The world wide web is a dynamic, exciting place to launch a new business or promote your organization’s message. It’s also a lawless landscape in which black hats – crackers, hackers and other on-line evil doers – roam with very little oversight or law enforcement.
And that means it’s up to every site owner to ensure that his or her site is defended against intrusions, code injections and other forms of attack. There’s plenty of software to help keep hackers out of your desktop pc, but what about your hosting service? How can you protect server-based data?

Top-tier web hosting firms design proprietary hardware and software protection to ensure that your business is secure. But site security doesn’t stop with impenetrable firewalls, spam zappers and e-mail scanners. In fact, if you go with a hosting service that isn’t up to speed on the latest forms of hacker attackers, you could quickly find your site is no longer under your control!

Great hosts “harden” their server systems to deter and deflect known exploit points in the software the servers run and in any client-site’s code! There is where the value of quality hosting comes into play .

XSS Attacks
XSS stands for cross site scripting and it poses a threat to even the most secure sites because XSS exploits vulnerable hardware and software holes that allow black hat SEOs to circumvent commonly employed security systems. In an XSS attack, black hats inject malicious HTML script into site pages of other domains. They do this for two reasons.

First, in some instances, black hats inject undetected scripting into competitor sites to taint these sites when SE bots spider them. Imagine, a competitor is able to access your site’s code, insert invisible text (at least invisible to you) and, when an SE bot discovers this invisible text, your site is slammed. Even banned from Google. Don’t think it can happen? It closes down on-line businesses daily.

So what kind of attacks can be “planted” on your site? There are plenty:

• Redirects take visitors to another site as soon as they reach yours.
• Overloading alt tags, meta tags and other interior coding with keywords, sometimes called keyword stuffing.
• Inaccurate or misleading keywords inserted within site pages.
• Cloaking, which detects search engine spiders and changes site text to improve PR.
• Pagejacking, the practice of stealing site content, can not only cost you in sales, it can also slam your PR because your content isn’t “original” any longer.

Any of these black hat SEO tactics and more (spamglish, links farms, virus injections, etc.) can and will do severe, if not irreparable, damage to your on-line enterprise. Why?

SE Bots Are Brainless
SE spiders are dumber than a box of rocks. They’re unable to discern legitimate text from a malware injection. They rely, solely, on automation to assess and categorize a site. There’s no subjective analysis. Just text strings that are sorted completely by brainless bots.

A competitor, using one of the XSS attacks listed above, exploits to “de-optimize” and make it appear that you’re using black hat SEO tactics, or can gain access to your site through a web browser and/or inject toxic data to devalue your content.

Google Penalties For Black Hat Tactics
The purpose of any search engine is to deliver relevant, useful SERPs to users’ queries. So, when a Google bot discovers what it perceives as an attempt to falsely increase value, the site may suffer serious, site-threatening sanctions.

Some of these penalties may be imposed without you even knowing about it – until you discover that site revenues have dropped 75% in two days as a result of lost rankings and traffic! A site discovered to employ black hat SEO may be penalized in page rank, may lose PR altogether, may experience SE indexing issues (partial or mis-indexing, for example) and, for the worst offenders, banishment from the Google site altogether. Dead in the eyes of Google bots.

So, here’s the problem: without your knowledge, a black hat competitor can inject toxic script into your site that could, conceivably, get your site banned from Google. Even if you and your web host have all the firewall and intrusion detection protection there is.

It Gets Even Worse
The second reason black hats use cross site scripting is to actually gain access and control of your on-line business. Certain types of XSS attacks actually enable a complete stranger to acquire the same system privileges reserved for the site owner - you.

Access to sensitive customer data, bank account information, the entire back office – all can be achieved with relative ease by a knowledgeable cracker looking to steal and plunder your site.

Whether the black hat is a competitor who wants to eliminate the competition, or a script-kiddie looking to clean out the till and sell some credit card numbers, your on-line business is at risk regardless of how much security you and your web host deploy.

This Is Where Quality Web Hosting Enters
During the design, administration and growth of a web-based business, numerous tools and applications are used by site owners and designers. There’s site building software, email management software, a check-out, customer database, automated shipping apps, tools for developing site metrics and many others.

This software isn’t necessarily designed with security as Priority One. Often, there are openings in commonly-used ebiz software that are exploited by black hats during the execution of an XSS attack.

And, because of the nature of these attacks, system and server security measures can be breached because, in essence, the hackers piggyback their way onto an unsuspecting site using the site administrators’ credentials to gain access and/or control.

The key to protection from XSS attacks is in the proper configuration of all of the applications and tools that comprise your on-line enterprise. These apps must be synced up to work together while, at the same time, developing protection against XSS attacks.

This configuring of applications is done at the host level and should include a detailed analysis of potential XSS entry points within the site’s design and reconfiguration to fit the server security already in place.

Go With The Host Who Knows
If your web hosting service isn’t familiar with the growing danger of XSS attacks based on application exploitation points, consider finding a more informed host.

It’s not a matter of securing your business system locally. And it’s not a matter of the multi-layers of protection offered by your web host.

It’s a matter of thinking like a black hat and taking a proactive stance against XSS attacks they may employ. If you aren’t sure your site is protected, and your hosting rep can’t provide the assurances you require, talk to another hosting company before disaster strikes and your site is banned from Google.

It’s that important.

By Frederick Townes

Google is all about trust. Who knows, maybe they were in a bad relationship, but if you want to rank well with Google, you need to be trustworthy. And let me make the bold assumption that you are currently not trustworthy (most sites are not – especially new sites).

So how do you get Google to trust you? The most obvious answer, and most commonly quoted answer, is to get inbound links from trustworthy sites. Any webmaster who has been around the block a couple of times knows that this is a bit of a catch-22. Sites that are high in Google’s trust typically do not just hand out links to small startups – those go to sites that are already established.

Unfortunately, while this is probably the most frustrating answer you can receive, it is also the lions share of building trust with Google. There are, however, a few other things you can do to help Google trust you more. While having these things may not rocket your site to the top of the rankings, they will bring you closer to finding a good relationship with Google.

Define a Privacy Policy
A privacy policy is a page that explains to your users what information is collected, how it is being used, and what options they have to access or change that collected information. It may be a bit ironic that a major search engine would place any emphasis on privacy in light of the recent AOL data release scandal, but having a privacy policy in place shows a certain level of trustworthiness.

This may seem like a very small step when we look at the big picture, but keep in mind that Google is looking for responsible and reliable websites to send their users to. A privacy policy, while non-consequential for many websites, shows an attention to detail and a sense of responsibility to user’s privacy.

Offer Detailed Contact Information
For many small website owners, this is a step that can be quite tricky. Offering detailed contact information on your site shows that responsibility and reliability that Google is looking for, but at the same time many small website owners are not running their websites as a full-time business.

You should always offer some sort of contact information on your site. At a minimum, you should offer an email address (I was surprised at how many websites – specifically blogs – did not offer any contact information at all). If possible, you should include your address and a phone number where people can contact you. Of course, if the only phone number you have is your home phone number, this may not be the most ideal option.

Show Consistency Over Time
This may be the single most important tip in this article. Google has shown an affinity towards sites that remain consistent in structure, growth, content, and popularity. At the risk of sounding prosaic, outside of receiving highly trusted inbound links, the best way to bring Google to trust you is to show Google over time that you are trustworthy.

Think about your relationship with Google as you would any other relationship. Relationships take time, they take commitment over time, and trust in a relationship needs to be cultivated. If you happen to screw up, it takes time to regain any trust that was lost.

With your website, show Google that you are consistent, that you are dedicated, and that you actually care. Do not change your website’s structure or focus entirely just because you feel like it. Spend time every day for months, even years, growing your site and promoting your site. Take the time to make sure it is as user friendly as possible taking into account issues such as accessibility. And whatever you do, do not take the chance of trying to cheat on Google by using a ’shortcut’ – it can and will set you back in your relationship several months, if not longer.

It May Not Be the Best Model
Far be it from me to be a Google apologist – I certainly do not agree with everything that they do. The move towards a trust-based system is one that has received both praise and criticism, and both praise and criticism is deserved. While Google might be doing well in fighting search engine spam, they have simultaneously (if not inadvertently) hurt the small business owner who does not know any better.

There are many who complain about Google being ‘unfair’ towards website owners. Whether or not they really are being unfair is ultimately a moot point, Google is what Google does. If you choose to continue to care about having quality rankings in Google, complaining will not bring you higher rankings, adapting to their changes will.

These days Google wants to know that they can trust you. If you have been around long enough, they may already trust you, but if you are starting fresh, or if you have made mistakes in the past, you may have a long road ahead of you to prove to Google that they should care about your website, and that it is suitable for their rankings. Keep in mind that high trusted, one way in bound links will always be the fastest route to rankings, add a privacy policy and good contact information, follow the typical guidelines that make a site reliable (see Google’s webmaster guidelines), and be consistent with your site.

By Mark Daoust

Automation is an odd creature. It usually seems, at first glance, that automating a process can make things easier, simpler and faster. But oftentimes, once an automated process is in place, trouble spots pop up. This is sometimes the case when looking at the copywriting aspect of Google’s dynamic keyword insertion tool.

In case you’re unfamiliar with dynamic keyword insertion (DKI), it’s a feature of Google’s AdWords program. It is often used for large campaigns in order to automatically insert the keyword into the headline of an ad. Truly, it’s a lifesaver for many pay-per-click (PPC) ad managers who have to stay on top of thousands of ads every day. It’s all done with a simple syntax command: {keyword:_______}.

From a timesaving standpoint, this is a wonder tool that has rescued PPC managers from the mind-numbing chore of typing the same keywords over and over. From an economic point-of-view, DKI *can* (not always) perform well enough to make it a viable option for larger campaigns. But what happens with regard to copywriting and eye tracking?

See It and Click It
The human eye is normally drawn to things that are unusual. Things that look out of place or different get noticed far more than things that blend in. For instance, on a page full of black text and black & white photographs, a small red square in the bottom corner will get focused on almost immediately. Why? Because it is completely different than everything else around it.

This same principle applies when considering your copywriting strategy for AdWords. When using DKI, you’ll want to keep your eye on the results pages. Why? We’ve all heard that using the keyphrase in the headline pulls better. It does. Most of the time. There is an exception, however. This exception is what you’ll be watching.

In fact, a study done last year by Enquiro, Did-It and Eyetools tracked users’ interactions with the Google search results page. It found that surfers normally reviewed the page in an F formation. They would scan vertically down the left side of the page and then over to the right (where paid ads are) *IF* something caught their attention. That’s the point we’ll explore in this article.

In order to get clicks, you first have to get seen. If your ad looks and reads like all the rest, you’ve completely lost your originality advantage.

See For Yourself
Copywriting using DKI is a balancing act. You have to consider several factors, including the character count of your longest keyphrase, your ability to add text to the keyword-rich headline and how the ad looks on the page.

Take a look at some examples below. Remember that AdWords results show differently at various points throughout the day (and in relation to individual account parameters), so you may not see exactly what I saw when doing this research. I’m sure it will be close enough for you to get the idea.

Go to Google and type in the phrase “cruise vacation center” (without using the quote marks). See how all the ads look different? They don’t all have the same words bolded. They don’t all use the same copy. The bold words stand out because they are different. In this case, your eye will usually go first to the ads with bolded words in the headline.

You see ads offering a 6-night cruise for $xx.xx and other ads promoting X% off on a cruise vacation, etc. There is diversity and that’s a good thing.

Now, what if you type in “home improvement”? (Again, without the quotes.) If your results page looks like mine, practically every ad has the exact same headline: home improvement. Not only do most of the ads look the same, the headlines read the same. Your eye doesn’t know where to go because everything seems identical. But wait! About four or five ads down, something catches your eye. It’s an ad that has no bold in the headline. That stands out because it’s different! As you scroll further down the page, more ads with no bold in the headlines pop out at you. In this case, because everyone else has opted for the DKI feature, their headlines are all very similar, making them less noticeable. But the ones who wrote custom headlines won out, thanks to diversity.

Tips for Writing With DKI

If you want or need to write using the DKI option, consider these tips:

1. Use a descriptive word along with your keyphrase. Instead of just inserting the phrase “airline tickets,” place the word “discount” or “cheap” before your keyphrase to help it stand out.

2. For keyphrases that will take the entire 25-character limit, consider using one word of the keyphrase in the headline, instead of the entire phrase. Rather than “home improvement,” try inserting just “home” or “improvement” along with other text you write yourself.

3. Keep it applicable. Your headline still has to convey a strong message about what the customer can expect at your site.

4. Test & Track! Everything in advertising is subject to change. Smart marketers always test and track to get the best results.

With a little forethought, you can develop a combination of DKI and custom-written AdWords ads that drive qualified visitors to your site.

By Karon Thackston