Being the victim of an SEO spam hack will bring troubles for website owners. It can result in both algorithmic and even in severe cases, manual action taken against the website by Google.

First, what is an SEO spam hack?

Is your website starting to look a little like a discount fashion store or pharmaceutical site?

SEO spam hacks are infectious. They take advantage of your website’s reputation through the injection of spam links in your website and throughout an interlinked network of other hacked sites. These hacks will damage your reputation and online visibility by being blacklisted by search engines. In most cases, it’s not enough to remove the hack.

You’ll need to take a deep dive into your code and find the vulnerability at its source; otherwise, after you remove the hack, it will likely keep coming back leaving you with a diminished reputation and a lot of headaches to deal with.

How to identify SEO spam hacks

Some hacks are easier to find than others. Some hacks are super obvious. For example, if you visit and all of a sudden, you’re stuck in a redirect chain of spam sites.

Another visible sign of an SEO spam hack is a sudden increase in referring domain names and pages.

More signs include notifications from Google in either Google Search Console or notifications like, “This site may be hacked,” in Google’s search engine result pages.

SEO spam hack

SEO spam hack – Sudden significant increase in inbound links

This site may be hacked

Other SEO spam hacks can be even more sophisticated. For example, the hackers will use cloaking techniques that show Google and other search engines the spam pages, while showing everyone else the nice, clean and unhacked version of your website, draining your site’s authority without you ever knowing.

How to clean up SEO spam hacks

Cleaning up SEO spam hacks can be tricky. Many times, the pages are dynamically loaded through various scripts spread throughout your website. If you don’t first find and fix the original compromised issue, the hack will likely continue to resurface.

Due to the nature of our business, we get a lot of requests to clean up hacked websites. The first thing we do is try to figure out when the hack happened. This can be done through evaluating server and file changelogs. Once we know when the hack occurred, we sort through the files that have been modified or created during that time.

Next, we find the pattern of the injection. We look for common issues such as file permission problems and work backward until we see the originating source of the hack.

Once the hack has been deleted the next step – if you have received a manual action from Google – is to submit a reconsideration request. In the request, you’ll need to acknowledge the hack, how you repaired it, and what you did to ensure the hack will not come back in the future.

We always set up security monitoring, a firewall through Sucuri, hourly website backups, file modification rules, and other precautions to protect your website.

Now, it’s time to get the hacked link network removed from your link portfolio. Many times, the hacked link network is unsuspecting website owners like you that may not have known they’ve been hacked. For those, getting them to remove the hack is pretty easy by letting them know their site hack exists. For those websites who don’t respond or don’t remove the links, you’ll need to create a disavow file.

Disavow files are submitted to Google through their Disavow Tool. The disavow file lets Google know there’s a problem and that you don’t want your website to get credit, or have responsibility for, the specified links pointing to your website.

Once that’s done, you should expect a clean recovery, and at times, if you catch it early enough, you might not even see a drop in search engine traffic or visibility.





As you can see with the three above domains, completely unrelated websites are that the same SEO spam hack infected them. The injection took place right about the same time, and the result were the same. Also, you will notice the decrease in referring domains over time which indicates the site owners either shutting their sites down after realizing they’ve been infected or having the hack removed as did.