Sunday, 12 February 2012

Senuke X | Unmasking An SEO Spammer And Rewarding Their Competition (a Case Study)

" DUI Lawyer Indianapolis ," " DUI Attorney Indianapolis ," and " DUI Defense Indianapolis " all appear to be keyword phrases that a certain Web site I won't yet mention is trying to rank for. I know this because they spammed one of my blogs with garbage. Because they did that, I just gave the highest-ranking competition of theirs for those keyword phrases some dofollow links! Now, for as awesome as it is to quickly reward the competition of a spammer, finding out just who a spammer is, is much more interesting. Please stick with me, because the rabbit hole goes quite deep with this one. For example, I found an entire site that was incorrectly configured to show tons of internal emails and correspondence to/from the individual who is ultimately responsible for the spam on my site!

To begin our adventure, I'd like to start by saying that more and more, I grow extremely tired of SEOs and/or companies who engage in shameless spamming to increase rankings. The latest jewel popped up in my email inbox recently and it immediately tweaked me the wrong way. On my Microsoft blog (which I've admittedly given no attention to over the past year), I received the following comment on a post from well over a year ago (never mind the fact that my comments are nofollow and the link juice from that page is among the lowest on the site):

Lucky I stumbled on that information. I can seriously express that I learned something new right now. With any luck , I will have the same good fortune next time I take a look at your website.

Hilariously spammerific, right? Well, the person who left the comment used the keyword phrase "DUI lawyer Indianapolis" as the name and they linked it to this profile page :

As some of you know, the tactic is to pump a lot of link juice (via spammy or non-spammy links) to a page on a site that's not yours; then, you have that page link to your site with your keywords. This method serves a few purposes, but the primary one SEO  spammers believe is that this will shelter your site from Google's wrath if they see all the garbage you're cooking up to build the popularity of a Web page. Google may be slow on certain algorithmic tweaks, but they aren't stupid. Anyway, what's with this nonsense right here:

Top Five Guidance on Finding DWI Barristers

I am a house indoor custom, as well as a artist from furniture extras and produced photos. I am just another developer involved with females using gear, though Irrrve never been actively involved in creating fashion realize it's a huge.

That's some spamtacularly-spamtastic spam right there! Between that garbage and the comment on my Web site, I figure I'm either dealing with an automated software SEO  solution ( SEnuke X , XRumer , etc.) or horribly outsourced work. Back to the profile, the user name on it is samuelpratt37. Let's Google that name , shall we?

Just as I suspected, tons of spam profiles across a multitude of Web sites. With that in mind, let's go back once more to that profile page pictured above. There, we see the three keyword phrases I mentioned at the very top of this post. Naturally, instead of linking to their competition (like I did), theirs link to the Web site that they're trying to rank . For good measure, let's search for one of those keyword phrases along with the user name samuelpratt37 . Indeed, the result is more spam.

Now, at this point, I'm curious to see the site they're trying to rank, so let's head on over to it :

It's pretty obvious that's a micro site: a site that's constructed to serve a primary function, like generate leads. Taking a look through the site, I couldn't find a single name involved with that "firm." All I saw was generic-looking legalese, some custom DUI videos, and a phone number. In my quest to find out more about this "firm," I called the number. Unfortunately (but expected), it rang through to a generic mailbox which asks you to leave your information so that someone can call you back. Obviously, we're not dealing with an actual firm here. As such, my curiosity was piqued to find out just who we're actually dealing with. Is this a real firm or is this perhaps someone trying to generate leads for a firm in the area? Just who the heck is this that's spamming me and what's their business model?

Digging a bit deeper, I decided to see who owns the site by running it through Network Solution's WHOIS search . Thanks to the WHOIS information of the site being public, I found that the registrant of the domain is "Demko Ventures LLC" and their administrative contact is someone named Mike Demko from demkoinvestments.com . (To note, the email address for the administrative contact is the same as the email address on Mike's profile section on the Demko Investments Web site, so now we know we're dealing with the same individual.)

Ready to get my Google on and find out if Mike is our spammer, I typed the following query to see if he has anything to do with SEO: "Mike Demko" SEO

The evidence! It mounts!

From the looks of things (see here , here , and here ), Mike is certainly interested in SEO, but is he our spammer? I came to the conclusion initially that he was, but as I continued my research, I discovered that, in addition to having his own SEO company, he utilizes outsourced services from places like oDesk , Elance , and the Philippines; so, even if Mike isn't directly spamming links himself, he's either orchestrating it or aware of it.

Now, remember when I searched Google for "Mike Demko" SEO ? Well, 8 results down, I noticed the following:

For those who don't know, Copyscape is a popular site that's used to check for plagiarized content. By the looks of that Google result above, Mike is interested in defeating Copyscape. That's got "spam" written all over it! Now, check out the name of the URL from that result: www.bankruptcy-attorneys-sandiego.com

Unfortunately, the site isn't populated with content at the moment, but a quick WHOIS search of that domain yields the exact same registrant information as the one I checked earlier, so we know we're still dealing with Mike Demko and Demko Investments/Demko Ventures LLC. And even though the site isn't populated now , it must have been at some point for Google to have indexed the result you see in the screen shot of above. With that in mind, let's see what all Google has in its index from when the site had content: site:bankruptcy-attorneys-sandiego.com

Long story short, that's almost 800 pages Google has indexed from the site - and they're all cached. That means that even though the site itself isn't live, we can still see what was there when it was live - and what we see is staggering: emails and internal discussions containing (in part) user names and passwords, job assignment/completion notes, and (the nail in the coffin) intimate details of a nationwide campaign of DUI/DWI Web sites :

Did they knowingly configure this site to show this content? Surely not, which brings me to a slightly comical email to Mike that I happened upon which states, in part, the following:

I know. You're a great real estate agent, not an techno-geek. So, I want to be sure you can get to the CONTENT that's up at www.RealEstateTechnologyExperts.com and not let the 'technology' get in the way.

Oh, that rascally "technology." Always getting in the way, dag nab it!

Anyway, between the major Web site/email/internal message SNAFU, that email, and the following evidence that Demko Investments tasks either an internal team or an outsourced entity with SEO-related jobs…

… I've come to the conclusion that while Mike may not be the one directly doing the spamming, he is DEFINITELY aware of it (more evidence of this is at the bottom of this post, where I list equally as important points that I've chosen not to extensively cover). Whatever the case may be, I've satisfied my desire to get to the bottom of the person that spammed (either directly or by tasking another) my Web site, but there's still the lingering desire to know exactly what the business model is. Well, after all the research I've done, here it is:

Mike does keyword research and targets specific DUI- and DWI-related keyword phrases in cities all over the country. Then, he populates micro sites with content related to those localized keyword phrases. The aim is to get those micro sites ranking at the top of the SERPs for his targeted keyword phrases, and then, once they're ranking in a position he's comfortable with, he contacts as many attorneys/lawyers as he can for each city/locale he's targeting. The goal is to lease the services of the micro site to the highest bidder by a certain date. This allows him to maintain ownership of the domain and essentially keep the content exactly the same with very little change, should the time come that he leases it to another attorney/lawyer. He probably has some sort of spiel for explaining the value of the site, the ROI, how it will generate leads and convert them well, etc. It's a fine twist on an age-old business model.

So, what began simply as rewarding the competition of a spammer who annoyed me, quickly grew into far more than I could have imagined: the perfect case study for showing a) why you shouldn't spam; b) why you should closely monitor your Internet marketing team and/or outsourced Internet marketing entity; c) why you should never configure a site such that it showcases your internal information for Google to come along and index/cache; d) why you should consider privatizing your registrant info; and e) that if I can connect the dots to find all of this information from a simple spam comment, just imagine the dots that Google can connect (even if it seems like they can't, or aren't currently being actionable with such data). You might be able to get away with certain spam tactics now, but one day, you won't. And if all you're looking for is to make a quick buck, then you won't mind when Google unleashes a Panda-like update that demotes your Copyscape-bypassing thieved/scraped/spun articles, will you?

To close, I'm going to list a handful of items that I didn't cover in this post, but that are all equally as important to mention so as to give a more well-rounded view of the ramifications/consequences of spamming, as well as how much I could have kept digging into Demko Ventures LLC's Internet marketing practices. In no particular order of importance:

1: Search results using Mike's various email addresses and user names .
2: Reverse WHOIS records showing the 400+ Web sites registered to Demko Ventures, LLC , as well as Google search results for "Demko Ventures LLC" .
3: Unprotected upload directories on their DUI/DWI micro sites (which I discovered via a simple site:duiindianapolis.com search in Google).
4: Open XML information from their Amazon S3 account for media on their micro sites (which I discovered in the source code of one of their micro sites).
5: Detailed IP address information from the spam comment on my blog, as well as the abuse email alias I could contact about the spam left on my blog. (Realistically, this probably wouldn't have amounted to much, but you never know.)
6: Results from a Google search of the email address that was left with the spam comment on my blog, which led me to IP information on stopforumspam.com detailing other bogus email aliases, user names, and targeted keyword phrases used by Demko Ventures, LLC-registered Web sites (never mind the exhaustive research that awaits with all of that information).
7: Mike's public Screenr account , which, at the time of this writing, contains a whole slew of publicly viewable videos - some of which cover spammy SEO tactics, like scraping content (via products like ScrapeBox ). Eww…
8: I now hold the keys to go do the very thing he's doing, should I choose. This is one of the inherent issues with off-page SEO: if you're not careful, you can easily give away your keywords (and business model) on a silver platter. Then, all an individual has to do is hit up Open Site Explorer , Majestic SEO , and Market Samurai (or your preferred tools of choice) to do some serious backlink/competition analysis. After that, it's off to the races!

Thanks for reading my case study, and remember: DON'T BE A SPAMMER!

- Stephen Chapman

Related Content:

The guru facade: Internet marketing shams, flimflams and other BS

The Lure of Black Hat SEO: Take A Walk On the Dark Side

Google scares the pants off the SEO industry by removing Analytics keyword data

5 untapped SEO resources you need to know about

How to Become a Search Ninja: Harnessing the True Power of Google - Part 1

Search ninja part 2: How to find older versions of software (and much more)

No comments:

Post a Comment