Hackers use various tactics to get an artificially better result for a website than the competition. Their website could be one from their portfolio or they could have been hired and are working on behalf of a client’s website.
The main difference with their SEO tactics is that they’re willing to use approaches that are ‘black hat’ and sometimes may even border on illegality. If not, at least highly unethical.
Obviously, everyone should avoid doing anything in this vein. However, it’s still useful to understand the SEO tactics being deployed in the wild by people with fewer scruples than us.
Here are some of the ways that hackers are using SEO tactics to get better results for their websites.
Going Beyond Niche Edits
Niche edits are where there is an existing article that the webmaster is willing to allow an additional backlink to be added to it. Sometimes, an extra paragraph is added to allow the link to make more sense within the context of the article topic, but other times, the link is just slotted in when the article is already about a related topic.
These types of links are powerful because it’s likely that the article is already ranking in Google and organic traffic is being received to the article. This validates any paid link added to it post-publication, even if the link isn’t added until 6-12 months after initial publication.
What hackers are sometimes able to do is attack a WordPress site to either attempt a brute force password attack on the login page or to exploit a known vulnerability in a WordPress theme or plug-in that’s not been updated to the latest version. Having accessed the site, they can edit an existing post to add their link surreptitiously without needing to pay for it. In many cases, the site owner is unaware that their site has been penetrated or that a post has been edited in this manner.
Some hackers wish to rank a PDF file to spread the information or to get more people to view it and click on one or more links contained therein. This can drive eventually traffic through the links inside the PDF file. Those websites may have a current malware infection that would have been highlighted if the URL had been searched in Google.
The PDF files are uploaded to numerous websites that accept distributed Adobe PDF files. Mass uploading is speeded up using automated software tools to do so. Also, some websites have a poorly secured input/upload feature that enables automated uploading regardless of the permissions set at webmaster level.
Replicating Websites in Part or Full
Rather than go to the trouble of competing on a level playing field, sometimes hackers decide to replicate a website. They may do this either in part or in full.
Copying Every Article Title and Topical Reference
Keeping their existing site, they look for websites that are ranking well. Often, they concern themselves with newer websites with little Domain Authority (a Moz.com metric) that are ranking without backlinks for search terms. Under the belief, “If they can do that, I can do it too,” they proceed to rip off all the titles for every article (or the ranking ones, at a minimum).
The idea here is to get professional content published but to reduce the ranking error. Rather than perform their own keyword research, they steal what’s already been researched, tested, and ranked for by their competition.
Scraping the Entire Website for Replication
With hackers who are willing to go over the line directly into copyright theft, they’ll scrape the entire website to replicate it on another domain. In this instance, they’ll make multiple visits to avoid looking too obvious while the crawling and scraping tools identify the site structure and proceed to copy all of it.
Many times, site owners are unsuspecting until the secondary site shows up in the Google SERPs for the same topic. Even then, they may not notice that the opening paragraph is identical to their article – especially if it was outsourced content originally written by someone else – so they don’t recognize their own words.
Registering a Domain That’s Almost Identical
Rather than using a different domain for the site replication, hackers may register a domain that includes an intentionally unusual typo, the plural version of the domain name, or another variation that’s easily confused with the original site. Even those who are familiar with the other site may still get fooled if the site design mimics the original.
While this is usually a short-lived phishing-type strategy, the idea is to rank for content and generate traffic for as long as possible before being found out and deindexed. Duplicate sites are often discovered because they fail to change inline links back to the original site (from when the site was scraped). This mistake results in the owner seeing unexpected referral traffic from a remarkably similar domain to their own. And then they go to investigate that source…
Automated Queries Fed to Google
Google responds to interest from searchers. When a certain search term is looked up and a website is clicked on, they take notice. It can affect the future ranking of that article too. They also use Google Analytics to better understand how long a visitor stayed on that site, how many pages they visited while there, etc.
By using robots, hackers send automated traffic to Google to create additional searches and artificial clicks to their website. They attempt to make the traffic look more natural by including delayed mouse movements and clicks, so it doesn’t look like bot traffic. They also have tools to get around Captcha verification tools intent on screening out bot visits too.
Sneaky 301 Redirects
A 301 redirect is a way to redirect traffic from one page or post (or one site) to another. It is a legitimate way to inform search engines and servers when a page or site has moved. However, it is being used improperly by hackers for nefarious purposes.
A redirect can be used on a site that’s been hacked and is now being controlled by the hacker. They can choose to set up a redirect to move all traffic to their target domain. This can be done to siphon off human type-in traffic and/or Google organic search traffic, which both have a value. They may be paid by a third-party to create traffic to a site to inflate its traffic data ahead of a site sale (traffic that dies shortly after the site is sold). Or it may be to either boost the traffic to a competitor or to put the hacked site out of business altogether.
Hackers use a complex variety of tactics to gain an SEO benefit for themselves or a client. For them, it can be about adding links to a site without the owner knowing, a sneaky redirect, or an automated upload. Combined, it is often effective in giving their sites an SEO boost that they otherwise would not have received, even if it’s a short-lived one.