Repeating Failed Site Search Queries Could Lead to Abuse

A potential client contacted me regarding SEO work. Naturally, one of the first things I do is check out ahrefs to see how their link profile looks. If it’s full of spam links and other garbage that is holding down the site or about to crash their ranking, I fully inform the potential client about what is going on and enter the deal with caution. When I evaluated this client, I saw something interesting; a huge increase in links to the site, all in Korean. Something different – sweet – time to dig in!

referring domains skyrocketd
Referring domains rose from about 70 to over 680 in just a couple days.


ahrefs referring pages skyrocketed
Referring pages rose from about 4,000 to over 1.6 million in just a couple days. Very bad.


This is one of the bad links. This one didn’t use a URL shortener, so it was a good example to share here. It seems to advertise drugs according to what I could get Google Translate to say.

Many of the links used URL shorteners to encode the link, and then the person would share the URL on a site. Some of the links were instructions on where to get illicit substances and other shady stuff in particular cities. Most anchor text was not as grand as the example above, and would say something like “Check this out: [URL shortener link]”. The shortened URL would take the user to an unsuspecting site (the potential client) for a communique about illegal things. It’s easily overlooked by webmasters as just normal discussion on their forums / blogs. These guys went NUTS using this potential client’s site as a mouthpiece. Hopefully Google considers this as a negative SEO attack and ignores the links. We’ll see. I am loathe to use the disavow tool, but we might have to in this instance.

I was able to replicate the method on Home Depot’s site, Lowe’s site, and Menards’ site, as you can see below. Home Depot’s site would get mad when my query was longer than their allotted space, but the others I tested didn’t mind. In my tests I found a site that would take more than 500 words and repeat the message on their site!



On these sites, all you need to know is the format of the site’s search query string and you can feed it anything you want it to repeat. You don’t even have to go to the site and type out the query – just write it up on your own computer in the format it’ll accept and then link to it. Each search result is a valid URL and Google will obviously find it. You’ll then find your site in the middle of a bunch of unsavory sites with your site potentially communicating stuff about illegal drugs and activities.

How can you prevent becoming a victim to this trick? Simple – stop your site search from repeating the query. Below is what happens on my site for a failed query:

Shall I be so bold as to declare a new best practice for the web? Yes. I shall. New best practice: do not repeat the user’s query on your search page regardless of if the query was successful.