
Hello, this is an extortion email - adamcarson
http://dejanseo.com.au/hello-extortion-email/
======
srean
If the extortionists are able to demote the targeted website with this, then
web ranking is seriously broken. This is quite basic, guilt by association
needs to work in the opposite direction: my site should get demoted if _my_
site links to shady sites and _not_ if shady sites point to me. I would be
extremely surprised if Google got this wrong.

This mass funelling of inlinks, also called a Sybil attack are not that hard
to defend against if one tweaks the Pagerank equations just a little bit. The
source of the problem in the original Pagerank equation was that it used
_addition_. The Pagerank of a page was defined to be the sum of all inlink
weights flowing in. Now sum is a problem because it cannot distinguish between
links from a million shitty pages, from a link from a golden page if the total
link weight flowing in is the same. I seriously doubt if sum is used anymore.

The solution is fairly straightforward, dont use a sum, use a function that
weighs higher values higher. An extreme example would be the MAX operator. In
this case, among all the inlinks my site receives, only the one with the
maximum inflow counts, all the crappy inlinks might as well have not existed.
Max is brittle though and causes instabilities in the convergence, but
variations of soft max works decently enough in theory. To phrase it in
another way, the original Pagerank equations used the L1 norm of the in-flow
vector, one can use Lp norm [0] or fractional powers Lp norms with a higher p
. If one chooses p = \infinity one gets the MAX operator.

[0] [http://en.wikipedia.org/wiki/Lp_space#The_p-
norm_in_finite_d...](http://en.wikipedia.org/wiki/Lp_space#The_p-
norm_in_finite_dimensions)

~~~
leephillips
"I would be extremely surprised if Google got this wrong."

They did get it wrong, and the problem has been well known for many months.
Google has placed a weapon in the hands of anyone who wants to spend a modest
amount of money to buy thousands of spammy links pointing to your site. But
Google doesn't consider this a real problem, because you can spend hundreds of
hours tracking these links down and disavowing them.

~~~
ignostic
Yeah, Google got this one wrong. Just read up on the Google Penguin penalty.

Google used to change the value of "bad" links to 0 rather than negative. The
problem was that there was no risk to spamming. You might waste time, but you
might get some links that Google didn't realize were spam.

There are a lot of problems with what srean suggested above, namely that it
favors big brands who work with other big brands and creates additional
barriers to entry for new companies.

I think Google has gone too far in link-based penalties, but the solution
isn't to stop them altogether. Their current solution for weighing anchor text
and trust is pretty weak. I've never seen a confirmed case of "negative SEO"
working to penalize, but I have seen Google penalizing people for things that
were not meant to manipulate the algorithm.

There's not an easy solution, but I think it's a far more sophisticated spam-
fighting algorithm.

------
hartator
I can share my experience on the other side of the board.

I run a forum hosting platform (forumcrea.com) and we get spammed a lot. Empty
forum creation with just links, profile bombing or just mass posting are hard
to deal with. We have advanced captcha, clever javascript tricks, manual
cleaning, ip banning... However, when you are dealing with human farms or just
a smart spammer, it's almost impossible to keep up. Plus it's only a side
thing that I run for free entirely, so I don't want to waste time dealing with
it. Some people do use the forums for good though.

Concerning this particular problem, my experience is in 98% of the case, they
are not going to carry on with their threats. Almost every emails asking for
link removals (and that's a lot!) I've received from site owners is when they
have hired a SEO company (or run the bots themselves) that has spammed the
forums of my platform.

Something piss me off about these people. It's when they then ask YOU to
remove their mess. Without any compensation. I usually not respond (I am
carrying on cleaning tasks whenever I want and if I want.) or respond with
$150 bill. They should have keep the login/password or keep access to the
forgotten password email. I don't know why I will do special treatments.

Funny story. I think the only time I've received a link removal requests
explaining their were poor victims of negative SEO, it was from the same
people that 2 weeks in the past sent me a email explaining their are the ones
who have spammed the forums. They think we are stupid or something. I guess
they haven't liked the idea of paying for spam cleaning. Shady once, shady
forever.

~~~
stevekemp
> I run a forum hosting platform (forumcrea.com) and we get spammed a lot.
> Empty forum creation with just links, profile bombing or just mass posting
> are hard to deal with.

This is why I setup [http://blogspam.net/](http://blogspam.net/) \- An API
service that you can use to test submissions in real-time. I wanted to
abstract the testing from one of my sites that attracted a lot of this stuff.

Might be worth a look for you.

------
kazinator
Google should penalize the source of the links, not the target. That is,
identify sites that are so poorly run that they allow themselves to be the
source of large numbers of low-quality links, and give no ranking to _any_
links emanating from those sites; moreover, delist those sites from the search
index.

Those sites are as much a problem as the spammers themselves. They are
analogous to open relays in e-mail.

------
blauwbilgorgel
It is important to document cases like these, so others in the future won't
panic when such SEO blackmail happens.

The closest form I could find to report this to Google is:
[https://www.google.com/webmasters/tools/paidlinks](https://www.google.com/webmasters/tools/paidlinks)
Though not regular selling links for money, I would make note about that in
the additional details and provide a link to their XRumer domain list.

In my experience the folks over at the webmaster forums:
[https://productforums.google.com/forum/#!forum/webmasters](https://productforums.google.com/forum/#!forum/webmasters)
are good at, and interested in, handling these sorts of cases.

------
Mandatum
Unfortunately the only way to combat this is to manually disallow negative SEO
backlinks. Meaning you have to go into your Google account, goto the disallow
tools and manually disallow the links that point to your site.

Now, in this case the spammer has supplied you with a list.

That makes life a lot easier, as you have a source of 20,000 links to
disallow!

Unfortunately in remote places and smaller towns, it'd cost you <$50 to
completely decimate any online competition in your area via Google. It'd cost
them >$300 to fix these with a paid "SEO expert".

------
bcguy390
Can someone explain how the extortion actually works? I don't have much
experience with SEO. Thanks

~~~
blauwbilgorgel
Spammers noticed that their own sites got nuked from the results when they
used an automated tool (XRumer) to point thousands of low-quality links to
these sites.

So with a paid product that was now useless (or less useful) for linkspam,
they now turn it around and use it for blackmail: Pay us or we point all these
links to your site.

There used to be a time when the majority of these links were simply ignored
by Google. They were worthless for both linkbuilding and negative SEO. This
may or may not have changed with more recent updates.

In all of this spammers are largely sailing blindly and most of their analytic
"insights" are circumstantial. Pointing a large amount of XRumer links to a
site may only be a single signal to start a deeper investigation: if that
turns up nothing spammy, chalk it up to ineffective negative SEO, and
investigate deeper.

~~~
wlesieutre
Google used to ignore the spammy SEO links, but you can work around that by
just spamming even more of them and hoping that the 1% that slip by will have
a positive effect. As a result of that, Google changed their ranking system so
that the spam links that do get caught have a negative effect on your rank.
Which sounds like a good solution, but they have no way of confirming whether
the site owner made the links or not. So now we have blackmail like this.

I assume Google is aware of this issue and has a system in place to try and
prevent it, but good luck getting support if it screws up and your site falls
through the cracks.

~~~
makomk
Google's official position is that even though they're penalizing sites for
incoming links, negative SEO is impossible. So yeah - good luck getting any
help from them.

------
chatmasta
Google engineers are not stupid. They know that they are enabling negative SEO
by explicitly marking some links as "BAD" that negatively affect your ranking.
But they are also winning the war against Blackhat SEO's, who no longer have
any incentive to spam links to their own websites. If you are a victim of
negative SEO, you can use the link disavow tool to invalidate the link spam.
Every victim will use this tool. But no blackhat will use this tool on his own
site, because it will disavow all his links!

So now Google can tell the difference between a "legitimate" ("white-hat")
site and a "spammy" ("black-hat") site. The legitimate site uses the link
disavow tool when it gets bad links. The spammy site does not.

This gives Google a much better filter for "spammy" sites. The cost is that
some webmasters might be victimized without realizing it, and not use the
disavow tool. But it severely reduces any incentive blackhats have to spam
links to their own properties.

~~~
rcxdude
Not really. It won't take long for the blackhat to disavow some but not all of
his links. A victim of negative SEO also can't disavow all of the incoming
links, so again there's no real way to tell them apart.

------
PaulHoule
I was looking for Xrumer but I forgot the link...

~~~
andyh2
[http://botmasterlabs.net/](http://botmasterlabs.net/) This is the official
site.

~~~
blauwbilgorgel
I don't know if you are in on the joke, but this is how XRumer actually works.
It has bots or other users provide links to their auto-posted questions, in an
effort to avoid detection.

~~~
PaulHoule
The best case (for them) is when they fool an actual user to look up the
product and add the link.

------
tomjen3
And of course they want to get paid with western union. Anybody knows what
percentage of WU traffic is legitimate?

~~~
gwern
I'm fairly surprised they're not using Bitcoin. Must be eastern Europeans who
aren't worried about law enforcement.

~~~
jafaku
But still, they could have asked 10% more if they used Bitcoin.

------
0x0
Is there some funky JS on that page? After scrolling down a few screens, none
of my touches register. It's like they are preventDefaulting all touch events.
Would have liked to scroll through the embedded G+ comments but I guess not.
(iOS mobile safari)

------
joshuaheard
Go to the police. They could probably get a judge to shut down this site.

~~~
giarc
They are probably hosted in some eastern European country, I'm not sure how
well cross boarder/international judgements go.

------
tlrobinson
This made me chuckle: "download the following Notepad file: 20000-XRumer-
Forum-Profile-Backlinks-Dofollow.txt"

------
alsetmusic
I sent a friendly message to Rannvijay (the extortionist) to waste his time a
little bit. If enough people do this, the extortionists might end up
abandoning their email addresses or (if we get lucky) even their domain to
block unwanted attention. Doesn't take more than a minute to try.

~~~
gohrt
To be clear:

You just launched a joe-job attack on someone who is accused (without
conclusive proof) of launching joe-job attacks.

------
SchizoDuckie
That's very cute, but nothing a post on Hacker News and reporting it to google
shouldn't solve.

Also, should this ever happen, point them to a random 419 scammer. that'll
keep 'em busy for a while

~~~
michaelbuckbee
The 'disavow' mentioned in the article is the official method to communicate
with google about bad spammy links.

Further, say you're google - how do you tell that these spammy links are from
an external extortion threat to a company and not an attempt at black hat,
spammy SEO?

It's realistically a minimum of a couple months for Google to remove disavowed
links - if ever.

~~~
dm2
Wouldn't it make more sense to make suspected "black hat" SEO not contribute
to a websites rankings but also not hurt it?

It's always been an issue that someone can purchase links on spam websites and
harm competitors, I would imagine that Google knows about this.

I don't see any advantage to harming a websites rankings because of these
questionable SEO techniques.

~~~
tedunangst
This is why standardized tests like the SAT deduct a quarter point for wrong
answers. There needs to be a "penalty" to keep the expected value even.

~~~
bfish510
But in this case, another student is taking your SAT exam after you've handed
it in and filling in blank answers with wrong answers.

~~~
Ensorceled
Further, that student has no ID and misspelled your name, but some how you
still don't get to go to college.

Google just keeps creeping deeper into the shade ...

