SEO Company GreenCowSEO Exposed! Black Hat SEO Secret Techniques – Case Study

The intent of this website, beginning with this first blog post, is to uncover, indeed expose the methods used to rank websites at the top of the SERPS. This analysis is unlike anything else on the web. I aim to expose for the first time ever the REAL SEO methods being used RIGHT NOW, today by some of the worlds best SEO companies and SEO experts & consultants. What makes this different from other SEO websites that analyze and teach SEO?  At seospoiler.com I intend to stay away from generalities and vagueness and actually expose the methods and not just the process. Also, each site I analyze will be in a HIGH COMPETITION niche.  Everyone can rank sites in low competition niches, but how does a site like, oh, say, greencowseo.com get to page one on Google for the very high competition keyword: seo company?  That’s exactly what I intend to show right now.

First let’s look at the SERPS.  Today I googled the keyword: seo company. You can see in the screenshot below that greencowseo.com is ranking at position one in google. This site managed to take position one in Google for this coveted keyword in just TWO WEEKS! This has many people in this highly competitive community asking questions about how greencowseo.com did it. Some companies who have been victimized by greencowseo are talking about it in the forums.

SEO Company serps

So let’s begin our investigation and get this seo case study off to a good start. You notice below, if you would please take a good look at the screenshot, that greencowseo.com has a very impressive link profile. You are looking at a screenshot of SEO Elite which I use on a regular basis to analyze top ranking websites. In the column Page with URL we can see the sites that are linking to greencow. In the next column we see the pagerank of that page. What do we notice here? Greencow has a lot of very high pagerank links pointing toward them. The links are dofollow (all of them) and focus on just three specific anchors: seo, seo company, seo firm. There is no link diversity here. This is as unnatural a link profile as one could imagine. Keep in mind this is just the tip of the iceberg. Open Site Explorer only shows us a few of the links that exist out there on the internet. Many of you may know this already because after doing a link building campaign we sometimes check the client’s link profile with OSE and we see hardly ANY of the links we built.  Even after a few months have gone by. So, we can just imagine the scale of link spamming greencowseo has done. So how did they get all these links?  I’ll get to that in just a minute.

Anchored Links for Greencow
Look at this link building strategy

Let’s try to put all of our biases away for a little while and try to remain open minded about how this seo company managed to do this.  There is a lot of talk about exactly how one needs to build a link profile. We are supposed to get, after penguin, %25 of this kind of anchor, %15 of that kind of anchor, %45 of just regular “branded” links, %20 LSI links and so on. We are not seeing any evidence of that theory today as we analyze the link profile of greencowseo. Instead we see that they have done some good old fashioned link spamming and it worked. This may be short lived but they have been at the TOP of the serps for SEO COMPANY since July. There is HUGE traffic for that keyword and they have NO DOUBT already made a ton of money from it. Seeing that it only costs a couple thousand dollars to spin up a new website, they seem to have nothing to lose at all. Keep in mind that these guys go to position one for SEO COMPANY with a domain that was two weeks old. So, when this site goes down they just throw the next one up (they already have it built I’m sure) and in another two weeks they will be back at the top – indefinitely.

Some people call that a short term strategy but I’m not here to argue about the effectiveness of this strategy. Nor am I here to discuss the ethics behind such marketing practices online. Instead, I’m only here to answer the question, “how did they do it?”. Let’s visit one of the sites listed in their link profile as shown in the SEO Elite screenshot above. Please take a very good look at the image below. Use control+f to find the word greencowseo or just seo.  Can’t find it?  But the software says that greencowseo is getting a link from this page. Strange…let’s look a little deeper.

OpenSourceText - regular screenshot with java on
No sign of any links to greencow here.

How can we look for this apparently hidden link? How could it be hiding?  Let’s take a look at the source code of this page. I like to use SEO Quake rather than to right click and use the web development tool.  Okay, please look at the image below and see the code pointing to greencowseo. You’ll see that I used the control+f function to quickly find those sneaky SEO links. Try it yourself. It seems as though some code has been injected on behalf of greencowseo.com.  Let’s look deeper.

Source Code for this page
Check out the code that’s been injected on behalf of greencowseo.

Before we look at the image below, let’s ask ourselves how a link could be hidden in plain view. We’ve looked at the page and found no links. We looked at the code and saw that links had been injected. How can we tie all of this up? Let’s take one more look at this page, but let’s look at it with Java turned off. When we turn Java off some things that appear on the page will not be there once it’s been reloaded. To turn Java off in firefox we just go to tools – web developer extension – disable – disable javascript – and finally we click on – disable all java.  Now reload the page once you have disable all java.  What do we see?  Look at the image below to find out.

GreenCowSeo link is visible with Java turned off
A look at opensourcetext with java turned off reveals what is normally a hidden link used by greencowseo

Well what do we have here? We can now see the sneaky SEO link pointing to greencowseo. Look in the upper right corner if you don’t see it. As you’ll soon see, greencowseo seems to like to hide their links behind java stuff. Compare this image with the one with Java still turned on. You can see that the Share buttons were covering up this link. You should realize that this a very good spot for a link as google gives it a lot of weight. Google doesn’t give as much weight to footer links as it does to intext links and header links. So greencow is maximizing their SEO efficacy by placing the links in the right spots on the page.

Well, now that we’ve looked at this one site we have a pretty good understanding of what this top ranking SEO company is doing. But two questions still remain.

1. Is this the only page that was linked/hacked/injected like this? Perhaps this was the work of a competitor who is trying to make greencow look bad to Google? Perhaps this is the only link like this in their profile?

2. How did they get these links and if they hacked/injected them, then how is that done?

You can easily hack websites and inject code using a simple curl script.  All one needs is some offshore hosting, a vulnerability scanner and a curl script to inject the links en mass. Such methods can even allow the takeover of whole ip ranges. Let’s focus on question 1 instead to see if there is a pattern here. Also, let’s not stop wondering why Google allows this site to continue to pull in HEAPS of money without flushing down the SERP TOILET.  By the way folks, Google has been alerted to this site multiple times. I personally know of at least half a dozen people who have reportedly filed spam reports on this site. Google has taken no action yet which is strange because, of all niches, this is the one niche that Google keeps a REALLY GOOD eye on. Seo Companies are the enemy to Google. I’m sure they reverse engineer everything down at Google headquarters but still – this site is pure spam and Google knows it. Yet, it lives and makes tons of money.

Let’s continue on now with our analysis.  Analyzing one site does not show a pattern or uncover much of a method. But a whole string of sites would be another matter.

Our next link that we want to investigate comes from the American Leprosy Missions. Once again I invite you to look at this image (or visit the site) and do a control+f for greencow or seo. Like the site above in the first example, we can’t see any links to greencow with Java still turned on, as it normally is.

Page as it normally appears
No sign of our seo company link spammer

Now let’s look at the source code to see if we can find anything there. Look at the image below and you can clearly see the seo company link.

View of the source code showing hidden link for greencow
Source code shows link for top seo company greencowseo

Now let’s do as we did before and return to the page and turn java off. Then we reload the page with java off and see greencow links. They were hidden behind java just as before.

Leprosy site that has hidden links pointing to greencow
More greencow spam, apparently.

Next on the chopping block is another site from the link profile of greencowseo. I sure do like having SEO Elite around to do my link profile work. It sure saves a lot of time. Back to the analysis. This is a chess site for New York City. Certainly, they can’t be willingly endorsing our spamming SEO Company – could they? Let’s look at the site regularly with Java still turned on.

New York City chess site is compromised
ChessNYC is compromised but you can’t tell by looking at it plainly.

We just can’t tell that this site is compromised by looking at it plainly. I bet they don’t know it either. Someone should contact them to let them know they’ve been hacked. But where is the proof? Please look at the image below of the source code. No big surprises here – they have injected their now familiar code into this site as well.

Page source for chessnyc
We see the evil hidden links in the page source.

Let’s return to the page and turn Java off once again. Then reload the page and look for the nasty links.

Java Turned Off to view nasty links
We can see the nasty links pointing to a top seo firm

Just like before we can see these hidden links pointing to top seo company greencowseo.com. Let’s keep this analysis moving and flesh out the pattern a bit more. Next is a university website.

With Java On - No Sign of Spam
More spam from greencow

Once again I invite you to look closely at the image below to see the code that has been injected into this site on behalf of greencow. Some of you out there might benefit from actually pulling apart the code snippets to get a feeling for what is happening. Explore these bits of code and you’ll learn a trick or two that no one else is talking about.

University Vew Source Code
View source code

Of course, as you might have predicted by now, the image below is the same site with (you guessed it) java turned off.

A university with hidden links pointing to greencow
More hidden links from university websites.

Below we find a non english website that appears trustworthy and unspammed – but it’s been spammed already by greencowseo.

Java Turned On
No sign of black hat seo with java turned on, as it usually is.

Please look at the source code below to see what we’ve seen before – injected code that is hidden by java script.

Another hacked website
Another website apparently hacked by gcseo

Finally we look at this university website without Java and as we would expect we find the hidden links.

No Java
Java can’t cover up black hat seo when java is turned OFF!

We’ll look at just one more. The following website looks like something that was actually built by an offshore seo company. The language is distinctively overseas sounding. Just visit this site and read the stuff rolling around on the java image in the middle of the page. Looks like middle eastern, Indian or Egyptian english-second-language to me. You can probably guess where the hidden link is by now.

Regular View - Java Turned On
A quick glance at theorlandocriminaldefense with java on

Actually, even though this is the last site I analyzed in this post, this was the first site I analyzed live. I included a shot below of the Keyword Density page produced by SEO Quake of this site. When I first visited the site I realized that my control+f was finding seo keywords but I couldn’t see them. Instead of just looking at the source code I looked at all the words on the page via the Density tab on the SEO Quake toolbar. From that tab you can see the keyword density of one, two, three and four word phrase keywords. That page will also show you all of the content on the page just like a bot would see it. I found our SEO keywords in this shot.

SEO Quake shows Spammy Keyword Stuffing
SEO Quake sees the greencowseo keywords but we don’t.

This is when I went to the source code to see how it’s been injected.

Using page source to view seo techniques
We use page source to view hidden seo links

In the image below I have simply turned off Java so as to expose the links going to greencowseo.com.

Sneaky Links found with Java Off
Can you spot the sneaky black hat links?

Let’s try to draw some conclusions from the evidence we see here. First let me add that many, many of the links I checked (from greencows link profile) were just like the ones I shared with you in this case study.

This site went to position one for the keyword: seo company.  This happened in two weeks time.  There was talk in the forums then about how greencow would only last a few days or weeks in that most coveted spot. That was in July 2012 and it’s now November 2012. I’m sure the geeks at Google regularly visit the “buy viagra” serps and the SEO serps to see if they can reverse engineer some SEO techniques. They know that there are some very successful SEO experts out there that really know their game. Therefore we should consider the “seo company” niche as highly visible to Google in particular.

All the same, this site is enjoying the benefits of ranking at position one for a lucrative keyword for months and months. They don’t update a blog every day, they don’t build relationships with thier readers (they don’t have “readers” – just browsers or buyers), they don’t have any sort of innovative SEO tool unique to their site which would add value etc…they are just another website.

Their Alexa Rank is ~110,000 and %60 of their search traffic is coming from the keyword: seo company.  These are obviously super hot leads. People don’t google “seo company” to just enjoy some light reading. They google that because they need seo services and that’s that! We are talking about a keywod (seo company) that indicates that our visitor as at the latter stages of the buying cycle. Greencowseo is enjoy a constant flow (almost a flood) of targeted visitors who are all but jumping down the sales funnel – with overt black hat SEO tactics.

Their On-Page SEO is nothing to brag about but it’s not disastrous either. Just to make a few points:

1. have no meta keywords (even though they are less important than they used to be, it’s strange that they didn’t even bother).

2. They have two <h1> headings. Most SEO’s agree that one <h1>, one <h2>, one <h3> is the best approach. We could say that using too many <h1> tags is a bit like over optimizing.

3. Of the nine images on the page that I looked at, seven of them were missing alt tags which are a basic part of general on-page seo.

4.  The text to html ratio is %35.65. I would suggest adding more text to make this site conform to best practices.

5. I couldn’t find an XML sitemap

6. There were no MicroFormats or Geo Meta Tags.

7. No Favicon

8. No gzip – loads slow sometimes.

From this we can conclude that their On-Page SEO is not the reason they rank at position one on Google for seo company.  We can also draw some general conclusions about how much weight Google gives on-page factors versus off-page factors. It certainly seems that this very average site is outranking everyone else because they have lots of anchored links from trusted sites.  Google seems to ignore the unnatural way that greencowseo’s link profile focuses on just three keywords: seo, seo company, seo firm. There are no branded keywords, no “just the URL” keywords, no LSI keywords – nothing but pure, unadulterated anchored link spamming.

The difference between them and everyone else in the SEO company niche who is spamming is simple: greencowseo has more “trusted” links. Links from sites that themselves have links from .edu or .gov sites, or very old sites are great links for ranking and SEO. Generally, sites that are more than 5 years old are trusted more by Google. We see evidence of this all the time when various sites are hacked by viagra spammers. They always hack an edu site because the trust Google gives it covers up all the other ‘transgressions’.

Lesson: if you get links from trusted sites, you can get them any way you want. Fast, slow, all with one anchor – it doesn’t matter. The links can be hidden and it doesn’t matter. The links can be from sites that aren’t even relevant to your site and it doesn’t matter. What matters is trust. But how did greencowseo.com know which sites Google would give so much trust to?  If you analyze the sites in their link profile you’ll soon recognize some patters. They have links from a lot of old sites. Age equals trust to a large degree. A lot of the sites have high pagerank AND they’ve been around a while. There are some universities, open source sites, community driven sites, sites that focus on charity and helping the poor etc… These kinds of sites typically get links from government agencies from time to time around the world. So as a rule, generally speaking, such sites really enjoy a good amount of trust in Google’s eyes. Goverment .gov sites are given lots of trust. A link from a legit .gov page will almost protect your site from other SEO mistakes.

In order for this site to rank in two weeks they had to index all of these links quickly. This is easily done nowadays. There are sites out there that do only this – they index your spammy links. At the moment I’m thinking of linkilicious and sites like that. One could also just take a giant list of links (that need to be indexed) and feed them into xrumer. Then have xrumer spit 100,000 cheap links at your big list of links (that still need to be indexed). The result will be that a lot of your links will be indexed quickly. The quicker they are indexed the quicker they actually count for your rankings. So greencowseo got all of their links in two weeks and indexed them almost immediately after getting them. I believe they used offshore hosting (I think they are Egyptian but not sure), a vulnerability scanner, and an injection script written for php injections.

Is this a viable business model? Hacking into sites is not part of any viable business model. That’s why you would need offshore hosting. However, some of these links may have been slipped in via their widgets and plugins that have been distributed. Whatever tactics they used to secure their high rankings isn’t the main point of this case study. The main point is to see what it takes, exactly, to rank for highly competitive keywords. The actual substance of their link profile is much more important than how the link profile was created, whether it was hacked, partially hacked, built with plugins (1.5 million new links last month!!!).  Study and learn!

_______________________________________________________________________________

About the Author

Christopher Lees has been a full time SEO professional since 2006. He has written on the secrets of black hat SEO and has had his independent work referenced at universities and leading authoritative sites like researchgate.net. He has been providing white label SEO services for hundreds of clients through many well known web design and marketing companies in Massachusetts and beyond.

If you are with the press, Christopher Lees can be contacted for an interview by emailing hamptonlees@gmail.com. Chris is occasionally available for guest posts on other blogs.

By Christopher Lees

Christopher Lees has been a full time SEO professional since 2006. He has written on the secrets of black hat SEO and has had his independent work referenced at universities and leading authoritative sites like researchgate.net. He has been providing white label SEO services for hundreds of clients through many well known web design and marketing companies in Massachusetts and beyond. If you are with the press, Christopher Lees can be contacted for an interview by emailing hamptonlees@gmail.com. Chris is occasionally available for guest posts on other blogs.

4 comments

    1. Hello David and thanks for commenting,

      I usually don’t allow advertising (i.e. the “Seo Company” part of your link here) in the comments but I can see that you guys are a totally White Hat operation – so I’ll let it stick:) I also noticed that your company is also on Page One of Google. Congratulations. It’s not easy to make it there using white hat methods like you (apparently) have done – especially when competing against sites like greencowseo.com who use really black hat methods. Keep up the good fight.

      Yes this is annoying to competing SEO Companies out there, but that’s just the way the ball bounces. The really interesting question is how come Google’s algorithm didn’t catch this? What did greencowseo do to go around the spam filters in the algorithm? Well, that’s what I attempted to answer in this post.

      Thanks for your comment, David.

    1. Philip,

      That is an astute observation. Thanks for sharing. However, I don’t think I meant to say that they were hiding their links “in” javascript, but that there links were visible when java is turned off.

      Perhaps you could elaborate on your observation a bit more for the benefit of the SEO community.

      Thanks for commenting.

Leave a comment

Your email address will not be published. Required fields are marked *