Tech Errors, Vulnerabilities, and Hacking Attempts oh my
2/7/2017 – $%it happens. There is a never-ending war on for high competition keywords and the Wix SEO contest’s “SEO Hero” is no exception. At times SEOs must balance what we offer to the public and what we can’t due to circumstances of software vulnerabilities and known technical bugs.
vBulletin has been providing forum software since the dawn of the Internet and some live boards are older than dirt. Based of the phpBB open source CMS, vBulletin paid software is not without flaws right out of the box and with the contest time limits, HQ has questioned rerouting the forum project.
HQ was cruising along in 2nd place just behind beanseohero.com for several weeks, then a turn for the worse. Fortunately, Google emailed us and alerted us to an “increase in crawl errors.” Ten or fifteen crawl errors probably won’t effect a website’s ranking abilities, but four or five-hundred crawl errors will trigger a algorithm response.
vBulletin 5 Connect’s search function can trigger soft 404 crawl errors in Google Webmaster Tools because if a “search” is created, even if for a non-existent term, the search results page created for the search term is expiry. Once the search page “expires” this should not create a “404” or “Invalid URL” error, but it does according to Google Webmaster Tools.
Exploitation of this software vulnerability can in fact devastate SEO efforts. When finally noticed, our forums search feature created over four-hundred soft 404 errors associated with the vBulletin Connect search function.
Our first inclination was to disable access to the search feature. This eliminated the creation of new expiry search pages, but did not cease the search spiders from crawling the existent user-created expired search result pages.
Heroes HQ Fixes vBulletin Soft 404 Errors
Make it go away! To stop this error dead in its tracks, simply update the domain’s robots.txt (found in the root directory of the domain/if not create and upload to the domain’s root folder). Add the following code to the robots.txt file
User-agent: * Disallow: /search. If the forum is installed on a higher directory, make sure to instruct the crawl spiders to follow the correct path:
User-agent: * Disallow: /forums/search. Inevitably, SEO Heroes HQ will see a plummet in the Wix contest ranks. But… We will be back! Hopefully in time, as time is very limited―only 34 days remain!
12/29/16 – A few weeks ago, SEO Hero HQ’s core construct was finished and we tested our page speed using Google’s Page Speed Insights. SEO Hero HQ scored a 77/100 for mobile (98% user experience rating) and 85/100 for desktop website speed. Now that we are using all our superpowers to create unique SEO Hero related content, we thought new page speed tests were in order to ensure that our audience is receiving the best quality website experience possible.
Recent page speed insights tests revealed a 15 point drop in both mobile and desktop page speed. We did lose a few speed points from disabling page caching as it interfered with some of the dynamic functions of SEO Hero HQ. But… HQ already was aware of this score loss and had the figures down to the digit. What attributed to this drastic drop in page speed score?
There are good bots, and there are villain bots. HQ checked the user activity logs for the domain and, not absolutely shocking, there were several hacking attempts including brute force login attempts, denial of service attacks (DDos), port scans, and other nefarious “bad guy” bot duties.
Even our organically, well ranked FaceBook Fan Page App was crudely flagged as a malicious, or a phishing site when all the page did was display HTML inline with secure socket layer (SSL) and w3 markup. The majority of the attacks are coming from the Russian Federation, and the Ukraine. Much to our surprise, HQ has fended off DDos hacking attempts from the United Kingdom, and Florida.
SEO HQ Hero’s Security
SSL protects your website by instituting an encrypted connection between a browser and a server, that is pretty much it. Consistently and constantly, a website’s security needs to go well beyond SSL to fend of hackers, and villain bots! The SEO Hero contest may have amplified these hacking attempts because villains will do anything against the rules to satisfy their greed, except for the actual hard work that is required to virtually build a competitive WhiteHat website.
SEO Hero HQ’s robot.txt Versus Malicious Bots
Robot.txt security is not without it’s limits, but a proper SEO robots.txt file does allow for domain’s webmaster to get creative with villains that may be sucking up the domains valuable resources and lowering page speed. Within the robots.txt file webmasters can code in virtual traps, or other “honeypot” traps for bad bots. Virtual traps are great examples of a defensive measure available to fend of many DDoS and Brute Force type attacks by simply editing your robot’s file.
Villain bot Jokers can not resist breaking the rules declared by the robots.txt file. The file directives clearly states, “User-agent: * (yes everyone) and Disallow: /?blackhole,” meaning everyone stay out, but villains can’t resist breaking the rules and going out of bounds. It’s up to SEO heroes to blast these jokers out of existence. Is the robot.txt file enough to beat nemesis bots? No.
WordPress Security Plugins
The WP Plugin “Limit login attempts” by Johan Eenfeldt is a countermeasure against brute force login attempts. Unauthorized users that attempt to login to the WP admin console are locked out if the user name and password attempt is failed. The lock out feature is manually set to the desired amount of login attempts. Instead of giving the bot, or human hacker several attempts to gain access to the back end of your domain, the limit login attempts WP plugin has the superability to block malicious attempts after the first try.
GM Block Bots WP Plugin by GreenMellen Media is a click to install plugin that blocks semalt.com, buttons-for-website.com and other referral spam bots that cloud the judgement of SEO Heroes about website activity in Google Analytics. GM Block Bots displays blocked bots a 403 forbidden message so that they no longer show up in Google Analytics statistics.
Negative SEO Requires Heroes to Disavow the Villains
Sure enough there have been some doctor strange links pointing to the SEO Hero HQ website. Fortunately, Google provides the Disavow Tool. The disavow tool provides a way for webmasters to discount links that are pointing to their domain. Use the tool with caution because sometimes a perceived bad link may actually be improving the website’s ranking in the SERP. If an error in link judgement is made, have no fear, Super Google lets you edit the disavow file and remove websites that were previously listed in the file.
Unnatural links are a common manifestation anytime a competition website is released. An elementary, and highly villainous Negative SEO BlackHat method often utilized points thousands of unnatural, or low quality links with sculpted anchor text toward a domain. The unnatural links are meant to trigger Google’s algorithmic penalties that can cause a well ranked website to be sandboxed, or worse yet, de-indexed from the search results entirely.
cPanel IP Blocker Feature for Security
cPanel also offers many additional security features that help heroes fight against hacking attempts, and bad bot infestation. After identifying villainous bots from server logs, and Awstats, the cPanel feature can blocks ranges of IP addresses from the identified bad bot’s IP’s and prevent them from accessing the domain.
Are Wix SEO Hero Challengers Cheating?
Since Professor F set a bounty of $50,000 top prize money for winning the Wix Seo Hero Challenge, of course BlackHat methods and cheating attempts have been deployed from nearly every nation on Earth! SEO Hero HQ asks the question, “who benefits?” Is negative SEO anywhere close to representing the values of a hero? Did competition for the organic search term “SEO Hero” move in on someone’s territory, or livelihood? Was cheating with negative SEO and hacking attempts deployed against HQ to gnaw away at our ranking factors?
Dr. David Bruce Banner, Ban those Bad Bots!
seoherofromzero.com: 100% Server Uptime!