A disheartening business model taking advantage of the naïve

scammer1.jpgYesterday I was handed what appeared to be a bill due for payment. At first, I thought it was some domain registration fee, but the last time I checked we don't pay more than $9 dollars a year per domain. Being a busy person, as I think most business owners are, I would have probably authorized it blindly as I have more pressing matters than some $35 fee. But since it was about search engines, keywords and rankings, I stopped and scanned the document out of curiosity.

I checked it and didn't recognize the company billing me. I did recognize the domain name as one of ours that we have not yet made use of. The 'bill' was for an annual subscription costing $35 dollars. I was shocked to find out that this was a sneaky solicitation in the guise like a bill! At the very least, it seems that a cautious lawyer advised them to put a disclaimer on the 'solicitation bill'. Take a look at the image (click to enlarge).

scambill1.jpg

Now, you can argue with me that this is not a scam, as it is clear in the disclaimer/warning that it is a solicitation. Legally, it is probably not a scam, but let me ask these simple questions:

  • Why do I have a customer number if I have never done any business with them?

  • If it is a solicitation, why are they dressing it up like a bill?

  • Why can't they make it look like a normal ad in which they explain why I should pay them in the first place?

  • Which are these '14 established' search engines where I am listed, supposedly as of August 14?

  • What are the eight keywords for which they are going to provide four ranking reports a year?

I don't know you, but I don't like this type of solicitation. They say they send these bills to millions of site owners. Imagine if everyone started sending bills to all their potential clients—people that have no business with them yet, who don’t know the services or why they might need them—and appending a label saying that it is just a solicitation. That is totally ridiculous.

The reality here is that this is a numbers game. There will always be people trusting enough or busy enough that will blindly pay for services presented like this. With less than a 1% success rate they would still make a hefty sum. But what are the victims getting?

I understand that all businesses are working to make money. But what is the problem with actually delivering value in exchange for that money? Maybe I am old-fashioned or too naïve myself, but I like to put myself in the shoes of my clients and ask: “What am I getting for the money I am paying this guy?” If the answer is nothing, I think I’d better find some other business to be in. I feel most people hate to waste money and time on undeserving things.

What would you do if you got a bill/solicitation like this?

Success Means Security: How to protect your most profitable web sites from distributed denial of service attacks (an open source approach)

captain.jpgOne of the side effects of success is that you need to worry about security. You see how celebrities have to walk around with bodyguards, their homes have state of the art alarm systems, and the paparazzi is still always looking for a chink in their armor.

The same thing happens online. The more successful you are, the tighter the security of your online assets has to be. (You don't want your competitor ending up with your customer list, do you?)

It is always a good idea to install firewalls, intrusion detection systems, and to have an experienced system administrator or a competent hosting provider that regularly patches your servers with the latest service packs and security updates. Having your site simply defaced is the “best-case scenario” of what could happen when your site's security is breached. It is incredible how hackers break into sites, steal customer information worth thousands of dollars and sell it for a few hundred bucks. Personally, I place decoys in my customer databases so that I can tell when/if this valuable information has been stolen.

Unfortunately there is a type of security attack that is extremely difficult to fight: a distributed denial of service (DDOS). On the up side, you know you are doing really well when hackers try this on you. ;) Read more

A Never-ending Battle — Protecting your content from CGI hijackers

frogsoldier1.jpgIn computer security we have several ongoing battles: the virus/spyware writers vs. the antivirus vendors, the spammers vs. the anti-spam vendors, the hackers vs. the security experts. Add to that list the search engine marketers vs. the CGI hijackers.

Dan Thies, the undisputed keyword research master, used his influence in the search engine marketing industry to bring the problem we have blogged about in the past to a wider audience. Specifically, the issue is the CGI proxy hijacking. He mentioned a couple of solutions, but as I pointed out in my comment, both solutions have weaknesses. I recommended a stronger countermeasure, similar to what is in use in the anti-spam industry at the moment. But after reflecting on my proposed solutions and others’, it is clear in my head that this is a never-ending battle. We can create defenses to current techniques and attackers will adapt and make their attacks smarter. Read more

Advanced Cloaking Technique: How to feed password-protected content to search engine spiders

goldenkey.jpgNo doubt that at some point you have done a search in Google, clicked on an attractive result, and come up with a frightening wall—the article or page in question requires a subscription! ;-) As a user, we all find this annoying, and the last thing we want to do is get a new name and password. But as a content provider, it’s an excellent business move. Premium/paid content is a fine monetization strategy for anyone with content good enough to sell.

It also brings up an interesting question for SEO. How exactly does Google index paid content?

I got this email on from my loyal reader Wing Yew:

Hamlet,

I've read your blog since the day you launched.  That said, I can
completely appreciate if you don't have time to respond to this
message or post a blog about it.  On the off chance you do know an
answer, I knew I had to ask.

Question:  How do you have google/yahoo/msn spider password protected
content?  I know that SEOMoz does it with their premium content, but
I'm not sure how.  I'm rather desperately seeking out a hard and fast
answer… and I know of no better person to whom to go.

for His reknown,

Wing Yew

Saying that I've been extremely busy lately is an understatement, but how can I say no to a loyal reader that has been following my blog from day one? Thanks for your support, Wing! Letting search engines index paid content is not only a good idea, it is also a very clever one. Read more