How I uncovered a black-hat SEO scam

June 7, 2021



This is the story of how I accidentally discovered a sizable SEO scamming operation.

Summary

Some highly-ranked online tools for editing or “cleaning” HTML seem to be secretly injecting links into their output to push themselves and affiliated sites up the search engine rankings. This scam is highly successful and appears to have gone undetected so far.

Tools which I suspect of doing this are all made by the same people:

Sites that have fallen victim to this include BoingBoing, the official German Football Association and Kaspersky. The delicious irony here is that the affected Kaspersky article is about “staying safe from hackers”.

UPDATE (11th June): Google has begun to remove these tools from the search index.

Something seems fishy

So here’s a blow-by-blow account of how I made this discovery, along with the evidence I uncovered.

It all began with a mystery concerning a product that I’m building. The product is an online scoreboard, and despite having (what I believe) is a solid SEO strategy, I have been unable to conquer that coveted top spot in the search engine results pages. For the last 12 months, a competitor called “Scorecounter” has always been ahead of me.

'Failure'

Now, due to the nature of my product, people are sharing links to it and embedding it in their websites, which means that over time I am accumulating a lot of inbound links. Over time my SEO ranking should become unbeatable. The competitor does not have a significant virality like me, yet is consistently better at me than SEO. What trick are they using? 🤔

So last night I drank 2 glasses of red wine and instead of deleting the production database (like last time) I decided to get to the bottom of it. I paid for an Ahrefs subscription and had a look at the “backlink profile” of Scorecounter. Ahrefs is an excellent tool for SEO research and optimization. This is what I found:

Scorecounter had 3600 incoming links which it had accumulated in a very short time. Impressive!

'Nice'

Then I began to look at the pages that contained the links and this is where I grew suspicious.

For instance, I saw a blog post from the German Football Association containing a link to Scorecounter. The word that was linked was “score” – yet having a link here made absolutely no sense in the context of the article. What was going on? 🤔

Here are some more examples of links I found on random domains (you need to search for “score” on the page).

There are pages and pages of these (take a look for yourself if you have an Ahrefs account).

So I wrote to some of these sites and asked them why they had these links in their pages. Were they all selling links?

I received the following reply from an online news portal:

Thanks for reaching out. No, we do not sell links at any cost.

I was actually using an HTML cleaner (html-online.com/editor/) since last year, which was working fine as intended in the initial months but a few weeks back I realised that the tool has suddenly started secretly injecting links to the HTML content.

For a few posts, I was not able to spot it, but when I learnt about it, whatever post I could have recall, were cleaned manually. It appears, unfortunately, some of them are still there, as you pointed out. I will today simply find-replace this link from the entire database for safer side.

Bingo 💡

Aha!

So that was the secret: the creators of Scorecounter also made an online HTML editor which injects links for certain keywords. The beauty of this scam is that by injecting links to their own HTML editor, they have created a brilliant positive feedback loop: the higher the editor rises in the search rankings, the more people use it and the more secret links they can inject.

Now if you are feeling very magnanimous, you could argue that the editor is a freemium tool, and that added links are how you pay for the free version. Well, I’m not feeling magnanimous and neither will Google, I suspect.

Apart from boosting the HTML Editor itself and Scorecounter, I found a third product that was enjoying the limelight:

Ruwix.com solved

Ruwix.com is made by the same people and is all about the famous puzzle cube. Again it’s very easy to find a large number of backlinks to Ruwix.com on random sites using Ahrefs. Each of these is a non-sequitur in the text into which it’s jammed, which shows me that the authors of these articles had no idea what was going on. Take a look (you need to search for “Rubiks” on the page):

UPDATE: All of these sites have removed the link but thankfully I made a screenshot of the Kaspersky page 😅

'Kaspersky'

To see how prevalent this injection is, try this Google search; “Learn how to solve a Rubix Cube with the beginner method”. There are over 1900 hits on a wide range of sites. Amazingly, the link even made it into a research paper (It’s on page 24, at the bottom of the References section)!

UPDATE: Google has removed all of these links now.

Since publishing this post, a Twitter user running a competing site got in touch:

You mentioned Ruwix.com in the article, they are a site in my industry that came out of no where and ranked, and never fully understood how they were gaming it.

I’ve run Speedsolving.com for 16 years now, and ruwix started randomly outranking us which was odd. Glad to see it is penalty worthy spam that got them there.

A whole network of tools

Digging around in the backlinks I discovered that there is a whole network of tools which are all part of the same operation. All have similar backlink profiles. They include:

Doing a Google search for “HTML Editor” reveals that these tools occupy the top three positions of the search results. This demonstrates how immensely successful this scam has been.

Closing words

It’s true that the terms of at least one tool contain the following:

We show ads and might place randomly a link to the end of the cleaned documents.

I sincerely doubt that this disclaimer is enough to prevent a massive Google penalty. We’ll know soon enough.

Update: Google has passed judgement

On the 11th June, 2021 the following message appeared for the top-ranking tool:

'Goodbye SEO Scammer'

At the time of writing this update, Scorecounter and Ruwix are still in the Google index and ranking highly but I assume that they will be kicked out soon.

Of course I am pleased by this outcome, but the irony of the situation does not escape me. Google are a mega-monopoly using their might to impose a level-playing fields on others. Nonetheless, the internet has become a tiny little bit fairer today.

That’s all for now. You can follow my journey on LinkedIn to keep updated.