The Real BlackHat SEO – (EEGReport Magazine – Issue 4 – October 2016 – January 2017)


BlackHat SEO

BlackHat SEO is the process by which you manipulate elements on a website that you believe, or were told, can actually affect your positions with search engine rankings like Google. This is also known as SEO, Search Engine Optimisation, GreyHat, and yes…WhiteHat. In fact, Wikipedia says…”black hat SEO refers to the use of aggressive SEO strategies, techniques and tactics that focus only on search engines and not a human audience” . Have you asked for, bought or posted a single link on a directory ever?… then you my friend are a BlackHat.

I have always tried to deliver information that Affiliates and Operators could put to use rather than twist the information into a ‘why you should hire Vanguard to do it’ thing. I’ve been heavily criticized for authoring many articles and conference sessions on BlackHat and teaching many of these techniques. Do I teach how to hack a WordPress site? No. But can we? You better believe it. Wanna know how to run a constant DDOS attack or get a website de-indexed? I don’t go that far because there’s always that one nefarious individual that will use it for the opposite reason I talk about it so openly. You need to know what these guys are doing in order to identify and/or protect your income. So this personal opinion of mine has obviously given critics a reason to bitch and complain.

Two problems I have with this criticism; Problem 1. I started as an Affiliate 20 yrs ago so I know how difficult it can be. Knowing what the competition may be doing to hurt your income and having the ability to protect yourself should be a no-brainer. If you know what they are doing or may do in the future, you can protect yourself and be proactive about it. Like the saying goes, ‘I’d rather have it and not need it than need it and not have it’. Problem 2. I just don’t care what they think. Honestly. The big guys pay me the big bucks for the same stuff I give away to any Affiliate for free. The difference is I do the work for the big guys and Affiliates do the work themselves. I can do this because typically the big guys have a ‘no brandbidding clause’ in their Affiliate agreement. This doesn’t mean your competition/fellow affiliate isn’t targeting your website. It also doesn’t mean I can’t monitor your new domain purchases and scoop your .net and .org or a ccTLD and hold you hostage or rank better than you for your brand and become an Affiliate. We’ll talk more about that later.

The fact is that if you do ANYTHING to increase your rankings you are essentially qualifying for BlackHat status. At least that’s they way the people doing this type of BlackHat feel about it. So when I write about BlackHat techniques I’m not referring to DDOS attacks, Spoofing or Trojan viruses, I am referring to the type of rank manipulation, or BlackHat, that anyone can do; A competitor, an upset client or an ex-employee that you fired.

The Real World BlackHat Effect

A study done by Harvard University found that a single review on Yelp can affect your yearly income by 10%. Another showed that 80% of all online shoppers did their homework online. This was regardless of whether they actually bought it online or in the brick-and-mortar or offline store. One of the most seemingly “clean” dating sites eHarmony, has over 1000 negative reviews on Yelp alone. In fact I think it’s closer to 2000 than 1000 now. Are these a few of the hundreds of other dating websites that they compete with doing aggressive BlackHat? Or is eHarmony actually doing something to cause these?

The fact is that there are many reasons, from auto-pay issues to fake profiles. Every dating site has them. It’s Inherent. Just like having cheats in online gambling, or Amazon con games you can find step-by-step instructions for on the Dark Net.

Websites like and can be used for this, and many other services are available that can hurt your websites rankings and reputation. This is Real World BlackHat. And anyone can do it. What I have written this article for, (and the reason it’s my main topic of discussion on several sessions I have given and will be giving at Dating and Gaming conferences this year) is this: As a an SEO Company that specializes in Reputation Management we have seen these tactics becoming more common and more successful. You have two choices: you can be proactive or reactive. One is much more expensive. Guess which one?

I am going to tell you about the most popular tactics such as manipulating review websites and lesser used tactics, although very effective, such as subdomain and subdirectory attacks. I deal with mainly Dating and Casino sites and trust me, there is nothing more motivating for someone than a broken heart or empty wallet. These guys will stop at nothing to feel vindicated. Beyond those types of negative content, your competitor is responsible for the other 40%, and will likely not give up as long as they can afford a hundred bucks a month or so.

Then I am going to tell you how you can combat these attacks when, not if, they happen. And also how the right prevention tactics can immunize your websites, and is well worth the investment.

Brand-Bashing Still Works

Fifteen years ago I had a moving company trash a solid oak bedroom set I had. They refused to pay. In 3 days I ranked #1 for their company name. I sent them a link. Then I sent them an email and the replacement cost. I received the replacement check in the mail two days later and removed the page. Sorted. So in some cases the internet is a useful consumer tool that has put the power back in our hands. I mean how many times has a business truly just ripped you off?

The problem is that as an Affiliate you have competition, as an Operator you have competition and Affiliates to contend with, and heaven forbid you have a well-branded company because it’s open season on you guys. You are tasked with dominating the top 10-20 search results for your brand or become a part of that 10% statistic.

Reduce your traffic and revenue by 10% then factor that into a lifetime value…what is that figure compounded over a year, because as people see this they will link to it and then it starts gaining ranking positions. The ludicrous point I will make here is that many companies spend money for CRM and Social Media, but they spend nothing on proactive Brand Protection or reactive Reputation Management. In many cases they have absolutely zero Engagement as well.

Most Brand-Bashing is a result of an unhappy customer that can be made happy

The Real Estate

It is all about the Real Estate. Those top ten positions on Google, Yandex or Baidu for your brand or your website. Every position that you do not hold costs you more money. If you are not in Google’s top 3 organic results then you are not syndicated across their network partner sites that use these top 3 results for an extra revenue source, and then the rest from their database or another third party that pays them to list their results. If you are not in the syndicated search results then you miss out on traffic from sites like AOL that has double the conversion rate of anyone, MSNBC, iWon, and so on. All these search engines are in Google’s syndication network.

80% of buyers are window shopping your site online before they become a depositor/buyer/client. Almost the same number (80%) represents the number of these tire-kickers that actually use what they found online in their decision making process. I know this to be true because that’s what I do, and I buy almost everything online due to living on a tiny island called Gozo in the middle of the Mediterranean. My team did the research and I don’t care who you are, whether it’s Gaming or Dating, you have a negative review or some ugly content that can be found right now. It may be on a subdirectory, subdomain, review site, forum or hate-site, but I assure you it is there and we were able to find it. We searched the top 100 Gaming and 100 Dating sites on Google and we were able to find negative reviews for every one of them. Some are not ranking in the top 10 or even the top 50, but they are there, and because they are there means I could buy 10 link wheels for $50 or just buy a few decent links and that little gem could rocket to the front page if there are not stronger pages in place.

The Cost

I won’t delve on this too much…because it hurts too much to hear or see. But these are the real world costs associated with negative content;

  • Payroll – what it costs to be reactive and pay staff to handle negative sentiment rather than spend their

valuable time proactively creating positive sentiment and a game plan for engagement and retention.

  • Payoffs – Yes, believe it or not everything has a price. Many clients have elected to offer a payoff or

return what this person spent. It’s just the cheapest and quickest way out in some costly circumstances.

Especially the incidents where you are guilty. These types will never quit.

  • Repeat Offenders – They did it once. What says they can’t create a new Gmail account and repeat

whatever they did before and hold you hostage again? Oh, but this time you have to pay in Bitcoin so

you can’t track them and know it’s the same person. Rinse. Repeat.

  • DMCA – Digital Millennium Copyright Act – 1996 saw this ‘Supermarket Turtle” poke it’s head out, ready

for action. It can protect you against some of these negative tactics, but besides the average 2 months

it takes to get it removed, there’s also the time and money it takes to enforce it by your staff. And it’s a

US law which can create further problems.

  • Legal – The last option and most expensive result. Most of the guys using Real World BlackHat know

that getting a ‘Lawyer Letter’ means nothing. At best it means they got your attention and they become

even more motivated. It the worst cases it could even mean litigation or case filing costs, etc.

And drumroll please….the top reason being reactive rather than proactive is so expensive?

The Real Estate. Remember the 10% rule; One negative review in the top 10 results = 10% less revenue.

Over time this will snowball and then you get two pages/websites in the top 10, then three. Everything

is about protecting your real estate.

The Tactics

Besides the obvious places negative content can end up in search results on such sites as Facebook

Pages, G+ and 40+ other Social Media websites, there are a dozen other techniques that anyone can do.

They can learn how to do it themselves on YouTube or they can pay someone to do it for them. These are the same guys that email you about getting you to the top of Google for $500. The only difference is they can actually do this. Here are the most common techniques that we are seeing industry-wide that are being used to steal your top 10 real estate:

Subdomain Hijacking/Injection – I have a well-ranked site out of my network of 13,000 that targets your niche and I add a subdomain. Then I host it on a server in your target geographic region and start building links on some of my other sites using your brand as anchor text, or not. It doesn’t matter. I rank top 10 for your brand or website. An even more seriously nasty tactic that is used along with the next one (WordPress Hacking) and is when these guys find a WP security hole and exploit 100k sites running an outdated version of WP or a certain plugin, and then through this newly created back-end access they add a hidden page that the website owner never sees, but the Search Engine Spiders can see them. These can actually rank for your brand.

WordPress Hacking – Probably one of the easiest things to learn in terms of ‘actual’ hacking and can be found all over YouTube. Every time there is a WordPress update or one of the 15 ‘really cool’ plugins that makes your site so cool and unique is updated, they can leave a gaping hole. They will take the easily obtained plugin code and place it side-by-side with the code for the old plugin, note the differences and employ a good WP guy to find a vulnerability. From here you can get into the site and change or delete pages, add a noindex command and get purged from search results completely, or various other invisible ‘upgrades”.

Subdirectory Hijacking – There are dozens of people that are the equivalent of website hitmen, and they are more than willing to sell their services. One of them that I found out about in Poland can take a 50,000 website-strong network and inject 50,000 pages of scraped and scrambled content and put your brand/ website on a new optimized subdirectory page on their websites. No link, just your brand/website in the content and the URL. After doing a brand search for the client we saw 30 of these pages ranking in the top 100 results on Google worldwide and on all their data centers.

Negative Link Buys – Everyone knows you can buy good links, well, let’s just call them ‘links’, but you can also buy bad links. Earlier I mentioned buying 10 link wheels on Fiverr. This will cost you $50. You can imagine the state of the websites your link will get posted on. Or I can use SEOMoz or Ahrefs and get a trust rank comparison and just choose the de-indexed, penalized or porn sites to post a link to you or the ranking page you have in the search results that I want gone.

Hate-Site Creation – Beyond using the above tactic, anyone can buy a domain (with or without your brand/website in the URL), host it and have a WordPress theme installed for under $50 complete and ready-to-roll. Done correctly this site can rank for your brand/keyword/domain, especially if you do not have other pages within this real estate that out-perform this new hate-site.

Startup Hijacking – I mentioned this earlier, now I’ll explain it. You spend your time and money obtaining all that’s required to get an Operators license and open a casino. Or your an Affiliate that is going to market your site that reviews one of these niches. You buy or (as an Affiliate of 20 years I assure you this worked then and it works now). You can use one of many free tools available to target keywords like ‘Dating’ or ‘Casino’. DomainTools will email me whenever someone buys a domain with one of these keywords in the URL. I setup a domain sniper that will automatically buy these domains for a few dollars. Now I own or any extension that is available. We see ccTLD’s like .info, .co and .tech all over the top 10. And if they get the Facebook crowd confused over who is who, you might even lose a large number of followers or end up paying an Affiliate for that traffic. Facebook draws 10x the traffic as Google Adwords for the same cost. Conversions are about the same though, but so is the cost and you also have Likes, Followers, Groups, etc. that it builds as well.

At this point I can 301 (redirect) from these URL’s to my money-site. When the time comes I can reverse the redirect and push the new TLD’s or ccTLD’s up. Or, I can add a subdirectory or a subdomain to a good existing website on a page I create targeting your site/brand. Then use a 301 redirect to the new domain and pass on the link juice. I can also just build a entirely new site in a day and start pointing links at it and doing advanced SEO. This site will target your newly purchased brand/domain. So by the time your dev guys get the platform, customize it and actually are able to launch it, I already rank for it. Now comes the meaning of the term “CyberSquatter”, or “Super Affiliate”, or worse, you are an existing company that pissed me off and I monitored WhoIs domain name purchasers and get notified that you bought and I do the same thing as above, but this time I start posting negative content.

Automated Tools and BlackHat Networks – I mentioned subdomain and subdirectory hijacking, as well as Link Wheels and Negative Link Buys. These are but a few of what money can buy. Anyone’s money. Remember it’s not always about a competitor trying to steal your real estate, it’s also about the haters that will inevitably wish to harm you or steal your traffic. ScrapeBox, XRumer and SENuke are just a few of the tools meant for something other than BlackHat techniques when they were created, but they are the most widely used by the ‘guy next door’ that doesn’t know a thing about coding or hacking. You would be surprised to see what a hundred bucks can buy. For $50 you can access a BlackHat server with nothing but programs used for negative SEO. They have over 50 planted there for open access for a price. You can even hire someone to do everything for you. They offer a menu and Paypal payment.

Review Websites – As a company that does as much Reputation Management as we do SEO, I can tell you that review sites like SiteJabber and TrustPilot are showing up in the top 20 results for almost every brand/website search that has a review posted. They carry a lot of trust with Google and the other search engines. I sometimes compare them to Wikipedia, except that Wikipedia is policed by everyone, not just the review site’s Marketing teams. You can “join” for a hefty and ongoing price, and have some control over what is posted about you, but again the time and cost factor needs to be considered in the overall cost of doing business equation, and if you are guilty you may need ‘special skills’ to erase it. Add to this to the powerhouse presence Social Media has become and the real estate thins significantly.

The Defense

The good news is that most of these tactics can be proactively prevented from happening. There are also a few tricks you can go do right now that will claim back some of your real estate. I listed these below the defensive tactics.

Subdomain Hijacking/Injection – Probably one of the worst and easiest methods because the only defense you have against this is reaction rather than prevention. Once you have been hit the only way to fix it is by contacting each website via email or WhoIs Webmaster/Admin details (provided they are not hidden) and notify them of the page so they take it down. Usually telling them it’s a scrambled/spun mess of non-relevant content, or it links to a porn site, will usually motivate them to remove it, but not always. In some cases there is no one to do it. They paid a friend of a friend to install a WordPress site and it is still running an antiquated version of WordPress, the theme or a plugin. This means you may have to take the DMCA route through Google = 2 months. But even if it is removed today, not updating it will just invite another attack tomorrow. There are programs that search for these vulnerabilities, or you can just Google the code.

WordPress Hacking – Personally I avoid WP whenever possible. Primarily because it can slow sites down for several reasons like running cache on them or code-heavy plugins (images, sliders, video, etc.), but also because it creates a need for additional security measures that cost money, and also constant updating that is required depending on the number of plugins you have. Less common but more dangerous is what I described above, Hijacking and Injection.

Subdirectory Hijacking – This can happen on a private network of their own, or on lots of sites running WordPress but not updating them or installing SiteLock or taking other security measures. But again the

only way to fix it is by contacting each website owner via email or WhoIs Webmaster/Admin details (provided they are not hidden) and notify them of the page so they take it down.

Negative Link Buys – Run a tool once a week that analyzes your backlinks. SEOMoz, LinkAssistant and

Ahrefs are among a few that can do a comparative analysis and identify the spammy links. Create a disavow file. This says you do not approve the link. Be sure to disavow at domain level to prevent future attacks and be careful when selecting the links because you can hurt your site if you are lazy and do not do the research.

Hate-Site Creation – These can get very serious because anyone can create them with little or no knowledge. If they find a few people that feel the same as they do then online sentiment starts to kick in and you get the ‘snowball effect’. It may not rank now, but let it get a few good backlinks and it comes out of nowhere. We have seen this time and time again. Remember, broken hearts and empty wallets are a big motivator. In some cases they replace searching for a date or a gambling habit.

Startup Hijacking – This one is easy. Buy and .net domains for a few dollars, create a typepad or other simple site immediately. Add an RSS feed if your lazy or add content to the primary domain and forward the others. Do a few social bookmarks and manually submit it through Google Search Console to get it indexed and your good to go. Operators need to be sure to include a non-compete for branded keywords to your Affiliate agreements.

Automated Tools and BlackHat Networks – Because of the sheer number of tools and techniques widely available to the people looking for them, these networks and the tools they use are constantly evolving. The best defense against all of them is to be proactive. If you aren’t budgeting at least the same amount you do for CRM and legal networks/staff on Reputation Management and a proactive plan to defend your property then you need to run the numbers and see for yourself why this is an essential part of your overall strategy.

Review Websites – I despise these sites. So much that worldwide I have thousands of active reviewers across 70+ review sites including my own personal accounts. I despise caffeine-free coffee and people that give me road rage in a supermarket as well, but alas these are a few things I cannot change. The difference is that I can’t add caffeine to my coffee, or ask the turtle in front of me to move it along…calmly or rationally, but I can defend my rank status on most review sites. This defensive strategy can come in many forms. Sometimes the Vanguard SEO Team has to handle it, sometimes ReviewPool, and in the toughest cases IronStoneConsultants have to handle the dirty work. In many cases just asking existing clients/players/members to offer feedback for credits, spins or other incentives will be just the thing you need. What you need to know in this instance is that there are services available that can run your rating in to the ground very easily. If I post a negative comment on SiteJabber today, it may cost you a dozen

depositors/clients. What if two of these are “Whales”?


Sitelinks are the extra listings below your primary domain listing and they link to pages Google may or may not lists

under your actual domain listing and description when someone does a brand search. These are the easiest,

fastest and most effective way to claim back your real estate. Some believe it’s helps with SEO and non-branded


PPC – If you are doing paid search or PPC on Google already this is a quick trick. Sitelinks appear in ads at the top

and bottom of Google search results. You can add sitelinks when you create your campaign. You can edit your link text and URLs.

ORGANIC – Create xml sitemaps. Screaming Frog has a tool that does this daily and uploads it. Sitelinks are not

guaranteed to show, and only for brand searches. Google says that if they believe they would be valuable to the user, they may show 2, 4 or 6 sitelinks. It has been shown that creating an xml sitemap and manually submitting it may help. Keep your chosen sitelinks at the top. Whenever you add content you should generate a new xml sitemap. These are not guaranteed to show, it’s up to Google’s ‘secret formula’ call their algorithm.

These are limited to brand searches so they have limitations, but if you are a branded site then this is a must-have.

Here are some additional tips that may help you get sitelinks to show, or increase the number of the sitelinks that are showing already;

  • Improve your site’s speed and page load times. Optimize Images, take css offsite, etc.
  • Make sure that your site has clear and logical hierarchy. Use the ’silo’ strategy
  • When using internal links, use very accurate anchor text and alt text
  • Only Include your most important categories in the main menu
  • Use relevant and descriptive meta descriptions
  • Avoid thin or automatically generated content
  • Don’t use onsite duplicate content

Schema Markup

Schema markup is code that is added to your sites code but does nothing to the appearance, and will help search engines return more informative results for users. It is based on latent semantic analysis which is supposed to understand for example that when you search “Lory” in the UK your looking for a truck, and if you are in the US you are looking for a bird. If you’ve ever used rich snippets, you’ll understand what schema markup is meant for. It is an agreed-upon set of code markers that tells the major search engines what to do with the data on your website. It’s great for SEO, but in this instance we use it to claim more real estate. Products, event schedules, articles, etc. (there are hundreds of categories and customized available free online) can show in the form of links below your website. Websites that use schema markup rank better in Google results than companies without markup. One study determined that websites with markup ranked an average of 4 positions higher in the results than those without schema. Think of it as your companies online business card. Think about the real estate this can reclaim and the

added benefit of possibly better rankings and I would have someone starting on this immediately.

Getting a Search Box in Google Results (using Schema markup)

Once again we are talking about the top 10 results and the accompanying real estate. Those of you that have a branded website, this technique will add additional information about your website above and beyond the existing description that Google pulls for your description (do your homework on rich snippets). It is also in addition to Sitelinks and even more valuable real estate. The Google Search Box and Schema markup looks like this;

< script type=”application/ld+json”>


“@context”: “”,

“@type”: “WebSite”,

“url”: “”,

“potentialAction”: {

“@type”: “SearchAction”,

“target”: “{search_term_string}”,

“query-input”: “required name=search_term_string”



< /script>

*You need to change the “url” and “target” examples to your URL if you want to use this.

Having a search box is the most used Schema markup for the top 10,000 ranked websites and takes up more space (real estate). It’s also great for usability and adds a sense of legitimacy to a website. In any case, you must have your ducks in a row, so to speak. You must be prepared and had better have your Social Media and CRM people working together with your Rep Management and Engagement people to proactively reduce your risk and exposure. Or do what we did and just create one massive Team.

SEO/Social Media is a Must

In cases where the damage has been done, you need to evaluate your current structure and model it around these 5 areas (especially for those that slept through the last 10 years);

  1. Engagement – Proactive and reactive across all social media sites, review sites and onsite
  2. Reputation Management – Monitor your brand/URL/Website for negative and positive content. Not

just for brand/site, but for any keyword that sent traffic. Monitor this 24/7.

III. Brand Protection – Have DMCA doc’s ready to go at all times and programs in place to monitor all

search results for every type of site, whether it’s a buried blog/forum or a ranking review site.

  1. Acquisition – This is part of your Marketing team’s remit, and very important because Google’s “realtime”

search requires lots of fresh content and activity, and these provide that. (Ie. viral contests,

giveaways, polls. etc.)

  1. Retention – I say it again…if you budget for CRM you need to budget for all of the above. This person

or team needs to merge with your SEO/Social Media/Marketing teams because they are all running

the same race, they are just wearing different shoes and are on different racetracks.

This is what Social Media Teams look like in the future.

Get everyone running the same race and overtake, improve your positions, and look back at them rather than as a huge hurdle that’s suddenly in your face and costing you at least 10% of your revenue due to a single negative post on a single website. The reputation and online sentiment of your company is at stake, and countless other unknown long-term damages.

Okay here’s the commercial I promised (I didn’t really), but it won’t cost you anything so it’s not really a commercial. It’s WWW monitoring software. We use it for data analysis. And did I say it’s free forever? It’s software called WebGenius. It monitors a brand or a website or even your name. Where most tools fall short is that they only use Google’s api. If the negative content is on a de-indexed page you will never know about it. It still counts as negative sentiment and potential risk. Or maybe it gets re-indexed and suddenly appears? This tool covers all Search Engines, all data centers, all forums, blogs and 2-3 tiers deeper than the tools available right now. And they cost money! Negative content, whether it is on Google or not, poses a potential threat. Create positive sentiment, engage with your client, and rule Social Media for your site or brand.

This is how to protect yourself against Real World BlackHat.


Written by: Gary R. Beal

MD | Vanguard Online Media

ReviewPool | WebGenius | IronStone Consultants

p: +356 9981 7907 p/f: +356 2155 0457 a: Gozo, Malta

e: s: GaryTheScubaGuy

Gary R Beal (a.k.a.GaryTheScubaGuy) has been in the business for

over 20 years. He started out as an Affiliate and after moving to England to run a couple of Top SEO Gaming Agencies he opened

Vanguard SEO. Gary sold Vanguard and moved to Malta where he runs Vanguard Online Media, Ironstone Consultants and his

newest creations; and WebGenius Software

Gary has been a popular speaker at conferences around the world for over 10 years. From SMX to ICE and anything to do with

Gaming, Dating, SEO, Social Media or Affiliates, Gary was probably there. Known for his matter-of-fact, non-commercial sessions

that truly teach, he also is known for the free 1-on-1 sessions.

“Each of our companies rely heavily on Social Media at every level. It’s another tool for our arsenal, and it has proven to be a very

strong performer when used properly. The biggest problem we see is companies or individuals not using it correctly, or in the most

effective way for your unique or competitive niche. This is why we decided to offer Turn-Key services” Gary R Beal

Gary will be speaking on these and other topics at the Conference so sharpen your pencils and bring any questions you

have along with you!