21 Step Program Shows How to Make $1000, $3000 and $5000 Commissions Click Here
 

MyBlogLog Open To Attacks

written by John Chow on February 18, 2007

uopm

This morning, while I was checking my MyBlogLog community, I noticed that another site has mysteriously appeared on the list of sites and blog I author.

john.png

I don’t know what site that is or how it got there but it seems someone has figured out a way to get their blog listed in the Sites and Blogs I Author section of MyBlogLog members. Checking out the mystery blog shows the spammer managed to get himself listed onto other MyBlogLog accounts, including Shoemoney.

shoe.png

It’s clear the spammer is targeting popular MyblogLog communities to get his site in front of as many people as possible. So far, it looks like I’m the only one who has removed the offending blog. No doubt the spammer planned his attack on the weekend thinking the blog owners will be away till Monday.

MyblogLog seems to be growing faster than the Yahoo can handle. Spam is becoming a major problem and there are countless exploits that a spammer can use to gain access to the community. Yahoo needs to shut this crap down before MyBlogLog becomes another MySpace.

Did you enjoy this post? Get John Chow Dot Com updates via email...

Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.

{ 32 comments }

david February 18, 2007 at 5:06 pm

Yep — I accepted one invitation to a MyBlogLog community over the weekend (my first one), and was flooded with e-mail spam within 30 minutes. I quit the community and likely won’t give MyBlogLog another chance…

Gareth February 18, 2007 at 5:11 pm

I received a phishing style email from someone over the weekend wanting me to become a co-author of another blog. Except I’d neve heard of the blog and the person who was meant to be offering had never visited my profile on mybloglog.

I wonder how long it will take them to plug the holes that allowed you to become the owner of another blog?

Jeff February 18, 2007 at 9:58 pm

I get so much of that crap through mybloglog too… some guy going “thanks for visiting my site” or “wow great blog you have there” and what not.. it’s crap.

HMTKSteve February 18, 2007 at 5:19 pm

I think I know how he did it.

If you see mt blog show up on your list you will know ;)

HMTKSteve February 18, 2007 at 5:53 pm

Check it out John Chow, you are now my co-author!!!

That was a super easy hack. I may have to blog about this one!

John Chow February 18, 2007 at 6:01 pm

Yep. I say this is something to blog about.

HMTKSteve February 18, 2007 at 6:03 pm

Blog article complete. It should show up as a trackback here.

Nomar February 19, 2007 at 4:54 am

Cool !! Nice articles guys

Hannes Johnson February 18, 2007 at 5:24 pm

Yeah, Yahoo needs to handle all these issues – Shoemoney also reported another MyBlogLog exploit a while back…

HMTKSteve February 18, 2007 at 5:34 pm

My guess is that the person in question has multiple mybloglog accounts and he experimented with the add co-author feature to the point where he figured out how to write up the confirmation link that comes via email. It’s possible that the email verification link is the weak point.

John, check your spam filter for a co-author request from his account.

HMTKSteve February 18, 2007 at 5:35 pm

Wait a minute… When you were co-author, did you have any special admin powers?

Ian February 18, 2007 at 5:35 pm

This is a real shame as MyBlogLog has so much potential, I’ve read various other stories similar to this about people finding exploits.

Mark Johnson February 18, 2007 at 6:04 pm

I received one over the weekend from a Belgium site that blogs about Zune. They were asking me to join the blog as a co-author. Considering I that it was a non-english blog and that I didn’t know who it was, I just deleted the email. These Spam guys just find every loophole and spoil it for everyone don’t they. Pretty sickening.

Kenny February 18, 2007 at 10:04 pm

While these spam guys exploit weaknesses in the system, it provides an opportunity for sites such as mybloglog to go and fix these issues resulting in a more secure site.

On the other hand, if they just sit idle and don’t fix these issues swiftly, the whole system will just collapse as bloggers move on to better services out there.

Sharique February 18, 2007 at 6:29 pm

This spam thing is becoming a big problem, not just limited to big communities but also small ones. As Mark pointed out regarding the Belgian site. Spammers always find a way out!

Marc February 18, 2007 at 6:50 pm

Well thankfully my blog is so low traffic that I haven’t been subject to anything like this ;)

Score one for flying under the radar!

Darren February 18, 2007 at 7:06 pm

I had four emails last night from people inviting me to become authors of blog communities that I’d never heard of before – its quickly becoming a spam den over there :-(

Meg February 18, 2007 at 7:39 pm

I know it’s not the point, but it is pretty easy to remove the blog from your profile (see my latest post). It does highlight some issues though…

Jennifer Lynn February 18, 2007 at 7:47 pm

I received a phishing email for co-ownership from that Belgium blog as well. It will be sad if mbl continues to deteriorate ;/

David Mackey February 18, 2007 at 8:13 pm

hmmm…I’ve been hearing a bit about this mybloglog lately. Mainly about exploits, but it seems to be picking up some pretty good steam. I’ll give it a try.

Jeremy Steele February 18, 2007 at 8:14 pm

The exploit is probably because of A) There is a huge flaw in their verification code algorithm, or B) Some fool forgot to close off a database insert flaw, most likely because of the lack of string checks.

Most likely it is B. Most security flaws are caused by a lack of data checks.

Anyways, I’m getting pretty fed up with MyBlogLog as well. When I first joined a few weeks back it was fine, and about two weeks ago I noticed people with names like “FREEWINDOWSVISTA” visiting my profile. Stupid affiliate spam site people.

What they need to do is add in a user voting system, so if a site gets below a certain rating it is automatically put up for moderation. If the site is deemed to be a spam site it will be banned forever.

Bradford Knowlton February 18, 2007 at 8:38 pm

Hello John,

Sorry for the targeting your awesome blog. I’m a regular reader, and only choose people to target which I knew might have connections inside of MyBlogLog to get this fixed. This was just something that needed to be brought to attention before it got out of hand, with people automating the whole process, to ruin MyBlogLog.

Thanks,
Bradford Knowlton
http://www.seoadwords.com/
http://www.wig-dig.com/

Webmaster Labor February 19, 2007 at 12:12 am

While it’s definitely an annoyance, this recent exploit/spam attack does serve as a (backhanded at least) compliment to mybloglog’s ability to get targeted traffic to blogs. I just recently open a mybloglog account and already get quite a bit of traffic from it to my offshore outsourcing site and free online traffic generation blog. Mybloglog is huge. You get traffic just by visiting people’s community sites. You don’t even have to leave a message. People see your profile, get curious, and check out your page.

ilker February 19, 2007 at 1:38 am

I received several Co-Author Invitation emails as well. I will blog about it to expose those shameless people.

Although, this should not be a long term problem as people are just discovering the bits of MBL waiting to be exploited.

Leftblank February 19, 2007 at 2:27 am

Same here, up to 5 mails a day, while my blog isn’t even very popular or so, I wonder how they find the ones to spam.

HMTKSteve February 19, 2007 at 3:59 am

Feel free to “re-use” my blog post on this hack, just be sure to give a link-back. I publish under a Creative Commons License.

Doug Karr February 19, 2007 at 7:09 am

Wow. That’s not good, I really like MyBlogLog. What did you do about it?

Nick February 19, 2007 at 7:33 am

Everything has people exploiting features, MyBlogLog is no exception nor will anything ever be. I have received over 400 emails in the past two days from the site and it’s crazy – not to mention waking up this morning to be a co-author of 6 other sites.

That is what I don’t understand – attacking John, Shoemoney, etc makes sense for traffic, but not the little guys.

-Nick
Blogger Time Capsule – 100,000 User Goal!

Bradford Knowlton February 19, 2007 at 10:32 am

Hello Nick,

I discovered the loophole late Saturday night. and I choose to add Shoemoney, John, Danny, Graywolf to my list for 1 reason. A) They are going to blog about it to people would find out it is happening, B) They are smart enough to just click remove and go on with life.

I didn’t have any connection with the Beligum people, and the only reason I did anything was to draw attention to the problem and get it fixed. Everyone I choose, the top 10 bloggers, might have readers at MyBlogLog or Yahoo who could get this fixed.

Lets hope it gets fixed,
Bradford Knowlton
http://www.wig-dig.com/
http://www.seoadwords.com/

Debbie February 19, 2007 at 7:56 pm

John, I’ve noticed just by commenting on your blog for the first time a few days ago (before that, I was a lurker) that I’m getting a lot of comment spam on my blog now that I didn’t have before.

Akismet seems to be catching it for now. But I wonder if the MyBlogLog spam is spilling over into this blog and following those of us who comment.

Maybe it’s just coincidence.

Eric Marcoullier February 19, 2007 at 8:49 pm

Hey all — we’ve posted a long article on the MyBlogLog blog about what happened and what we’re doing in response. It’s long and involved enough that distilling it here isn’t going to be very useful. If you get a second, please have a look and let us know your thoughts. http://mybloglogb.typepad.com/my_weblog/2007/02/weekend_spamtac.html

Ajith February 25, 2007 at 9:55 pm

Some days before shoemoney put another one. thats MBL is tracking adsense and YPN also which they can allegedly sell to others