Did this attack use click farms and is it something new?

by Gary Robertson   Last Updated May 10, 2019 11:04 AM

I do a lot of work for a company in a very competitive legal services niche in the UK. Its website does well on search engines because of a healthy (and white hat) backlinks profile and content by a professional writer. The website recently suffered a very successful attack that some SEO experts claim is impossible.

The website was cloned, the company name changed and contact details replaced with non-existent ones. The clone was then made to appear well above the real site on search results for the keywords we target, in many cases removing it completely. In effect it was a denial of service attack, almost certainly ordered by a competitor.

Bizarrely, on the clone site all the names on the staff page were changed.

Facts:

  • AHRefs and other backlink tools reported no backlinks to the clone site.
  • AHRefs and other backlink tools did not report any spam links to the real site.
  • Searches (and Copyscape) found only one other clone. This second site (on a different host) did not do well for key search terms. It did not look to have been promoted on search engines. The second site didn’t have any backlinks either. It looked like the first site had been derived from the second, because the second still had the real staff names.
  • The site has been in more or less continuous operation since 2014. It was very rarely down and when it was, it was for no more than a couple of hours. It had not been down in the weeks leading up to the attack.
  • The site loads reasonably fast (Django on a Linode VPS running Linux) and it did not appear that anybody had been trying to slow it down.

I have written an article for a general readership, Fake copies of our website made us disappear from Google search, about what happened during the attack and what I did about it. I would like to add further tips for prevention and cure.

My working hypothesis is that the attack worked because it used click farming. However, I am a white hat kind of guy so I know very little about the black hat world.

I cannot find anybody on the Internet who has had this exact form of attack. I would really appreciate help with this before any next attempt.



Related Questions


Updated July 29, 2017 00:04 AM

Updated July 07, 2017 01:04 AM

Updated February 26, 2016 01:01 AM

Updated May 28, 2016 08:01 AM

Updated March 12, 2019 22:04 PM