Elliott C. Back: Technology FTW!

Since Techcrunch just mentioned Yieldbuild, a company I love, in YieldBuild Raises $6 Million Series B For Optimizing Ads, I figure that now is a good time to throw in my two bits. If you don’t know, Yieldbuild is the internet’s premier advertising optimization tool, boosting webmaster CPM and CTR. Crunch says it uses computer algorithms to automatically optimize your site’s ad spots with the most profitable combination of ad layout, style, and network. The system continually tests alternative configurations of layouts, networks, and color, looking for the highest performing ones.”

Does it really work? Check out this chart:

The answer is simply yes–it improved CPM on my blog network by 21%. If you discount revenue from other blogs, this one went from 1.51 CPM to 2.51 CPM, an increase of 66% just due to using Yieldbuild. Now that I have a fulltime job, I don’t have time to bang out optimized advertising solutions. If you’re like this, why not let Yieldbuild do it for you?

I’ve been getting a lot of Wordpress comment / trackback spam pointing to Squidoo these days, because it doesn’t valid the HTML markup users can enter into their pages. This makes it easy for spammers to put in an iframe with an external src that basically redirects the browser to their spam (usually porn) page. If the javascript were nice it would look like this:

window.onload=function(){
window.location = "http://wpi.biz/in.cgi?5&parameter=porn";
}

The page you get redirected looks like a bunch of adult-themed Youtube vidoes–they’re just images, actually, which I’ve censored–that prompt you to download something that’s probably spyware. I didn’t really investigate this further, it’s obviously very evil:

The code actually sitting on Squidoo’s servers looks like this:

And the comments left on my blogs are of the form:

New trackback on your post #1852 "Coding Horror: Hot Tech Blog"
Website: hot ebony men (IP: 190.72.74.193 , 190-72-74-193.dyn.dsl.cantv.net)
URI : www.squidoo.com/some-nasty-url/
Excerpt: hot ebony men…

I’ve sent email to both the Akismet team and the Squidoo team about this, hopefully they will:

1. Implement kses-based filtering on their html input *immediately*
2. Add some spam-weight to the squidoo domain until this is fixed

There’s no excuse for an XSS attack of this simplicity to exist. Javascript, iframes, etc should be disallowed. Just let basic markup through, and strip out the rest! For now, I also recommend adding the word “squidoo” to your blacklist in the Wordpress discussion options.

Update: According to the Squidoo blog, iframes will banned as of July 12th. I can’t think of anything you can do with an iframe that you can’t do with regular HTML except untrusted stuff, like redirects or arbitrary JS.

I like the idea behind Pirate Bay’s new image hosting venture Bay Image, which is free, unrestricted image hosting outside of political influence or police control. I like the idea that visual information can find a free home. However, they have a big problem at the moment, which is the massive amounts of porn being uploaded. Just take a look at their tag cloud and it becomes clear what BayImg really is: a free porn hosting site:

They have a “report image” link, but according to their terms on the front page, these kind of images are probably ok:

Bayimg is a place where you can host all your images. We do not censor them. We believe in freedom of speech, it’s of utter importance to us. As long as your pictures are legal they will be hosted here, but we reserve the right to remove images due to technical reasons though.

(more…)

There’s a UI bug in the new Google Adsense banners that include text links and the image logo. The problem is that the images do not inherit the correct background color:

As you can see in the contrast-enhanced image, the image retains a white background on top of whatever I specified. Where’s the famous Google attention to detail?

Our friends at the Adsense Blog have clarified their official image-placement policy. Basically, don’t put images near ads which could distract your readers into clicking them. One must not “suggest a relationship” between your images, and Google’s ads. Clearly, they want to disassociate themselves with anything unsavory a webmaster might do to increase his or her click-through-rate (CTR).

So, here’s an example of “badsense:”

I’m not sure if any of my blogs use this technique; I’m in the middle of a redesign and I’ll make sure to stay as far away from it in the future as I can.