What Is SEO Spam And Cloaking?

Published 30 April 2021
Updated 18 July 2023
Agnes Talalaev
SEO wizard at Patchstack
Table of Contents

This article will help you to understand what is SEO spam and cloaking. It will also give you simple instructions on how to check if your site has been hacked in terms of it being infected with SEO spam.

What is SEO spam?

When a website has been compromised by an attacker, the attacker can create sub-pages and hide links and keywords into the source code of your site. SEO injection can be executed because of software vulnerabilities, outdated plugin or theme vulnerabilities and obviously when your admin user password is "admin" or something equally poor and easy to guess.

What is cloaking?

Cloaking is a search engine optimization technique in which - the content presented to the search engine spider is manipulated. The content presented to the user’s browser is different from the content that is presented to the search engine.

How to check if your site has SEO spam?

1. Go to Google search
2. Write site:mywebsite.com intext:canadian pharma (Do not leave spaces between the site and colon and intext and colon.)
3. See if the results show content on your website that you don't recognize.

Why does Google not like cloaking?

Cloaking is considered a violation because it provides users with different results than they expected. If a site gets hacked, it is actually not uncommon for the hacker to use cloaking as a tool to keep the hack hidden and harder to find.

Businesses are using SEO to generate traffic to their sites to increase revenue and sign-ups. Unfortunately, it can also be used for malicious or less ethical purposes - cloaking and SEO spam.

As you try to use SEO to bring traffic to your site, ill-intentioned hackers do the same.

But why are they using your site? Since they sell illegal products or services, their sites would be taken down pretty fast. No site means no business.

There are a lot of outdated and not-so-well-protected websites on the web, which can be easily harvested by ill-intentioned hackers. As seen on the screenshot below, these hackers are using websites to redirect traffic to very shady places.

seo spam
Sites redirecting traffic to an illegal drug store.

These websites listed are not actually in the business of selling viagra or any of the drugs mentioned. One of those is supposed to sell brand shoes, one is providing business consulting services.

How do they get their links and info on your site and why are they doing it? Let's find out.

What is SEO spam?

SEO spam is probably the most popular way to gain financial profit by hacking your website.

SEO injection can be executed because of software vulnerabilities, outdated plugins, or theme vulnerabilities, and obviously when your admin user password is "admin" or something equally poor and easy to guess.

seo spam

When a website has been compromised by an attacker, the attacker can create sub-pages and hide links and keywords into the source code of your site.

By using cloaking they make it invisible for you to see, but accessible to the search engine bot to list all of them to search engine results.

What is cloaking?

Under SEO spam goes cloaking, which is considered as a part of Black Hat SEO. Black hat SEO is a way to trick Google into giving your site a better ranking by manipulating the ranking algorithms.

It is a search engine optimization technique in which - the content presented to the search engine spider is manipulated.  The content presented to the user’s browser is different from the content that is presented to the search engine.

It's essentially showing different content to users than to Google bot. Imagine yourself going to Google and looking for a page. This is something that Google bot is doing as well.

In a good example, the user and Google bot get the same results - they perform the search and end up getting the same information.

SEO Spam

Cloaking, on the other hand, is when you and the bot see different content. It is a definite violation of Google Quality Guidelines, and for that, it is hidden from the bot.

The purpose of cloaking is sometimes to deceive search engines so they display the page when it would not otherwise be displayed. For example, cloaking can be done by delivering content based on the IP addresses or the user-agent header of the user who is visiting the site.

Different methods of cloaking

There are different methods of cloaking. We have listed some of them below.

Referrer cloaking

A way of redirecting from one content to another. Individuals or in this case hackers use it to redirect traffic from the site where the SEO spam is placed on the site they want people to end up with.

IP cloaking

It is the process of a web server delivering a specific website or changed content based on the visitors IP address.

User-agent cloaking

It is similar to IP cloaking, the cloaking script compares the User-Agent text string which is sent when a page is requested.

https://patchstack.com/wp-content/uploads/2021/04/seo-spam.mov

JS cloaking

Users with JavaScript-enabled browsers are shown in one version while users with JavaScript turned off (like search engines) are shown another version of a website.

HTTP Accept-language header cloaking

It may be used to show different versions of a website based on a user's web browser language without letting them for an option of language selection.

(source)

Why does Google not like cloaking?

Cloaking is considered a violation because it provides users with different results than they expected. If a site gets hacked, it is actually not uncommon for the hacker to use cloaking as a tool to keep the hack hidden and harder to find.

When we talk about SEO, there are some misconceptions about white hat SEO too. White hat SEO is a good thing, but white hat cloaking is not considered a good practice. There is no such thing as a white hat cloaking. Cloaking in its essence is a bad thing.

WP-VCD Malware hacked website

As a web security company, we have seen thousands of cloaking incidents over the years. To highlight some - kindergarten sites selling viagra, school sites selling fake designer bags and some sites that unknowingly sell essay writing services.

Since cloaking is made to be invisible for the user, in many cases it has been on a site for a long time. Until Google notices it and adds the site to a Google blacklist.

How to check if your site has SEO spam?

Here is an example of how you can check it out for your site.

seo spam

  1. Go to Google search
  2. Write site:mywebsite.com intext:canadian pharma (Do not leave spaces between the site and colon and intext and colon.)
  3. See if the results show content on your website that you don't recognize.

Another intext: example searches you can try are (yes, they look silly):

  • intext:viagra
  • intext:cialis
  • intext:designer clothes
  • intext:canadian pharma
  • intext:sexual function
  • intext:erectile dysfunction

You can also just Google site:.com intext:viagra or site:.de intext:cialis or site:.eu indext:canadian pharma.

Basically you can do a search for whatever your country domain name code is + intext search and take a look.

To sum it up

If you have been infected with SEO spam it is important to act fast and get the site cleaned. The time urgency comes to play because the longer your site is hacked the bigger the chance is to get blacklisted.

When a site gets blacklisted it won't show up in search results. That can result in revenue loss, traffic loss and reputation loss.

The cleanup can take some time, but with the help of a professional, you can be sure that the site is cleaned and protected.
If you need any help Patchstack security professionals would be happy to assist.

Contact us via our live support on our website.

The latest in Security Advice

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu