YBO Interactive Blog

Google up inurl:wp-content/1/ [Warning: just google it up, don’t visit any of the site in the search results. They are full of activeX viruses!]. This is what I see now:

What you see is a list of sites that were hacked through the latest WordPress Vulnerability that allows hackers to insert spam into your blog.

This is just great. WordPress is the most common blog software out there, and at this minute there are over 90,000 website that were spammed (still counting…) I’m sure that most of these sites owners never heard of this exploit and some of them will probably never will. The damage is enormous. This exploit made them look like spammers in Google eyes, and Google like Google - She never forgets anything. If you are a spammer, you are out of the index in one second.

In my opinion, the best way to deal with these hacks is Active Network Scanning. This kind of services are usually provided by an external company that scans your site for vulnerabilities on a daily basis (like Hacker Safe, but better). Once a new vulnerability is discovered to the world, it is automatically added to their scanning system and is tested on your site. This can definately help you sleep better.

Life shows that there is no way your web site can be safe. It is just the nature of software that it is full of holes. If only you scan your website for vulnerabilities, at least you know about it on time and hope there is something you can do about it…

Important comment: if you are not in this list, it does not mean that you are safe. There are lots of other URLS that were used for this attack… This IS fun!

update: (April 12 2008): Checked again the list, and it seems like most of the hacked pages were removed from Google’s index. It DOES NOT mean that the vulnerability is fixed, it just means that Google had identified that these pages as pages that should be ignored and removed from the index. This is semi good news for those that were hacked and afraid their ranking will go kaput. Just semi because they are still vulnerable and will surly be attacked again in the next wave…

It seems like the number of WordPress vulnerabilities is growing constantly. The most popular blogging software that exists is becoming a huge security hole. In fact, this post is written with Wordpress and it feels less secure than ever. This makes me think about moving my blog to blogger or wordpress hosting site, instead of fighting the patches on my own server.

I guess you all heard about goolag, the new Vulnerability Scanner that uses Google as their engine. I think it is fantastic. There are very creative people out there, Very. The thing is, I’m not so sure if I would trust them to keep me safe. I think that if you are looking for a commercial service, you should look for a vulnerability scanner that is running by a commercial company that is working for this only. I can’t depend on volunteers that update the open source software, to wake up in the morning, clean the empty cokes and pizza trays off their keyboard and keep me safe. For a personal family site, or for a non commercial site, this is fine, but if you need a real vulnerability assessment I think you should pay for your pleasure and have your network scanned by people that do that for living.

How old are you? If you are under 30, look at the list of Top 20 websites run by people under 30 . Wouldn’t that be nice if you can get your website in that list…

It is quite inspiring, and maybe surprising to see in the list sites like wordpress that makes $56M a year and Digg that makes $31M. The list is long, read it slowly, stare 5 minutes at every item and think: Why didn’t I think about it!

It’s official. ‘w00t’ is a word!

In fact, it is the word of the year 2007.

The official definition is:

expressing joy (it could be after a triumph, or for no reason at all); similar in use to the word “yay”

In case you are wondering, the spelling can be w00t, woot, wOOt, W00T, WooT or WOOT!!!!!

w00t!

Al Gore’s website was hacked by spammers that added outbound links from his site to other sites they wanted to promote.

apparently, the new type of hackers, the SEO hackers constantly look for high ranking sites, (Al Gore’s site has PR7) just for adding outbound links. It is clear that this is happening a lot, and Al Gore’s site is just one of many sites that were hacked.

It seems like a vulnerability in WordPress has left many bloggers open to attack by the same method.

This is a new era of hacking. They didn’t come for money, credit card numbers, nor user passwords. They came for Link Juice!

How exciting is that!

Wouldn’t that be funny if this page also has hidden links to some extremely disrespected sites?

Long time ago, I have started working on a tool that will scan a given website for all outbound links, will check the PR of every outbound link domain, and will compare the results to the previous scan.

The original purpose was finding outbound links to bad neighborhoods, like sites that lost their ranking due to illegal activity. This tool will easily detect seo hacking on our customers websites.

Stay tuned!

The domain cowboys.com was sold for $275,000 at the recent TRAFFIC auction to a phone-in bidder - an attorney representing the Dallas Cowboys.

The thing is, he missed some zeros…

He thought he is buying the domain for $275.00, not for $275,000
Poor guy.

He probably needed new pants…