Stumbled on an interesting blackhat SEO link building strategy this week that those tending towards the whitehat SEO arena should steer well clear of.

I’ve been testing free SSL certificates from Letsencrypt and had signed up to their forum for support.

Letsencrypt uses the Discourse Forum Software from discourse.org. After 15+ years of SEO research I find it difficult to visit a website without having a look at the HTML code behind the curtain and as I visited the Discourse Forum I viewed source (Right Click the webpage, “View Page Source”) and found what appeared to be a semi-hidden link within a noscript tag.

That got my SEO juices flowing: that sounded much better in my head!!!

For the record the people behind the Letsencrypt site (and other Discourse Forum script users) haven’t done anything blackhat, they like many other unsuspecting webmasters have installed the Discourse Forum script to run their forum: it’s the people behind discourse.org who are using blackhat SEO link building techniques to build quick backlinks to their sites.

What’s a Semi-Hidden Link Within a Noscript Tag?

Semi-hiding links within a noscript tag is a REALLY old blackhat SEO technique, the noscript tag is there for when a webpage uses javascript to serve content and that content doesn’t work correctly if the visitors is using a browser with javascript disabled: a small number of weird people turn javascript off :-)

In HTML code terms you’ll see something like this in the code source:

<noscript>
Some content here that's available via javascript, but doesn't work correctly when javascript is disabled.
Flash based content is a good example.
You might also see a message the website is best viewed with javascript enabled.
</noscript>

The above is the correct use of the noscript tag, the content found within the noscript tag should also be available to visitors with javascript enabled minus the “best viewed with javascript enabled” message (that’s only for the non-javascript users).

When I viewed source of a Discourse Forum webpage I found this:

Discourse Forum Software Semi-Hidden Noscript Link

Discourse Forum Software Semi-Hidden Noscript Link

Technically speaking there’s nothing wrong with the link or the message as long as the link is also shown to visitors with javascript enabled: guess what, the link to https://www.discourse.org does NOT show for those visitors, that’s a semi-hidden text link.

Normally I’d confirm the hidden text link by viewing the Googlecache of a webpage, but I got lazy and assumed it would be in the cache and informed the Letsencrpyt forum they have a hidden link and should fix it ASAP: Hidden Link to Discource.org, Potential SEO Issue (I was in that much of a rush I also spelled Discourse wrong, Doh!).

Eventually I checked the Googlecache and here’s where it got interesting, we now go into the hidden realms of blackhat SEO cloaking techniques.

What’s Blackhat SEO Cloaking?

When a search engine spider like Googlebot visits a website it uses a specific user-agent, webmasters can use the Googlebot user-agent to serve Google content NOT served to other visitors. If you are thinking about doing this it’s not a good idea, get caught and your site will get a Google penalty.

For example you might have links in an image-map, image-map links can not be indexed by Google, so it would be acceptable to serve Googlebot those links in another format. General visitors see the links in an image-map, Googlebot sees them as text links or standard image links (a clickable image link). As long as a general visitor and Google sees pretty much the same content AND you aren’t gaming Google, it’s acceptable to use cloaking.

I use another form of cloaking for the “Subscribe” to comment link (look above the “Submit Comment” button below). This link goes to webpages (the URLs change for each Post and visitor: potentially a LOT of these webpages and they’d be close to duplicates) I don’t want indexed and Google wouldn’t want indexed. The webpages have a noindex robots meta tag (Google shouldn’t index them) and the links are cloaked using javascript so Google doesn’t spider them: Google ‘sees’ the “Subscribe” link as body text.

This is where what discourse.org are doing gets interesting.

The link to discourse.org and javascript message within the noscript tag is NOT served to Googlebot within a noscript tag, it’s within standard body text. View a Discourse forum webpages Googlecache and the link and message are at the bottom: the vast majority of visitors to a Discourse forum will NOT see that link, it is there purely for SEO reasons (to benefit Discourse, NOT the webmaster of the forum).

What Discourse are doing here is checking for the Googlebot user-agent and serving different content to Googlebot.

Potentially a Google penalty incurring SEO issue.

It’s quite clever blackhat SEO setup that’s not easy to spot.

Googlebot gets a sitewide text link to the Discourse home page, as it’s not within a noscript tag** Googlebot will definitely pass full SEO benefit through this link.

** Some SEO experts argue links within noscript tags won’t pass full SEO link benefit because they are hidden to most users: from an SEO perspective it’s difficult to test, so best to avoid adding important links within noscript tags if they aren’t available in standard body text.

Check this Google SERP out “Powered by Discourse, best viewed with JavaScript enabled” (include the speech marks) – https://www.google.co.uk/search?q=%22Powered+by+Discourse%2C+best+viewed+with+JavaScript+enabled%22

Google Indexed Hidden Text Links to Discourse.org Using Cloaking

Google Indexed Hidden Text Links to Discourse.org Using Cloaking

That’s 1.7 million webpages using that exact phrase, that’s probably 1.7 million hidden backlinks, some serious link benefit they are stealing from their forum software users! There’s an SEO market for buying/selling links, it could cost hundreds of thousands of dollars to buy this number of text links from quality websites and they are getting them for free.

If a webmaster notices the above links in the Googlecache say and check out their forum (viewing source) they find the link within the noscript tag, which though not a particularly ethical way to gain a link it does at first viewing match the Googlecache so doesn’t look like cloaking.

In my opinion this is a deliberate attempt to hide the links from forum owners. In comparison phpBB forum software has a similar powered by link, but it’s visible to everyone (forum visitors and Google) and there’s loads of articles online about how to remove the phpBB forum links. By hiding the Discourse.org links this way only the most SEO knowledgeable webmasters are going to notice these text links and look to remove them.

Interestingly when you view the message linked to the commit for this link at Github it mentions SEO:

Discourse Forum Software Github SEO Message

Discourse Forum Software Github SEO Message

Put the ‘Powered by Discourse…’ message shown to crawlers and no-js visitors in a footer element so that SEO something something.

It would appear the links are added for SEO reasons, what are the SEO reasons?

Discourse.org Response to Being Caught Using Blackhat SEO Techniques

I signed up to the Discourse forum and made a post titled “Cloaked Link to Discourse.org Within Your Forum Software: Potential SEO Issue”. I explained the above issue etc… and one of the co-founders (Jeff Atwood) responded trying to justify the link, to which I gave a follow up: few hours later the forum topic was deleted and my Discourse forum account was deleted :-)

Google Indexed the Deleted Discourse Forum Post

Google Indexed the Deleted Discourse Forum Post

Fortunately I always keep a copy of everything I post to forums etc… (not my first rodeo :-)) and have posted the deleted forum as a comment below.

Update: Made an error below, the Discourse software has a feature where links posted by trusted forum members are NOT nofollow. My mistake was seeing links to discourse.org lacking nofollow which were posted by a trusted forum member (pure coincidence) and jumping to the wrong conclusion it was another blackhat SEO link building technique. I was wrong, everything within the “More Blackhat SEO Techniques Used by Discourse Forum Software” section below is wrong. Thanks to PFG (via a comment) for clarifying why some links lacked rel=”nofollow” tags.

More Blackhat SEO Techniques Used by Discourse Forum Software

It gets better, as I was writing this blackhat SEO tutorial I noticed when viewing source of the Googlecache of Discourse forum posts links to discourse.org are NOT rel=”nofollow”!

Like most forum software scripts, Discourse adds a rel=”nofollow” tag to links added by forum users, this is to stop forum spammers from benefiting SEO wise from the links: Google ignores links with the nofollow tag and passes no SEO benefit.

Forum Links to Discourse.org are NOT Nofollow

Forum Links to Discourse.org are NOT Nofollow

It would appear Discourse have added an exception for links to their own sites!!!

WOW, now technically not blackhat SEO per se, but you have to admit it’s very shady and not particularly ethical especially when taking into account the 1.7 million indexed cloaked backlinks.

Discourse Forum Software Right to Reply

Note to the Discourse forum software developers etc… feel free to make a comment to explain the link to your home page that’s served from 1.7 million webpages.

I won’t delete your comments as long as they aren’t abusive.

David Law

David Law > AKA SEO Dave
*
: 20+ Years Experience as a Freelance SEO Consultant, WordPress SEO Expert, Internet Marketer, Developer of Multiple WordPress SEO Plugins/SEO Themes Including the Stallion Responsive Theme (tested to WordPress 4.8.1 August 2017).

Website - SEO Tutorial for WordPress