Blackhat: Using different identities

Every blackhat tactic can and will be detected one day. As long as you keep under the radar everything is fine, but you’re bound to get caught at least once in your career. And when you do get caught, you need to make sure only one of your projects will be affected. Search engines like Google are very good at linking different accounts to the same person, so a blackhat SEO needs multiple identities.

How do you hide connections between websites?

How can search engines track you?
There are many characteristics that you, as an internet user, can be identified with. There are also characteristics that belong to your website. Both of these types of characteristics are used to see what other spammy tactics you have used on other websites that also need to be penalized. I will list a few very important characteristics, but there may be more, depending on what other utilities you use that search engines can detect characteristics from (for instance the Google toolbar or MSN Hotmail).

Your own characteristics:

1. Your IP address and access provider: Your IP address is the easiest way to detect who you are and it remains the same over time (most broadband users have a static IP address). Because IP’s might be shared or people might use more than one computer (IP), this doesn’t identify a single user.
2. Your search engine cookies: Most search engines track visitors by placing a cookie in your browser. When people use multiple browsers (and computers), clear cookies or don’t even accept them, this doesn’t identify a single user that well either.
3. Your search engine accounts: If you’ve logged in to for instance your Google account, Google can track everything you do within their websites. Because you probably don’t share your account, this is the best way to identify a single user. Because search engines also own services like Flickr, Blogger and Youtube, these users can be tracked as well.
4. Your search engine toolbar: Most seach engines offer their own toolbar that you can install in your browser. Besides the helpfull tools a toolbar might offer, it continuously sends all your http requests to for instance Google. There is no easier way for a search engine to find out what you do online. And when you are logged into your search engine account, they know that they are tracking an individual user.

Your website’s characteristics:

1. Domain whois information: Since Google is an ICANN-accredited registrar they can do unlimited whois requests for .com, .net and .org domains. For other domains (TLDs) they can’t do an unlimited amount of automated whois queries, but when a human editor checks you out, whois information becomes very important. Search engines can for instance look at contact-, registry- and DNS information and the whois change history.
2. Server IP and netblock: By looking at your IP address and netblock you can be associated with other websites that share these with you. Use tools like Netcraft and press the netblock owner link to find out what other domains share it.
3. Registry, nameservers and hosting provider: Just as netblock information, using he same hosting provider links you to other websites. But only when a registry, nameserver or netblock owner has just a small amount of websites sharing them it is used to link websites to each other
4. Content and links on your website: Sharing content, listing the same owner or address on websites or extreme interlinking all link websites to each other. Keep in mind that human editors need to be fooled and not a simple algorithm.
5. The way you code, link, design and other characteristics that are common over multiple of your websites also link them together. Try to use a common style that isn’t unique for just your websites. The combination of multiple characteristics that are simular in more of your websites make it a footprint.

Using different identities
As you see there are many things a human editor can check to link you to your spam. To make sure only the penalized website gets hurt, use different fake identities for every website at risk. But how do you hide an identity effectively?

1. Don’t use a toolbar (like the Google toolbar) when doing anything related to your spamming website. Even better, don’t use one at all. To see how much personal info a toolbar sends, install the liveHTTPheaders plugin for Firefox.
2. Use a unique IP with every identity and be extremely consequent in using it. Using a public anonymous proxy like one listed here might slow your connection and the IP’s might be blocked in some sites. Using multiple access providers also gives you different IPs, but that can cost you too much. Using paid proxy services (like these or this) is cheaper than separate connections and faster and more anonymous than public proxies. Use different services for every identity if you want even less ways to track you down.
3. The quickest way to change all browser settings like cookies and used proxy server is to link them to a Windows or Mac user. These settings are already stored at a user level, so you won’t easily mess up your settings.
4. Use little or no other services from search engines. Although this is getting harder now Google owns everything, only use the services from your real identity. They won’t read your personal email, but I’d even recommend not to use Gmail to recieve email from different identities.

Hiding website connections
Hiding the links between websites is easy when you consequently use your different identities. Just make sure you use entirely different hosting providers and domain owners. The domain owners should use a different address and name. But should you use fake identities or real people as domain owner? That is a question I still don’t have a real answer to.

You can’t use a fake identity for certain TLDs and in some cases you’re breaking the law when doing so. When the domain becomes valuable it will be harder to claim ownership and sell it.

Using someone real makes them the owner. Always use a contract with that person that makes you the real owner. The drawback is that you probably have to pay the person and you get linked to their other domains and activities.

There could also be certain footprints in your programming or SEO tactics. When you consequently code a certain way that is slightly unique to just you, it is fairly easy for search engine spamcops to link your websites to each other. They can probably search in the indexed html sources and they have certain tools to look for your signature. Make your code, urls and linking sources and structures as common as possible and try to change them somewhat with all your websites.

Summary
Using different identities to cover your tracks is getting more and more important as search engines get smarter. Spamcops have a great arsenal of tools and information to track you down. Especially when doing blackhat SEO, you need to use different identities. You need to hide your IP, be consequent with your users and use a different domain owner for every website. These factors will probably only be checked when you’ve already triggered enough red flags, so stay under the radar and you won’t need them.

P.s. I took the identity of Roger Horn once to do reputation management for another roger horn.

Monday, April 30th, 2007 at 1:12 pm | Tutorials, Hacking
RSS 2.0 feed