Black Hat DomainerBlack Hat Techniques for Domains

As you’ve probably heard, Google recently announced it had suffered an attack on its GMail servers from China.

An Internet Explorer zero day exploit was to blame and now Germany and France are advising its citizens not to use IE.

The exploit used is called Aurora and is now on the lose all over the Internet.

Here’s a video on how it was done:

And here’s the source code: http://seclists.org/fulldisclosure/2010/Jan/285

Patrick made an excellent post about “ How to use fake news to promote a website”.

I really enjoy reading it as everyone knows that, but very few post about it. And even less post about how the Million Dollar Homepage was not a lucky strike but a very detailed laid down scheme.

You know I am free to talk about this, because almost unlike no other blogs, this one DOES NOT HAVE ANY ADS, so I am not trying to sell you any idea or any shit thing.

How do spot the faking “just got rich” news? You don’t, at least till they start to vainglory themselves on areas you are expertise on! I am lot into domains, as you know, and when some of those make-money-online-follow-me-I-am-the-best post the usual monthly record breaking earning report and split it apart by elements: adsense, affiliates, link ads, subscriptions, domains, and you see things like 50 parked domains: $5000 revenue, you roll on the floor laughing! If that was the case, that dude would be a well know domainer because he would have a portfolio of domains worth millions, lol! Jeremy puts it right: “When all else fails just lie”

Back to the Million Dollar Homepage, now what I, Patrick, you and everyone want to know from day one is who was the PR?! I want to hire him also!

I have done some research on this and I think it was a friend of his father and both he and his dad made it all out while Alex kept going to school and having a regular teenage life.

Of course PR secrecy was part of the scheme or else it would have not worked out the way it did. So we might never find who he really was, only the first journalists contacted know the truth.

Hey mister journalists out there, this would do a great story: “The million dollar homepage story uncovered”

You must register before the week is over.Use this link:

http://www.wordze.com/freekeywordresearch.php?roia=!YzUxMgBVAAAU60EAAh6Z

You have one month to scrap your favorite leywords.

IMPORTANT: Also don’t forget to go to netbilling.com and cancel your WordZe subscription before the 30 days are over. There no link on the WordZe dashboard to remind you of that. You can cancel the service right away and still be able to use it for a month, avoiding the risk of forgeting to do it later.

Yes, I must admit, this is a linkbait post. As you can see, this blog doesn’t have ads, I am not about the money, but I like the fame. So, here goes a very funny WordPress trick.

There is a vulnerability in Wordpress that makes use of a known feature called “Post Timestamp”, meaning you can write a post and set a posting date into the future; the post will only be displayed at that time.

The vulnerability, first released by Michael Brooks, also reported a while ago on Bugtraq and today on XSS news, allows you to see “future posts”, posts that are not yet ready for posting. This means you can know the future of your preferred blog.

And it works. For instance, tomorrow, ShoeMoney is going to post about UFC 79 Nemesis Matt Hughes VS George St Pierre.

http://www.shoemoney.com/?x=wp-admin/&paged=1

Update: Problogger is even funnier, with post for the 23th, 24th and the “Best of ProBlogger – 2007″ on the 25th. LOL.

This is massive. I wonder why no one has ever posted this somewhere.

Most domain registrars (have yet to find one that does) will not filter what you put on your REGISTRANT CONTACT INFO and WILL allow the script tag! Just try for yourself and rebaptize yourself as : John

As you know, being able to run scripts, the sky is the limit. You can be a hacker and steal document.cookie to hijack a session to get complete access to another domainer account or be a nice guy and put an entire cool game on your registrant contact info.

Keep in mind you will be injecting your own page, so you better use it to more harmless stuff like logging people’s visits.

Who is vulnerable? Many, many whois info grab pages, including Whois.net or registrar Dynadot.com.

Update: Dynadot fixed the xss, after some fuzz on some well known domainers forums. Others are still vulnerable.

Last, but not least, it’s not everyday you receive such a nice compliment from one of the top gurus ever!

Thanks RSnake!

Red.es just updated the list of blocked IDN.es domains. Most of them have the IDN.com still free. Nice cybersquatting opportunity, or what?

Here is the list.

infantasofía.es
infanta-sofía.es
sofíaborbón-ortiz.es
sofíaborbónortiz.es
sofíaborbónyortiz.es
sofíadeborbón.es
sofíadeasturias
sofía-borbón
sofíaborbón
sofía-infanta
sofíaprincesa
princesa-sofía
princesasofía
princesssofia
sofíainfanta
reinodeespaña.es
televisiónespañola.es
radiotelevisiónespañola.es
radionacionaldeespaña.es
radioexteriordeespaña.es
realacademiaespañola.es

Also, as a bonus, these are NOT blocked:

juancarlosdeborbón.es (King)
felipedeborbón.es. (Future King)
reinadoñasofía.es (Queen)
infantadoñaelena.es
infantadoñacristina.es
joséluisrodríguezzapatero.es (PM)

Yes, it is still possible, though very rare. That’s why you’ll have to use some scripting to help you out. Here’s how to do it. Use the Domain Hunter tool, from my friend The Web Professor and load yourself with a list of your favored top niche adsense keywords. You can find some on this blog, but they are everywhere, as you know.

Insert the keywords on the form, choose “3 or less words” and tick “Include hyphenated names” and “Check All Combinations”. Check the “.com” box also, of course. Wait some seconds and you’ll find a list of available domains.

Now, the real trick: look ONLY to the “Hyphenated Domain” column and scan for domains which are taken in the Hyphenated format but are still free on their non Hyphenated format.

Congratulations, you have found yourself a great adsense domain. Go build a MFA asap! Here are some examples:

enterprise car rental (86640 OVT)
carrentalenterprise.com FREE
car-rental-enterprise.com TAKEN

credit card offer (93754 OVT)
creditoffercard.com FREE
credit-offer-card.com TAKEN

Hurry up, while OVT lasts.

For long the PageRank toolbar has been reallocated from the search engine department to the play garden (serious), where they have those legos and giant balls and where staff goes to have a break, relax and have some fun.

Inside sources have confirmed me legos have been put aside this last couple of days and that people are really having fun with the toolbar. You think I am not serious? Let me spoil some of the next laughs: They hade downgraded John Chow, but not Shoemoney. Next week, it will be the inverse. And a week after that, John Chow will have PR3 one day and PR7 the next day and back to PR3 again, two days after.

Four months from now Google will come out and say: “We had told endless times before the green bar was not to take into account, but no one (Text-Link-Ads, ReviewMe, SponsoredReviews) seems to listen, so we had to take stronger measures. It was the only way we find to make people take us serious.

A friend told my they were inspired by this episode of the Office:

UPDATE: Four days later, I can now say I was absolutely right! Just change Shoemoney for ProBlogger and the text up there is almost 100% correct!

You might recall the most famous Google bomb of them all: “miserable failure“, that linked to George W. Bush’s White House biography, when you searched Google.

Well, now it’s Sarkozy, and so far, it seems no one is to blame. Load Google translate page and input the strings below (one at a time) on the French to English translation:

“sarkozy sarkozy sarkozy”
“sarkozy is chirac”

Very cute, isn’t it? Does this opens a window for SEO “translation” building?

I mean, the method is the same as link building on anchors, we just have to use Google LSI here. Any takers on the best tricks to use to make Google machine associate two foreign words togheter? Maybe two pages with title and keywords stuffed all over one on en.yourdomain.com and the other on zh.yourdomain.com? Let’s try it for long tail keywords and see how it works out.

I would to love have “Viagra” translated from Chinese to English into my own keyword: “Viiaagrish”. Which turns out to be my own domain Viiaagrish.com, with Viiaagrish title and keywords all over it. Dead easy to get Google top.

Since all the [dot]com gems are long taken, there’s only one way to nail a good new domain now-a-days: spotting the latest trends.

The first day I learned about Google new Hot Trends feature, I knew it was the perfect place to run a script on an hourly cron job. There’s even an xml feed included to make scrapping easy. (Although I find it later to have only one item with all the keywords)

It went down to my “to do” list. This week-end I was boring and decide to code it. To my surprise, domain kitters were already abusing the system as hell. Oh well, what was I expecting?!

It popped into my eyes, the moment I notice this fresh regs:
Athenianlawgiverwhointroducedtrialbyjury.com
Whowasamericasfirstpresidenttobeimpeached.com