There's no denying that, from time to time, I'm a little dirty. Yes, I dabble in some questionable techniques when it comes to Internet marketing.
Having said that, I think many of us dabble in some sort of "questionable" technique from time to time; the only difference is perception. What is black hat to me is different than your perception and vice versa.
Some golden rules shouldn't be broken, and what can be learned from the rest of this article certainly crosses the line. It isn't something I would ever do nor would I suggest anyone do. If you learn one thing from this, it would be to ensure you're protected and always try to be one step ahead of your competition, if you can think of a weakness they could exploit — fix it.
One thing I always try and do, however, is make something valuable — something the user will love. I strongly believe this is key to success online. It's the willpower, not the tools, right?
I talk to a lot of people online in the *hat world — I mentor, I learn, rarely am I shocked. Until recently.
Getting Your Competition Kicked Out of Google
Not possible, right? How could this be so? Well, it's actually quite easy to do, unfortunately.
According to Google:
"If you find a page in Google search results that lists personal information such as your social security or credit card number, let us know using the links below. Google will contact the site's hosting company to request that the page be taken down from the web. We'll also take steps to remove the information from our search results.
You don't want this information to be anywhere on the web. So even if Google removes it from our search results, make sure to contact the webmaster directly and tell him or her to remove your information immediately."
See where we're heading here? According to one of my black hat buddies, the following described tactic is something he has exploited routinely to devalue his competitors' websites and gain positions in the search engine results page.
Note: I don't condone this at all, by any means, I find it quite scary that this technique could be used to destroy someone's income stream. A similar technique was just recently used against one of my websites, which resulted in a catastrophic deindexing.
Exposing Your Personal Information
The basic outcome is simple, you actually want your own personal information published on a competitors website. This can be achieved a number of ways, all illegitimate and possibly quite illegal.
- CMS injection: With so many vulnerable CMS platforms out there, it's entirely plausible that one of your competitors could crack your CMS and inject their own personal information somewhere into your website. Heck, a bad guy could even cloak and only show these personal details if Google was looking! It would then be quite easy for the attacker to report your website, claim they have attempted to contact you and before you know it your hosting provider has shut down your service or Google has deindexed your content.
- Comment drops: Injecting your personal information into a comment entry form could even be a simple way to achieve this. Possibly a flawed mechanism, but plausible.
- Starting an argument with your competitor: This works surprisingly well. Apparently if you tick someone off enough, they can react by putting your details on their website in some form or another.
Removal Request Abuse
Google makes it quite easy for someone to report these problems. On this page you can find links for all sorts of removal requests.
- Social Security number: A website that has your social on it can be deindexed quite easily.
- Bank card or credit card: A website that has your bank card details on it can also be deindexed easily.
- Your handwritten signature: A website with an image of your signature on it? Go on, deindex that one, too!
What Google provides here is a good service — if used right. Unfortunately, it isn't used entirely right. If it were, I wouldn't be hearing stories of how people have gotten their competitors deindexed in days, hours, etc.
This method seems surprisingly successful and has almost definitely been victim of many false positives.
Massive Attack Protection
So what could Google do to deny this type of "attack"? A lengthier investigation process perhaps? Direct verification with the site owner to ensure contact has ever been made?
After having a site of my own personally attacked in a similar fashion, practically deindexed in itself, these techniques aren't something I would recommend anyone utilize — karma is, after all, a bitch — you don't want something like this happening to your money site.
If you're an operator worried about this potential attack, button your security shirt up, ensure your platforms are up to date, moderate and vet your comments thoroughly, and don't be stupid enough to post anyone's personal details on your website.