What is SERPs Hijacking? When a website has their domain compromised, and also their google search console compromised, to add sitemaps for urls that will be redirected to a domain of choice. This is used to rank new websites without ever having any real inbound backlinks. It’s how many spam websites get coverage in SERPs and why Google even has a webspam team. It can cost a website rankings, time and especially money if not caught fast enough.

Often backlink networks or scripts will exist out in the wild, that operate off of this tactic, simply because it works so well and when the website is found out, nothing further can be done against them. If this is a bit technical, please allow for a breakdown. SERPs highjacking is a type of negative SEO attack, and is blackhat SEO, especially since it’s compromising the website domain for another website’s profit.

In very short, if access can be gained to a website, then access can be gained to google search console via a verification file that can be added to a compromised website. Once someone has access to search console, they can submit new sitemaps to google
, often called a ” sitemap console exploit “. They can have scripts setup, since they have website access, to redirect said urls, from what they told google in the sitemap, to whatever domain they wish to send traffic to. It’s a backlink, a manipulated one, but in search engine algorithms it’s a backlink and it’s helping the domain being redirected too.

SERPs Hijacking Has A Few Flavors

By far, WordPress has to be the most popular CMS to use for a website. Because of this, it’s also one the most attacked, due to scripts ( a set up automated programming instructions ) being sent to add little pieces of self replicating code to various levels of the website domain. These pieces, act like beacons to communicate with the end server for files to add. Since these files can be everywhere and even depending on the script mimic other legit files, often infected websites stay infected long enough to benefit the end domain enough to justify the effort exhausted.

Some SERPs hijacking will go as far to alter meta titles and descriptions, to rank websites for pharmaceuticals or other products. Once an attacker has access to a website, it’s just regular SEO variables to benefit their goal, more web traffic for searched terms. Website get hacked from a variety of ways, if websites use WordPress, Drupal or any other CMS and don’t update plugins, or the CMS itself, holes in security form to allow such SEO hijacking to take place.

If an attacker can get a shoe website to rank for Viagra and a user who wants Viagra clicks on the shoe site only to be redirected to an actual site to buy Viagra, they win and will keep attacking. These tactics have been seen in the wild as big as million website networks, where backlinks are applied once a subscription is started, and lost once a subscription ends. Normally these kinds of services can be seen by future SEOs via a backlink optimization audit and highlights to the client.

Protection Against A Growing Website Threat

Backups are by far the best defensive measure to any website hack. This is why backups everyday aren’t prudent, depending the activity of a website, it just may save money! It’s also the easiest method of counteraction against a hacked website, once the initial attack was understood and secured. If the initial attack point isn’t fixed, then an attacker will keep coming in through that open door. Either a compromised password, outdated CMS or plugins, newly added code, even poorly secured SSLs can lead to an attack something called a ” man in the middle attack “.

The internet isn’t a stagnant world, it’s a very dynamic, ever changing landscape of many types of people. Some people want to follow the rules and others want to make money off breaking the rules. And others are ok with using other people’s websites for such personal gain. Knowing what to look for and how to keep safe in an ever changing digital landscape, making technical seo knowledge that much more valuable. Recovering from various forms of attacks, leads to experience that can be put to good use going forward. However it’s a costly lesson, especially if a business is attached. Technical SEO is quickly merging with cybersecurity and in the near future could be considered one and the same.

If you believe you’re website has been compromised, free malware scanners exist online, such as Sucuri website scanner. You can always contact SEOByMichael for a comprehensive website audit, to check for any issues highlighting previous SEO attacks.