Home » Data Protection » Malware/Cybercrime

Black Hat SEO, part two: SEOwN3d!!1

As search engine optimizers played fast and loose, a reaction from the search engine companies became inevitable. Now SEOs are forced to choose hats: black or white. (Part two in a series.)

people rarely visit a site after that kind of warning. The owner of the hosting company, Daniel Peterson, says that after he had cleaned up the sites, nothing had been done to get those blocked sites relisted in Google search results. "No one seems to want to do anything, and the blacklisting is now seriously damaging our businesses," Peterson wrote in an e-mail.

He is particularly concerned about a boutique hotel in Pattaya called Rabbit Resort. Peterson wrote: "Rabbit Resort seriously relies on their Google listing and normally receives 50 to 60 visitors every day. Most of these become bookings. They now receive one every day or so. With more than 60 staff to employ, they now risk financial ruin and disaster." (The sites were eventually relisted).

Roger Thompson, the blogger for Exploit Prevention Labs, cites another recent case, in which search results for "saints football club" brought up a number of Australian soccer team sites that were labeled as potentially containing malware. Thompson notes that another site had this happen. "K1-usa.net...used to be the number-one organic result when people searched for k1. They were hacked for about 10 days, and then cleaned, but in the meantime, they had earned the 'This site may harm your computer' label, and over the next 12 months, before the label was removed, their rating slipped, and slipped, until finally it was nowhere on the first three pages."

Most of the soccer sites were marked clean within days, not months, suggesting Google has improved in the relisting game. "We can always try to do better," says Cutts, the Google liaison. "We're trying to be as responsive as possible."

But Thompson notes, "This happens quite a bit, and I must admit that I'm surprised no one has accused Google of damaging their brand."

"Our webmaster guidelines are clear," says Cutts, who noted that Google made this policy in anticipation of problems with sites using others to goose their rankings. "We say that ultimately you are responsible for what's on your site. If the scam is on your page, that's what is causing damage. We'll do whatever we can to try to help, but ultimately if there's spam content on your pages, we're willing to remove that content, and then hopefully cycle that back in when it's cleaned up."

RSnake, a security expert with experience in Web advertising and SEO who runs ha.ckers.org, says that no matter how blunt and overzealous enforcement has become, that's not the problem with Google's approach to enforcement. It's that the policy that Cutts is referring to is ultimately faulty, because it's based on a false premise.