- Oct. 25th, 2006
- 8 comments
We all have a mischievous side. I know I do. And in that vein, I have a great idea for a PubCon or SES segment. I'd appreciate some feedback in the form of comments if you'd like to see such a segment. Then I can approach Danny Sullivan or Brett Tabke with the idea:
Title: "Understanding Black Hat SEO: Protecting Yourself From Black Hat Vulnerabilities"
The segment would cover the basic black hatter's psyche, and what he's after. I'd go through the list of common tactics used, and procedures for auditing your application for such vulnerabilities. Then I'd explain how to solve or mitigate the problems. These include:
1. HTML injection
2. Systematic comment spamming
3. Dropping links in forums that don't implement nofollows
4. Using software signatures to find vulnerable applications
5. Hacking: XSS, SQL injection, using a vulnerable 3rd party application or shared hosting as a weapon
… and quite a few more ideas; that's just a quick list!
I had this idea awhile ago, but Barry's mention of a hacker using Jennifer Convertibles as a launchpad for spam highlights the importance of understanding what makes spammers tick. And understanding that, among other things might also stop you from saying:
I used to work for RustyBrick as a programmer, and they're actually pretty good on security as web development firms go. I'm impressed that Barry is disclosing the details, but I do suspect it will have more to do with their hosting, not RustyBrick's application.
So if you're a black hatter, you can leave a comment telling me how much I stink.
But if you think this is a great idea, and you want me to run with it for PubCon or SES, leave a comment. Of course if you're Danny Sullivan or Brett Tabke, you can always contact me directly
"8 Wise Comments Banged Out Somewhere On The Internet ..."