MyBlogLog Exploit - Getting Free Keyword Targeted Links
In the last year I have found many little holes in applications and with networks like Google, Microsoft, Firefox and ect… I shoot them a email with what I find and they email me back and its fixed. I was doing this with the MyBlogLog people but now that they are owned by the man it seems they would rather out things publicly and try to embarrass people rather then email so lets just get these out in the open then shall we.
One of the first examples I saw of this is TechCrunches hosted Mybloglog community page (a special deal they have with mybloglog to host it on the techcrunch.com domain) that shows the #1 link on his site is pornotube. But wait… Michael Arrington doe not link to pornotube does he? How the crap does that work? So I started doing some investigating…
Well this one is pretty simple… I don’t even think its worth calling a exploit.
Check out Andreas site. Notice the Free Ringtones link in her top visited links?
How did that happen? She does not even have a link on her site for Free Ringtones?
Basically all you have to do is make a html with the MyBlogLog javascript code for the site you want your link to appear on (view source on the page to get the code) Then put your links on the same page like you see here on my dev site.
Click on the link then back as many times as you think needed to appear #1 then watch the next day as your free targeted traffic rolls in. If you run live headers you should be able to find a even easier way to do this…..
Its amazing that this works really… there is no checking of unique ip addresses or referrers… Should be pretty easy to fix.
(O ya sorry andrea for using your site as a guinea pig) <3
- 47 Comments. What say you?
- RSS
- Delicious
- StumbleUpon
- Furl
- Digg
hah! I bet Yahoo regrets try embarrass Andy Beal now.
*LOL* i am sure tomorrow there will be all kinds of links for various things on peoples mybloglog!!
Haha, I love the way you smacked down MyBlogLog for the Andy Beal incident. In all fairness though it wasn’t their fault what JZ did.
I am not saying its anyones fault… but if you want to out spamming techniques then lets out them. Just like JZ drew attention to how effective a avatar could be (notice how everyone uses a sexy girl or something)
Ya, it probably isn’t the best of ideas to call out bloggers, with a track record such as Andy Beal, especially when they are not doing anything wrong in the first place.
nice catch shoe taking this off my site now
AKA
@ Cameron — yeah, what you said.
Hilarious - definately worth a DIGG!
Oooohhh that smarts. Well at least you were kind enough to keep the real ones from public. See who the real spammers are now!
So in your attempt to get back at Jeremy (an invididual) you publicly distribute a serious exploit for MyBlogLog (a product you openly adore and take pride in being one of the main reasons for its success)? Kind of harsh don’t you think?
Hey, he could have started a list instead of just posting one
please dude if you think this is a serious exploit you are really sheltered in the security world. Its a frickin html page
I’m sorry - ***somewhat-harmful*** exploit. Still doesn’t negate the logic.
I think the proper term should be ‘loophole’ instead of explolit.
The exploit in wordpress that caused all the seo blogs to be hacked is an exploit.
Too funny!
The only thing is it won’t do much for linkpop being just a JavaScript but for traffic generation its probably fine - if you target the right blogs
Great stuff. The program is still young tho.
Hi, do you mind approving my longer, slightly earlier remark where i said something substantive?
Scott your auto whitelisted so anything you comment is posted…
Hey Shoe, I don’t see Scott’s comment but I figured he’d say something (the MyBlogLog guys are pretty good about responding to this kind of thing) and was wondering what he said… so with that, maybe you should find out why his post didn’t make it through your whitelist.
Nice, now people are using my site to see the changes
hahahah oh well, its fun!!!
Hey nice tip! Thanks, sorry moved your #1 Free Ringtones down to #2! but i had to test to see if it worked…
Nothin like free traffic, gurl….
Looks like the ringtones have slipped. But now you got child care center spam…
If you run mybloglog, check your referrers; some not-so-clever person is running something that shows up as:
http://localhost/mybloglog/spamrun.php
I wonder what the intent is there.
Thats just the test run..
LOOK WHAT YOU’VE DONE NOW SHOE !!! (Its all your fault)
For the rtecord, Shoe, the PornoTube link *is* a link that was on TechCrunch. It’s not our fault if his readers love porn too. The day he covered our reader rolls he also posted about some dating site, which got four times the clickthrough that we did. People are predictable.
Thanks for calling out the spam technique. Fixing this isn’t quite as simple as we would hope, but we’re working on it.
Not that it matters, but Arrington does link to Pornotube
Following up on my previous post: http://www.techcrunch.com/2006/07/25/youtube-has-porn-clone
Thanks for information.
it is interesting - thanks for the information!
[...] Update: MyBlogLog Exploit - Getting Free Keyword Targeted Links bookmark this article: [...]
[...] MyBlogLog Exploit - Getting Free Keyword Targeted Links Yikes! People can put porn and ringtone affiliate links onto your community site. (tags: mybloglog exploit) [...]
[...] Now, you can actually insert a link on this list which is actually not found on the site. I mean, there’s a techique you can use so that a site will be listed on this list. This technique is discovered by Shoemoney. Basically all you have to do is make a html with the MyBlogLog javascript code for the site you want your link to appear on (view source on the page to get the code) Then put your links on the same page like you see here on my dev site. [...]
[...] a hack at ShoeMoney. I’m sure this will only get more interesting as MyBlogLog becomes more [...]
[...] und so einige HighQuality Keywordlinks für seine Projekte bekommen. Wie, das hat Shoemoney herausgefunden und vor ein paar Tagen in seinem Blog [...]
[...] for exploits isn’t my forte it makes me feel all warm and fuzzy knowing that there is another really smart guy who can give a n00b like me the lowdown on spam how it’s done, and most importantly how to [...]
[...] and I’ve been relatively impressed by their promptness in answering these concerns in various blog comments. But I think there are some major issues that need to not just be “addressed” [...]
[...] - Shoemoney has covered two of them and I’m sure more exist. One is a flaw that lets anyone hijack your “top 5 links” to enter in their own spammy keyword-laced links. Another is a way that uses a MyBlogLog cookie [...]
[...] has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was [...]
[...] has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was [...]
[...] has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was [...]
[...] Shoemoneyã?¯é?ŽåŽ»ã?«ã‚‚様々ã?ª ãƒ?ックãƒ?タを出ã?—ã?¦ã?„ã‚‹ã?Œã€?å ªå¿?袋ã?®ç·’ã?Œåˆ‡ã‚Œã?ŸYahoo!ã?Œé‰„柱を下ã?™ã?®ã?¯ä»Šå›žã?®æŠ•ç¨¿ã?Œåˆ?ã‚?ã?¦ã? 。ã?“ã?®ãƒ?ックã?§ã?¯åˆ¥ã?®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã?«æˆ?ã‚Šã?™ã?¾ã?—ã?¦ã‚¦ã‚§ãƒ–サーフィンã?™ã‚‹æ–¹æ³•ã‚’照会ã?—ã?¦ã?„る。ã?ªã?®ã?§ã€?自分ã?®ã‚³ãƒ³ãƒ”ュータã?®ã‚³ãƒ¼ãƒ‰ã‚’å°‘ã?—書ã??æ?›ã?ˆã€?MyBlogLogã?®æœ€æ–°èªã?¿å?–り専用ウィジェットをインストールã?—ã?¦ã€?誰ã?‹æˆ?ã‚Šã?™ã?¾ã?—ã?Ÿã?„MyBlogLogユーザーã?®ãƒ—ãƒãƒ•ã‚£ãƒ¼ãƒ«ã?¨ã‚¢ãƒ?ターを使ã?£ã?¦ã‚µã‚¤ãƒˆã?«è¡Œã?‘ã?°ã€?ã??ã?®ã‚¦ã‚£ã‚¸ã‚§ãƒƒãƒˆã?«ã??ã?®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã?®è¡Œå‹•ã?¨ã?—ã?¦è¡¨ç¤ºã?•ã‚Œã‚‹ã€?ã?¨ã?„ã?†ã?“ã?¨ã? 。 [...]
[...] Shoemoney reports on a exploit in MyBlogLog to get free keyword targeted links. The exploit utilizes the top links for your Blog provided by MyBlogLog which would allow marketers to use this and have their site appear on a community’s top links section. A brief post about this can be found at Shoemoney. [...]
[...] reports, popular affiliate marketing blogger has been banned from MyBlogLog after revealing several MyBlogLog exploits. With a particular one sending him over the edge with [...]
[...] after the Shoemoney incident MyBlogLog fixed the authentication issue and in order to be logged in you had to go back and log in [...]
[...] this post please read my friends great SEO Blog- Eli Feldblum . links to some former MBL exploites: shoemoney-1, shoemoney-2, jensense, [...]
[...] has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was [...]
[...] than a few spamming problems in this network. Just check out these two article from Shoemoney…1 2 personally as it stands right now the risk reward ratio make it worth it to me, but I reserve the [...]