| LED Digest 2271: Form Junk Fixes |
|
|
|
Tips and tricks for dealing with form junk caused by email header injection spammers. AdSense arbitrage and Google's problems. The natural search and directories discussion has practical, helpful suggestions; much more. ================================================== The LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" Data > Information > Knowledge > Wisdom pair Networks: The LED's Web Host Hosting and Domain Registration from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam, led-digest.com http://www.led-digest.com .............................................. October 20, 2006 Issue no. 2271 .............................................. .....IN THIS DIGEST..... ====== NEW ====================== --== Tracking Clicks ==-- ~ Rob Forker "I have a non-commercial site that someone wants to put an ad on..." ==== CONTINUING ================= --== AdWords Arbitrage - How it Works ==-- ~ Tom Aman "...whether or not [Google cancels these accounts] would require a fair bit of investigation." ~ Ken Evoy "...this is the first time I have ever felt let down by Google in a major way." --== Junk Mail from Contact Forms ==-- ~ Veronica Yuill "...you are almost certainly a victim of email header injection." ~ Joel Lesser "We wrote a script that RENAMES our formmail CGI filename every hour." ~ Will Bontrager "While it's not yet an epidemic, like email spam, it could become so." ~ Steven Rothberg "...we just added some code to the bottom of the forms..." --== Natural Search Effectiveness ==-- ~ Michael Linehan "...individual SEO is limited by what you can do and what you can charge per hour." ========== NEW =================================== From: Rob Forker Subject: Tracking Link Clicks I have a non-commercial web site that someone wants to put an ad on in order to maybe sell some of his products. How can I track how many people click on his banner / link to his web site? I don't care about any of the other pages / links on the site, just this one. Thanks, Rob Forker ======== CONTINUING =============================== From: Tom Aman Subject: AdWords arbitrage > Why doesn't Google cancel the illegal AdWords accounts > and blacklist the spam pages? Why doesn't Google follow-up > on their TOS which are clearly published? - Rae Deisler, LED Digest 2270 - http://www.led-digest.com/content/view/1257/55/ In their reply to you, Google state "We will also take the appropriate action on the related account and ensure that these individuals are not allowed further participation in the Google Network." I would take that to include, among other things, cancellation of the accounts and doing something about the spam pages. Of course, whether or not they actually do this would require a fair bit of investigation. Tom Aman Aman Software http://www.cyberspyder.com Home of CyberSpyder Link Test -------- new post - same topic --------- From: Ken Evoy Subject: AdWords arbitrage Excellent post, Rae, about AdSense arbitrage. Google's problem with arbitrage goes way beyond arbitrage though. The frenzy of "AdSense sites," from no-content domainers to automated-content site generators to pap-content-"hot-nichers," degrades the average quality of publisher sites horribly. I talk more about that in a preamble at our "Make Your Content PREsell!" site, where we recently made MYCPS! free... http://mycps.sitesell.com/ , so I won't digress further here. Our first edition of the Affiliate Masters Course, way back in the previous millennium, first laid out the concept of keyword research and quality information-based niche sites. That course (now in its 5th edition and which has been downloaded hundreds of thousands of times) grew into Site Build It!, which existed years before AdSense and which extends well beyond the AdSense monetization model today. Our customers create quality sites that succeed, and many of them do, to varying degrees, monetize with AdSense, overdelivering quality information and building substantial traffic and legitimate Google AdSense income. Through it all, we've been huge Google fans, for all the usual reasons, including perceived ethics and a belief that THEY really believe in their "DO NO EVIL" philosophy. But I must say, this is the first time I have ever felt let down by Google in a major way. Why? Because they have the technology to stop it tomorrow if they wanted to. Their form answer to you is gobbledygook meant to obfuscate, hedge, and weasel. It makes them look bad. It makes them look NOT like Google. I sincerely hope they do the GOOD AND RIGHT thing and take a temporary financial hit, clean out all that's bad, fraudulent, wrong, and weak, and re-establish their publisher network as the strong, creative and diverse source of niche-oriented advertising that it SHOULD be for advertisers. In other words, they need to re-establish a WIN-WIN-WIN for advertisers, publishers AND Google. Thanks for calling this out, Rae. It's an important issue. All the best, Ken Evoy, President SiteSell.com www.sitesell.com -------- new post - new topic --------- From: Veronica Yuill Subject: Form junk > ... someone has come up with a piece of software > that automatically fills out my contact us forms online > and submits them. Now I get emails coming through > my CGI script that are full of ads. - Mark Frank, LED Digest 2270 Mark, you are almost certainly a victim of email header injection. An inappropriately coded contact form can allow spammers to add extra information to the headers of the email that is sent, enabling them to use *your* server to send *their* spam! At this point they may just be testing the form to see if their exploit works, but if it is vulnerable you need to fix this fast as your server could end up being blacklisted. I blogged about it a while back: http://snipurl.com/zudp [archetype-it.com] That post includes links to technical explanations of the header-injection trick and techniques for blocking it. My contact forms detect spamming attempts and instead of sending the email display a "forbidden" error (hint: be as rude as you like here!), and record the visitor's IP address. HTH Veronica Yuill Archetype IT http://www.archetype-it.com/english/ -------- new post - same topic --------- From: Joel Lesser Subject: Form junk We experienced the exact same issue... although this is just speculation, it would seem that the spammers are databasing CGI or other formmail scripts that accept posts from contact forms. Then they probably sell those databases to other spammers which multiplies the problem. There is a relatively simple solution which we implemented with success. We wrote a script that RENAMES our formmail CGI filename every hour. It also updates the HTML that posts to the CGI at the same time with the new filename. The process is kicked off every hour with a cron (daemon). Because our contact formmail CGI filename now changes every hour, the scammers end up posting to a CGI that doesn't exist resulting in a 404 error. Here is a good primer on crons. http://www.unixgeeks.org/security/newbie/unix/cron-1.html Best Regards, Joel Lesser LinksManager.com http://linksmanager.com -------- new post - same topic --------- From: Will Bontrager Subject: Form junk > I am getting advertisements from my own sites now. - Mark Frank, LED Digest 2270 Yes, junk mail from site owners' own contact forms is emerging as a problem. Although automatic submission of spam to site owners is not very wide spread, yet, more and more people are finding their contact forms misused. Captcha systems (often implemented as letters on an image you have to type) seem to work pretty good. Personally, I don't like captcha when implemented that way. It seems somehow demeaning to have to prove one is not a robot. The last post in http://www.led-digest.com/content/view/1128/55/ announces a system to programmatically determine whether or not the form submission is done by a human -- in a way transparent to the form user. The form handling software that works with the system is not free. I expect the system itself to be free in the near future. The system can be duplicated and built with variations, and I hope folks do so, to slow the misuse. While it's not yet an epidemic, like email spam, it could become so. The number of "I'm getting spam from my form" inquiries we receive from site owners is increasing. Software to automatically submit spam to millions of forms can work just as well as software to automatically send spam to millions of email addresses -- better, actually, as most people don't filter email sent from their contact forms. Will Bontrager http://willmaster.com/ -------- new post - same topic --------- From: Steven Rothberg Subject: Form junk We were also being bombarded with spam being sent through our on-line "contact us" forms that employers, career counselors, admissions counselors, financial aid experts, etc. use to sign up to blog on our career site. To reduce the amount of spam (I don't think you can ever eliminate spam), we just added some code to the bottom of the forms that requires the user to type in a series of numbers and/or letters. See http://www.collegerecruiter.com/weblogs/author-signup.php . So far so good, but this is a cat-and-mouse game so I expect that we'll need to make more enhancements as time goes on. Steven Rothberg, President and Founder CollegeRecruiter.com | Entry Level Jobs for Students & Recent Graduates! http://www.collegerecruiter.com -------- new post - new topic --------- From: Michael Linehan Subject: Natural search Hi Shaun, I'll give a brief reply here. But we can certainly be in touch by phone too. > First, using lodgings directories vs each lodging > doing its own marketing. I have come to the conclusion > I can do lodgings more good by running the directory > than through individual SEO. - Shaun Johnston, LED Digest 2269 - http://www.led-digest.com/content/view/1252/55/ OK. And that sounds good for you too. It makes really good business sense to do the directory. 1. When it's running smoothly and dominating needed search terms, you are getting income each month in a way that is probably much more effective than getting yet one more client for a relatively tiny SEO job. Ultimately, the directory has the potential of becoming close to passive income. 2. You can replicate the directory model as many times as you want. 3. There is no "physical" constraint on your income, while individual SEO is limited by what you can do and what you can charge per hour. For all we know, by giving outstanding service and value, you could end up dominating the whole NE US. So you do them more good, and you do yourself more good. And you do THEIR clients more good, because those people can find what they want much more effectively than before. I'm all for win-win-win. > Second, how to get lodgings to add their own content. > Contribute / Namo Web Editor/ other... I also thought of > giving them a i-frame on the home page... Don't mess with iFrames. Simple, clean, flat HTML pages is my recommendation. How to do the editing is affected by what and how much content. I would suggest you set it up so that each client has only a very small core "site". For an accommodations business, the core information is: 1. A brief overview 2. Room information with photos - possibly leading to a "more info" for each room / suite - if they are different. 3. A reservations / contact page. That's it. So they don't need to edit much, especially once that initial information has been added to the site. You could either set them up to edit (especially the inevitably changing prices), or you could get them to send you the info and you put it up. I wouldn't do it through software such as you describe. I'd either do it myself, or I'd build a super-easy-to-use CMS. But then, of course, three pages per client about rooms and reservation info is not good spider food. For the search engines, you need excellent information on the various areas --- which, of course, is also the additional information that any traveller might want. For each region, you might have dozens of pages - or much more. This would take research, of course --- but each of those pages is going to really nourish your search engine rank. At this point, some people get concerned about "clogging up the site", but that isn't necessary. You just put that extra information behind one link than says "Additional Information on the -------- Region". No-one sees the additional hundred pages unless they want to. (So you've now taken care of both the skimmers and those who want more information.) Since you are the one who is REALLY motivated to make this directory dominant, you are, by far, the best one to do the research, addition and editing of all this information. Certainly, you can ask all your clients for stories, information, anecdotes and so on, about their area. But you are not DEPENDENT ON THEM to make this site happen by adding content regularly. This is YOUR site. You shouldn't be dependent on your clients for its success. Then you are, of course, optimizing all this content as you add it. And you are regularly adding more links. If you are doing well already, I think the potential is quite incredible! :) Michael Linehan, Marketing Alchehmy www.marketing-alchemy.com ------------------------------------------------------- The LED Digest is sponsored by pair Networks: pair.com for Hosting | pairNIC.com for Domains Copyright 1995-2006 Orange Wheel, LLC. All Rights Reserved. ----------------------------------------------------------------- "Take rest; a field that has rested gives a bountiful crop." - Ovid |
