Archive for the ‘Link Dumping’ Category

Moveable Type Backlink Exploit

Do you want free backlinks? Does the Pope shit in the woods?

Boogybonbon has found a way to exploit the preview comment form to create backlinks from Movable type blogs.

From the post, MovableType preview button good for back links:

As long as the blog is not a MovableType 3.2/3.x the blog will give a nice URL that you can publish into a ping list and get indexed for back links. This is because the MovableType 3.x uses JavaScript to convert tags into a preview comment field and as we all know search engines cant see that.

Needles to say it only took me about 15 minutes to find 6 blogs with PR 5-8 and process the forms over to GET then post the URL’s into a couple ping sites.

Here’s how it works:

The preview comment button on movable type blogs uses the POST method but search engines require the GET method to index a URL. So, what you need to do is:

1. Download the firefox extension webmaster tools to convert the POST forms to GET forms.

2. Find Movable type blogs.

3. Open The “preview Comment” in a new window.

4. Convert the POST Form to a GET Form like this:

How to Convert POST Forms to GET Forms

5. Fill out comment however you like.

6. Press preview comment.

7. Instead of producing a url like this:

http://www.baseballmusings.com/cgi-bin/mt/mt-comments-pinto.cgi

it will produce a URL like this (images used for formating purposes):

Example of the moveable type Backlink Exploit

The links on the produced pages are NOT nofollow.

8. Now, you may want to use a service like tinyurl or a redirect to hide what you are doing (not required)

9. Ping that URL to the Search Engines in splog posts, guestbooks, or however you think best.

Pretty freaking cool, huh?

I’d like to add a quick reminder that you need sign up for the SEO poker Tournament by tuesday and email me your pacific poker username and website URL.

quadszilla (at) seoblackhat.com

Socializer – Freaking Awesome?

What’s the Socializer?

The Socializer allows you to easily submit a link to several social bookmarking systems. Instead of having a link to each social bookmarking website, you have a single link to all of them!

I haven’t installed it yet, but I’m going to. It looks really cool.

XSS – Cross Site Scripting flaw at Google

Via Slashdot, Web Security posted a message about a cross site scripting vulnerability at Google:

Two XSS vulnerabilities were identified in the Google.com website, which allow an attacker to impersonate legitimate members of Google’s services or to mount a phishing attack. Although Google uses common XSS countermeasures, a successful attack is possible, when using UTF-7 encoded payloads.

One of the links in the slashdot submission is described by Phosphor3k as:

Someone [who] is trying to get their Pagerank up by submitting the story with a name of “Security Test” and linking to their shoddy website. The site has only a few links, no content, and it says the page is for sale. Will slashdot ever get their shit together and stop posting submissions with blatant pagerank-whoring links like this?

We covered spam sites getting slashdotted earlier . . . so it must not be that difficult. If you have a compelling and timely story, you can often include a link to one of your sites and get it passed the mods if the destination page looks legitimate. To me, this is the ultimate in link dumping.

Create Inbound Links from Authority Sites with Exploit

This threadwatch discussion talks about a more advanced way of making authority sites link to you than simply trying to get the Rojo or Google results for your site indexed.

1. A series of pages are created on a domain say www.mylittlewebsite.com and the links point to a search request on one of these sites . .
2. Notice the formatting using HEX code when surrounded by a standard HREF tag this translates the link properly when the request is made to the authority websites POST for search – the result is properly translated into basic html. This is a clever coding exploit, this format ensures the request is properly formatted in basic HTML.
3. Obviously the request is a negative search result on the authority website, however particularly site searches will cache all results of local searches, successful or otherwise.
4. If these search results are spiderable content, then a robot such as Googlebot will view the cache results and see inbound links from a high profile authority site point to the domain in question.

Sometimes hex is not required. You just enter the tags the same as if you were coding html but into the search field of a site with the vulnerability. Other times, a hex converter can come in handy.

I have seen instances that include javascrips and other elements. The red cross search results (long URL) page is a PR 0, but I’ve found up to a PR 6 (someone on TW said they had a 7). I picked the Red Cross as an example to hopefully encourage donations.

All I had to do was dig around for a bit to come up with a healthly list. If any registered seoblackhat readers would like a few more examples, just drop a comment or e-mail me.

Update: Sites with HTML injection Vernerabilities are now available only to members of the SEO Black Hat Forum.

Exploiting Trackback Spam Vulnerability

More link dumping tech:

From threadwatch (nice find Nick), we have Brian at platinax revealing that trackback spammers have circumvented the Typpad no-follow tag.

However, as Seth’s blog indicates, if trackback spamming can not simply overcome basic automatic safeguards from SixApart, and also ensure they remain published on active blogs, then we may yet see the already serious problem of trackback spamming enter new levels of aggression.

Sounds like a call to action. Not to fix the weakness – but to exploit it! Even if they fix the problem, the dead blogs and people who don’t update will still be be handing out free links.

There may be more to it, but apparently only the first URL in a particular trackback has the nofollow tag.

Let’s assume we build an automated trackback spammer, and spam tons of sites. It should work to create backlinks that help SERPs for at least the next 6 months – probably longer. But even if Google decides to penalize sites for having links in spam-littered trackback sections, it just means we’ll have another Googlebowling weapon.

If your looking at tackling this project (or just curious), this Interview with a link spammer article is a nice read.

Free One-Way Page Rank 6 Link for 60 Days

Best of the Web is a directory project that has been running for 11 years. Many of their category pages are Page Ranks 5 and 6.

Some categories have as few as 10 total outbound links. These are NOT nofollow links so they ARE spiderable by all the search engines.

When I got this e-mail, I signed up:

We would like to take this opportunity to notify our existing members that Best of the Web is now offering a FREE 60-Day Trial on all Category Sponsorships! No Obligations. No Charges. No Kidding!

60 Days Free Online Advertising!!

The Best of the Web Premium Sponsorship program allows webmasters the opportunity to enhance their online visibility. Your premium sponsorship is displayed at the top of a relevant category of your choice as well as in BOTW search results. Learn More

Your first Premium Sponsorship is FREE for 60 days. The free trial period is limited to ONE sponsorship per person. Choose a relevant category and Start Your Free Trial Today.

Details of the Free 60 day offer are here at BoTW.

Check out the BoTW directory here.

Let’s see, 60-days Free on a page rank 6 with 11 outbound links – no obligation? That’s a no-brainer.

Spammers Guide to Link Dumping: Where to dump

So you wanna be a Seach Engine Spammer. Well, the art of link dumping can dramatically improve your Black Hat Search Engine Optimization projects. SEO Black Hats love to find great places to get free links – actually, doesn’t everyone?

Would you believe that some people still have guestbooks on their websites?

There are also people running blogging software that does not add rel=”_nofollow” to URLs in the comment section and people running link exchanges that don’t care if they get reciprocal links. These must be the same people that “opt in” to e-mail spam lists.

I guess if you really want me to spam you, I will.

While I’m not about to give you the real gems in my link dump list, I will teach you how to find them.

The first step in link dumping is to find Google search strings that returns a list of people that “want” to be spammed.
Examples:

This String

or Replace cooking in these strings with your keyword or niche:

example 2

example 3

Other link dumping phrase that pay include

“sign my guestbook” + keyword
“Page 1 of 1” + “Powered by phpBB” + memberlist
“powered by php guestbook” + Keyword
“Add your Website”

Third party hosted guestbooks are not useful and neither are the ones that add the nofollow tag.

As you go through these results, bookmark or otherwise note (spreadsheet) which ones are best.

As you see commonalities of the more spammable comment sections, guestbooks and link exchanges, you can modify your search string to return more qualified results.

Compiling a lists of where to dump your links is not fun, but it will help you get your Black Hat SEO projects better SERPs and make you more money.

The old school method is to just drop in links to your Black Hat SEO sites in these guestbooks, but that’s not very clever and went out of style over a year ago.

In my future posts, I’ll go into automating and semi automating the link dumping process as well as clever ways of making these links undetectable to the site owners.

If anyone wishes to share some of there link dump gems, feel free to leave them in the comment section.