Hacked Joomla, Link Spam and Negative SEO Fears

Recently, igaming affiliates have been complaining about something that to many of them looks like negative SEO against their sites. A number of people have reported seeing links to their sites from pages that look like this:

Joomla casino spam

However, this is not negative SEO against any specific sites but a byproduct of a link spam scheme that goes approximately like this:

  • The offender hacks a number of sites, mostly powered by Joomla, mostly unrelated to casinos, and places his parasite pages like the one in the screenshot above;
  • The content of this page consists of a bunch of keywords some of which are linked to the offender’s other parasite pages on other hacked Joomla sites;
  • Sometimes, to dilute the links to their own parasite pages, they also link to any other random sites found ranking for whatever keywords they use. This is how these sites get their “negative SEO-like looking” links.

Affected affiliates, good news for you: if your site got into one of these parasite pages, it means it’s ranking. Bad news: you got links from hacked sites. These may not be as easily ignored as just any poor quality spam links, so if you have noticed a lot of these in your link profile recently, or if you’re worried that your rankings have already been affected, you may want to disavow them (or talk to me and I’ll help you with a link audit and confirm whether or not yours is a case like this and what your best course of action would be).

How the offender monetises it: the banner and the header under it are linked to yet other parasite pages on hacked Joomla sites, but in this case they are set to redirect to their money site, slots2018 . online. Now, if you check the links of this one, you won’t see anything:

slots2018.online backlinks

But if you check one of the hacked parasite pages redirecting to it, you will see a completely different picture:

parasite page backlinks

parasite page anchor texts

slots2018 . online robots.txt disallows every bot from crawling the site, hence Majestic and other tools can’t crawl it and can’t report its backlinks (which would only be redirects anyway). It’s not going to be crawled by Google, either – but the offender is not worried about it as the site gets all its traffic from throwaway redirected parasite pages on hacked third party sites. On the other hand, affiliate programs won’t know where his traffic comes from, either. Reminds me a bit of this setup a few years backĀ  – only in that case, it was WordPress instead of Joomla.

Talking of Joomla, it looks like hacked sites are using an outdated version – here is a Sucuri scan result for one of the hacked sites:

hacked site Sucuri scan - outdated Joomla

So if you’re a site owner, it goes without saying that you should make sure you are running the latest version of whatever CMS you are using.