black hat

Getting Hacked: A Cautionary Tale

If you’ve been in the IT industry for a few years, then you’ve had the wonderful experience of dealing with hackers. Whether it’s a small, simple hack into your theme to mess with your links to a larger infiltration to takeover your website, hacks are a common occurrence and one every website faces. ChocolateSEO is no different. Although we’ve been safe since our inception in 2012, our strong run was marred recently by a mid-level hack that crashed our hosting and lead to the hackers being able to verify ownership of C.SEO in Google Search Console. There are different types of attacks, Denial of Service (DoS), PHP injection,  brute force, and many others. For us, the attack started with a PHP injection following brute force attacks on our login screen. The goal was to erase any existing content, setup aliases to spam URLs using “” and submit a faulty sitemap to Google using the ChocolateSEO’s Google Search Console account. The “fake” sitemap contained over 1,000 spam URLs and was very well formatted. Real slick there smooth… By having the GSC setup properly, we were alerted immediately that someone had been verified as an owner of the account (using an HTML file). As no one else was recently added to the staff, this was a very red flag. Not to mention the email,, being unfamiliar to the team. However, scouring the site, we couldn’t find any files matching the HTML file used to verify this gmail address. Once we finished chatting with the hosting company and pulling server logs, changing all MySQL and website passwords; our co-founder, Savannah, was able to locate this wonderful little code in our blog header PHP file. In short, this cool but evil little code generates a page dynamically to match any verification page Google may request. The dark side of PHP… Now, the issue was that when we evaluated files, the modification dates on the files hadn’t been changed recently, so our first scans missed this change in our core file. After consulting sites like, SecurityWeek and Sucuri, we needed a solution that would check the website (and our clients’ sites) against the known repository versus checking the last modification dates. The solution we chose was WordFence based on the recommendations of a few good friends of C.SEO. The Wrapper Everyone knows that WP and PHP have their weak points, but offer a lot of great functionality. Eventually, we all hit snags like this. Being prepared and having some type of prevention are always a necessity in the IT world. For most websites, high-level encryption, RSA tokens, and secondary-verification may be a bit of overkill. But, having strong passwords, regular backups, file version controls, and programs that block login page attacks are all easy ways to avoid issues like the one we faced this past week. And to the blackhaters… use your powers for good. Not sure if they are really based in China, but according to Whois, they are, and they are just trying to make a yen–but there are better ways to do that then attacking little guys trying to make an honest...

Read More

The ‘New’ Black Hat Tactic for Negative SEO: Complaints

You may be interested to learn that there is such a thing as negative SEO. Along with black hat techniques, there are techniques competitors *may* use to influence your rankings; and not in a good way. Before getting into that, it should be noted that it is always, always, ALWAYS more worthwhile to invest in your own assets and optimization rather than waste time working on attacking your competition in some of the ways listed below or engaging in black hat tactics. The results are often short lived, time consuming and frankly, a waste of resources. Black Hat SEO Black hat for the uninitiated is the use of techniques that violate Google, Bing, Yahoo and other web indexes’ (and some social networks’) quality guidelines but offer limited improvements in rankings. In the past this may have been the oh-so-popular keyword stuffing; in which webmasters would fill the keyword tag (deprecated, please ignore) with their target keywords and variations. Or the popular, circa 2002, block of exact-match links in the footer. Often with a color profile to match the background. Prior to Panda, it was cloaking and link wheels/circles that were the trick. In these schemes, ranking manipulation would come by means of serving search engine robots one set or type of content while offering users something different (cloaking). There is some debate about what cloaking in 2013 looks like but that is another debate all together. Link wheels and link networks (circles) were used to provide instantaneous or quick value to website via blog, micro-sites or similar web properties that would point to either a target website or a tertiary site that would then pass on the gathered value to yet another site. This was particularly hard to catch because the networks often contained some valuable information or maintained ‘quality’ in the eyes of engine robots. I mentioned some of the details of how Google handled these in this previous post. Negative SEO For obvious reasons, you can see why it is called black hat. It’s the dark side of the Force. However, there is another element that some businesses have begun to investigate as a method for handling ‘complicated’ situations. Instead of tempting fate by trying to game the search engines using one’s own site, why not attack your competitor(s); either indirectly or via some hidden method? This is the essence of negative SEO. These types of stupid business practices have existed, and been practiced by some, for a while. My first experience with this was in handling negative press releases (remember when those were great for SEO?!) published via, and a few others. On the PPC side there is click fraud. I, and many others, have experienced click fraud. Click fraud is seen when you or an agency is running some type of paid campaign and receive an abnormal amount of clicks on your ad(s). Google got wise to these attacks early on and often ignored the clicks after a while, if certain conditions were met, resulting in a refund of the click or impression charge. This type of attack impacts not only the funds in a campaign, but if unchecked, it can impact the quality score; all of which will make it harder for your true audience to see you. While working on some of our clients’ sites and checking the index statuses recently, I started noticing slips in the number of indexed pages. Upon further investigation, I found this notice at the bottom of a search for one of the keyword phrases: The first link takes you to Google’s view of the Digital...

Read More