Below is live coverage of the Black Hat Tactics and Preventative Measures panel from the PubCon 2011 conference.
Disclaimer: The coverage is brought to you in real time, using a custom live blogging tool. Feel free to ask questions or leave comments for inclusion into the live coverage. During the live event, live notes will auto-scroll with newest entries at top. After the session is complete the archive version will have the oldest entries at the top. We ask you to please excuse any typos, as these are live notes.
Stay tuned! Live updates will begin momentarily.
Starting soon, this room is going to be packed!
4:26:29 PM Barry Schwartz: FYI, this speaker will be at SMX Israel on Jan 15th, a conference I chair. So come!
4:27:55 PM Barry Schwartz: He is just loading his presentation...
4:29:27 PM Barry Schwartz: Okay, here we go
4:30:49 PM Barry Schwartz: People come to him when they have no where else to go
4:31:52 PM Barry Schwartz: he works in the most aggressive spaces
4:32:43 PM Barry Schwartz: Competitive Industries, each industry is a different type of animal - there are no rules. Competitive landscape has changed over the years. It is incredibly concentrated and aggresive. It is an all out war in these industries.
4:33:31 PM Barry Schwartz: It is dirty out there.
4:34:06 PM Barry Schwartz: Sometimes the best method to move forward is to "eliminate" the sites above you.
4:35:01 PM Barry Schwartz: This is how the space thinks
4:35:41 PM Barry Schwartz: First thing is to figure out what went wrong. Exposure awareness is the key to solve problems.
4:37:09 PM Barry Schwartz: Okay, now we can start...
4:37:38 PM Barry Schwartz: Take out the site, take it out through attacking it.
4:38:35 PM Barry Schwartz: Links: incomng links are important, so what do you do?
4:39:13 PM Barry Schwartz: - send an email to those linking to your competitor links and ask them to change the link URL and (change link requests) 35% are approved
4:39:42 PM Barry Schwartz: - Send link accountability emails, you are spamming Google by linking to site X.
4:39:48 PM Barry Schwartz: It gets links down.
4:40:14 PM Barry Schwartz: - If that doesn't work, use a trademark threat - you are violating my TM by linking to it.
4:40:23 PM Barry Schwartz: - If that doesn;t work, fake a Google notice.
4:41:51 PM Barry Schwartz: Now give this competitor site some new links from link networks, banned/hacked sites, fake profiles with spam words, blog/guestbook spam, link buy requests to Google employees and push huge amount from the same site and subdomains on the same IP. This can really hurt a web site
4:44:39 PM Barry Schwartz: Now work on outbound links from that web site:
- XSS exploits
- Hacking into the site
- Widgets and code injection
- Links in posts, comments, testimonials and other UGC content
Where do you point these links?
- Banned sites
- Big banned link buyers
- Malicious sites
- Bad neighborhoods
Posting content on your competitors site:
- Parameters spam for duplicate content (adding parameters to the URL with keywords in it even) this leads to dup content issues
4:49:32 PM Barry Schwartz: - UGC sub domains : some sites allow content, some put users on a subdomain, so register 2000 new users and put some bad content there.
4:49:47 PM Barry Schwartz: - Lots of forums out there are not moderated, put content there
4:50:17 PM Barry Schwartz: FYI, people tried this on us, see http://www.rustybrick.com/free-viagra-spam.html and http://www.rustybrick.com/rustybrick-spam.html
4:50:27 PM Barry Schwartz: Also posts, comments, etc.
4:50:36 PM Barry Schwartz: - Hacks and injecting hidden content spam
4:51:11 PM Barry Schwartz: FYI, if anything bad happened to your site, this is your check list to look for.
Now site wide internal tactics:
- Cloaking & htaccess
4:51:32 PM Barry Schwartz: - Robots.txt to block the site
4:51:45 PM Barry Schwartz: - Hidden no index, nofollow
- XSS for content
- CSS for link injection
- Many new domains with spam content and same contact info linked to target
4:53:51 PM Barry Schwartz: Get access to webmaster tools through social hacking and then do a location change request, geo targeting to a small area, ignore pages, do an address relocation and set up stupid reconsideration requests
- DMCA takedown requests via owner, hosting, dns providers, registra and even search engine
- Take untaken brand TLDs
- Change IP geo targeting requests (removes the site from Google US)
- Influence search engine suggestions (i.e. Google Instant, do a lot of searches via different proxies to influence them, i.e. brand name virus, brand name scam, etc)
- Multiple proxy site duplication
- Mobile / Email / Skype and IM Spam
- Abuse freshness to position push results (starting last week Google favors freshness, submit a lot of fresh content about the brand name and can outrank the brand name)
5:01:47 PM Barry Schwartz: You can utilize videos, images and even maps, since they rank well. Post nice lady images, etc.
5:02:07 PM Barry Schwartz: Use news and press releases for your competitor
Social and post bad titles on UGC forums, blogs, etc for your competitors
5:02:40 PM Barry Schwartz: Many of these tips are about hurting competitors, as you can tell
- Click bots on other sites and on target sites
- Post public freelance project request for click fraud
- Use PPC advertisers ID on abused sites
- Abuse adsense account score using PPV
- USe 3rd party remarking tricks for scaring potential clients away (this is funny)
5:06:18 PM Barry Schwartz: You can retarget on your competitors web sites using PPV
5:06:59 PM Barry Schwartz: show ads that say this web site is a scam or visit this other site, etc.
5:07:50 PM Barry Schwartz: Hire people to snitch on competitors for link buying
5:08:00 PM Barry Schwartz: Post in forums how the site tricked the SE and got away with it
5:08:08 PM Barry Schwartz: Report click fraud done by your competitor
5:08:13 PM Barry Schwartz: Report spyway injection
5:08:27 PM Barry Schwartz: Annoy search engine stuff with spam from that site.
- Change user behavior information by using paid surfing services (trick your competitors by messing with their analytics)
- Cloaked and fake queries and search terms traffic
- Buy botnet fake traffic trends
- 302 highjacks still work
- Cross domain canonization
- Cloaked 301 redirects
- Geo targeted DNS poisoning
- Fake credit card sales
- Eliminate his SEOs by hiring them away
- Distribute the SEO team members resumes online as job seekers
- Trash the SEO team results to management
- Get your own people inside as a spy
- Trash reputation on sites
- Positon an affiliate link instead of the home page
- Trash affiliate program in UGC
- Contact all affiliates as a fellow affiliate and tell them about the bad experience you had
Denial of Service:
- Target the site itself
- Go after the same IP
- Kill the sites resources
5:15:49 PM Barry Schwartz: That is all Q&A
5:15:56 PM Barry Schwartz: Good night folks!