In the last year I have found many little holes in applications and with networks like Google, Microsoft, Firefox and ect… I shoot them a email with what I find and they email me back and its fixed. I was doing this with the MyBlogLog people but now that they are owned by the man it seems they would rather out things publicly and try to embarrass people rather then email so lets just get these out in the open then shall we.
One of the first examples I saw of this is TechCrunches hosted Mybloglog community page (a special deal they have with mybloglog to host it on the techcrunch.com domain) that shows the #1 link on his site is pornotube. But wait… Michael Arrington doe not link to pornotube does he? How the crap does that work? So I started doing some investigating…
Well this one is pretty simple… I don’t even think its worth calling a exploit.
Check out Andreas site. Notice the Free Ringtones link in her top visited links?
How did that happen? She does not even have a link on her site for Free Ringtones?
Basically all you have to do is make a html with the MyBlogLog javascript code for the site you want your link to appear on (view source on the page to get the code) Then put your links on the same page like you see here on my dev site.
Click on the link then back as many times as you think needed to appear #1 then watch the next day as your free targeted traffic rolls in. If you run live headers you should be able to find a even easier way to do this…..
Its amazing that this works really… there is no checking of unique ip addresses or referrers… Should be pretty easy to fix.
(O ya sorry andrea for using your site as a guinea pig) <3
February 2, 2007 at 4:11 pm
hah! I bet Yahoo regrets try embarrass Andy Beal now.
February 2, 2007 at 4:13 pm
*LOL* i am sure tomorrow there will be all kinds of links for various things on peoples mybloglog!!
February 2, 2007 at 4:14 pm
Haha, I love the way you smacked down MyBlogLog for the Andy Beal incident. In all fairness though it wasn’t their fault what JZ did.
February 2, 2007 at 4:17 pm
I am not saying its anyones fault… but if you want to out spamming techniques then lets out them. Just like JZ drew attention to how effective a avatar could be (notice how everyone uses a sexy girl or something)
February 2, 2007 at 4:52 pm
Ya, it probably isn’t the best of ideas to call out bloggers, with a track record such as Andy Beal, especially when they are not doing anything wrong in the first place.
February 2, 2007 at 5:05 pm
nice catch shoe taking this off my site now
February 2, 2007 at 5:09 pm
AKA
@ Cameron — yeah, what you said.
February 2, 2007 at 5:53 pm
Hilarious – definately worth a DIGG!
February 2, 2007 at 7:46 pm
Oooohhh that smarts. Well at least you were kind enough to keep the real ones from public. See who the real spammers are now!
February 2, 2007 at 10:11 pm
So in your attempt to get back at Jeremy (an invididual) you publicly distribute a serious exploit for MyBlogLog (a product you openly adore and take pride in being one of the main reasons for its success)? Kind of harsh don’t you think?
February 2, 2007 at 10:32 pm
Hey, he could have started a list instead of just posting one
February 2, 2007 at 10:46 pm
please dude if you think this is a serious exploit you are really sheltered in the security world. Its a frickin html page
February 2, 2007 at 10:50 pm
I’m sorry – ***somewhat-harmful*** exploit. Still doesn’t negate the logic.
February 3, 2007 at 2:42 am
I think the proper term should be ‘loophole’ instead of explolit.
The exploit in wordpress that caused all the seo blogs to be hacked is an exploit.
February 3, 2007 at 2:52 am
Too funny!
The only thing is it won’t do much for linkpop being just a JavaScript but for traffic generation its probably fine – if you target the right blogs
February 3, 2007 at 1:58 pm
Great stuff. The program is still young tho.
February 3, 2007 at 3:33 pm
Hi, do you mind approving my longer, slightly earlier remark where i said something substantive?
February 3, 2007 at 3:38 pm
Scott your auto whitelisted so anything you comment is posted…
February 3, 2007 at 6:45 pm
Hey Shoe, I don’t see Scott’s comment but I figured he’d say something (the MyBlogLog guys are pretty good about responding to this kind of thing) and was wondering what he said… so with that, maybe you should find out why his post didn’t make it through your whitelist.
February 4, 2007 at 12:20 pm
Nice, now people are using my site to see the changes
hahahah oh well, its fun!!!
February 4, 2007 at 5:31 pm
Hey nice tip! Thanks, sorry moved your #1 Free Ringtones down to #2! but i had to test to see if it worked…
February 4, 2007 at 8:14 pm
Nothin like free traffic, gurl….
Looks like the ringtones have slipped. But now you got child care center spam…
February 4, 2007 at 10:27 pm
If you run mybloglog, check your referrers; some not-so-clever person is running something that shows up as:
http://localhost/mybloglog/spamrun.php
I wonder what the intent is there.
February 5, 2007 at 4:05 am
Thats just the test run..
LOOK WHAT YOU’VE DONE NOW SHOE !!! (Its all your fault)
February 5, 2007 at 3:34 pm
For the rtecord, Shoe, the PornoTube link *is* a link that was on TechCrunch. It’s not our fault if his readers love porn too. The day he covered our reader rolls he also posted about some dating site, which got four times the clickthrough that we did. People are predictable.
Thanks for calling out the spam technique. Fixing this isn’t quite as simple as we would hope, but we’re working on it.
February 5, 2007 at 3:38 pm
Not that it matters, but Arrington does link to Pornotube
February 5, 2007 at 4:07 pm
Following up on my previous post: http://www.techcrunch.com/2006/07/25/youtube-has-porn-clone
November 3, 2007 at 9:42 am
Thanks for information.
January 20, 2008 at 4:32 am
it is interesting – thanks for the information!
August 21, 2009 at 2:12 am
That’s a great one.