Monday, December 22, 2014

SEO Spam or Fear the Penguin

One of the most irritating con jobs on the Net is selling links to people desperate to get traffic to their websites. This is part of what is known as “black hat SEO” with SEO standing for Search Engine Optimization. So it was rather interesting to get two false referrals from seoairport . com / site / product / in my Blogger stats today. UPDATED: December 2014 has seen a massive amount of hits from seoairport . com / site / recommended with no end in sight. New screen captures added at the end of the post.

SEO Airport Spam 01

Firing up the trusty virtual machine, I checked it out. Remember folks, don’t click on strange links and leave that to daredevils or those of us with more than one operating system on a machine. The name told me what to expect out of the site and I wasn’t disappointed.

The home page above is of basic design, which will be important later on.

SEO Airport Spam 02SEO Airport Spam 03

The direct link left behind in my stats goes straight to the money page where they lay out what they do and how much is charged for it. Note the spelling errors which indicate an amateur site or that the author is not a native English speaker. The inability to spell “domain” correctly doesn’t exactly inspire confidence in the skills of creator to deliver.

Also notice the blogs shown and how basic their designs are. Not a whole lot going on there, which isn’t what you would expect of highly trafficked sites generating follows to your site. This isn’t a professional level operation, that’s for sure.

I very highly recommend avoiding this site and any like it selling backlinks. Not only is it shady, it will set you up for a very hard fall down the road. Why?

Google has been targeting link sellers lately and have been working constantly at refining their search engine algorithms to week out suspect sites such as these. In fact, they shut down a link farming group last month by delisting them from their index. They also like to turn loose cute animals that penalize websites for having unnatural links.

Look up “panda” or “penguin” in relation to Google’s search engine and you’ll find a lot of interesting if technically arcane information about the damage these special sweeps can do to even legitimate websites. We are talking about being lowered in rank or even being deranked in Google.

So it is best not to get involved in this kind of SEO linking in the first place and most of these operations will give you a brief boost in traffic then demand more money when it invariably crashes.

Google’s new software engine under the hood (so to speak), Hummingbird, is thought to have enhancements to detect artificially generated traffic as well. Please think twice, even thrice, before paying for backlinks.

UPDATE:

One thing I like about StatCounter is that it filters out all the fake referrals. Until now, that is:

SEO Airport Hit 01SEO Airport Hit 02SEO Airport Hit 03SEO Airport Hit 04

Note how the visits supposedly come from around the world. Either a wide variety of traffic headers are being forged or we are looking at a botnet being used to spam.

SEO Airport Hit 05

Using this last one as an example, notice how the browser and operating system aren’t listed. However there are operating systems listed in some of the other hits along with varying screen resolutions. The only constant is the unknown browser with Javascript enabled which makes me suspect a botnet using infected PC’s is being used.

Out of curiosity, I checked out seoairport again using Tor this time around to see if the site had changed at all or had anything something connecting to my blog. Nope! Not a thing. I also checked the blogs you could buy backlinks from and they are just as amateurish as the main site.

It appears this isn’t just a shady enterprise, but possibly a criminal one as well.

December 2014 Update

Seoairport 2014 01Seoairport 2014 02

Well, guess who is back? Seoairport returned with fake referrals at the beginning of the month to annoy Blogger users. They have renovated their web site complete with testimonials and a frame that shows up expecting you to pay them through Paypal. The front page is tweaked to look a little more professional while the spelling still needs work.

As before, what appears to be a botnet is pumping out the fake hits from multiple IP addresses. Please do not visit their web pages!

14 comments:

cathy hunt said...

I also have had some traffic from this site. Thanks for the post. So, can I just ignore it, or it is a problem that they have my url and are using it...distributing it? Is there any action I should take? Thanks!

Patrick D. Boone said...

Cathy - Just ignore it. I just took another look at the site and can't find my URL in its html, though I'm not skilled enough to unpack the javascript used there.

As far as I can tell, they aren't distributing our url's.

Anonymous said...

Oh, this is just too rich!

"Note the spelling errors which indicate an amateur site or that the author is note a native English speaker. The inability to spell “domain” correctly doesn’t exactly inspire confidence in the skills of creator to deliver."

Patrick D. Boone said...

Heh, I need to slow down on some of my more quickly written posts, don't I?

Still, my spelling error, singular, doesn't match the many errors on that site.

Patrick D. Boone said...

Oh and now corrected.

Unknown said...

Hi,

My name is Arvinder Singh and I’m always excited to come across blog which are pleasurable reads. The contents of your blog are quite informative and at the same time unique also. And I must say that you've gained a very good readership out of this.

We have some very informative guides about SEO updates, which I think is somehow similar to the topics you covered in your blog.
Here’s the link: Here’s the link: http://www.seocorporation.net/blog/google-penguin-penalty-recovery.html , if you’d like it then please share it with your readers.

Thanks, and I hope to hear from you soon!

best regards,
Arvinder Singh
SEO Corporation Pvt. Ltd.
http://www.seocorporation.net/
Skype ID: arvinder.seocorporation

Patrick D. Boone said...

Arvinder - That article is an excellent synopsis of what Penguin is about.

I'd add that since it was written, Google has announced they are also going after excessive guest blogging so that it now can trigger a penalty. A discussion of that latest move can be found at http://www.webmasterworld.com/google/4638209.htm

Never a dull day in the SEO business, I expect.

Nyssa The Hobbit said...

I'm getting hits from this site as well, and only just read a Yoast newsletter about the dangers of backlinks.

I have Wordpress.org, with Wordfence Security, so I can simply block all visitors from this referrer.

I also see a couple of hits just in the past half hour, along with a bunch of hacking attempts which have been blocked by Wordfence. I wonder if the hacks and the backlinks are related?

Patrick D. Boone said...

Nyssa - I've seen an upswing in attempts at comment spam during the same time period. If you have the IP numbers of the hacking attempts, you might want to cross reference them with the referral spam IP numbers to see if any match.

If a zombie network of compromised PCs was used to pump the spam, then possibly the same botnet is pushing hack attacks and comment spam for other people.

By the way, those aren't real backlinks, but altered http code to make it look like it came from a link. Briefly explained in a thread at http://trafficplanet.com/index.php?/topic/6924-traffic-from-seoairport/

Nyssa The Hobbit said...

The last batch I looked at, didn't match. But then, they could be using various IPs.

Nyssa The Hobbit said...

I do have a few IPs of visitors from that referral:

72.253.229.204 (Hawaii)
71.93.9.218 (Oregon)
66.91.221.206 (Hawaii)
86.124.253.178 (Romania)

The hacker IPs are gone from my logs now, but they came from Italy.

Patrick D. Boone said...

I've gotten hits from Bistrita,
Bistrita-Nasaud, Romania in that block too (different last 3 digits). In the past seven days IP addresses have traced back to twelve countries and ten states. No sign of Italy, however.

Chook said...

I don't know how they did it? There's an add on my Google adsence list that's got their name on it?!?!


Is it possible they have copied a adsence source code from my site and listed it in their site?


Patrick D. Boone said...

Chook - Am I correct in understanding that in your AdSense stats a click from SEO Airport on one of your ads was reported? Or are their ads showing up on your AdSense?

It is not likely they have your code on their site and are using spoofing to make it only look like they clicked on your site.