Thrudigital

I have answered this question already on this blog several times, in a different way each time. However, I invariably come up with new ideas, and this time is no exception. Second, the fact is that this technique is already widely-used, though many webmasters don’t understand it. As usual, let’s analyse the background before we move on to the solution:

The background
As already explained here: Increase website traffic – My way, it is necessary to understand your visitors: why they visit your website, what they need (is it a store? an information site? a review site?), and to answer the question “Are visitors of my website satisfied?”. If people aren’t happy with what they found, it is unlikely you will see growth in your website rankings. Thus, it will be very hard to attract new visitors to the site. Conversely, happy visitors are likely to return to your website, and they are also more likely to link to it. Links are what your site needs to achieve top 10 rankings in any search engine. We’re talking about serious SEO and really competitive phrases (I won’t try to persuade you that you should focus on phrases that consist of 4-5 words, although I know that success comes from bottom to top: pages do rank for long phrases and only get better positions if they – the pages – have some inbound links.)

The conclusion is this: successful websites need “natural content”. Natural content isn’t an article that contains useless ideas, but instead content that people like. As you may have already read on this blog, visitors determine what is useful and what is not. To create pages that are full of useful content one needs to analyse traffic. This is all covered in previous articles.

Here’s another approach: if you let visitors create content, they will probably create enough to let you sit back for a while. See the three images below:

In these images I tried to show how important it is for a website to generate natural traffic (not bought from questionable sources or coming from rotating “traffic exchange” sites and so on) because only natural traffic results in questions and content contributions.

The difference between content that you write and user-generated content is that you don’t know if original content answers visitors’ questions. Usually, you will realise that people need answers to their questions (search engines send such traffic) on your website. Here is what to do:

1) Let people ask questions on each page (though don’t turn your website into a blog);
2) Tell people that you want to hear from them and that you will answer their questions;
3) Let people modify your content (explained below);
4) Identify contributors and allow visitors to rate contributions.

The difference between spamming and contributing
If one allowed anyone to modify anything on a website, the site would become crap. Because of this, it is important to implement strict rules for modifying and adding content. Not just using CAPTCHA protection, but also something like this: the content area is strictly for content, and prevents links from being added there. Links can be added to the resources box only. Every modification is held for approval by the webmaster or moderators.

All in all, people can create content for free, you just have to allow them to do so.

Sponsored links

I created this simple script to compare my own statistics to those provided by Google Analytics. I am not saying that Google Analytics sucks because it doesn’t. However, sometimes data generation is delayed, so it’s good to have something to compare with. I’ll probably expand the script shown below and add further features. These could include: unique visits, time spent on-site, impressions per visit, and so on. At the moment one can only check statistics via phpMyAdmin. However, if you’re even a little skilled at PHP, you can create functions that allow you to see statistics via your own scripts. Bear in mind that this code is an example of how to create a script that counts all impressions done by humans. Since robots don’t execute JavaScript code, only human impressions count.

Firstly create the table in your MySQL database by executing this query:

CREATE TABLE IF NOT EXISTS `days_impressions` (
`day` date NOT NULL,
`impressions` int(11) NOT NULL,
PRIMARY KEY (`day`),
KEY `impressions` (`impressions`)
)

Then open your text editor and place this code:


<?php
$server = "localhost";
$user = "user";
$dbase = "database";
$passwd = "password";

$days_impr = "days_impressions";

//function that reports fatal errors in MySQL instead of showing them as output
if (!function_exists('fatal_error_report'))
{
function fatal_error_report($line,$file)
{
//fatal_error_report(__line__,__FILE__);
$to = "bugs@yourserver.com";
$subject = "Fatal error";
$ip = $_SERVER['REMOTE_ADDR'];
$messaget= '<html><body><h1>Fatal error has occured</h1><br />Details:<br />'.$file." on line ".$line." with this error ".mysql_error().'<br />Page accessed: <b>'.$_SERVER['REQUEST_URI'].'</b>. IP: <b>'.$ip.'</b></body></html>';
$postmast= "postmaster@yourserver.com";
$headers = "From: ".$postmast. "\n" .
"X-Mailer: PHP/" . phpversion() . "\n" .
"MIME-Version: 1.0\n" .
"Content-Type: text/html; charset=utf-8\n" .
"Content-Transfer-Encoding: 8bit\n";
mail($to, $subject, $messaget, $headers);
die ();
}
//end of error reporting function
}

$link = mysql_connect($server, $user, $passwd)
or fatal_error_report(__line__,__FILE__);

mysql_select_db($dbase)
or fatal_error_report(__line__,__FILE__);

$date = date("Y-m-d");

$found = 0;
$result = mysql_query("select * from $days_impr where day = '$date' limit 1;", $link)
or fatal_error_report(__line__,__FILE__);
if (mysql_num_rows($result))
while ($qry = mysql_fetch_array($result))
$found = 1;

if($found==1)
{
$result = mysql_query("update $days_impr set impressions = impressions + 1 where day = '$date' limit 1;", $link)
or fatal_error_report(__line__,__FILE__);
}
else
{
$result = mysql_query("insert into $days_impr values ( '$date' , '1')", $link)
or fatal_error_report(__line__,__FILE__);
}

mysql_close();
?>


Don’t forget to modify these variables’ values:

$server, $user, $dbase, $passwd, $postmast, $to

Once you have done this, save the file as, for example, “stats.php”. Then place this code in all pages that are available to visitors:

<script src="http://www.yourserver.com/statistics/stats.php" type="text/javascript">
</script>


I will likely upgrade the script and add more features as time goes by, so check back here from time to time.

Sponsored links

In a previous article, I wrote about buying and selling websites, and the advantages and disadvantages of such investments/sales. There is another point of view related to investing in existing websites, so let’s explain how to continuously increase profit by investing. In fact, it doesn’t matter if you’re selling something, or if you’re trying to sell advertising space on your websites. In both cases one needs visitors. Moreover, these visitors should be new every day (because unless you ask money for membership or similar things, you cannot make money from returning visitors). Instead of analysing methods of generating traffic, let’s focus on content. Unique content can (and it is for sure) be the most important way how one receives visitors who buy, or whom ads are shown to. Despite the fact that there are already free articles, unique content comes with more advantages than disadvantages. Let’s name advantages…

1) Unique content of high quality tells the audience that your website is maintained by professionals;
2) Unique content cannot be marked as duplicate, thus your pages will not be ignored by search engines.

There are some disadvantages:

1) Some dishonest webmasters will copy your content (meaning that you’ll have to file the copyright infringement report with Google. You can also sue all who copy your articles);
2) Others may rewrite your articles (from what I understand, one cannot do anything against this unless these documents are protected by law, and lawsuits generally don’t last 1-2 days and are expensive).

However, the advantages do outweigh the disadvantages. Before I explain how and why I invest in content, please understand that writing content is just one of many methods of search engine optimisation. For others, read articles under the SEO category on this blog too.

A long time ago, I realised that I cannot write 1-2 articles per day because it is simply too time- and energy-intensive. Moreover, I am not an expert in every field, and having to study problems before I can write articles would waste further time and energy. All in all, I’d have to study for 12-14 hours a day before I can spend 2-4 hours writing an article. Rather than doing this, it’s easier to pay people to share their experiences (though the people must be skilled enough). Look how investments and earnings performed after hiring some guys:

The numbers on the horizontal axis are months, and as you can see, the 10th month earnings exceeded investments of the 3rd month. If I stopped investing after the 11th month, then ROI would be 24 months and 7 days (if any further earnings were the same as those of the 10th month).

The basic principle is putting enough money into the investment process, especially in the beginning when it’s naturally very risky. If I spent only £30 each month, then earnings couldn’t rise in that relatively short time period. However, pushing hard in the beginning and then ignoring further investments won’t do any good either. From the above chart, it is clear that more investments result in more revenue.

Here are the rules that I follow (followed, follow and will follow):

1) If you’re going to invest in articles, make sure that it’ll be a long-lasting investment;
2) Start with small budget, and if revenue increases during the first 2/3 months, try to invest more;
3) Invest in the things that you know! I didn’t invest in the stock market as I don’t know anything about it. Instead, I invested in content;
4) Divide investments into two types: money and traffic. Some high-earning pages don’t necessarily have high traffic and vice-versa, but high-quality pages along with high traffic bring more links, which is naturally the best SEO;
5) Tell people that you like their work and increase their hourly rate from time to time.

That’s all, folks!

Sponsored links

(Any figures – such as CPC, eCPM, EPC, CTR, monthly earnings – are imaginary in this article! They have been proportionally calculated to reflect my own situation, but one should not consider them real!) – Google AdSense doesn’t allow publishers to share details about their revenue

I have decided to share the latest things I learned quite by accident about Google AdSense. A few weeks ago my AdSense revenue fell for some unknown reason. The decrease was a massive 10.83%, which means if you earn (on average) £3,300 per month, you suddenly earn only £2,950 after such a negative shift. In fact, £350 here or there doesn’t hurt, but any loss should be considered as a deficit. No matter if you’re doing nothing but enjoying the life, or if you’re hardly investing money into new features or content, a 10% decrease in revenue is disappointing. Moreover, my problem wasn’t caused by negative trends in traffic.

So, I had to end all investments and say “stop” to people who worked for me. After days of analysing the problem I decided to make the following changes:

1) All CSS links became blue and underlined,
2) I stopped using 3 AdSense ads, and instead I started using only 2 ads per page,
3) Colours of AdSense links and URLs became blue too.

After these modifications, the trend of falling revenue ended. Everything became normal again, but why?

Firstly, using the same colours and underlining for ordinary links and Google AdSense ads (as far as I know AdSense links come underlined automatically) tells a visitor that both links are links. Imagine an extreme case, if you use black underlined text on your website: ordinary text is underlined, as are links. People struggle to distinguish what is a link and what is not. So, the best thing is to use the same colours for every link. Links must be uniform, and must look clickable. This didn’t cause any serious CTR increase (because before, links still looked like links; I simply made them consistent).

The biggest change came with removing a single ad unit. Basically, I removed the best earning ad unit. This doesn’t seem to make sense, but I had to do this, since that ad unit wasn’t a part of the content. I should tell you that average per-click earning was less than 6p before that change. After the change, the average increased to about 9p. I was surprised to find that removing the best-earning ad not only increased the average EPC (earning per click), but also didn’t negatively affect CTR! The second best-earning ad became the best-earning one, and the average CTR value fell by just 1-1.5%.

Why did the removal of the ad lead to higher revenue?
Advertisers in Google AdWords bid on each keyword/phrase and Google determines how much a click is worth. Of course, if advertisers specified a maximum CPC in their campaigns, then clicks cannot cost more than this value. On the other hand, since it’s a bidding system, the usual CPC is lower than the maximum offered amount. Imagine this situation: on your web pages you show one ad unit, say 160×600. Also say that there are four links in that ad. Thanks to the fact that only 4 links can be shown per page, only the highest bids are shown. I’m not an AdWords engineer, but the final value of click can be calculated this way: if the lowest bid out of these 4 links is £1.30, then the third link will be worth £1.30 + something(1). And the second link will be worth £1.30 + something(1) + something(2). And logically, the first link will be worth £1.30 + something(1) + something(2) + something(3). It’s just a simple example. All something(x) values are in dollars and are under the control of Google AdWords’ algorithms.

So, the publisher will likely earn more, and advertisers will pay more. Now imagine a different situation: you show 3 ads per page (for simplicity’s sake say that each is a 160×600 ad, and that each ad contains 4 links). So, it’s 12 links in total. Now, that £1.30 value is automatically lower due to the higher number of links shown. This is why showing 1 or 2 ad units generates more money than placing 3 ad units per page. On pages with small content I recommend you use only 1 ad unit.

Always remember that the best way to increase your AdSense revenue is, was, and always will be by increasing organic traffic!

Sponsored links

In this article I am going to hit back against those who offer website appraisals, and I’ll also explain how to appraise a website yourself. Why? Because nowadays website appraisals are more a business than a service. Consider this: how often is a website sold, and how many companies offer you an appraisal? There is a visible inbalance between supply and demand! For instance, I could appraise your website without using the well-known formula that a website’s worth is approximately twenty times its net monthly income.

What is wrong with companies that offer appraisal services?
First, in many cases they’re not even companies! I’ll bet that 95% of websites claiming to be companies are just individuals living in their parents’ house and masquerading as successful businessmen. Secondly, it is a big misunderstanding that someone can appraise a website without having spent at least 3-4 years in the business. When you consider someone, make sure you check the whois data. Also, it is prudent to check the testimonials. Often, they’ll either be missing or fake. A trustworthy testimonial is a testimonial which contains the names of both buyer and seller, contains dates and a mention on some third party’s website. Evidence of a successful sale is also required. Third, how can anyone appraise a site without being an expert in the field? For example, there are thousands of websites devoted to this and that. Say, for example, that you’re an expert bodybuilder, that you spent 10 years studying, training, testing. Then you put the weight of that experience into the website and it earns (in this example, the method of monetisation is irrelevant). All the information is based on your life and your skills, thus the value is considerably higher than 20x net monthly income, isn’t it? In addition, if you were to add more content and features to the website, how can it be worth only 20x of net monthly income?

Okay, now assume the opposite: your website has no useful content, no extra features, and pathetic traffic. It earns perhaps £50-100 per month. Now, why should someone pay twenty times net monthly income if the website needs serious improvement and investment? I’d rather build a website from scratch than pay someone for crap.

So, the concept of paying 20x net monthly income is completely incorrect. If you need an example, let’s imagine this: one of my websites does earn £1000 per month (this is the average based on the last 12 months’ data). If I sell it to you for £20,000, then I’d be earning 20 months’ income at once. And then nothing. In total: one year, eight months, or less than 2 years! All websites require at least minimal maintenance, so spending perhaps an hour a day is worth £1000 per month, isn’t it? But, it isn’t worth losing such a lucrative source of income.

So how to appraise a website properly?
One must pay attention to the potential, previous growth, trends, popularity, usefulness, and current status. So, if a website is 36 months old, and in the past 12 months has earned £1000/month, and if traffic trends look promising, then the website is worth at least £60,000, perhaps £70,000, or even more. How did I arrive at that value? It’s very simple: when you invest in content, ROI should be somewhere between 1 and 3 years. This means that sometime in the last three years, the seller put in enough effort to achieve £1000/month. This means high expenses (in comparison to what people expect from web; low investments and high income). All in all, the seller could have spent between £10,000 and £36,000 during these 36 months. But what if they didn’t spend a penny? Then it’s all about experience, and experience costs something too. If you want to learn something, then you need time, patience, and often money. Would you sell a website for £20,000 if you knew that it cost you between £10,000 and £36,000 to get it to its current state? So again, how £60,000? Add £20,000 (net earnings in 20 months) and add the value of your effort. If trends are promising (and they should be if they managed to earn £1000/month in the 24-36 months after startup), then add another £500/month net income for the next 20 months. That’s £12,000. In total, then, that’s £32000. Please understand that if any website earns £1000/month after 36 months, then there is a great deal of potential to earn much more as time goes by. This must be considered when appraising a website. Now simply calculate the work which has been done since beginning. If the seller spent only one hour a day working on the site during the last 36 months, then that comes to 1095 hours (calculated as 36 months = 3 years, each of 365 days). If he was paid £25/hour, it’d make £27,375 in total. Of course, if there was more work, then more money is needed to buy the site. All told, it’s £59,375. Since I like nice numbers, £60,000 looks better.

This sounds strange to those who buy websites, but to those who create content, write code, and do their own SEO, this is a basic and essential calculation.

I will never sell a website for too low a price. If you’re selling, don’t sell cheaply: it’s a costly mistake!

So, now you know how to accurately appraise a website. Calculate your work and the potential, and you get a result. Never use the stupid website’s value = 20x net monthly income formula!

Since I have been a Google AdSense user for quite a long time (almost three years), I wanted to know how Google AdWords searches, in order to understand how advertisers view my websites. After I registered and paid a small fee, I was able to start exploring how it works. I tried to run a few campaigns, to attract targeted visitors to my forum, and to other pages that were selling some stuff. Everything worked well – I noticed some clicks, some conversions and I was quite pleased with how it worked. Until, one day when I ran reports and realised that many clicks came from parked domains, and that on many websites the CTR was excessively high compared to impressions.

Why is this a real problem and what does it mean?
I don’t mind paying for clicks that came from websites where my ads were shown repeatedly, as I know that these are natural clicks. These websites are usually either forums or sites featuring high-quality content. It is normal for such websites to receive thousands of visitors each day, and so I don’t mind, but why do parked domains generate such high CTR? Why did I pay for clicks on websites where my ad was shown only 2 or 3 times? There’s no great conspiracy theory, but the whole thing is certainly suspicious. Based on my own experiences, CTR does vary between 0.50% and 10% on particular pages. The more relevant content, the more clicks these pages receive.

In order to explain the problem of parked domains, we must understand why this business model exists. It’s nothing more than arbitrage. Parked domains’ traffic must be poor since they cannot rank well in Google (though I have seen some exceptions). Thefore, their traffic sources usually originate in PPC campaigns. Sometimes, CPM advertisements are also used to promote parked domains. Essentially, they buy traffic and sell clicks. It is very unusual to see a parked domain advertised in AdWords, though other advertising networks often perform very well for parked domains. All in all, these domains generate some traffic. Of course, this doesn’t answer the question why parked domains generate so high CTR. I tried parking a domain and in the end I received no clicks. So, there must be a problem within: I suppose that parked domains are the most common source of click-fraud.

Also why do some websites of low quality generate high CTR?

Again, I suppose that these are very common source of click-fraud. It’s very easy: I create a community of clickers, and we’ll click on each other’s ads. This is a quick route to a ban from AdSense, but for some people it’s the only way to earn revenue from AdSense. Some interesting posts on this subject can be found here. So, this is just another reason why on some websites your AdWords campaign “performs” well (a large number of clicks, but very few conversions).

After realising that I had paid for crap clicks, I started writing an email to the AdWords team, but before clicking on the send button I decided to give up. I lost only about £20, and there is really no need to worry about such an amount. I was very careful and conservative with my AdWords campaign and this proved wise.

Just imagine that I could achieve at least 20% or 30% CTR (these numbers are far from the average parked domains’ CTR generated within my AdWords campaign!) on my AdSense account. Put simply, I’d be a millionaire today if this were true. Instead of such high figures, I usually see CTR varying between 2% and 3% in my AdSense statistics. That’s very low in comparison to parked domains, isn’t it? So really, there is something fishy about parked domains or websites with poor content.

These are the reasons why you should target your AdWords campaign at particular websites instead of using keyword-targeting. You’ll pay more, but you can also be sure that such ads won’t prove to be a waste of money. It’s more profitable to get 10-20 clicks per day with a conversion rate of 10% than 100-200 clicks with conversion of 0.05%.

Be aware that if your conversions mean registration (free registration), you could achieve high conversion from ads shown on parked domains. Though you’ll no doubt be pleased to see such a high conversion ratio, these newly registered members could well be fake due to the existence of “clicks exchange networks” that are often based on the “behave naturally” principle. Simply put: these newly-registered people probably won’t return to your website, and they won’t buy any products either.

Google AdWords is good, but make sure that you know what you’re doing. There are some clicks that are just too suspicious.

Sponsored links

Today, I noticed an attempt to hack one of my websites. The attack wasn’t successful, but however it revealed a few minor places to improve. In order to help you secure your website from hackers, I am writing this step-by-step guide to protecting your site. Let’s start from beginning. I’m also attaching a few snapshots to help you understand better what happened to me.

The easiest way to hack a website is by sending a large volume of random requests. To maximise the potential success, invalid URLs are used as well. Invalid URLs are URLs that include characters that try to break MySQL queries (and eventually querys through other database systems). In general, this technique is useless if your website doesn’t send/receive parameters via URLs. However, for any website which is really dynamic, parameters are necessary to let a visitor communicate with the server. For example, imagine a simple search query: if there is a form that allows one to type search terms, then even this one form can be potentially a gateway to hacking a website. In PHP there is a simple way to avoid such vulnerabilities. All MySQL queries must be protected, thus using -

$variable = addslashes(htmlspecialchars($_REQUEST['something']));

is more than necessary. It is a must! What do these functions do to help you? The addslashes function transforms all variables’ values that contain quotes into friendly format, as you probably know if you use this to excecute MySQL queries.

mysql_query($query,$link);

Then the $query variable must contain only two ordinary quotes. Others must be in a friendly MySQL format (“….\”…“ for instance). The htmlspecialchars function helps you to prevent PHP scripts and MySQL data from attempting to insert vulnerable code into data fields or break the scripts and reveal information used by website’s core. In such a way it is possible to find all files, usually to modify them, delete them, or add vulnerable PHP/HTML code to the website. So in the first instance, always protect scripts from queries that can be sent by anyone at any time.

The next very important protection is login area protection. There are bots that try various combinations of logins and passwords. If any user uses a weak password, it is very possible that their account will break under such an attack! This is why you must use two ways of prevention (preferably 3):

1) Use strong passwords;
2) If a login attempt has been unsuccessful (say) 5 times within (say) 1 minute or less, block the account for another (say) 30 minutes and block the originating IP addresses;
3) For important accounts, use an IP-based + password protection (a login attempt must come from predefined IP addresses)

The login process can be additionally secured with CAPTCHA protection (the same applies to the registration areas!)

OK, you’re almost done. Now it is needed to track attempts to hack your website. Every attempt must be recorded for further analysis or to take further action against hackers. I recommend these information to be stored in a log: timestamp, IP address, etc. This data is necessary to stop the attack in the shortest possible space of time after it started. How can we do this? On your server you should have a folder where the script saves log files as text files. For example, only those logs which ended as a failure (disallowed characters within URLs; say that something.php?u=1 can contain only u=1 or u=2, so u cannot be anything else, and if it is, then it is considered as an attempt to hack) should be stored. The script should save these logs immediately after such a script is called. After saving, a function that compares logs should be called. The result of our imaginary function can be “Allow”, or “Disallow”. If the disallow option is the result, the document is redirected to an error page where you explain all reasons of doing this redirect. You must not use MySQL for storing logs because if your server returns a MySQL error “too many connections“, then the scripts won’t be able to thwart any potential attack! Also, any filesystem is faster than a database system.

As I indicated above, there could be a problem with too many connections. This happens when too many requests are sent to a server. The only working strategy how to thwart these attacks is denying requests from same IP addresses. A human visitor WILL not send more than 1 request per second (consider the period of 10 seconds to be the average, measure requests per 10 seconds; a human user will not send more than 10 queries to your server during these 10 seconds!). Actually, a human visitor will hardly make 5 requests during 10 seconds. I recommend you to block everyone who sends more than 10 requests during 10 seconds. Except Google. Google can send more than 2-3 requests per second, thus resolving the hostname is necessary too.

Apart from hacking attempts, sending too many requests doesn’t have to reveal potential vulnerabilities. Do not forget to turn off the error reporting in PHP. Below is a very handy function that don’t show the MySQL error. Instead of using

mysql_query("...",$link)
or die("..." . mysql_error());

use

mysql_query("...",$link)
or some_die_function(__FILE__,__LINE__);

Where the some_die_function sends you an email and terminates the script showing some error message to the visitor. This way you assure that no details are shown to the visitors and hackers!

This system may sound too complicated, but it really helps. At least make sure that no error is shown to the user. Even if your website is down, you still control everything. Checking your logs can help you find out what happened. The function that reports errors tells you exactly what happened. Next time you can be better prepared. Look at the snapshot below: The attack lasted only 5 minutes (the snapshot is just a small section of the report), and then subsided. If it happens again, everything will be secure.

The IP ending with .166 was one of the attackers.

By the way: always use strong passwords. And use Linux!

Sponsored links