7Search is a hugely popular 3rd tier search engine with buying PPC traffic for arbitrage. Now, 7search has a mass-keyword submission page, but the catch is, if you don’t want to enter your keywords one by one, they won’t let you bid under $0.03. I personally go for some very long tail keywords, and I could rank with only paying $0.01 for them.

7Search was kind enough to leave a small hole/flaw in their system however. They only check the minimum bid via javascript client-side. And as such, there’s two very easy ways around this, which will allow you to bid $0.01 for your mass-added keywords.

Both of these methods have been tested on Firefox, but since I’m running Ubuntu Linux, I can’t test them in IE. I’d appreciate any feedback in the comments from people who’ve tested this in other browsers…. however in theory, it should work on all of them.

Method One
You could essentially overload the Javascript function. While you’re on the mass keyword adding page, enter this in your location bar (as if it were a website URL), and press enter: javascript:function validateBid(a){ } This essentially runs a bit of Javascript on the current page that wipes out their validation function. From here, you can set the bid to $0.01 and it will submit successfully.

Method Two
The second method is a bit more sneaky. It’s just a matter of cheating the order browsers parse the page. First enter your entire keyword list first, leaving the bid as $0.03 so it doesn’t complain. After you’re done, click up and change your bid to $0.01, leaving the cursor in the textbox (it complains as soon as you click or tab away). With your cursor still in the bid box you just changed to $0.01, click directly on the Submit button below your keywords. It will complain that the bid amount is too low, but then it’ll change pages and submit them as $0.01 after all. Simple.

I’m sure they’ll fix this soon, so enjoy it while it lasts. Good luck!

With all the recent RegisterFly problems going on… I’m getting a little worried on a personal level.

I currently have 99 domains with them and about $44 on my account balance. While I realize there are people out there with much larger stakes than this, it’s still something to mention. This just goes to show that ICANN accredited means nothing… if it takes this much to lose the badge, and a company as low-life as RegisterFly can obtain it… how is that supposed to make customer feel about accredited companies? It’s meaningless.

I’d give RegisterFly another month before they’re completely 404′d.

I recently was fixing up my blog to begin using it again, and one of the tweaks I wanted to add was a Digg Vote button on every blog post. After a little searching I found Digg This by Aviran Mordo. Great! I installed it and went on my way.

However about two hours later my email box was flooded with messages saying “Your post XYZ was dugg!”. My thoughts went chronologically somethings like this: “Nice!”.. “Uh oh, the digg effect”.. “Wait, that can’t be possible.”

I looked into it and, realized all the Digg buttons that popped up on all my posts were to someone else’s Digg story! Being a programmer myself, I dove into the source code to see what could have happened. It turned out, Digg This, while a great plugin, had some major security flaws” namely blindly assuming the referrer wasn’t spoofed by a hacker or spammer (as in the case that hit me).

I immediately began hacking the script apart, hardening the security behind it, as well as fixing a few other bugs I found. If the script received word (via a referrer) that the post was Dugg, my patched version doesn’t just assume that is accurate- it actually goes to digg.com and reads the story itself, checking if your link is actually the target of a story. If not, it blocks the hacking/spam attempt.

Essentially, what a very clever spammer did, was search for blogs with that plugin installed (not hard; it’s very popular), and sent fake hits to every post in your blog, forging the referrer to look like it came from a Digg article. Only instead of your article, they linked to theirs, causing a Digg button promoting their story to appear on every one of your blog posts! So if one of your visitors liked your article, and clicked the Digg button, they are actually benefited from the vote, not you!

My version is working great on my blog now. I called my updated, patched version Digg That, and you can download it from my Digg That - WordPress Plugin page.

There are a lot of WordPress blogs out there with a vulnerable Digg Vote button on them, let’s spread the word!