google-alerts1

Google is continuing its efforts to promote privacy in search by prioritizing indexing HTTPS pages over their HTTP equivalents.

In the announcement, Google explains its long-term aim is to eventually direct users to secure webpages with a private connection. The step to only index HTTPS pages when an HTTP equivalent exists is their most recent move in this process, following the small rankings boost given to HTTPS pages last year.

Unlike the change to Google’s algorithm in August 2014, this move will not have any effect on rankings. Instead, it simply means that Googlebot will only index the HTTPS version of a URL when both an HTTPS and HTTP version exist.

While Google’s commitment to secure search may lead to more rankings boosts for HTTPS pages in the future, this change is mostly to improve the efficiency of Google’s current indexing process. As they explain in their announcement:

“Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification. This is why we’ve been strongly promoting HTTPS everywhere.”

google-alerts1

While it is increasingly important for your site to be mobile-friendly, there are some unique risks to running a mobile-friendly site webmasters should be aware of. Google has been encouraging sites to implement mobile-friendly strategies, but it is also cracking down on mobile-only redirects if they are used for fraudulent or deceptive purposes.

Most of the time, mobile-only redirects are used to send mobile users to content they requested in a mobile-friendly format, however some use the redirects deceptively to direct smartphone traffic to unwanted content. In some cases these deceptive redirects can send smartphone users to entirely different websites than the one they requested.

The majority of webmasters aim to use redirects properly, but it has recently been found that deceptive redirects can find their ways onto websites without the webmaster ever knowing. This can potentially happen one of two ways:

  • Advertising: A malicious script installed to display ads may redirect mobile users to a different site without the webmasters knowledge.
  • Hacking: Some hackers set up redirects to spammy or malicious domains for mobile users only.

While it has become known that these redirects can be created without a webmaster’s awareness, Google has recently made it clear they will continue penalizing sites with these deceptive redirects. Google’s webmaster guidelines explicitly forbid these types of redirects and the search engine says it will enact manual penalties when they are discovered.

Thankfully, there is an incredibly easy test you can do right now to make sure your site hasn’t come down with a case of deceptive redirects. Just search for it in Google on your phone and click on the results.

Google also encourages webmasters to monitor their sites for user complaints as well as regularly reviewing analytics data for unusual activity such as any sudden drops in mobile traffic.

If you do find any evidence of deceptive mobile-only redirects, Google recommends checking Search Console for any warnings about site hacks. If you don’t see any alerts, it is possible there may be an issue with third-party scripts on your site. To figure out which one is causing problems, you will have to go through and disable them one at a time until the problem is resolved.

Google is launching a new set of algorithm changes intended to remove hacked sites that spew spam from the search engines. According to the company, the changes will affect approximately 5% of queries and has already begun rolling out.

Google says it is cracking down on hacked spam to protect both searchers and site owners, but the move could have consequences for legitimate site owners unaware their site has been hacked. These sites are dangerous to those who visit them as they can lead to malware downloads, marketing of illegal goods, or completely redirecting people to unintended, low-quality sites.

For queries with a particularly large amount of hacked spam present in the SERPs, Google says you may see an overall reduction in the amount of results shown. According to the announcement, this is because Google is working to make sure users only see the most relevant results for their queries.

In some particular searches, as much as a quarter of the search results have been removed.

Google has said these changes will be part of an ongoing effort to continuously refine its algorithms to improve SERPs and cut out bad content.

Twitter Banner

Google made big news earlier this year when it declared it would favor sites that switch to HTTPS, and now Twitter is taking a similar path. A member of Twitter’s development team published a thread on the Twitter Community forum explaining the company’s future plans for HTTPS and setting a deadline for the company’s switch the HTTPS.

Starting October 1st, Twitter will begin utilizing HTTPS for all new outbound links, meaning any new link you share will be packed in “https://t.co”. This way Twitter can securely send users to their intended destination, even when the destination page is not an HTTPS link.

Similar changes have been made by popular sites such as Reddit and Wikipedia, however in those situations the sites began using HTTPS site-wide.

This will also have the added side effect of increasing URL lengths in the future, depriving you of one more character to write with when sharing a link.

This also causes issues with tracking referral traffic to non-HTTPS sites, as Twitter explains non-HTTPS sites may see an apparent decrease in referral numbers.

“Web browsers drop the Referer header from a request by default when downgrading from an HTTPS t.co link to an HTTP destination in compliance with the HTTP specification for the Referer header… Based on our estimates you may see a 10% drop in traffic attribution from Twitter as a result of this security change.”

The company also warns that sites will see a steady decrease in referral traffic recorded from Twitter in the future, as users update to the latest browsers that support this policy.

Examples of injected ads ‘in the wild'

Examples of injected ads ‘in the wild’

A new study from Google and the University of California, Berkeley and Santa Barbara has found that over 3,000 advertisers have been the victims of ad injection software, including major brands such as Sears, Walmart, Target, and eBay.

Ad injectors have long been a boon for webmasters, as the troublesome and occasionally malicious programs insert unwanted ads into web pages costing publishers in ad revenue and causing advertisers to pay for traffic from ads they never intended to buy.

The study exposes a network of companies that profit from and facilitate these unwanted ads and to show just how widespread the issue is. Google says it has received more than 100,000 complaints from users about ad injectors since just the start of this year.

Ginny Marvin from Marketing Land thoroughly breaks down how ad injection works:

The ad injectors comes in the form of browser extensions and software applications that infect a user’s browser. Google found more than 50,000 browser extensions and 34,000 software applications that had hijacked user’s browsers to inject ads. In nearly 30 percent cases, the software bundles were “outright malicious”, not only injecting ads but stealing account credentials, hijacking users’ search queries and reporting user activity to third parties for tracking purposes.

Google found the ad injector software being distributed onto users computers by 1,000 affiliate businesses, including known adware browser extensions, Crossrider, Shopper Pro and Netcrawl. These companies aim to spread as many ad injector software downloads as possible in a number of ways, including bundling their applications with popular downloads (who hasn’t fallen victim to the pre-checked box for an add-on during a software download?), blatant malware distribution and extensive social media campaigns. They then collect affiliate fees when users click on injected ads.

The ad injectors get the ads from about 25 ad injection library companies such as Superfish and Jollywallet, which in turn source and target ads from relationships with a handful of ad networks and shopping programs. It’s these libraries that pass on a fraction of the profits to the affiliates.

Google found that 77 percent of all injected ads originated from just one of these three ad networks: Dealtime.com, Pricegrabber.com and Bizrate.com.

This network is massive for even the most sophisticated spam and shady marketing systems. Google used a custom-built ad injection detector on Google sites and found that 5.5 percent of unique IP addresses (representing millions of users) accessed Google sites that had some form of injected ads.

Don’t think your Mac is safe either. Google also saw that 3.4 percent of page views on Apple machines and 5.1 percent on Windows machines showed clear signs of ad injection software.

To combat the problem, Google says it has taken down 192 deceptive Chrome browser extensions from the Chrome Web Store and instituted new user protections to prevent similar extensions from making it into the store in the future.

The full report will be presented later this month at the IEEE Symposium on Security & Privacy, but you can read Google’s announcement of the study results here.

Google is in the process of rolling out a new hacked page classifier which puts a notice below sites in the search listings believed to have malicious code or other hacking issues. The only problem is, many webmasters are reporting getting labeled as hacked incorrectly.

Yesterday, Google’s John Mueller acknowledged that a small number of sites are being mislabeled in the search results, which is obviously discouraging to anyone considering clicking on the link.

You can tell if your site is affected by simply searching for your site on Google and seeing if a small blue text appears below the title tag reading “This site may be hacked.” If you don’t see it, you’re in the clear. On the other hand, if you’re seeing that line it means your site has either been mislabeled or really has been hacked.

Mueller suggests having someone experienced in working with hacked sites to review your site to ensure there are no problems. If they give your site a clean bill of health, you will have to notify Google.

This Site May be Hacked

The search engine says to fill out this form if you believe your site is mislabeled as hacked. Once it is submitted, someone at Google will review it and remove the label if they also find no issues. There is no indication how long it will take Google to review your site and remove the label, especially with the number of sites reporting the problem.

For more information on resolving issues with hacked sites, see Google’s best practices.

ransomLast week, many webmasters and SEO’s received a scare in the form of extortion emails from a supposed SEO threatening to plague a site with negative SEO if they do not pay a ransom of$1,500.

It seems the emails concerned even the most prominent members of the SEO community such as Dan Petrovic and Steve Webb. Even more interesting, despite assurances from Google that they would investigate the threats, a fair portion of the community appears to be at least moderately troubled by the threats. This gives an indication of just how easy people perceive negative SEO to be.

The email cuts straight to the point opening with, “This is an extortion email.” It then goes on to explain exactly how the individual(s) will enact specific tactics which can hurt a site’s performance in Google and potentially cause a site to be deindexed by the search engine.

The full text of the emails is as follows:

Hello,

Read this email very carefully.

This is an extortion email.

We will do NEGATIVE SEO to your website by giving it 20,000 XRumer forum profile backlinks (permanent & mostly dofollow) pointing directly to your website and hence your website will get penalised & knocked off the Google’s Search Engine Result Pages (SERP) forever, if you do not pay us $1,500.00 (payable by Western Union).

This is no false claim or a hoax, download the following Notepad file containing 20,000 XRumer forum profile backlinks pointing to http://www.negativeseo.cn.pn/ (this is our website and go and see on this website, you will find our email address [email protected] from which this email right now is being sent to you) :

http://www.mediafire.com/download/eizjwnpq2rsrncu/20000-XRumer-Forum-Profile-Backlinks-Dofollow.txt

Just reply to this email to let us know if you will pay just $1,500.00 or not for us to refrain or not from ruining your precious website & business permanently. Also if you ignore this email and do not reply to this email within the next 24-48 hours, then we will go ahead and build 20,000 XRumer forum profile backlinks pointing directly to your website.

We are awaiting your wise decision.

RS

Thankfully, it appears the entire situation has been nothing more than empty threats. Despite several credible SEO figures reporting the extortion emails, no one has reported paying the extortion amount and there are no signs that negative SEO is being put into action against these sites.

google-security-360In the past, several Google employees have suggested they would like to see site security included as a ranking factor within their search engine. Now, Google has followed through and announced that going HTTPS, or adding a SSL 2048-bit key certificate on your site, can potentially give you a small ranking boost.

Don’t expect to propel yourself to the top of the search results by adding HTTPS, as Google refers to it as “a very lightweight signal” within the larger scheme of things and only affects “fewer than 1% of global queries.” However, it was also implied that the new ranking signal may get beefed up in the future in an attempt to encourage all site owners to increase the security on their sites.

The change should come as little surprise to anyone who heard Matt Cutts, Google’s head of search spam, publicly endorse the idea of making SSL a ranking factor just a few months ago.

Unlike many ranking changes that Google makes, the risk of drawbacks is small. Google has been saying that switching to HTTPS should not have an effect on SEO for years, so long as you take a few steps to guarantee your traffic stays steady. Mostly, such steps relate to communicating to Google so it understands how to read your site.

Google has also said they will be releasing for information and resources for webmasters deciding to adopt HTTPS, but for now all they offer are these tips:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

Bing is working hard to improve user safety. But rather than censoring or blocking sites that Bing deems to be a threat, the search engine is offering extra information so that users can make informed decisions and hopefully avoid sites that may have been compromised.

Bing announced the Bing Site Safety Page this week on the Bing Webmaster Blog. The safety page will show up on search results if Bing has identified a specific site as having a potential safety issue. This means users will receive a warning that a site might have problems and the webmasters will have added incentive to resolve the issues quickly.

Below you can see a screen shot of what the alert will look like and what the full Bing Site Safety Page looks like.

Bing Safety

The Bing Site Safety Page will include information such as how long the issue has existed and when the last scan took place. Webmasters will also have extended information about how to resolve the security issue within Bing Webmaster Tools.

The Bing Safety Page offers:

  • The reason the page is being marked as malicious, e.g. Malicious Javascript, DriveBy Attacks, Malware Network References, etc…
  • The date the infection was first detected
  • How often the URL has been scanned
  • The date the infection was most recently detected

Bing also said they planned on expanding the page further in the near future with more data such as:

  • The total number of URLs detected as malicious on the site
  • The types of malware found
  • The last date of suspicious activity
  • When the site was last scanned
  • Warning trigger rate/ coverage

hijackblogHave you ever had to deal with a sudden significant drop in the effectiveness of your pay-per-click advertising? Usually, those types of issues are the result of a bad change with how you are bidding or possibly the failure to adapt to changes on advertising platforms. However, it could also be the result of a concentrated fraudulent effort, as the discovery of a large PPC fraud ring in May shows.

This wasn’t just an issue of click fraud, either. The newer tactic being deployed by the ring of con artists is both serious and hard to detect. Lori Weiman reported that a PPC fraud ring used a tactic called PPC ad impersonation to pose as over 300 advertisers, as well as how they were brought down.

PPC ad impersonation, also sometimes called URL Hijacking, is when a scammer impersonates an advertiser by using the advertiser’s URL as the display URL in PPC ads. But, the scammer then links the ad to the real advertiser’s site through an unauthorized link such as an affiliate link, a phising link, or a cookie-stuffing URL.

Weiman’s report shows exactly how the most recent large-scale PPC ad impersonation ring was brought down, but the issue is far from resolved. Just as with every form of fraud, there are plenty of others out there willing to fill the place of the group that was recently detected.

Normally, these types of fraud are relatively limited, only affecting about 5% of the effected advertiser’s ads, but the recent attack was so bold that between 20% to 100% of ads being shown for some large companies were fraudulent. It is a worrisome sign for the future of these types of attacks, but thankfully this one was resolved rather quickly.