In the last year I have found many little holes in applications and with networks like Google, Microsoft, Firefox and ect… I shoot them a email with what I find and they email me back and its fixed. I was doing this with the MyBlogLog people but now that they are owned by the man it seems they would rather out things publicly and try to embarrass people rather then email so lets just get these out in the open then shall we.
One of the first examples I saw of this is TechCrunches hosted Mybloglog community page (a special deal they have with mybloglog to host it on the techcrunch.com domain) that shows the #1 link on his site is pornotube. But wait… Michael Arrington doe not link to pornotube does he? How the crap does that work? So I started doing some investigating…
Well this one is pretty simple… I don’t even think its worth calling a exploit.
Check out Andreas site. Notice the Free Ringtones link in her top visited links?
How did that happen? She does not even have a link on her site for Free Ringtones?
Basically all you have to do is make a html with the MyBlogLog javascript code for the site you want your link to appear on (view source on the page to get the code) Then put your links on the same page like you see here on my dev site.
Click on the link then back as many times as you think needed to appear #1 then watch the next day as your free targeted traffic rolls in. If you run live headers you should be able to find a even easier way to do this…..
Its amazing that this works really… there is no checking of unique ip addresses or referrers… Should be pretty easy to fix.
(O ya sorry andrea for using your site as a guinea pig) <3
About the author...
Jeremy Schoemaker – who has written 2691 posts on ShoeMoney.com.
Jeremy "ShoeMoney" Schoemaker is the founder & CEO of the ShoeMoney Blog, Elite Retreat Internet Conference, & the PAR Program. In 2013 Jeremy released his #1 Amazon Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. Jeremy currently lives in Lincoln Nebraska with his wife and 2 daughters.
Shawn Hogan Speaks Out On FBI Charges 
99designs From the Top Designers’ Perspectives 
Linkcontrol Unveil at Affiliate Summit West 2011 (SEMI NSFW) 
{ 30 comments… read them below or add one }
hah! I bet Yahoo regrets try embarrass Andy Beal now.
*LOL* i am sure tomorrow there will be all kinds of links for various things on peoples mybloglog!!
Haha, I love the way you smacked down MyBlogLog for the Andy Beal incident. In all fairness though it wasn’t their fault what JZ did.
I am not saying its anyones fault… but if you want to out spamming techniques then lets out them. Just like JZ drew attention to how effective a avatar could be (notice how everyone uses a sexy girl or something)
Ya, it probably isn’t the best of ideas to call out bloggers, with a track record such as Andy Beal, especially when they are not doing anything wrong in the first place.
nice catch shoe taking this off my site now
AKA
@ Cameron — yeah, what you said.
Hilarious – definately worth a DIGG!
Oooohhh that smarts. Well at least you were kind enough to keep the real ones from public. See who the real spammers are now!
So in your attempt to get back at Jeremy (an invididual) you publicly distribute a serious exploit for MyBlogLog (a product you openly adore and take pride in being one of the main reasons for its success)? Kind of harsh don’t you think?
Hey, he could have started a list instead of just posting one
please dude if you think this is a serious exploit you are really sheltered in the security world. Its a frickin html page
I’m sorry – ***somewhat-harmful*** exploit. Still doesn’t negate the logic.
I think the proper term should be ‘loophole’ instead of explolit.
The exploit in wordpress that caused all the seo blogs to be hacked is an exploit.
Too funny!
The only thing is it won’t do much for linkpop being just a JavaScript but for traffic generation its probably fine – if you target the right blogs
Great stuff. The program is still young tho.
Hi, do you mind approving my longer, slightly earlier remark where i said something substantive?
Scott your auto whitelisted so anything you comment is posted…
Hey Shoe, I don’t see Scott’s comment but I figured he’d say something (the MyBlogLog guys are pretty good about responding to this kind of thing) and was wondering what he said… so with that, maybe you should find out why his post didn’t make it through your whitelist.
Nice, now people are using my site to see the changes
hahahah oh well, its fun!!!
Hey nice tip! Thanks, sorry moved your #1 Free Ringtones down to #2! but i had to test to see if it worked…
Nothin like free traffic, gurl….
Looks like the ringtones have slipped. But now you got child care center spam…
If you run mybloglog, check your referrers; some not-so-clever person is running something that shows up as:
http://localhost/mybloglog/spamrun.php
I wonder what the intent is there.
Thats just the test run..
LOOK WHAT YOU’VE DONE NOW SHOE !!! (Its all your fault)
For the rtecord, Shoe, the PornoTube link *is* a link that was on TechCrunch. It’s not our fault if his readers love porn too. The day he covered our reader rolls he also posted about some dating site, which got four times the clickthrough that we did. People are predictable.
Thanks for calling out the spam technique. Fixing this isn’t quite as simple as we would hope, but we’re working on it.
Not that it matters, but Arrington does link to Pornotube
Following up on my previous post: http://www.techcrunch.com/2006/07/25/youtube-has-porn-clone
Thanks for information.
it is interesting – thanks for the information!
That’s a great one.