A new Negative SEO Attack method was recently discovered by Bill Hartzer of Hartzser Consulting. This type of negative SEO attack is different from others. Apparently, it seems to be impossible to recover from it if the attacker website is unknown. The attack takes advantage of the canonical tag that search engines support. It copies the whole head section of a website’s page into another head section of a spam site. This process includes the canonical tag, which leads Google to believe that the fake page is actually the victim site page. The result is Google assigning all the content and negative spam scores from the fake site to the attacked one.
Unlike more traditional Negative SEO, this new attack doesn’t involve links but cross-domain canonical tags. As regular negative SEO involves links, it is easier for Google to detect it. In fact, after the Penguin update Google became pretty effective to spot these attacks. However, this new type of negative SEO attack takes advantage of a gap in Google’s algorithms. The weakness makes Google perceive both the real and the spam websites as one. This allows a transfer of positive and negative variables between them.
How the new negative SEO attack works
The attacker site is usually a hacked website or a domain name with bad links. This site copies the head of the victim site’s pages line by line. Then, they are placed on the spam site. This attacker site has canonical tags that point to the victim site. Google detects this and combines both websites content. Then, the bad content is transferred to the attacked website, which makes its SEO ranks collapse.
In some cases, the spam site copies an entire page of the victim adding inappropriate content, usually porn. Some other times, it just copies the heads and the rest of the page contains the adult content. Whatever the situation is, the attack copies the head and the page’s header from the original site to the bad one.
Since it doesn’t involve links or a direct hacking to a website, the canonical negative SEO attack is very hard to identify. Bill Hartzer detected it by using Majestic.com to check the links of a client’s site that had his rankings dropped recently. Majestic’s newest index includes canonical data. Thus, Hartzer detected 1877 backlinks to the website whose title tags and anchor texts were related to off-topic, adult content. The report showed that the citation flow was very high while the trust flow was zero; and the links didn’t actually contain links to the victim site.
The role of Google in this problem
The attack has been documented as having happened to some websites. However, no experiments to date can confirm that this type of exploit is possible. In that case, it will impact on the way search engines implement canonical tags. A canonical tag is not a directive; thus, search engines are not obliged to obey them. They just take the canonical tag as a suggestion. This new threat could lead Google or Bing to change the way they see canonical specification so they cannot be used to canonicalize across different domains. This could be implemented in the Google Search Console.