Negative SEO is that sort of thing that most believe to be true but nobody could prove it for a fact. However, this might soon change as a new negative SEO exploit has been discovered.

From the looks of it, this seems like a serious exploit because the attack manages to protect the anonymity of the attacker and the negative effects are noticeable in a short period of time.

What is negative SEO?

Negative SEO is the practice of attempting to lower a site’s ranking in the search engines. Until now, the most discussed way of impacting a site with negative SEO was via bad links.

Aside from bad links, there are a lot of other black hat techniques that could theoretically be used to sabotage a site’s ranking in search engine. Here’s a shortlist of commonly discussed negative SEO attacks:

  • Removing the good backlinks
  • Ruining online reputation via fake social profiles
  • Publishing website content on many other online publications
  • Building lots of spammy links to the website
  • Posting website links associated with risky keywords like “viagra”, “poker”, etc.

However, this new canonical negative SEO attack is a lot nastier since the victims affected by it have very little ways of tracing it back to the attacker.

How the canonical negative SEO exploit works

This allegedly new exploit works by using the victim’s canonical tag. The exploit supposedly works by copying the head of the targeted website and pasting it into a bad site, then using the canonical tag to point the bad site to the victim’s site.

This is said to accomplish the purpose of tricking Google into believing that the spam page is actually the victim’s page. Because of this, the search engine supposedly takes all the negative spam scores from the bad site and assigns it to the attacked website.

How to detect an attack of this kind

Until now, the only way to detect a negative SEO canonical attack is via an SEO Data Mining tool like Majestic or Ahrefs that includes canonical data.

Until now, the exploit has been documented on happening with several sites, but no experiments have yet been made to prove that an attack of this kind is actually a possibility.

Is Google doing anything about it?

As expected (or not), Google is remaining awfully silent about the whole thing. Although the exploit is not yet tested and verified, it surely has the potential to disrupt the search results in a major way if used widely.

So far, Google’s only response arrived on Twitter from John Mueller and was rather ambiguous:

Although the Google representative response hints that Negative SEO via canonicals redirects don’t work, the evidence presented by Bill Hartzer is quite compelling. It remains if the exploit will ever get admitted by Google or if the issue will be patched quietly with another algorithm update.