SEOBlackHat QuadZilla on Jan 2 Episode Of Net Income
That is right boys and girls QuadZilla will be my guest on this weeks epiosode of Net Income and he is going to be interviewed by none other then Time Magazine’s Person of the year…. YOU!
So post your questions you want to ask seoblackhat then listen live on Tuesday Jan 2nd at 5pm. You can even call in if you like! If you happen to miss the live broadcast do not worry I will post a link to the podcast the next day (or as soon as webmaster radio has it done)
In Other news I was mentioned in the NY TIMES! I was pretty scared when my vanity ShoeMoney Google Alert went off but after reading the article I think its pretty cool. Its nice to be mentioned for once in a big name paper without sounding like a ass jacket.
(No Ratings Yet)
Loading ...
I Know I Have All Supplemental Results
For the last 6 months or so almost all pages on www.shoemoney.com have gone supplemental. I swear I think I get 1 email every other day at least letting me know that… So what does that mean? Well evidently Google thinks my pages have little value or something like that. Its ok… I rank #1 for Shoemoney and really that is all I care about.
Its kind of proving me wrong that just building good content and good links is enough… maybe I will have to do some actual SEO!
Its kind of fun to build a site that sucks in search engines and has no hope to get better. You actually can concentrate on what you want to do and not writing some spammy title for search engine traffic.
Here are stats so far this month. You can see the huge spikes when I made digg front page(s), Delicious Front Page/ and stumbleupon traffic. I was most surprised from the stumbleupon traffic.
Ohhh ya also notice the top 5 useragents are all FireFox Weeeeeeeeee!
(No Ratings Yet) Loading ...
Wordpress Black Tshirt!
Today I got this package…
Nice brown package and I opened it to reveal a Wordpress T shirt!!
Now I dont know who to thank?
There was nothing in the package to indicate who it was from just a card saying “Merry Christmas!”. Who ever you are thanks!
(No Ratings Yet) Loading ...
How Hackers Are Using Google To Pwn Your Site
As most of you know a few months back my site was hacked. What many people dont know is that was actually the first of 2 times the box was hacked. The first time the box was hacked I had made the mistake of making the web files on the server writeable by the web server. Again being this server (that my blog sits on) is not used for hardly any commercial activity I was a lot less security focus then something I would call “production” ready. I implemented mod_security and some other logging tools aswell as offloaded the server logs to a different server (yea the logs were owned by the apache user also).
So basically when I got owned the person found a file on my server that was web accessible which then he could execute commands on behalf of the web user. Now because the files and log files were owned by this user he could write to them and even delete them. Lucky for me this guy just wanted to put up his Turkish political statement and try to infect his virus to people. So all he did was do a search on the box for any index.* files and copied his index file to over write them. Then he also deleted all files matching *log. So it was pretty obvious how the person did it but I was not sure what file was the hole in my system. This is the point where you have to weigh catching the hacker vs running a box that has been compromised. Since I really only have blogs and a few low traffic forums running on this box I thought it would be a good chance to see what was vulnerable.
So I installed mod_security and ran it pretty hardcore. Over the next couple weeks I learned more about adjusting its rulesets to allow possibly exploitable code but log it. Nothing happened for many weeks then one morning I got a page that my box was not responding. I quickly attached to my remote server via its DRAC card (Dell Remote Access). The DRAC card lets me take control of the server as if I was sitting right infront of it. I could see the box was sitting in a “kernel panic” mode and that it had crashed. I rebooted the box remotely but kept most services down so I could investigate what had happened.
Sure enough I figured out that the hacker had been back and downloaded some files to the /tmp directory (which was world writeable). Only this time I had changed ownership of all index.* files so they could not write to them. I guess they realized that in order to take over my web server he was going to need to be a bit more aggressive so he downloaded a rootkit to my tmp directory then tried to run it but fortunately for me that made the kernel panic and the server was in a frozen crashed state.
I was able to figure this out and also exactly what file they used to execute commands on my box very quickly because it was pretty much the last thing in the weblogs before the box crashed. (yay!)
So now here is where it gets interesting…. Now that I had figured out how the person was hacking into my box I was curious how in the hell the person found the file. It was in a subdirectory that I had not used in YEARS. There was no link to it from anywhere on my site. The directory structure it was in was like … html/oldforums/oldstuff/badfile.php . How in the hell did this person find this file? Well after going through the logs greping for the ip range that hacked my box I found that the person found my site from Google! Specifically using Google code search. Now while this was interesting it still did not explain how the page was even indexed…. ohh wait I use Google Sitemaps and I had it on to index everything (the default setting) OUPS!!
Now to be honest… this is my fault. I in no way blame Google what so ever. I had old exploitable code on my server and I told sitemaps to index it so… my fault.
I have since been working with the sitemaps team and I had some suggestions to leave some files off by default (like .inc .func) or only allow common web files with extensions like .php .html .asp etc… I hope they do this cause as sitemaps gets more popular its only going to expose more idiot webmasters like me that run with the default settings.
Ok so just for shits I thought I would do some querys on Google Code Search to see what kind of exploits I could find. Now keep in mind this probably will not show your site but it will show code and versions that you might be running… so once someone locates a exploitable version of code they then could just search for “Powered By X” or whatever fingerprint you could put on the exploitable program/version.
Hmm I wonder If we could find some xss exploits…
lang:php (ECHO|PRINT) .*\$_(GET|POST|COOKIE|REQUEST|FILES)
100,000+ results
How About some SQL Injection exploits?
lang:php query\(.*\$_(GET|POST|COOKIE|REQUEST|FILES).*\)
3000 results
hrmm I wonder how easy it is to find host,user,pass for mysql databases…. Lets try:
100 results found.
This query might be a little puzzling for those that are not Google ninjas like me so.. I will explain. Basically we are checking for anything that ends in .php extension. Then we search the file for mysql_connect. If it contains Mysql we look for the pattern of a connection string. lastly we use the minus sign to get rid of all localhost databases (cause we cant access them).
So did we find anything interesting? Well…
Lets just look at the first 10 results:
www.ubio.org/downloads/XID.TAR.gz - Unknown License - PHP
connect.php$connection = mysql_connect(”RANSOM”,”GlobalWebUser”,”goober8″) or die(”Couldn’t connect.”);
$db_name = “dwf”;
Now in this case RANSOM is probably a local box…
ohh whats this:
$f = mysql_connect(”zeus.mbl.edu”,”tns”,”");
if (empty($limit)) $limit=50;
hrmm intersting….
more?
$db=mysql_connect(”62.149.150.11″,”Sql43254″,”M9dKTz3M”);
$selezione=mysql_select_db(”Sql43254_4″, $db);
I can post tons of other examples but I think I have made my point. Watch your logs for people coming from google code search and always make sure your running the latest version of your software.
Also keep in mind my searchers were only looking for .php files. This is a small percentage of all the different languages and filetypes out there.
Be scared. Be very scared.
(1 votes, average: 5 out of 5) Loading ...
Webguerrilla Bitch Slaps SEMPO and DidIT
When I speak in public or talk about SEM I always stress the 2 sides…. SEO and PPC.
My company’s story is pretty easy. We found success with SEO, made some decent checks with contextual advertising, then negotiated direct deals with affiliate programs that allowed us to leverage a higher payout for playing with PPC.
SEO - I started with Search Engine Optimization 3.5 years ago and its still my #1 focus. Its free but takes a lot of work and time. The whole goal behind SEO of course is to get top free listings in search engines without paying. Without my SEO skills I would be dead in the water. I often say I suck at SEO which mostly means for shoemoney.com I am just really lazy and do not care where it ranks.
PPC - I discovered Pay Per Click about 6 months ago when I set aside $40,000 to play with Adwords, Yahoo Search Marketing, Microsoft Adcenter and Adbrite. I had ZERO prior experience with paid placement in search engines. If you missed my adventure you can check out this post here and the 2nd part here.
Ok thats my thoughts on SEM … As for SEMPO I had always had bad experiences with SEMPO people (being solicited through email and in person from dirt bags using the SEMPO name). I have always refrained from speaking negatively in public about the group simply because I hardly know anything about them. That and I have some friends that I respect who are in SEMPO and rave about it. Anyway Greg points out how their chairman is using his position to push his own products and agenda. I met Dana Todd in Chicago and she seemed to be pretty cool. I wonder what her thoughts are on this.
Anyway you have to read Gregs Post Here. He does not post much but when he does its always worth the read.
(No Ratings Yet) Loading ...
Google Quality Score Beta
I really like the new quality score display on Google Adwords. Now you can see instantly what your quality score is. No more guessing if your price is due to a crappy landing page or if the market just commands those prices. I will write on this more as I get more experience with it.
Check out this screen shot (not mine).
I would post some of mine but I believe its against the TOS in beta testing.
Edit: After finding this forum post it seems not everyone was invited to the Adwords Quality Score beta like I first thought….
(No Ratings Yet) Loading ...
Happy Hollidays From My Family To Yours
Wherever in the world you are I wish you a happy, safe, holiday from my family to yours
(No Ratings Yet) Loading ...
Pubcon Video Fom Mediadonis Marcus Tandler
My Good Friend Marcus Tandler came all the way from Germany to goto the 2006 Las Vegas Pubcon last month.
Here is his video from the event. It is a MUST SEE.
Featured people on the video - Me, Jenn Slegg, Shawn Hogan, BOTW, Matt Cutts, Todd Malicoat, Adam - ShandyKing, Chris Boggs and many more 
(No Ratings Yet) Loading ...
10 Reasons Why Microsoft Will Aquire Yahoo In 2007
Microsoft sat back while Google showed everyone how to take a search engine from 2 kinds having fun to a top 20 American company. How did they do it? Well just look at their revenue numbers and you will see a massive percentage comes from the Adwords & Adsense products. Now Microsoft is trying to get into the online advertising game but can they hope to compete without acquiring Yahoo and their volume? I think Microsoft will make a move at Yahoo and its going to happen in 2007.
Here are 10 reasons why:
1. The search algorithm… duh… Microsoft’s horrid search algo is by far the single biggest problem that Microsoft has right now. The problem is that when there are no users using the search engine then there are a ton of ads that never are shown. If Microsoft were to acquire Yahoos search algorithm this would be a GIANT step in getting users back.
2. Overture Yahoo Search Marketing. Microsoft used to broker every thing through the company formally known as Overture for showing ads on msn.com search. They are now trying their own company but its chugging along at a very slow pace. Most advertisers like Microsofts Adcenter but agree there is just not enough volume from its search engine (see #1).
3. Yahoo Publisher Network - YPN IMO is the best contextual advertising network there is. They have a great quality control team and also a REAL PHONE NUMBER THAT REAL PEOPLE ANSWER if you have contextual questions. Nobody provides the level of customer support in regards to contextual advertising that Yahoo Publisher Network does.
4. Flikr - Again Microsoft may have a similar product but the volume is here. Boom another zillion people to market to.
5. del.icio.us - While Google is signing up or buying all the 2.0 advertising space Microsoft can acquire a huge name right here.
6. The People - Microsoft has tons of stale old people who do not understand this new industry. They are starting to just now contribute to rival open source projects like Zend and Mysql. Acquiring Yahoo people like Jeremy Zawodny (who wrote a book on Mysql and also contributed tools to the project). Microsoft realizes that they are not only losing ground in the search industry fast but they also lost market share in server technology to Zend (PHP) and other open source products. If they want to keep their market share with Windows Server I think bringing in a lot of these brilliant Yahoo developers would keep them on the right track in making sure they integrate well with the open source items.
7. Video - Between Yahoo Video and Microsoft’s Soapbox They might be able to combine for a decent share of the video market. Why is the video market important - 2 words - video advertising. I took part in the beta test when Google did a trial run of video ads and then 2 months later they buy out youtube… ya… video advertising. Ad Volume ++
8. Community properties - Yahoo has yahoo groups whose numbers rival Myspace. Never heard of groups.yahoo.com ? Ohh yea you forgot about that huh? Instantly you have millions of people to show more ads to! Ad Volume++
9. Business Directory - Microsoft Just gave up there Business Directory efforts. Yahoo has always rocked it with their paid inclusion directory. Its by far the most respected business directory on the internet. Even at 300$ per year fee webmasters line up all day to submit there websites. Mean while Google’s Business directory is a laughing stock being powered by the corrupt DMOZ.
10. Yahoo Just cleaned house. It seems to me this makes a merger that much easier with less chiefs to merge.
Will it happen? To me it seems like a no brainer… If Microsoft hopes to compete in this new internet economy (contextual ads) they need a bigger chunk of the search market. Yahoo is the only option IMO.
(No Ratings Yet) Loading ...
Yahoo Search Marketing Credit Of $10,000.00 - Still Dont Think You Should Do PPC Analytics?
The worlds largest full service SEM agency, Pepperjam Search, was recently credited 10,000 for click fraud giving a “courtesy credit” from Yahoo Search Marketing for $10,000.00.
So how did they get the credit? Well you can read about the full story here. I HIGHLY recommend you read the full post.
On my radio show and in a few posts I have touched on how you need to do your own analytics of your ppc logs and this is why. Sure your probably not out 10k like Pepperjam was for invalid clicks but its all relative right?
I would be curious to hear how many people have gotten these “courtesy credits” for (insert whatever they want to say instead of click fraud here). You can be anonymous if you want. I know I have gotten a few of them but only when I submited a report that was OVERWHELMINGLY showing obvious invalid clicks.
So is this how it starts?
(No Ratings Yet) Loading ...
