NYCPHP Meetup

[inforequest]

Ophir Prusak prusak-at-gmail.com |nyphp dev/internal group use| wrote:

>hi all,
>
>If you're running a search engine friendly URL mod for your bulletin
>board system, you should read this.
>
>If you're using FURL with IPB, you MUST read this.
>
>Basically, I just found out that the URL mod I've been running on our
>company forums is google spamming.
>
This is a more serious matter than Ohpir initially suggested, and I dug 
a bit deeper into it and wrote about it on ThreadWatch.org.

The code was distributed as a free mod for the forum software, and was 
advertised/promoted as a means of making a site more "search engine 
friendly". In actuality, not only did it spam google by embedding 
backlinks onto your website, but it did so by cloaking the site by 
user-agent, so that search engine spiders were fed a different version 
of your website than regular visitors. Since cloaking is a blatant 
violation of the Google terms of service,  this mod that was advertised 
as a way to make your site more search engine friendly could actually 
get your site banned.

*** I repeat: it inserted cloaking by user-agent, which would get your 
site banned by Google if discovered.

Of course code that ads/modifies mod-rewrite rules is never trivial 
code, so it is likely that many PHP coders would accept the rewrite 
rules and associated code without line-by-line review. Had they looked 
very closey at the code, they would have found not only the backlinks 
and the cloaking by user-agent, but a disclosure statement from the 
author in the comments. He appended this code to the top of your pages 
(note the randomization of the anchor text.. nice touch!):

foreach( explode( "\n", $this->ipsclass->vars['search_engine_bots'] ) as 
$bot )
{
list($ua, $n) = explode( "=", $bot );
    if ( $ua and $n ){
        $this->bot_map[ strtolower($ua) ] = $n;
        $this->bot_safe[] = preg_quote( $ua, "/" );
    }
}
if ( preg_match( '/('.implode( '|', $this->bot_safe ) .')/i', 
$_SERVER['HTTP_USER_AGENT'], $match ) )
{
    print "SEO Powered By FURL 3.1 By KiM (<a 
href='http://www.alt-man.co.uk'>Alternative Manchester</a>)<br/><br/>";
    $url1 = 
array("http://www.authors-website.tld","http://www.authors-website.tld");
    $keywords1 = array("","Alternative 
Manchester","Manchester","Events","Local","Punk Rock","Music","Punk"...);

    for($x;$x<=2;$x++){
        $randurl = rand(0,1);
        $rand1 = rand(0, 30);
        $rand2 = rand(0, 30);
        $rand3 = rand(0, 30);
        $rand4 = rand(0, 30);
        $url = 
"{$keywords1[$rand1]}-{$keywords1[$rand2]}-{$keywords1[$rand3]}-se.html";
        $this->ipsclass->skin['_wrapper'].= " - {$keywords1[$rand4]} - 
<a href='{$url1[$randurl]
}
/
{$url}'>{$keywords1[$rand1]} {$keywords1[$rand2]} {$keywords1[$rand3]}</a>";
}
}

This is a very good reminder of the dangers of adopting scripts. My 
original article on this is at http://www.threadwatch.org/node/5589

-=john andrews
http://www.seo-fun.com