Defend Against Black Hat SEO: Your Web Host Can Help

The world wide web is a dynamic, exciting place to launch a new business or promote your organizations message. Its also a lawless landscape in which black hats " crackers, hackers and other on-line evil doers " roam with very little oversight or law enforcement.

Bring in the Big Guns

And that means its up to every site owner to ensure that his or her site is defended against intrusions, code injections and other forms of attack. Theres plenty of software to help keep hackers out of your desktop pc, but what about your hosting service? How can you protect server-based data?

Top-tier web hosting firms design proprietary hardware and software protection to ensure that your business is secure. But site security doesnt stop with impenetrable firewalls, spam zappers and e-mail scanners. In fact, if you go with a hosting service that isnt up to speed on the latest forms of hacker attackers, you could quickly find your site is no longer under your control!

Great hosts harden their server systems to deter and deflect known exploit points in the software the servers run and in any client-sites code! There is where the value of quality hosting comes into play .

XSS Attacks

XSS stands for cross site scripting and it poses a threat to even the most secure sites because XSS exploits vulnerable hardware and software holes that allow black hat SEOs to circumvent commonly employed security systems. In an XSS attack, black hats inject malicious HTML script into site pages of other domains. They do this for two reasons.

First, in some instances, black hats inject undetected scripting into competitor sites to taint these sites when SE bots spider them. Imagine, a competitor is able to access your sites code, insert invisible text (at least invisible to you) and, when an SE bot discovers this invisible text, your site is slammed. Even banned from Google. Dont think it can happen? It closes down on-line businesses daily.

So what kind of attacks can be planted on your site? There are plenty:
Redirects take visitors to another site as soon as they reach yours.


Overloading alt tags, meta tags and other interior coding with keywords, sometimes called keyword stuffing.


Inaccurate or misleading keywords inserted within site pages.


Cloaking, which detects search engine spiders and changes site text to improve PR.


Pagejacking, the practice of stealing site content, can not only cost you in sales, it can also slam your PR because your content isn't original any longer.
Any of these black hat SEO tactics and more (spamglish, links farms, virus injections, etc.) can and will do severe, if not irreparable, damage to your on-line enterprise. Why?

SE Bots Are Brainless

SE spiders are dumber than a box of rocks. Theyre unable to discern legitimate text from a malware injection. They rely, solely, on automation to assess and categorize a site. Theres no subjective analysis. Just text strings that are sorted completely by brainless bots.

A competitor, using one of the XSS attacks listed above, exploits to de-optimize and make it appear that youre using black hat SEO tactics, or can gain access to your site through a web browser and/or inject toxic data to devalue your content.

Google Penalties For Black Hat Tactics

The purpose of any search engine is to deliver relevant, useful SERPs to users queries. So, when a Google bot discovers what it perceives as an attempt to falsely increase value, the site may suffer serious, site-threatening sanctions.

Some of these penalties may be imposed without you even knowing about it " until you discover that site revenues have dropped 75% in two days as a result of lost rankings and traffic! A site discovered to employ black hat SEO may be penalized in page rank, may lose PR altogether, may experience SE indexing issues (partial or mis-indexing, for example) and, for the worst offenders, banishment from the Google site altogether. Dead in the eyes of Google bots.

So, heres the problem: without your knowledge, a black hat competitor can inject toxic script into your site that could, conceivably, get your site banned from Google. Even if you and your web host have all the firewall and intrusion detection protection there is.

It Gets Even Worse

The second reason black hats use cross site scripting is to actually gain access and control of your on-line business. Certain types of XSS attacks actually enable a complete stranger to acquire the same system privileges reserved for the site owner - you.

Access to sensitive customer data, bank account information, the entire back office " all can be achieved with relative ease by a knowledgeable cracker looking to steal and plunder your site.

Whether the black hat is a competitor who wants to eliminate the competition, or a script-kiddie looking to clean out the till and sell some credit card numbers, your on-line business is at risk regardless of how much security you and your web host deploy.

This Is Where Quality Web Hosting Enters

During the design, administration and growth of a web-based business, numerous tools and applications are used by site owners and designers. Theres site building software, email management software, a check-out, customer database, automated shipping apps, tools for developing site metrics and many others.

This software isnt necessarily designed with security as Priority One. Often, there are openings in commonly-used ebiz software that are exploited by black hats during the execution of an XSS attack.

And, because of the nature of these attacks, system and server security measures can be breached because, in essence, the hackers piggyback their way onto an unsuspecting site using the site administrators credentials to gain access and/or control.

The key to protection from XSS attacks is in the proper configuration of all of the applications and tools that comprise your on-line enterprise. These apps must be synced up to work together while, at the same time, developing protection against XSS attacks.

This configuring of applications is done at the host level and should include a detailed analysis of potential XSS entry points within the sites design and reconfiguration to fit the server security already in place.

Go With The Host Who Knows

If your web hosting service isnt familiar with the growing danger of XSS attacks based on application exploitation points, consider finding a more informed host.

Its not a matter of securing your business system locally. And its not a matter of the multi-layers of protection offered by your web host.

Its a matter of thinking like a black hat and taking a proactive stance against XSS attacks they may employ. If you arent sure your site is protected, and your hosting rep cant provide the assurances you require, talk to another hosting company before disaster strikes and your site is banned from Google.

Its that important.