How To Stop & Fix An SEO Spambot Site Attack

by | Jan 20, 2022 | Marketing Developers, SEO Search Engine Optimization, Uncategorized | 0 comments

Spambot attacks are on the rise, with 25.6% of all internet traffic coming from a bad bot, and increasingly sophisticated methods are used to circumvent common security measures.

Enterprises and small websites alike must stop SEO spambots from derailing their optimization efforts and causing steep drops in traffic and revenue.

If you’ve been a victim of an attack, you’ll find the steps here to recover and restore your rankings.

You’ll learn about smart prevention and high-level monitoring systems, too.

What Is An SEO Spambot Attack?

SEO spambots are much like the friendly Googlebots that you want to crawl your site. However, instead of indexing your content, these bots will use vulnerabilities to infiltrate your website.


They’re engaging in spamdexing.

Essentially, these spam attacks will use your site in an attempt to rank content that can’t rank otherwise. Bots make hackers a ton of revenue, and their spam tactics cause your site to suffer a significant drop in SEO and revenue.

Additionally, black hat SEO techniques are employed to hide the attack.

A few of the many nefarious things a spambot can do are:

  • Content spam.
  • Content scraping.
  • Credential sniffing.
  • SQL injections to update portions of a site.
  • Link insertions.
  • Redirect generation.
  • Google Analytics referral spam.
  • User-generated content (UGC) spam.

Often, the main goal of spam is to insert links into your website. Hidden links will help boost the hacker’s website and revenue while damaging your site.

We’ve also seen redirects generated to create false URLs that redirect to the hacker’s website.

In each of these cases, the spambot works to leverage the site for its own gain.

Sometimes, display ads are inserted into a site using an SQL injection, but most of these infiltrations are for links or redirects to a website that, in some way, generates revenue.

Recognizing An SEO Spambot Attack

Spambots work diligently to circumvent your normal detection methods. Links are inserted or pages are created with the greatest effort taken to hide them from the site owner.

Sometimes, you’ll find that your CMS has core vulnerabilities, and you’re just another victim of an attack.

However, a few red flags that something may be amiss are:

  • A drop in traffic.
  • Random site pages.
  • GSC warnings.
  • Google Search warnings.

Enterprises and more established websites will have multiple forms of detection, such as:

  • Firewalls.
  • Logging systems.
  • Monitoring systems.

If you’re running WordPress, there are core vulnerabilities that hackers will spot and use to their advantage.

Diagnosing attacks on your site is possible using plugins such as MalCare or Wordfence, both of which add multiple layers of security to your site.

Additionally, you can use Cloudflare to take preventative measures to stop bots in their tracks by using the bot management system.

Step-By-Step Guide To Remedying A Spambot Attack

Remedying a spambot attack requires a few steps that will help you stop the attack and restore your site.

1. Stop Bots From Doing Additional Damage

During the next two steps, your site will remain vulnerable until you determine how the spambot accessed your site and did its damage. Therefore, before scanning your site, you’ll want to put bot protection in place.

Cloudflare’s bot management system uses AI and machine learning to stop bad bots.

The tool will use a three-prong approach to provide real-time protection:

  • Behavioral analysis will be used to detect any traffic anomalies.
  • Machine learning will use billions of data points to accurately detect bots.
  • Fingerprinting will also be utilized to classify bots that have been detected previously.

Rich analytics and logs will add to your site’s security and allow you time to clean up your site.

2. Run A Site Scan To Determine Impacted Pages

Now that your site has a high level of protection in place to stop additional spambot attacks, it’s time to run a scan on your site. We use the word “scan” very broadly because you can:

  • Run an analytics report to see pages where site traffic fell drastically.
  • Run a scan using Screaming Frog or something similar.
  • FTP into your site and scour folders for manually created pages.

You can even go through each page on your site manually, looking at the source code for pages that may have hidden links.

Screaming Frog will also help you find hidden redirects.

If you have logs available, be sure to analyze them to see where traffic is originating and find any pages on the site that may have been created by the bot.

A lot of time will be spent determining what needs to be cleaned up on the site.

3. Find How The Site Was Infiltrated

Secure sites aren’t infiltrated. For the most part, attacks from spambots look for existing vulnerabilities that you didn’t correct. Sites may have been infiltrated due to:

  • Bad plugins.
  • Out of date software.
  • SQL injections.
  • Easy to guess FTP/Admin passwords.

Your first step is to ensure that all of the software and plugins on your site are updated. Old scripts need to be updated, and if you notice scripts that you didn’t create, delete them.

Spambots may leave a script on your server to regain access to your site in the future.

Working with someone to go through your logs and uncover how the attack unfolded is recommended.

You want to patch up these vulnerabilities before going through the following steps. Cloudflare should add an extra layer of protection, too.

4. Clean Up Top Pages First

Cleaning up your site depends on what type of attack occurred. If your site has user-generated pages spam or mass page creation, you’ll need to go through the arduous task of determining which pages are wanted and which aren’t.

You’ll then need to delete these spam-generated pages.

However, you also want to do a few critical things for pages that aren’t generated by spam:

  • Analyze your analytics.
  • Mark pages that are greatly impacted.
  • Start cleaning up your top pages first.

Your revenue-generated pages must be worked on first to help restore their rankings.

When we say “work,” you’ll need to go through all of these pages thoroughly to search for:

Typically, you’ll need to manually clean up and review each page.

Even if a link were simply inserted in the footer of your site, you’d still want to check through all of your pages to ensure that there isn’t something else you’re missing on each page.

Once you’re confident that all of the spam was removed, it’s a waiting game to see what happens to your rankings.

5. Monitor The Site

Monitoring your site should become a part of your daily operations. You’ll want to monitor your site in a few ways:

  • Monitor your rankings and analytics for any changes.
  • Monitor site logs for suspicious activity.

You must pinpoint how the attack occurred and fix the point of entry. However, there are times when the spambot will put a backdoor on your server, go back in and mess everything up – again.

It’s crucial that you continue monitoring your site for any suspicious activity so that you can remedy issues quickly.

6. Optional: Restore From Backup

If you’re very lucky and catch the attack early on, you may be able to restore your site to its previous state using a snapshot. However, if you have new customer orders or data inserted into databases that have been impacted, this method won’t work.

Unfortunately, your backups will still contain the original vulnerabilities that led to a successful attack.

At this point, your best bet is to restore the site using Cloudflare protection and then correct the key vulnerabilities of the attack.

If an attack goes unnoticed for weeks or months, your backups may already be compromised, rendering this solution unusable.

Final Thoughts

Spambots are dangerous because they can go undetected for long periods of time. If a bot slips by and inserts links or content into existing pages, it can quickly ruin your company’s reputation and derail your SEO efforts.

Additionally, these link insertions are often one or two words that are linked to the site, and the text is made to not look like a link.

Identifying an attack of this nature can be extremely difficult.

We’ve also seen spambots generate thousands of pages on a site, using physical files, so the new posts never appear in a CMS dashboard.

Clearing out spam at this level took two full months, so there was significant damage to the client’s website.

Stopping an SEO spambot attack requires attention to detail and intensive monitoring. Cloudflare is a good option along with multiple levels of firewalls, logging, and monitoring systems to thwart spambot attacks.

You’ll also want to consider user controls and access and work on other ways to harden your website’s server.

More resources:

Featured Image: Tatiana Shepeleva/Shutterstock

Source link

Three Key Facebook Metrics to Understand Ad Performance

Three Key Facebook Metrics to Understand Ad Performance

My fellow digital marketers – before we talk about Facebook performance metrics, please complete this short survey. Question: Why do you create new Facebook ads?A. Out of pure habit.B. Our creative team never has enough work to do.C. Because ABT – “Always Be Testing”...

14 Strategies to Promote Your Business Through PPC

14 Strategies to Promote Your Business Through PPC

Are you getting low-quality traffic through your PPC campaigns?  Are fraud clicks draining your revenue from the PPC? Is your return on investment on PPC not as expected?  Even though PPC advertising is an integral part of an effective marketing strategy, poor tactics...

Use Customer Lifetime Value to Find More of Your Best Customers

With new privacy rules continually changing the landscape of third-party data, brands are increasingly becoming more focused on understanding their current customers in order to make more sophisticated marketing decisions. One approach to this is utilizing customer...

Tips for Optimizing a Localized PPC Account

Tips for Optimizing a Localized PPC Account

Before jumping into the components of a local PPC account and why it matters, we should first define what constitutes a local PPC account. The basic definition is that it targets customers within a specific region. The strategy for localized PPC specifically involves...

How Automation Hurts Rank, And How to Fix It

Imagine you are offered an opportunity to have control of all the creative, copy, and budget in your Google Ads account (or your paid media platform of choice) put in the hands of an anonymous six-year-old user. Each day, you are allowed to tell them whether they...

Content Marketing and PPC Advertising: Better Together

Content Marketing and PPC Advertising: Better Together

While some businesses invest solely in one type of advertising and marketing, like social media, others thrive by seamlessly combining multiple strategies, like content marketing and pay-per-click (PPC) advertising. Both of these methods can give a boost to your...

Pricing Plans

MediaQuad Membership Levels

Select one of the 8 plans below that best fits your needs.


Why wouldn't I just hire a full-time marketing team?

Great question! Hiring a full-time marketing team can be costly, with salaries and benefits easily exceeding $500,000 per year. Plus, you may not always have enough work to keep them busy, leading to wasted resources.

With MediaQuad’s subscription model, you can scale up or down as needed, ensuring you’re only paying for the services you need.


Is there a limit to how many requests I can have?

Once subscribed, you’re able to add as many marketing and web development requests to your queue as you’d like, and they will be delivered one by one unless you are on the Enterprise plan.

How fast will I receive my marketing deliverables?

On average, most requests are completed in just a few days. However, more complex requests can take longer.


Who are the marketers and developers?

MediaQuad is a team of experienced marketing and web development professionals. You’ll be working directly with our team, ensuring consistent, high-quality results.

How do I pause my subscription?

We understand you may not have enough marketing and web development work to fill up every month. That’s where pausing your subscription comes in handy. You can pause and resume your subscription as often as you need to ensure you’re only paying when you have work available for that month.

What software do you use?

We use a variety of industry-standard tools and software. If you use it, we probably have or currently use it too. Seriously, this is what we do everyday.

How do I request marketing and web development services?

MediaQuad offers a ton of flexibility in how you request services. You can request directly via our platform, share Google docs or wireframes, or even record a brief video. If it can be linked to or shared in our platform, it’s fair game.

What if I don't like the deliverable?

No problem! We’ll continue to revise the deliverable until you’re 100% satisfied.

What if I only have a single request?

That’s fine. You paid for a month’s worth of work, so don’t throw it away. Remember to submit a pause email or pause task in Trello. We’ll note how many business days you have left in your month, and you can come back when you need more marketing or web development services.

Are there any refunds if I don't like the service?

Due to the high-quality nature of our work, we do not issue refunds. However, we’re committed to ensuring your satisfaction and will work with you to address any concerns.

Need to talk first?

Schedule a call

Learn more about how MediaQuad works and how we can serve you.