A 5 step process, making use of Slashdot's PreviewStory feature, to create URL's that link anywhere and say anything.
1) Go to Slashdot's story submissions page and fill out the form.
* Include links and text pointing back to your website. (Shorter is better)
2) Convert the form action from "POST" to "GET".
* I use Web Developer extension for Firefox. (See screenshot)
3) Click "PreviewStory".
4) Copy the Preview Page URL.
* Should look something like...
http://slashdot.org/submit.pl?reskey=drB7oIuT5zrHsfhHtr7S&name=He+who&email=&
subj=How+to+get+linked+from+Slashdot&primaryskid=0&tid=133&story=Shiny+new+
Slashdot+link+to+my+blog%2C+%3Ca+href%3D%22http%3A%2F%2Fjeremiahgrossman.
blogspot.com%2F%22%3EJeremiah+Grossman%3C%2Fa%3E.
Snipping off "op=PreviewStory" makes the link last longer. If you want to shorten the URL snip off "&sub_type=html", maybe "primaryskid=0&tid=133", or use TinyURL.
5) Link to the Preview Page URL from some other webpage .
* Wait for the search engine crawlers. (Slashdot is now linking to you)
Voila.
Preview Page Screenshot:
Some answered questions
a) Will I get Slashdot'ed by using this?
No. You're unlikely to get visitor traffic from this type of link.
b) Does Google, Yahoo, MSN index the Preview Page URL?
Yes.
c) Is Slashcode the only software open to this?
No. The same technique also works on many blogs, message boards, guestbooks, and comment systems. Just look for the preview feature.
d) Are the Black Hat SEO's using this?
Of course. In fact its possible to automated the discovery of websites using Slashcode and generate the Preview Page URL's dynamically.
16 comments:
That seems pretty clever, but it also seems trivial for Google and others to slowly get smarter and prevent instances of this that can make a dramatic different in PageRank.
For example, is there a Slashdot link with submit.pl in it that search engines would actually want to index?
b) Does Google, Yahoo, MSN index the Preview Page URL?
Yes.
He says they do. And any such vulnerability is probably easy to fix; that doesn't mean the vulnerability doesn't exist.
Yep pretty clever... Thanks for sharing
Hey Chris,
Google (and other SE's) could implement a black list, but that seems very un-googlish. My guess is Google would tell Slashdot, or anyone running SlashCode to use the "no follow" link attribute in the preview page area. That way no relevancy is gained by using the trick.
The other problem is thousands would have to patch their web applications. And since this isn't necessarily a security issue with their website per-say, then why an urgency to upgrade. And to get an idea of the scale, Movable Type is another piece of software where this works. Think of the millions of potential links.
Maybe if the problem gets bad enough then maybe the SE's will bring out their black lists.
The more outgoing links that a site has, the less PR each one gets, so as more people do this, it will help less.
Very nice... can you be even trusted on the Intenret.
Like this?
http://slashdot.org/submit.pl?reskey=ulheGTH1T8Y2KPumqTbp&name=Anonymous+Coward&email=&subj=How+to+get+linked+from+Slashdot&primaryskid=1&tid=162&story=http%3A%2F%2Fjeremiahgrossman.blogspot.com%2F2006%2F09%2Fhow-to-get-linked-from-slashdot.html&sub_type=html
perfect. :)
Well, it's easier to create a /. profile and get your profile / journal to point to whatever you need. Simple, legal, and has a much better chance at being indexed by Google than a 200-character URL.
It's a clever hack. Probably of a lot more use on sites where you can't make your own profile with a link on it.
I can see two ways of blocking this. The first is to make sure that you don't read GET query strings when your script is called from a POST form, but there are legit reasons for wanting the ability to pass in query string parameters as well.
The second (which I'd already done on my site for other reasons) is to ban the robots from the preview pages using the robots.txt.
Of course if you only allow registered users to post anything then you must already check the permission on the page, but this only makes the URL more complex (they'd have to go through some more hoops depending on how the site worked - maybe trick the logon page to redirect to the preview page).
I'll have to think a bit more about this before adding a few tips to my article on forms processing.
What do you mean link to some other page. My actual site Im submitting or just put the link on another site?
http://tinyurl.com/ngttq
Like This?
Hey geniuses - this IS A JOKE. It works, but it's meant to be humorous. Serious comments about this hack are just retarded.
indeed, outgoing links nofollowed in slashdot previews anyway
Thanks for the beautiful posting!
Nice trick, thanks I will try.
Post a Comment