MyBlogLog Open To Attacks

This morning, while I was checking my MyBlogLog community, I noticed that another site has mysteriously appeared on the list of sites and blog I author.

john.png

I don’t know what site that is or how it got there but it seems someone has figured out a way to get their blog listed in the Sites and Blogs I Author section of MyBlogLog members. Checking out the mystery blog shows the spammer managed to get himself listed onto other MyBlogLog accounts, including Shoemoney.

shoe.png

It’s clear the spammer is targeting popular MyblogLog communities to get his site in front of as many people as possible. So far, it looks like I’m the only one who has removed the offending blog. No doubt the spammer planned his attack on the weekend thinking the blog owners will be away till Monday.

MyblogLog seems to be growing faster than the Yahoo can handle. Spam is becoming a major problem and there are countless exploits that a spammer can use to gain access to the community. Yahoo needs to shut this crap down before MyBlogLog becomes another MySpace.


41 thoughts on “MyBlogLog Open To Attacks”

  1. david says:

    Yep — I accepted one invitation to a MyBlogLog community over the weekend (my first one), and was flooded with e-mail spam within 30 minutes. I quit the community and likely won’t give MyBlogLog another chance…

  2. Gareth says:

    I received a phishing style email from someone over the weekend wanting me to become a co-author of another blog. Except I’d neve heard of the blog and the person who was meant to be offering had never visited my profile on mybloglog.

    I wonder how long it will take them to plug the holes that allowed you to become the owner of another blog?

    1. Jeff says:

      I get so much of that crap through mybloglog too… some guy going “thanks for visiting my site” or “wow great blog you have there” and what not.. it’s crap.

  3. HMTKSteve says:

    I think I know how he did it.

    If you see mt blog show up on your list you will know ;)

    1. HMTKSteve says:

      Check it out John Chow, you are now my co-author!!!

      That was a super easy hack. I may have to blog about this one!

      1. John Chow says:

        Yep. I say this is something to blog about.

        1. HMTKSteve says:

          Blog article complete. It should show up as a trackback here.

          1. Nomar says:

            Cool !! Nice articles guys

  4. Yeah, Yahoo needs to handle all these issues – Shoemoney also reported another MyBlogLog exploit a while back…

  5. HMTKSteve says:

    My guess is that the person in question has multiple mybloglog accounts and he experimented with the add co-author feature to the point where he figured out how to write up the confirmation link that comes via email. It’s possible that the email verification link is the weak point.

    John, check your spam filter for a co-author request from his account.

  6. HMTKSteve says:

    Wait a minute… When you were co-author, did you have any special admin powers?

  7. Ian says:

    This is a real shame as MyBlogLog has so much potential, I’ve read various other stories similar to this about people finding exploits.

  8. Mark Johnson says:

    I received one over the weekend from a Belgium site that blogs about Zune. They were asking me to join the blog as a co-author. Considering I that it was a non-english blog and that I didn’t know who it was, I just deleted the email. These Spam guys just find every loophole and spoil it for everyone don’t they. Pretty sickening.

    1. Kenny says:

      While these spam guys exploit weaknesses in the system, it provides an opportunity for sites such as mybloglog to go and fix these issues resulting in a more secure site.

      On the other hand, if they just sit idle and don’t fix these issues swiftly, the whole system will just collapse as bloggers move on to better services out there.

  9. Sharique says:

    This spam thing is becoming a big problem, not just limited to big communities but also small ones. As Mark pointed out regarding the Belgian site. Spammers always find a way out!

  10. Marc says:

    Well thankfully my blog is so low traffic that I haven’t been subject to anything like this ;)

    Score one for flying under the radar!

  11. Darren says:

    I had four emails last night from people inviting me to become authors of blog communities that I’d never heard of before – its quickly becoming a spam den over there :-(

  12. Meg says:

    I know it’s not the point, but it is pretty easy to remove the blog from your profile (see my latest post). It does highlight some issues though…

  13. I received a phishing email for co-ownership from that Belgium blog as well. It will be sad if mbl continues to deteriorate ;/

  14. David Mackey says:

    hmmm…I’ve been hearing a bit about this mybloglog lately. Mainly about exploits, but it seems to be picking up some pretty good steam. I’ll give it a try.

  15. The exploit is probably because of A) There is a huge flaw in their verification code algorithm, or B) Some fool forgot to close off a database insert flaw, most likely because of the lack of string checks.

    Most likely it is B. Most security flaws are caused by a lack of data checks.

    Anyways, I’m getting pretty fed up with MyBlogLog as well. When I first joined a few weeks back it was fine, and about two weeks ago I noticed people with names like “FREEWINDOWSVISTA” visiting my profile. Stupid affiliate spam site people.

    What they need to do is add in a user voting system, so if a site gets below a certain rating it is automatically put up for moderation. If the site is deemed to be a spam site it will be banned forever.

  16. Hello John,

    Sorry for the targeting your awesome blog. I’m a regular reader, and only choose people to target which I knew might have connections inside of MyBlogLog to get this fixed. This was just something that needed to be brought to attention before it got out of hand, with people automating the whole process, to ruin MyBlogLog.

    Thanks,
    Bradford Knowlton
    http://www.seoadwords.com/
    http://www.wig-dig.com/

  17. While it’s definitely an annoyance, this recent exploit/spam attack does serve as a (backhanded at least) compliment to mybloglog’s ability to get targeted traffic to blogs. I just recently open a mybloglog account and already get quite a bit of traffic from it to my offshore outsourcing site and free online traffic generation blog. Mybloglog is huge. You get traffic just by visiting people’s community sites. You don’t even have to leave a message. People see your profile, get curious, and check out your page.

  18. ilker says:

    I received several Co-Author Invitation emails as well. I will blog about it to expose those shameless people.

    Although, this should not be a long term problem as people are just discovering the bits of MBL waiting to be exploited.

    1. Leftblank says:

      Same here, up to 5 mails a day, while my blog isn’t even very popular or so, I wonder how they find the ones to spam.

    2. HMTKSteve says:

      Feel free to “re-use” my blog post on this hack, just be sure to give a link-back. I publish under a Creative Commons License.

  19. Doug Karr says:

    Wow. That’s not good, I really like MyBlogLog. What did you do about it?

  20. Nick says:

    Everything has people exploiting features, MyBlogLog is no exception nor will anything ever be. I have received over 400 emails in the past two days from the site and it’s crazy – not to mention waking up this morning to be a co-author of 6 other sites.

    That is what I don’t understand – attacking John, Shoemoney, etc makes sense for traffic, but not the little guys.

    -Nick
    Blogger Time Capsule – 100,000 User Goal!

    1. Hello Nick,

      I discovered the loophole late Saturday night. and I choose to add Shoemoney, John, Danny, Graywolf to my list for 1 reason. A) They are going to blog about it to people would find out it is happening, B) They are smart enough to just click remove and go on with life.

      I didn’t have any connection with the Beligum people, and the only reason I did anything was to draw attention to the problem and get it fixed. Everyone I choose, the top 10 bloggers, might have readers at MyBlogLog or Yahoo who could get this fixed.

      Lets hope it gets fixed,
      Bradford Knowlton
      http://www.wig-dig.com/
      http://www.seoadwords.com/

  21. Debbie says:

    John, I’ve noticed just by commenting on your blog for the first time a few days ago (before that, I was a lurker) that I’m getting a lot of comment spam on my blog now that I didn’t have before.

    Akismet seems to be catching it for now. But I wonder if the MyBlogLog spam is spilling over into this blog and following those of us who comment.

    Maybe it’s just coincidence.

  22. Hey all — we’ve posted a long article on the MyBlogLog blog about what happened and what we’re doing in response. It’s long and involved enough that distilling it here isn’t going to be very useful. If you get a second, please have a look and let us know your thoughts. http://mybloglogb.typepad.com/my_weblog/2007/02/weekend_spamtac.html

  23. Ajith says:

    Some days before shoemoney put another one. thats MBL is tracking adsense and YPN also which they can allegedly sell to others

Comments are closed.