1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Negative SEO Attack Using Google

Discussion in 'Black Hat SEO' started by validseo, Mar 11, 2014.

  1. validseo

    validseo Power Member

    Joined:
    Jul 17, 2013
    Messages:
    594
    Likes Received:
    289
    Occupation:
    Professional SEO
    Location:
    Seattle, Wa
    Someone has started using this attack against my sites. It is quite effective at killing my organic revenue from Google Web Search... hopefully Google will close this one up fast.

    The way it works is that the attacker does a brute force DOS on the web server (leaving connections open and swamping the server socket on port 80) while googlebot is crawling the site. Googlebot marks nearly all the pages as 404 or 500 errors in webmaster tools. Then Google pulls all the failed pages out of the search results.

    I know. I know... How do they know when googlebot is crawling my site? This only works if it happens while googlebot is crawling the site. They monitor my URLs in the google cache and as soon as one updates a timestamp they know googlebot is on the site.

    It took me forever to connect the dots that the DOS attacks that only last about 1-2 hours every 2-3 weeks only impact organic traffic from google... I should have caught that sooner, but heck... I didn't expect google to leave huge gaping flaws like this open for exploitation. The effect is 5+ days of totally crippled organic traffic from Google.

    I don't know what keywords they are targetting but I am guessing that when I fall out of the SERPs someone else is moving up by default. Then they just repeat as needed until they get to where they want to be.
     
    • Thanks Thanks x 1
    Last edited: Mar 11, 2014
  2. GuJJuFreak

    GuJJuFreak Registered Member

    Joined:
    Dec 21, 2013
    Messages:
    84
    Likes Received:
    15
    Location:
    Mother Earth
    Home Page:
    What hosting are you using?
     
  3. validseo

    validseo Power Member

    Joined:
    Jul 17, 2013
    Messages:
    594
    Likes Received:
    289
    Occupation:
    Professional SEO
    Location:
    Seattle, Wa
    We have a rack of servers on an OC3... We'd need to get a BigIP balancer (or similar) to thwart this kind of attack... We'd need to spend $50K to prevent $3-5K per month in losses... Google should not update the public cache pages until the day after.
     
  4. TrevorB

    TrevorB Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 21, 2011
    Messages:
    1,185
    Likes Received:
    361
    Location:
    Canada
    Man people will do just about anything. Do they have nothing better to do than screw with others?
     
  5. prab1996

    prab1996 Elite Member

    Joined:
    Jan 8, 2013
    Messages:
    3,496
    Likes Received:
    2,027
    Occupation:
    your gf's <3 ♥♥♥♥
    Location:
    Prab1996.com
    Home Page:
    get a cache service like "MaxCDN".

    you'r site will become better.

    (there are many services like cloudflare etc etc )
    -=-
     
  6. validseo

    validseo Power Member

    Joined:
    Jul 17, 2013
    Messages:
    594
    Likes Received:
    289
    Occupation:
    Professional SEO
    Location:
    Seattle, Wa
    Already have most assets hosted on amazon's CDN... the problem is that you can easily swamp a server socket by using code that doesn't close or timeout the connection. Only takes a single computer to do it... need special stuff to identify attacks like this and stop them before impacting the web server's ability to respond. We handle loads of millions of visitors per day normally. DOS attacks are totally different problem.

    The DOS doesn't ever request CDN assets. It only targets our web server.

    Update: Looked at both MaxCDN and cloudflare two minutes ago... the service level needed on both for my sites is around $5k/month ... so going that route would still cost over $50k/year to solve this.

    The real solution is that google needs to not tip off when googlebot is crawling a site.
     
    Last edited: Mar 11, 2014
  7. kbklash

    kbklash Senior Member

    Joined:
    Jun 2, 2012
    Messages:
    1,140
    Likes Received:
    449
    Location:
    in my BMW to my BHW
    Home Page:
    Oh.That's really horrible you are facing there.is there anyway you'd close that gap within your server ?Better talk to your hosting provider to offer you DDOS or Dos Attack protection.Its always paid options and the free strategy is using cloudflare nameserver for your site.If the attack happens again then you might wanna get protection service providers like Vistnet.
     
  8. citizenx28

    citizenx28 Regular Member

    Joined:
    Jan 24, 2009
    Messages:
    395
    Likes Received:
    233
    seriously people who does all these negative stuffs should end up in some fucking mental hospital.
    can't believe they spend so much time on how to screw other's website rather than working on their own website.
     
  9. TryOG

    TryOG Newbie

    Joined:
    Feb 19, 2014
    Messages:
    16
    Likes Received:
    10
    Wasn't there a way to turn off Google cache?

    (So the attackers don't know when the bots are crawling.)

    Maybe adding this to your page could disable it:

    <META NAME="ROBOTS" CONTENT="NOARCHIVE" />
     
    Last edited: Mar 11, 2014
  10. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,834
    Likes Received:
    7,450
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    There are anti-ddos services out there, I believe Cloudflare is a popular choice.
     
  11. validseo

    validseo Power Member

    Joined:
    Jul 17, 2013
    Messages:
    594
    Likes Received:
    289
    Occupation:
    Professional SEO
    Location:
    Seattle, Wa
    This might be the best option... I've read that Bing starts complaining if you add this. Google claims it is safe to use:

    https://support.google.com/webmasters/answer/35256?hl=en

    I like the price... and there is no value to me for google offering cached copies of my pages.
     
  12. TheUnborn

    TheUnborn Elite Member

    Joined:
    Feb 21, 2013
    Messages:
    3,041
    Likes Received:
    1,672
    Occupation:
    SEO Consultant
    Home Page:
    Very sorry to hear that and pissed off with all these NSEO bastards,hope you find a solution fast.
     
  13. Calum Jones

    Calum Jones Regular Member

    Joined:
    Jul 10, 2013
    Messages:
    200
    Likes Received:
    35
    It makes me really angry that people out there actually bother doing this. It's no different from walking into a family-run store and burning it to the ground. You completely screw up somebody's life and income, your actions may prevent them from feeding their family. Well done, you'll get your come uppance one day.

    Just the other day some c**t in Ukraine was trying to hack into my website. Wordfence gave me the heads up so I put a perma-block on his IP but dickheads like that don't give up he'll be back in a few days with more brute forcers and f*ck knows what else to try and destroy my financial stability in life so he can make $5 more each month on his nonsencical website before it gets rightfully de-indexed for being utter sh*t.

    Only a truly talentless dickhead would have to turn to destroying his 10 competitor's sites and income because his is too crap to actually get any ranking. Is it not bad enough that we have to fear Google algorithm updates? Now we have to fear malicious evil b*stards too?
     
    Last edited: Mar 11, 2014