Flour Power

The Green Dragon resting at the Galway docks.

I did it. I managed to get a post to be the first Google result for a couple of search terms. And I did it 3 times, for 3 different posts, in 3 different days.

At first this sounds something really hard to do. And I guess it is, in normal situations. But on this occasion a couple of factors contributed to make it possible. And quite easy. Here's what happened.

It started when I received a Facebook message urging me to visit some website. The message had no description of the site, and the website address was a bit obfuscated. I immediately knew it was a scam, and deleted it promptly. Later that day I got another such message and thought I might as well post it here on my blog as a way to warn people to not visit that website. To my surprise, this is what I saw just a few hours later:

At first I was convinced it was some kind of bug, but upon looking at the most visited pages I saw which one was the "culprit". I noticed a huge amount of visitors coming from Facebook and Google and went on to confirm that post was the first Google result if you searched for the contents of the Facebook message.

So, what happened? Apparently Google's crawlers can be really fast sometimes and my post was indexed almost as soon as it was posted. With the Facebook scam in full throttle, thousands of people were receiving the same message. A lot of them probably did like me and deleted it immediately, but many others googled it (some before and some after entering their Facebook credentials on the site). At the same time the link to the blog post was being passed around on Facebook, meaning even more visitors. With a lot links for it from Facebook, the page became the #1 Google result, and that resulted in a lot of visitors, and eventually some more links to it, making the position even stronger.

Now, guess what I did when, 2 days later, I received a similar message? Yes, I posted it as well, and lo and behold, the visitors started pouring in again.

By the time I got a third message, just 1 day later this time, I knew that I could do it again. This time I took a slightly different approach and instead did a list of the pages that are conducting this Facebook phishing scam. Sure enough, the post got another wave of visitors.

At the time of writing of this post, the avalanche is dying down, but I'm still getting way more visitors than normal. And the original post is still the most visited, although it's not #1 in Google anymore.

In my opinion, there were a few very important factors that made this possible. First, and maybe the most important, was the fact that I was probably one of the first to post about it (lucky me for having technologically gullible friends). How Google found it so fast I don't know, but when people searched for it, this blog was the only one talking about it and so it showed up right at the top. Second, the Facebook message hit a huge amount of people in a short span of time. As I saw someone commenting, it must have been because it was weekend and there were less Facebook employees "policing" the site, and it took some time until such messages started being blocked.

The results? About 6500 visitors in the first hour and a total of 35.221 unique views on that first post until now. The whole thing (the 3 posts) produced almost 50.000 page views during the last 5 days. The number of RSS subscribers shot up from 28 to 120 on that first day, and has now come down to about 50, which is still a good improvement. The revenue from the ads is enough to buy a couple of pints.

Now I hope I can do it again sometime soon. Will try to get myself prepared so that I can get a higher visitor retention rate, and better clickthrough rates on the ads.

My video reporting of the Volvo Ocean Race in Galway continues with a couple of videos of Lucia Evans' performance at The Topaz Main Stage in the Galway docks yesterday (May 26). A very windy night, as you can see and hear in the videos, but that didn't keep everyone at home, and the turnout was quite decent. Nothing like the previous day, though.

Well, it really seems like a new site trying to steal people's Facebook credentials shows up every day. The .at and .be domains were attacked last week and this week the target seems to be the .ru domain. Yesterday I got a message to visit vingers.ru, and today the attack is coming in the form of nanoraw.ru. The Facebook message is similar: "Hello" for the subject and "nanoraw(insert dot)ru".

Here's the list of sites that have been spotted as part of this scam so far:

• afoi.ru
• areps.at
• bests.at
• bestspace.be
• brunga.at
• goldbase.be
• greenbuddy.be
• indigoline.be
• kirgo.at
• mymarket.be
• nanoraw.ru
• nutpic.at
• picoband.be
• ponbon.im
• redbuddy.be
• redfriend.be
• silvertag.be
• simplemart.be
• sweeter.be
• vingers.ru
• whiteflash.be
• whitemart.be
• yospace.be

Instead of making a new post every time a new scam site shows up, I'll instead update this list as soon as I find a new one. So you can bookmark this post to keep safe.

I've also noticed that the sites only work the first time you access them, and return a 404 Not Found error in subsequent requests. I'm guessing this is some kind of attempt to hide from the victims.

These have to be the World's dumbest criminals. Watch how two burglars try to break into a shop and end up knocking themselves out. Hilarious!

The third day of the festival celebrating the Galway stopover of the Volvo Ocean Race had Oleku Band playing in The Topaz Main Stage. I headed down there to check it out, although I wasn't expecting much, because it was a quite cold (and almost raining) Monday.

But what I saw left me positively surprised. There were actually quite a lot of people outside, and the majority was actually dancing to the African rythms presented by the Nigerian band. Near the end of the performance a few of the audience members started dancing Capoeira which rapidly gathered a big crowd around them. Fun stuff.

Here are two movies I recorded of the Oleku Band performance (no video of the Capoeira session because there wasn't enough light):

So it seems that every other day a new Facebook phishing scheme springs to life. Or rather the same scam keeps showing up disguised in a new country domain. First it was the .at domain, a couple of days ago the .be domain and now it seems .ru is being targeted.

I just received a message from one of the friends that sent me the "wwww whiteflash be" message, now with "Hello" as the subject and "www vingers(enter dot)ru" as the message body. Again, the site looks like the Facebook login page to try and steal your user credentials. The good news for Google Chrome users is that the browser identifies the site as a malware sites and displays the corresponding warning. Can't say the same about Firefox and Internet Explorer 7, though.

You should NOT provide your Facebook credentials to any site that is not http://www.facebook.com. You shouldn't even blindly trust the browser address bar, and instead make sure you type the URL yourself. Take a look at this article that outlines the danger of having your Facebook credentials stolen.

Here's a list of sites that are being used to conduct the attack:

• afoi.ru
• areps.at
• bests.at
• bestspace.be
• brunga.at
• goldbase.be
• greenbuddy.be
• indigoline.be
• kirgo.at
• mymarket.be
• nutpic.at
• picoband.be
• ponbon.im
• redbuddy.be
• redfriend.be
• silvertag.be
• simplemart.be
• sweeter.be
• vingers.ru
• whiteflash.be
• whitemart.be
• yospace.be

UPDATE: The vingers.ru site is returning a 404 Not Found error at the moment. I guess the scammers are changing domains faster now. I would expect a new one showing up soon.

UPDATE: Check this list of scam sites that I compiled and will be updating when some more sites show up.

The new Dave Matthews Band album - Big Whiskey and the GrooGrux King - is now available for free streaming at Pandora.

The album will only be in stores from June 2nd.

On related news, Dave Matthews Band and Hulu are teaming up to present Hulu’s first-ever live concert stream. The Beacon Theatre show will begin at 9pm EST on June 1st (5am GMT on June 2nd) and Hule will show to fans for free via a live stream at Hulu.com.

The concert is one of numerous elements of Hulu’s first music partnership. Beginning on Thursday, May 28th, Hulu will begin introducing DMB videos leading up to the Beacon Theatre concert and will also air Dave Matthews Band’s upcoming performances on “Late Night with Jimmy Fallon” and the “TODAY” show.

Dave Matthews Band - Big Whiskey and the GrooGrux King @ Pandora
Dave Matthews Band official website
Pre-order the album

Last night was the official opening of Galway's stopover festival for the Volvo Ocean Race. I headed down to the docks to watch it, and also recorded as much of it as I could. The videos are a bit shaky, but you have to believe me when I say it's hard to hold a camera over your head for more than 20 minutes.

So here are the bits that I could get (beware of the bits in Irish):

More videos will be added as soon as Youtube finishes processing.

UPDATE: Check this list of scam sites that I compiled and will be updating when some more sites show up.

I wasn't affected by last weeks areps.at Facebook phishing scam, but it seems like another one is underway right now. I've been getting some messages on my Facebook account with the subject "Look at this" and "wwww whiteflash be" as the message body. The site whiteflash.be looks like a Facebook log-in page, and is designed to steal your credentials and use them to send similar messages to all your friends.

Mashable mentions some other sites that are also part of the attack:

goldbase.be
greenbuddy.be
silvertag.be
picoband.be

So, if you receive such a message, DO NOT go to those sites.

UPDATE: You can add simplemart.be to the list of culprits, just received one message poiting me to it, with the subject line "Hello" and the text "Check simplemart D0T be, , 575222". The weird thing here is that when I went I actually went to Facebook to check it (I saw it as an email notification) is it said I had deleted the message, which I didn't. Maybe the Facebook staff is now onto it.