Most SEOs believe Negative SEO is all about spammy backlinks. Those SEOs are wrong and generally don't know what they are talking about. While spammy backlinks are one form of negative SEO they do not define the space and generally are not the attack that is causing you harm. Most of the time the culprit using Negative SEO on you is in one of these four roles: A disgruntled employee, A past SEO, A close organic competitor with a lot to lose, or someone who you have deeply upset personally. These individuals will have different skillsets and they will look at the problems in different ways: Steal your customers, waste your budgets, smear your name, sabotage your website, steal your content, displace your rankings, etc. Dislike for you does not come in a single flavor of spammy backlinks. People who think that way simply do not understand security. If someone is trying to tank your website then they are probably trying to hack or disrupt your systems and processes too. The list below is an incomplete list. You could probably double it and still not have most of the bases covered. I'll try to keep adding to it as time permits!
Please DO NOT Practice Negative SEO. You can't be the Hero if you are the Villain. This practice hurts the whole SEO industry. Successful SEOs fire bad clients. If you are good at your job that is all you ever need to do. Many of the activities on this lists are crimes and/or liable offenses you can be sued for. Do not ever do these things!
If your page is about apple pies but people keep posting about chili for know reason they may be attacking your keyword density.
A competitor engaged in negative seo may reveal their intent by creating negative or false press releases. Check for Pretend to be a competitor and ask for link removals
Are people canonicalizing bad content to your pages?
SQL should never appear in web server access logs. inding SQL in the logs is evidence of an attack.
Check if users keep replying to bad or outdated posts so it keeps fresher or better content off the main indexes
Check if domains are being redirected to pile up bot activity onto a target site all at once.
Check Google Search Console Server Errors Tab for Desktop and Mobile
People with malicious intent will try know vulnerabilities against your server. These attempts often appear in your web server's access logs.
If applicable make honey pot power users so when 3rd parties try contact them you will know about it.
Check for people submitting alternative URLs or hosts to exploit missing canonical tags
A competitor engaged in negative SEO may show their intent by trying to bully, harass, or otherwise intimidate a person, website, or business.
No Instructions. https://www.google.com/webmasters/tools/spamreportform?hl=en
Check for Unwanted bot and directory submission
Check if people are exploiting comments and posts to impact the keyword relevance of your pages.
Spambots and other negative SEO attacks often have the symptom of IPs with high request counts.
In Search Appearance in GSC investigate your duplicate title and meta description pages. Check the URLs to make sure they aren't bogus
A competitor engaged in negative SEO may show their intent by filling out your online forms with bogus data.
People who would be motivated to use negative SEO against you typically speak ill of your website publicly.
This is usually findable in the form of "Haters with alternatives" Always be ready to counter these campaigns.
Check for faking Email spam to get competitor publicly blacklisted
Status 500 errors appear in numerous negative SEO attacks. They usually appear for bugs and configuration issues most of the time.
Look for unauthorized agents acting in your name as well as harmful activity from within your organization.
A competitor engaged in negative SEO may show their intent by causing activity that makes it hard for the website or business to function.
You should still report on this activity regularly because it usually appears with other negative SEO activities.
Periodically run antivirus on all of your computer systems.
Reviews or profiles linking to competitors.
Check for people link building a page into a new keyword context
A competitor engaged in negative SEO may show their intent by impuning the reputation of your products and services on and off site.
Check public misuse of the Disavow feature to declare a competitor as spam to google. Check if site appears in public disavow files or in lists of sites that people recommend disavowing.
Check your Manual Actions in Google Search Console
Check for people link building incorrect pages into the keyword context for bad experience
Check Google Search Console Not Found Errors for Desktop and Mobile
In search analytics in GSC check CTR and Position and make sure the chart looks ok... no drastic events
Check for Fake bots that claim to be competitor and behave badly (again to get publicly blacklisted)
Google Search Console may notify you of problems with your website via the messages they provide when you enter the platform.
Both copyscape and Google search results are a great place to check if your content is appearing where it shouldn't.
Check your website for links and content that shouldn't be there. Also check you source code repositories and database content fields for bad words, competitors, and management names.
URLs that make no sense to you were often created by someone else.
Check GSC for confusing 404 URLs that might tie back to toxic domains being pointed to your website.
Check for Content overflow where users keep posting to a one page thread until the page is too big. Check for Pretend to be a competitor and ask for link removals
Make sure others aren't speaking with your unclaimed brands on social and web 2.0 sites.
Give each person their own account. Sharing accounts puts credentials in places they should be.
A competitor engaged in negative SEO may show their intent by spamming competing offers in reviews.
Is you website vulnerable to cross sight scripting attacks? If so then attackers may be able to change the terms your site will rank for by exploiting the vulnerability with Google.
Check for Topic Flooding where users flood the forum with so many crappy posts the forum becomes unusable Check for Pretend to be a competitor and ask for link removals
Competitor clicks your ads in a fraudulent way in an attempt to get you banned from the advertising platform.
Check for people inserting grammar, spelling, and content encoding errors
Is someone writing with your authorship credentials?
Check Google Search Console Index Status page and make sure your total number of pages looks correct
Don't let someone steal your whole site by forgetting to renew.
Check for people linking your websites from adult sites or other toxic locations
Is your website's reputation being attacked with fraudulent DMCA takedown requests to third parties?
Periodically change your admin passwords and account names
If Google Search Console errors look suspicious then Download and archive them
A competitor engaged in negative SEO may show their intent by slandering or making false claims about a website, business, or person.
Check server logs for a large volume of 404 errors from 1 referring domain
Is the web server experiencing a campaign of denial of service attacks?
Updating regularly reduces your number of vulnerabilities. Testing points out the updates you forgot to make.
If Google Search Console errors look minor and are no longer reproducible then mark them as fixed so you only see new errors next time
Status 500 errors show an outage where your server was not responding to web browsers. This happens in a number of negative SEO attacks, but it can happen for other reasons too.
Check your content keywords in GSC and make sure nothing looks spammy or out of place there
Unnatural spikes in rating or review volume can denote a negative SEO attack.
Expect the database and server files to be encrytped and held for ransom. Wont it feel good to have offline backups?
You web server logs often contain the clues of hacking attempts on your web server. Hackers are often willing to engage in negative SEO as well.
Catalog the frequency, duration, dates, origins, and impacts of website activity.
Does Google Search Console report any security issues that need to be addressed?
URL parameters are a common attack vector for duplicate content attacks.
Is the website experiencing activity that slows down the server?
Updating regularly reduces your number of vulnerabilities.
Check for Flooding a web database with bogus data
Check for users posting adult or damaging content.
Check website categories for overabundance of old or bad topics
If you have a PHP or wordpress site then put it in GitHub (or similar) and check out on your deployment server. Then you can "git status" to see the file changes on the server. This lets you rollback changes if your PHP is hacked and see what exactly the changes were.
Your competitors can edit your Google My Business listing and if you aren't paying close attention and receiving notifications then they might just get away with it. https://moz.com/blog/competitorseditlistinggooglemybusiness
A competitor engaged in negative SEO may show their intent by generating fake ratings and reviews.
A competitor engaged in negative seo may reveal their intent by stealing your domain.
Identify and block bad bots. Bad bots can stack up on your domains and multiply server load.
Wildcard subdomains are another attack vector for duplicate content attacks.
Check Google Search Console for who Links to your site the most under search traffic
Check if people pretend to be a competitor and ask for link removals
Reputation attacks can occur on and off site. They are typically easy to find but hard to detect. Regular searches are required.
Stealing another website's content could get your website penalized by Google. copyscape and google test searches
Don't use a weak password for your wordpress admin. Don't name your wordpress admin account admin. Call it something else. Don't post with your admin account. post with an unprivledged posting account.
A competitor engaged in negative SEO may show their intent by creating link spam for your website.
Check for Flooding junk traffic to a site so Google gets the wrong idea about the site’s audience location or demographics
A competitor engaged in negative SEO may show their intent by clicking on your PPC ads and wasting your ad spend.
Search for fake complaints about the website on other sites.
Spikes in customer service activity can signal larger issues.
Are you being hit by slow loris attacks? http://www.seoclarity.net/thesecretworldofnegativeseo13244/
In search analytics in GSC check countries and make sure your not suddenly popular in Russia
A competitor engaged in negative SEO may show their intent by causing confusion about products and services or to blur the lines differentiating them.
Check for Inclusion in blog networks, link wheels, other linking schemes Check for Pretend to be a competitor and ask for link removals
Updating regularly reduces your number of vulnerabilities.
Are profiles being abused to spam links to websites?
Update you link count spreadsheet
This is in the form of attacking the reputation of an important contributor to a website.
A competitor engaged in negative SEO may show their intent by finding ways to financially harming the business.
Double check your Wordpress Security plugin for any loose ends if applicable.
Be sure to block bots that serve no useful function.
Are comments or posts being abused to spam competitive offers or to lower quality of the site?
A number of negative SEO attacks have the symptom of generating lots of entries in your crawl error logs. These logs can be generated for other reasons too.
There are a few ways to deindex a page with favicons and most SEOs don't know to check this.
Google will filter soft 404 pages and the filters they use are very basic and have been triggered by articles and comments about the topic.