What is up with those *-k.html backlinks?

Let us investigate what is up with those mass spammed *-k.html backlinks that many of us are seeing in our link reports.

483 views
d

By. Jacob

Edited: 2024-03-18 12:13

It is quite disheartening to see your search engine traffic plummet for no apparent reason, as it did after the helpful content update, and when it happens, some of us might still wonder whether it could be a case of negative SEO, perhaps carried out in the form of those suspicious *-k.html backlinks with hotlinked images that has been blasted around the internet doing the same period. Well, if you are in doubt, it is likely best you stay away from tools like ahrefs and focus on other things, because things like this is normal on the internet. Unfortunately.

While such hotlinked image spam might not influence your search engine rankings, it may still be annoying having to scroll through them in your backlink statistics.

I already deal with automated spam posted in the comment form for my articles, something which I try to prevent with a combination of counter measures, including an aggressive spam filter that analyzes the various parameters and content submitted by the user. On some of the worst days, the filter has rejected around 700+ messages that were identified as spam. So, I am used to look at spam in various shapes. Sometimes I even investigate further, and if interesting enough I might even write about my findings on Beamtic.

Toxic *-k.html links reported in ahrefs

I started noticing the spike in toxic backlinks for Beamtic probably more than a year ago now, and I do not even remotely care about the links on their own; it has just been annoying me, because it has made it harder for me to monitor genuine links and discussions about my website. Ahrefs is a powerful tool to find your links, but considering that it is a paid product, it is surprisingly bad at filtering and ignoring junk-links. In my opinion, it should be possible to simply permanently ignore these links so you never have to see them in the reports again. There is literally no point in showing them.

My organic traffic has practically plummeted into nothingness over the last few Google algorithm updates, each one only making it worse. This is nothing new – I have been in this position before. See also: Decreased traffic doing the holidays?, and: Drop in Google Traffic Around the 4th of December (2020) – it is just frustrating that I am here, again, writing about a traffic drop. And this time, actually quite seriously. Just look at this graph on ahrefs:

The blue line represents the increase in domains that are infected with the *-k.html spam, and the orange represents Beamtic's organic traffic; It is easy to see why someone might jump to the conclusion that the bad links is correlated with the drop in organic traffic. Most likely this is not the case, and if you pay attention to Google updates, then you will know that the drop in traffic is actually much more likely to be caused by those. So, I am personally not going to waste my time disavowing even a single link.

Paul Madden (@PaulDavidMadden) also commented on X/Twitter:

Hotlinked image spam (k.html links etc) are much more common than you'd imagine

Via @opphive we see these things in huge volumes on many sites that don't have any real impact from them either way ...

They're certainly not a unique feature to the recent traffic drops so far

The issue with hotlinked image spam is also discussed in search console help, on Reddit, and buildersociety.com forum and many other places, with few exceptions, most with similar conclusion (that we should simply ignore it). The problem is that clueless webshop / site owners will still be asking about how to get rid of the spam and prevent it, which is usually the wrong question to be asking. People are wasting time and mental energy on this stuff!

Official Google representatives have repeatedly stated that such links have no negative impact on our rankings, and that we can therefore safely ignore them. In fact, we should not even waste our time on disavowing the links, because Google can and should filter them out automatically. And, John Mueller previously stated that the tool was not even designed for that purpose. Duh!

The disavow tool is supposed to be used, mainly, if you, yourself, have been obtaining links unnaturally. E.g. buying links. Something you can report if you discover your competitors are doing it – see here: Report spammy, deceptive, or low quality webpage – so do not buy your links!

What is the point with these links?

Who knows? Someone named Jim has provided his own take on it in this blog post:

About all those -k.html backlinks to your website - paranoidpenguin.net

I do think it is most curious. Why would someone do this? It is seemingly a complete waste of time and tend to cause quite a bit of confusion and disruption. I am pretty sure many inexperienced and confused website owners will presume the links are somehow harming their websites and start to disavow the links – probably something that will be done manually considering their lack of experience, and that will cost them money.

Welcome to the world of mass spam! In this case we are probably talking about spam on such a massive scale that it is fairly easy to deduce the purpose. E.g:

  1. Money is a typical motive; even $0.001 per click could be meaningful on a large enough scale.
  2. Hurting the sites that the links originate from (Seemingly, at least some of them are hacked). In fact, they will probably hurt regardless.
  3. Some type of spamdexing; E.g. Influencing search engines perception of various content marginally by posting spam on a massive scale.

I doubt the last one, because it would presumably require a fairly large amount of compute resources to carry out and track the effects properly.. But, I hypothesize that different things might happen when even inept spamming techniques are used on a large enough scale.

1. The websites that these links are coming from have been compromised. I noticed that at least some of the URLs that show up will lead to a 404 when visited, and yes, that is even when switching to a Googlebot user agent string. E.g:

Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

However, this is the hacker's deception. There are other parameters than the user agent string they might look at. If you send the hacked pages a simple cURL request, then you will get the real content, as the hacker intended for the search engines – this is also known as cloaking or "cloaked pages". You can use cURL like this from a terminal:

curl --user-agent "Googlebot/2.1 (+http://www.google.com/bot.html)" -v https://example.comm/some-keyword-k.html

2. In many cases the websites seem to allow anything in the path part of the URL. E.g. Basically anything after and including the first / forward slash will give a 200 ok response; this is indicating a severe misconfiguration and/or hacked website.

What will it do to your website?

If this has any influence on your rankings at all, I am sure it will be quite short-lived. I think any effect this might have, is more likely to apply marginally over a larger surface, and therefore might have no meaningful influence on individual websites – perhaps other than the sites that are infected and does the masking/linking/spamming.

This type of spam is super easy to identify and filter out. Please do not waste your time and money trying to fix something that is not broken. Do not start to manually disavow a bunch of links – if you have to manually react on every random little thing that happens on the internet, then you have no time doing things that actually matter!

Now. Will it hurt to disavow them? Probably not. Google should know that inexperienced or worried website owners might choose to disavow links from time to time; after all, that is what dumb SEO folks are telling them to do – and it is a very dumb advice to give someone, but probably an easy way to make some extra money.

Links

  1. Disavow links to your site - support.google.com
  2. Cloaking - developers.google.com

Tell us what you think:

  1. Warriorplus affiliate links seem to be recklessly spammed to personal websites and blogs.
  2. About that truevaule.xyz spam posted to HTML forms on various websites.
  3. Just some funny encounters I have had with blackhat SEO spammers.
  4. Spam comments submitted in the name of Erika Miller from courseduck.com on blogs and articles.

More in: spam