nhaced

I was offline yesterday, so now you get the post I would have made then about the wordpress.com front page being hijacked by spammers.

Here’s the thread, wherein a broken link to a Vietnamese music site appears in place of the support tab. Everyone says ‘uh oh, ads’. (It says much for the way advertising has been handled on wordpress.com — you know, the half-truths and evasions and omissions and general all-around sneakiness — that everyone’s immediate reaction is ‘uh oh, ads’.)

Mark’s explanation is that something got through translation that should not have, and I see that the translation system was being ‘improved’ and locked to users on the 10th and 11th. So my guess is that a hole was being sewn up to prevent further spam attempts through that vector (even if it was impossible to post a successful spam link, broken ones are not especially attractive either), though I seem to remember drmike being sceptical about the translation excuse on the unofficial mu forums. (That thread is inaccessible now, anyone know why?)

My other observation is that it’s actually really strange that we trust wordpress on security more than on ads, given their previous record in this field, and that the possibility of an attack didn’t occur to the original poster or the people who replied to him. Do you think we’ve been led into automattically assuming that the powers that be are so all-powerful that everything which happens on their servers comes directly from them? Have the inhabitants of wp.com been institutionalised?

9 Comments »

  1. drmike said

    The thread got digg’ed by the way.

    Digg Link

    I protected the thread myself due to the legal advise of my attorney and because we’ve been discussing the security concerns this represents on that forum.

    I’m still sceptical though as to the offical reponse. I learned a long time ago that any time Matt makes an announcement like that, you need to take it with a grain of salt.

  2. drmike said

    And it looks like your links within your posts have gone bad/ been changed again. I can’t see them.

  3. Fair enough, I thought it might be something like that. After all, if it isn’t the translation system, other MU installs could be at risk and it’s not the sort of thing you want to troubleshoot out in the open.

    Mark probably summoned Matt to that thread to reassure people that a) the system is secure; there was a hole but it was harmless and is now fixed and b) they would never ever EVER put sponsored links on the front page. Of course, he failed to do either of these things. And I have to wonder why he couldn’t.

  4. timethief said

    I guess the people in the Digg community weren’t impressed with the post. It’s 2 days old and only drmike, thunderlounge (drmike again? or drmike and co.) and one other Digg member “dugg” it.

  5. drmike said

    Sorry TT. My name is not Luke Poland. You may want to check up on google for who that is. It’s a well established mu admin with the thunderlounge.com site. I’m not a big NASCAR person either.

    I didn’t like the title either as it really has nothing to do with what occured. A title of the actual subject would have done better I think.

  6. drmiketemp said

    Looks like http://browsehappy.com got hacked as well. Go to the site -> browser -> Firefox, open up source and take a look at teh bottom of the page. Here’s the code which I’m sure will get eaten:

  7. drmiketemp said

    Wank, I got askimet’ed again. Here’s the code though from the previous comment:

    [a href=”http://www.freecookingrecipes.net/recipes/holiday-christmas.html”][img src=”/images/dot_clear.gif” hspace=”0″ vspace=”0″ border=”0″ alt=”christmas recipes”][/a]

  8. drmike said

    Thank you, wank. Boy, sure it a pity that I keep getting Akismet’ed, isn’t it?

  9. […] responses drmike reports in comments that our old friend Browse Happy (you know, the link Matt refused to take off the WP dashboard even […]

RSS feed for comments on this post · TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s