The Challenge

A very seasoned and legacy website in a competitive B2B space had been plagued for years by referral link spam. Referral link spam is the black hat SEO practice of creating a large volume of script-based backlinks that point malicious pages towards a site that’s more authoritative than them. While this technique doesn’t necessarily work anymore, spammy websites still employ this tactic – and while it doesn’t necessarily help them, it can actually negatively impact you. A large swath of spammy and toxic backlinks that hit your site can potentially send the signal to Google that you purchased these backlinks (which Google does not encourage).

One of the main vulnerabilities that these spammer websites were utilizing was the fact this large B2B site was totally custom built. As such, it’s often easier for spammy websites like these to find vulnerabilities to exploit – custom websites can often have security pieces missed as part of their Staging and UAT process, especially if there isn’t a seasoned SEO that’s part of their team.

In particular for this B2B website, spammers found out that their internal search function accepted, encoded, and served any search URL in a non-English language as a live “search results” page. This is a vulnerability issue specific to URL encoding.

URL Encoding refers to the technical practice around the fact that web browsers only allow a certain amount (and type) of characters to be read and understood. To support a variety of different languages and character types, sites generally utilize URL encoding, which utilizes a series of code blocks that can correspond to different language and special characters. Please see the screenshot below as an example:

On a full URL, here’s what URL encoding can look like.

The Solution

In order to address this issue which should have been caught during the site creation process, the eAccountable SEO team worked directly with this large B2B client’s development team. The action plan our two teams implemented involved custom segmentation and page rules around Non-ACS-II character blocks (i.e. URL encoding character blocks that did not correspond to English). In essence, development changes were deployed to turn any detected URL with Non-English characters into a 404.

This sends the signal to Google that these are backlinks that we want nothing to do with while also sending the signal to the bot scripts executing the backlinks that the website vulnerability no longer exists.

The Results

After deploying the fix, every Non-English referral spam page that was created was 404’d, severing the toxic equity that the spammer websites were attempting to build and thus getting this large B2B website back on track and in good authority standing.


This issue in its entirety would have been avoided and prevented if an SEO team had conducted a thorough audit of the new website at it’s time of creation or at least when they issue began to first crop up.

While the technical changes around the internal search function have been addressed, there are still items around the link Disavow tool that must be completed. However, the reality is that spammers will always find vulnerabilities and new ways to practice black hat SEO. As such, the largest takeaway from this case study is that authority-based spam protection and prevention is an on-going part of any seasoned SEO’s role and it’s in your best interest to have an SEO team that knows how to proactively protect your site’s authority.

About eAccountable

eAccountable is a digital marketing agency headquartered in Denver, Colorado. For more than two decades, online retailers have partnered with us to increase revenue, acquire new customers, and build brand loyalty. Through an integrated omnichannel digital marketing approach, we have helped clients across many industries recognize quick and extremely profitable results.

If you’re interested in learning more about how eAccountable can help you maximize your SEO and increase your brand exposure, drop us a line.