Web Application Security Forum - Search Engine Hacking and SEO

submit your article here (no replies)

zigyasu — Wed, 04 Apr 2012 14:51:51 -0500

I am going to share a new site with you guys to submit your article for get traffic and get rank in Google. Just follow it from here...

DDOS for hire (2 replies)

Samsel — Mon, 18 Jun 2012 19:00:32 -0500

I'm a newbie here (obviously) and not trolling with this question. sure, illegal activity is not cool on a forum like this. But I was recently flame-roasted on a forum and i would love to get sweet evil revenge.

They're running IPB software and I want to destroy them completely. Can i get someone to hack their site or DDOS them for 30 days ... and get away with it?

Let me know,.

PS - if this post is against rules here, just delete it and let me know. I'll stop. But don't ban me. I am looking to participate in other parts of this forum.

thanx!

Online credit card processing is efficiency of your business (2 replies)

antony2834 — Fri, 06 Apr 2012 05:14:59 -0500

I spam, but feel free to hack me

hxxp://ninthspaces.com/

Tel: 0086-18927432375
MSN/E-mail: antony2834@hotmail.com or Skype: antony2834

jackyin1988@yahoo.com

Domain Name ..................... ninthspaces.com
Name Server ..................... dns19.hichina.com
dns20.hichina.com
Registrant ID ................... hc009166315-cn
Registrant Name ................. LIANGCAI ZHONG
Registrant Organization ......... Shenzhen Ctoall Network Technology Co.,Ltd.
Registrant Address .............. MeihuaRoadNumber105Floor9FutianDistrictShenzhen
Registrant City ................. shenzhen
Registrant Province/State ....... guangdong
Registrant Postal Code .......... 518049
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.075525841624 -
Registrant Fax .................. +86.075564242299 -
Registrant Email ................ cs1@ctoall.com
Administrative ID ............... hc009166315-cn
Administrative Name ............. LIANGCAI ZHONG
Administrative Organization ..... Shenzhen Ctoall Network Technology Co.,Ltd.
Administrative Address .......... MeihuaRoadNumber105Floor9FutianDistrictShenzhen
Administrative City ............. shenzhen
Administrative Province/State ... guangdong
Administrative Postal Code ...... 518049
Administrative Country Code ..... CN
Administrative Phone Number ..... +86.075525841624 -
Administrative Fax .............. +86.075564242299 -
Administrative Email ............ cs1@ctoall.com

Google Ad Sense Message Boards Fraud (6 replies)

newo2020 — Sat, 30 Jan 2010 07:14:18 -0600

Google Ad Sense is when a web site owner opens an account with Google to place advertisement on their web site. When a person clicks this advertisement, the web site owner gets an average commission of .45 cents. A web site that gets a lot of traffic, they can easily make $150,000 per month.

There are message boards claiming to be informing the public about scams being done by companies or individuals. These web sites have individuals working for them for the sole purpose of targeting companies or individuals in order to generate traffic to the web site. This method is artificially generating traffic to the web site, this is FRAUD as outlined by Google. The higher the traffic, the higher the percentage of individuals that will click onto the Google advertisements.

Additionally, Individuals post copy right information about a company on these types of web sites; this is against the policy of the Google Ad Sense program.

If you believe that you are being targeted by individuals on a particular web site; simply click the Ads by Google in the bottom right hand corner of the advertisement on the web site. You will be taken to a Google page, click onto: Report a policy violation regarding the site or ads you just saw

File a report and the Google Fraud Department will investigate

SEO for pictures? (6 replies)

cathu2 — Thu, 11 Mar 2010 14:05:18 -0600

While everyone is clamouring to be best ranked for sites, what about pictures? Most SERPS have several filter options like blogs, pictures, news etc. And they all link somewhere.

What do you think of targeting picture rankings? Let's say the first page for "dogs" has 10 of your pictures, going back to your site, would that be equal to being ranked #1 for "dogs" for sites?

Free scripts ned (2 replies)

terry31 — Thu, 07 May 2009 12:59:40 -0500

Please. Advise free scripts for work with keywords.

_________________________________________________________________
Steel Garages
find a quick date

SEO Services needed (9 replies)

cameron2212 — Wed, 18 Nov 2009 23:42:59 -0600

My name is Cameron Sharpe CEO of TheRelationshipCompany.com.I am running a dating website. We are looking to get our site updated and wish to hire an SEO specialist to do the necessary work to get us higher rankings. Looking for the right candidates for SEO work. Prefer someone who have the good knowledge of search engine as well as adwords with good experience and handle the clients need and fulfill them, if you have any information & want to share with me.

You can contact me at:
Cameron.Sharpe@TheRelationshipCompany.com

I welcome you to visit my website at
url=http://www.TheRelationshipCompany.com Dating and Matchmaking for Singles – The Relationship Company /url - edited because it's spam.

Firefox 3.0.5 Status Bar Obfuscation / Clickjacking (1 reply)

transitt — Mon, 01 Feb 2010 00:29:21 -0600

Enjoy!

*Transit
__________

onmouseover="document.location='http://www.tranXX.com';"
style="position:absolute;width:2px;height:2px;background:#FFFFFF;border:0px">

Status Bar Obfuscation
/ Clickjacking

By MrDoug

Click the VALID link to
google below to visit milw0rm.com

style="font-family:arial;font-size:32px">http://www.google.com

Greetz to Slappywag

Note this...

|

V

Highest PR page with XSS (6 replies)

MustLive — Wed, 25 Nov 2009 23:04:29 -0600

What the highest PR page with XSS vulnerability you have found (PR1, 3 or 5 :-)) and what the highest PR page with XSS vulnerability which you know (PR3, 5 or 7)?

In 2007 year during my project Month of Search Engines Bugs I wrote about XSS hole at www.hotbot.com ( http://websecurity.com.ua/1002/ ) with PR8. It was a dream for SEO guys (and I made this dream came true). This was my previous record ;-).

And yesterday I presented new XSS hole at the highest PR page (and made my new record) - Cross-Site Scripting at sourceforge.net ( http://websecurity.com.ua/2800/ ) with PR9. So new dream came true.

Take a look at it ASAP, because soon I'll inform admins of sourceforge.net about the vulnerability.

Wordpress 2.3.3 Hidden Links Injection Exploit (2 replies)

klaus — Thu, 27 Mar 2008 06:03:31 -0500

wow. I want this! Any clue on how it's done?!

clues:
http://creativebriefing.com/wordpress-hacked-googlerankinfo/
http://www.shoemoney.com/2008/03/21/wordpress-233-hidden-links-injection-exploit-and-how-to-not-let-it-happen-to-you/

help! Can't make my new site rank better (2 replies)

BJ Dawn — Fri, 21 Nov 2008 10:54:21 -0600

Hi friends,

Just finished my new private site, and I'm completely clueless about how to make it appear before the 7th page of Google. I read a lot of stuff but it seemed too theoretical, so when I gave up and called a real SEO company they wanted amounts I cant afford!
I searched for help in Google and found this, hope to get some realistic and practical answers.

Can anyone help with some tips how to promote my site?

Thanks
BJ

How to have a CTR of 100% with AdSense (45 replies)

sirdarckcat — Fri, 20 Nov 2009 14:31:58 -0600

Well I dont know if this goes here.. if it doesnt... sorry.

http://www.sirdarckcat.net/asdfg.html

:D

CSS r0x!!

Greetz!!

FeedBurner exploit (5 replies)

klaus — Wed, 16 Jan 2008 10:41:30 -0600

How come Johh Cow and Show Monkey know about this and we don't?!

hxxp://www.johnchow.com/new-blog-milestone-14000-rss-readers/

I cannot tell you the exact method Shoe employed because I promised to keep it between us, but basically he found a bug while studying FeedBurner and exploited it.

Spoofing mail with Gmail? (3 replies)

Anonymous User — Sun, 14 Feb 2010 18:26:05 -0600

Mail headers:

Return-Path: hax0r@gmail.com
From: "hax0r"
To: spoof@mail.com
Received: by smtp.google.com with SMTP id xxxyyy for

Note that email actually arrived to "user@mail.com" and not to "spoof@mail.com". Anybody heard about some mad Gmail spoof-ninjutsu tricks? I tried few things like creating contact with name "spoof@mail.com" and primary email "user@mail.com", but does not work. Both addresses are displayed in headers:

To: spoof@mail.com

Any ideas?

New PageRank helps blogs (12 replies)

sirdarckcat — Mon, 22 Mar 2010 05:12:48 -0500

Well, the newest blogs on the scene, that I know about are giorgio maones, and mine.
Giorgio has PR6 and I have PR5.

And some sites like syndk8.com has PR4..

Do you know why?

This is strange, at least for me.. :/

xeoo (3 replies)

klaus — Mon, 10 Dec 2007 09:07:48 -0600

This puzzles me. Try searching for sla.ckers.org on www.xeoo.com and you'll a nice page of tons of permanent links back. But what puzzles me is they are using links with an overture redirect exploit and encoded. WHY? How can you profit from that?

Google=Music (1 reply)

Dro — Sun, 19 Aug 2007 16:07:50 -0500

"anything music related here" intitle:"index.of" "parent directory" "size" "last modified" "description" [snd] (mp4|mp3|avi|ogg|wmv|mov) -inurl:asp -inurl:(asp|jsp|php|html|htm|cf|shtml) "

indexes of music and more

Understanding Indexing. (3 replies)

Anonymous User — Sun, 15 Jul 2007 16:50:46 -0500

This is quite strange, when my site shows a "under construction screen" Google is indexing the index, but strange enough I get strange traffic a couple of days later.

People searched for: "Family guy now"

Guess what? with that page I got Google position 1 on 75.000.000 websites next.

I have a theory, one include that if the page is smaller (or the smallest) it will popup first in the Google results because it weighs more if Google can find information more quickly, Other then that, the page had only 1 sentence nothing todo with "family guy" So there must be another calculation going on,

Strange huh? I cannot figure out why I'm on top of the stack with this query, on this particular page: http://www.google.com/search?hl=en&q=family+guy+now&btnG=Search

Google dorks (2 replies)

d3hydr8 — Fri, 24 Aug 2007 19:51:03 -0500

I try and find dorks for the latest exploits and post them on my site for fun at http://darkcode.h1x.com/dorks.html

Here are the 2 latest:

dork: inurl:/xmlrp.php intext:"Warning:" intext:"wp-config.php"
exploit: http://www.milw0rm.com/exploits/4039

intext:"Software PBLang" inurl:"login.php "intitle:log in"
http://www.milw0rm.com/exploits/4036

bypassing search tracking via onion routing (6 replies)

tx — Mon, 13 Aug 2007 01:08:45 -0500

I got into this discussion and I would like to hear some of your comments on the feasibility of this:

user goes to mysite.com
mysite.com serves a search page
user submits search query to mysite.com
mysite.com submits query to google web service via a tor-like network
google returns results for the query and logs whatever they choose
(the logs will of course reflect the IP of the tor exit node, and not the mysite.com server(s))
mysite.com scrubs any ads from the content and anything else undesirable and displays the results.

Result:
User has queried google. Google's logs reflect a bunch of tor exit nodes as opposed to the IP of the user or mysite.com

The end goal is to avoid all google ads and tracking mechanisms, and to prevent searches from being correlated to you as a user.

P.S. I'm aware that this is tinfoil hat overkill

Google url text... (6 replies)

larkadragon — Sun, 03 Jun 2007 20:13:54 -0500

I use Mozilla, probably for all the wrong reasons, which has it's own little integrated google search box beside the url-box.

During a search for guinea pig rescues I learned two things, first that some rescues have a surprisingly high adoption fee and that the url changed from "google.com" when I entered my search.

The first using google.com was this:
http://www.google.co.uk/search?hl=en&q=guinea+pig+rescue&btnG=Google+Search&meta=

However, when I used the one embedded in Mozilla I was shown this:
http://www.google.co.uk/search?q=guinea+pig+rescue&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a

I'm a curious being so after using the search box integrated in mozilla I searched the same thing again on googles actual page and I got a long winded:
http://www.google.co.uk/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-GB%3Aofficial&hs=3Jx&q=guinea+pig+rescue&btnG=Search&meta=

Why is this? Why does google have to know that firefox is being used to search? Can this information be used in a way that would upset me?

Google Adsense Spam2 (1 reply)

bodil — Sun, 15 Apr 2007 01:49:32 -0500

Hello, im new here. As i was writing a question in the "Google Adsense Spam" thread i realized, that this is off topic and too long and it would be better off in a new thread.

I im just wondering, how can google and other companies protect themselves against fraud? I mean all that they can monitor as far as i know can be spoofed except the ip. Consider this scenario:

The attacker gets IP's (people to visit his url though invisible iframes) through defaced sites (not visible defaced, it might take ages for someone to notice), making a worm on big easy to XSS communities (like myspace/youtube) or send a lot of spam (like: The new addition of the my little pony newsletter, click here to unsubscribe). Or maybe (i dont know if this would work) he could simply do some CSRF with avatar pictures or stuff like that and do .htaccess to get the referrer right. If this is not possible flash could be used instead (although not on nearly as many sites) to spoof the referrer.

Also, i can see one way that the "sponsor" or whatever you want to call it, that gets the "hits" can recognize that some thing is wrong, because the users only requests the front page and only once. Then again, if you change the redirect site (that is opened in a hidden iframe)to put random keywords together with every request, then the "oddness" of the user always only requesting the front page would be spread over a lot of different pages.

Of cause google will know about this, if your account one day has 0 hits and half a mil the next. But you could create a page that looked like an online game site for example. Then have the top news item say "Due to an huge rise in popularity subscription has been closed for the rest of this season". And the next news item could say something like "SuperGame9000-UltraWarZ hits 2million users!". And then start using Adsense AFTER you have people start coming to your site.

And lastly the redirect script should have a maximum of users to redirect each 30 min quotas based on the time of day and claimed amount of users. If you were to use one day instead of 30mins then the google logs might end up showing you having a lot of clicking all morning but 0 clicks later. Of cause the maximum number of clicks should be random, but within 10% of the amount that fits the traffic for that 30mins of the day (and the amount should be rising very slowly). At last the redirect script should randomly (not totally randomly) redirect to other redirect scripts named stuff like "heroladder.php" and every other name that the game page you try to impersonate would have, so that the referrers look good.

Sorry this is too long, i just kind of brainstormed while writing and this looks like a guide, but its not. Its a question: How can any advertising company guard themselves from this?

b0dil

1 april joke or hack? (5 replies)

blad3 — Thu, 05 Apr 2007 22:32:33 -0500

http://www.mattcutts.com/blog/

Google Adsense Spam (24 replies)

jungsonn — Sat, 21 Nov 2009 10:12:42 -0600

After someone did some rigorous spamming on my blog, I thought of an idea and like to know if this already is being done.

I have adsense on my blog, and the thing is I did had adsense on some sites a few years back, little that I know I clicked on it myself a couple of times because i was interested in some ad I saw. Then, Google blocked my account and held me for fraud. (pretty rediculous) cause I did had interest in some service I saw on my own ads.

Now, is it then possible to click a couple of hundred/thousand times on someone elses ads? and there get there account blocked? Like I go click a couple of hundred times on RSnakes ads, will he get banned then?

Not that I will do this, But I want to know if this is the case, anyone some info about it?

The Anatomy of a Large-Scale Hypertextual Web Search Engine (no replies)

digitalIllusionism — Mon, 26 Mar 2007 15:27:29 -0500

For anyone who may not be familiar, The Anatomy of a Large-Scale Hypertextual Web Search Engine is the original documentation on Google, by the founders of Google, abundant with information unavailable in Google guidelines. I think the central concepts are all still valid. The original Google was at google.stanford.edu.

Edit: IMO, almost anyone is 10,000x better off on Google the legit way. Maybe 1/100,000 sites rank high on viagra related queries but practical queries that make top 10 will manually be removed by Google fast. phpBB signatures with key phrases in anchor text appeared to really damage the rank of someone I know. It seems obvious that's what caused the decline but I can't technically prove it.

Beating google suggestions (1 reply)

Spyware — Sat, 10 Mar 2007 10:58:26 -0600

How can I beat google suggestions? Does it take an amount of searches or something?

General SEO Questions (12 replies)

Awesome AnDrEw — Fri, 12 Mar 2010 17:00:00 -0600

I've never used my own personal site(s) as a way to generate revenue for myself, but I wondered is it worth it? What types of sites normally turn a profit, and what type of income, or outcome, can I expect? I'm not one for whoring out my site with bombardments of ads so what do you suppose the best approach be?

Question! (9 replies)

jungsonn — Wed, 11 Apr 2012 00:13:00 -0500

Okay not hacking stuff but a SEO question:

A client of mine has frameset sites, it nees to stay that way. Okay, he says that its not good for SE's for indexing. But this sounds strange cause my first site: jungsonn.com is also a frameset, with pagerank 3.

I read so much info and everybody says different stuff.

So who is right? are framesets index? I think it does, like the case of my first site, which is a framed forward. hope there is someone who can shed light on this issue, mainly to backup my story.

Strange search keyword (3 replies)

kishord — Wed, 07 Mar 2007 19:23:16 -0600

Hello all,

I got following url in one of the referers
http://www.google.lv/search?hl=lv&q=%5Cr%5Cn%25s%2F%25m%20%28%25h%29%20%28%25t%29%5Cr%5Cn%5Cr%5Cn&btnG=Mekl%C4%93t&meta=

Someone searched for \r\n%s/%m (%h) (%t)\r\n\r\n

Does this look like a malicious search attempt. Any guess why someone would search for it?

Google bot crawling CSS & JS (2 replies)

blad3 — Tue, 09 Jan 2007 15:43:45 -0600

Found this interesting article. It seems that GoogleBot is starting to request CSS and JavaScript(JS) files.

http://ekstreme.com/thingsofsorts/seosem/googlebot-requested-a-css-file

Another article on the same site (an older one)
http://ekstreme.com/thingsofsorts/seosem/google-now-recognizes-javascript-links-as-backlinks