New here? Visit our beginner's guide to SEO.

How To Detect (And Deflect) Negative SEO

David McSweeney
David is the owner of Top5SEO and a white hat SEO evangelist. SEO case studies make him a lot happier than they should, and he has a tendency to overuse ellipses...
Article stats
  • Monthly traffic 33
  • Linking websites 76
  • Tweets 96
Data from Content Explorer

Shows how many different websites are linking to this piece of content. As a general rule, the more websites link to you, the higher you rank in Google.

Shows estimated monthly search traffic to this article according to Ahrefs data. The actual search traffic (as reported in Google Analytics) is usually 3-5 times bigger.

The number of times this article was shared on Twitter.

    The search engine listings are like online battlefields. If you’re in a lucrative niche, then you’ll no doubt be slogging it out against several competitors for the top spots in Google. 

    And ranking for the right keywords can open the floodgates to huge search traffic and revenue.

    But if SEO is war, then unfortunately, not everyone fights fair.

    SEO has its dark side, and in this post I’m going to look at what is probably the shadiest tactic (or rather collection of tactics) of them all.

    Because the aim of this process is not for a competitor to boost their own site — it’s to inflict damage on yours.

    How is this possible?

    By using a tactic known as negative SEO.

    But don’t worry, I’ll also be showing you how to detect negative SEO, and how to fight back.

    Let’s get started.

    Negative SEO is effectively the opposite of positive SEO.

    Instead of attempting to improve a site’s search rankings, the aim of negative SEO is to demote a competing site, or in some cases have it completely removed from search.

    Common negative SEO tactics include; building thousands of spam links, sending fake link removal requests, creating fake reviews, content scraping, and even hacking sites.

    Good question (and the subject of much debate).

    It’s clear that you can harm your own site by utilising shady SEO tactics.

    So it stands to reason that — by employing the same techniques — you could do similar damage to a competing site.

    After all, how can Google tell who built all those spammy links, or duplicated content across hundreds of domains?

    The answer is that — if the attack is sophisticated enough — they can’t.

    And yes, negative SEO can work.

    How Do I Know Negative SEO Works?

    There’s no point in relying on theory or opinion here.

    It’s all very well some self appointed SEO guru saying ‘Google will be smart enough to detect this and it won’t work’ (and there are plenty who do).

    That view has no basis in fact and is just a point of view.

    Instead we should look to the myriad of case studies showing actual real world traffic drops and penalties resulting from negative SEO attacks.

    Like this one:

    As an established digital agency with reputable competitors we don’t usually receive such attacks, but when our SEO team highlighted our recent drop in organic visibility we soon established it was caused by deliberate, negative SEO tactics. 
    Jonathan Verrall
    Jonathan Verrall, Associate SEO Director Jellyfish UK

    This one:

    …you can imagine our surprise when one day in my inbox I found the dreaded notice from Google that had a site-wide manual penalty for unnatural inbound links. We quickly set up a call and went through the tooth-rattling ordeal of explaining to our client that they weren’t even ranked for their brand name. Organic traffic dropped by a whopping 94% — and that for a website that gets 66% of its traffic from Google-based organic search. 
    Yonatan Dotan
    Yonatan Dotan, Head of SEO yellowHEAD

    And this one (which has nothing to do with link spam):

    Something was seriously wrong with two of my clients’ sites. They weren’t suffering from Panda or Penguin issues. Their sites were healthier than most of their competitors. Still, I spent 2 months fixing every issue I could think of and still no rankings had changed. Something else, something new was suppressing their search visibility. 
    Bartosz Góralewicz
    Bartosz Góralewicz

    So that’s the bad news.

    Now for some good news:

    Most negative SEO attack stories have a relatively happy ending. Generally rankings and traffic can be recovered to pre-attack levels.

    And with Google Penguin now working on a real time basis, recovery from any link spam based negative SEO should be much speedier.

    I used the word ‘successful’ in the title of this section for a reason.

    What we’re looking for here are signs that someone has already succeeded in negatively affecting your search rankings.

    later I will show you how to detect an active negative SEO campaign and take defensive measures before it impacts your rankings. 

    There are 3 indicators listed, but if you spot the 2nd, or 3rd, you’ll almost certainly spot this one first.

    1. Sudden Drop In Search Traffic

    If the aim of negative SEO is to reduce your search traffic, then clearly for an attack to be considered successful it has to do just that.

    So if you notice a sudden drop in your search traffic then — assuming you haven’t been up to anything dodgy yourself — it could be a sign of negative SEO.

    image credit: SEOpressor

    image credit: SEOpressor

    2. Manual Penalty Notification

    There are two types of Google penalty: manual and algorithmic.

    You’ll generally only be able to spot an algorithmic penalty by noticing a drop in traffic (and rankings).

    But if the penalty is manual you will get a lovely little message from Google telling you that they’ve taken action against your site.

    unnatural links warning

    image from KissMetrics

    Again, if you’ve been whiter than white with your own SEO, then the penalty may have been triggered by a negative SEO attack.

    3. Drop In Individual Keyword Rankings

    If your search traffic is down, then the chances are your rankings are down too.

    You can use Ahrefs’ Rank Tracker to keep an eye on the movements of your most important keywords.

    Just add the keywords you want to track to the tool and you can easily see how they have moved up and down the SERPs over time.

    Below you can see’s position history for the keyword ‘backlink checker’.


    In this case our search position is pretty static. But if there was a sudden drop, that could be a sign of negative SEO.

    We’ll also send you a weekly email report showing position changes for all keywords you track. 
    This is useful for spotting more granular negative SEO attacks against individual pages or keywords.

    If one particular keyword has been successfully pushed out the SERPs then you might not immediately spot this when looking at overall site traffic.

    So make sure you track your most important keywords. 

    Now let’s look at individual negative SEO tactics (and how you can defend against them).

    Negative SEO tactics can be constructive or destructive in nature.

    They can also range from being underhand/shady to completely illegal.

    Below I’m going to cover:

    • The most common negative SEO attacks
    • How to spot them
    • How to defend against them

    We’ll start with the tactic most commonly associated with negative SEO.

    1. Spammy Link Building

    Building a ton of low quality links to a competing site is probably the most prevalent — and certainly the most unsophisticated — form of negative SEO.

    Whether those spammy links come from cheap fiverr gigs, scrapebox comment spam, or a link network, the result is the same: a sudden influx of dodgy links pointing to your site.

    How Spam Links Can Harm Your Site

    There are two approaches to link spam when it comes to negative SEO and either (or indeed both) of them may be used by an unscrupulous SEO.

    • The volume approach — blasting thousands upon thousands of low quality links at your site.
    • The over-optimised anchor text approach — pointing lots of exact match anchor text links at a ranking page and screwing up its anchor text ratio.

    The aim of both approaches is to get your site penalised — either algorithmically by Penguin, or through a manual action from Google’s webspam team.

    Fortunately both of these tactics are easy to spot.

    For more information on what spammy links are and how they can harm your site, see our guide to bad links.

    How To Detect A Link Spam Attack

    Here are 3 methods you can use to detect spam links (you did not build) pointing to your site.

    Method 1: Find Spam Links In Real Time

    The simplest way to detect an active link spam attack is to actively monitor new backlinks pointing to your site.

    You can do that by setting up a backlinks alert in Ahrefs.

    Alerts > Backlinks > Add alert > Enter domain > Set frequency > Add


    You’ll get a regular email notifying you of all new links Ahrefs has discovered pointing to your site.


    If you notice a sudden influx of suspicious links, this could be a sign of a negative SEO attack.

    Method 2: Check The Referring Domains Graph

    The Referring Domains graph on the overview page for your domain in Ahrefs Site Explorer will quickly show spikes in your backlink profile.

    Site Explorer > Enter domain > Explore > Overview


    huge spike in links for the domain

    Of course a sudden increase in referring domains could be a good thing. For example one of your posts may have gone viral, or you could have had success with an outreach campaign.

    But it could also be the sign of a negative SEO attack.

    So whenever you notice a spike, you’ll want to take a look at exactly where the links are coming from to make sure everything looks above board.

    The simplest way to do that is to run the ‘New’ report under ‘Referring Domains’ in Site Explorer.

    Just set the date range to correspond with the spike and you’ll get a list of all new sites we found linking to you in that period.

    Site Explorer > Enter domain > Referring domains > New > Set date range > Show New referring domains


    The spike in domains I showed you above was for the domain Turns out they’ve been pulling in some great links. So no negative SEO in this case.


    Method 3: Anchor Text Report

    The first two methods are most effective for finding volume attacks, where hundreds or thousands of links are blasted at your site.

    But it’s also easy to spot an attempt to manipulate your anchor text ratio.

    Just run the ‘Anchors’ report under ‘Backlink Profile’ in Site Explorer and you’ll get a percentage breakdown of all anchors pointing to your site.


    The above screenshot shows the anchor text breakdown for my own site Top5SEO.

    You can see there are an unnaturally high number of links with the exact match anchors ‘link emperor results’, ‘link emperor review’ and ‘link emperor’.

    These links were part of a negative SEO attack against my site. The aim was to knock me out of the SERPs for the phrases above by over-optimising my anchor text for those keywords.

    Here’s another example of negative SEO attack shared by one of our readers. It was detected by analyzing anchor texts in backlinks as well:

    Most of the people know why their site is penalized — they didn’t follow webmasters guidelines. But my last client had a specific situation — everything he told me sounded like natural, so-called, white-hat SEO backlinking. After detailed backlink audit, we realized it was negative SEO. How did we know it? Simply, no one wants 100+ spammy comments with offensive anchor texts.
    Anamarija Barun, backlink audit specialist at PointVisible

    You can read their full study, including recovery process, here.

    See our guide to anchor text for more on how over-optimised anchor text can negatively influence your search rankings. 

    How To Fight Back Against A Link Spam Attack

    There’s probably not going to be any way to get the spammy links removed.

    So your best bet is to disavow them.

    Disavowing links involves uploading a list of links (or linking sites) to Google in a specific format which basically tells them ‘I don’t vouch for these links — please ignore them’.

    It’s believed that with Penguin 4.0 Google has transitioned back to devaluing (or ignoring) spammy links, rather than penalising for them.

    But we would still recommend disavowing any low quality links resulting from negative SEO just to be on the safe side. If you don’t get penalised algorithmically, you could still get penalised manually.

    See this exchange between Barry Schwarz (Search Engine Round Table) and Gary Illyes (Google):


    You can use Ahrefs’ Site Explorer to prepare your disavow file in the correct format.

    Editor’s Note
    The full process (including what to look for) is explained in our post on bad links and the following video.

    But I will also give you a quick overview of the process below. 

    To prepare a disavow file you’ll first need to add your site to your Ahrefs dashboard.


    Next, run the ‘Referring domains’ report to work through your backlinks and look for low quality links associated with the attack.

    Site Explorer > Enter your domain > Explore > Referring domains

    If the spammy links were built over a specific time period, then you might want to order the report by ‘First seen’ to quickly find links from that period.

    Select any domains you want to disavow, then click ‘Disavow Domains’.


    Once you have added all the domains you wish to disavow, return to your Ahrefs dashboard and click “Disavow links” above your domain.


    The domains you added previously will be listed in the report. Click on export to begin creating your disavow file.


    Check the box to save the disavow file in .txt format.


    You will now have a properly formatted disavow file, ready for uploading to Google.


    2. Fake Link Removal Requests

    This is a particularly sneaky form of negative SEO that I first noticed a few years back.

    On several blog sites I ran at the time I started to get emails that went something like this:

    Dear Webmaster,

    Our client’s site x has links on your page y.

    Due to recent changes in google’s algorithm we no longer require these links and request that you move them.

    Thank you,
    Some SEO Company

    These requests seemed fishy to me as the links in question were editorial and certainly would not have been harming the linked sites.

    So I investigated…

    And sure enough, these requests did not originate from the linked sites. They were in fact part of a destructive negative SEO campaign and all the removal requests were fake.

    Now if there can be an argument over whether a link spam attack on your site will work, there can be no such dubiety here:

    Fake link removal requests can definitely hurt your site.

    Imagine suddenly losing a load of your best backlinks. That’s going to cause your rankings to tank.

    How To Detect A Link Removal Attack

    Of course there is no way to stop the fake removal requests going out — that’s outwith your control.

    But what you can do is look for signs of an active link removal attack and take action as soon as possible to protect your backlinks.

    And once again Ahrefs’ backlinks alert is your friend.

    Because as well as showing you all new links pointing to your site, the report will also show you any backlinks which have been removed.


    What To Look For

    If you notice a solid link dropping off your profile, you should immediately investigate why it has been removed.

    Now there could be a legitimate reason for the removal. For example, the page might have been removed, or the content updated.

    But if you can’t see any obvious reason for the link to be lost, then it could be the sign of a link removal attack.

    Either way, it’s worth reaching out to the (previously) linking site and asking why your link was removed.

    Like all outreach, keep your email short, friendly, and to the point:

    Subject: Their Site Name / Your Site Name

    Hi {name},

    I noticed you recently removed a link to our {post about x} from your {post about y}. I was wondering if there was a particular reason you removed the link?

    We’d love to be featured on your site again, so let me know if there’s anything we can do to get the link reinstated 🙂

    {your name}
    {your site}

    If there was a legitimate reason for removing the link, they might consider adding it again.

    And of course if the removal stemmed from a fake link removal request, then hopefully they will reply and let you know.

    How To Fight Back Against Fake Link Removal Requests

    Once you know that a link removal attack is in progress, there are two courses of action:

    If Your Link Has Already Been Removed

    Reach out to any sites who have already removed your link, let them know that the request did not originate from your company, and ask them to reinstate the link.

    If The Site Is Still Linking

    Reach out to them and let them know about the attack. Ask them to ignore any link removal requests from your company.

    You’ll want to reach out to as many sites as you can. And the quicker you take action to negate the attack, the better your chance of protecting your backlinks.

    You can find all sites linking to your site by running the Referring Domains report in Ahrefs Site Explorer.

    Site Explorer > Enter domain > Explore > Backlink profile > Referring domains


    For tips on finding contact email addresses for linking sites, check out this post.

    Unfortunately it’s a time consuming, but necessary process.

    3. Content Scraping

    Google frowns upon content which is duplicated across multiple sites on the web. They will normally pick one version to rank and ignore the rest.

    I should point out here that there’s nothing wrong with syndicating your content on high authority sites with a link back to your original post. In fact, we recommend it.

    But when someone copies your content without attribution that’s bad news.

    And when it’s done at scale… that’s really bad news.

    You would hope that Google would be smart enough to recognise your site as the original source of the content. And most of the time they do.

    But not always.

    How about if any new posts on your site are automatically scraped and reposted straight away? What happens if Google indexes the scraped version first?

    And what if your content is scraped and reposted on authority sites like amazon? Are you going to outrank a huge site like that?

    Or even worse…


    Content scraping (when someone copies your content and posts it verbatim on another site) is another nasty form of negative SEO that really shouldn’t work, but — at least in some cases — does.

    So how do you defend against it?

    How To Tell If Your Content Has Been Scraped

    The easiest way to find out if your content has been scraped is to simply copy a paragraph from your page and paste it into Google (with quotation marks).


    But for multiple pages, that’s clearly going to be a time consuming task.

    Fortunately, it’s also an unnecessary one. Like most jobs in SEO, there are some great tools that will help you automate the process.

    Copyscape is one of them.

    Finding Scraped Content With Copyscape

    To check individual pages you can just enter the URL into the tool.


    In this case Copyscape didn’t find any duplicates, so all good.


    To search multiple pages at once you’ll need a Copyscape Premium account and search credits. Each credit costs $0.05, so if you wanted to check 1,000 URLs (the maximum is 10,000 in one batch) it will set you back $50.

    Here’s the process for checking multiple pages with Copyscape’s batch tool.

    Paste the URLs you want to check into the batch tool.


    Click add and the tool will verify the number of URLs you entered. It will also give an approximate time for the batch scan to complete.


    When it’s done you’ll get a list of all scanned URLs showing the number of duplicate content matches and a colour coded “Risk” score.


    You can click an individual URL to see the matches.


    What To Do If You Find Your Content Has Been Scraped

    If you discover that your content is being scraped (without attribution) then the first step is to email the site which has copied your content and ask them to remove it.

    Of course, that’s unlikely to yield results (but you should still try), so in most cases you’ll need to escalate.

    To get Google to remove the duplicates, you’ll have to file a DMCA (Digital Millenium Copyright Act) complaint against each page which has copied your content.

    You can do that using Google’s DMCA dashboard.


    Unfortunately it’s not a quick process.

    You will have to fill in a separate DMCA form for every page that violates your copyright and you wish to be removed from Google .

    Here are the instructions from Google’s legal help resource.

    Please read the following Instructions before filling in our online notice

    Completing the notice with as much detail as possible will help us respond quickly!
    In the “Identify and describe the copyrighted work” box, please give us a detailed description of the work in question. If possible, provide an example or sample of the work that is allegedly being copied.

    In the “Where can we see an authorized example of the work?” box, please give us the URL address of the work in an authorised location. This will be used by our team to verify that the work appears on the pages that you are asking us to remove. Please tell us if the work is not available online.

    In the “Location of the allegedly infringing material” box, please identify the URL addresses of the content to be removed.

    It is important to provide as much detail as possible to ensure each takedown request is successful.

    Successfully removing duplicates of your content from Google should see a recovery in your search traffic.

    For more information on the DMCA takedown process, see this guide from The Copyright Alliance.

    A DMCA removal request should be your last resort in protecting your copyrighted content online. This should only be used when a site is blatantly infringing your copyright (without attribution) and will not respond to requests to remove (or attribute) the content. 

    4. False URL Parameters

    URL parameters are values which are set in a page’s URL string. In the example below, the parameter ‘size’ is set to ‘small’.

    These parameters are commonly used in Ecommerce (and other) systems to filter and sort pages.


    In my guide to Ecommerce SEO I talked about how URL parameters can cause all sorts of indexing issues if your site is not well configured.

    One page can end up getting indexed multiple times with only slight variations in content.

    And that can cause Panda to crush your site.

    The shady SEO can use this to his (or her) advantage.


    By linking to pages on your site using fake parameters.

    Google will follow these links and — if the site is not set up correctly — index the pages.

    How To Defend Against False Parameter Attacks

    Fortunately this is an easy one to protect your site against.

    Take the following example:

    I’ve added a fake parameter to the URL of our SEO tips post.


    The page loads at that URL.


    We have a canonical URL tag in place, that let’s Google know what the de-facto version of this page is.

    <link rel="canonical" href="" />

    This tells them they should only index the root URL and ignore any additional parameters.

    In most cases adding a canonical URL should be all you need to do.

    But if you want to be extra careful, you could 301 redirect any non whitelisted parameters to the base URL, or even add a noindex tag to any parameterised pages.

    5. Hacking Your Site

    The final method of negative SEO in this guide goes beyond bad form (or ethics), and crosses the line into criminality.

    Google wants to protect its users and will take a dim view of any site which is hosting malware (or linking to sites which do).

    If they don’t bowl it straight out of the SERPs, they will definitely add a ‘this site may be hacked’ flag to any results for the site.


    I’m sure you wouldn’t click on a result like that. So if your site gets flagged as hacked, expect to see your ranking tank.

    Of course, notwithstanding negative SEO, not getting hacked should be high on your list of priorities anyway!

    I’m not going to attempt to explain what you should be doing to secure your site against hacking here (that’s a post in its own right).

    Instead here are links to some of the best website security tutorials on the web:

    If you have the budget, I would also recommend securing your site with Sucuri.

    Install the software on your site and Sucuri will actively monitor for hacks, changes, brute force login attempts and more.

    You’ll get an alert if anything looks untoward. Even better, if you do get hacked, they will clean up your site for you as part of the service. 

    Over To You

    In this guide I’ve covered 5 of the most common negative SEO tactics and how you can defend against them.

    But a word of warning:

    This list is not exhaustive.

    Anything that can negatively affect your site’s reputation has the potential to be used against you.

    For example, a competitor could post fake reviews about your business, or create fake social media profiles.

    I also discovered a particularly nasty tactic called Googlebot Interruption, which involves working out when Google is likely to be crawling a site and then hitting it with a DDOS (Distributed Denial Of Service) attack at that time.

    So unfortunately you have no option but to be vigilant.

    If your website is your business, and Google is your main source of traffic, then you have to make sure you catch any attempts to negatively impact your rankings as early as possible.

    So keep a close eye on your traffic, rankings, and backlinks.

    If you have any questions or comments, then please them below.

    And finally…

    Please don’t think about using negative SEO against a competitor. You don’t want to be that guy.

    • Monthly traffic 33
    • Linking websites 76
    • Tweets 96
    Data from Content Explorer