You’re a Black Hat Seo? You’re going to jail: security industry sees Black Hat Seos as criminals!

Posted by k | Posted in Uncategorized | Posted on 18-04-2010

So you think you’re a real Black Hat Seo? Then, what does “SEO poisoning”, “SEO poisoned page” or “blackhat SEO kit” means?

Well, that’s what the other side calls out little tools. Here’s a translation so that you can read here or this nice new report from Shopos here: http://www.sophos.com/sophos/docs/eng/papers/sophos-seo-insights.pdf

  • SEO page: Keyword optimized page
  • SEO kit: Auto content creation script
  • SEO poisoning: SEO optimizing a page
  • SEO poisoned page: SEO optimized page
  • Search engine crawler: Spider bot

Hey, Shopos,CA: Black Hat Seos are not crooks. 95% of the Black Hat Seos I know of don’t do malware. The security industry is looking at this in a completely wrong “poisoned” perspective.

These crooks are using Black Hat tools to get traffic, to find people, that’s all. Just as they are using everything else on the net that can bring them people, like mail spam, torrents, emule, instant messaging, whatever. Unless you think mail or IM are evil also?!

They are just playing Google. Why don’t you blame Google instead? You easily blame Facebook when it allows shitty app to spread malware. Now why is Google different? Not in traffic size, last time I checked.

They have created “Black Hat Seo” categories on their security blogs alongside with real bad stuff like Rootkits. I have to be honest in the end I can still take some advantage from this. I have subscribed to their RSS feeds and learned some new tricks, like the fake PDF which is a simple HTML with links (EVIL!), and that has been used lately to gain link juice from Scribd.

Security experts please realign your ideas correctly: one can put links anywhere, one can drive traffic for those links in many possible ways, what matters is what’s on the other side of those links!

The Secundary Domain Market is a Giant Ponzi Scheme Pyramid

Posted by k | Posted in Uncategorized | Posted on 10-02-2010

Unless you’re an investor on top keywords domains, like sex.com, business.com or any great one word keyword dot com, with true marketable value and decent type in revenue, this post is for you: this means 95% of all domainers out there. So, why are you on a Giant Ponzi Scheme Pyramid?

  • 1.You’re buying air based on fantastic future promises
  • 2.You get in lured by the successful stories of others
  • 3.You’re fattening the ones on the top of the pyramid
  • 4.You can’t easily get out. (Liquidity trap: You can’t sell your portfolio at any time for the same value you get it)
  • 5.You try to get new blood to the pyramid convincing your friends how great the domain business is
  • 6.You end up selling air to others to cover your losses (And you might even enjoy doing it and keep going)
  • 7.You keep dreaming of being as rich as the religious mentor sitting on the top of your pyramid

Sounds familiar right?! This Domain Market Giant Ponzi Scheme main idea is to squeeze money from newcomers. Every new “revolutionary” platform serves only to better achieve this purpose. Firstly to the owners of those platforms, next to their friends and relatives and finally, while and if the scam is still convincing, to their network of interests.

Take for instance BIDO, don’t you ever think: “why are they listing this crappie name and constantly refuse to list mine’s”? Domainfest, Mardigrass, or the last platform everyone is blogging about: bargaindomains.com. The idea is to sell domains with huge discounts, like 90% off and even more. Excuse me, but, 90% off of what? 90% off of ESTIBOT valuations. Everyone knows ESTIBOT valuations suck big time, except newbies, of course. Another great example is eBay, being the latest trend there to sell IDN domains that look like English domains. That’s the ultimate fraud, I tell you. Just go to eBay and search for “IDN”.

Joel Comm recently spoke out the real truth about internet marketing:

My associate and I were stunned when the promoter told us that the attendees to his event were always looking for the next big thing and that it was like he was selling crack to them… providing their next fix. He made it clear that he didn’t expect them ever to make any money and he was fine with that

This is exactly what the top gurus of our industry think about you, yes YOU. Behind closed doors on those famous conferences. I bet one day we’ll have our “Joel Comm” revelation.

Therefore my advice is: when you buy a domain name, any name, for more than reg fee, you’re being swindled. You can buy a “great” name for $100 and never, ever on your life be able to sell it again. In the meanwhile, you will be supporting ICANN investments on the stock market and Bob Parsons’s Playboy girls, with the reg fees you’ll be adding every year.

Don’t buy the domain names are like virtual real state bullshit. Would you pay billions to own “Pittsburg” (Real Estate) if you could own “PittsburgAB” for $8, and construct exactly the same house (website) and have almost the same number of people visiting? (Same Rank on Google) I know, I know exact domain match is a big plus, but my point is that IT CAN be done!

Buying .com domains was a great investment to enter, in 1996. Buying IDN domains was a great investment to get in, in 2001. .mobi or .me domains were great investments to get in, if you were a partner on the company launching them. If you let those times go, don’t go chasing ghosts, and don’t buy the crap talk.

So, why am I domainer, you may ask. Go read this blog’s title: Black Hat Domainer. Keep tuning in, as I’ll be posting next how you should successfully ride this highly distorted domain market tide. Highly distorted markets are markets were you can profit a lot, if you know how to properly do it. The level of distortion is proportional to the number of people who have real awareness of its distortion. Welcome to the other side. Most top domainers are black hats. Halvarez rings a bell?

Javascript FaceBook Auto Friend Add for iMacros

Posted by k | Posted in Uncategorized | Posted on 28-01-2010

Black Hat SEO used to be about link building, the more the best. Now it’s all about friends.
Even Google, on its search pages results, now shows the tweets from the people with more followers on top.
It’s crucial to start working on gathering a lot of friends, the black hat way, of course.

Here’s a simple Javascript you can use on iMacros to auto add friends from application walls.

Open the file and change the configuration settings. It’s pretty easy to run.
This works best if you create the Facebook accounts with sexy female names and pictures.
You should also play a little of Mafia Wars or the Facebook application you choose to attack, prior to running the script.

As a bonus tip, you can also find the big groups dedicated to that application and use that id on the script. Don’t forget to change the mobInviteMessage to something like “add me lvl xxx”. (lvl means level and xxx is a number)
For instance, for Mafia Wars: http://www.facebook.com/group.php?gid=77452967759 or 92696586274 or 123756645559

And the best part of this is that they will be the ones inviting you to be their friends and not the opposite, so, you’re in peace with Facebook!

Get the file here: FaceBook Auto Friend Add

Aurora, or why German and France are banning IE

Posted by k | Posted in Uncategorized | Posted on 18-01-2010

As you’ve probably heard, Google recently announced it had suffered an attack on its GMail servers from China.

An Internet Explorer zero day exploit was to blame and now Germany and France are advising its citizens not to use IE.

The exploit used is called Aurora and is now on the lose all over the Internet.

Here’s a video on how it was done:

And here’s the source code: http://seclists.org/fulldisclosure/2010/Jan/285

A domain to link bait: real world example

Posted by k | Posted in Uncategorized | Posted on 15-01-2010

As I don’t have time to do this today, maybe some of my readers can try it.

  • Register this: HumanLamb.com (its free as I am typing this)
  • Scrap and rewrite this: http://www.dailytelegraph.com.au/news/sheep-gives-birth-to-human-faced-lamb/story-e6freuy9-1225819071357
  • Send to Digg.
  • Buy 50/75 Diggs.
  • Wait
  • Change content / 301
  • Profit.

twitter

Posted by k | Posted in Uncategorized | Posted on 26-11-2009

Just a quick post to announce I am on twitter now: http://twitter.com/BlackHatDomain

Setting cron from PHP

Posted by k | Posted in Uncategorized | Posted on 20-11-2009

When you do a web search for cron and PHP, you always find how to run PHP from cron, but there’s no info what-so-ever on how to set cron from PHP.

Doing BH means dealing with a lot of automated tasks. Automation on PHP means cron: crons that run scripts that do web spidering, process data, scrap content, auto post, you name it.

Doing REAL BH, requires more complex scripting: scripts that dynamically change the cron: that’s to say change the cron table according to external conditions, found by the script itself.

It’s not rocket science, and you only need to know two things:

  • 1.To format a classical unix timestamp to cron, you need to use this: $cron_formated_date = date("i H d m *", $timestamp);
  • 2.To set a cron from PHP, you need to write the above + the command to call to a text file and call shell_exec ("crontab /home/user/mycronfile.txt");

Knowing those two tricks, you’re free to create anything.

Adding a new line to your actual cron table
$comandstring = $cron_formated_date." /usr/local/php5/bin/php /home/user/myphpscript.php > /home/user/myphpscriptoutput.txt 2>&1";
$actualcron = shell_exec ("crontab -l");
$newcron = $actualcron."$comandstring\n";
$f = fopen ("mycronjobtemp.txt","w");
fwrite($f, $newcron);
fclose($f);
shell_exec ("crontab /hone/user/mycronjobtemp.txt");

How do I delay my cron 15 minutes?
$temp_cron_date = date("Y-m-d H:i:s", $timestamp);
$new_cron_formated_date = date("i H d m * ", (strtotime("+15 min", strtotime($temp_cron_date))));

How do I list my cron table?
shell_exec ("crontab -l");

How do I clear my cron table?
shell_exec ("crontab -r");

How do I reset my cron table?
Save the crons you always run to a txt file and load that file to the cron table to reset it.

How do I create random crons?
I leave that to you.

Why are random crons very important?

  • 1. Because Google is smarter than ever and will detect your auto content feeding pattern. (Unless you make a clever use of WP and postpone your posts on a random base)
  • 2. Feeds where you’re getting the content from detect your pattern and ban your IP. It has happened to me reading RSS feeds from major newspapers.

Domains + Botnets + Parking = $$$

Posted by k | Posted in Uncategorized | Posted on 21-10-2009

If you subscribe to this blog, you know I don’t post frequently. And I like it that way. Some say you have to post regularly or else you’ll lose your subscribers. I don’t agree.

I have unsubscribed blogs before not because they don’t post but because they post too much. They post everyday because they have to and not because they have something to say. To them I say: Our time is precious, stop regurgitating the same thing over and over. And there are a lot of those out there on the SEO area.

Unveiling real unique good black hat info is always a dilemma. You’ll keep your readers happy but you sentence to death the method exposed. It will only last on the direct proportion on the number of readers you have, and how pro-active they are. That’s also why black hat blogs don’t get a lot of link love from their readers: the smaller the number of people who knows about it the best.

Congrats, you’re one of the few who reads this blog, as today I am going to unveil a technique you have never ever read anywhere on the Internet before. It has been used by black hatters for some time now with great success.

Its success comes from three main factors:

  • - you can implement it in 10 minutes and with almost no tech skills
  • - you can earn a lot of money, passively!
  • - no one can accuse you of black hat schemes

As you know, since spam started bringing people to jail, professional spammers have turned their attention to other methods of spamming: posting on blog comments and forums.

XRumer is often designated as the top tool to do it. But it is not. It pales compared to using botnets of zombies. There are even IRC channels fully dedicated to botnet renting.

I am not endorsing these practices anyway. I am just pointing out they exist and we are going to profit from them.

Here’s what you need to do:

  • 1. Install some forum software, the older the best: phpbb, punbb, smf. Any of those will do. Make life as easier as possible to bots, disabling CAPTCHA and other similar functionalities. Real old forum scripts don’t even have them.
  • 2. Let the word know about your forum, but don’t use spam techniques. Just register on some directories. Optionally you can simple do nothing and wait. The previous step was just to speed up the process. Soon you’ll find your forum full of spam posts. Don’t worry its part of the plan. Let the spam bots feel at home.
  • 3. When you think there’s enough activity, park the domain. That’s all. You can easily earn $50* or more daily from each of your domains. This value will decrease as bots will lose interest on your forum. When that happens, it’s time to put the forum up again…

You see, most of these bots are using zombie computers to spam: so, it’s not easy for the parking companies to indentify it as spam, since there’s not a proxy, a TOR node, or a gateway IP to put against their db of spam hosts. The smaller the Parking company, the less protected it is against this. So, parking companies take note.

If they ever contact you, what should you say? Easy, that you had a forum once (take some time to configure it so that it will look real), lost interest but kept it online. Recently you have discovered it was being taken over by spam bots and decide to remove it and park the domain.

Sure, there must be a lot of fraudulent clicks but you’re absolutely covered and cannot be blamed.

Last, but not least, and this is the best part: even your parking company can profit from you and have nothing the ad provider can point on them, as they were just parking your domain.

Yes, it’s the ad feed provider responsibility to detect and invalidate the fraudulent clicks. So, in the end, you are cheating the big sharks, so sleep tight at night. I can assure you those values are already being assimilated on their balance sheets.

* Aprox value for 10000 spam posts, 50% conversion ratio (yes, it’s that high as bots click everywhere) and 0, 01 clicks (expect this to be real low).

eBay (inadvertently) reveals secret code to detect cookie stuffers

Posted by k | Posted in Uncategorized | Posted on 21-05-2009

Patrick, from Blogstorm posted about the recent filings in the eBay Inc. v. Digital Point Solutions, Inc. et al case whereby the plaintiff eBay Inc. alleged Defendants engaged in cookie stuffing to defraud Plaintiff. So far 80 documents have been filed in the case but the most interesting is number 68 which is the Second Amended Complaint against all defendants. Filed by eBay Inc.. (Eberhart, David) (Filed on 3/26/2009) (Entered: March 26, 2009).

Some quotes from this Second Amended Complaint which mentions Digital Point Coop Network are very interesting:

eBay placed a special “gif” image on the eBay.com home page. This special gif was served to any browser receiving an eBay cookie. eBay had observed that Defendants’ cookie stuffing schemes caused the user’s browser to be secretly redirected to eBay’s home page for only a short period of time—sufficient time for the cookie to be stuffed and little or no more.

The cumulative results of the investigation demonstrated that over 99% of the traffic directed by DPS and KFC during the time period of the investigation did not receive the gif image, and was therefore fraudulent cookie stuffing traffic.

This is very interesting for all you cookie stuffers out there: eBay has, in the past or still, used some code on his own page to detect fraudulent cookie stuffing.

What they reveal is the very common one pixel tracker method, but their tactics might have evolved since 2007.

So, forget about those fake image and similar stealth one time hit cookie stuffing scripts. On eBay you have to iframe load the whole page and preferably, do some random navigation.

How to create a Black Hat Seo Botnet

Posted by k | Posted in Uncategorized | Posted on 08-05-2009

Every REAL Black Hat Seo who lives up to its name has his own botnet, in order to easily link spam or social vote (among other actions). This post will teach you, in detail, how to build one of your own!

What these bots do is they receive orders and act accordingly. Either, visit a simple url, fill a form or click on a button.

So, what do you need to code? You need to code a bot that:
– Self extracts itself when running another program and quietly installs
– Runs hidden every time the PC starts
– Periodically checks a given URL for new orders
– Executes orders

There is however some ethic involved! What it DOES NOT do:

– No personal information what-so-ever is collected from the zombie PC. It means behaving better than most spyware and even G itself which calls home on Chrome with all your sexual fetishes.
– Absolutely no harm is done to the zombie. Even the resources’ usage is kept low. (memory and cpu)
– It will self-destruct in x days.

First select your language: Visual Basic, Delphi or C. Forget .net or C#. Anyway this post will be about what to call and where, so it’s good for all languages.

It is no longer possible (since XP) to hide (the easy way) an application from the service tab, so be ingenious on naming it. You can and should however hide it from task list applications. Doing this is easy on VB using Me.Hid. On C use SW_HIDE. When I say ingenious I mean naming it after something an average user will believe its part of windows.

First thing the bot does is to check if this is a first time run. If it is, then it must install. You do this by checking the registry key. If it’s already there, it’s not a first time run. Use wscript.shell to read and write to the registry. It’s the most reliable and safe way to do it these days.

You will create a key on \Software\Microsoft\Windows\CurrentVersion\Run so that it runs every time the PC starts. Don’t use HKEY_LOCAL_MACHINE, because you will need admin rights to write there, use HKEY_CURRENT_USER instead.

An important thing to notice is that you can’t use the string “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” on your app. It will get detected by most recent antivirus. There’s however a cool way to trick them: use some very simple encrypt algorithm and decode the string only at run time. A simple replacement on “o” for “0” will do the trick.

Back on track, if the key is not there, it’s a first time run and you must install. When installing you need to extract the program. You must also let the parasite program run. (They both are the same on this example)

Where will write the app to? Forget about writing to c:\Program Files\ or even c:\. Everything you will get on VISTA is virtual paths. Use CSIDL_APPDATA to get a nice real path like: C:\Users\admin\AppData\Local.

(Instead of checking the registry key, you can also check if your program is already dropped. If it’s there, it’s not a first time run)

As it’s a first time run, let’s install. Install has three steps. Write the key to the registry as explained above, copy the program itself to the path you found, and rename it (don’t forget windows runs anything, it does not need to be an .exe) flag it to system and hidden, and finally do something to entertain the victim. You can shell call anything, from ie with a page to painter with an image.

That’s it, we’re set to go. Next time the user restarts it will load our bot.

Now how do we make contact? Well, forget about Mail and FTP. You would be noticed in no time. You should always hit a web page: either to collect orders or send reports.

Best way to do this is using Microsoft.XMLHTTP’s msxml2.xmlhttp object and the Dom document: MSXML2.DOMDocument. Simple, fast, asynchronous and stealth.

And how do you know user is connected? Well, again forget about checking the InternetGetConnectedState on wininet.dll. You have to do the most basic of all the things: use Microsoft.XMLHTTP object to hit Yahoo.com and see if it’s there, then you’ll know. (Don’t hit Google.com)

Now put it on a timer and check your site.php page to read instructions from time to time. These instructions can also include a self destruction order! In that case, you would delete the key and that’s it. You can also delete the app itself, but it’s more complex. No need to do that, it will just lay there forever.

On part II of this tutorial we will see how to pass orders to the bot and, most important, how to get the bot to obey. It’s fairly simple and best of all, on all sites we hit, we will be behaving just like if were the normal user of that PC surfing and voting on pages and social networks. No need to melt our brain on complex Javascript routines with dubious results and that are dependent on XSS holes that get patched on no time these days.

Now imagine you were about to launch a new website. How about having all your bootnet to vote for it o Digg, Stumble it, tweet it, and link it all over? It would be great, wouldn’t it?

No, it would not. This is not the way it is done. You simply can’t raise head too much above water or you’ll get caught in no time. Will see how this is done in part two, but I think you must been having an idea about it by now.