Marketing & SEO Discussion List - LED Digest

Home arrow Full Issues arrow 2006 archives arrow LED Digest 2165: Backlinks
LED Digest 2165: Backlinks Print E-mail
==================================================
                 The LED Digest
             Moderated Discussion List
     "Effective Online Advertising, Since 1997"

      Data > Information > Knowledge > Wisdom

         pair Networks: The LED's Web Host
   Hosting and Domain Reg. from a Trusted Leader
  pair.com for Hosting  |  pairNIC.com for Domains

==================================================
List Moderator:                     Published by:
Adam Audette                          LED Digest
adam, led-digest.com     http://www.led-digest.com
..............................................
May 22, 2006                        Issue no. 2165
..............................................



            .....IN THIS DIGEST.....


====== NEW =====================

        --== Backlinks ==--

                ~ Claudiu Spulber
"...do the links from an indexed PDF file
count as regular backlinks?"


==== CONTINUING =================

        --== Spam via Feedback Forms ==--

                ~ Joe Halbrook
"...I would suggest using a form processor that
will generate a secure RSS feed entry..."

                ~ Veronica Yuill
"...it's quite easy for spammers to hijack a
form-to-email script..."

                ~ Amy D. Moore
"I've encountered a number of different
feedback form spammers."

                ~ Will Bontrager
"...it is happening more and more."


==== BILLBOARD ===================

        --== Go Daddy ==--
                ~ John Smart

        --== Fighting Spam - A Study ==--
                ~ Michael Linehan


========== NEW ===================================

From: Claudiu Spulber
Subject: Backlinks - Google, PDF, etc.

Hi all,

I know that when using the link: command in Google only a sample of
the backlinks is shown, but on other search engines (msn, yahoo) all
of them are displayed. I was wondering why does this happen. I mean
why would Google show only a selection of them, given that they're
randomly picked (I think?!)? And what percent are they showing,
5-10%?

Still on the backlink theme, do the links from an indexed PDF file
count as regular backlinks? I've seen in the results returned using
the link: command a couple of PDF files, but I don't know if those
have the same value as they would have if they were on a webpage.

Thank you.

Regards,

Claudiu Spulber
http://www.backup4all.com//
http://www.novapdf.com//


======== CONTINUING ===============================

From: Joe Halbrook
Subject: Feedback forms

> I am not too sure if it is me or what, but recently, I discovered
> there are a lot of spam coming through via our feedback forms.
        - Eddie Teo, LED 2164

Hi Eddie.

This is most certainly possible, as spammers can easily use web
forms to send out spam to more than just the form owner.

This exploit has been used for years by spammers, although it's not
the smartest approach I've ever seen.  The reason they use this
exploit is because spammers know that most web forms send out email
to both the form owner, as well to the email address that most forms
capture of the person (submitter) using the form, as a confirmation
email.

The spammers cleverly enter a string of spam addresses in that
submitter address field, for as many characters as it will hold.

One of the simplest methods to avert this misuse is to:

1) Change the MAXLENGTH attribute of the INPUT text field for the
submitter email address to a finite length, say 50 characters.

2) Make sure the backend CGI script that is used to process the form
checks for the originating URL where the form should be executed, so
the spammer can't simply copy the form to his / her server and
remove the MAXLENGTH attribute.

3) Consider not even sending a confirmation email to the submitter.
Just return the submitter to a Thank You page instead..

This methodology will thwart most attempts to abuse your web forms.
Beyond that, I would suggest using a form processor that will
generate a secure RSS feed entry, instead of sending you (the form
owner) an email when someone uses your web forms.  Then, you simply
monitor the RSS feed for entries from your web forms.

For other tools and information, you might check here:

http://www.google.com/search?hl=en&lr=&q=web+forms+spam

http://www.robertswebforge.com/services/anti-spam.shtml

http://www.formassembly.com

(I have no affiliation with the above sites.)

Best of success, Eddie.

Joe Halbrook
http://www.cleanmymailbox.com


-------- new post - same topic ---------

From: Veronica Yuill
Subject: Feedback forms

> By the way, how silly can these spammers be? All these
> feedback will go only to a single person / small group of people...
        - Eddie Teo, LED 2164

Don't be too sure, Eddie! Your feedback form could be vulnerable to
hijack by spammers.

If it hasn't been coded with security in mind, it's quite easy for
spammers to hijack a form-to-email script to send email to any
number of email addresses of their choice, including yours -- and
the email will originate from *your* server, making *you* look like
a spammer!

It sounds very likely that this is the case with your form. Try
Googling for "email header injection" to find out more -- and you
urgently need to get your form fixed!

HTH

Veronica Yuill

Archetype IT
http://www.archetype-it.com/english/


-------- new post - same topic ---------

From: Amy D. Moore
Subject: Feedback forms

I've encountered a number of different feedback form spammers. A
majority of them seem to see if they can overcome the header
creation of the feedback form to use your feedback form to send out
this spam.

If a form unwittingly allows this it can be detrimental to the web
server as it will surly be black listed.

In order to send out an e-mail, the web server generates the e-mail
headers. Usually that is a simple To:, From:, and Subject:. The body
of text after the headers is considered the message. But, as you are
probably aware, there are plenty of other e-mail headers possible.
If your feedback form does not automatically generate some kind of
fixed text at the beginning of the block of text - in other words,
if one of the fields is returned IMMEDIATELY after the last header,
the spammers can put additional header commands in their computer
generated submission. Usually they will insert at least CC: or BCC:
headers and often a ReplyTo: header. Then they get to use your web
server which keeps them out of trouble and can really hurt you (or
your client).

There are two basic solutions for this and your webmaster or web
hosting company ought to be able to help you. The script which
processes your feedback form can check to see if the referring
"page" for your feedback form indeed comes from your site.
Ultimately that would be best, but there are some counter
indications to that. My latest patch has been to not process any
form submissions where there is an @ sign in any field other than
the submitter's e-mail field.

Even if your feedback form cannot be used to send spam, the feedback
form spammers just try everyone. Since their system is automated,
they don't care if a majority of forms do not work for them and they
have no concern regarding the burden to you or your web server.

It is a struggle for all of us to stay on top of spam. The costs of
spam are very real and a burden on the small business owner. The
rules are always changing and we need to stick together to work on
solutions to fight it which we can afford.

Amy D. Moore
http://internetsupportservice.com
Internet, Database, and Media Solutions since 1996


-------- new post - same topic ---------

From: Will Bontrager
Subject: Feedback forms

Eddie Teo, it is happening more and more. Most likely, what you're
seeing is emails from automated submission, the same messages going
to all feedback forms in the spammers' database.

There are ways to defeat it.

"Spamming You Through Your Own Forms" by myself published at
http://willmaster.com/formspam (redirect to long URL) presents a few
methods.

The article talks about prevention and about damage control.

Will Bontrager


==== BILLBOARD ===================================

From: John Smart
Subject: Stop Go Daddy

Let me start this by saying I really do not like Go Daddy. We used
to use them a lot (cheap domains!) but hey - you get what you pay
for. We dropped them when they started mailing MY clients offering
web design and hosting. I didn't lose any clients to them, but it
was seriously not cool!

Bob Parsons (Owner, Chief Executive Ego) has some ideas about
advertising that I am not a fan of - his television adverts were at
best awful.

I have had cause to read his blog on occasion (when some one is
sucked in by the hype and asks for my opinion). I suppose I would
have to say that if success is measured in dollars, he is a much
more successful man than I , so I guess he does have a clue - even
though he strives to keep that fact hidden.

Okay, so assuming that I am not already in court for this! Bob
actually wrote a good story. It is a little sad that he does not
know how to use the term 'kiting' but really, what can you expect?

The article: http://www.bobparsons.com/ is very interesting it talks
about the domain refund and the fact that certain companies
(amazingly not his) purchase millions of domains (30+million) put
annoying spam content on them, cancel them after 5 days, then
reregister them - keeping the cycle going and completely abusing the
system.

I assume his research is good, although as I write this I am
wondering why I am making that assumption.

Oh, and for any of you still registering client domains with Go
Daddy, PLEASE sign up with Tucows.com (opensrs.org) -- it costs a
little more, but the service is fantastic, and they never try to
sell to your clients!

John Smart, Technical Director
InternetDesign.com - A Human Touch in a Digital World


-------- new post - new topic --------

From: Michael Linehan
Subject: Spam study

Some time ago, I read one two-year study by an Australian company.

They set up two sites. With one, they ignored the spam. With the
other, they vigorously pursued unsubscribing - to the extent of
contacting the sometimes very mainstream companies who were being
promoted by spam.  In other words, they unsubscribed, and then some.
Their result was that the spam on the 'unsubscribing' site
consistently increased.  After two years, the amount of spam was
horrific. The other site's spam was MUCH less.

Can't remember anything else about it, and can't find it on the Web
currently.  If a study is done it might be good to similarly set up
two sites just for this purpose, so no-one has to risk being flooded
with spam.

I maintain the best protection is not to get spammed in the first
place.  The "Sweet George Sound Big Band" mentioned by Tom Aman has
their email completely exposed. And Tom, you have a contact form,
but you put your email in your post today. So it is now exposed in
the LED archives (or will be).

My email address is encoded on my site. I'm very careful about where
I enter my address.  As a result, I have never, since the beginning
of the Web, received more than a tiny number of spam.  Admittedly,
it has gotten worse over the years ---- a few times I've had as many
as ten in one day.  :)

Michael Linehan

Marketing Alchemy
www.marketing-alchemy.com


-------------------------------------------------------
The LED Digest is sponsored by pair Networks:
pair.com for Hosting | pairNIC.com for Domains

© Copyright 1995-2006 Orange Wheel, LLC. All Rights Reserved.
-----------------------------------------------------------------

Happy Birthday Dad!
 
[ Back ]