educational

Cloaking META Tags

This short tutorial will cover the cloaking of web page META tags, which follows a different procedure than the IP delivery and full page cloaking method commonly employed for high grade Web page and serach engine stealthing.

Server Requirements
To take advantage of this procedure you must be able to make use of Server Side Includes (SSI) on your web server. Note IIS/4.0 users: The code presented here is an extended SSI expression which is not supported under IIS/4.0.

META tag cloaking is effected by excluding browsers from viewing certain parts of a web page, specifically the header where META tags are positioned by default. Browsers are determined by their UserAgent variable. Once properly cloaked, it won't make any difference whether you read the source code online or whether you download it for viewing offline – the META tag code will remain hidden, the browser will not be able to read it and will therefore not download it either. Here is a list of UserAgents as used by popular browsers:

- "Lynx": Lynx text browser
- "Mozilla": Netscape browsers
- "MSIE": Microsoft Internet Explorer
- "NCSA Mosaic": Mosaic technology based browsers like Spry, Spyglass, etc.
- "Opera": Opera browser
- "WebTV" - WebTV's proprietary browser

Activating SSI via .htaccess
If your web server is not configured for SSI by default, you will need to upload a file named ".htaccess" (please note the period/dot at the beginning of the file name!) to your server directory. This can be done by Telnet or FTP. The .htaccess file should have the following content:

Options Includes +ExecCGI
AddType text/x-server-parsed-html .html

Note that many web servers will not require the specfication "Includes", meaning you can omit it altogether. However, since it won't do any harm to keep it in your file, we suggest you do not change the above entry. Thus, should you switch servers some day, you will not have to readjust your .htaccess file. After you have uploaded the modified .htaccess file (MUST be in Ascii mode!), you're ready to go.

In the HEAD section of the web page whose META tags you wish to protect, place the following:

<!--# if expr="\"$HTTP_USER_AGENT\"
!= /Mozilla|MSIE|Opera|Lynx|WebTV|NCSA Mosaic/" -->

VERY IMPORTANT: The above should actually be in one SINGLE line! Page formatting tends to word wrap lines which are too long for display, but make no mistakes: The code above MUST be free from line wraps, or it won't work! Under this first header entry, you may now add the actual META tags you wish to protect. When you are done, you must close the protected section with the last header entry, or the rest of your page won't be displayed either!

<!--# endif -->

VERY IMPORTANT: If you have other entries in your page header (e.g. for an external CSS style sheet, an external JavaScript applet, etc.) you MUST place these OUTSIDE the protected area (but WITHIN the header tags) or they will not work unless you are operating with a browser sporting a UserAgent not included in the code above.

So What Does It Do?
The SSI code outlined above will determine the accessing browser by its UserAgent variable. If it is recognized, the system will skip the content within the exclusion tags, effectively preventing the META tags from being displayed. Search engine spiders not using common browser UserAgent variables (most don't) will still get to read the META tags nevertheless, which is, of course, what you want them to do.

The method outlined above may well qualify for "poor man's cloaking" - it is NOT an industrial-strength protection against code snoops, the more so as UserAgents can easily be forged ("spoofed"), but it will cover about 95% of all ordinary browsers and their users without putting an undue strain on server load and, hence, system performance. Bear in mind, too, that META tags are gradually losing in importance as many search engines have stopped indexing them because of massive abuse by keyword spamming ("spamdexing") and irrelevant description tags in the past.

This technique can also be used to prevent email harvester bots (address extractors) from culling email addresses from textarea fields. You can read more about protecting textarea fields from email harvesters here.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
Show More