Blackhat SEO – Esrun

Namecheap checkout referal

I actually can’t beleive this! I had to renew some domains in Namecheap so I sign in and choose to use funds already in the account. Should be a 1 minute job I think..

I get an error saying my checkout request was invalid.. so I hit back and click proceed again.. same error. Then I decide I have no choice but to read the error. You must have referral data turned on! WHAT THE HELL!? I have my browser referal data disabled in firefox and I can’t believe there are people out there using referal data for checkout/basket systems.

Get with the times namecheap!

AOL Hometown alternative host

Want to make a quick buck? There’s still money to be made in free webhosting. All that free content, all those places to inject links or for those darker people maybe even drop a little something.

Anyway, AOL Hometown is closing its doors which means there’s currently thousands of people looking for a new free host and most of them have no clue how to move their stuff over or where to go because… well because they’re AOL users.

Go buy yourself a cheap dedi, chuck together a script that will automatically scrape the users content (or use their FTP details) and host it for free.

You’ll get good publicity for being their savour and you’ll suddenly be in control of thousands of sites

Why don’t I do it? I’m busy!

Youtube music player

There’s a project I have wanted to do for a long time but I can’t see myself ever having the time. However I’m sure someone out there might be interested so here it is…

Everyone knows you can find pretty much any song old and new on youtube, I myself use it quite often instead of downloading songs.

What would be great is a community site where you can enter an artist (similar to Last FM I guess) and it brings back all songs by that artist, maybe split into correct albums if you know the right places to scrape and use as a consolidating database.

You could then select the album you wanted to listen to and using a fancy ajax front end, automatically switch between each song so you can just leave it open and running in a firefox tab.

Each song/video could be rated on its accuracy and quality by users and also have its youtube ratings checked since there are usually many variations of songs available on Youtube, some better than others.

The system would let you save, search and rate others playlists.

So if you’re bored, sitting there thinking what you could be coding…. do this!

Linking to bad sites

I recently performed a test which actually quite suprised me.

For years there has been the obvious talk of linking to bad neighborhoods but its always been hard to know for sure which sites Google considers “bad”. When I started seeing those “This site may harm your computer.” warnings last year, it got me thinking. But I never really made anything out of it until recently.

When you search for certain terms in Google, you sometimes see sites marked with the aforementioned warning and when you click them, you get taken to a second page giving you another warning about the site having badware (malware,spyware etc). The great thing is, the warnings are based on reports from StopBadware and they provide a wonderful tool which lets you search for Badware sites.

The great thing is, you don’t have to know any urls, you can do a general search such as “online.com” and get back a nice list of sites:

So we have a list of badware sites submitted by Google, sites they have absolutely without a doubt considered to be bad/harmful.

Next I updated a range of different pages to link to these bad sites. Blog posts, blog comments, profile pages and a normal web page. I threw some links at all these sites I had modified and waited for Google to visit them. To my suprise Google visited them, updated the cache showing the badware links but their positions in the serps were not effected at all!

I probably should have also tested it as a sitewide link on a site to see if this would change the outcome. Also I should try changing the links from badware to spammy networks(e.g sites which have recently lost their PR for being spammy/selling links etc) and see how that works out. But in general, is linking to bad sites going to hurt you? Unlikely…

Not to say interlinked networks don’t get hurt

Free PR links

This is a method of getting free links. The links:

• Have Google PageRank (PR)
• Allow you to use your keywords as the anchor text

I’m not going to argue about how accurate PR is. At the end of the day, it’s a quick and easy way to see how much a link is likely to help you. If a page has a PR4 for example then the chances are it has at least a few external links going into it and wil benefit you in the serps.

After you have done your on-page SEO, it comes down to links links links! If you want to rank for the word “Bingo” then go ahead and buy/spam/socialise(link bait etc) 1,000 links from high quality sites with the anchor text “bingo”.

I was actually using this method quite a few years ago but in a slightly different way which I will save for the next post

Quick overview
The basic idea is to look for forum posts which already have PR, we then signup to the forum and post a relevant message on the post. After a day or two, we return to the post and edit it to include our link.

Full process

Step 1
Install an add-on for your browser which allows you to view the pagerank of each search result in Google. This allows us to quickly see which forum posts have PR without having to visit each individual page. You could use SEO For Firefox or SEOQuake

Step 2
We start by searching for forums, it’s that simple. For example, we might perform a search for vBulletin Forums.

Step 3
Select one forum from the results of step 2 and do a site: search on it.

In the screenshot above you can clearly see there is an internal thread which has a PR2 (a tell tale sign for vBulletin forums is the use of a default URL structure.. showthread.asp?t=xxx).

Step 4
Signup to the forum and verify your account. Make a relevant post on the previously found thread.

Step 5
Repeat step 2-4 many times and ensure you keep a note of all the posts and your login details.

Step 6
Leave it a day or two and return to each of your posts, login and edit the post to include your link!

Great, a free link with my chosen keywords as the anchor text from a PR2 internal page!

Top Tips

• Ensure the thread you’re looking at has only one page worth of posts, so that when you make your post, you’re also on the page with PR
• Take the time to write a relevant on-topic post. These are free, reasonable quality links and worth putting the few minutes of time! If your first post is spammy or “Wow, great thread!” then it will be removed as spam within minutes on most forums.
• Most of the threads with PR will be reasonably old, this is because toolbar PR obviously only gets updated every now and then. As such you should come up with a convincing reason for why you’re dragging up a post that is 3 months or even 3 years old! The way to do this is to associate yourself with the thing being discussed, if someone is talking about a problem then describe how you have the same problem and even if there’s a solution, state that it doesn’t help you and request further advice.
• The longer you can leave the post without editing it the better. If you leave it for a short amount of time only then there is a chance someone will notice the edit and report you to the administrator. Be aware that some forum software does put a time restriction on how long you have before you can edit a post, I haven’t ran into this problem many times.
• Mix up your search in step 2 so that you don’t hit the same forums as other people.

Side note
Because I’m making this blog post, there is a good chance that the owner of the forum I used as an example will notice and remove the link. Don’t be put off by this

MSI Wind review

Well I finally got my hands on the MSI Wind which in my opinion is better than the eeePC. It compares closely to the eeePC 901 which hasn’t been released yet.

It uses the new intel atom processor and has an 80gb standard HD rather than a smaller solid state like the eeePC 901 uses. It’s slightly larger than the 901, but only just! They have made good use of the space to fit in a 10″ screen and a larger (more usuable) keyboard than the 901 by stretching it right to the sides of the chasis.

I haven’t done much testing yet but I can confirm it came with windows XP service pack 3 and it comfortably plays age of empires 2 and 3 To save battery I hit FN+F10 and it turns down the screen brightness and underclocks the CPU to 800mhz.

I took some pics comparing the MSI Wind to my macbook Pro and a 2g eeePC…

MSI wind VS Macbook Pro

MSI wind VS 2g eeePC

Image 2

Image 3

Oh and I also got it to run Backtrack3 from an SD card… Image 4
. How?

Cookie stuffing revisited

Recently my blackhat seo hacker friend Chewie went on some seomoz thing and talked briefly about cookie stuffing.

Before reading any further you might want to read my post on dropping affiliate cookies which explains what/why/where/when and also my cookie stuffing code examples page. However if you already know the basics then you can get going much quicker by sticking with this post.

I decided to write this post because the amount of emails I recieved all asking the same questions.

Avoiding high (100%) CTR when dropping cookies

One problem with dropping the cookies on every visitor is that it will result in a 100% CTR which can be an obvious flag that something isn’t right. To avoid this you can take a couple of steps, depending on how much time you wish to put into it and your coding skills.

The simplest way to avoid this problem is to use PHPs rand() function to select a random number between(and including) 1-4 and then only output the code to drop the cookie if the number equals 1. This method won’t allow you to set an exact percentage because the number chosen will always be random. Out of 100 visits, it might select the numbers 2,3 and 4 30 times each while selecting the number 1 only 10 times.

Code sample:

If you have time then you might want to code something more advanced. For example:

• Drop cookie only once per IP address
• Keep a daily count of visitors and then limit how many people you drop the cookie on the next day. For example if you have 1000 unique visitors on Monday, on Tuesday you will drop the cookie on a maximum of 200 people.
• Log every visitor and only drop a cookie on every tenth visitor
• Etc.

Avoid getting caught forcing cookies on users

A lot of people have said, surely it’s easy to get caught forcing cookies on people if you have an iframe where the source is the affiliates page. This is true to some degree. You should take the following things into consideration:

• The iframe method is the most basic and is intended as proof of concept rather than real world usage
• If you have been an affiliate for awhile and your CTR isn’t ridiculously high then there’s no reason the advertiser would ever check your site for cookie stuffing

So what is a safer method than Iframes for dropping the cookie?

A safer method of dropping the cookie would be using a false image which redirects to the affiliates page that has the HTTP Cookie header. The browser will try to load the image, be redirected to the affiliate page and although it won’t process any html on the final page, it WILL read and process the HTTP headers… including the one which places the cookie It’s crucial that you redirect to the exact page that has the cookie header, so be careful if the affiliate site redirects a lot of times before landing on its final page so that you select the correct one which is dropping the cookie.

The simplest way to do this would be using a .htaccess file which says, if there is a reference to “tracking_pixel.jpg” then redirect it to xyz affiliate page.

.htaccess Code sample:

You now edit your site template so that every page includes the image:

Now, even if the affiliate decides to come and take a look at your sites source code, they’re going to see nothing which catches their eye. If for example you had a website which sold clothes then the chances are you’d have a lot of images named blue_shirt.jpg and such like. So in this case you could easily name it red_shirt.jpg and have it mixed in somewhere in your template and they’d never know!

An even safer image cookie stuff..
Whilst it’s extremely unlikely, it is possible that someone checking your site for stuffing could try loading tracking_pixel.jpg into their browser and then they’d be redirected to the affiliate page and guess something is amiss. To combat this, instead of using .htaccess to redict to the affiliate page, we will instead tell it to treat a file named tracking_pixel.jpg as a PHP file.

.htaccess Code sample:

Now we put PHP code in tracking_pixel.jpg which checks the referring page. If the referrer is empty then the user has gone direct to our image and we should output a 404 error, if there is a referrer then the image has been included on a page and should be redirected to the affiliate site.

tracking_pixel.jpg code sample:

So now just include the following code on any page that you wish to drop cookies from:

Also note that you’re not limited to including the image on your own site! You could also include it on forums and such like… basically anywhere that will allow you to place images. So if you signed up to a popular bingo forum you might decide to start becoming a regular poster and dropping cookies for all the well known bingo rooms.

I think this pretty much covers most of the questions which have been asked

Dropping affiliate cookies

So I have run into a bit of a debate on the syndk8 forum about the legalities of the whole cookie dropping thing.

Let me make something clear from the get go, I personally don’t give two hoots about people doing this. I have tried it in the past as proof of concept and in the end decided against it for the moral reasons. I have and probably will again do worse in the future so don’t think I’m against other people doing this for moral reasons.

Talking about click bots for adsense on the forum is a complete no-no and will result in an instant ban, why? Because it’s click FRAUD.. you’re earning money in a fraudulent way.

What is an affiliate?

To increase traffic and sales, certain companies run affiliate programs where they will pay you a nice bit of money for each person you put through to them who purchases an item. For example someone may run an ebay banner on their site and if a user was to click onto that and buy something then the site owner running the banner would earn a little bit of money.

What is cookie stuffing?

Each time you send someone through to the affiliate site, e.g ebay then a cookie will be dropped onto their system which lets ebay know exactly where the user originally came from and then if they buy something you will be sure to earn a little cream off the top. Cookie stuffing or cookie dropping basically involves forcing this cookie onto visitors computers without them even knowing its happening and never sending them onto the affiliate site (e.g ebay). The normal place for this to happen is large busy forums which have thousands of users passing through every day and having multiple cookies dropped onto their systems for different companies without even knowing.

What’s wrong with this?

• The affiliate is paying you on the basis of you introducing traffic and sales to their website. However you’re not actually doing this, you’re forcing cookies onto their systems in the background and when they go and buy something from ebay you’re claiming a little bit of money for it. Ebay are paying you for traffic you didn’t even introduce and therefore you’re defrauding them. They were going to have the sale regardless of you, the only reason you’re being attributed for the lead is because you used shady tactics to drop a cookie.
• Another problem with this is that your cookie may overwrite the cookie of a legitmate affiliate who is working hard to generate genuine traffic. So you’re taking money that they would have earnt.

Let me compare this to another regular online fraud.. People have been known to run google adsense on their sites but instead of having legitimate clicks, they use javascript to force the user to click on an advert without even knowing. By having the advert clicked they have just cost the advertiser money for a lead and earnt themselves a little bit of cream. Usually the end user will not see the resulting page of the ad click. Similar level of fraud.
What affiliate companies does this effect?

The methods used are pretty universal and can be used effectively against everyone from ebay to poker companies.

How are the cookies dropped?

See my page on cookie stuffing.
Temporary conclusion

I’m not lawyer and I’m not really one to judge what’s right or  wrong. To me, you’re claiming money for putting leads through to them which you actually aren’t which seems like fraud.

Quick post

This is just a quick post with no real seo focus.

To start with, I have a special promo for Boysstuff this week! 25% of anything in their catalog. Okay their prices are a little high to start with but with 25% off they’re pretty good! Just use the coupon code RTN25 before 31/03/2008.

The old saying is that the way to a mans heart is threw his stomach.. the way to an SEOs contacts or knowledge also seems to be the same way as I recieved a box of kitkats today from SEOIdiot as a bribe lol! He knows I would tell him anyway but he does like to have his little jokes. So thanks for that

I’m going to be doing a few posts on targeted offline spamming</strike> I mean advertising soon. I’m sure everyone has thought about it before so keep an eye out for the future posts

I’m also going to start offering online versions of some of my scripts so you can use them quickly online without having to download them and put them on your own hosting

Negative SEO – Duplicate content

Duplicate content has been a problem for people for a long time. The basic idea is to create many copies of the content on someone elses website to confuse search engines about which one is the true author of the content and force them into supplemental results. Generally this method is unlikely to work on a large, long standing authoritative website but for reasonably newly launched websites, sites with low authority (low links, low quality pages etc) then it can be an effective method of keeping them out of the serps.

If you’re unsure why you’d want to do this then maybe you’re on the wrong website! Lets say you have a couple sites up high for the term “office printers” and you see a few new guys pop up, you’d simply get as many other sites indexed with the same content as these new guys to confuse the search engine about who is the real owner of the content and have them penalised. The more links you can point at the proxy urls to get them indexed and healthy the better.

Spreading the content out over different sites can be an expensive and time consuming process, especially if you want to replicate a lot of content. One way around this is to use a web proxy url maker just like the one I created. This works by using a list (right now, about 1000) of different web proxies and generating a list of web addresses based on the address of the content you want copied.

So for example if you were to enter the address http://www.esrun.co.uk as the address you wanted to be duplicated then the software would output a list like the following:

http://fatmonkey.ch/index.php?q=SFR0UDovL1dXdy5lc1JVbi5jby5VSw
http://hidewebsites.com/index.php?q=aFRUcDovL1d3dy5Fc3J1bi5DTy5Vaw
http://compensates.info/index.php?q=SFR0cDovL1d3Vy5lc3J1Ti5DTy51Sw
http://unblocking.cn/index.php?q=aHR0UDovL1d3dy5FU1J1bi5DTy5VSw

There are actually other benefits of using this software. For example if you were spamming a social network and was fed up of having your spam detected based on the same constant URL then you could simply generate a list of web proxy urls to use instead.

Check out the Proxy url creator now