The team over at Google in charge of the Webmaster tools and Web spam prevention, put out a good post tonight about how to prevent from falling for fake spam profiles online and keeping your site safe as well. They focused on sites, like Facebook and other social media sites, where spammers can setup bogus accounts. They also made a very strong point saying that just because your site isn’t big and important like the “big dogs” it is still a target for spammers.

Here are some tips the Googlers gave to make sure you site is safe:

What can you do?

This isn’t an easy problem to solve – the bad guys are attacking a wide range of sites and seem to be able to adapt their scripts to get around countermeasures. Google is constantly under attack by spammers trying to create fake accounts and generate spam profiles on our sites, and despite all of our efforts some have managed to slip through. Here are some things you can do to make their lives more difficult and keep your site clean and useful:

• Make sure you have standard security features in place, including CAPTCHAs, to make it harder for spammers to create accounts en masse. Watch out for unlikely behavior – thousands of new user accounts created from the same IP address, new users sending out thousands of friend requests, etc. There is no simple solution to this problem, but often some simple checks will catch most of the worst spam.
• Use a blacklist to prevent repetitive spamming attempts. We often see large numbers of fake profiles on one innocent site all linking to the same domain, so once you find one, you should make it simple to remove all of them.
• Watch out for cross-site scripting (XSS) vulnerabilities and other security holes that allow spammers to inject questionable code onto their profile pages. We’ve seen techniques such as JavaScript used to redirect users to other sites, iframes that attempt to give users malware, and custom CSS code used to cover over your page with spammy content.
• Consider nofollowing the links on untrusted user profile pages. This makes your site less attractive to anyone trying to pass PageRank from your site to their spammy site. Spammers seem to go after the low-hanging fruit, so even just nofollowing new profiles with few signals of trustworthiness will go a long way toward mitigating the problem. On the flip side, you could also consider manually or automatically lifting the nofollow attribute on links created by community members that are likely more trustworthy, such as those who have contributed substantive content over time.
• Consider noindexing profile pages for new, not yet trustworthy users. You may even want to make initial profile pages completely private, especially if the bulk of the content on your site is in blogs, forums, or other types of pages.
• Add a “report spam” feature to user profiles and friend invitations. Let your users help you solve the problem – they care about your community and are annoyed by spam too.
• Monitor your site for spammy pages. One of the best tools for this is Google Alerts – set up a site: query along with commercial or adult keywords that you wouldn’t expect to see on your site. This is also a great tool to help detect hacked pages. You can also check ‘Keywords’ data in Webmaster Tools for strange, volatile vocabulary.
• Watch for spikes in traffic from suspicious queries. It’s always great to see the line on your pageviews chart head upward, but pay attention to commercial or adult queries that don’t fit your site’s content. In cases like this where a spammer has abused your site, that traffic will provide little if any benefit while introducing users to your site as “the place that redirected me to that virus.”

Has your site ever been hacked? Have you ever fallen for a fake profile? (You can admit it, we won’t tease you.) Share your experience in the comments.

Conficker is just waiting out there. Calling in daily to its master… waiting for instructions on what to do next. A sleeper cell of infected computers that could cause major problems when activated. What can we do. Watch the 60 Minutes segment and find out more. Post your thoughts in the comments.

Recently Google screwed up. The search giant found a bug that shared unshared documents in Google’s famed Google Docs with others. According to their figures only affected 0.05% of users, the the implications are huge for the idea of putting everything in the cloud.

Dear Google Docs user,

We wanted to let you know about a recent issue with your Google Docs account. We’ve identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document. The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations, but not spreadsheets.

To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually. For your reference, we’ve listed below the documents identified as being affected.

We apologize for the inconvenience that this issue may have caused. We want to assure you that we are treating this issue with the highest priority.

The Google Docs Team

Granted there is an inherent risk to putting your documents online, but a snafu like this could have cost companies using the Google “operating system” tons of money.

The draw to using the Cloud for computing is simple. You can access your documents and files from anywhere in a “secure maner.” Now Google says it’s fixed the problem, but should we trust that it won’t happen again? I’m not so sure.

What are your thoughts. Post them in the comments.

Okay, now I am a fan of John C. Dvorak. I’m a big fan of Cranky Geeks and TWIT and his blog. But I do think he is a bit full of cow poop sometimes. Especially when he decides from one bad experience withe “SEO” that SEO and those practicing it are a bunch of crackpots. Now I respect his opinion, but I really think Dvorak is shooting from the hip here with no real aim. Now I have to admit that he is a bit of an aquired taste, and though many might think he’s a total jerk and crank, I feel that he’s just a bit off with this accusation. Mark Jackson over at Search Engine Watch has a great column responding to Dvorak’s crankyness. Here’s a excerpt:

An article in a major publication last week disparaged SEO, calling it “snake oil” once again. How did the columnist decide SEO doesn’t work, and that its practitioners are a bunch of snake oil salesmen? Well, He-Who-Must-Not-Be-Named (I hasten to give him any attention, as that’s what he and his editor are after) had rewritten his URLs to make them search engine friendly, but lost traffic in his efforts.

Here’s his exact quote:

Search engine optimization (SEO) has turned into a big business, and from what I can tell it’s the modern version of snake oil. The unproven nonsense spewed by so-called “SEO Experts” simply doesn’t work. And worse, it’s screwing up the elegance of the Web.

Ugh. Here we go again.

First off, dear readers, I exchanged e-mails with his editor-in-chief, and even offered to rebuke this column in a column of my own on his Web site. I just can’t let false claims such as his stand uncontested. When people write columns like this, it affects our industry.

We, as an industry, accept that many people have jumped on the SEO bandwagon, calling themselves SEOs when they have a difficult time even writing compelling title tags. We know that some people will quickly respond to RFPs, get a prospect to cut a few checks, and deliver little in return. Then, there are those of us who have studied for years to understand what good SEO is and worked hours helping our clients achieve measurable results.

OK, time to respond to the column. Begrudgingly, I’ll link to it so you can read it for yourself. At least we can discuss something that works for SEO: good URL structure.

Optimizing URL Structure

The columnist refers to the “fact” that long URLs don’t work. Here’s what he wrote:

My blog had typical, efficient WordPress default URLs, such as http://www.dvorak.org/blog/?p=3100 or some such thing. Now on my current blog, that particular URL — which used the simple story ID number to access the post — has been supposedly SEO-optimized behind this URL: http://www.dvorak.org/blog/2005/10/20/hollywood-unions-want-cut-of-itunes-pie/.

From what I can tell, this guy did at least one thing wrong — and possibly two — with this one element of proper SEO. I wish I could speak with him directly to confirm my suspicions, and perhaps even teach him a thing or two about what real SEO involves (much more than just one thing).

First, there’s really nothing “wrong” with his original URL structure (/blog/?p=3100). There are only two trailing backslashes.

So what if the URL has a couple of dynamic characters in it (the question mark and equals sign are referred to as “dynamic” characters). Search engines nowadays do fine indexing and ranking these. So long as you’re keeping your content as close to the root as you can, you should be in good shape.

However, it’s not “optimal.” How do we make this optimal? We “optimize.”

via Ignorance: The Trouble with People Who Claim SEO is Snake Oil – Search Engine Watch (SEW).

Image Credit: Max-Bro.net

Today across the Web, people have been buzzing about the new Terms of Service over at Facebook. Upon reading the TOS, the legalese makes it appear that Facebook owns your content once it’s put on the service. The TOS also states that Facebook can use the data for whatever it wants.

Now, as expected, people were outraged at this new clause. There were strong debates across not only throughout the Internet, but the Twitterverse and the Blogosphere.

Finally, Facebook head honsho Mark Zuckerberg, obviously seeing the chaos that the TOS has caused, released the release below on the Facebook blog to set the record straight (the post is below in complete). Users own their data on the service.

Now in the post, he says that they are trying make the rules more understandable. They are? Did I miss something.

I’d  like to hear your take below in the comments.

A couple of weeks ago, we updated our terms of use to clarify a few points for our users. A number of people have raised questions about our changes, so I’d like to address those here. I’ll also take the opportunity to explain how we think about people’s information.

Our philosophy is that people own their information and control who they share it with. When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they’ve asked us to share it with. Without this license, we couldn’t help people share that information.

One of the questions about our new terms of use is whether Facebook can use this information forever. When a person shares something like a message with a friend, two copies of that information are created—one in the person’s sent messages box and the other in their friend’s inbox. Even if the person deactivates their account, their friend still has a copy of that message. We think this is the right way for Facebook to work, and it is consistent with how other services like email work. One of the reasons we updated our terms was to make this more clear.

In reality, we wouldn’t share your information in a way you wouldn’t want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work. Our goal is to build great products and to communicate clearly to help people share more information in this trusted environment.

We still have work to do to communicate more clearly about these issues, and our terms are one example of this. Our philosophy that people own their information and control who they share it with has remained constant. A lot of the language in our terms is overly formal and protective of the rights we need to provide this service to you. Over time we will continue to clarify our positions and make the terms simpler.

Still, the interesting thing about this change in our terms is that it highlights the importance of these issues and their complexity. People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.

We’re at an interesting point in the development of the open online world where these issues are being worked out. It’s difficult terrain to navigate and we’re going to make some missteps, but as the leading service for sharing information we take these issues and our responsibility to help resolve them very seriously. This is a big focus for us this year, and I’ll post some more thoughts on openness and these other issues soon.

via The Facebook Blog | Facebook.

Like many of you I have a profile on Facebook. And like many of you I’ve become addicted to the social media site. Facebook is great for connecting with old friends and classmates, family members and collegues, but when does this social media paradise become dangerous? Like all social media platforms, Facebook has it’s set of privacy settings to limit who can see what about you. This is good if you use the service for both professional and personal use. In the following paragraphs I’m going to do a walk through of the privacy settings in Facebook and what I personally do to make sure I know what certain groups are seeing.

One of the first things and most time consuming tasks you’re going to need to do if you want to allow different people is to setup up groups for all of your friends and classify them. Below is how I have people grouped:

Now this grouping of people, especially for those who have been on Facebook for a long time, will be a bit painful but it’s well worth it especially when your job or even life might depend on it.

You first need to go to the privacy page in Facebook:

Once on that page you’ll see the different areas where you can set privacy levels:

We’re going to first go into the Profile property area:

As you see above, I have it setup so that only certain people can see certain information. The key to limiting certain peoples access in a more pin-point way goes back to spending the time setting up groups. You’ll see that I’ve limited some areas to exclude specific groups. This will keep them from seeing that particular part of information. This is great to make sure potential or current employers don’t see the pictures of you riding a bull at a bar or of your 21st birthday party.

Now the next step is to go to the second tab and do the same for your contact information.

When you’re done that we can move on to the more interactive parts of your profile.

When you first get your Facebook account, it is a clean slate and is about a pourus as a fishing net. Everything you do is completly transparent and everyone can see what you’re doing, who your doing it with, and… well you get the idea. A lot of this is unknown to many users until they get really into Facebook and often this can be too late. A good way to prevent a crisis before it starts is to spend some time with the the tab called Newsfeeds and Wall. (I skipped over the Search, but we’ll go back to it after this.)

When you get to the News Feed and Wall area your screen will look like this:

Now this is more cut and dry than the profile privacy area. This is because you’ve already set your preferences for who can see what about you. This is more fine tuning. This area is rather self explanetory so dive right in. I’ll wait here and when you’re done we’ll continue.

Okay. Welcome back. Go back to the main privacy area. You’ll notice right above the News Feed and Wall link there is a button for Search. This area will allow you to specify how much a person can see prior to becoming your friend.

In my opinion, I would let everyone find you. That makes Facebook a great way to reconnect with old friends and what not. Keep in mind that very stripped down Facebook page will appear in search results in Google and the other major search engines. But as you can see from mine, it’s not much.

So, in my opinion let everyone find you. It’s up to you to determine who is your friend.

Now the last MAJOR issue with privacy is controling how much a Facebook application can say about you to your friends and others. To edit this you’ll need to go to the settings area in the top menu and select Application settings.

Now in order for most applications to run, they need to have access to your information. Facebook does regulate what information they can actively keep on their own servers and they treat violations of their development rules strictly.

To edit a what an application says about you click edit settings. You’ll be greated with a popup options menu:

This dialog is worth investigating and tweaking. Essentially what you are controlling is how much information is posted when you interact with a particular application. Even with some control, still pick your applications wisely. Some are just ploys to get information out of you about your computer usage, where as others are lots of fun and worth checking out.

I hope this quick primer to the Facebook privacy panel was informative and helpful. Please feel free to share this post with your friends, just please attribute it back to this blog with a link.

I’d also link to hear your thoughts, post your comments below! Thanks!