Wednesday, September 20, 2006

Black Hat SEO: How to get Inbound Links from Authority Sites

In this article I'm going to talk about a black hat SEO method of getting inbound links from authority sites.

DISCLAIMER
If you decide to use the methods and techniques explained below, know that you could incur search engine penalties or even outright banning. I present this information for educational purtposes only, and to assist webmasters who are constructing sites and want to prevent this from happening to them.

It's no secret that inbound liks exert a strong influence on a site's ranking. An inbound link from a well-respected authority site is very valuable, especially when such a site is an .edu or .gov. But getting links from these sites is next to impossible.

Or is it?

HTML injection is the technique of including HTML code when filling out a form. By so doing, it's sometimes possible to get the targeted site to do or display something 'out of the ordinary'. Using HTML injection techniques, unscrupulous individuals can insert code that results in the display of links to other sites, along with some key words.

For the purposes of this example, I'll use a .edu site:
http://cluster.space.swri.edu/
This site uses a search application called WebGlimpse. Glimpse stands for GLobal IMPicit SEarch and is an indexing and query application. At the bottom of the page, you can see the form for entering a search into their WebGlimpse application. While newer versions of Glimpse have been updated to account for HTML injection, there are plenty of sites out there still using older verions.

Here's where HTML injection comes in. Cut and paste the following into the search box, execute the search, and see what happens:
%22%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.widgets.com%3EGreat+Widgets%3C%2Fa%3E+widgets+are+great
If you URL decode this you get:
"><a+href=http://www.widgets.com>Great+Widgets</a>+widgets+are+great
What you end up with on the results page is a link to www.widgets.com, along with whatever keywords you appended to the end of the search string. Look in the address bar; you'll see that the address contains the search string you just typed in (along with some other stuff):
http://cluster.space.swri.edu/cgi-bin/webglimpse/public/web?query=
%2522%253E%253Ca%2Bhref%253Dhttp%253A%252F%252Fwww.widgets.com%253EGreat%2B
Widgets%253C%252Fa%253E%2Bwidgets%2Bare%2Bgreat
&errors=0&age=&maxfiles=50&maxlines=30
Trimming the variables results in:
http://cluster.space.swri.edu/cgi-bin/webglimpse/public/web?query=
%2522%253E%253Ca%2Bhref%253Dhttp%253A%252F%252Fwww.widgets.com%253E
Great%2BWidgets%253C%252Fa%253E%2Bwidgets%2Bare%2Bgreat
Cut and past this into your browser and you get the search results page directly. So, in theory, you could put this out as a link somewhere, search engine spiders would follow it to the WebGlimpse page, then follow that link to... well, wherever you had it pointing.

Many times the WebGlimpse search isn't readily accessible. In that case, you'll need to play detective to figure out how to build the URL.

Here's an URL decoder/encoder.

Remember - he (or she) who flys above the radar gets shot down.

3 comments:

John Grimsargh said...

This is all very well.

But pointless.

Sure you are getting a link; but the page itself is not cached, and since no pages link to that page, it will have no pagerank.

Its the same as doing this: http://www.google.com/search?sourceid=navclient&ie=UTF-8&&q=widgets

There you have some links from Google!

SyteSurge said...

You are right John, in that simple following the procedure to create the link doesn't get it indexed. But this is simply one bullet in a whole clip of Black Hat bullets.

There are ways to exploit this to get credit for the link you created.

B&B Blackpool said...

Blackhat methods are being frowned upon by google these days. stay in the white or end up in the sandbox.