Black Hat Tools

(Special thanks to Insomniac of Digital Cyber Soft for posting most of the following in our forum):

What is a proxy?

In it’s simplest form a proxy is a relay for data between two computers. A proxy can be anonymous, or not anonymous (transparent). As with most things one proxy does not fit all situations, so you will have to find the most appropriate proxy to the task you wish to complete.

What does that have to do with SEO?

This completely depends on what you wish to accomplish. The two most common purposes for proxies in the SEO industry are firstly to spoof (or fake) your country of origin, and secondly to get around various filters imposed on you by various websites.

Why would I want to fake my country?

There are many reasons, not all of which are Black Hat. In the past I have had a Right Media rep tell me to use a proxy to test geotargetting (serving diferent ad or content to diferent regions). From a Black Hat perspective, you might wish to artificially make it appear you receive a higher percentage of U.S. traffic (or any other region for that matter).

Why do websites filter by IP usage? Don’t they wan’t the traffic?

Alot of websites offer some great services which are useful to everyone. However if their server load is too high their costs increase. Or they could be in a situation where the data they provide is valuable, so they only provide small ammounts of it at a time. Most sites which filter traffic do so on a per IP basis, and only rarely filter by C block’s (the last digits of an IP 192.68.0.XXX).

I get it, proxies give me more IP’s to abuse, but why would I care about being anonymous?

Apart from the obvious situation where the service you are accessing is copyright, there are plenty more reasons. For example, if you are creating multiple accounts on a service such as Digg, your IP you use makes it very easy for moderators to locate your fake accounts and remove them. However if each account has diferent details and no logical link between them then you are far less likely to lose your accounts all at once.

Sounds dodgy, are proxies legal?

This is a rather touchy subject, most free countries have no laws against using proxies aslong as you don’t have to bypass any security to use it. This means, if the proxy requires a username and password to access it then unless the proxy owner has given it to you, you are not legally allowed to use it. Thankfully, Black Hat SEO techniques do not include illegal activities, but if one were to step over that border then a proxy is a must.

Is it ok to transfer sensitive information over proxies?

Unless you own and run it, absolutely not. People have been known to setup Honeypot (system activity monitor) proxies to do jut that, steal information.

Wow, proxies are great, but where do they come from?

A large ammount of the time proxies are setup by accident. System administrators intend to set one up for their network and accidentally forget to deny external traffic. Certain types of proxies such as Socks (not made for the feet) are more commonly spread by viruses for email spam purposes.

Ok, I got myself some proxies, but they none of them seem to do anything, whats the deal?

Quite simply, most people who provide proxies do not test them properly first. Due to the nature of proxies they regularly go down, and run under some odd parameters.

Your average proxy list goes through one stage checking against what is called a “proxy judge”. However, due to the nature of checks in the average standalone software — it’s not always possible to detect whether a proxy is truly active or not. This leads to many false positives about whether the proxy is active and even about its’ anontmity.

The system we use to build the proxy list for proxy.seoblackhat.com goes through a considerable ammount of tests and frequent rechecks. The entire list of public proxies is rechecked roughly once every two hours. Access to the proxy list is a new benefit availabe to forum members.

A script to fetch the proxies has already been created and posted on the boards.

Tagged Forum, Proxies | 2 Comments »

Normally, buying and using an aged domain with existing backlinks for a new project is the best option for a webmaster. However, if you already have a sizable network of sites and tons of great contacts in the industry, you should consider selecting a name that is brandable and fits with what you are doing.

This process can pay large dividends later on when your brand name becomes synonymous with the service you offer. Plus, brainstorming doesn’t have to be a painful process – you can have fun while being productive. After all, when the game stops being fun, it’s time to find something else to do.

Take the example of Levi from boogybonbon. About a month ago, we started talking about an incredible new Keyword service he was developing.

These excerpts from our ICQ conversations should help you when you’re brainstorming about a new project:

Session Start (L3vi): Tue Aug 15 18:09:04 2006
L3vi: I’m asking a handful of friends. Got any good ideas for a keyword search service domain name? The guy at searchables.com will not sell me the domain no matter what I offer so I’m now scratching my head on something that is marketable to the point that I could standup to wordtracker or better.
QuadsZilla: consider something brandable without kw
L3vi: yeah.. that’s what I been trying..
L3vi: looking for something with word or keyword.. or something that will feel like keywords stuff. lol seo, design, marketing is easy.. this is always the pain in the ass stuff.
QuadsZilla: keywordalizer
L3vi: hmm not bad how about wordalizer.com
QuadsZilla: you could also go with something like keywordromp
QuadsZilla: wordromp
QuadsZilla: if its avail
L3vi: that sounds like a sex site. ;p LOL
QuadsZilla: = more traffic!
L3vi: how about wordzar
L3vi: wordzar.com
QuadsZilla: is that how you spell zar?
QuadsZilla: isn’t there another letter in there?
L3vi: yeah
L3vi: its tzar or also spelled ZAR
L3vi: ref dictionary.com
QuadsZilla: wordbot?
L3vi: taken
L3vi: Zar may refer to: Alternative spelling of “Tsar” was the official title of the supreme ruler in the following states. ref wikipedia
QuadsZilla: that’s what i was thinking
L3vi: that one has come back around 3 times. Larry gives a B+. I’m middle ground about it, but been spitting out domain names all day so I’m getting run down on what sounds good and what is just another word. LOL
QuadsZilla: justanotherword.com
QuadsZilla: ;p
L3vi: lol
L3vi: “[16:55] l3vi: Thebestknownblackhatkeywords.com
[16:55] l3vi: lol
[16:55] l3vi: wordtrackertookalltheotherdomains-soimstuckwiththisshit.com
[16:56] Larry: lol”
QuadsZilla: i own yembi.com
QuadsZilla: if you want that
QuadsZilla: not too descriptive
QuadsZilla: but very “2.0″
QuadsZilla: you really going to start that on a fresh domain?
L3vi: don’t know if it feels right. Ill have to sleep on that..
QuadsZilla: that’s madness
L3vi: yeah. why not. LOL built my empire from fresh domains. ;p
QuadsZilla: back in the day
QuadsZilla: how about wordtacker?
QuadsZilla: wordtackler
L3vi: I could put it on boogybonbon.com, but I don’t know how well it will hold up on my blog for a service.
QuadsZilla: wordsmacker
L3vi: I don’t want to get in any wrangles with wordtracker of copyright and C&Ds
QuadsZilla: i know. i was kidding
L3vi: bbl going to go play some 360 and drink a beer. ;p get my mind off of it till I get a better idea.
QuadsZilla: you’ll think of it when you’re half drunk
L3vi: yeah then forget it. LOL

Finally, after he decided to take a break and walk away from it - it hit him:

Session Start (L3vi): Tue Aug 15 19:32:39 2006
L3vi: I did not even get down the steps. LOL I think I found it.. wordze.com
QuadsZilla: that’s GOOD!
L3vi: cool that’s 3 thumbs up.. Ill go with that. now im taking that break..

We’ve had tons of other talks about Wordze since. I finally got to take it for a spin last week and was VERY impressed with the caliber of the product.

From today’s official release:

Unlike any other keyword research service available today, Wordze.com provides users access to a whole new level of keyword research by giving users up-to-date historical and sessional data on keywords that are being search for by internet users through ISP’s or Internet Portals.

 

It’s head and shoulders above the other keyword research products out there and can even give you an estimate on how competitive a search phrase is with its’ patent pending “Wordrank” technology.

Already, forum members have a great domain tool to work with and a 50% discount on the profession Cloaking software Kloakit. Levi and I are working out the details on how exactly to give access to members of the private SEO Black Hat forum. It will most likely be some sort of discount and the ability to test drive the product.

Look for an announcement on that in the next week or so.

We will be announcing yet another service that is only available to members of the Private SEO Black Hat Forums tomorrow . . .

Tagged Tools, Forum, Domains | 2 Comments »

SEO Egghead has created a security tool to scan your web pages to check for Cross Site Scripting / HTML injection vulnerability.

It’s not designed for you to scan every site on the net. It’s more for checking select pages . . . probably because he doesn’t want his servers to assplode!

Tagged XSS, Security | No Comments »

You know that the best SEO Black Hats are doing something more than scraping, using a site generator, comment spamming, and pinging to be raking in more than $100k per month.

But what is it?

Right now, there is way too much good stuff that I simply can’t publish on the SEO Black Hat blog. If I posted these tactics and exploits they would immediately get all the wrong kind of attention. The detailed conversations about how exactly to abuse search engine algorithms, generate massive traffic, and what other Black Hats are doing must remain underground to retain their effectiveness.

But what if I told you that you could discuss these exploits with me without paying my $500 an hour consulting fee? What if I told you there was a way to join in on the private, cutting edge discussions with some of the best Black Hats and web entrepreneurs in the world?

Would you be interested?

Because now you can . . .

Today is the official launch of the resource you’ve looked everywhere for but never found:

The Private SEO Black Hat Forum

Normally what you get on forums are people who don’t know anything talking with people who don’t want to say anything. You can occasionally find amazing tips on some forums: but you have to dig through 400 crappy posts just to find one post that is useful. That becomes a huge time sink.

How are the SEO Black Hat forums different?

Quality: We’re not going to have any contests to see who can make the most posts. That just creates tons of crap that no one wants to read. Our focus is on quality over quantity. Our primary concern is with succinctly answering one question: “What works?”

Sophisticated: Many of the topics we discuss are very advanced and require a high level of technical or business acumen to appreciate.

Expert Discussions: The SEO Black Hat forums are not for everyone and they may not be right for you. If you are relatively new to SEO or building websites, then do not join the SEO Black Hat Forums: you will be in way over your head. There are plenty of newbie forums out there for you – this is not one of them. Our forums are for successful web entrepreneurs to develop strategies that drive more traffic and generate more revenues.

Forum Membership Benefits

Access to Expert Advice and Discussions
We have both White Hat and Black Hat Experts that are already benefiting from new tool development, techniques, scripts and the sharing of ideas.
Some members you may already be familiar with include:

* CountZero from blackhat-seo.com (Black Hat)

* RSnake from ha.ckers.org (Web Security Expert)

* Dan Kramer from Kloakit (Cloaking Expert)

* Jaimie Sirovich from seoegghead.com (Token White Hat / SEO Geek)

There are several other members that you are certainly familiar with who are using handles for anonymity. We have others who are more focused on security, vulnerabilities, and coding. There are still more that you are likely unfamiliar with but are nevertheless web millionaires.

Databases – Large Datasets
If you want your sites to have massive amounts of unique content you need large data sets. The trading, discussion and posting of large data sets is going on right now on our forums.

Expired / Deleted Domain Tools
Want to use to use the same domain Tool that I used to get a Page Rank 6 site in the Gambling Space for just $8? This domain tool is available for members to use for free.

50% off on Kloakit – The Professional Cloaking Software

Scripts – Several useful scripts have already been posted – interesting thing you may not have thought of before are being discussed and developed.

Exploits and Case Studies: The really good stuff I can’t talk about on the SEO Blackhat Blog is being discussed on the SEO Black Hat Forums. Right now, some of the conversations include beating captchas, domain kiting, data mining, hoax marketing, XSS vulnerabilities as they relate to SEO, and much more.

Pricing: $100 per month.

The price will soon be rising significantly as more databases, hosted tools, scripts and exploits are added. However, once you lock in a membership rate it will never go up and you will continue to have access to everything.

So, if you think you’re ready for the most intense Black Hat SEO discussions anywhere, then here’s what you need to do:

1. Register at the SEO Black Hat Forums.

2. Go to the User CP and select Paid Subscription.

I’ll see you on the inside!

Tagged Forum | 9 Comments »

We have confirmed that the professional Cloaking / IP delivery software, Kloakit, includes the Mediabot IP ranges. This way, in case Google is comparaing the content served to the Googlebot and Mediabot and penalizing if it is different, you will be covered if you are using kloakit and send the same content to both.

Tagged none | 1 Comment »

You may have heard me talk before about Roboform. It’s really a wonderful program if you have hundreds of passwords and sites to manage like I do. It securely saves all your Usernames and Password Information so you can log into any site with one click. It also saves Identities for when you have to give your information for signing up for an affiliate program (for example) and will generate secure, random passwords for you.

But let’s say you fried your hard drive and are going to your backup of all the passwords and logins. Well, you had better know all the URLs because it only saves the Name of the site, the Usernames and passwords in the backups - not the URLs Correction: it does not save the URLS on Default). This especially sucks for when you have saved long string IP address URLs with special functions embedded in them.

Just an FYI.

Tagged none | 8 Comments »

When we recieved this e-mail, we knew you would want to read about it:

Recently it has come to my attention that there are some serious security issues with the default RSS to Blog installations.

In my manual I recommend that everyone name the folder RSS2B3. This common folder name is part of
the security issue.

When your RSS to Blog installation becomes indexed in the search engines it is very easy to find and hack into it even without the password.

One of my customers pointed out to me exactly what hackers are doing when they find RSS to Blog folders. He made a very interesting set of videos that shows step by step how this happens and how to protect yourself.

Here is what I learned by watching his videos …

Anyone who finds your RSS to Blog folder can simply look at the ’settings.php’ file or the ’settings’ folder from the browser and see all of your blog settings.

If you go to your installation right now and type in http://domain.com/RSS2B3/settings.php

Or http://rsstoblog.com/RSS2B3/settings/

You will see all of your blog settings, URLs and even passwords. Anyone who can see that file can use that info to log into all of your blogs and do what ever they want. That possibility makes it very important that you update and add the .htaccess file to your folders immediately.

There is a simple way to prevent this. And I am going to explain how.

The first step is to make sure your RSS to Blog folder does not get indexed. Dont link to your installation from forums, or any where public.

If you have the RSS to Blog installation on a domain that does not have a frontpage this is a problem. You should always add an index page to every domain. Even if you are only using the domain to host the software. It is not very uncommon for a domain to get indexed even if you never submitted the domain to the search engines. If you do not have a index page on that domain, then every folder on that domain is visible to the world.

The next step is to make your installation harder to find. Name your RSS to Blog folder something other than RSS2B3 or RSS2B or RSS.

You can rename your folder at anytime, it will not effect your files, but you will need to change the path in your cron jobs if you choose to rename the folder.

The next step is to use something called an .htaccess file on your server. In this file you can add code that will block people from seeing your settings.php file or the contents of your folders.

I am including a link to a small update that includes the .htaccess file you need for your installations Download and install it today.

If you need help further understanding anything I wrote here The customer who told me about this (Eric Grigsby) actually created a set of videos that I thought were very good. It explains exactly how the security flaw was discovered and how to install the .htaccess file to your folder and test it.

If you need you can watch Eric’s great videos

If you purchased RSS to Blog in the last few days the security patch has already been put in the package for you. So you do not need to update.

Everyone else should update immediately.

Michelle Timothy

 

I like that Michelle is proactive on the security front. It gives me a little more confidence in the product, RSS to Blog.

Tagged none | 4 Comments »

You’re broke as a joke but want to cloak: So what can you do? How about a free cloaking script?

Let’s say you’ve used widgetbaiting or the markov chain to create 30,000 pages of unique content about bacon polenta recipes. Of course, no human surfer wants to read those pages but they are great spider food.

Well if you don’t want to use IP delivery like you’re supposed to, you can use this code to send your surfers to a sell page with text written for human consumption.

Now, this is not some unsneaky java redirect that will get you banned in the Search Engines. * If you use this code, you may get banned in some search engines.* Rather, it’s a error loophole designed for you to exploit:

<img src=nofilehere.gif onerror=window.open(’http://seoblackhat.com’,'_top’)>

Just make a page with any kind of spider food / keyword spam that you want on it and then add that line to the page.

When surfers visit the page, they will be sent to “seoblackhat.com” because the requested image file does not exist (therefore there will be an error). The spiders and search engines, on the other hand, will all see the original page.

This free cloaking script is inferior to premium cloaking software for many reasons. If you are scraping content, this method does nothing to help you get past duplicate content filters. This free cloaking code does not protect your code from surfers or your competition. Surfers will briefly see these spider food pages load. They may, in turn, report you to the search engines who could decide that using this code in the manner described is abusive. So, I would not recommended it for sites that you cannot afford to have banned.

Many high profile sites and fortune 500 companies use Cloaking to send different content to different IP addresses. But they don’t use code like this or cheesy redirect scripts - they use sophisticated cloaking software - IP delivery is the safer and preferred way to cloak. Honestly, I’ve never even heard of someone actually getting banned just for IP cloaking. I know that people do get banned for using crappy JavaScript redirects but in my opinion, getting banned for IP Cloaking is one of the great Black Hat SEO myths; it just doesn’t happen.

Tagged none | 3 Comments »

We are doing some rapid development on an open source portal builder called RSSGM. The project page is http://rssgm.sourceforge.net. Right now it is a working basic sitebuilder with several different integrated content engines and revenue opportunities. We have just introduced a new module that does content scraping combined with keyword targeted paragraphs spun through a Markov Chain generator. We can spin hundreds of unique articles out of one keyword reducing duplicate content.

Thanks!

Elvis The Pelvis

Tagged none | 12 Comments »

OK, Sammy’s Myspace Friends Javascript was pretty freaking cool. So what is this Frame-Buster Javascript and what’s so great about it?

How many of you have been the victim of Google Image searches?

I say victim because we’ve tracked how poorly this bandwidth suck converts into any kind of cash.

If you’ve ever used Google Image search you know how the deal. Google first displays ~20 thumbnails of images. If a surfer clicks on the thumbnail she is brought to a page with a thumbnail of your image in a frame above your page. This frame says “See full-size image” and gives the URL of your image. This way, the surfer can view your image without the bother of looking at your site.

This kind of traffic does nothing but leech bandwidth – it is traditionally the worst kind of traffic you can have on your site (it’s as bad as exit traffic from a pop-under).

Until now.

Now, seoblackhat.com doesn’t use many images. As such we don’t have much image traffic. But do a Google Image search for “SEO black hat” and click on one of our 2 image thumbnails to see what happens.

Instead of that bandwidth leeching frame, you are redirected to the page the image came from without a frame.

Now this doesn’t matter much for sites with minimal Google Image traffic, but for some of our adult sites this is huge. If you have any kind of image search traffic, this Frame Busting Javascript will help you monetize it:

<script language=”JavaScript1.1″ type=”text/JavaScript”>if (parent.frames.length
> 0) top.location.replace(document.location);</script>

Just put that script in your header and you’re done!

Tagged none | 15 Comments »