Blackhat SEO – Esrun

MSI Wind review

Well I finally got my hands on the MSI Wind which in my opinion is better than the eeePC. It compares closely to the eeePC 901 which hasn’t been released yet.

It uses the new intel atom processor and has an 80gb standard HD rather than a smaller solid state like the eeePC 901 uses. It’s slightly larger than the 901, but only just! They have made good use of the space to fit in a 10″ screen and a larger (more usuable) keyboard than the 901 by stretching it right to the sides of the chasis.

I haven’t done much testing yet but I can confirm it came with windows XP service pack 3 and it comfortably plays age of empires 2 and 3 To save battery I hit FN+F10 and it turns down the screen brightness and underclocks the CPU to 800mhz.

I took some pics comparing the MSI Wind to my macbook Pro and a 2g eeePC…

MSI wind VS Macbook Pro

MSI wind VS 2g eeePC

Image 2

Image 3

Oh and I also got it to run Backtrack3 from an SD card… Image 4
. How?

Cookie stuffing revisited

Recently my blackhat seo hacker friend Chewie went on some seomoz thing and talked briefly about cookie stuffing.

Before reading any further you might want to read my post on dropping affiliate cookies which explains what/why/where/when and also my cookie stuffing code examples page. However if you already know the basics then you can get going much quicker by sticking with this post.

I decided to write this post because the amount of emails I recieved all asking the same questions.

Avoiding high (100%) CTR when dropping cookies

One problem with dropping the cookies on every visitor is that it will result in a 100% CTR which can be an obvious flag that something isn’t right. To avoid this you can take a couple of steps, depending on how much time you wish to put into it and your coding skills.

The simplest way to avoid this problem is to use PHPs rand() function to select a random number between(and including) 1-4 and then only output the code to drop the cookie if the number equals 1. This method won’t allow you to set an exact percentage because the number chosen will always be random. Out of 100 visits, it might select the numbers 2,3 and 4 30 times each while selecting the number 1 only 10 times.

Code sample:

If you have time then you might want to code something more advanced. For example:

• Drop cookie only once per IP address
• Keep a daily count of visitors and then limit how many people you drop the cookie on the next day. For example if you have 1000 unique visitors on Monday, on Tuesday you will drop the cookie on a maximum of 200 people.
• Log every visitor and only drop a cookie on every tenth visitor
• Etc.

Avoid getting caught forcing cookies on users

A lot of people have said, surely it’s easy to get caught forcing cookies on people if you have an iframe where the source is the affiliates page. This is true to some degree. You should take the following things into consideration:

• The iframe method is the most basic and is intended as proof of concept rather than real world usage
• If you have been an affiliate for awhile and your CTR isn’t ridiculously high then there’s no reason the advertiser would ever check your site for cookie stuffing

So what is a safer method than Iframes for dropping the cookie?

A safer method of dropping the cookie would be using a false image which redirects to the affiliates page that has the HTTP Cookie header. The browser will try to load the image, be redirected to the affiliate page and although it won’t process any html on the final page, it WILL read and process the HTTP headers… including the one which places the cookie It’s crucial that you redirect to the exact page that has the cookie header, so be careful if the affiliate site redirects a lot of times before landing on its final page so that you select the correct one which is dropping the cookie.

The simplest way to do this would be using a .htaccess file which says, if there is a reference to “tracking_pixel.jpg” then redirect it to xyz affiliate page.

.htaccess Code sample:

You now edit your site template so that every page includes the image:

Now, even if the affiliate decides to come and take a look at your sites source code, they’re going to see nothing which catches their eye. If for example you had a website which sold clothes then the chances are you’d have a lot of images named blue_shirt.jpg and such like. So in this case you could easily name it red_shirt.jpg and have it mixed in somewhere in your template and they’d never know!

An even safer image cookie stuff..
Whilst it’s extremely unlikely, it is possible that someone checking your site for stuffing could try loading tracking_pixel.jpg into their browser and then they’d be redirected to the affiliate page and guess something is amiss. To combat this, instead of using .htaccess to redict to the affiliate page, we will instead tell it to treat a file named tracking_pixel.jpg as a PHP file.

.htaccess Code sample:

Now we put PHP code in tracking_pixel.jpg which checks the referring page. If the referrer is empty then the user has gone direct to our image and we should output a 404 error, if there is a referrer then the image has been included on a page and should be redirected to the affiliate site.

tracking_pixel.jpg code sample:

So now just include the following code on any page that you wish to drop cookies from:

Also note that you’re not limited to including the image on your own site! You could also include it on forums and such like… basically anywhere that will allow you to place images. So if you signed up to a popular bingo forum you might decide to start becoming a regular poster and dropping cookies for all the well known bingo rooms.

I think this pretty much covers most of the questions which have been asked

Dropping affiliate cookies

So I have run into a bit of a debate on the syndk8 forum about the legalities of the whole cookie dropping thing.

Let me make something clear from the get go, I personally don’t give two hoots about people doing this. I have tried it in the past as proof of concept and in the end decided against it for the moral reasons. I have and probably will again do worse in the future so don’t think I’m against other people doing this for moral reasons.

Talking about click bots for adsense on the forum is a complete no-no and will result in an instant ban, why? Because it’s click FRAUD.. you’re earning money in a fraudulent way.

What is an affiliate?

To increase traffic and sales, certain companies run affiliate programs where they will pay you a nice bit of money for each person you put through to them who purchases an item. For example someone may run an ebay banner on their site and if a user was to click onto that and buy something then the site owner running the banner would earn a little bit of money.

What is cookie stuffing?

Each time you send someone through to the affiliate site, e.g ebay then a cookie will be dropped onto their system which lets ebay know exactly where the user originally came from and then if they buy something you will be sure to earn a little cream off the top. Cookie stuffing or cookie dropping basically involves forcing this cookie onto visitors computers without them even knowing its happening and never sending them onto the affiliate site (e.g ebay). The normal place for this to happen is large busy forums which have thousands of users passing through every day and having multiple cookies dropped onto their systems for different companies without even knowing.

What’s wrong with this?

• The affiliate is paying you on the basis of you introducing traffic and sales to their website. However you’re not actually doing this, you’re forcing cookies onto their systems in the background and when they go and buy something from ebay you’re claiming a little bit of money for it. Ebay are paying you for traffic you didn’t even introduce and therefore you’re defrauding them. They were going to have the sale regardless of you, the only reason you’re being attributed for the lead is because you used shady tactics to drop a cookie.
• Another problem with this is that your cookie may overwrite the cookie of a legitmate affiliate who is working hard to generate genuine traffic. So you’re taking money that they would have earnt.

Let me compare this to another regular online fraud.. People have been known to run google adsense on their sites but instead of having legitimate clicks, they use javascript to force the user to click on an advert without even knowing. By having the advert clicked they have just cost the advertiser money for a lead and earnt themselves a little bit of cream. Usually the end user will not see the resulting page of the ad click. Similar level of fraud.
What affiliate companies does this effect?

The methods used are pretty universal and can be used effectively against everyone from ebay to poker companies.

How are the cookies dropped?

See my page on cookie stuffing.
Temporary conclusion

I’m not lawyer and I’m not really one to judge what’s right or  wrong. To me, you’re claiming money for putting leads through to them which you actually aren’t which seems like fraud.

Scraping adlabs search funnels

Just uploaded a new script for scraping keywords from AdLabs search funnels, go ahead and check it out

Download: AdLabs keyword scraper

Keniki

Well Keniki, you were successful! You finally managed to get a whole post dedicated to just you on my blog

Keniki (Greg) popped up quite some time ago, I first encountered him on Matt Cutts blog and at first he seemed like your average do gooder anti-spammer, fair enough me thinks. However unlike your average spam hunter who tries to gather some proof and actual facts about spammers, this guy simply throws wild accusations around like seo is some kind of dangerous cult and hopes that he might catch something slightly along the line of truth.

According to Greg, I own several large web hosting companies, I have multiple online (well known) personalities and I’m an all round bad guy! Or to put it in Kenikis words, I’m a prick

Keniki has had a go at just about everything and everyone and has had run ins with the likes of cutts, dave naylor and seoidiot. For just a sample of this wierdos ramblings check out this Keniki post.

I have spoken to Greg numerous times on the telephone he seemed drowsy and was slurring his words. Does anyone know if he has a drinking problem? Or is he mentally ill? I couldn’t determine for sure He often posts random abusive comments at throughout the day and night and appears to set alarms for odd hours to get up purely to post a comment and then go back to sleep, that’s the way I understood it after speaking to him anyway so yeah to be fair the guy does have problems in his head. Each time I speak to Greg he says he Is going to back off and stop making up random things but each time he pops back up with more comments.

So Greg, I called you today after your most recent tirade and it seems you don’t want to speak to me anymore… you were quite obviously available and then I’m patient enough to wait and you simply hang up the call on me! Then when I call back you refuse to answer.. poor show buddy. I saw you were trying to get Seoidiot into a boxing ring, lmao! SES London is on this week, why don’t you come up and say hello to everyone? Maybe you’ll like us OR Maybe you could just do like you originally said and just move on and stop trying to harass people? No one is interested in you or out to get you (regardless of how paranoid you get), just leave people alone and everyones happy.

£1 UK domains

Just a quick post this one. Signup as a new customer at uk2.net and you can use the voucher code CJ20080331 to get a UK domain for just £1.15! Just process each domain you want as a new order and use the coupon code each time

Create unlimited gmail accounts

Well last time I wrote about a simple Gmail account creator I made and I talked about how I would be improving it and releasing updates. Unfortunately I don’t think I will be simply because I can’t be bothered. I didn’t use it myself and only made it as a little something to give out since a lot of people were talking about wanting one.

Anyway for those who encountered the limit of how many accounts they could create per IP address there is a way around it. When you create too many accounts from one IP address then google start giving you a captcha image which says “Sorry, we are unable to handle your request at this time. Please try again later.”

Make the captcha request from one IP address but then submit the signup information from a different IP. Google will only block the IP address that is used to submit the data and the IP address is only blocked from making a request to the captcha, not from submitting signup data. Therefore with just two IP addresses you can make unlimited gmail accounts. There is currently no cross checking to make sure the account used to request the captcha is the same as the account submitting the signup information.

So mod the script and go make your unlimited accounts

I couldn’t remember where I got this tip from because it was quite a long time ago but have since had a good smack round the back of the head since I wasn’t meant to out it.  Props goes out to Seocracy.

Links from oscommerce stores

It would appear that many people install oscommerce but then fail to actually implement it. If you happen to be in control of a oscommerce installation then obviously you can modify it to your requirements, including putting any links on there that you like to.

If you wanted to find other insecure or abandoned installations then you could try search google for something like:

inurl:create_account.php “Installation directory exists at”

Obviously you would then contact the owner and let them know about the problem, not just install and modify it with your own links.

Available 2 character UK domains

There are very few 2 character UK domains left available and they get snapped up pretty quick so without further delay I have provided a reasonable list below Go get yourself one today just for the hell of it :p

At the time of posting these are the ONLY 2 character UK domains (.co.uk, .me.uk, .org.uk) available to register.

• b0.me.uk
• d0.me.uk
• e0.me.uk
• f0.me.uk
• i0.me.uk
• j0.me.uk
• k0.me.uk
• l0.me.uk
• m0.me.uk
• o0.me.uk
• p0.me.uk
• q0.me.uk
• r0.me.uk
• t0.me.uk
• u0.me.uk
• v0.me.uk
• w0.me.uk
• x0.me.uk
• y0.me.uk
• z0.me.uk
• 9a.me.uk
• 0b.me.uk
• 4b.me.uk
• 5b.me.uk
• 6b.me.uk
• 7b.me.uk
• 8b.me.uk
• 9b.me.uk
• 0c.me.uk
• 3c.me.uk
• 5c.me.uk
• 6c.me.uk
• 7c.me.uk
• 8c.me.uk
• 9c.me.uk
• 1d.me.uk
• 5d.me.uk
• 6d.me.uk
• 7d.me.uk
• 8d.me.uk
• 9d.me.uk
• 0e.me.uk
• 1e.me.uk
• 5e.me.uk
• 6e.me.uk
• 7e.me.uk
• 8e.me.uk
• 9e.me.uk
• 0f.me.uk
• 1f.me.uk
• 3f.me.uk
• 4f.me.uk
• 5f.me.uk
• 6f.me.uk
• 7f.me.uk
• 8f.me.uk
• 9f.me.uk
• 0g.me.uk
• 1g.me.uk
• 5g.me.uk
• 6g.me.uk
• 7g.me.uk
• 8g.me.uk
• 9g.me.uk
• 1h.me.uk
• 3h.me.uk
• 4h.me.uk
• 5h.me.uk
• 6h.me.uk
• 7h.me.uk
• 8h.me.uk
• 9h.me.uk
• 0i.me.uk
• 6i.me.uk
• 8i.me.uk
• 9i.me.uk
• 0j.me.uk
• 3j.me.uk
• 4j.me.uk
• 5j.me.uk
• 6j.me.uk
• 7j.me.uk
• 8j.me.uk
• 9j.me.uk
• 4k.me.uk
• 5k.me.uk
• 6k.me.uk
• 7k.me.uk
• 8k.me.uk
• 9k.me.uk
• 0l.me.uk
• 3l.me.uk
• 4l.me.uk
• 5l.me.uk
• 6l.me.uk
• 7l.me.uk
• 8l.me.uk
• 9l.me.uk
• 0m.me.uk
• 7m.me.uk
• 8m.me.uk
• 9m.me.uk
• 1n.me.uk
• 3n.me.uk
• 4n.me.uk
• 5n.me.uk
• 6n.me.uk
• 7n.me.uk
• 8n.me.uk
• 9n.me.uk
• 1o.me.uk
• 3o.me.uk
• 4o.me.uk
• 5o.me.uk
• 6o.me.uk
• 7o.me.uk
• 8o.me.uk
• 9o.me.uk
• 3p.me.uk
• 4p.me.uk
• 6p.me.uk
• 7p.me.uk
• 8p.me.uk
• 9p.me.uk
• 0q.me.uk
• 1q.me.uk
• 3q.me.uk
• 5q.me.uk
• 6q.me.uk
• 7q.me.uk
• 8q.me.uk
• 9q.me.uk
• 1r.me.uk
• 3r.me.uk
• 4r.me.uk
• 5r.me.uk
• 6r.me.uk
• 7r.me.uk
• 8r.me.uk
• 9r.me.uk
• 0s.me.uk
• 1s.me.uk
• 3s.me.uk
• 7s.me.uk
• 8s.me.uk
• 9s.me.uk
• 1t.me.uk
• 4t.me.uk
• 5t.me.uk
• 6t.me.uk
• 7t.me.uk
• 8t.me.uk
• 9t.me.uk
• 0u.me.uk
• 1u.me.uk
• 3u.me.uk
• 5u.me.uk
• 6u.me.uk
• 8u.me.uk
• 9u.me.uk
• 0v.me.uk
• 1v.me.uk
• 3v.me.uk
• 4v.me.uk
• 5v.me.uk
• 6v.me.uk
• 7v.me.uk
• 9v.me.uk
• 1w.me.uk
• 3w.me.uk
• 4w.me.uk
• 5w.me.uk
• 6w.me.uk
• 7w.me.uk
• 8w.me.uk
• 9w.me.uk
• 0x.me.uk
• 5x.me.uk
• 7x.me.uk
• 8x.me.uk
• 9x.me.uk
• 3y.me.uk
• 4y.me.uk
• 5y.me.uk
• 6y.me.uk
• 7y.me.uk
• 8y.me.uk
• 9y.me.uk
• 0z.me.uk
• 3z.me.uk
• 4z.me.uk
• 5z.me.uk
• 6z.me.uk
• 7z.me.uk
• 8z.me.uk
• 9z.me.uk
• 02.me.uk
• 03.me.uk

Buggy driving in vegas desert

During pubcon vegas I took some time out to go driving in the desert in a one seater buggy and MJ drove a 2 seater. It was absolutely crazy but a great experience.

The company was used for buggy driving in vegas was called Sun Buggy Fun Rentals and the deal is pretty good. It’s basically $300 and they will arrange pickup and drop off at your hotel, they supply you with all the safety equipment you require and give you 2 hours of ride time(we actually got about 3) and after the drive will give you bottled water and some food. You will also be given a rather bright tshirt..

Although it was great fun and overall very worth the money, I found some of their rules a little unfair. For example if you were to roll your buggy then they will fine you $500. The thing is these buggies have heavy duty roll cages and could easily take a roll without causing any damage at all, they’re more likely to get damaged when you’re speeding over small hills and taking off and landing hard like 10 times in a row than a roll in the sand. Although it’s quite hard to roll it, it’s not impossible and we did see it happen.