is authoritative on the spammer’s topic of choice (usually porn, pills, or poker).
The site itself has a large enough link profile that a burst of links like this is still a small percentage of the total inbound links, so the pages are fairly trusted.
Basically, link-laundering arbitrages Google’s domain trust and pagerank tools in a way that just barely sneaks by spam detection filters.
However, that’s not to say that it’s foolproof. In most cases, it’s hard to detect any ranking effect from link-laundering schemes caught in the wild, since they tend to be old, on average. This could mean it’s a short-term strategy.
It could also be a strategy that is easier for Google to detect than spammers realize—which means it’s still a threat to webmasters, until spammers know for sure that it doesn’t work.
Takeaways For Webmasters
- Keep WordPress, PhpBB, and other common platforms updated.
- Nofollow un-trusted links.
- Check for suspicious links—inbound or outbound, they can hurt your site’s reputation.
A good SEO campaign focuses mostly on creating and curating valuable content, and promoting it effectively. But webmasters who aren’t on the alert for tactics like this can find that their efforts or wasted—or worse, used by unscrupulous hackers promoting harmful products.
Ultimately, this is a problem caused by link-based search algorithms, so it’s up to the search engines to squash it. But in the meantime, link-laundering the hurts the user experience on hacked sites and on intermediary sites.
Until search engines crack down and spammers give up, it’s up to webmasters to defend their sites and spot similar exploits.
Image used under Creative Commons, via Flickr.
Opinions expressed in the article are those of the guest author and not necessarily Search Engine Land.