Professional Search Engine Optimization (Seo). Developer’s Guide to SEO

Ajax software Free javascripts
↑

Main Page

The IP address — retrieved using

$_SERVER[‘SERVER_ADDR’]

— was added to the mix, so that a poten-

tial attacker will not be able to take a known “good” URL, which has a matching answer and hash value,

and use it to submit information.

Your

comments.php

script calls the

check_answer()

method of

SimpleCAPTCHA

to check if the hashed

version of the provided answer is the same as the hashed version of the known correct answer:

// display answer

if (isset($_GET[‘response’]) && isset($_GET[‘hash’]))

{

if(SimpleCAPTCHA::check_answer($_GET[‘response’], $_GET[‘hash’]))

{

echo ‘Correct!’;

}

else

{

echo ‘Wrong answer!’;

}

The code of

check_answer()

itself is pretty simple. It returns

true

if the hash value of the answer plus

the visitor ’s IP address is equal to the known hash value of the correct answer:

// SimpleCAPTCHA library

class SimpleCAPTCHA

{

// verify answer

function check_answer($answer, $hash)

{

return (md5(trim($answer) . $_SERVER[‘SERVER_ADDR’]) == $hash);

}

Note that you use the MD5 (Message Digest 5) hashing algorithm, which is the most widely used hashing

algorithm. Another popular hashing algorithm, which is generally agreed to be more secure (although a

bit slower) is SHA (Secure Hash Algorithm).

301 Redirect Attacks

A legitimate site will often employ a script that redirects URLs, as part of an internal linking scheme, using

URLs like this:

http://www.example.com/redirect.php?url=http://another.example.com

In this case, the

redirect.php

script would redirect to the URL specified by the

url

parameter. The

problem comes when a 301 redirect is used. The fact that such a redirection link can be altered to point

to any other URL is manifest from the URL itself. And a 301 redirect will be interpreted as a vote. Black

hat SEOs will link to such a URL from many spam sites so as to acquire a vote.

You may want to revisit Chapter 4 for more details on the HTTP status codes and redirection.

For example, someone from

http://too.much.spam/

may post links, on their site or others, to URLs

such as

http://www.example.com/redirect.php?url=http://too.much.spam/

. If these links do

194

Chapter 8: Black Hat SEO

c08.qxd:c08 10:59 194

Ajax software Free javascripts
→