We all have a mischievous side.  I know I do.  And in that vein, I have a great idea for a PubCon or SES segment.  I'd appreciate some feedback in the form of comments if you'd like to see such a segment.  Then I can approach Danny Sullivan or Brett Tabke with the idea:

Title: "Understanding Black Hat SEO: Protecting Yourself From Black Hat Vulnerabilities"

The segment would cover the basic black hatter's psyche, and what he's after.  I'd go through the list of common tactics used, and procedures for auditing your application for such vulnerabilities.  Then I'd explain how to solve or mitigate the problems.  These include:

1. HTML injection
2. Systematic comment spamming
3. Dropping links in forums that don't implement nofollows
4. Using software signatures to find vulnerable applications
5. Hacking: XSS, SQL injection, using a vulnerable 3rd party application or shared hosting as a weapon
… and quite a few more ideas; that's just a quick list!

I had this idea awhile ago, but Barry's mention of a hacker using Jennifer Convertibles as a launchpad for spam highlights the importance of understanding what makes spammers tick.  And understanding that, among other things might also stop you from saying:


I used to work for RustyBrick as a programmer, and they're actually pretty good on security as web development firms go.  I'm impressed that Barry is disclosing the details, but I do suspect it will have more to do with their hosting, not RustyBrick's application.  

So if you're a black hatter, you can leave a comment telling me how much I stink.

But if you think this is a great idea, and you want me to run with it for PubCon or SES, leave a comment.  Of course if you're Danny Sullivan or Brett Tabke, you can always contact me directly :)

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook

Related posts:
Find HTML Injection Vulnerabilities with Google Code Search I guess I think like a hacker, because I thought...
Doesn't Matter if You're Black or White I was just thinking that it really bothers me that...
XSS & HTML Injection are Frighteningly Trivial to Find at Harvard.edu This recent article mentions that XSS and HTML injection are...
Free SEO Site Clinic - Get Your Site Reviewed! Once a month, starting this coming month, I will be doing...
Matt Cutts Wages Jihad On Paid Links In Google's latest blatant exhibition of ridiculousness, Matt Cutts has...