June 10th, 2005 08:14 AM
Links in Threads...
...specifically ones that are completely invisible...and pass through the BBCode filtering that is supposed to protect websites from it!
It is possible to add hyperlinks to a thread that are invisible to users but potentially used by search engines to rank a website. Search engines have moved to lowering the rankings of websites with invisible links. At the same time the linked website may receive a boost from being linked to. While most comment-spam has either been keywords or tiny characters to minimize underlining, I can produce links in BBCode that are invisbile but are still valid links when the source is viewed. The spread of such techniques could be an issue to site rankings. So I'd like to see it addressed at AntiOnline, although from preliminary tests it really does effect pretty much all forum systems in use today.
There are some solutions, but they all have pros & cons. I recommend a blend of these as suggested in the end. Of course, whatever JupiterMedia chooses to do is what they choose to do. But some solutions may get users up-in-arms if the solution cripples their ability to use site features, etc. And other solutions take a long time to figure out.
Adopting the new link attribute ( http://www.searchengineguide.com/hartzer/003126.html ) :
- Pro: AntiOnline rankings not influenced by content it links to
- Pro: Users don't notice any visible differences
- Pro: Relatively easy to implement
- Con: Important content we link to is not influenced by our site
- Con: Invisible links are still invisible - we can't see the spammers who futilely try to rank
Forcing all links to be visible by adding visible text to all links and removing all invisible aspects
- Pro: Invisible links are visible -- spammers can be spotted & negged
- Pro: Relatively easy to implement
- Con: User signatures with linked images would be impacted by the added text
- Con: Links may still be ranked.
Doing something like SlashDot with the [domain.name] after all links:
- Pro: All linked domains are easily identified -- no more highlighting links in browser to get domain
- Pro: Shouldn't be too difficult to implement
- Con: Links may still be ranked
- Con: Signatures and multi-line links will look very odd with [domain.name] after them - quite intrusive
How I suggest dealing with links (invisible & visible):
If a post is rated as "negative" or anything not neutral/positive, then the Bulletin board should use the new link attribute so whatever links were in the thread that the community thought was bad (spaming/trolling/etc) will not be ranked by search engines. This will ensure people the community doesn't appreciate won't influence rankings, while still preserving the ability to give positive influence to important security tools we link to.
That combined with one of these three solutions (recommending the first one more than the rest):
- Require the URL to include printable characters. Though it might be a serious PITA to work out the RegEx for this, and would require me to disclose & explain in detail the method I'm using to produce invisble links. To the person assigned to fix this, PM me for the method anyways since I don't recall who does the code for this site.
It would be: Printable user text for legit links, vs (invisible link code with-held) [url-www.antionline.com] [/ url] for invisible ones, which are no longer links and show up as broken bbcode. (I intentionally broke the above link for the purposes of this demonstration)
- Force all links to include a non-space character (such as _) after the user text in the link. This would _FORCE_ the link to be visible - it would not be possible to have an insible link with this method. The community can then respond appropriately. If it is a legitamite link, I don't think having an extra space after it hurts much.
It would be the difference between: www.antionline.com vs www.antionline.com_ for legit links, and (insible link code with-held) vs (invisible link code with-held)_ for the invisible ones.
- Come up with another solution that doesn't make the site less pretty, doesn't get users upset over whatever is added, and still benefits the security community by having search engines (if they still rank what is in forum posts) rank important products/sites that we link to.
So whoever works with the PHP code for this website, PM me for more information on this site-ranking vulnerability. I have no idea if this issue extends to the latest versions of vBulletin (and can't really test it), though it may. And it appears that making invisible links is pretty simple on quite a few forum systems out there. A spammer could be including invisible links with all of their posts/comments, and unless you browse the source you'd never know it...
For Everyone: Any idea where I can report this sort of find (it isn't limited to AO or vBulletin -- it potentially impacts much more depending on how much a webmaster values site rankings -- and perhaps all software using BBCode filtering is affected?) where it can be worked on by those who make the software? I want to see this hole patched, but don't want to arm spammers with this sort of information since I'm not completely sure how complex the fix is...so I'm trying to see if it is something AO can easily fix first to judge how to report it.