Let’s say your site’s security is bulletproof.

Your password is memorable to you, but uncrackable. Moreover, your forum’s moderators are sleepless and relentless: nobody gets away with spamming you, and the only followed links you allow forum posters to contribute is a single followed link on their profile page. Plus, you don’t let people mass-create accounts.

So you’re safe from spammers, right?

Hardly. Sites that fit that profile are being targeted by a clever set of hacks: hackers exploit vulnerabilities on other sites, and “launder” their links by pointing them to individual profiles on larger, trusted sites.

Where They Get Links

In some ways, this is a classic link-spamming operation: hackers target sites using older content management systems with known vulnerabilities; they take control of the site and insert dozens or hundreds of spammy links.

These links are mostly disregarded by search engines, and nearly all discounted at first—but it can take time for the search engines to fully catch on, and in that time, the target site will get a rankings boost.

What differentiates this from traditional link-spamming is the target site: instead of linking directly to the page they want to promote, they link to another page, usually a profile page, on a site that allows user-generated content. This generally happens on large forum sites on which users have a profile page with a followed link. That link goes to the target site.

The upshot of this is that everyone being exploited has a harder time detecting what’s going on: the hacked site sees links to a fairly legitimate site, and the forum page just has one spammy link from an inactive profile — making ithard to notice in the first place.

Why “Laundering” Works

Link laundering takes advantage of the non-spammy link profile of the middle-tier site—the forum with a single link back to the spammer’s site. That page is authoritative on the spammer’s topic of choice (usually porn, pills, or poker).

The site itself has a large enough link profile that a burst of links like this is still a small percentage of the total inbound links, so the pages are fairly trusted.

Basically, link-laundering arbitrages Google’s domain trust and pagerank tools in a way that just barely sneaks by spam detection filters.

However, that’s not to say that it’s foolproof. In most cases, it’s hard to detect any ranking effect from link-laundering schemes caught in the wild, since they tend to be old, on average. This could mean it’s a short-term strategy.

It could also be a strategy that is easier for Google to detect than spammers realize—which means it’s still a threat to webmasters, until spammers know for sure that it doesn’t work.

Takeaways For Webmasters

  1. Keep WordPress, PhpBB, and other common platforms updated.
  2. Nofollow un-trusted links.
  3. Check for suspicious links—inbound or outbound, they can hurt your site’s reputation.

A good SEO campaign focuses mostly on creating and curating valuable content, and promoting it effectively. But webmasters who aren’t on the alert for tactics like this can find that their efforts or wasted—or worse, used by unscrupulous hackers promoting harmful products.

Ultimately, this is a problem caused by link-based search algorithms, so it’s up to the search engines to squash it. But in the meantime, link-laundering the hurts the user experience on hacked sites and on intermediary sites.

Until search engines crack down and spammers give up, it’s up to webmasters to defend their sites and spot similar exploits.

Image used under Creative Commons, via Flickr.

Opinions expressed in the article are those of the guest author and not necessarily Search Engine Land.

Related Topics: All Things SEO Column | Channel: SEO

Sponsored


About The Author: is Co-Founder and CEO of Digital Due Diligence, a research firm that helps investors and acquirers understand the business models of SEO-, PPC-, and social media-dependent companies.

Connect with the author via: Email | Twitter



SearchCap:

Get all the top search stories emailed daily!  

Share

Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • http://www.michael-martinez.com/ Michael Martinez

    Forum operators should either embed “rel=’nofollow’” on profile and signature links or make those sections of their sites unavailable to the crawlers. It doesn’t stop link spammers but it diminishes the negative impact they may have on a site’s performance.

    Websites that can use TCP Wrappers to block unauthorized access to services SHOULD use them.

  • http://www.nathanielbailey.co.uk Nathaniel Bailey

    You could do quite a bit try and combat this sort of spam happening to your members site, stopping bots from crawling those pages aint the only way to help combat it! Have a read of a post I have done on the subject at http://www.nathanielbailey.co.uk/2011/seo/a-word-of-warning-to-all-sites-with-membersprofiles/

  • http://blogpestcontrol.com Thomas Ballantyne

    All I can say is bravo. Whomever came up with “Link Laundering”… Bravo.

  • JohnCrenshaw

    “These links are mostly disregarded by search engines, and nearly all discounted at first”
    Not sure what you mean by this. The search engines are not capable to detecting these links unless the hacker makes them totally obvious. There are a thousand ways a hacker could make certain the link counts.

 

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest

 
 

Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States

Europe

Australia & China

Learn more about: SMX | MarTech


Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!

 


 

Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide