Holiday Spam Splurge
Some of you might not remember this, but Virante runs an anti-linkspam tool called LinkSleeve which allows you to easily filter link spam from any online application (blog, forum, guestbook, wiki, etc.) The tool is very similar to Akismet (in fact, it was released on the exact same day as Akismet years ago). However, it does not require an API and uses XML-RPC rather than REST. Regardless, we experienced an interesting, headache-inducing phenomena over Christmas. While it is nearly impossible to determine if just a handful of spammers were responsible for the surge, we noticed a nearly 46% increase in link spam generated over the last 3 days. The variety of sources indicated that it was at least a handful of spammers, but it is difficult to determine if this was...
SEOMoz Quiz Feeds My Ego
SEO Dark Lord – 100%Are you an SEO Expert? I must say that every time one of these quizzes comes out, I have to go take it. It is an addiction which I am currently unable to crack. The last test I remember had more of a focus on industry news than SEO-specific knowledge, so I was able to perform a little better this go around. Go ahead and take a crack at it!
Exclude-by-Keyword: Thoughts on Spam and Robots.txt
Note: This solution is for spam that cannot be filtered. There are already wonderful tools to help with comment / forum / wikispam such as LinkSleeve and Akismet. However, this proposed method would prevent the more nefarious methods such as HTML Injection, XSS, and Parasitic Hosting techniques. Truth be told, I rarely use the Robots.txt file. It’s functionalities can be largely replicated on a page-by-page basis via the robots META tag and, frankly, we spend a lot more time on getting page into the SERPs than excluding them. However, after running / creating several large communities with tons of user-generated content, I realized that the Robots.txt file could offer a lot more powerful tools for exclusion. Essentially, exclude-by-keyword. The truth is,...
XSS Hole in Reddit Allows Gaping Access: Proof of Concept
Fixed by Reddit. So, a few months back Digg added a new feature that allowed users to invite and add friends more easily. Unfortunately, as I reported then, this hole allowed a site to automatically add friends if the visitor was still logged into Digg. This story did quite well in Reddit, often considered rivals, actually out performing the story on Digg which was, unsurprisingly, quickly buried. Nevertheless, an XSS hole in the handling of non-existing 404 pages has created a gaping hole which can allow a site to perform almost any site function we would want. To be fair to Reddit, I figured the Proof of Concept should mimic the same one as I did for Digg, an auto friend adder. If you are reading this page and are logged into Reddit, assuming the hole has not...
Surfing As GoogleBot – Their IP, Their User-Agent, Their Bot Characteristics
After reading this article and this article which give frustratingly over-simplifications on user-agent spoofing to get past cloaked websites, I figured I should write something on how to REALLY behave like Google. Cloaking often goes well beyond this, using IP delivery, User Agent cloaking, javascript and cookie detection, and referer detection – all of which can be used to determine that you are you and not a bot. So, how do you beat all 5 major types of cloaking? 1. Beat IP Delivery: Use Google Translate as a Proxy, translating from spanish->english even though the site is already in English. 2. Beat User-Agent Cloaking: Use the FirefoxUser-Agent Switcher to spoof as GoogleBot 3. Beat Javascript Detection: Use the Firefox Web Developer Toolbar to turn...
Recent Comments