Archives for January 2014

Who is Googhydr-20? It is Amazon!


You probably found this blog from the keyword “googhydr” either ending in -20 or -21. This is an Amazon affiliate id and the -20 indicates US market while -21 is the UK market. I too did some digging into this after researching keywords and SERP listings and Adwords listings and kept seeing this Amazon affiliate linking directly to Amazon. Being an Amazon affiliate myself it was easy to figure out the affiliate ID googhydr-20 from the link.

The name is kind of ominous if where googhydr is pronounced “Goog Hider” which could mean “Google Hider”, so is the associate trying to hide from Google?

I had been contimplating doing the same thing this googhydr character is doing for some time. It seems so easy why isn’t everyone doing it? I started digging around and reading up on Amazon’s rules.

This Adwords listing by the Amazon affiliate was doing exactly what is prohibited to Amazon associates to do. In the Amazon Associates Operating Agreement, section 7:

“Prohibited Paid Search Placement” means an advertisement that you purchased through bidding on keywords, search terms, or other identifiers (including Proprietary Terms) or other participation in keyword auctions. “Proprietary Term” means keywords, search terms, or other identifiers that include the word “amazon,” “Kindle,” “myhabit,” or “Javari,” or any other trademark of Amazon or its affiliates ( see a non-exhaustive list of our trademarks), or variations or misspellings of any of those words (e.g., “ammazon,” “amaozn,” “kindel,” and “javary”). “Redirecting Link” means a link that sends users indirectly to the Amazon Site via an intermediate site or webpage and without requiring the user to click on a link or take some other affirmative action on that intermediate site or webpage. “Search Engine” means Google, Yahoo, Bing, or any other search engine, portal, sponsored advertising service, or other search or referral service, or any site that participates in any of their respective networks.

If you do a search for Googhydr you might come across this website where the page claims to be an independent reseller who has tagged every possible Google search keyword. The page then goes onto to convince you to click on a link to buy a book on “Exploiting Amazon and Adwords PPC”. I can tell you that the claim on the website is false and a scam.

Googhydr is Amazon itself running its own Adwords campaigns.

It might not seem fair that Amazon who already dominates the organic search engine keywords for just about every product also adds itself to Adwords keywords and the same time won’t allow any of its associates to do the same. Well as they say life isn’t fair.

A few related discussions about this topic include


Htaccess Password Protect Word Press Admin


Brute force cracking Word Press sites admin login is rampant because it is very easy. Word Press doesn’t offer much in the way of the way helping protect your blog from such attacks. Brute force attacks is a method of trying to guess the password either systematically or via a common password dictionary list. One of the easiest ways to deter would be hackers is to add a second layer of password authentication to the administration area. Using htaccess rules to require a password before getting to the WP admin password will thwart nearly all the cracking bots out there. Just be sure you make the new htaccess login user name and password completely different than the one used by WP.

To setup htaccess password protection for your Word Press admin area you need to first create a text document called .htpasswd. You can either use the linux shell htpasswd or the online tool HTPasswd Generator. Once you created this file save it or upload it to your wp-admin directory. (It needs to have the period at the front of the file—the period hides the file from view and access by direct web access on the linux apache system.)

Next you need to edit or create a file in your wp-admin directory called .htaccess it should look like so:

ErrorDocument 401 "Access Denied"
ErrorDocument 403 "Access Denied"
AuthName "AuthorizedAccess"
AuthUserFile "/home/your site/www/wp-admin/.htpasswd"
AuthType Basic
require valid-user

In the line that starts with AuthUserFile you will need to adjust the path to where the .htpasswd file you will create will be located. In most linux servers the path needs to be absolute, so it has to start at /home or whatever the start is, you can’t just go AuthUserFile .htpasswd (On most servers.)

Now when you access your wp-admin page you will get an htaccess popup window requiring the user name and password from the .htpasswd file first before you can access the Word Press login.


Automating Google Webmaster Tools Validation (PHP)

In order to claim a website with Google’s Webmaster Tools you have to verify you own it or at least have access to the file system. In order to do so Google gives you a file to upload to the domains www directory that is something like this: google9bf026a5h34deb40d.html

It use to be this file was completely empty returning nothing. However this probably lead to some hacking abuse where certain websites were not properly configured to give an empty page for 404 (page not found.) It doesn’t take a genius to figure out such a website could easily be registered as your own as the call to the validation file would return exact what Google was looking for.

The validation file is no longer empty and Google won’t accept empty files they now must contain the following:

google-site-verification: google9bf026a5h34deb40d.html

You can see the name of the file is now part of the content which helps eliminate validation hijacking

Suppose you got a lot of Google friends or accounts that you want to allow to have access to your site with their webmaster tools. Updating their individual validation files can be a chore so here is an easy way to automate the process.

This example is not exact you will need to adjust it to your own needs.

First add a line in your .htaccess file.

RewriteRule ^google ([a-zA-Z0-9]+).html$ googlevalidateme.php?v=$1 [NC,L]

Then have a PHP program called googlevalidateme.php

echo 'google-site-verification: google'.$_REQUEST[v].'.html';

So with this example any calles to googlexxxx.html will pass xxxx as a value to googlevalidateme.php which will return the correct validation code for Google.

Of course you might want to improve this with a call to a master list someplace so that unwanted others can’t validate and spy on you.