I am reminded all the time of that episode of “That 70’s Show” where Jackie falls for a modeling agency scam getting her to pay $200 for headshots and consulting. Jackie only realizes it is a scam when the agency gives Donna the same pitch (Jackie believes she is far better looking than Donna and if the agency is also interested in Donna, it must be a scam). Funnily enough my brother and his wife fell for this same scam in real life.

Anyways, I digress, late last night and then again today a company called eWeb Financial called me about a work from home business opportunity. They said I filled out a survey saying I was interested in such things, when pressed they could not answer where or how I filled out said survey. They called my home number in an obvious violation of the do not call registry which I am on. Of course, I know I would never fill out such a survey, I already happen to make quite a bit of money. I decided to be a little snarky and rather than just hangup I laid the sarcasm on the salesman pretty thick explaining how successful I am and he kept pushing, saying “You can always have another poker in the fire.” and whatnot. It was funny, really, how hard he was working, and I was just messing with him.

Anyways, doing a little research with Google I find their website, ewebfinancial.com, which is a great example of frontpage-template-quality design. And a few other complaints such as this one here.

As near as I can tell this company sets up turnkey affiliate shop sites and then charges you a few hundred dollars for them. For anyone interested in this work from home opportunity let me set a few things straight for you.

Marketing thin-affiliate sites no longer works, hey, I used to do it myself, I made… I don’t know… $40 or $50,000 doing it over the years, but it hasn’t worked in awhile. It worked for a little bit when only a few people were doing it either because only a few people knew how to do it or a few people had the technical knowledge to do it. There is even a tutorial on this site on setting up Amazon.com affiliate sites. But then, everyone started doing it, and the search engines reacting by hitting all sites doing it with bans and penalties, and algorithm shifts, and now it just doesn’t work.

Even if it did work, these aren’t the types of sites you can just “build and they will come” you have to have some way to direct traffic and link-weight too them. Ask yourself, do you already have link-weight you can send to such a site? Do you even know what link-weight is or how to get it? If so, you have no business even trying these things. But, of course, they don’t work anymore anyways.

If you want to make money with affiliate merchant datafeeds you gotta do something other than just duplicate the product catalog on a dummy site. You need an angle, and there are only so few, and most require advanced programming.

I figure if these guys call me twice in an 18 hour period, they gotta be hitting up others too, so let me save you some money, just say no. There are far better, easier, cheaper, and more reliable ways to make money online. Pick a topic, get a free blog from wordpress or blogger, and start writing.

Just remember this, if there is an easy way to make money online, a million Indians and Chinese are ALREADY doing it, and they’re willing to do it for a few dollars of profit, you will never compete.

Most license owners felt like they were being forced to pay for software that they’ll never need or use (project tools, and maybe CMS), just to continue using their blog software.

It is a valid complaint, project tools are a niche product that only applies to work environments, most communities are not work environments.

However, they have since seemingly fixed thing, smoothed things over. For one, they changed the licensing scheme, probably for the better. You now only buy the license once, and it is good until the next major release. So if you have a vb 3.1 license, and two years later 3.9 comes out, you can upgrade. Currently you need to renew yearly. So instead you’re just renewing if you have 3.1 and 4.0 comes out (major release).

Now…they could do what Interspire has done in the past and make major releases that aren’t seemingly major and force you to upgrade, and that wouldn’t be good, but I’ll give them the benefit of the doubt for now.

Secondly, until Oct 30th they’re running a big sale on licenses. Just go here and get your 4.0 VB Suite license for only $130 (if you have an existing license) that is cheaper than a standard forum license, and it includes the CMS and blogs and whatnot, and that gives you free upgrades for the life of 4.x. But only until Oct 30th. Not a bad deal at all.

“We are pleased to introduce ourselves as programmers and coders…”

They’re all the same, they’re all from India, even the ones that say they’re from the US are from India, which annoys me to no end.

I’m not xenophobic, but I prefer to work with people from more developed countries. I don’t know if it is a cultural thing or what, but in my experience most Indian programmers lack intuition to do small things that are needed to improve efficiency and user friendliness. They also seem to have a problem grasping the big picture, or understanding what your goal is for what you need. The end result is needing to micromanage them to the nth degree, which requires so much time you might as well do it yourself.

Whereas people from western cultures, you can tend to tell them what you want to accomplish, and they can fill in a lot of the blanks without input from you.

I tend to only consider Indian programmers (or other foreigners) for tiny jobs then, things that I can very discretely define. I have a job right now, directory website, very simple, small, and they’re having the hardest time getting it. Additionally, I’ve gotten 30+ Indian bids, but not one from North America, normally I get more than that. I post a very very specific brief, and they come back with a list of features (shopping cart? Hello?) I didn’t even ask for. It is almost as if they assume I want a directory just like their last job, whatever that may have been. Or perhaps they simply don’t care enough to read my brief and instead are just replying to as many as possible in hopes of finding work.

The problem is there is just so many of these misunderstanding bidders, that I am just completely turned off from Elance at this point and am just thinking about doing it myself. I did a little php last night and this morning, and it was nice to do that again, I haven’t programmed in awhile. Fun even. I could probably crank this job out in 8 hours or less, of course with the Baby that equates to 3 days, but still, I could do it.

Maybe I will, but I think it’ll be awhile before I post on Elance again. If I wanted a bunch of form letters from foreigners wanting to do business with me I could just open up my junkmail folder.

The call started out somewhat funny.

Him: “I was just on your website and I’m actually calling from Google.”

Me: “So you work for Google?”

Him: “Well, I’m calling from Google and….globalmarketexposure.”

Me: “So you’re calling from Google.”

Him: “I work for Global Market Exposure, we’re an adwords qualified company working on behalf of Google” (finally, half-truth!)

Me: “Did your company used to be called Netbiz?”

Him: “No, we’re much better than Netbiz, we can get you uploaded to the first page of Google within an hour. We-” (Did they choose to inappropriately use the word “upload” to sound more technical? I was so impressed with his masterful use of Internet jargon!)

Me: “You don’t actually work for Google, you just setup adwords ads for people, something they can do themselves. ”

The call degenerated rather quickly from there on.

Why doesn’t Google weed out companies like this that use confusing sales tactics? Quite frankly I think it gives Google a bad name. It is also highly unethical to represent ads as search placements, they’re not, they’re ads.

For the record, companies like Netbiz or this new outfit, Global Market Exposure, place advertisements through Google Adwords. Adwords is an auction based advertising system whereby the highest bigged gets slot 1, the second highest slot 2, etc. With each bid being modified through internal Google systems that judge quality and click through rate (a high bid no user will ever actually click on because the ad sucks isn’t going to do Google any good). Anyone can do this yourself for free.

This advertising differs 100% from Search Engine Optimization. Which is the practice of painstakingly building and tweaking your site so that it ranks better naturally in the unpaid main search results. There is no quick fix for search engine optimization, and as a general rule if someone says they can give you a top listing automatically or within hours, they’re talking about placing adwords advertisements, not doing SEO for you.

Using one of these companies is akin to using someone to put an ad in the phone book for you. Maybe the person is an expert at phone book ads, and maybe you’re too busy and don’t have the time. But you could probably do it yourself, and you could also probably setup your own adwords advertisement yourself. Plus, since you’ll not be using a middleman, you’ll be spending less money and so more easily obtain a positive ROI.

Caveat Emptor.

On an unrelated note the company uses the domain google-placement.com looks to me like a trademark violation. Anyone want to place a wager on how long that lasts? Anyone know a Googler to forward that juicy tidbit to?

Anyways, you can use the coupon code “SINCE94″ to get 20% off your order through the end of September.

I am not sure if it was my network/PC that provided the entry, or that of someone who was doing work on the site at the time, but entry was gained via FTP. Luckily, since each user FTP account is restricted to their own directory, no system files were affected.

However, let me start at the beginning.

In late July I was told by my host that my server was dying. The hard drive was on it’s last leg and needed to be swapped out. They could give me a new hard drive, but then I’d be responsible for moving sites over, and there would likely be some downtime, I don’t like downtime, it costs me money. I argued with them asking why they could not merely mirror the drive, they said they didn’t do that sort of thing. Finally I settled on just getting a new server, but since I had paid for some serious upgrades to the current one I was worried about getting railroaded on the price on the new one.

Kudos to The Planet they didn’t railroad me at all. Instead they offered me a better server for about $100 less per month. Needless to say I took it, but that added a large deal of work for me to do in securing the new server, doing setups, moving files over, etc.

I had server hardening done by a company I had used in the past and proceeded to move most of the server files over. I got all of the static site files move, shut down the forums on the old servers, copied over the SQL databases, turned the forums on at the new servers, and tossed .htaccess files on the old server to redirect all requests to the new IP to cover the period of DNS uncertainty following a move.

Then I bought a rental property, and doing the negotiations with the realtor coupled with my wife going back to work and me becoming the primary daytime caretaker of my then 10 or 11 week old son (since I work from home), I was quite busy. After arranging our purchase agreement for the property my brother and I spent two days straight, working dawn to bedtime, gutting and renovating the upstairs unit. It was on Monday, the first day of our two day blitz, that the hackers attacked.

That weekend prior I had noticed a script not working under MySQL 5 (old server had MySQL 4, it was a left join issue). The script creator, a friend, whom I have an arrangement with (he handles the software, in exchange I provide him with content), was told and started working on it, and an hour or so after he started the hackers hit.

Hundreds of IP addressed logged into the server and started replacing index files, this was in the wee hours of Monday morning, I didn’t notice. I went to work at the rental building the next day also without noticing. I didn’t notice in fact until 3 AM on Tuesday morning when I got up to feed the baby. I was just too damn tired on Monday to notice and because there was no Apache downtime, I didn’t get any alerts as I would have in such a situation.

So I stayed up until 6 or 7 AM on Tuesday fixing the problem, that was a rough night. This hacker attack inserted iframes into index pages that would initiate a drive-by-download when users visited. Unfortunately for them, they failed. Their goal is to stealthily insert the code and then have it go unnoticed for weeks or months, in my case it was easy to see, and I would have noticed it easily had Monday been a normal day.

See, they inserted their iframe into a block of PHP code on my index page, oops. All they did was break the PHP causing the index page to throw a parsing error. No infected page was served to users, and the homepage of the site was effectively down. Now, you never like having your homepage go down, but this site gets almost all of it’s entry traffic through subdirectories, and having the homepage break for a day, thus informing me of the attack, would be better than having nothing happen and having me not notice it.

So, 3 AM on Tuesday morning I notice the site broken. I think it’s odd for me to have left a parse error like that on a life page without double checking, so I pull up the file, check it, see the malicious iframe, and immediately go into defense mode. First step, change all passwords. Second step, fix the index page. I SSH’d into the server and scanned for other changed files, using linux’s timestamps they were easy to find. They had changed about 50 or so index.php files (50 may seem like a lot, but the site has 4000+) in subdirectories. However, those files were all deprecated, the site switched to using cached plain index.html files awhile ago, so again, no infected files were served to users.

At this point I still didn’t know how access had been gotten, I was worried about script vulnerabilities most of all, and I looked, and looked, and looked, and couldn’t find anything. I was especially doubtful it was a script vulnerability because nothing was inserted into a MySQL database, and the php files that were edited could only be edited by root. I knew they didn’t have root, both because I was confident in the security of my root access, and also because only one site on the server was compromised (likewise, none of my other sites on any server were compromised).

I also suspected, though I did not yet know, that a keylogger on my own PC could have been the culprit, so I installed a few new AV programs and did a lot of scans to make sure my system was clean.

Eventually I figured out it was an FTP attack, but I felt fine about it. Passwords had been changed, logs checked and they didn’t FTP to get any important files, they didn’t touch any of my backend files where the database work is done, just those handful of index.php files with the iframes that never got served to visitors.

So, like two weeks later, I get a notice from one of my forum members. When visiting some of the pages on the site they were warned by Google it had malicious code. So I go check Google Webmaster Central where I have an account with this site verified, and yes, they report malicious code on many pages as recently as the current day. They’re also supposed to email you when that happens, I never got the email. They had apparently had parts of the site flagged for 10 days or more. Additionally, they had pages flagged that the hackers never touched. Had I not been busy with baby and business I may have noticed traffic plummeting, but I normally get traffic dips this time of year between school semesters, so I’m not sure I would have (though, this is now the lowest traffic has been in nearly 8 years probably).

So for the last few days I’ve been wracking my brain trying to figure out how Google is seeing malicious code on pages where I have gone over them, again and again, with a fine tooth comb. I even rebuilt apache entirely on the server. I could find nothing, and Google kept reporting seeing it.

So today I was going to finally cancel the old server, I had left it up because stupid search engine crawlers don’t update their DNS quickly enough. Regular ISPs will do it in hours, but for some reason search engines can go weeks without updating DNS. So I SSH’d to the server to check things out, I checked netstat and sure enough, a bunch of Yahoo Slurps and a few Googlebots were still poking around on it. I thought, this is stupid, I know I setup an .htaccess redirect, why isn’t it working? So I go and read the .htaccess file.

Bingo.

I had never checked the old server after the attack, I never changed the password on it. Turns out both the new and old servers had been attacked simultaneously, and while the new server had the attack stopped quickly, the old server let the attackers keep on coming for weeks. Eventually they replaced my redirecting .htaccess with one of their own which redirected visitors to their spam site, this in effect infected all URLs on the site.

So, for the handful of Googlebots that were using the old DNS (and anyone else), when they’d visit the site they’d see the infection and flag the URL, but since most Googlebots had the new DNS, they saw a clean site and that is why I was seeing inconsistencies.

I’ve lost a lot of money over this incident, probably over a thousand dollars in lost ad revenue because of the traffic loss, assuming I can get the Google warnings removed quickly now. Assuming there is no long term losses in traffic or search rankings I think I got off light. It is a lot of money, but it was an important lesson to learn. I never thought to check the old server. Money lost or not, I’m just happy to finally know the cause of the malware flags, and to know that I have corrected the issue. I’ll be able to stop stressing out over something I couldn’t figure out.

What follows is a list of IP addresses that were involved in the attack on my servers. Obviously these IPs are just infected members of the hacker’s botnet, but I thought it was worthwhile to block them in my firewall, and I include them here if any of you want to do the same. The first IP in the list has special significance, it was the IP that did the .htaccess modifications on the old server, all the other IPs just edited (over and over) index files.

212.117.164.85
79.117.20.249
79.117.20.249
218.102.203.55
174.0.202.134
79.115.111.54
66.189.113.177
89.47.41.13
86.2.107.229
219.251.167.197
77.81.33.229
24.32.80.111
89.47.41.13
201.246.80.142
218.175.218.242
58.172.225.247
117.193.32.240
92.63.17.24
217.132.80.147
80.74.58.154
114.59.25.79
123.237.147.83
86.2.107.229
78.84.101.159
200.92.154.43
24.37.224.241
98.237.167.233
66.67.145.171
24.128.185.92
200.30.207.250
67.70.160.208
86.100.84.188
83.84.102.137
213.51.101.16
87.97.33.212
59.17.170.15
116.99.19.240
89.33.147.213
210.4.59.12
4.131.2.15
117.200.67.134
74.216.76.39
94.101.234.207
86.2.107.229
219.77.28.170
217.16.130.127
24.128.185.92
24.91.170.95
115.133.119.124
59.99.0.56
93.148.114.46
117.193.32.240
200.30.207.250
201.246.80.142
213.113.5.186
190.191.108.130
89.40.58.2
124.188.229.40
85.196.181.195
62.245.99.95
78.39.33.15
75.116.238.110
24.128.185.92
85.196.181.207
117.195.11.176
123.201.79.131
93.118.208.51
79.112.159.102
24.128.185.92
219.240.89.41
94.178.111.77
190.192.202.241
58.8.229.11
68.53.52.68
124.120.117.7
75.116.238.110
94.213.136.251
189.221.147.103
78.228.180.5
82.46.37.118
117.204.98.14
78.137.181.247
76.95.67.241
190.173.202.44
85.120.190.198
84.3.130.240
99.250.37.243
124.121.93.27
88.222.209.25
115.128.37.245
114.123.92.101
62.85.76.27
89.43.90.104
202.164.39.27
216.164.169.81
82.217.39.212
201.132.64.193
61.244.86.209
88.236.24.246
92.115.37.89
24.65.84.90
114.41.174.129
78.106.110.177
190.192.202.241
85.66.12.104
120.32.24.229
95.25.80.124
74.65.241.133
68.40.132.230
76.178.95.161
213.222.161.229
91.145.132.128
117.192.200.17
86.127.244.177
86.124.193.126
123.236.90.19
87.97.33.212
62.85.76.27
69.139.222.57
84.245.204.191
78.97.134.135
85.66.12.104
114.59.25.79
190.191.108.130
92.114.126.25
219.251.167.197
82.239.132.43
59.104.169.214
78.0.145.184
116.74.97.161
94.159.217.86
79.117.27.233
94.21.107.50
140.109.91.195
78.30.157.53
123.237.106.19
189.221.147.103
124.121.93.27
79.234.49.163
95.25.80.124
212.182.40.23
81.111.195.148
86.5.51.95
91.72.218.29
82.44.0.6
87.18.87.8
79.70.41.175
83.222.189.153
203.217.42.46
114.123.92.101
190.49.126.205
173.24.63.82
75.17.203.209
59.93.93.83
79.37.241.252
87.176.233.74
219.88.34.178
92.114.230.8
92.114.230.8
85.216.196.162
85.65.13.175
62.240.90.77
85.10.80.228
78.58.9.118
74.65.241.133
193.230.181.240
82.0.124.188
117.199.126.190
84.229.188.125
94.28.183.122
74.79.17.32
62.24.73.188
61.223.1.62
210.89.55.225
201.246.80.142
59.97.185.139
188.36.193.184
86.127.57.103
114.42.130.233
213.113.196.137
94.54.53.52
77.126.144.52
82.46.37.118
77.38.136.233
88.216.28.20
213.91.218.202
63.19.178.177
87.207.95.104
95.180.136.132
91.73.249.218
87.97.4.194
91.146.134.141
84.3.252.31
69.221.155.131
186.40.45.6
72.39.16.207
79.199.98.18
186.9.45.220
84.131.71.114
88.174.28.147
92.115.23.131
115.98.198.229
86.38.42.149
79.125.236.81
68.103.141.179
92.48.32.141
114.59.196.88
210.89.55.225
117.200.148.0
74.160.2.158
188.16.1.97
89.45.5.220
206.174.245.219
70.48.113.216
68.113.46.200
79.117.216.118
93.118.208.51
85.216.196.162
84.127.16.132
84.69.207.158
80.56.249.47
77.238.195.201
93.123.6.38
85.122.61.56
89.136.80.51
147.31.141.101
114.123.92.101
77.76.131.129
118.136.231.67
94.21.107.50
77.29.181.103
61.224.216.98
119.234.170.146
75.70.63.10
84.1.181.20
24.201.228.235
92.229.80.15
79.163.135.35
92.80.248.19
94.83.88.156
190.9.221.56
59.99.0.56
193.230.181.240
77.28.63.247
196.206.81.227
116.75.115.201
81.183.66.70
81.22.136.238
58.172.225.247
78.106.110.177
206.174.245.219
70.176.81.61
82.192.42.183
219.81.234.175
93.136.25.164
80.200.127.165
98.222.169.222
76.251.220.58
89.45.5.220
92.114.14.193
91.146.134.141
61.60.222.236
89.168.155.224
211.135.120.9
116.49.20.238
75.199.98.145
117.200.57.53
62.85.122.186
83.222.189.153
68.106.182.30
206.174.245.219
89.138.86.118
89.45.5.220
92.114.37.191
81.233.189.78
119.152.84.235
91.146.166.215
124.8.244.102
77.56.237.180
124.8.244.102
93.172.43.59
85.66.12.104
24.81.105.1
85.226.34.45
81.104.86.28
116.99.19.240
201.132.64.193
98.229.93.175
219.73.29.142
94.213.136.251
190.173.202.44
78.106.110.177
99.235.39.126
190.173.215.73
117.195.163.217
200.85.202.141
78.185.132.204
92.50.44.220
98.209.226.87
75.70.63.10
87.205.211.216
69.140.197.106
81.104.86.28
66.141.139.87
78.106.110.177
124.8.244.102
112.201.14.4
92.81.81.30
218.166.196.70
205.189.22.10
195.174.72.34
173.88.160.160
91.4.101.16
216.164.169.81
68.96.121.18
24.190.26.208
212.73.52.124
190.173.202.44
118.42.146.27
117.203.0.159
84.68.17.194
62.245.99.95
115.43.126.186
89.25.108.25
75.67.100.77
89.133.139.125
117.200.145.126
188.36.193.184
85.65.4.90
78.97.204.60
89.42.254.37
95.180.136.132
87.97.96.113
190.16.52.114
77.81.227.59
88.187.212.141
92.46.214.208
85.132.231.228
89.39.198.119
85.216.196.162
85.65.4.90
68.106.143.104
66.189.113.177
82.33.22.132
24.201.228.235
218.175.218.242
77.238.195.201
118.46.119.43
87.110.86.110
84.110.237.25
79.163.21.91
220.139.63.82
140.109.91.195
82.27.243.35
89.216.170.53
83.213.5.31
18.205.1.16
75.116.238.110
89.138.86.118
79.117.20.249
74.192.204.157
81.22.136.238
117.204.68.218
92.50.44.220
202.86.181.243
69.140.68.112
195.249.88.183
125.203.156.185
77.28.146.49
76.178.95.161
77.81.39.125
59.99.19.95
114.38.113.247
69.140.68.112
82.72.119.165
93.84.84.2
92.114.126.25
218.175.218.242
213.231.32.245
120.88.36.144
123.236.174.228
211.135.120.9
78.97.196.155
69.143.67.95
75.60.202.176
92.114.117.75
92.114.14.193
89.214.105.243
79.119.124.141
124.125.105.198
158.108.12.41
190.158.40.13
91.72.218.29
89.135.160.24
202.164.39.27
117.204.224.99
94.21.196.169
88.187.212.141
81.182.91.113
118.160.17.35
190.190.119.162
115.128.65.23
79.121.132.204
99.226.253.67
84.3.239.2
74.72.219.152
92.81.183.57
218.148.224.221
79.118.146.17
117.195.161.76
92.40.43.31
221.27.12.174
82.181.171.237
212.96.62.1
24.45.254.191
79.121.132.204
78.97.196.155
58.9.246.48
99.129.19.139
92.114.117.75
74.14.3.164
88.174.28.147
41.201.213.135
59.95.21.123
89.136.75.70
59.149.112.223
92.81.183.57
125.203.156.185
92.114.76.145
213.37.176.154
58.107.225.103
81.235.238.196
85.231.73.148
217.16.130.220
89.103.48.81
190.173.202.44
78.185.132.204
85.216.10.151
200.85.202.141
116.75.115.201
87.18.87.8
203.218.231.97
188.2.225.51
92.40.73.219
89.229.193.227
116.68.240.48
77.81.227.59
213.66.16.31
212.233.233.173
68.52.60.99
86.127.57.103
76.29.227.242
88.165.89.233
92.41.63.25
69.144.132.7
190.18.171.4
213.231.32.245
89.41.249.39
89.103.48.81
90.231.107.150
88.132.7.212
119.234.32.159
75.66.155.50
77.99.113.103
94.249.23.187
76.185.179.239
84.175.248.58
89.78.97.67
77.208.79.98
68.39.77.58
118.46.119.43
92.82.124.163
213.114.121.206
88.114.126.173
87.97.4.194
211.30.246.220
69.24.162.96
142.217.107.109
92.2.0.99
68.225.218.234
61.216.115.43
79.136.58.83
114.76.215.16

To simplify, PageRank, or link weight, is passed from one page to another through links. To decide how much each link gets the total weight the page has to offer is divided by the number of links on the page. Previously Google, and other engines, removed rel=nofollow links from this equation entirely. Meaning if you used rel=nofollow on your external links, especially those submitted by users such as in blog comments and forum posts, you allow more weight to be passed through your internal links, thus benefiting your site. You can read more about this topic in the above linked post as well as in these two articles: All About Link Popularity & Pagerank; Site Architecture: Optimizing your Internal Links.

The change is that rel=nofollow is added back into the equation, and the weight rationed to the nofollow links simply is never delivered, it goes to the abyss, it is vaporized, never to be seen from again. This change was done quietly around a year ago, Google only just spilled the beans last month, but this would explain the roughly global PageRank drop (where most sites lost PR) that occured back then, all the nofollow links within Wikipedia alone would vaporize a large amount of the Internet’s overall weight.

What this means for site owners is that where you thought you were once conserving PageRank, you’re now just hurting yourself. You should remove all nofollow stamps on all internal links, all of them, and on external links they’re now pointless for link weight conservation.

We can choose to go back to the other methods of link weight retention, methods that we used prior to the invention of nofollow, but many of them are also likely poisoned by this change (such as running through a redirect script blocked by robots.txt) and others have accessibility issues or may be considered blackhat one day.

Instead I immediately thought of a solution that doesn’t aim to block all link weight leakage, but instead aims to mitigate it as much as possible, this is done through two concepts. Depth and link ratios. The deeper a link is in your site, the less PageRank it’ll tend to pass, and the higher the internal link/external link ratio on any given page, the less will be lost.

The solution thus is what I call, Two Step External Links this is really just a visible static page redirect, instead of the automatic redirects that have been used in the past. This type of redirect actually has exists for as long as the Web has, only it was primarily used for liability reasons at government, school, or medical websites where the sites did not want any perceived liabilty for the quality of the content their external links pointed to. What is new is using this method of link for PageRank retention.

Now, you’re supposed to use rel=nofollow on your blog comments and forum posts because you do not exercise editorial control over those links and you do not want to be blamed if they point to bad neighborhoods. But suppose you’re a really good blogger and have a 20 link menu on your blog, but then you make a really good post and get 200 comments on it, all with an external link. If all of those comments are nofollowed, you lose 90% of your PageRank on that page, 90%. If all those links are not nofollowed and not otherwise redirected, you lose 90% of your weight still, and you also open yourself up to the “bad neighborhood” linking liability (plus you’re rewarding potential spammers, thus encouraging more spam, and we hate spam don’t we precious?) If, however, you use my plugin for your blog you recycle 95% of the 90% of weight you’re losing back into your site, meaning instead of losing 90% of your original weight, you’re losing 8.5%.

How it works is, as I explained above, through depth and ratios. You have a visible redirect page that has your fully menu on it and the external link, but since there is just the one link vs your menu (as opposed to 200 vs your menu), it is vastly out numbered by your menu, and so you mitigate the link weight you lose.

I have had developed two plugins for this system. You can download them here. One is for vBulletin, the other is for Wordpress. Each plugin has a whitelist so you can exempt certain domains from redirects. Each has a setting to allow the redirect page to itself have a meta refresh redirect on it (to automatically forward after X secondS), and each has a setting to set the external link on the redirect page to nofollow or not (I recommend nofollow). The vbulletin plugin also has a setting to only show it to guests (users not logged in).

The Wordpress plugin is really easy to install, just upload it to your plugin directory, the vBulletin plugin requires a few file edits. In both cases if you run other plugins that modify the same parts they may not work, and in both cases it has been tests on both the newest and slightly older versions of the software.

The plugins are free to use, they are in my opinion completely white hat, and both are extremely effective at retaining link weight within your site.

Also both redirect systems are powered with a simply query string and so you can easily send links through them from anywhere else on your site once installed, such as your custom CMS or from within articles where you write the links manually, to then redirect those links as well if you want.

I sat down today, the baby miraculously slept for 3 hours, and I cranked this out. All told, it took me 4 hours to build a new frontend that allows me to quickly add product variations, potentially cutting down the time required by dozens of hours per product for complex products.

Note, I am not a professional programmer (not in my definition), I’m a bit of a hack. I may have been considered professional at one time, but as my interests moved from being a freelance developer to SEO and site management, my programming skills never improved further, so now I’m pretty far behind true professionals. I also was completely unfamiliar with the database schema and had to familiarize myself with it. And yet… 4 hours later, here it is.

Again, the issue with their cart is that suppose you sell a T shirt, that comes in 10 colors and 10 sizes. They require you to enter pricing information for every possible combination of color and size, even if they don’t change the price at all. Then suppose you add gift wrapping as a yes/no option. That then ups the form lines you have to fill out from 100 to 200, just that.

With my script instead you define a price for 10 colors, define a price for 10 sizes, and define a price for no gift wrapping and yes gift wrapping, 22 total definitions, as opposed to 200.

In my original review on Interspire’s cart I provide an example that results in 103,680 definitions you must manually fill out. My script does the same thing with 50. Would you rather fill out fifty form fields, or one hundred thousand form fields?

Anyways, this script is for sale if anyone wants it, $50, what a bargain for all the labor it’ll save you. Just paypal $50 to paypal at thebeasleys.org and I’ll email it to you.

Pricing

Lets start out with what is perhaps the biggest complaint with Interspire, the pricing. This software is not cheap. For the purposes of this review I was given their ultimate edition, which clocks in at $1800, plus more if you want to be able to download upgrades. For a small time person wanting to merely get their feet wet with ecommerce, this would seem daunting. Still, in the grand scheme of things, $1800 is not a whole lot. You’d pay more typically to have a custom cart or site developed, and you’ll likely make back your expenditure in no time. I like to tell people how I started my first ecommerce site (not my first profitable site, I took profits from my content sites to start it) with an initial outlay of $1200. That covered all my initial inventory, merchant account, SSL certificate, I used my existing servers for hosting, did my own design, and used free OScommerce. This site made $500,000 in gross revenue over the next 6 months. In retrospect I could have spent far more to launch the site and still been wildly profitable.

It isn’t so much their upfront pricing that bothers me but rather their upgrade pricing, and in fact I’ve seen quite a few complaints about it from other users. Because I’ve been sitting on this review for 9 months I’ve actually experienced having to upgrade a couple times, and while it was free for me as part of the review, I do know that otherwise it would have been an egregious cost.

When first ordering your license you can sign up for maintenance that allows you access to upgrades for the period you request. This will add on an additional 20% to the product cost if you want a year of upgrades. But, it appears to me this covers only minor upgrades, not major upgrades. So if the software is updated from 4.0.5 to 4.0.6 it is covered, but you don’t get the 5.0 upgrade, because that is a major one (read their upgrade policy). Most other places will give you the upgrade for free within a year, that is fairly standard in the software Industry, Interspire has only a 60 day window, after that you have to pay for it (but they give you a 50% discount on the retail price, still, it is a lot of money).

On October 13th 2008 Interspire officially released version 4.0, it reached 4.0.6 by the end of March 2009, when 5.0 was released, forcing people to reup. My charge would have been around $1200 had I not gotten it for free. Furthermore, I couldn’t see what justified this being 5.0 instead of 4.1. When vBulletin (and I know I mention Jelsoft a lot, but they really are the pinnacle of website software in terms of customer service and whatnot) does a major upgrade, you know it, the new version is entirely different, it is an event. Interspire 5.0 has a lot of new features, but it is not a major upgrade in my opinion.

It seems to me like Interspire knows what their upgrade policy is and that they define product release milestones not by any accepted programming standards, but rather by what their budgetary needs are. I do not like this. I do not like this one bit. $1800 is a lot of money, but if it is a one time fee it is easy to justify, if Interspire is expecting you pay that every 6 months, then you’ve got a very high cost of ownership. Its one thing if they want to jump from 4.0.6 to 5.0 quickly if 5.0 is a major overhaul that changes systems to their core, it is a completely other thing where in any other software package the changes like with what you get with 5.0 would be considered a 4.1.

Now, as I said above, there are different pricing levels with different features, there are differences between the packages, the main one being product quantities. The cheapest package is $295 and includes capability for 100 products. The next one is $1000 and includes capabilities for 5000 products, and then the ultimate one I got that allows for unlimited products. There are other small differences and I urge you to compare them before making a purchase (if any).

Installing, Upgrading and Importing

Interspire has a very easy to use install & upgrade process, as I’ve mentioned I had to do it a couple times, very easy both times. My only issue is with the templates as I will mention below. Quick fast easy, no complaints here at all.

They also have importers for OScommerce, X-Cart, and CubeCart. I’ve not actually tried any of these. I’d be willing to try them if I had more licenses to play with and/or if Interspire started supporting dimensional shipping with UPS, but they are available.

Customer Experience

My main concerns are how easy is it to find a product on the site, add that product to the cart, and then buy the product. It is amazing how many carts mess this up. Interspire does a pretty good job with all of the above.

There are certain additions I’ve made in all carts I use to make it even better, I wouldn’t expect the software to do these, because for all I know I’m the only one that wants them, but I do find them incredibly useful.

1. Really, really, explain to people what the CVV is when checking out with a credit card. I mean, show a picture (wikipedia has some as I recall), it is on the front on AMEX, and on the back on Visa, Mastercard, and Discover. It is amazing how many people get confused on this, and then don’t check out. Interspire could do more here.

2. Make the final checkout button very prominent and flashy, flashing even. It is amazing how many people get that far and then don’t click it, this is more a problem with OScommerce and their final confirmation screen that looks like a receipt but isn’t, but still, it can’t hurt any cart. A small template change I could do, or Interspire could do. If they do it it is permanent, if I do it I gotta redo it after every upgrade.

3. Stress to the people to put in the correct billing address when checking out with a credit card. Interspire does this really good actually. They put a second place for billing address right next to your credit card number on the form, and if you put in the wrong thing, the error tells you why it was wrong (address mismatch) and again, presents that form on the same page for you to fix. OScommerce requires you to manually go back a few steps in the checkout to fix it, annoying for the user, and then they don’t buy from me.

Order Summary

Why is it so hard for some carts to provide a printable receipt after checkout? Honestly, Cubecart doesn’t, OScommerce doesn’t, what is the deal?

Interspire does not do it either when you select payment of check or money order (mail order form) they provide this sentence: “Mail a check or money order in US funds, along with a printed order summary, to:” But don’t actually provide the order summary. I guess you have to wait for the email and print it out? What if you don’t get it? Why not just put the order summary on that page?

When you pay with a credit card through authorize.net Interspire provides a link for the order summary, but again, why not put the order summary on that page? There is a ton of whitespace on it, fill that space up!

The email summaries they send are nice, put that content on the page seen after checkout.

SEO

I’ve got no complaints about the SEO for interspire’s cart. They support friendly URLS, give you control over your meta tags (not so necessary but nice) and page titles (very necessary). There are no duplicate content issues with non-canonical URLs like you’ll find in Cubecart with their reviews, or in OScommerce with a new URL for each way to view a product (from a category, from each category, from any category, or from the bestseller list or search results, blech!). There is nice keyword rich breadcrumb navigation, a nice text menu. From an SEO perspective it is an almost perfect platform. The one thing I might want is more product menu control.

For instance, it just lists all top level categories in alphabetical order. Great, but maybe I want to go two levels deep on my menu. Maybe I’d like to list a few of my most popular products indented under the category they belong too. Giving such products prominent menu links increases their intra-site link popularity, and is something I might want to do.

Category Management & Menus

Category management is good, other than the things mentioned above. I can drag categories to reorder them (though with a lot of categories, a numbering system might be easier). Categories can have their own custom template specified for display, which is a really cool feature, they can have images and you have full control over their title and meta tags. All told, Interspire has a fine category system.

On the menus, as I mentioned above, I’d like a little more control. I’d especially like the ability to put in headings (since I can’t do multi-level category listings). For instance say I ran a site for “Birds and Blooms” (a real-life gardening & birding magazine) I might want a heading for “Birds” with all the applicable product categories below it, and one for “Blooms”. This can be achieved with allowing selective multi-level display of categories (showing the top level category, and the next level down where indicated by the admin). Or with a sectioning system, either way, it’d be a good feature.

Customizing Templates

Interspire is by far, hands down, the easiest cart I’ve ever had to skin, it is miles ahead of anything else. First of all, it has a wordpress like one-click install of a new template you can download from their free template library. Chances are you’ll find one with a color scheme you like, then you can easily do the few customizations you need to do, such as specifying your logo image.

Secondly, they have an awesome inline-editing tool whereby if you’re logged in as an admin and you’re viewing the site you have the option to edit the page you’re currently viewing. It is an extremely intuitive tool, I could figure it out without looking at any reference documentation. You can do some point-click-drag editing dragging boxes around the page, or open up the files (again direct from this interface) and move the content that way. You can also use this tool to discover which files are responsible for markup you’re selling, it tells you. No more having to play “guess the template” when figuring out which file you need to open to make a small change to your template.

Thirdly, their markup is extremely clean, well commented, and intuitively named. A CSS class name lets you know what it is for, it isn’t just some programmer’s shorthand like .crc (center right column? I’d rather not guess thank you). So if you do need to do some hard editing (and I didn’t) you’re good to go.

You can also of course edit the textual content of various pages from the backend, and in fact the cart even includes a quasi CMS for articles/pages of content or store news. As well as the content of any store emails.

The one problem with this whole system is upgrades can break your templates, even the ones you’ve gotten from Interspire, and to fix it you need to get the new version that they provide, which overwrites all your changes. It would be nice if, perhaps, it only overwrote the templates you had not changed from the default, and for templates you HAD changed it gave you a side by side comparison to help you port over the changes to the new files… like vBulletin does it for instance.

So, the few minor changes I’ve made have to be redone at times, and that does get annoying.

Adding Products

Interspire has some of the best product adding features I’ve seen, with a few caveats. You can easily add all the product information, all the standard stuff, they have a very nice WYSIWYG editor, and it is easily to select one or more categories. They also allow you to select shipping weight AND dimensions (though they do not use those dimensions with UPS). You can also add a fixed shipping cost, on the product (most other carts allow that merely for your whole store) and you can offer free shipping, again, just on that one product. I appreciate that flexibility.

You can also turn on inventory tracking on a product by product basis, there are options for fill-in-the-blank fields for customers to fill in during checkout, and product level discounts, all really accessible. One really cool feature I’ve not seen elsewhere is the option to specify the template file for displaying the product page. This means that you can use different templates for different products really easily, how cool is that?

There are also tags, page titles, meta information, all for you to fill out as well, and some accounting software settings I don’t use, but if you want to integrate your cart with accounting software, I’m sure you’d like them.

The images leave something to be desired. I’ve seen carts that allow one image, and I’ve seen carts that allow more than one. Never have I seen a cart that allows 5 images, but not more. It would seem to me once you code the many::one image to product relationship, your software should be able to support any number of images, or certainly more than 5. This arbitrarily limit should be lifted. You should be able to upload any number of images that are automatically resized into thumbnails for a public gallery page as necessary.

Finally, there are product variations….

Product Variations

The main problem with Interspire’s shopping cart is their horrible product variation system. By “product variation system” I mean that system found in shopping carts whereby you can create options for a product, such as colors, or sizes, thus allowing someone to buy a shirt in x-large and green.

The way Interspire has their system is extremely powerful, more powerful in fact than most other carts I’ve tried, it is also extremely excruciating to work with.

The power, and the problem, is that Interspire allows you to set option details for every possible configuration. Blue in small, blue in medium, blue in large, blue in x-large, green in small, green in medium, green in large, green in x-large. And so on. And when I say they “allow” you to do this, I really mean require, because there is no other way to use their system. So, thinking ahead, what you end up having to do is fill out a row of form fields (including possible image upload) for the product of the number of product options multiplied together.

If your product has only a few scant options, this is not a big deal, but if your product has more options, boy howdy. Suppose you were selling engagement rings, you have a ring and first you must choose a ring size, 5-15, in whole and half sizes. 20 options right there. Then you have to choose a finish (silver, 10k, 18k, 24k white or yellow golds, platinum, tungsten, titanium, carbon, stainless steel). 12 more possibilities. Then you need to choose diamond size, setting, and cut. Say 6 different options for each. Giftbox, yes or no? 2 choices. So, just in this example, you have 20*12*6*6*6*2 = 103,680 rows of form fields to fill out. This is not a joke, this is not an error, this is the sad truth. I’ve had browsers crash using their shopping cart because I did not have enough RAM to display the page that was generated. Another user posted a complaint on their forum and for good measure he copied and pasted the entire thing into the forum, it took him over 25 posts to get it all (with the per post character limit).

Technical issues aside, how do they expect someone to sit and fill out all that information? The cheapest data entry person in the world is still going to break your budget for having to do that much work for a single product, yes, a single product. You’ll have to do this for each product on your site that has options.

Every other cart I have ever seen does this better. For instance, a 1 carat diamond may add $1000 to the base price, you don’t have to type that in a thousand times, you type it in once and the software knows to apply it to every size, setting, and cut option. Doing these kind of repetitive iterations are why computers were invented in the first place, why does Interspire not take advantage of that ability?

Now, they way they do it is powerful. For instance suppose one particular build is more expensive than others, say, a size 15 ring costs more because it uses more metal, but how much more it costs depends on the metal used. Using their system I could go in and specifically define this, I can’t do that with other carts. But with other carts I can otherwise get the product entered in minutes, not weeks.

I don’t know why they have not fixed this yet. As I said before I was asked by their CEO 9 months ago to review their software, and I noticed this issue right away, and I told them about it, and they said they’d fix it. Maybe there was a misunderstanding, but it hasn’t been fixed, and me waiting for it to be fixed is why this review is so late.

They don’t have to scrap their variation system entirely, they merely need to make two front ends for it. One, allowing the computer to take user-inputted rules and fill in all the blanks, and the other to allow the user to go in and manually edit any one of the rows as needed. They can even do it with a little javascript scriptlet. In fact, if they don’t do this, I may hire someone to do it myself, it’d be an extremely small job, and probably take a day of work at the most. It would be the equivalent of using excel or another spreadsheet, highlighting a column, and doing “fill down” with some value.

The second problem with product variations is the frontend. The way they are displayed in the template is completely obtuse and hinders purchase decision making by the consumer. Many shopping carts will display the options, and next to them they will display the price for that option. Interspire does not, instead they force you to select the option and then the price on the page changes, and if you’re good at mental math maybe you can do a quick calculation in your head to figure out how much that option cost you. I don’t know about anyone else, but I don’t want to force my users to have to do mental math to spend money with me. I want to make it as easy as possible for them to spend money with me.

Users who use price in their purchase decision (which is most users) will want to know how much options cost them up front without having to play “tour the dropdown list.” Like in a restaurant you can get a steak, smothered with mushrooms is a dollar, cheese is another dollar, add salad bar for $3.99. Users then make a decision based on how much they want to eat and how much they want to spend. Contrast that with just a vague mention on the menu of “Mushrooms and cheese are extra, as is salad bar, when you order your server will tell you how much extra.” Who would like that?

I prefer using radio buttons for option selections (like OSCommerce does I believe) with the price increase (or decrease) displayed next to each option. Users can then easily see what options cost them and make their decision appropriately.

I’m not saying Interspire has to do it only my way, but doing it only the way they currently do it is a bad idea, they should at the very least provide an option to store admins for a variety of ways to display product options.

Authorize.net Integration

I don’t try out every payment gateway when I review a shopping cart, I try out the ones I use, and I use authorize.net.

Interspire’s integration leaves something to be desired, specifically they leave many fields blank, and improperly use others. This limits the usefulness of Authorize.net. I’ve had a custom cart developed, and paid less than $1000 for it, and that included an entire site, I paid less for it than what Interspire charges for their best cart, and it included a more fleshed out Authorize.net connection function.

To be specific, in the below transaction receipt EVERY FIELD under “Billing Information” should be filled out and EVERY FIELD under “Shipping Information” should be filled out. Additionally, under “Order Information” the “Description” field should not just redundantly list the order number. It should, instead, list the actual description of your order, ie, the contents of it. “1 diamond ring, pack of cheetos” like most other carts do, and like what Authorize.net says the field is supposed to be used for.

Merchant : StoreName.com (5555555)
Date/Time : 11-May-2009 02:42:07 PM

========= ORDER INFORMATION =========
Invoice : 1
Description : Your Order From StoreName (#1)
Amount : 49.95 (USD)
Payment Method : Visa
Type : Authorization and Capture

============== RESULTS ==============
Response : This transaction has been approved.
Authorization Code : 05555B
Transaction ID : 555555555555
Address Verification : Street Address: Match — First 5 Digits of Zip:
Match

==== CUSTOMER BILLING INFORMATION ===
Customer ID :
First Name : joe
Last Name : smith
Company :
Address : 123 Main Street
City : Springfield
State/Province : MS
Zip/Postal Code : 55555
Country :
Phone :
Fax :
E-Mail :

==== CUSTOMER SHIPPING INFORMATION ===
First Name :
Last Name :
Company :
Address :
City :
State/Province :
Zip/Postal Code :
Country :

======= ADDITIONAL INFORMATION ======
Tax :
Duty :
Freight :
Tax Exempt :
PO Number :

Shipping

Like most carts there is a bevy of shipping options, the one thing I care about though is missing. Support for UPS shipping based on package dimensions. I don’t know if most shopping cart developers get that two boxes can weigh the exact same amount and yet one can cost hundreds of more dollars to ship because of product dimensions, this is true on air and International shipping. UPS supports this in their API, Interspire allows you to specify dimensions on the product screens, why not connect the dots? This feels like a perpetual complaint of mine, most carts fall short here. OScommerce has this as a contribution you can install, CREloaded contains this out of the box. And X-cart supposedly does too. Interspire though falls short. Supposedly this is high on their list of priorities to add in the future though.

One thing they do that is really nice, that some other carts do not do, is have shipping zones. So you can offer say, UPS for domestic shipping and USPS for international, or free domestic and paid international. This is one thing I miss with my OScommerce stores.

Reporting

Interspire has amazing profession reporting features, blowing any other cart I’ve used out of the water. Easy Google analytics and Adwords integration, real-time graph generation, all out awesome stuff.

But perhaps the most important report they left off.

This is something where I think sometimes the developers could benefit from shadowing an actual merchant, or perhaps a US merchant, maybe it is different in Australia. Here, in the US, most merchant have to collect sales tax, and like every other cart Interspire has a zone system for sales tax collection settings. But, in addition to collecting tax, we then have to forward that tax money to our state governments, usually once a month, sometimes more or less often. Most shopping carts include a “sales tax report” that lists the taxes collected by month. This is awesome, this is great, this is absolutely necessary. Without such a report you need to go through, viewing each order, and manually add up by hand the tax collected. Actually, last time I had to do this manually, I used an custom SQL query I ran against the database directly, but still, it took more work than what I can do now with other carts, which is click a link in the admin and get a list of monthly revenue with tax & shipping broken out.

Minor Bugs

Interspire doesn’t list the version number of your current install in the backend, nor is it easily found in the header of source files. At one point I forgot which version I was running and had to go look at the original zip file from the original download. This is just weird. They do send upgrade notices telling you of a new version, but they don’t let you know what version you currently have. I’ve never seen any software, shopping cart or otherwise, that doesn’t remind you which version you’re running in the backend.

There is no way to set an SSL domain. You can turn SSL on or off, but not set your SSL domain. I’ve never seen another cart leave that out, you shouldn’t always assume that if your URL is www.example.com your SSL domain will be exactly the same, at the very least “www” usually isn’t included, but sometimes (especially people on shared hosts who use shared SSL) it is something wholly different.

Order Management

Their Order Management is awkward, and perhaps better than Cubecart, but I like OScommerce over Interspire here. First of all, they make it somewhat difficult to email customers a message about their order. For one, you can’t even do it unless you buy the most expensive cart (emailing customers about their order is now a premium option say what?), then it is just awkward. You can’t do it on main order screen, or while updating an order to mark it as shipped with a tracking number. You must click a message link to open a new page to view or send any messages, then there is no way back, you can only go to your mass order list and find the order you were working on again, not that easy to use. Time is money and the extra time it takes to email customers, something that will need to be done often, hurts. I much prefer OScommerce. You have a checkbox to indicate if the customer will be emailed when you update the status, yes or no, on every status update. This is really nice. And then of course a text box for putting in comments that can be included with any such update. Quick, easy, powerful. This is the type of feature you take for granted in software like OSC, but when it is gone you realize how important it was.

To make this even worse, the message you enter with Interspire doesn’t even get emailed to them. They mere get emailed that a message was sent, but to read it the customer has to visit your site and login. What a hassle. Why not just email them the message, add a link to reply if you want to track replies, but let the customer read the notice from their email software.

Final Thoughts

I don’t know how to feel about Interspire. On one hand, they have a nice outreach system at ideas.interspire.com and at first blush they seem to really care to make the product their customer’s want. On the other hand there was this snafu over the product variation upgrade I was told would be included in a release, and I’ve also heard reports of them censoring ideas posted when they involve pricing complaints. Then yes, the pricing. Interspire is one of the best carts I’ve used. The issues I have with them are issues I feel strongly about, but I also think they could be easily rectified making Interspire a cart that fits my needs perfectly. On the other hand they’re expensive, and they seem like a greedy company that will manipulate their upgrade policy to get the most possible dollars from their customers in a sly way. If they really wanted more money they could just charge more up front, but they don’t, so people feel tricked.

In the end I would call Interspire a Ferrari with no wheels stuck up on cinder blocks. It is high end, with a lot of features, and a high cost of ownership what with repair costs and insurance. But because of the hobbling of the product variation system it really doesn’t have the wheels to make it go.

Can I recommend them? The only thing that gives me pause is their pricing. I’ve found tons and tons and tons of complaints on the Internet about their pricing and upgrade policies. Do I want to recommend them and get you locked into having to pay thousands of dollars a year for minor upgrades? Could you find other carts that do better or the same, for less money? I think their cart is worth the initial price tag, I’m just not sure they as a company care about the customer so much as the customer’s wallet and how best to milk it. I also, obviously, cannot recommend them for any site that needs to ship large packages, or sells any product that needs variations or options, if you try to use it with either of those you’ll just be swimming up stream.

If Interspire fixed their product variations and released an equivalent of OScommerce’s UPS XML Dimensional Support contribution, and I got a better vibe from them in regards to upgrade pricing, such as a change in their policy, and their importers work. I would probably import at least one, possible more, of my existing stores onto their software. But there are a lot of “if’s” there. So until all that happens, I think I’ll have to keep looking for my vBulletin of the shopping cart world.

The next cart I plan to review is X-Cart, and as always if you’re a shopping cart company I’d be glad to review your software.

I’ve been talking about PageRank manipulation for a long long time now, almost 8 years, going back to my time on SitePoint, doing experiments, getting a page a PR 7 with a single incoming link, editing menus to siphon PageRank to pages I desire (such as in my Hub & Spoke article). I’ve probably advocated it as a practice longer than pretty much anyone else (when I started other “professionals” often said I was full of it (mostly because they didn’t understand the math behind PageRank), only to start doing it themselves a few years later, many of them not until apparently 2007, 5 or 6 years late), the most being written in my article on internal site architecture a phrase I started using before anyone else (forgive the horn tooting, but I’m not a sensationalist writer, and I feel that the only way I get readership on this site is because on many SEO topics I was first, and I was right. So I just like to reiterate that while other more popular SEO writers are indeed more popular, they have a crappy track record). So, if you read my blog, and you’ve read my stuff, you’ve probably adopted such practices yourself, and so, you really need to read that blog post.

There are a couple of good points in that blog post. For instance Matt Cutts acknowledges what he calls “PageRank Sculpting” as a legitimate method of SEO, though he says it is something that he would consider to be “third tier” and that you should work on having good titles and content first. He also mentions menu control as a valid practice, controlling which pages are linked on your menus or from your homepage, something I taught 8 years ago (hooray vindication).

The main topic though is about rel=nofollow. Typically going back years the goal of limiting the outflow of PageRank to sites (thus keeping more within your site, and again something other SEO writers claimed was impossible, or not beneficial, or that you didn’t even lose PageRank when linking out..) was done with form based navigation, javascript based navigation, blocking links through a relay script, or all of the above.

These were all highly technical methods of blocking and more difficult to implement. Then with the advent of rel=nofollow we all had a simple and easy way to block the transfer of PageRank. Until apparently 1 year ago. 1 year ago Google, secretly, changed how they calculated PageRank (which again, this whole conversation is an implicit statement that outgoing links do indeed take PageRank away from a site’s pool in general, something that had been a contentious issue for years, as anyone who visited a forum can attest to). The change was that, in Matt’s words, instead of dividing the value a page has by the legitimate links on a page to see how much weight each link had. Instead all links on the page are now considered, ie both normal and nofollow links. So if you have 10 links on a page, and 5 are nofollowed, the total link weight is divided by 10 not 5, and the PageRank that would have been passed to the 5 nofollow links simply evaporates, rather than being passed to the 5 normal links on the page.

This is a huge issue. Suppose you have a blog with a menu of internal links totaling 20 links, and your blog post has 100 comments because you’re just that popular, and suppose 60 of those comments have outgoing links, but you rel=nofollow them because they are user contributed links and you cannot vouch for them (they could be “bad neighborhoods” and all that). Prior to this change any PageRank passed from your site, or from external sites, to this blog post would have been funneled back through your 20 internal links to the rest of your site. Your net PageRank loss, or bleed rate, would have been small, equivalent to the part of the PageRank formula known as the dampening factor.

Now, 75% of your weight is lost because the 60 nofollow links are included in the equation. That is huge. This could be why, it seems to me, there was a global PR reduction about a year ago (many sites lost PR, though relative rankings stayed level). All that PageRank evaporating instead of continuing to go around the circle. This doesn’t even just affect you if you run a blog, but also if you otherwise have links from blog posts, those links are now passing less weight to you.

Additionally, what about using rel=nofollow on your own internal links as has been widely suggested prior to this change? Well, suppose you used rel=nofollow on a login page because search engine spiders don’t need to login to your site. What exists on that login page? Typically your header, your side menu, and your footer. Previously it was suggested to nofollow such links, to prevent unnecessary drain. This is no longer a good idea. If you nofollow an internal link you lose ALL weight that link would get, whereas if you kept it live you’d lose some to the dampening factor, but much of it would flow back through the menus on that page. Better to lose only some of it than all of it. This goes for forums, and shopping carts, and any other user software with copious amounts of useless (to search engines) pages that you would have otherwise nofollowed. [b]From now on, never nofollow an internal link.[/b]

No word yet if this also applies to pages blocked with robots.txt or a noindex meta tag. Many people, including myself, use those two methods to block unwanted pages, especially in regards to forums. Forum software trots out so many different useless URLs this is a big deal. For instance at any given time on a popular forum, say SitePoint for example, you’ll have thousands of links on your homepage pointing to things like user profiles. You don’t however have thousands of forums and the user profile links drastically outnumber the actually forum content links, so you block the user profiles with robots.txt or noindex and ideally send all the link weight to your content. If this change applies to noindex and robots.txt, you’re instead just sending over half of your available link weight into the abyss. Bad idea.

So, if you still want to do PageRank Manipulation (and you should, it is the one thing that separates professionals from amateurs and can give you good success and the edge you need) these are the things you can do.

1. Control your homepage links and your menu. On my sword site I customize my left menu by hand. The software by default would link to the top level subcategories. I do that, but also pull out some products individually for direct links. This is to funnel more PR to those product pages to help them rank better. I do this because I want those products to rank better because a good rank on those products gives more profit because the product is more often searched for.

2. Use strength in numbers, if you can have big internal link menus you will keep more of the PageRank within your site regardless of outgoing links.

3. Use really obfusicating javascript OR iframes OR forms to do your external links. Suppose you have a blog post with 60 comments, put all the comments in an iframe and you mitigate the PR loss because the blog post just links once to the iframe, so if you have 20 links on your menu only 5% goes to the comments, instead of 75%. With javascript, Google can crawl basic javascript links, so you really need to mess them up. Hybrid form navigation is pretty safe.

4. Possibly use noindex or robots.txt, I’m insure if these will still work, but if they do, they’ll be good options. You can send external links through a redirect script blocked by a noindex, thus preserving the weight.

5. Box all links within a redirect warning page. Few sites do this, but it’ll work. Make a redirect page link as you would otherwise, but make it visible functional HTML, with your header, and menu, and footer, and everything else. Have this link say “You are about to leave this site for an external link. We cannot vouch for this content.” They provide the link again or use a meta redirect on a timer or javascript to forward. So suppose 75% of your link weight is going to your comments, but then the comment pages go to these gatekeeper pages, which have 20 internal links and just the 1 external link. You’ve now mitigated your PR loss by 95%*d where d is the damping factor. Not bad, and perfectly white hat. I’ve never actually heard anyone mention this type of thing for PR preservation before, the only sites I know that do it do it for legal liability reasons. Maybe I should patent the idea? In anycase you heard it here first.

6. Like 5 above, increase depth. If external links are located deep in your site, more clicks away from your homepage or other sources of weight, the less weight they will get. For instance, if you have a “links page” (something I’d never recommend) make it a “links directory” instead, thus increasing depth. This is actually also related to #1, you’re putting your most important content prominent, and putting the stuff you don’t want to get weight deep.

7. Simply do not allow certain types of external links. Removing them from blog comments for instance.

The most important thing to remember is that PageRank management is a game of percentages. You absolutely do not want to poison your site with excessive external or nofollow links on a PageRank heavy or otherwise important page. Keeping your homepage free of such influences will be a big deal and a big first step. Also, if there is a repeating link on every page of your site, making sure that isn’t hurting you is also important. The deep links from articles or whatnot are not as large of an issue (so long as they do not vastly out number the internal links on any given page, like what can happen with blog comments).

In the meantime, for right now, all of you who have put rel=nofollow on footer links to privacy policies and whatnot, take them off. They’re hurting you.

Also, if you were using rel=nofollow to control duplicate content, use rel=canonical instead. This new canonical definition is something software developers of forums and shopping carts desperately need to start adding to the default versions of their software.