As if SEOs don’t have enough things to worry about already, add malware to the list. Why does malware matter to SEOs? If the site you are working on gets infected, its search traffic will plummet. Search engines attempt to remove infected pages from their search results, or they label them with an ominous warning, such as This site may damage your computer.

Back in 2008 Google reported that malware infected pages had increased to more than 1% of all search results. Google posted a malware statistics update last week. Malware infections have more than doubled since April 2009. Search results containing a url labeled as harmful have remained level in the range of 0.5% to 0.9%, an improvement. While the web as a whole has become more dangerous, Google’s been doing an even better job clearing their search results.

I know one reason why there’s been a dramatic rise in malware on the Web since April. A nasty malware attack has been targeting web developers to steal their passwords. Stolen passwords are used by the bad guys to automatically deploy iframe injection attacks to innocent web page.

If you access web sites via File Transfer Protocol (FTP) or Secure File Transfer Protocol (SFTP), this attack is targeting you. All you need to do is browse an infected page using an insecure browser. Badware will be deployed to your machine, and it will find the files used by FileZilla, or possibly other FTP programs to store passwords, and silently send those files back to a server in China. Then an automated bot attack will use FTP to edit your web pages, infecting them with malware. Then your sites will drop out of the search results. Can you image the uncomfortable conversations when all your sites get hacked at once and you have to admit responsibility?

What can be done to reduce this risk of search Armageddon?

1. Use a more secure browser such as Chrome or Firefox with the NoScript add on for routine browsing.
2. Don’t use any FTP program that stores passwords locally in plaintext, such as FileZilla. To date, Dreamweaver has not been reported to have been compromised. Dreamweaver encrypts passwords and stores them in the Windows registry.
3. Consider using a Mac or Linux instead of Windows. As the most popular operating system, Windows is the most popular target for attacks.
4. Make sure your machine and server are fully updated and patched. Turn off unnecessary services and software to reduce the attack surface.
5. Register your site with Google Webmaster Tools and Bing Webmaster Center. Check regularly to see if there are any malware reports (or other issues) with your sites.
6. If you suspect a malware infection, check Unmask Parasites,
7. View your site’s reputation at McAfee SiteAdvisor.
8. Reduce the number of people and computers that have access to your web server.
9. Keep a backup copy of your web pages. In case of infection, it’s a race to see if you can fix the site before search engines (and users) discover the problem and dump you.
10. Choose the hosting provider that has the quickest response time, not the cheapest price. If your site gets hacked, you may need their help to change all the passwords.

As the web becomes more dangerous, customers become more suspicious, reducing opportunities for everyone. Please do your part to make the web safer, and to reduce your risks.

SEOs have traditionally recommended using search engine friendly menu systems such those based on HTML styled with CSS instead of those written in JavaScript.  The primary language understood by search engines has been HTML, but now several search engines have learned how to read JavaScript.  I recently found an example that reveals how much progress has been made.  My observations confirm what software engineer Janis Stipins’ said at SMX East in October 2008, that Google is doing a much better job spidering JavaScript.

About a month ago Monitronics had deployed a new site built with DotNetNuke and the Solpart version 1.7.2 menu system. You can see what technologies were used by reading the comments in the source code. DNN is an open source framework for building websites that run on ASP.NET. DNN’s Solpart menu system relies on JavaScript.  In the past I have recommended ripping out that menu system and using something else.  Like most companies working with DNN, Monitronics just went with the default menus.  When I visit their site with scripting disabled in my browser (Firefox with the NoScript add-on), I see nothing: no main menu items, and no drop downs.  In former times, this would have been a bad omen for SEO.

As promised, Google has spidered the new JavaScript menus.  The Google cache shows all the menu items, lined up in a neat list with links fully operational.  Google is also showing reasonable Sitelinks for a search on [Monitronics], which is a good indication that the site has been properly spidered.  When I look at the Yahoo cache, I see the main menu text, though not the drop downs.   Yahoo has cached the text generated by JavaScript rather than the Javascript code itself. However, Yahoo has failed to spider the drop down menus and failed to extract the menu links.  When I visit Microsoft’s cache, all the menu links are there, organized in the same neat hierarchy as shown in Google’s cache, and the links work.  When a website is built with Microsoft technology, I’d expect the Microsoft search engine to be able to decipher the code, and it seems like Microsoft is doing a good job reading DNN JavaScript menus.

Does this mean we can forget about search engine friendly menus?  I would not ignore the issue, but before investing resources in a new menu system, I would check the performance of the old system.  If something is working, or partially working, it might be better to put those resources towards another priority. Getting good performance from Google and Microsoft, and having Yahoo index a site via its sitemap is perhaps 90% as effective as having fully spiderable menus.

In November DNN posted a note that their newest menu system, version 1.8.0 is “SEO compatible”. Perhaps Yahoo’s spidering capabilities will soon catch up with Google’s and Microsoft’s. Depending on the potential traffic that could be generated by interior pages of a site, the web site owner needs to decide whether it is worth the investment of redoing a menu system to gain that final 10% performance, or whether procrastination might be an effective strategy. In 2009 I think Google and Microsoft will master JavaScript, Yahoo will follow and SEOs will have fewer menu gripes.

PostScript, January 12, 2009: Upon investigation of reader comments, it appears that DNN’s menu system includes a user-agent cloaking module.  Some details are available in a thread at the DNN Community Blog.  Apparently the module serves up search-friendly menus when the user agent matches a search engine spider.  The Firefox User Agent Switcher provides a method of testing.  First, install that add-on, and then import a list of user agents, such as this one.  Switch your user agent to Googlebot, Yahoo Slurp, or MSNbot to see the same pages as appear in all three search engine caches.  Oddly, the cloaking module does not provide correct output for Yahoo.

People debate whether this sort of cloaking is black hat or accessibility programming.  It appears that the search-engine version of the page is identical in content to the one served to users.  There appears to be no deception.  In addition, I think it would be odd for the search engines to ban a large number of sites built using a common menu system, the details of which are probably not apparent to the majority of webmasters managing these sites.  It remains an open question whether the search engines could read these menus without the assistance of friendly cloaking.

Nevertheless, the essential advice of the article remains correct.  Before replacing a menu system, check the actual performance.  Don’t assume that a menu won’t work with search just because of JavaScript.  Search engines claim to be able to read JavaScript, and some menu systems provide their own code fixes when they detect a search engine spider.

I spotted an interesting story on Talking Points Memo about how John McCain had a menu item “Golf Gear” on his campaign website. My first thought was that this must have been clever hacker trying to make McCain look like an elitist. But no, the McCain campaign earnestly thinks golf gear is that important to America’s future.

To make matters much worse, McCain’s home page layout completely breaks when Javascript is disabled, placing the golf gear tab dead nuts at the page’s focal point. McCain’s menus also fail, which probably does not help the search rankings of his inner pages. Those who heard my spiel at SMX Advanced Developer Day know that I browse with Firefox and the NoScript add-on for the sake of security, and to help identify usability problems with websites.

Barak Obama’s webmaster seems to have done better. Obama’s home page is fully functional with scripts disabled. Even the pop up menus work, because they’re driven by CSS.

Only about 2% of desktop users browse the web with scripts disabled, but these users often have a larger than average voice on the Internet. For instance, Googlebot ignores most scripts.

Kevin Johnson, President of Microsoft’s Platform & Services Division, announced the release of the adCenter Desktop Beta during an SMX Advanced keynote speech today. The software application allows advertisers to create, optimize, and manage online campaigns with Microsoft. Previously advertisers were required to manage their campaigns through a web interface, a relatively less efficient means, especially for large or complex campaigns.

Google released a similar product, called AdWords Editor, on January 24, 2006. AdWords Editor has been popular with advertisers and agencies, especially those managing large campaigns because it allows bulk editing of multiple entries and easy movement and copying of campaigns, ad groups, ads, and keywords within accounts.

Natala Menezes, Product Manager for Microsoft adCenter, said, “Our vision is a desktop client version of adCenter, fully functional, not just an editor.” In addition to the features provided by Google’s AdWords Editor, Microsoft adCenter Desktop also provides tools to help advertisers research and select additional keywords.

Microsoft lags behind Google and Yahoo in market share for pay per click (PPC) advertising. One problem faced by Microsoft has been advertisers’ reluctance to spend the time and effort to develop and expand ad campaigns for Microsoft’s 6.3% of the market, versus Google’s 67.9%. Microsoft hopes that adCenter Desktop will reduce “friction” by making it easier and faster to build Microsoft ad campaigns.

Reducing friction for advertisers is just part of Microsoft’s battle against Google. Yesterday Microsoft announced a deal with HP to provide Microsoft Live search as the default feature on new HP computers. “Search still has a unique value proposition. It is not a commodity today,” said Menezes, who emphasized Microsoft’s commitment to winning a larger share of the search market by providing a better service to users and better quality clicks to advertisers.

Moves by Microsoft to intensify competition against Google are likely to be welcomed by the search marketing industry. Industry analyst Jim Hedger of Webmaster Radio said, “I think most people in the search marketing community supported the Microsoft attempt to acquire Yahoo!, not because it was the best thing for Microsoft or Yahoo!, but because it would create competition in an area where there isn’t any currently. Competition is good. It keeps prices down, refines systems, and keeps all players honest.”

Advertisers in good standing, meaning those who are in compliance with adCenter terms and conditions and who have an active account, are eligible to join the adCenter Desktop beta test. “Go to the online form. If you are qualified, you will probably get access fairly quickly,” said Menezes.

Jonathan Hochman has two computer science degrees from Yale. He is a principal of Hochman Consultants, an internet marketing firm.

This morning I was handing off a project to a developer and found myself ranting about the common mistakes developers make when coding HTML. These boneheaded mistakes can cause search engines to choke when it comes to indexing your websites. And its easy to avoid making these mistakes. Here’s how:

1. Don’t repeat yourself. Use server side includes for headers, footers, menus, and standard <head> items such as links to CSS documents and external JavaScript files.
2. Balance tags in server side includes. If an include file starts with <div> it should end with </div>. This way each file can be viewed in Dreamweaver design view, and includes files do not depend on each other.
3. Place JavaScript in external files and reference them as needed.
4. Each page must have a unique <title> and <meta name=”description” content=”This is a sample.”>. Don’t put these in server side includes.
5. The title should be <title>Name of Company – Name of Page</title> or <title>Name of Company – Name of Category – Name of Page</title> unless you are told otherwise.
6. The description should be the first one or two meaningful sentences of content unless you are told otherwise.
7. Please make all links and references to images, CSS and JavaScript root relative by starting them with a slash, "/". If you use Dreamweaver, set the “Links relative” option to “Site root” in the Site Definition wizard. Root relative links don’t break when files are moved from one directory to another.
8. Too many files in one directory makes things hard to find. Use subdirectories.
9. Run your code through a validator and keep it clean. Removing trivial errors makes real errors easier to spot.
10. Use CSS with HTML elements like <div>, <span>, <p>, <h1>, and so on, to format things. Only use layout tables when they produce better results or cleaner code than CSS.
11. Use heading tags, unordered lists and numbered lists to organize content rather than spacer graphics and nested tables..
12. Consistently use the simplest URLs. Link to “/” instead of “/index.php” or “/news/” instead of “/news/index.php”.

These recommendations may help sites work better, make pages look good on different browsers and mobile devices, cause pages to load faster, save money, and boost search traffic. If you’d like to discuss or debate these ideas, meet me at SMX Advanced Developer Day.

Jonathan Hochman has two computer science degrees from Yale. He is a principal of Hochman Consultants, an internet marketing firm.

Often, the hardest part of any search engine optimization or marketing campaign is getting changes made to the website. Figuring out what to do is often easier than convincing all the stakeholders—including marketers, IT departments, web developers—to take the necessary actions, and coaching them along the way as they apprehensively take baby steps forward. As search marketers, we also need to test web sites. We always want to tweak things and see if we do better, and if not, we go back and try something else. We also work in teams.

Success in search marketing campaigns often depends on the nitty-gritty details of execution. That is why I have spent a lot time investigating different tools that help automate our work flow and promote teamwork. One of my favorites goes by the apt and clever name of Subversion.

Subversion, also known as SVN, is free open source software that provides revision control of source code, web pages, and other documents. Revision control means that all current and past versions of each file are saved, with notes about who edited them and what they did. If a bold change goes terribly wrong, a few clicks restores a prior version of the site. Revision control also permits multiple editors to work on the same files without wrecking each others’ work. After updating their local files, everybody can be confident that they have the latest versions. Most edit conflicts are automatically resolved.

Revision control software is much more efficient than ad hoc arrangements such as emailing files back and forth or using Dreamweaver’s FTP synchronization feature. A web server is for serving web pages, not for syncing files. Our Subversion server provides much faster data transfer, and Subversion tracks changes line by line, so it only transfers the lines that have changed, rather than whole files, saving even more time.

Here are a few situations where Subversion helps most:

Eliminating the IT bottleneck. When a website is hosted in-house, the IT department often does not provide web server FTP access for security or management reasons. They usually want to control all changes, rightly so, because they are responsible. However, IT staff are busy or may lack experience in search optimization. It normally takes three times longer to teach a client how to fix their own website than to just do it for them. IT departments like Subversion because it saves them time and provides an audit trail and a reliable backup copy of the website in case the server ever suffers a meltdown. When a client is on Subversion, even if I do not have FTP access, I can still grab the latest copy of their website, make the necessary edits, and commit them to the repository. Then I ask the client to pull updated files from the repository, review the changes on a development server, and release them to the live site. Verifying and releasing a website update is faster, and requires fewer skills, than editing.

Replacing content management systems. One of the selling points for content management systems is that clients can edit their own website, especially when multiple people are involved. Content management systems usually introduce design rigidity, causing website improvements to take longer and cost more. When websites have a catalog with thousands of parts, or a shopping cart, a content management system is obviously necessary, but when a website is just brochure-ware, content management systems can be a poor investment and an impediment to search marketing. With Subversion, we allow clients to use Dreamweaver or Contribute to edit sites themselves. Everybody on the team uses Subversion to coordinate changes, and if somebody wrecks the site, we can roll back to the prior version. With Subversion as a safety net, the editing process goes faster, and more people can have access.

Delegating work.When managing staff, I need to see what they are doing and be able to jump in on a moment’s notice when help is needed. Having direct, immediate access to the source code makes it easy to fix a bug in the middle of the night when a client complains. I do not need to tell everybody “sync your files” or risk having them erase my change. Subversion handles that automatically. If a client emails a request, any employee can help themselves to the latest code from the repository, and make edits. Without Subversion, having more than one person working on a site risks confusion.

Backups and using multiple computers.My nightmare scenario used to be losing my computer. What if it breaks? I’ve switched most of my business management tools to cloud computing, such as Basecamp and Freshbooks. But I still have a few important files on my machine, plus all the websites I am working on. Subversion provides secure cloud storage for all those critical files. Subversion makes both of my computers interchangeable. I can right click on any folder to quickly synchronize files from the repository.

Subversion has two components: a server that stores sets files (called modules) and a desktop client for accessing the server. The Subversion server can be installed locally or on a remote machine. I prefer to use a hosted service such as CVSdude, where they handle all the details for a nominal monthly fee. Tortoise SVN is the most popular Subversion client for Windows. Tortoise asks for the URL of the repository, a user id, and a password. All files in a module can be checked out, edited as needed, and then changes are committed. Tortoise integrates into Windows’ File Explorer. Folders show a green check mark if they are current, or a red X when they have been changed.

In 2007 Forrester Research called Subversion “the sole leader in standalone software configuration management (SCM).” When something that good is free, you think most people would use it. However, most search marketing professionals I speak with have never heard of Subversion.

Jonathan Hochman has two computer science degrees from Yale. He runs an Internet marketing consultancy and a web development shop.

Before investing time and effort in search rankings, and even before setting client expectations, it makes sense to gather whatever intelligence you can about the keywords you’d like to rank for. SEOs and webmasters have few reliable sources of information about the relationship between rankings and traffic. But Wikipedia’s traffic stats can help, offering some surprisingly detailed data.

Have you been searching for Jesus? On Google, Wikipedia ranks first for that search. How much is that first place ranking worth? According to Wikipedia’s public traffic stats, about 14k page views on a typical day, and 19.3k on Christmas. The redirect Jesus Christ, which points to the same page, gets about 25% as much traffic, and Christ adds another 10%.

Maybe you’re not the religious type. Have you been looking for sex? You are not alone, at least not online. The top ranked sex page gets 45k views per day. Love only gets 18k per day. Wikipedia readers prefer sex to love by a 5:2 ratio. Even on February 14th, St. Valentine’s Day, the power of love peaks at just 31k. Virginity, also listed first, gets relatively little action with 1.7k dailies.

While sex is a consistently popular topic, regardless of current events, news-related articles show much more traffic variation. The article on waterboarding, ranking first, ran between 2.8k and 74.6k visitors per day during February 2008.

A total of 465k people viewed the article that month. Since the United States presidential election season began, editors have been fighting over the article lead that says, “Waterboarding is a form of torture.” The phrase appears on the search engine results pages in a way that creates severe negative publicity for the Bush Administration. Several conservative editors have tried every which way to remove the incriminating phrase from Wikipedia. They finally became such nuisances that they were banned from editing.

Barack Obama, Hillary Clinton, and John McCain have wiki pages that rank third. Wikipedia blows away both Democratic Senators’ official web pages, but not the two campaign sites with their multi-million dollar budgets. Barack had 2.6 million monthlies to Hillary’s 858k. John McCain had a respectable 1.6 million views. George W. Bush was the wallflower with 106k views (but he is still more popular than virginity). When compiling these stats, I added variations together, such as Hillary Clinton and Hillary Rodham Clinton, because redirects generate separate totals.

The top organic ranking for search engine optimization gets 4.3k page views per day. A Search Engine Land article that received 788 Diggs generated about 8k page views in about 24 hours. So the wiki article is equivalent to going popular on Digg every other day. I can assure you that writing one featured Wikipedia article is much easier than writing three articles per week that make the home page of Digg.

How about the article on Danny Sullivan (technologist)? Wikipedia ranks seventh, behind Search Engine Land, Search Engine Watch, Danny’s personal blog, and the wiki article about race car driver Danny Sullivan. Seventh is not worth much: just 45 people per day view the article.

Wikipedia biographies of living people frequently appear in third position, right behind the subject’s own website. For instance, Matt Cutts’ article draws 75 to 128 visitors per day, Vanessa Fox’s 20 to 44, and Jason Calacanis’ 100 to 500, depending on how badly he behaves and whether his friends and foes are monkeying the article, as they often do. If you are thinking about creating an article to promote something, given the modest traffic volumes drawn by these rather high profile people, you might want to think of something else. Articles generate traffic when the search term already has volume. Creating a new page does not cause people to search for it.

Let’s look at one more example. Say a network of travel blogs writes a business plan predicting 2 million page views per month within a year. What does that mean, and how successful would the site have to be to hit those numbers? Clues are freely available. Wikipedia ranks second on Google for New York, Los Angeles, Paris, and London, and first for Tokyo, Moscow, Sydney, and Hong Kong. Those eight articles generate a total of 1.9 million page views per month. I personally would not put my name on that business plan.

Jonathan Hochman has two computer science degrees from Yale. He runs an Internet marketing consultancy and a web development shop.

Among the most powerful trends of the last three years has been the emergence of community/social media/social-networking sites with large user bases and incredible traffic. The traffic enjoyed by these successful virtual communities creates financial incentives for bad actors who want to hijack traffic for their own purposes. The open participation inherent in user generated content provides numerous opportunities for the parasitic marketer.

Exploits can take the form of spam posts, sock puppetry, trust fraud, and scams that use social engineering to take advantage of the good faith users. The exploit may also be by way of paid advertising that promote illicit or illegal activities (porn, pills, casinos, and payday lenders) or ads that insert malware on users’ computers. These anti-social and sometimes criminal activities are generally carried out despite the wishes of the site owners and community residents.

In the physical world, spam, scams, and unsavory promotions have parallels: billboards, liquor stores, and payday lenders on every street, and prostitutes and hustlers on every corner. These are the telltale signs of urban blight in a community and, left unchecked, lead to abandoned and neglected property and a spiral of decay. Urban blight creates flight; anyone who can afford to leaves.

Virtual blight in an online community drives away “respectable” traffic and depreciates the contributions of community members, reducing or destroying the value of a brand. Internet marketers invest substantial effort and money to make their websites successful and build a brand. To preserve that brand from the ravages of blight, marketers need to consciously combat it on their own sites and ensure that their marketing efforts do not create or fund blight on other sites.

The Ten Commandments for online marketers

1. There is one Internet. It is a shared resource. Any marketing strategy that relies on polluting the internet by pushing unwanted noise into community space is suspect. It is one thing to strategically place information scent that leads users to your site; it is another to spray that scent on every tree and fire hydrant.

2. You shall use neither bots nor macros to create links, nor spread comments promoting your site. Spambots can not only cause your site to be banished by search engines, they leave a huge footprint across the web and can tarnish your brand with a stink that can’t be washed off!
3. You shall not allow your advertising and affiliate dollars to go to scrapers, scammers, nor spammers.

Advertising budgets are the fuel that drives the spread of blight across the internet. Make sure your money is not promoting blight even if you must forsake short term profits in favor of protecting your brand. While it is easy and tempting to pour money into any channel with a positive ROI, you may be cannibalizing your brand in the process. Even if your strategy is making money and your brand survives, you are funding parasites who devalue the communities that support your business.

4. Honor your visitors. Do not sell impressions or links to companies you do not vet. As a publisher, you are endorsing your advertisers every bit as much as if you give them an editorial link. Caveat Emptor may be the motto of cut throat capitalism, but it is not a good strategy to protect your brand. If you are not satisfied with the moral and ethical practices of your advertisers, do not sell them advertising. Syndicated advertising networks offer an easy path to monetizing traffic in the short term but you risk associating yourself with the sites where you advertise.
5. You shall not make use of sock puppet accounts for vote stacking, spamming friend requests, nor other schemes. Sock puppetry and false friending is so obviously a form of fraud that no one can argue it is an ethical practice. Do not succumb to the argument that others are doing it if you want to build a sustainable business.
6. You shall not form cabals nor engage in elitist plots to disenfranchise people. Karma matters. If you treat others badly, they will eventually form a mob and come after you.
7. You shall not grieve other users by spoiling their fun, troll, nor post flame bait to get attention. Acting up to gain attention only works for a short while, then you get banned, filtered, and ignored.
8. You shall not scrape content, plagiarize, nor assist in the theft of virtual assets. Stealing content is stealing, simple as that. Scraper sites are the most prolific and pernicious form of Made For Advertising (MFA) sites.
9. You shall not distribute badware, scumware, spyware, nor malicious bots. This point is so self-evident it shouldn’t have to be mentioned, except that the proliferation of Malware is accelerating and the potential damage it can cause is frightening. Criminal activities ranging from identify theft, transaction fraud, click fraud, and distributed denial of service attacks are all being carried out by botnets that contain hundreds of thousands of compromised machines. Most of the global spam problem can be traced to these compromised computers as well. Despite the clearly criminal nature of malware, Google recently estimated that 1.3% of search result pages contained a link to a site that potentially could infect the user’s computer. Most of these exploits are distributed via Iframe injection through advertising networks.
10. You shall not covet your neighbor’s traffic, nor engage in parasitic marketing. If somebody is doing well, give them a pat on the back instead of trying to pick their pockets.

The commandments represent what Internet users already expect. Unfortunately, many players rationalize their own breaches whenever a little cheating is profitable. We, the Internet community, need to take a stand against blight. Major online properties need a code of conduct to ensure that they do not contribute to the problem, and they also need best practices for controlling blight. Investors should ask managers what they are doing to protect the value of online assets. Everybody needs to worry when the next advance in black hat technology has the potential to turn billion dollar web properties into a slag dump.

Jonathan Hochman has two computer science degrees from Yale. He runs an Internet marketing consultancy and a web development shop. Jonah Stein, who contributed to this article, is Managing Director of www.AlchemistMedia.com, an SEO/SEM Agency and creator of www.VirtualBlight.com, a site dedicated to organizing Netizens Against Online Spam, Scams & Scoundrels.