Holiday Spam Splurge
Some of you might not remember this, but Virante runs an anti-linkspam tool called LinkSleeve which allows you to easily filter link spam from any online application (blog, forum, guestbook, wiki, etc.) The tool is very similar to Akismet (in fact, it was released on the exact same day as Akismet years ago). However, it does not require an API and uses XML-RPC rather than REST. Regardless, we experienced an interesting, headache-inducing phenomena over Christmas. While it is nearly impossible to determine if just a handful of spammers were responsible for the surge, we noticed a nearly 46% increase in link spam generated over the last 3 days. The variety of sources indicated that it was at least a handful of spammers, but it is difficult to determine if this was...
New Google Strategy to Stop Effective SEO’s
No tags for this post.
The Anatomy of a Digg Silent Bury
There has always been a shrowd of mystery surrounding the bury feature at Digg. What percentage of buries are necessary to put a story to rest? Are the different types of buries (lame, duplicate, spam) considered differently? Is there an internal bury system for Digg employees? The latest in this series of questions that needs to be brought to light is what I call the “Silent Bury”. This is a unique set of circumstances where Digg removes the story from the listings (neither in upcoming or popular), but leaves the story on the site, and accessible via direct URL or search. This method effectively destroys the chance of a story succeeding, but does not seem to rely on the traditional bury methods that would also make a story difficult to access via...
Evidence-Based Search Engine Optimization
Over the last several years, our industry has produced myriad theories of how firms or consultants should go about SEO, each with their own set of shortcomings. Through these flawed systems, a new overarching theory of how our industry should behave has budded. First, let’s identify some of those flawed systems. Ethical SEO: A do no harm type of solution that strictly adheres to the guidelines of major search engines. Greatly inhibits the ability of a site to perform in the most competitive industries Follows a subjective set of ideals (whose ethics is right? mine is) Forces SEO’s to react drastically to position changes (such as Google coming out against reciprocal links or paid links) Performance-Based SEO: An elusive goal which attempts to create a...
Cross Site Request Forgery in Sphinn
I have removed the XSRF exploit, although you can click on the link below with the text “this story” to cause a vote to happen. Just imagine putting that into an iframe or an img src=, and it would accomplish the same thing w/o you knowing…. Thanks for the vote! If you are currently logged into Sphinn (or simply forgot to logout), chances are, you have just voted for this story. Sphinn’s vulnerability is one of the most common forms of XSRF, where the site allows actions to originate offsite without any authentication aside from the original cookie / session. There are multiple ways to prevent XSRF, the easiest of which is to generate a user-specific token for each action origination point on the site (a form, a link that votes, etc.) so...
Recent Comments