Thoughts about coding and books

Promote keyword in website – Learn from proffessionals

DISCLAIMER If you are looking for help against DDOS look here. This page describes how to promote keywords in webpage.

Recently one of my friend had Spam attack in his rather small website. It happened on 20th of December and by 25th, when it was discovered, Google webmasters tool keywords top was full of unwanted sexual oriented words and one keyword was way above others.

Best webmasters struggle promoting keywords like that. I analyzed the situation and here is what I can say about the technique that was effective:

  • Just repeating keyword in after every a few words works.
  • Keywords are in sentences that kinda makes sense.
  • Keywords are in link titles.

If you worry about your pagerank then try linking to high pagerank pages. In long run this technique does not pay and it it much more reasonable to write original and useful text that readers are expecting and looking for.

This is example how promoting keyword DDOS might look like:

Read more about Promote keyword in website – Learn from proffessionals

Observations of Roboo usability and effectiveness agains DDOS

Before taking Roboo into use for protection against DDOS it is needed to take a look into cons and pros of it.

Firstly nothing comes without drawbacks and sideeffects. Here are some that you need to consider.

  • Searchengine crawlers have trouble indexing site. You never want that.
  • Webservice clients have issues. Api calls might breaks and SVN server over https does not work well.
  • Developers http://www.ecl-labs.org website by itself is not using the Roboo.

Good whitelisting plan must be developed to combat valid non-browser interactions.

I did some quick bruteforce analysis of performance  with 3 virtualmachines on vmware. Target was simple vulnerable web application WackoPicko used to test web application vulnerability scanners 1 core 1GB RAM. Roboo machine was ubuntu server 1 core, 1GB RAM. Third was more powerful server where httperf was run. All of these machines were run inside one physical server on vmware ESXi.

Here are the testing results: Read more about Observations of Roboo usability and effectiveness agains DDOS

Install Roboo to Ubuntu for DDOS protection.

I was fortunate enough to take part in Black Hat 2011 EU where was first public presentation of Roboo the HTTP mitigator http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html. What is less fortunate is that it can be a pain to install, mostly because of dependency on perl modules. I have tried it a few times and present my experience in here.

Get yourself roboo which comes as a nginx module written in perl. Also get nginx example configuration. Newest versions are available in github https://github.com/yuri-gushin/Roboo. Place these files to those locations

/etc/nginx/nginx.conf
/opt/local/share/nginx/Roboo.pm
To avoid problem below modify first line of nginx.conf and change user nobody to www-data for example:
Starting nginx: [emerg]: getgrnam("nobody") failed in /etc/nginx/nginx.conf:1
configuration file /etc/nginx/nginx.conf test failed

It is tempting to install nginx from reposotory but you will get error.

Starting nginx: [emerg]: unknown directive "perl_modules" in /etc/nginx/nginx.conf:10
configuration file /etc/nginx/nginx.conf test failed

Read more about Install Roboo to Ubuntu for DDOS protection.