Cloaked backlink spam attack

  • Date Published:2016-03-12


The cloaked backlink spam attack, also called the hidden link injection, or the spam link injection, is a kind of web server attack that some hidden links to specific websites are illegally injected into some famous websites in order to make those websites rank higher on search engines. The cloaked backlink spam attack has already become one of the most preferred ways for Black Hat SEO. It may make the website weigh heavier, and rank higher, and it may enhance the PR. The meaning of the cloaked backlink spam means that the cracker has hacked the website and may even get the system privileges, and the crackers have injected some hidden links to their website in the server's webpages. The purpose of hiding links is to prevent the administrator from finding the existence of the hidden links while they could still be indexed by search engines. With the enhancement of the crackdown of the regulatory authorities, trojan attack has gradually become less and less, at the same time, the underground black market gradually goes to the cloaked backlink spam attack. Crackers inject hidden links into the the hacked websites via hidden tampering technologies. These hidden links usually link to websites that contain pornography, phishing, and even terrorism.

Case Study

1. The cloaked backlink is hidden to human eyes

Injected links are not shown in the webpages. Some injected links may be hidden and may contain pornography, phishing, and even terrorism, but administrators usually do not know them.

2. The cloaked backlink is shown to search engines

The cloaked backlink spam attack takes advantage of the vulnerability of search engines, in order to make full use of the credit of the the well-known hacked websites. This method may make the hidden links shown in the searching results.

Possible Contents:

1. Gambling

E.g. Mark Six in Hong Kong, Shi Shi Cai lottery, Bo Cai lottery, etc. blob.png

2. Pornography

E.g. AV, porn novels, beauty videos.


3. Fake Medical Care

E.g. vitiligo, breast enhancement, etc.

4. Illegal Drugs

E.g. Viagra, tumor drugs, diabetes drugs, etc.

5. Fake Shopping Advertisements

E.g. monitor card, the Qi Gou Liang guns, surrogacy, collegiate surrogacy, etc.

6. Fake Social Apps

E.g. video friending, etc.

7. Fake Dealing

E.g. stock inside stories, gold speculations, gold purchase, etc

8. Others


The cloaked backlink spam attack does not do harm to normal users directly, but the cloaked backlink may point to some poor reputation websites, and even illegal websites, which may contain fraud, trojan, phishing, and therefore it may harm normal users indirectly.

According to the classification above, cloaked backlinks mainly link to the following types of websites private servers of online games, medical care, gambling, pornography, stock inside stories, and illegal plugs. After the backlink injection of these websites, they may rank higher in the searching results. When users search for typical keywords, they might be misled to these websites.

For example, users search for hospitals for curing the specified disease, and they might be misled to a illegal clinic, and might delay the curing of the disease, and even life-threatening.

To search engines, clocked backlink may cause false judgement. The search engines may be misled and rank higher on the valueless websites, or even phishing websites. This may cause mistrust of search engines, and the misleading may cause economic losses and even legal disputes.

The existence of cloaked backlink spam attack usually symbolizes that the website contains security vulnerability, so the websites with cloaked backlinks are easier to be hacked again. Besides, the downloaded resources from the websites with cloaked backlinks are usually unreliable. It may contain trojans or backdoors.

The cloaked backlink spam attack do more harm to government websites. Some users may read some illegal words through the search engines when they are searching for the government website, and it may affect the government's reputation. Some hostile forces could tell whether the government website contains security vulnerabilities through cloaked backlinks, and the then determine whether they should perform attack or not. After hacking, the cracker may issue some fake policies to make people mistrust their government, and cause some problems between people and government.


Cloaked Backlink Detection Technology

Existing security software has good detection capability on malicious code, but there is no capacity for malicious text detection.

The followings are the cloaked backlink detection technology :

1. Establishment of the cloaked backlink fingerprint databases

In the cloaked backlink fingerprint databases, we collect signatures of cloaked backlinks, such as gambling.

2. Web crawler to simulate the browser(user-agent、refer)

The cloaked backlinks are for search engines. Therefore, we should simulate the visit from search engines. Many browsers may get the normal links.

3. Parsing the label of hidden attributes

A website may contain one or more webpages. Every webpage may contain one or more links, which may include internal links and external links. Internal links link to the same website while the external links need further detection, in order to judge whether it can be allowed in the website.

4. Domain name judgment

After getting the labels with hidden attributes, we can parse out the link addresses, and judge whether they are internal links or not.

5. Cloaked backlink judgment

After getting the links with a different domain from the website, we query the links from cloaked backlink fingerprint databases to judge whether they are cloaked backlinks.