Below is live coverage of the Black Hat Tactics and Preventative Measures panel from the PubCon 2011 conference.
Disclaimer: The coverage is brought to you in real time, using a custom live blogging tool. Feel free to ask questions or leave comments for inclusion into the live coverage. During the live event, live notes will auto-scroll with newest entries at top. After the session is complete the archive version will have the oldest entries at the top. We ask you to please excuse any typos, as these are live notes.
Finished
Auto-Refresh: Off
Barry Schwartz:
4:25:44 pm
Starting soon, this room is going to be packed!
Barry Schwartz:
4:26:11 pm
Barry Schwartz:
4:26:29 pm
FYI, this speaker will be at SMX Israel on Jan 15th, a conference I chair. So come!
Barry Schwartz:
4:27:55 pm
He is just loading his presentation...
Barry Schwartz:
4:29:27 pm
Okay, here we go
Barry Schwartz:
4:30:38 pm
Barry Schwartz:
4:30:49 pm
People come to him when they have no where else to go
Barry Schwartz:
4:31:52 pm
he works in the most aggressive spaces
Barry Schwartz:
4:32:43 pm
Competitive Industries, each industry is a different type of animal - there are no rules. Competitive landscape has changed over the years. It is incredibly concentrated and aggresive. It is an all out war in these industries.
Barry Schwartz:
4:33:31 pm
It is dirty out there.
Barry Schwartz:
4:34:06 pm
Sometimes the best method to move forward is to "eliminate" the sites above you.
Barry Schwartz:
4:35:01 pm
This is how the space thinks
Barry Schwartz:
4:35:41 pm
First thing is to figure out what went wrong. Exposure awareness is the key to solve problems.
Barry Schwartz:
4:36:06 pm
Barry Schwartz:
4:37:01 pm
Barry Schwartz:
4:37:09 pm
Okay, now we can start...
Barry Schwartz:
4:37:38 pm
Take out the site, take it out through attacking it.
Barry Schwartz:
4:38:35 pm
Links: incomng links are important, so what do you do?
Barry Schwartz:
4:39:13 pm
- send an email to those linking to your competitor links and ask them to change the link URL and (change link requests) 35% are approved
Barry Schwartz:
4:39:42 pm
- Send link accountability emails, you are spamming Google by linking to site X.
Barry Schwartz:
4:39:48 pm
It gets links down.
Barry Schwartz:
4:40:14 pm
- If that doesn't work, use a trademark threat - you are violating my TM by linking to it.
Barry Schwartz:
4:40:23 pm
- If that doesn;t work, fake a Google notice.
Barry Schwartz:
4:41:51 pm
Now give this competitor site some new links from link networks, banned/hacked sites, fake profiles with spam words, blog/guestbook spam, link buy requests to Google employees and push huge amount from the same site and subdomains on the same IP. This can really hurt a web site
Barry Schwartz:
4:42:22 pm
Barry Schwartz:
4:44:39 pm
Now work on outbound links from that web site:
Barry Schwartz:
4:45:15 pm
- XSS exploits
- Hacking into the site
- Widgets and code injection
- Links in posts, comments, testimonials and other UGC content
Barry Schwartz:
4:47:32 pm
Where do you point these links?
- Banned sites
- Big banned link buyers
- Malicious sites
- Bad neighborhoods
Barry Schwartz:
4:48:46 pm
Posting content on your competitors site:
- Parameters spam for duplicate content (adding parameters to the URL with keywords in it even) this leads to dup content issues
Barry Schwartz:
4:49:32 pm
- UGC sub domains : some sites allow content, some put users on a subdomain, so register 2000 new users and put some bad content there.
Barry Schwartz:
4:49:47 pm
- Lots of forums out there are not moderated, put content there
Barry Schwartz:
4:50:17 pm
FYI, people tried this on us, see http://www.rustybrick.com/free-viagra-spam.html and http://www.rustybrick.com/rustybrick-spam.html
Barry Schwartz:
4:50:27 pm
Also posts, comments, etc.
Barry Schwartz:
4:50:36 pm
- Hacks and injecting hidden content spam
Barry Schwartz:
4:51:11 pm
FYI, if anything bad happened to your site, this is your check list to look for.
Barry Schwartz:
4:51:26 pm
Now site wide internal tactics:
- Cloaking & htaccess
Barry Schwartz:
4:51:32 pm
- Robots.txt to block the site
Barry Schwartz:
4:51:45 pm
- Hidden no index, nofollow
Barry Schwartz:
4:52:08 pm
- XSS for content
- CSS for link injection
- Many new domains with spam content and same contact info linked to target
Barry Schwartz:
4:53:51 pm
Get access to webmaster tools through social hacking and then do a location change request, geo targeting to a small area, ignore pages, do an address relocation and set up stupid reconsideration requests
Barry Schwartz:
4:56:23 pm
External methods:
- DMCA takedown requests via owner, hosting, dns providers, registra and even search engine
- Take untaken brand TLDs
Barry Schwartz:
4:58:46 pm
- Change IP geo targeting requests (removes the site from Google US)
- Influence search engine suggestions (i.e. Google Instant, do a lot of searches via different proxies to influence them, i.e. brand name virus, brand name scam, etc)
Barry Schwartz:
5:01:18 pm
- Multiple proxy site duplication
- Mobile / Email / Skype and IM Spam
- Abuse freshness to position push results (starting last week Google favors freshness, submit a lot of fresh content about the brand name and can outrank the brand name)
Barry Schwartz:
5:01:47 pm
You can utilize videos, images and even maps, since they rank well. Post nice lady images, etc.
Barry Schwartz:
5:02:07 pm
Use news and press releases for your competitor
Barry Schwartz:
5:02:18 pm
Social and post bad titles on UGC forums, blogs, etc for your competitors
Barry Schwartz:
5:02:40 pm
Many of these tips are about hurting competitors, as you can tell
Barry Schwartz:
5:04:12 pm
PPC:
- Click bots on other sites and on target sites
- Post public freelance project request for click fraud
- Use PPC advertisers ID on abused sites
- Abuse adsense account score using PPV
- USe 3rd party remarking tricks for scaring potential clients away (this is funny)
Barry Schwartz:
5:06:18 pm
You can retarget on your competitors web sites using PPV
Barry Schwartz:
5:06:59 pm
show ads that say this web site is a scam or visit this other site, etc.
Barry Schwartz:
5:07:50 pm
Hire people to snitch on competitors for link buying
Barry Schwartz:
5:08:00 pm
Post in forums how the site tricked the SE and got away with it
Barry Schwartz:
5:08:08 pm
Report click fraud done by your competitor
Barry Schwartz:
5:08:13 pm
Report spyway injection
Barry Schwartz:
5:08:27 pm
Annoy search engine stuff with spam from that site.
Barry Schwartz:
5:09:45 pm
Analytics:
- Change user behavior information by using paid surfing services (trick your competitors by messing with their analytics)
- Cloaked and fake queries and search terms traffic
- Buy botnet fake traffic trends
Barry Schwartz:
5:11:05 pm
Hack!
- 302 highjacks still work
- Cross domain canonization
- Cloaked 301 redirects
- Cloaked JavaScript redirection
- Geo targeted DNS poisoning
- Fake credit card sales
Barry Schwartz:
5:12:31 pm
Human Resources:
- Eliminate his SEOs by hiring them away
- Distribute the SEO team members resumes online as job seekers
- Trash the SEO team results to management
- Get your own people inside as a spy
Barry Schwartz:
5:12:42 pm
Social Media:
- Trash reputation on sites
Barry Schwartz:
5:13:30 pm
Affiliate Network:
- Positon an affiliate link instead of the home page
- Trash affiliate program in UGC
- Contact all affiliates as a fellow affiliate and tell them about the bad experience you had
Barry Schwartz:
5:14:05 pm
Denial of Service:
- Target the site itself
- Go after the same IP
- Kill the sites resources
Barry Schwartz:
5:15:49 pm
That is all Q&A
Barry Schwartz:
5:15:56 pm
Good night folks!