As of August 31, 2016, cursivearmy.com is ranking on page one on Google for some of the most competitive keyword terms in one of the most notoriously spammy niches online; the erectile dysfunction niche. This is a niche that the team at Google always has their eye on, yet we still see these successful black hat exploits, although there are fewer cases in this niche today than there were four years ago. Perhaps this is because of Google manually removing certain spammy pages from these familiar niches rather than the fact that Google’s algorithm has improved, although both may be true. The technique used in this case is an old one that SEO experts and Google talking-heads said didn’t work anymore, and they said this years ago. Yet here we are in late 2016 and purely black hat SEO pages are still ranking on page one for keyword like buy viagra and buy cialis online.
Here is a screen shot of cursivearmy ranking #1 for the pharma keyword “buy cialis online” (without quotes).
The Secret Black Hat SEO Method
Age equals trust. – Age is an important factor in choosing the right website to hack and put pharma affiliate links on. The older the site, the more trust it has in Google’s eyes and “trust rank”, as it’s sometimes called, has long been thought to play an important role in achieving high rankings for competitive keywords. Google wants to deliver its searchers to sites they can trust, otherwise people would stop using Google. As usual, the black hat SEO experts chose an old domain. Cursivearmy.com was created on 28 March, 2000 according to some popular domain age checking tools, but I found links pointing to it from January 31, 1999.
Domain Authority – Domain authority (DA) unofficially replaced PageRank as Google stopped updating PageRank a few years ago. Sites like Moz and Ahrefs developed tools to explore the backlinks to websites and crafted their algorithm to determine what the site’s PageRank would have been, and they display this through their own system called Domain Rank or Domain Authority. Generally, the more backlinks a site has, the higher the DA, and if the backlinks come from other sites with high DA, then all the better. A brief survey of popular SEO discussion sites shows that Ahrefs’ Domain Authority is the most accurate measurement available today of what can loosely be correlated to PageRank. The higher the DA is then the more authority, and trust, a site has. Whereas PageRank was based on a 0 – 10 scale, DA is based on 1 – 100. An easy way to think of DA is to take a site’s would-be PageRank and add a zero to it. So a site that would be a PR 5 would be a DA50 or so.
In general, it can be observed that in this black hat method, sites with a DA of 50 or higher are usually chosen. The idea is to exploit the trust factor that Google gives this site based on both age and domain authority. The Domain Authority of cursivearmy.com is 53 and the homepage rank alone is 52. This is perfect for this method of exploitation.
Black Hat Link Building
After finding a target site, a victim, the black hat SEO specialist has to do a few things. First he’s got to find a pharma affiliate program that he can send his traffic to so that he can earn a commission when people buy Viagra, Cialis or whatever product is being promoted. This is usually done well in advance.
Second thing he has to do is add pharmaceutical content to the host site. This is done by using hacking software to scan for vulnerabilities in the website’s security structure. Often times it can be as simple as a plugin being out of date which can allow a hacker very easy access to the target site. Once he has access to the site, he can completely take over, including removing the site’s content and adding his own pharma black hat content. The idea is to stuff the target page full of keywords related to the product being promoted. This covers the on-page SEO part of the job.
The third thing black hats have to do is paste a piece of code to the site that causes it to redirect to the pharmacy they are promoting once a visitor arrives. In the past such a page was frequently called a Doorway Page and the redirection was executed by a meta refresh or some javascript.
After all of this preliminary work is done, he can start the link building process, which is the main ranking factor in all of these cases. So let’s look at how many pharma links were built to this site. First I went to Ahrefs but saw only three links pointing to the domain. That seemed very strange. Something wasn’t right. I wondered if Ahrefs’ bot was being blocked by the black hat SEO spammer so that no one could find his link farm. I checked the robots.txt file and that’s exactly what I found. Not only did he take measures to hide his links from Ahrefs’ bot, but also other link checking bots. Below is the robots.txt file of cursivearmy.com as of Sept 1, 2016.
http://www.cursivearmy.com/robots.txt
User-agent: AhrefsBot
Disallow: /
User-agent: MJ12bot
Disallow: /
User-agent: ia_archiver
Disallow: /
User-agent: rogerbot
Disallow: /
User-agent: spbot
Disallow: /
User-agent: ScoutJet
Disallow: /
Knowing that these bots were restricted from accessing the site, I was forced to look for another backlink analysis software that wasn’t blocked. Fortunately, I found one and downloaded the link profile so we can see the real method to the madness. You can download the link profile here: links-cursivearmy-com-1533
I found that there were 1533 links pointing to this domain in total, but not all of them were black hat SEO links. Keep in mind that links often die and are no longer a part of the link profile. This happens all the time as links are removed, broken, on pages that are shuffled to Google’s supplemental index or deindexed altogether. The point is that there may have been thousands more links pointing to this site even as recently as a week or two ago, and perhaps the links are down now and are no longer showing, yet the site could be enjoying a bit of longevity based on those now expired links. This may not be the case though, although it’s possible. Usually when the links die the site’s rankings die soon afterward.
The first pharma link that I see in the profile, which I’ve made available to you here, is from 2006. Has this site been hacked for 10 years? Apparently so, but the bulk of recent pharma based backlinks came in June 2016. Unlike in years past, there is not a lot of anchor text stacking, where one keyword, say, “buy viagra online”, is linked 85 times to the target site. Instead what we see is a variety of closely related keywords that fall under the LSI (latent semantic indexing) umbrella. This may indicate a certain respect for Google’s Penguin algorithm which penalizes site rankings for over optimizing one’s link profile.
Each of the black hat pharma links that point to this website come from pages that have pharma related titles. This hasn’t changed since the old days. It’s well known that backlinks that come from pages with relevant titles boost the target sites’ rankings more than if the links come from pages with non-relevant titles.
But there’s more to it than that.
Upon more closely examining the backlinks of cursivearmy.com, I noticed that the some of the backlinks were themselves hijacked by this SEO hacker. A google search of this phrase: www.educationalvideos.com pharmacy brought the following results shown in this screenshot.
Like cursivearmy.com, this site been injected with a script that has allowed the hacker to hijack the SERP listings and meta descriptions. This is typical and can be done with XSS or the a 302 redirect hijack. With a 302 redirect hijack, the attacker typically creates a page on a domain with high domain authority and then runs a 302 redirect to the target (victim) site. What happens is the Googlebot follows the attacker’s page (with high domain authority) to the target site because of the redirect, and then actually changes the way the target site is displayed in the SERPS. In this way the attacker can own the SERPS of the target site.
There are multiple ways these hijacks can be done and the idea is to control the page, put pharma keywords on the page, show pharma keywords in the SERPS and make this page a juicy, relevant, weighty backlink that you can use to bolster the ranking of the main target site, which in this case is cursivearmy.com.
Summary
We see that blatant black hat SEO spamming still works. In this case it was a mixture of hacking websites for SEO purposes, which is not really SEO, and link building from sites with high domain authority and trust flow, which is SEO. Black hat SEO does not necessarily have to involve any hacking and I view the hacking aspect as an entirely separate issue. In this case we are look at what SEO techniques were used to ranking in this highly visible niche, a niche that is notorious for such exploits, a niche that the team at Google always has their eye on. What we see is lots of link building from sites with domain authority and trust flow, an avoidance of stacking too many exact match keyword anchors, lots of anchored links based on LSI keywords and keyword stuffed, spun content that is barely readable but has keyword density of 3% or less.