Posted on June 23rd, 2008 in Cloaking
If you're tired of refreshing this page every day like a d-bag, you should probably subscribe to the RSS feed.
First off, Nickycakes would like to wish Nickycakes a happy 25th birthday. Lets hope UPS doesn’t try to pull anything funny and leave one of those retarded yellow “sign me” slips instead of birthday gifts. With the meager ad earnings from the blog wasting space in the paypal account, the Cakes decided to treat himself to a new flatscreen monitor to make the dual monitor thing happen a little better than it is currently. Hopefully that arrives today. Should make Call of Duty 4 look nice and purdy. Also, check out this amazing article that took place the day the Cakes was born: http://www.wired.com/science/discoveries/news/2008/06/dayintech_0623
Anyway, back on topic. What is cloaking and how does it work? There are a few things in the SEO/Internet Marketing industry that are referred to as “cloaking” but today the Cakes is talking about search engine cloaking. Cloaking is the staple of many a blackhat-seo, but the specifics are often misunderstood.
The basic idea is, you show the search engine bots something different than the user sees. For example, Goog thinks your page is full of 5000 words of keyword rich content, but when joe blow clicks on your listing in the search engines, he is forwarded to an affiliate offer instead. Pretty simple in theory, right?
So, why cloak? Can’t you just fit keyword rich content on your site and rank it in the search engines like normal people? Sure. But some people would rather auto-generate 10,000 pages of crappy barely-readable content with tons of keywords in the time it takes you to make/pay for 1/10th of your spiffy legit website. The user never even gets subjected to your crappy design skills, they just get direct linked to whatever, while the search engine bots, and their limited sense of asthetic value, happily index the garbage.
Uhh, ok so how does it work exactly? Here’s the only real tough part about search engine cloaking. How can you determine if a visitor is a search engine bot, a human, or maybe a manual reviewer person from Goog? Well there are several ways.
- UserAgent of the visitor is the most obvious. This piece of browser stored data tells a website what software is being used to access it. Many website crawling bots happily announce exactly what they are, making things easy. However, these days this is unreliable. The major search engines, especially G, love to use UserAgents that match normal users when checking up on sites, making this method not 100% reliable.
- The Referer of the visitor is also sent by the browser when visiting a website. This piece of data shows where the visitor came from to get to your site. A referer of “http://www.google.com/search?q=nickycakes” will tell you that the user likely got to this site by searching goog for “nickycakes”. So you can send anyone who ISN’T coming to your site with a referer from a search engine to your generated content. Much like the UserAgent, this can be easily faked, so it’s not good to rely on this entirely.
- IP Address is probably the next thing to look at. Most people don’t know this, but you can look up the owners of ip addresses. You can also look up what ip address ranges certain companies own. The major search engines own a ton of them, and with a little digging you can find exactly what these ranges are as a starting point of who to show the bogus content to.
- Your own list is the last, but probably most important thing you will need, and is also the hardest to get ahold of. Basically, there are site indexing bots that are designed to look exactly like normal users in order to fool cloaking scripts and find blackhat sites to send to the ban conveyor belt. They are, however, stupid. The best way to make a list of incoming ip addresses that are bots requires that you have a site or sites that are indexed pretty frequently. Basically you make a page on your site that records ip addresses and link to it from your site in such a way that a user would find it very difficult to find said link and click on it. There are various ways of doing this so feel free to use your imagination for once.
With all this data, it gets pretty freakin easy. You look at the data, determine if the user is likely a moron websurfer, and if so, send him on his merry way to your order form for whatever, mailing list signup, zip submit, rickroll, whatever. If it’s not likely to be a normal person, you serve them your keyword rich awesome content, which then gets indexed in your favorite search engine.
Scripts that do exactly this are sold for thousands of dollars, and it’s pretty obvious that you can just save your money and do it yourself. Obviously the Cakes isn’t going to post any source code for this type of stuff, because even if he had it, he wouldn’t want thousands of digital point retards running around ruining the internet, now would he. Hopefully there’s enough info here for a bright person to get some ideas, but not enough to ruin the fun for everyone =))
Keep it real.
Published by nickycakes //
The following is a guest post by XMCP of SlightlyShadySEO - the debatably Blackhat SEO and marketing blog.
The PPC market is becoming saturated. There is little doubt of this. Where initially the promise of local search results and adwords gave us the promise of an expanded market, even that is slowly filling up with advertisers. So when it comes to marketing, how do we go about cashing in on previously untouched niches?
Simple. We break the rules.
Note: Be smart about which account you use, and where. And how they’re connected. What I talk about here may lead to an adwords/superpages/msn/yahoo/whatever ban. Don’t bitch at me about it. Get a fresh account before trying this.
There’s a few ways to go about this, largely dependent on the review process that the companies put our ads through, and their level of advancement. Some methods are only available to people with programming knowledge, some are easy.
The Artistry of the Ambiguous Ad
While we normally concentrate on trying to tell the user at least what our product IS in our 2 magical lines, this approach requires more tact. Trying to sell viagra(depending on local legalities)? It’s not viagra, it’s “Give Her A Night She’ll Never Forget” “Just because you’re not ‘gifted’ doesn’t mean you can WOW her”. Remember that if we do successfully get our ad listed in a vertical that is normally banned, there should be little competition, so the clicks are cheap, and we can afford to lose a few users that are not getting exactly what it is they’d look for.
Dealing with Banned Keywords
Outright banned keywords, not subject to manual review, are the greatest issue when trying to get these ads in. We’re forced to go for more “related” terms. Selling bongs? Try “munchies”,”dugout”, or “roller”. You can send them to the “rollers” page, just make the bong page evident. Will CTR blow? Yeah. But you’re reaching your target audience. Beyond that, go for brand names. While a lot of things are banned as a product name (bongs on adwords), you stand an infinitely higher chance of cashing in on words like “roor” (a brand name) or “green star” (another brand). Will your ad stand up to manual review? Nah. But really, that can be handled in…the NEXT section. Oh yeah, and I’m not sure if “roor” or “green star” are banned, but know this trick works in at least 3 other topics.
Now to get a little technical….
Dealing With Human Reviewers - No matter what Mahalo says, manual reviewers are SO much easier to fool than automatic reviewers. They generally will come from the same IPs, occasionally have referrers, and normally it’s a 1-time review. Better yet, the companies doing it normally have shiite practices to prevent you from coming back after an initial account ban. At most, a new credit card and a new IP, and you’re on your way.
- Bait And Switch - Code up a quick, shitty lander for an alternate, more permissible option of your “ambiguous ad text”. “Give her a night she’ll Never Forget” could go to a site that shows how to plan the perfect date. A “bong” ad might go to something about the deep and sinister story of Mary Jane, and how she’ll make you drown your baby(aka anti-drug site). Then once it’s approved, just change it. Or if they also have bots coming in, combine it with the external JS trick in the next section to rewrite your page.
- Cloaking vs. Humans - If the bait and switch seems to risky, submit a few normal ads to gather up the first IP or two that visits. Notice who owns the given IP block. Disallow the JS rewrite if it’s one you’ve seen before. If you’re especially paranoid, make it so any repeat IP sees your angelic alternate page. Works especially great if they’re behind a corporate proxy.
Dealing with Automatic Approvals - Gotta love these, don’t we
- Cloaking - If there’s a keyword bot involved(or even if there’s only a “quality score” like bot involved), it’s time to go Harry Potter on their ass, and cloak like crazy. If you’re unfamiliar with cloaking, it’s just the process of showing search engine bots a different page than real people. It’s normally a bannable offense, but can be fantastic for income. User-agent cloaking(the old form of it) is out, but IP based is in, and couldn’t be easier.
- Did you keep all your logs from previous projects? I hope so! Pull out all the records you have of computers that hit your ads multiple times, with no referrer.
- To be sure, run them through some reverse DNS queries or whois queries to figure out the owner. An easy way to get the reverse DNS entry is to download a copy of the charon proxy checker, append a :80 onto all of your IPs in excel, then just paste em in. Charon can be set to reverse DNS all of the IPs in it. Remove the residential computers(IPs that contain the company name in the reverse dns, or don’t resolve to anything w/ reverse dns are likely bots), copy the remainder, then put them into your database or text file or whatever it is you’re using as your cloaking IP db.
- If you’re good at coding, you can set something to reverse DNS all inbound IPs to check for new bots.
- If you’re not confident, find an alternate program more in tune to what the company would want to be seeing based on your ad/keywords, and send the bots there. This way, you can also send anyone without a referrer to that aff program, and not lose the traffic, while remaining safe.
- Breaking Up The Keywords - If the company happens to scan for naughty keywords in your landing page text, break it up with invisible elements. Yeah, cloaking year 2000 style. b<div id=”invisible”>woot!</div>ongs for example. Set anything to hide way off in an external CSS file, denied by robots.txt.
- Who Loves Javascript? I don’t. But that doesn’t change the fact you can completely re-write a landing page with a layer created by external Javascript call. addChild(element); is an excellent command indeed. Also lookup createElement() and innerhtml. As always, deny via robots.txt
Cautions, Failures, and some Closing Notes
Some ads and keywords are not good for this. They simply cannot convert over because it’s too hard to demonstrate what it is they’re buying, without alerting the bot/reviewer as to what it is you’re selling. Experiment, separate out your subids, and do not hesitate to can an ad that isn’t performing. Ideally, you’ll be the only advertiser in a given niche (at least the only one using PPC) so the clicks will be cheap enough they don’t necessarily have to convert over fantastic.
And I will repeat: This will probably lead to an account ban if caught. If you have multiple accounts, for gods sakes keep them separated in as many respects as you can. IPs, Names, emails, you name it. Oh yeah, and comply with your local laws.
-XMCP
Published by SlightlyShadySEO //
Want to mess with your competitors on Google Adwords? All you need to know is their location.
You can find the location of your competitors through various means. If you know the location of the business you’re competing against for a certain keyword, that’s usually enough. You can also check the whois information on their domains. Contacting them via email and chatting it up to get this info works too.
So the basic idea is this. Set up a dummy campaign in adwords and location target it to a 50 mile radius of your competitor. Import the keywords you’re competing with them on. Make some horrendously crappy ads and really low bids, just for that area.
When they search for the keyword you’re competing on, they’ll see their ad higher than yours, possibly prompting them to lower their bids, when in fact, you’re actually showing up in a higher location everywhere else in the country.
Want to prevent this from happening to you? Just use G’s Ad Preview Tool to check how the ads show up in other areas of the country. But it’s pretty unlikely your competition will be thinking of this if they haven’t read this post ;]
Published by nickycakes //
Posted on January 3rd, 2008 in Cloaking
For those who don’t know about the art of Rickrolling, it’s one of the most hilarious internet passtimes of the decade. The idea is to plant a link on a website, forum, blog comment, whatever that people will want to click out of curiosity, but when they click it, they will be redirected to a video of Rick Astley’s music video of “Never Gonna Give You Up.” If you’re a reader of Wickedfire Forums, then you’ve likely become quite accustomed to being Rick Rolled on a daily basis. If there’s one thing Nickycakes loves, it’s new and creative ways to annoy the hell out of people. It has become such a phenomenon that an entire website and forum have been started dedicated to discussing different methods of Rick Rolling people.
While most can agree that RickRolling others can be fun, being rickrolled yourself is never fun. So what can you do to prevent it? That’s what a good friend of Nickycakes was thinking when he made Link Nark. Enter any url in Link Nark and it will tell you where you will end up if it redirects you somewhere.
Ok, that’s cute, you can prevent getting rickrolled, but that may lose it’s novelty pretty quickly, and most people would rather just click it and spend the 30 seconds closing the window rather than copying and pasting the url to another site to check it. Link Nark has another use, however, that isn’t mentioned on the site.
Ever want to find out where a cloaked link goes? Want to figure out what affiliate network someone is running that dating campaign with? You can enter any link you know is being redirected and it will tell you not only where it redirects to, but all the redirects that happened in between (if any). Works great =)
Anyway, like mentioned earlier, the dude who created the site is a friend, so hit him up with a digg if you use it.
Published by nickycakes //
Posted on December 5th, 2007 in Cloaking, Coding
One thing about google that you most likely know already, but may not, is that they penalize you for having affiliate links on your page. If you use adwords, this equates to a lower quality score which in turn makes your cost per click more expensive. For normal ranking in google search, this means a lower position in the SERPs (search engine result pages).
One thing about spammers is, they like to scrape email addresses off webpages. Put your email addy on the front page of your blog, and wait a month, and feel the love as you get hundreds of ads for penis pumps and viagra clogging your inbox.
Fortunately for you, both of these birds can be killed with one stone. Just convert the link to unicode, throw it on your site, and it will be near invisible to nearly all scrapers and web spiders. Now you’re probably asking yourself, “But nickycakes, how do we convert a link to unicode?” You do it with this tool, duh:
Published by nickycakes //
