This is a guest contribution from Dennis Rundle.
Black Hat SEO practices have been going on for years without any signs of slowing down.
Regardless of the efforts Google makes with the purpose to stop black hatters from attacking vulnerable websites, these tactics haven’t become obsolete. Black Hat SEO practices are usually performed with the purpose to trick search engines. Some of these strategies include doorway pages, keyword stuffing, and invisible text.
Doorway Pages as a Threat to Your Website
Doorway, also known as a bridge page, entry page or jump page, is a page that black hatters design for the purpose of gaining top positions in Google’s search results. This page seems relevant to the search engine because it contains the right keywords. It usually includes hidden text, which is stuffed with keywords and phrases that would rank it in the search results.
Who would be interested to attack your website with a doorway strategy? That would only rank you higher, right?
Wrong!
First of all, let’s clarify one thing: doorway pages are a black hat SEO strategy that won’t help your site on the long run.
When a hacker compromises your website, he will incorporate hidden spammy links that will redirect visitors from the search engine (which is listing this page) to illegal or malicious sites that steal credit card numbers, sell pirated software, offer fake luxury goods, prescription drugs, beauty products and slimming pills, or promote adult/gambling content. As an example, here is the comparison of the regular website of Hope is Life against the page that appears when you follow the link from Google search results:
The techniques that hackers usually use for such purpose include creation of rogue files and directories, modification of existing files, or adding URL rewrite rules to server configuration files. If the webmaster isn’t diligent enough, these changes may remain active for a very long time. Since the hacker can place the rogue content outside of the host site’s file system, you won’t notice anything suspicious when checking the integrity of your website’s files.
Here is an example of a Google search that contains a link to a redirecting doorway page:
As you can see, some of these results are hosted illegally on servers that have nothing to do with the keyword in question. The most common keywords that hackers include in such cases include target words such as price, buy, discount, prescription drugs, porn, casino, payday loan, bargain, cheap, free, review, cheap luxury, along with a branded keyword, such as zanax, cialis, viagra, Chanel, etc.
If you conduct a Google search for buy cialis or buy viagra, for example, you will see many doorways on hacked sites that won’t lead to their actual pages.
How to Check if Your Website Has Been Hacked
Cyber criminals have compromised a huge number of websites with the purpose to put their doorways to top search results on Google. In most cases, the hacked websites link to several doorway pages, so the black hatters increase the chances that the search engine will choose at least one of them to display on the first page of the results. This strategy is also useful if Google or the webmaster removes some of these doorways.
This situation puts your website under risk, since it can be a subject to a Google penalty, leading to loss of traffic and a lot of work to fix the damage. Since it can be tricky to determine whether or not your site has been a hacker’s target, you have to be more diligent than usual.
Here are few of the things you can do in order to detect a black hatter’s attack:
- You can find useful information on the Webmaster Central Help Forum. You will probably find the answers before even asking the question, but you can also ask for help from other webmasters if you don’t find a solution.
- Rely on Google Webmaster Tools, which enable you to set email alerts in case Google suspects that your website has been compromised. Keep in mind that the search engine may take a while before detecting suspicious actions against your site, so rely on this option only as a backup strategy. The Fetch as Google tool is very useful, since it enables you to find out what the search engine sees when indexing your site.
- You can (and should) set up a Google alert for the words site:domain.com. With this strategy, you can reveal suspicious titles and page descriptions of your web pages. Google will instantly notify you about any new content the search engine indexes. If something seems shady, you can take action without delays. You can set up such alerts on the Google Alerts.
- Try to locate new pages with unusual content or 404-error; they indicate that the search results probably direct to suspicious websites.
- Pay close attention to GWT alarms. Check the malware status of your website.
- Check the search results your website is listed in. Compare the pages you enter through Google with those you get with direct entrance in the browser.
How to Prevent Black Hatters’ Attacks
Prevention is always better than treatment. The best way to avoid unpleasant scenarios caused by a hacker is to make your website really difficult to compromise. These are the things you can do for such purpose:
- Use strong usernames and passwords
You simply cannot be negligent when it comes to your website’s security. Only your system administrator should have the permission to maintain the site. Never use default names for application administrators, since they make your website an easy target.
- Secure all administrative files
You need to use a website firewall in order to provide strong protection for your website. Firewall technology has come a long way since its beginnings, so you can finally find effective, but affordable options that will protect your website.
You can also use an integrity tool that will notify you about changes in the file system. If you are aware of all changes that are being made, you will immediately spot an attack. Also you could also ask for an advice from our professionals http://webmastersafeguards.blogspot.co.uk/
Remember: You need an efficient remedy
No matter how hard you try to protect your website against hackers, it may still become a target at any moment. If a hacker managed to achieve sneaky redirection, you are in danger of greater damage. This means that you need to have a backup plan just in case. If you perform daily backups of your website, you will avoid losing valuable files in case of attack.
Dennis Rundle is CEO of “Webmastersafeguards”, an internet geek, and security enthusiast. His goal is to promote fair and square rules for all websites and to eradicate malware.
Very informative article. Google tools are invaluable in protecting a website from being used by hackers. Very recently, we had a site (downloads.certexams.com) hacked, and were able to fix the issue (removed the content added by the hacker, and changed the password) after receiving an email alert from Google.
One question is, whether the hosting provider would be able to dp hacking? If so, one needs to go with a reputed host for hosting a website (that would be a little costlier).
Vijay,
So sorry to hear your website has been hacked in the past. Are you using WordPress on your dedicated server? If so, there’s tons of information available in Bing, Google, and YaHoO! search results about unique ways you can text your WordPress.com installation on your web hosting package from being hacked again in the future. Hopefully, you’re doing good now and online business. :-)
Thanks for usefull post
Can we rely on Google webmaster tools for alerting us properly ? I heard about stories where Google has very big delay (few months) for this kind of problems…
Dumbo,
There’s a plethora of useful webmaster resources across the web. Simply perform a search in your favorite search engines under different terms to see what tools are best suitable for your blog, forum, or website.
Surely your article will helps the bloggers to secure their blog from the hackers and there are lots of free and premium plugins are available for making their blog secured.
I have a doubt that is indexing tags & categories in search engine can be considered as doorway pages. Please clear my doubt.
Thanks.
great article explaining all about the doorway pages. hackers are a big headache for webmasters and for Google too. I’m using three plugins to make my blog more secure from hackers however, I believe on Google webmaster tools for this more. GWT is a great tool to analyze what is happening with our website.
I have a friend and the same thing was happened to his blog and he got the information from GWT, in fact he’s also using WP plugins. he’s really working hard to recover from this. his blog have more than 1200 pages and now he’s checking all of his blog’s pages for this issue. I’ll forward this post to him also that he can take more precautions in future.
Cheers..
Gaurav Heera
Nice way to prevent black hat effect. Thanks for sharing this valuable content
Thanks for sharing this information, negative SEO is something you shouldn’t take lightly it can seriously damage your business for months on end.
You can definitely say that again, James.
Thanks for giving us a heads up, on the dirty tricks are played out every day, by some low lifes who is trying to make a quick buck.
What is sad, these people will do better then people like you, and me who re trying to do it honestly
Thanks for the great read
jason
Anyone who does black hat SEO is stuck on stupid. There’s too much money to be legitimately be made online. Why scheme off of others?
Because it works, of course. There’d be no reason to do it if it didn’t turn in results, even short-term. I’m not advocating it — I hate it — but your question is simply naive.
I think most of the website owners provide deep attention to get high page rank. But it is also important to be protected from negative SEO. Who think about it, many of them do not know how to check and how to prevent black hatter. So, your article is really helpful especially for newcomers…
Good tips to prevent black hat seo techniques. I depend on google webmaster tools and it has helped me in finding attacks.
Great post Dennis. About 8 months back one of my sites was targeted by black hatters with this exact technique of Doorway pages. I was unaware of the situation, and received Gogole penalty as a result of that. Inspite of my numerous efforts to save the site, I could never recover it back again.
Hope I had your article for reference then :) Since then I have implemented stringent security measures and monitoring for all my sites. Your article is a must read for all website owners.
Unfortunately, black hat seo practices is one thing that won’t be going away anytime soon. Thanks for these tips and reminders. And yes! Daily backups is a must.
It’s still hard to imagine some do-no-gooders are out there investing considerable about of effort and time into ruining other people’s hard work. I particularly believe the measures you’ve outlined to prevent a negative SEO attack are not only effective, but also proactive. Thanks for sharing, Dennis!
-Ayodeji Onibalusi
I’ve had this happen to me. Destroyed my website with Google and it’s organic reach never recovered. Check Webmaster Regularly!
Yikes! I am new to the website world and I had no idea this was something I need to protect myself against. Thank you for the information. It is very helpful.
Thank you for posting this because this gives me an idea that we should all be careful because black hat SEO’s are everywhere popping out of nowhere. Many of the SEO’s don’t know how to avoid this especially the beginners so they can have this guide to those black hatter.
There must be a way to to stop black hatters. Daily check should be made to your webmaster tools, fetch as google preview is a good idea to see how our site looks like to the viewers.
Very informative article … I like your idea of setting up google alerts to notify whenever the crawlers index something new.
Black Hat SEO seems to be on the up with Doorway pages and spamy link building the main culprits. I guess this is due to the increasing difficulty in getting good rankings so some sites try to push their competitors below them.
This makes WordPress a good platform to build your website on with a range of great plugins available to secure, monitor and back the site up. But whatever the solution used ever webmaster needs to be vigilant against these negative attacks and have a strategy in place to counter them.
Good and well versed article on techniques to avoid black hat Seo on vulnerables sites.A good login security system is also mandatory.In fact one of my website has been hacked but fortunately recovered.admin please update and educate us with several such articles.
Thanks for this article,it was very interesting! I think that this problem will become more and more in the future.Many people use passwords too easy to find.for those who have an online business, safety should always come first.
Luckily my website hasn’t been hacked however recently had my email hacked and had to change all the passwords which did the trick. The passwords we use on our site are extremely strong and changed on a regular basis to eliminate the worry.
We had better use Msconfig or ask help from Windows optimization. * Edwin Hubbel Chapin once said, “Every action of our lives touches on. Experience the difference an experienced, reliable home theater setup company makes.
Thank you for the information. It is very helpful.
Seems like some of these hackers are basically hacking these pages to create more pageviews for an ad – without actually generating clicks.
So, people are probably paying for “impressions” and getting them from junk search results. Strange world out there…
That is the first time I hear about doorway pages as a Black Hat Strategy. Till now I wasn’t aware of this potential danger for my website and I will try to take caution and use the tools that you recommend to prevent the hack.
Thanks for share some useful information with us. doorway pages is really bad for website?
Thanks for sharing this valuable content ,this is a Nice way to prevent black hat effect.
Here are the 12 common black hat seo techniques:
Paid links from Directories
Email request to rent links
Sponsor a wordpress theme
Fake twitter accounts
Site wide footer links
Cloaking text
Reciprocal Links
Automated Link Drops
Falsified Facebook Like Buttons
Article Spinning and Mass Distribution
Cloaking through user logins
Using Link Brokers
Thanks so much for the resources to ensure that I have not been hacked. Security is a rising concern for all of us these days.
Thank you for posting this because this gives me an idea that we should all be careful because black hat SEO’s are everywhere popping out of nowhere. Many of the SEO’s don’t know how to avoid this especially the beginners so they can have this guide to those black hatter.
thanks for sharing this information. I have seen some peoples using black hat seo tricks but it is not good for website. For some day they will rank higher but afterwards to results would be too horrible.
This is a great inspiring article.You put really very helpful information. Keep it up…