Archive for March, 2010

« Older Entries

SEO Tips & Tricks – Use Your Title Tags

Wednesday, March 31st, 2010

I’ve been getting some requests for SEO tips so here’s a big one.   Title Tags!  If you don’t know what a title tag is then I’ll give you a quick hint.  Check out your meta-tags located in the header tags of your web page.  For instance, if you want to see the title tag of this article simply right click on any blank space on this web page and click on “view source”.  You will see something like:

<head>
<title>SEO Tips & Tricks – Use Your Title Tags</title>

This title tag is very important to crawlers like Google, Yahoo!, and Bing.  The crawlers weigh this tag fairly heavy when it comes to OPSEO (On Page SEO).    For instance, did you know that the title of a page is the actual text that shows up in blue on a google search?   99% of the time this is what your searcher will see!   That makes it pretty important right?  Right.

While we’re at it, lets discuss how to write a quality title tag.  Knowing that Google is going to put this on its search engine in big blue letters, you want to have a relevant and useful title tag that is an overview of the entire article.   For example, another great title tag for this page might be:  “Title Tags – An important Part of SEO”.    A bad title tag for this page might be:  “crawlers like Google think title tags are important and 99% of the time you see your title tag in big blue letters – so make a really great title tag!”    The second example is extremely long and doesn’t summarize the entire article. Instead its part of your article.   Make it simple and clean.  Usually, the shorter the better.    Don’t get too short though!  A title tag like “SEO” isn’t very useful to google or people running across your site on a search.

Another trick to having awesome title tags is to do your best at putting in keywords that might get searched.    For instance, I’m guessing that with this title tag and this article I will probably rank in google for “SEO Title Tag Tricks”.  I am doubtful that I will rank for “How to write great title tags”.   Though its not certain that I will rank for “SEO Title Tag Tricks” in Google, I’m fairly certain I should rank well because my article is well written and my title tag tells Google exactly what I’m talking about.  I also have every single keyword in my title tag that is in my search.

Finally, try to make your title tag unique and interesting.  Not too short. Not too long. Not too specific. Not too broad.  Use keywords if it makes sense.

I see this all of the time.  This is another example of what NOT to do:
“SEO – Title Tags – The best Title Tags – Great Title Tags – How to make a great Title Tag – SEO Tricks with Title Tags”

A searcher will not be able to tell what in the hell you’re talking about or why he should click on your site.  Though “stuffing” keywords into your title tags might help in the short-term, in the long run you’ll only be creating more work for yourself.  Google will eventually realize that your title tags are stuffed with keywords and users that find your site will be rather disappointed when your title tag has misled them.  Google knows when users click on your site and off your site and it will penalize you for tricking users.  Just do as I say.   Make good title tags.

Are title tags going to get you to the top of Google? Maybe. It depends.   Are they really important?  Yes.  Try it for yourself and you’ll see what a big difference it makes in your rankings.

Posted in SEO | No Comments »

Hacking IRC in 1994 for Fun and … No Profit.

Tuesday, March 23rd, 2010

In 1994 I got my first computer that was capable of getting on the internet.  By the end of 1994 I was on IRC chatting and pirating mp3s, movies, and games via file-serving bots.  This was long before Napster, boys and girls. In 1994 IRC was kind of the wild west of the internet chat rooms.  Unlike AOL or other popular chats available, IRC was and, for the most part still is, made up of the Internet’s worst nightmare – socially awkward, broke, unmonitored, teen-aged, arrogant geeks.   In fact, I’m quite positive that IRC was the first thing in my life that made me consider homicide.  It was a love-hate relationship from the very beginning and I was addicted.

I’ve often thought that if there was any money in hacking in the late 1990s my life would most likely be very different.  Unfortunately, no one really cared about computer security too much and there isn’t much money in protecting something that isn’t cared for.   This made it relatively easy to break into computers and fairly tough to get caught.  This was long before virus scans and software firewalls were prevalent and a decade before anyone I knew actually made a dollar preventing a break-in by hackers.  I’m sure making money with computer security existed, but I’m as equally sure the money was made with government jobs – if you get my drift.

My hacking life began after being attacked by someone on IRC with a Linux computer – something I had never heard of and could barely comprehend.  All I knew in the computer world was Windows and mIRC.  Apparently, there was a better system out there and these bastard geeks were using it on me!   After seeing how the geeks behaved themselves on IRC (constantly talking shit and hiding behind a computer screen thousands of miles away) I followed suit.  I figured that no one could really do anything to me anyway and tracking me down would be impossible.  After insulting a fellow IRCer, my eyes were opened to something called the “Tear Drop” (later known as teardrop.c).   What did TearDrop do?  Teardrop sent fragmented packets to Windows machines causing it to freeze up or bluescreen. I was attacked.  At first I thought it was simply Windows doing what Windows does best – freezing.  Then, after a reboot and another freeze and another reboot and another freeze I realized that perhaps I had pissed in the wrong IRCer’s Cheerios.  I let IRC rest a while and came back a few hours later.   My suspicions were correct and, after receiving a rather lengthy tongue-lashing, I attempted to befriend my attacker.  Naively, I insisted that he teach me how to use this “Linux” program.  Looking back I realize that he probably saved us both a bunch of time and effort by simply telling me that there was no way I was going to learn it by myself over IRC and that I needed to get a book on the subject.  I refused.  Life, as well as IRC, continued on.

Though I don’t remember the details of this part, I did eventually find a way to protect myself from teardrop attacks that involved using computers infected with popular trojan horse viruses and then “bouncing” off these people’s computers.  This works in essence like a relay with the trojaned computer in the middle of the traffic to and from IRC (or anywhere else I wanted to go pretending to be the trojaned computer).   Though it prevented me from being crashed, it didn’t prevent the trojaned computer from being crashed and causing me to lose my connection to IRC.  Thought it wasn’t perfect it did help.

Because I barely knew what linux was and I was still learning Windows I did discover several ways to cause trouble to my enemies on IRC.  By 1995 I had developed a system of attacking IRC chatrooms that worked quite well.  To my knowledge, it was the first chatroom “cracker” ever created and used against NewNet’s “Chanserv”.  Chanserv was an automated bot that gave “ops” (operator status) to owners of chatrooms so that the ops could control their chatroom any way he or she pleased.  To gain access to a channel’s operator status you could query Chanserv with command that included a password that the original owner of the channel setup.  If you guessed (cracked) the password correctly you would then get complete control of that chatroom.  Seems simple enough right?  Well, the query was rather long and boring and typing it over and over and trying to keep track of the passwords you already tried in your head was a pain in the ass.  So, I wrote an IRC script that actually did it for me.   Was I successful often?  Not at all.  Especially not at first.  But when it worked, my god was it funny!   That’s when “SirSlappy” started to gain some notoriety.  The IRCops (IRC Moderators) couldn’t figure out how I was taking over channels at will.  To them it seemed as though I was taking over any channel I chose.  In reality, I was taking over every channel whose owner was stupid enough to use the password “love” or something just as silly.  That went on for weeks. Once I had some IRC “cred” I used it to befriend a guy that was fairly impressed.  His name was EliFi.

EliFi had “shell accounts” and actually gave me access to one on a trade to teach him what I was doing.  I actually lied to him and told him that I hacked the channel owner’s computer and stole his password.  I didn’t want to give up my secret method yet.  Either way he did hold to his part of the bargain and gave me a shell account.  A “shell account” is a remote login to another system in another part of the world.  I thought it was pretty damn useless initially until I learned that it was running the infamous Linux system.  Fortunately for me EliFi already “installed” teardrop for me and once I figured out how to use it I was teardropping every poor bastard on IRC that even thought about crossing my path.  “Oh, you don’t like carrots, MrBill0123″?  Teardrop for you!  “Zack Morris is a homo and not a hero, LadyBear”?  Teardrop for you!  Bahahahaha…  Its was good to be king.  Unyielding power only leads to tyranny. Tyranny always seems to fall to the hands of those oppressed.  One day I ran across 1995s “Neo”.   His name was “UnForgive”.  Guess what?  Teardrop only made him raise an eyebrow and smile.

UnForgive was hell on the internet.  One thing I learned fast – don’t piss this guy off.  He told me he lived in Florida and I never really saw a picture of him that was clear.  He didn’t look like a nerd really.  He was well-versed with Linux and showed me the ropes to the point of walking me through the commands over the phone and doing the best he could to teach me how to use the linux shell accounts.   Once I learned how it all worked things really took off.   Linux was fun and IRC was a lot more fun not having to worry about being TearDropped or any other attacks.  Linux was immune to the attacks that Windows fell victim to.  Life on IRC was good and was about to get even better.

One day while attempting to crack websites with my handy-dandy Chanserv cracker I entered a channel and to my surprise I was auto-op’d.  I had no idea why.  Initially I suspected that I had hacked the channel before and somehow I was getting ops still as the owner of the channel.    That wasn’t correct.   Before I go any further I need to discuss some technical information.

Anytime you use a computer and access the internet you are given a IP address that consists of numbers separated by periods.  For example:  72.14.204.103  .  This address will actually “resolve” to something that makes a little more sense if you like.  Simply plug those numbers into www.dnstools.com and you’ll see that you get “iad04s01-in-f103.1e100.net”.

Another issue I would run into is that the channel owners would give “auto-operator” status to people based on their IP addresses or what their IP addresses resolved to.  So you’re essentially left with something that says, “Chanserv, from now on anyone that joins this channel with an IP address that resolves to ” iad04s01-in-f103.1e100.net” should get operator status immediately.”   Sometimes the resolving bit would change some so the admins would use only bits of the resolved part of the IP address to identify legitimate members of the operator group.   Something like this:  iad0*1-in-*.1e100.net.

So, if you were incredibly lucky you might join a channel with a Chanserv Auto-Operator status setup that included a resolved IP address bit that was incredibly close to your own. If you did run across this you would get ops automatically and be in control of the channel.   This rarely happened and when it happened to me it was complete dumb luck.  The odds of it happening are very small.   Once I figured out what happened I asked myself, “How can I exploit this little bit of information?”  After some careful calculations the real demolishing of Chanserv and IRC security was to start.

In order to pull off the attack I needed to know what users in what channels were getting auto-ops.  The only way to do this was to monitor the channels I wanted to take over for a few days – then check the logs of the users that were auto-oped.   Then I would find all of the IP addresses of the people that were auto-oped. I made an excel spreadsheet with all the channels, the IP addresses of the people getting auto-oped, and what times they were on and not on.   After I had a good list, I started scanning for popular trojan infected computers so that I could use my “bounces” that I was using to protect myself from Teardrops earlier in my life.   The best part about these bounces is that if you got an infected computer on the same IP range it would very often resolve the IP close enough to get you auto-ops on the channel.   After a few hours of scanning I would eventually find an infected computer that I could bounce off that had a very similar IP resolve to the one getting auto-ops in IRC.   A little manipulation of my nickname and username on IRC and a channel join – TAH DAH!  Instant Ops!   In fact, it worked so well I could usually take over the identify of the channel ops instantly.  I could convince the owners to give me their channel passwords and tons of other information including access to other linux shells, hacked computers, pictures of their girlfriends and whatever else I wanted.

It was all pretty simple actually.  If you asked the security in place on IRC, I couldn’t have been anyone else other than the channel op.  Even the admins couldn’t tell the difference.  No one could.  It would be impossible honestly.   It was a complete impersonation of the channel op.

I’m really not sure how this would work on IRC in 2010.  I’m not sure it works anymore because I haven’t tried and Chanserv and other IRC Server bots are probably much smarter now.   I do know a few years after I got bored with taking over IRC I went back and attempted to crack chanserv for shits and giggles.   They had put a password attempt limit at 3 by then so apparently what I did got to be pretty popular.

If anyone is able to duplicate this method now I’d like to hear about it.  I’m just interested in knowing whether or not it still works or not.

Posted in Hacking Stories | 5 Comments »

Compass Bank Steals

Monday, March 22nd, 2010

Anyone do business or Bank with Compass Bank?  They’ll Rip You Off!

As some of you are aware, I own several online businesses and literally have hundreds of transactions through my accounts every month.  One of my smaller businesses that has been up a few months opened an account with Compass Bank.  Compass Bank has, for the lack of a better term, a “unique” system for doing deposits and withdrawals.  This system landed them in a lawsuit by a company named “Fat Butter” (your guess is as good as mine) and involved a claim that BBVA Compass rearranges the order of deposits and withdrawals in order to maximize the number of times they’re able to hit an account with NSF Fees.  Furthermore, it is claimed that BBVA Compass also holds charges briefly (a day or two) and then allows them to go through if your account happens to go below $0 so that you can rack up even more $38 NSF Fees – something I haven’t knowingly experienced myself.

Since most of my payments are credit cards over the internet I get daily deposits from my merchant company in varying amounts depending on how much product I sold 2-3 days before.  I have no idea why, but it usually takes 2-3 days for the money to hit my account after I have charged a credit card.  This isn’t a big deal as long as it is consistent (and it is).  So, every morning, first thing, I have deposits in my account from my merchant account.  One would think that because my deposits from my merchant company are electronically transferred first thing in the morning I would have money in the account daily.   It is of note that I check my balance every morning and the deposits show up on my account every morning -  the money is there correct??  Compass Bank doesn’t see it that way.

Here’s an example of what one might assume happens in a normal checking account on a given day:

Morning Balance : $1000

6 a.m. – Deposit – Merchant Account Deposits $1000.
1 p.m. – Withdrawal -Various Fed-Ex Charges (lets say 10 x $8) $80.
2 p.m. – Withdrawal – Vendor Check $300.
3 p.m. – Deposit – Cash Deposit $500.
3 p.m. – Withdrawal – Supplier Check $900.

Ending Balance:  $1220

On March 1st, a Monday, I have $1000 in my bank account.  I have a $900 check I wrote to a supplier.  I have various fed-ex charges that are billed once every 2-3 days (10 charges of $8.00 for ease of numbers) . I also have a $300 check I wrote to a contractor.  I have $1000 in merchant credits to be deposited and I also go to the bank and deposit $500 in cash that I received from a customer over the weekend.

$1000 + $1000 – $80 – $300 + $500 – $900 = $1220.   Correct?   Not by Compass Bank’s math.  No, Compass Bank has another way of doing the math and maximizing their profits on the NSF fees.  As stated, Compass Bank very cleverly chronologically reorganizes deposits and charges so that if  it is possible for your account to be below $0 it will reflect a negative balance.   This little trick ensures that you will be charged the highest number of NSF fees possible (at a whopping $38 EACH).   What they have done is examine all withdrawals for the day and then rearrange them so they are all put through before your deposits are put through.   Even CASH deposits are posted AFTER all withdrawals.  Compass cleverly withdrawals amounts from highest to lowest before allowing any deposits to be posted to the account.

Here is how Compass Bank does its Math:

Morning Balance : $1000

3 p.m. – Withdrawal – Supplier Check $900.
2 p.m. – Withdrawal – Vender Check $300.
2 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
4 p.m. – Withdrawal – Fed-Ex Charge $8.
4 p.m. – NSF FEE $38.
6 a.m. – Deposit – Merchant Account Deposits $1000.
3 p.m. – Deposit – Cash Deposit $500.

Ending Balance:  $840

Yes.  $840 is a stark difference from $1220 isn’t it?   Guess what?  I was just robbed!

Let’s talk a little about Compass Bank’s customer service and how they justify their theft.  First, Customer service (if that’s what you want to call it) at Compass Bank states that they do not have the technological capability to arrange deposits and withdrawals in chronological order.  That’s odd, as they’ve been able to figure out how to hold all of my deposits and take the withdrawals first.  Seems to me that they’re able to arrange at least something.  In fact, if they wanted to be honest about it don’t you think they would give me at LEAST my early morning deposit that happens EVERY day and my CASH deposit that I put in their bank before they take out checks and misc expenses?  It’s also troublesome that they’re able to arrange the withdrawals from highest amount to lowest amount to come out first so that if at any point the larger amounts put me below $0 the smaller amounts hit me with a $38 NSF Fee EVERY TIME!  If they’re able to arrange the numbers in that fashion why aren’t they able to arrange them in the opposite order?  After all, isn’t it logical that if I have money electronically deposited first thing in the morning that the money should be available before electronic debits are taken out?

You might argue that I should simply make sure I have more money in the account than what is being withdrawn.  Well, that’s true.  My rebuttal is that I do have money to cover the expenses – my bank just hasn’t given me credit for it yet!

It’s pretty simple.  Compass Bank says it doesn’t have the technology to arrange fees in chronological order, but they do have the technology to arrange fees from highest to lowest and arrange withdrawals before deposits.   They also make sure that the money coming out electronically is taken out immediately and the money coming in electronically is held until all withdrawals are taken out – effectively leaving you with the lowest balance possible in order to collect NSF fees and penalties.

The ultimate solution is to either put $5000 in the account and never let your balance go below that or switch to another bank that actually does your banking in chronological order.  Wells Fargo has excellent online banking that is far superior to anything Compass ever thought about having.  The only time I got NSF charges from WF is when I deserved them. Furthermore, their customer service is top-notch in my experience.

NSF Fees typically  happen to all of us at one point.  If I deserve it I pay the price, but If I’m robbed I have to complain!

Posted in Rants and Raves | 34 Comments »

« Older Entries