Valid HTML 4.01!


Valid CSS!


 

Make Money Online - 101 Succesful Ways to Do It
Work From Home
Home Business Ideas
Make Money With Social Networking and Bookmarking
Business Opportunity - Make Money From Websites
Business and Job Opportunities

Auditing the Figures, Inspecting the Claims


<< Return to Due Diligence on Websites / Blogs

Sellers of websites may make all manner of claims about their traffic but it's up to the prospective buyer to do a bit of digging around himself. He needs to satisfy himself not just about the honesty of the seller's claim but the technical accuracy of them as well.

We've compiled a list of top due diligence checks. This page assumes the reader is familiar with all the terms and with the basics of server logs and their analysis previously covered on this page.

 

Access stats even when you don't have the login!

Haven't been given access to the stats? You may find that you can still access them because of security holes in the application!

I won't dwell too much on this as some of these techniques are borderline "hacking" but I'll point readers in the right direction if they wish to research these techniques themselves.

That said, there are some easy vulnerabilities that require no advanced knowledge at all. For example, some sites' stats pages may be accessible for the simple reason that the owner forgot to set a password or tick a box to make the stats "private". It's childsplay to get to such stats pages. If a particular package always has their credits at the bottom of their stats display pages then a simple Google search for that credits text should uncover the goods. See this example - it throws up sites using AWStats who forgot to enable protection. If your target site used AWStats the simple expedient of adding the domain name to the search query (like so) should do the trick. Or this for Webalizer stats. Or webstat or screenshots that sites themselves sometimes stupidly save outside of protected areas.

Anyone wishing to learn how to find vulnerabilities that open the door to traffic stats could try searching for terms like Google Hacking Database, Goolag and Google Dorks.

 

Get javascript logs even if the site doesn't have javascript tracking installed!

While traffic stats from javascript tracking like Google Analytics or web counters is a lot more reliable than server logs (as described on the previous page) - there's a catch: Most sites don't have the code installed and so can't provide the Google Analytics stats.

There's a work around - look for other javascript in the source code of the page. For example, a third party affiliate program or Google Adsense is likely tracking a lot of the visitor metrics. Third party code differs in the extent to which it mines information from visitors but all of them extract, at a minimum, how many visitors arrived and where they came from. (Adsense also collects information on what keywords they came in on etc., but not all that data is shared by Google).

Check the source code of the site's pages for javascript and enquire about the metrics available from that program and how they can be examined. And, bingo, you've got javascript logs! Some of those third party counter sites make the stats available for free to all and sundry!

Tip: If the seller isn't comfortable providing logins to his affiliate/Adsense/other account you could use screen sharing software to see, live, over the internet what's on his screen (thus eliminating the risk of doctored screen shots). Crossloop seems to be a good program for this.

 

Visitor numbers - Capture the reality by cross comparing traffic

Where a seller has multiple sources of traffic logs - for example server logs and Google Analytics / Adsense - it's worth plugging the daily visitor figures from each into the same spreadsheet and superimposing one graph over the other. They will never coincide exactly but if one suddenly diverges from the other on a particular day or two, it's worth some investigation.

This could be taken one step further: Adsense, server logs or other internally generated figures could be compared against third party tracking services such as Alexa and Quantcast. (Note: Some skill needs to be exercised in judging the comparisons as Alexa is quirky, can be easily skewed by a few people with the Alexa toolbar installed and is likely to diverge by a larger margin than a server log vs Adsense overlay). 

Caveat: Stats from some sources like Adsense include page views from cached versions of the site elsewhere (like Google cache) and hence may be a slight over-statement.

Understand Your Traffic

Trick the Trigger Happy Trader!

Fire up notepad, stick this text in it, save it as a batch file (with a .bat extension) and double click on it:

@echo off
:1
start C:\Progra~1\Intern~1\iexplore.exe “http://yoursite.com“
ping -n 10 127.0.0.1 >nul
taskkill.exe /im iexplore.exe
goto 1

Figured out what happens? Yes, your PC keeps loading the same page repeatedly and driving up the visitor count in the logs!

See how easy it is! How do you detect it in the logs?

This is relatively unsophisticated activity. Repeatedly loading from the same PC would show up in the logs as multiple access from a single (or few IPs).

Tip: When analysing the traffic logs, visitors can be listed in order of visit frequency and the most frequent visitors need to be investigated. Using their IP and our website tools you could usually pinpoint the town they live in and compare that with the site owner's address (and even the IP in the header of his emails) - though this geo-location isn't 100% accurate.

Caveat: Before arriving at the most frequent human visitor there is the small matter of the bots. The most frequent visitors are likely to be the search engine bots. Plugging an IP into a DNS tool discloses who that IP belongs to. Obviously if it belongs to Google or Yahoo the traffic attributed to it is the result of the search engine's crawling of the site - a perfectly normal activity, just not from a human visitor.

 

Don't Forget the Horse's Mouth

Where there is user interactivity on a site - e.g. with forums, wikis and blog comments - it can provide a lot of inside information. Complaint threads in a forum's "Feedback" section, blog comments etc. are worth spending some time perusing. In the case of forums the buyer can ask for temporary moderator access.

It's not unusual for such research to throw up interesting facts such as 

- a recent blog competition the owner ran that resulted in a sudden sharp rise in membership or inward links

- an impending member exodus because of dissatisfaction with how the community is being managed

- a discussion among moderators about a losing battle against SPAM

- a thread which raises questions about the long term viability of the site (e.g. a software site that's going to have no future because the new version of Windows is adding this software's functionality for free)

 

Get Google Webmaster Tools Access

Google Webmaster Tools provides a lot of information not visible in the logs. It shows where Google had trouble accessing pages, diagnostic information, subscriber figures, linking patterns in and out of the site, keywords that the site ranks best for and much else.

Not all sellers are keen to provide access to their Webmaster Tools login as this opens access to inside information on other sites they own too. A compromise could be to get them to load your text file - sign up to Webmaster Tools and Google gives you a text file - to their root directory. That gives you temporary access to the information without infringing on other sites they own. It's an easy matter for the seller to change that text file back to his once due diligence is complete, and that restores control.

Even this is a step too far for many webmasters as the login to Webmaster Tools can cause a lot of damage in the wrong hands. For the more skittish seller there is always the option of suggesting he take Webmaster Tool screenshot images to demand.

 

Lots of Traffic is Not Always a Good Thing

Most hosting companies provide details on bandwidth that was taken up and how much that cost. Some sites eat up more in bandwidth costs than they generate in revenue.

It's not just the quantity of traffic that matters but its quality, where it's coming from and even the terms visitors are using to find the site.

- Quantity

It's easy to show large volumes of real (or fake) visitor traffic, especially if it's being done only over a short period. It's less easy to show consistent stats stretching back months, to show them coming from specific search engines and to show the high-value search terms they are coming in on.

As touched on earlier, it also bears to appreciate how the stats package is treating automated visitors like bots and spiders and how well it recognises them. (See the How do Sellers Prove Traffic section and, in particular, the comments on javascript based analytics). It may be worth investigating if a lot of the apparent traffic is caused by third parties hotlinking images or other files from the website that's for sale. Those aren't, of course, human visitors to the website. Hotlinking is leeching bandwidth but are there any benefits being derived from it?

Distribution of the traffic is also of interest. While most visitors tend to arrive via the homepage, it's not unusual for an internal page to be the main entry point. When one page accounts for a very high proportion of the traffic that is an obvious risk.

- Quality

Traffic from some countries is considered more valuable than others. Typically, traffic from developing countries is worth less than equivalent traffic from, say, the US or UK.

Ultimately, it's about what the website visitors add to the bottom line. If the revenue is exclusively CPM then page views is what matters and it's not very relevant where the visitors originate. However, for most sites it's about conversion - making a purchase or clicking a link or signing up to a service - and conversion rates do make a difference.

 

Referrers

Traffic can also be bought. There's nothing wrong in bought traffic, of course, if the full facts and costs are disclosed. However, that's not always the case. Sellers have been known to inflate their traffic by secretly incurring undisclosed costs for Pay Per Click campaigns which traffic then disappears when the PPC campaign is stopped. A thorough examination of the referrers should be conducted and traffic from referrers that are possibly ad networks need be investigated in even more depth.

Traffic coming from the seller's other web properties is less easy to discern. For referrers sending a significant percentage of the traffic it may be worth running a WHOIS check and doing a bit of other digging around (tools to help with this).

Part of investigating referrers is investigating the inward links. Yahoo's link: and linkdomain: searches are more reliable than similar results shown by Google. If there are some particularly high PageRank referrers it may be worth running a WHOIS to see who owns the relevant site. Sellers often link to a property from their various other sites - links which could be withdrawn after sale. Even if those links don't contribute directly to traffic they are likely playing a part in influencing search engines about the value of the website that's for sale. Link exchange programs are, similarly, a red flag both in terms of being risky SEO and in terms of inward links being very short term-ish.

Log SPAM is another problem to watch out for when investigating website traffic logs. It can bring "bad neighbourhood" penalties. 

Caveat: Many buyers seem to lay a lot of store on traffic from search engines. The larger the percentage of traffic from search engines, the safer they believe the long term traffic prospects are. This is misguided thinking. Search engine algorithms are fickle friends. The golden rule is that the higher the percentage of traffic from any one source - including search engines - the greater the risk to the buyer should that source cease sending visitors.
 

<< Basics of Due Diligence on the Internet