Categories
Application Security IT Security Outsourced IT Websites

Spamdexing

What is Spamdexing?

Spamdexing is a spam technique that you have likely encountered, but perhaps did not know there was a term for. Spamdexing, or SEO spam malware, refers to techniques employed by some web designers and web marketers aimed at fooling search engine indexing programs with the objective of ensuring that their website appears at or near the top of the search engine results list. There are many types of SEO spam:

Links. This is a very common type of SEO spam where keywords boost a link up in the search engine results list, even when the links returned are to websites that appear to have nothing to do with the search query. For example, a search for “chocolate” returns many results at the top of the page that mention “chocolate”, but the URLs are not from chocolate-related websites.

Keyword stuffing. With keyword stuffing or word stuffing, descriptive words are embedded onto a page dozens or hundreds of times, tricking search engines into thinking they are a credible site. The words may be invisible to the human eye, using methods such as white fonts on white backgrounds.

Banner ads. Banner ads or calls to action (CTAs) can be manipulated or replaced by cyberattackers to drive traffic to a malicious website. This method can be effective because CTAs are likely to be clicked on by users who have already decided to take that action and may not even question why the banner ad/CTA was where it was.

Posts and pages. Cyberattackers can create and optimize entire web pages dedicated to getting ranked for a particular search term.

Follow these best practices to protect yourself from SEO spam:

Keep applications up to date. Ensure that updates are regularly installed in order to have the latest patches and security threat prevention strategies on board.

Create strong passwords. Create passwords that are difficult enough to challenge a credential stuffing bot.

Scan regularly. You may not immediately know when you have an SEO spam infection. The longer that cyberattackers have access to your web page, the more damage that they can do. Regular scans help you to detect breaches before they escalate.

Firewalls. Use a web application firewall for your website, as it will protect you with updated threat detection and will also speed up your website’s loading times.

Keep aware of potential SEO spam infections by monitoring incoming search referrals in Google Analytics. If you see that unrelated search terms are creating an influx of traffic, or if Google notifies you that web browsers are triggering security warnings for your website, this may indicate that you have an SEO spam infection.