Understanding and Addressing a Potential Negative SEO Attack from China
In today’s digital landscape, website security and integrity are more critical than ever. Recently, a notable case has emerged involving a sophisticated negative SEO attack targeting a website based in Dallas, Texas, with clients across major U.S. markets. This incident highlights the importance of vigilant monitoring and proactive defense measures against malicious online activities.
Background of the Incident
Our agency, Joey Youngblood Digital, manages a diverse client portfolio primarily situated in the Dallas-Fort Worth area, with additional clients in Houston, Austin, Phoenix, Nashville, Miami, Long Island, and Chicago. Our website infrastructure is hosted in the United States, and we do not publish any Chinese-language content nor have we engaged in conference activities in China or Southeast Asia.
The first signs of unusual activity appeared on September 19th, when a small influx of users from China and Singapore began visiting our site via direct traffic. This pattern intensified after we transitioned our DNS to Cloudflare on September 23rd. By September 24th, traffic originating from China—specifically via Chrome—became our leading source of direct visitors, a trend that persists.
Observation of Traffic Patterns and Behavior
Our server logs reveal that this traffic is unlikely to be generated by bots or web scrapers, as the IP addresses are largely unique. Additionally, the Rocketship SEO plugin indicates a decline in unknown and AI bot traffic coinciding with the onset of this activity.
Most notably, the traffic from China and Singapore consistently engages with a single page, spending nearly a full minute on each visit. These visitors tend to navigate toward “not set” or our top-ranking pages, often related to SEO services listed in our main menu navigation. Importantly, this behavior is not indicative of casual or content-driven browsing, given the minimal proportion of our overall blog content visitors.
Impact on Website Performance and SEO Metrics
Preliminary data suggests that this targeted traffic is negatively impacting our website’s performance metrics. Since the activity began on September 19th, our organic search traffic has declined by approximately 37.5% as of October 10th. While other analytics tools such as Google Search Console and PageSpeed Insights have not yet shown significant deviations, the rapid shift in RUM (Real User Measurement) load times and Core Web Vital metrics signals a potential attack’s effectiveness.
Potential Classification as a Negative SEO Attack
Given the high volume, targeted engagement, and unusual behavior associated with this traffic influx, the situation strongly