Hi guys!
Sorry I haven’t had a chance to post lately. I got some great posts coming up, I just haven’t had a chance to sit down with ‘em yet. I was going to write today but alas…I didn’t 
So to hold you over here’s a quick five minute black hat tip
Finding Link Injection Possibilities With Versions & Changes Logs
Search for popular file names that include version update information and changes logs that are typically found in downloadable website scripts.
Two good places to find them would be:
Check the changes and version logs and look for vulnerability fixes that happened recently. These typically mean theres a possibility for a link injection or spamming possibilities.
Try to download the versions of the script before the bug was fixed.
Look for the vulernability and figure out a way to exploit it.
Search for sites using the same script and attempt to link inject on all of them.
Avoid hacking 
New posts coming out soon
Nice idea, but very, very BH.
Wellllllll……..you could do this, but there are some issues:
- The admin of the site will most likely complain because of spamming.
- Google et al will figure out you’re spamming, thus lowering your rank.
- It’s quite BH and people frown on it..
Just stick to link-exchanges or something, don’t go hacking other people’s websites. You don’t want them doing it to you, so don’t do it to them.
Link exchanges? BWAAAHAHAHAHA!!! Good joke.
I would do the above, and search for competitors using this tactic and report them
Reverse blackhatting!
I would urge great caution with this approach (reporting them)… BH’s tend to be very technically savvy, and more than 1 of them are very… vindictive.
As well… how do you know that the link recipient really did the insertion? I’d be willing to bet this tactic could be used quite effectively to link to a competitor (ie, to try to get them banned).
Finally… if you are going to use this type of tactic, do not link to your primary money making site. I’d link at least a few levels up.
Out of my league but would you really get caught if you just slipped your link in the footer somewhere on as many sites as you could?
I did once
What a bunch of pantywaists! Dont lock into some mental model where every site you might inject a link into is owned by some plucky young webmaster like yourself. Techniques like this turn up abandoned sites, pages that are tiny, ignored parts of much larger web properties. And what is this nonsense about “getting reported?” Presumably you mean to Google. Ha Ha. Guess what? Google doesnt care. They have never tried to claim they were the link cops of teh Internet. What are they going to do if someone reports that their own site has been attacked and turned into worthless spam links? Most likely they are going to do nothing, but they might be so kind as to devalue the links from that site. And even simpler, dont put the black hat on your white hat sites. I always have a separate blog or myspace account or what have you that I use for certain campaigns. Something disposable. With things like the indexing tools featured at this site, its easy to give secondary sites enough promotion that they can feed good traffic to your money site.
WAIT! Don’t do this guys! It’s black hat, Google will hate you forever. Your family and friends will disown you, and a kitten will die from lung cancer.
Eli’s right. I did this this morning and I no longer have friends or a family and I found out my kitten is dying.
Oh and if you don’t pass this on to everyone you know in 5 minutes you’re love life will suck for the next 17 years!
Classic
Doing this has become very popular with some of the more fashionable scripts like phpbb and postnuke, There are also quite a few on sourceforge where you can also find the security update details.. not that i would condone it of course
Looking forward to your next posts Eli
Nice post Eli
Abadman is spot on about Google generally not giving a damn! Can you imagine how many spam reports they get a day? How do the big boys dominate niches/categories like pills, porn, credit? They use every trick in the book… many not!
The speaking of the dark sith-lord, heheh
We should spam google with thousands of fake spam reports. They wouldn’t have time to check the real ones.
im not coders guys i dont understand what are you saying…
I’m considerably green when it comes to SEO…I found your website about a week ago and have been reading it. All I can say is THANK YOU! Like I say, I am new to all this but I hope to be able to contribute soon.
Hey we have to save the kitten. - Can we use this technique to get the word out about poor kittens with lung cancer?
Is this illegal? Wonder…
I bet it would be borderline at most…and that is, if anyone actually bothered to press charges against you for putting a link in the footer of their site. As far as Google is concerned…not illegal. They can’t press charges on you.
*lol* “avoid hacking” … don’t know, if exploiting is not hacking
Ofcourse this is illegal, you are exploiting their site and putting your content on it. If any of those report you to the authorities you’re probably in big trouble.
Don’t laugh.
By posting that comment you are, by a general definition of the word, exploiting Eli’s commenting system. Therefore, you’re a lawbreaker.
Now…I’m putting you under citizen’s arrest so put your hands up and don’t move til I get there!
I’m serious too, don’t move. I’ve got a bionic kitten (now with lasers strapped to it’s head and fully cancer-free–thanks Eli) tracking you.
Lol,
NO THIS IS NOT ILLEGAL!
Holy cow. All the post says is to research link injection techniques by READING version change logs. Reading and research is not illegal! Also, it specifically says don’t hack. Exploiting vulnerabilities doesn’t automatically mean your hacking.
Lets take an example:
You download a fictitious link exchange script called “Super PHP Link Exchange.” You read in the change log that on there previous version they fixed a bug in the link verification (where it goes to your site to make sure you put a link back). So you download that version and you find out it doesn’t work. It will always pass. So you send a bunch of link exchange requests to all the sites using that script. Many allow the request because they are still using the old version. This is an example of link injection and link injection research NOT hacking.
I really shouldn’t of had to explain this…
Google can even be your partner here…. how nice huh? Use their Code Search at google.com/codesearch
no more need be said
Eli, how about an article about indexing? I noticed you did an experiment a year ago, does the result still hold?
indexing would be really interesting!
nice idea……i will use this for my next project….thanks
code search at google and this tip will make awsome links!
To do this you need a lot of php experience if you want abuse scripts properly.
Its a little complicated for me.