In the last year I have found many little holes in applications and with networks like Google, Microsoft, Firefox and ect… I shoot them a email with what I find and they email me back and its fixed. I was doing this with the MyBlogLog people but now that they are owned by the man it seems they would rather out things publicly and try to embarrass people rather then email so lets just get these out in the open then shall we.
One of the first examples I saw of this is TechCrunches hosted Mybloglog community page (a special deal they have with mybloglog to host it on the techcrunch.com domain) that shows the #1 link on his site is pornotube. But wait… Michael Arrington doe not link to pornotube does he? How the crap does that work? So I started doing some investigating…
Well this one is pretty simple… I don’t even think its worth calling a exploit.
Check out Andreas site. Notice the Free Ringtones link in her top visited links?
How did that happen? She does not even have a link on her site for Free Ringtones?
Basically all you have to do is make a html with the MyBlogLog javascript code for the site you want your link to appear on (view source on the page to get the code) Then put your links on the same page like you see here on my dev site.
Click on the link then back as many times as you think needed to appear #1 then watch the next day as your free targeted traffic rolls in. If you run live headers you should be able to find a even easier way to do this…..
Its amazing that this works really… there is no checking of unique ip addresses or referrers… Should be pretty easy to fix.
(O ya sorry andrea for using your site as a guinea pig) <3
Ricky Peterson (24) 
ZK @ Web Marketing Blog (23) 
R Kumar (12) 
Holly Mann (11) 
gurtey (9) 
Shanker Bakshi (9) 
Jacques Snyman | 3 Quotes (8) 
Yisraeli Foods (8) 
Find Affiliate Offers (5) 
Michael Zhao (77) 
almir (76) 
fas (75) 
R Kumar (74) 
Rick Kats (70) 
Jay @ work from home (62) 
Dino (60) 
Dick (628) 
Goran Website (495) 
Melvin (330) 
Ben Pei (329) 
Taris Janitens (274) 
meethere (269) 
Tushar Dhoot (265) 
Tushar (260) 
Moneybites (259) 
it is interesting – thanks for the information!
Thanks for information.
Following up on my previous post: http://www.techcrunch.com/2006/07/25/youtube-has-porn-clone
Not that it matters, but Arrington does link to Pornotube
For the rtecord, Shoe, the PornoTube link *is* a link that was on TechCrunch. It’s not our fault if his readers love porn too. The day he covered our reader rolls he also posted about some dating site, which got four times the clickthrough that we did. People are predictable.
Thanks for calling out the spam technique. Fixing this isn’t quite as simple as we would hope, but we’re working on it.
Thats just the test run..
LOOK WHAT YOU’VE DONE NOW SHOE !!! (Its all your fault)
If you run mybloglog, check your referrers; some not-so-clever person is running something that shows up as:
http://localhost/mybloglog/spamrun.php
I wonder what the intent is there.
Nothin like free traffic, gurl….
Looks like the ringtones have slipped. But now you got child care center spam…
Hey nice tip! Thanks, sorry moved your #1 Free Ringtones down to #2! but i had to test to see if it worked…
Nice, now people are using my site to see the changes
hahahah oh well, its fun!!!
Hey Shoe, I don’t see Scott’s comment but I figured he’d say something (the MyBlogLog guys are pretty good about responding to this kind of thing) and was wondering what he said… so with that, maybe you should find out why his post didn’t make it through your whitelist.
Scott your auto whitelisted so anything you comment is posted…
Hi, do you mind approving my longer, slightly earlier remark where i said something substantive?
Great stuff. The program is still young tho.
Too funny!
The only thing is it won’t do much for linkpop being just a JavaScript but for traffic generation its probably fine – if you target the right blogs
I think the proper term should be ‘loophole’ instead of explolit.
The exploit in wordpress that caused all the seo blogs to be hacked is an exploit.
I’m sorry – ***somewhat-harmful*** exploit. Still doesn’t negate the logic.
please dude if you think this is a serious exploit you are really sheltered in the security world. Its a frickin html page
Hey, he could have started a list instead of just posting one
So in your attempt to get back at Jeremy (an invididual) you publicly distribute a serious exploit for MyBlogLog (a product you openly adore and take pride in being one of the main reasons for its success)? Kind of harsh don’t you think?
Oooohhh that smarts. Well at least you were kind enough to keep the real ones from public. See who the real spammers are now!
Hilarious – definately worth a DIGG!
AKA
@ Cameron — yeah, what you said.
nice catch shoe taking this off my site now
Ya, it probably isn’t the best of ideas to call out bloggers, with a track record such as Andy Beal, especially when they are not doing anything wrong in the first place.
I am not saying its anyones fault… but if you want to out spamming techniques then lets out them. Just like JZ drew attention to how effective a avatar could be (notice how everyone uses a sexy girl or something)
Haha, I love the way you smacked down MyBlogLog for the Andy Beal incident. In all fairness though it wasn’t their fault what JZ did.
*LOL* i am sure tomorrow there will be all kinds of links for various things on peoples mybloglog!!
hah! I bet Yahoo regrets try embarrass Andy Beal now.