Black Hat SEO - Fair Game or Foul Play?
In the cybersecurity industry, there's a constant stream of conversation about ethics. So, imagine my surprise when I discovered that certain Australian cyber consultancies seem to be involved in Black Hat SEO tactics, breaching Google's webmaster guidelines.
Before we delve into the details of my findings, let's first understand what Black Hat SEO is.
SEO Primer
In an ideal world, here's a very simplified view of how SEO should normally work:
- Website owners create content that is good, valuable, and engaging.
- Readers find this content enjoyable and start linking to it from other websites.
- Google sees these links as positive signals and takes note of them.
- As a result, the website ranks higher in search results.
Great, right? But, there's a hitch. Creating high-quality content that resonates with people is time-consuming and often requires a lot of domain knowledge.
What if there were a way to skip this time consuming endeavour and just rank higher? This is where Black Hat SEO comes into play.
Private Blog Networks (PBNs)
The most basic tactic in Black Hat SEO involves buying backlinks from PBNs. A PBN, or Private Blog Network, is essentially a collection of websites created for the sole purpose of generating backlinks.
With this tactic in our tool bag, our SEO cycle now looks like this.
During my research for this article, I reached out to some of these backlink sellers to get a clearer picture of their services. Here's what I found:
These sellers typically manage a network of 10-50 sites with pricing ranging from $5-50 per link. Most offer three main types of links for purchase with Guest Blogs being their highest tier offering:
Directory Links
An old SEO tactic involved listing your website on every business directory you can find (e.g. White Pages). However, instead of manually creating listings at various directory sites, some vendors use automation to create their own business directory sites.
This seller had a network of 40 business directory websites!
Link Insertions
Link insertions involve adding a link to an existing article or page on a website (e.g. an existing blog post). Your link typically isn't exclusive here and you might be sharing the page with other buyers.
Guest Blogs
Finally, there are guests blogs. In this case, they create an article just for you, which includes a link to your site. These articles are exclusive to you and the sellers will suggest that this will give the biggest boost in ranking.
Caught Red Handed?
Enough theory though, examples can often speak louder than words.
I recently had a conversation with someone who mentioned that one Aussie Consultancy had effectively built their business off the back of Digital Marketing and SEO.
Let's see what some of their backlinks look like so we can learn from them!
If I Google "penetration testing sydney" here's the result I got (your results may look different). We'll focus on these top results for our research.
Some Backlink Research
Tooling used to find these backlinks is linked at the end of the article, so you can check companies that you care about.
Directory Listings
There are too many to show here so I've included a few examples below and the raw backlink audit exports at the end of the this article for you to peruse (CTRL-F for "website-list" as a starting point).
| Source URL | Link URL |
|---|---|
| https[:]//postonseo[.]com/website-list-1990/ | https[:]//www[.]themissinglink[.]com[.]au/ |
| https[:]//suohk[.]com/website-list-1252/ | https[:]//gridware[.]com[.]au/ |
| https[:]//seohelperdirectory[.]com/website-list-1976/ | https[:]//cybercx[.]com[.]au/ |
Link Insertions
This link insertion post links to both CyberCX and Gridware!
The same site has another link insertion post with a link to The Missing Link.
Guest Blogs
These are blogs that are exclusively written for your organisation. Some of them are quite amusing.
Penetration testing is something you can do while sitting on your desk!
Did you know that these measures guarantee these?
Check out some of the other content on the right sidebar that you might also be interested in while you're reading about cyber security!
Examples:
| Source URL | Link URL |
|---|---|
| https[:]//cselinks[.]com/why-do-you-need-cloud-security-for-your-business/ | https[:]//www[.]themissinglink[.]com[.]au/cloud-security-services |
| https[:]//sam-cam[.]com/2023/technology/the-importance-of-penetration-tests-to-your-business/ | https[:]//www[.]themissinglink[.]com[.]au/penetration-testing |
| https[:]//setup-canon[.]com/the-great-merits-of-it-consulting-services/ | https[:]//www[.]themissinglink[.]com[.]au/consulting-services |
| https[:]//essaysontime[.]com[.]au/penetration-and-hacking-testing-for-your-online-systems-the-main-advantages-to-know/ | https[:]//cybercx[.]com[.]au/resource/penetration-testing-guide/ |
| https[:]//fiatas[.]com[.]au/3-things-to-learn-and-know-about-penetration-testing-for-your-online-security/ | https[:]//cybercx[.]com[.]au/solutions/security-testing-and-assurance/penetration-testing-services/ |
| https[:]//www[.]businesssmart[.]com[.]au/business-blog/facts-to-know-about-penetration-testing-and-reports-for-your-computer-systems/ | https[:]//cybercx[.]com[.]au/resource/penetration-testing-guide/ |
| https[:]//www[.]dunord[.]com[.]au/top-tips-to-make-sure-your-company-has-the-best-cyber-security/ | https[:]//www[.]gridware[.]com[.]au/iso27001-certification-services/ |
| https[:]//www[.]lifestylecareers[.]com[.]au/career/7-things-to-do-while-youre-sitting-on-your-desk/ | https[:]//www[.]gridware[.]com[.]au/penetration-testing/ |
| https[:]//oceanfeather[.]com[.]au/why-security-advisory-services-can-take-your-company-to-the-big-leagues/ | https[:]//www[.]gridware[.]com[.]au/ciso-services/ |
How Does This Happen?
Just because a website is receiving backlinks doesn't always mean it's part of a deliberate strategy by the website owner. What are some potential explanations for these backlinks then?
Unaffiliated Sites are Randomly Linking to Them
As absurd as this sounds. This does seem to happen.
Out of curiosity, I ran a backlink audit against Project Black and found 1 site that links to us, we've definitely not paid anyone for links!
From what I can see, some of the newer directory listing sites may just start randomly linking to your site, possibly to make the site less sparse?
A Marketing Agency is Doing This For Them
This is probably the most likely explanation.
Outsourcing marketing efforts is a pretty common practice. However, as the company, you're still accountable for the conduct of your vendors!
To draw a parallel with cybersecurity: When you outsource, you can't outsource risk and still remain responsible for it, the same principle applies here.
Making Contact
To give these organisations an opportunity to clear things up, I reached out to these using their public email addresses found on their respective Contact Us pages.
Maybe these were the actions of a rogue employee or agency!
- CyberCX - Email Sent 28/11/23 - 3:05PM
- The Missing Link - Email Sent 28/11/23 - 4:11PM
- Gridware - Email Sent 28/11/23 - 4:16PM
In the emails I sent, I explained that I was writing a blog about Black Hat SEO practices and that I was surprised to find their companies receiving backlinks from sites that looked like PBNs. I asked:
- Does your organisation or your organisation's marketing agency pay for backlinks from PBNs?
- Will your organisation be doing anything to remove these backlinks?
Unfortunately, none of them have responded.
Maybe we can do some more investigation ourselves and draw some conclusions of our own.
Digging Deeping
If we can locate the owners of some of these sites, some patterns may emerge. There's a few things that will help us do this:
- An Australian Company would likely work with an Australian Marketing Agency
- Google likes geographically local backlinks (e.g. links from .com.au websites)
- Those same Australian Marketing Agencies might be inclined to register some .com.au domains to create their own PBN to benefit from this
- Domain privacy is not supported for the .com.au TLD
- This means we can use WHOIS lookup tools to find domain owners
While it's possible to hide personal information on WHOIS for some domain extensions - this practice is not permitted when you register .com.au or any other .au domain names. - Domain Registration Services
With this in mind, we can filter URLs from our backlink audit to look for those ending in the .com.au TLD, and then find who owns these sites in case there are any patterns.
😮
Out of the discovered .com.au sites that link to gridware.com.au, a whopping 63% of 77 are owned by 2 Australian Business Numbers (ABNs).
That's definitely pretty suspicious.
Based off the entity names/registrant names, 4 of these ABNs seem like they might even be related.
*Individual names are being revealed but this is all public information.
| ABN | Entity Name | Gridware Backlink Count | ABR |
|---|---|---|---|
| 53547809219 | THANAPATHY, SHAMILA DIMUTHU | 26 | ABR Link |
| 64975456075 | THANAPATHY, SHANAKA | 22 | ABR Link |
| 40841195303 | S.D THANAPATHY & S THANAPATHY | 3 | ABR Link |
| 78629161520 | CONTENT MART PTY LTD (WHOIS Registrant Name: Dimuthu Thana) | 2 | ABR Link |
| 641841312 | CREATIVE DOT SOLUTIONS PTY LTD | 2 | ABR Link |
What About the Others
Cyber CX (CCX)
It may just be a wild coincidence, but CCX's top .com.au backlinking domain owners are the same entities.
These 5 entities account for ~25% (90 total) of CCX's backlinks from .com.au domains.
| ABN | Entity Name | Backlink Count | ABR |
|---|---|---|---|
| 641841312 | CREATIVE DOT SOLUTIONS PTY LTD | 9 | ABR Link |
| 53547809219 | THANAPATHY, SHAMILA DIMUTHU | 5 | ABR Link |
| 64975456075 | THANAPATHY, SHANAKA | 3 | ABR Link |
| 78629161520 | CONTENT MART PTY LTD (WHOIS Registrant Name: Dimuthu Thana) | 3 | ABR Link |
| 40841195303 | S.D THANAPATHY & S THANAPATHY | 2 | ABR Link |
The Missing Link (TML)
TML didn't seem to have many backlinks from .com.au domains. No discernable patterns could be identified for the few that were found.
Closing Thoughts
Do Your Own Research
Want to check if a company you follow receives backlinks from questionable sources?
You can run a backlink audit using Semrush's (unaffiliated) backlink audit tool by signing up for a free trial - just remember to cancel before you get charged.
If you'd like to do some of your own sifting through the dataset in this blog, I've uploaded the output from Semrush for CCX, Gridware, and TML.
In the interest of transparency, Project Black's backlink audit has also been uploaded here.
Is It Fair Game?
If it seems like others are diving into these SEO tactics, are we just sitting on the sidelines missing out? Or does it go like that old saying, "If you play with fire, you're going to get burned". Let us know what you think.
Maybe in a few years, this blog gets deleted and we'll join the dark side too. 🤷
Google's Role
It's really the everyday consumer who gets the short end of the stick. People rely partially on Google's search rankings to identify authoritative voices and experts in various industries. However, when these rankings are potentially skewed by backlink strategies, the reliability of this information comes into question.
It's impossible to know how significantly these backlinks influence Google's ranking algorithms, but one thing remains certain: these practices go against Google's Webmaster Guidelines.
Google uses links as an important factor in determining the relevancy of web pages. Any links that are intended to manipulate rankings in Google Search results may be considered link spam. This includes any behavior that manipulates links to your site or outgoing links from your site. The following are examples of link spam:
* Buying or selling links for ranking purposes
---
* Low-quality directory or bookmark site links