Black Hat exposed: Affiliate Links on hacked Third-Party Domains

Black Hat exposed: Affiliate Links on hacked Third-Party Domains

This is a guest contribution by Daniel & Thomas. If you would like to submit a contribution please contact Bill Beatty for submission details. Thank you.

 

Black Hat exposed: Affiliate Links on hacked Third-Party DomainsSearch Engine Optimization for casino and gambling sites is usually very tedious and exhausting. You have to spend insane amounts of resources, and often get relatively little outcome.

But occasionally you stumble upon some quite exciting things. It is particularly interesting to see that black-hat SEO techniques still work in this area. Or to see how bold and unrestrained some guys want to push their affiliate pages to the top.

A lot of webmasters have found hidden casino links on their websites before. Usually, those infamous hidden “display:none – dofollow” links are placed there for SEO purposes:

Black Hat exposed: Affiliate Links on hacked Third-Party Domains

But sometimes you stumble upon techniques that are even more brazen than hidden backlinks.

Hacked subdirectories

When researching for backlink possibilities for some game-related microsites we often found pages that only consisted of a “Selection of the Best Online Casinos”, each with an affiliate link to one or the other casino.

Black Hat exposed: Affiliate Links on hacked Third-Party Domains

So far so good. But we dug deeper and found those pages all over the web, and in places they didn’t belong. This is where it got interesting.

The first version we found was on the website of a college in Guernsey. At first we thought, maybe the school exploits the revealing gambling laws of the Canal Islands to grab some extra budget. Who could blame them…

However, when we found an increasing number of other sites, all with the same list of “best online casinos” it became clear that the sites had been hacked.

We found them on the websites of a German manufacturer of blinds and shutters, a Polish think tank or an American organization against child abuse. The list got longer and longer. And they were all domains with good backlink profiles.

Not only one page

When we crawled the afflicted domains with our SEO tools, we found a /slots/ directory with not only one page, but hundreds of pages, each optimized for different keywords:

/slots/usa-online-casinos-no-deposit-no-download.html

/slots/play-slots-no-deposit-uk.html

/slots/making-money-with-online-casino.html
….

At /slots/sitemap.xml there was even a complete XML Sitemap, so that all pages could be easily found and indexed by Google.

Cloaking

But that’s not even all. To be able to rank for these various keywords, it takes relevant content. However, we always saw the same list of casinos with no additional or unique text.

We had a look through Browseo, a nice tool that shows you what Googlebot actually sees, and found that in fact the sites contained massive hidden text for the bots:

Black Hat exposed: Affiliate Links on hacked Third-Party Domains

Because of the high authority of the domains they were on, the large amount of text and the targeted keyword optimization, these pages ranked on or above page 2 on Google for a huge number of different keywords. You could easily spot

them by the rating snippets displayed below the listings in the Google SERPs, which was another very interesting trick: hardcoded rich-snippets of fake reviews! Sometimes it’s hard to believe how easily Google can be fooled.

A trick that works

In the meantime some webmasters had already noticed the hack and kicked out those pages. Apparently the hacked websites got infiltrated through a WordPress plugin. Via a hole in the “wysija-newsletter” plugin, the black-hat attacker

could modify the .htaccess file, which then generated a settings.php file that allowed them to control the subdirectory.

The siteswaps.com domain has been suspended in the meantime, but the page is now available at luckycasinoslist.com and still appears on a lot of sites.

When you consider how much revenue is made with well-placed affiliate links, you can assume that the “operators” of these pages are not just making peanuts.

Our favorite hack is of The Iraqi Ministry of Industry and Minerals. A search for site:industry.gov.iq casino lists 70 results, all delivering the same page in different languages, all displaying a list of “The Best Casinos in 2015”, each page

with hidden content for the robots.

If you track back the affiliate links you’ll find that the original site can be found at goodomens.net/univ/, a domain that is registered to a private person in Kharkov State in Russia.

Expired Domains

Another way black-hats try to push affiliate links to the first page of Google is by buying or hacking old and strong domains with high quality backlink profiles.  There are several services that help anyone hunting for expired domains with

high authority, but every SEO may check the backlink profile with Tools like Majestic or OpenSiteExplorer himself.

Again results may just last for a short time. But, as we all know, that’s enough to grab a lot of money from affiliate links in the casino niche.

 

Daniel & Thomas are doing SEO for Austrian gambling and casino companies. They blog about their strategies and findings in German at www.casino-seo.de