headermask image

header image

Spam in my feed… Ugh…

Bloglines
No, my post yesterday was NOT supposed to mention Viagra extensively. My blog has been hacked. I’m working on fixing it.

UPDATE: After I posted this, Mihai Parparita brought to my attention that he’s also seeing this spam in Google Reader. (Thanks, Mihai.) So it appears my blog may have been hacked. This totally sucks, I’ll try to figure it out. Oddly, I’m not seeing the spam in Newsfire (my preferred feed reader) or Safari. Contentious readers, I invite your help in solving this problem. And my sincere apologies while I try to get this fixed.

Here, for the record, is my original post…

———————————-


I syndicate Contentious via Bloglines, a popular free web-based feed reader. My 50 or so readers there got an unpleasant surprise yesterday — my Nov. 9 post from Blogworld Expo contained a huge chunk of spam — text and an image.

No, I have NOT started hawking Viagra.

Somehow, Bloglines allowed spam to be inserted in my feed. I don’t know how this happened. I’ve notified Bloglines of the problem, and will update this post when I hear back. But I checked my blog’s original feed, and the Feedburner version No spam there. The problem appears confined to Bloglines.

This royally peeves me. One of the great advantages to using feed readers is that it helps you avoid spam. Until now, there hasn’t been a way for someone to insert spam into a feed; the publisher alone controlled which content got syndicated, and how.

Whatever this problem is, I hope Bloglines solves it quick and permanently — or else expect a mass exodus of Bloglines users.

Stay tuned.

(Thanks to Average Jane for alerting me to this problem.)

If you liked my post, feel free to subscribe to my rss feeds

Money Making Options

Post meta

This entry was written by Amy Gahran and posted on November 10, 2007 at 12:50 pm and filed under Amy's Adventures, Feeds (RSS), problems, services. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment(Latest is displayed first) or leave a trackback: Trackback URL.

Share with others

Post Spam in my feed… Ugh… to digg. Post Spam in my feed… Ugh… to Reddit add to stumbleupon Google Bookmark myweb bookmark on del.cio.us newsvine Tailrank magnolia Furl co.mments shadows simpy blinklist

6 Comments so far (Add 1 more)

  1. Neil — yes, come to think of it, I noticed that comments were set as closed on that post! I manually re-opened them when I saw it, and I figured I had just accidentally closed them. But it’s possible that could be related to this bug.

    I’m waiting to hear from my geek-on-call about the wordpress upgrade. But if he can’t do it right now, I appreciate your offer of help, and I’ll let you know.

    Thanks,

    - Amy

    Reply

    4. Amy Gahran on November 10th, 2007 at 3:10 pm

  2. I tried posting a comment to your Blog World post (recommending a bag) but when I hit post it said comments were closed. I just thought you’d closed comments. This would have been shortly after the post hit Google Reader for me as I had my unread count down to nothing yesterday.

    If you need a hand with the upgrade, let me know.

    - Neil.

    Reply

    5. Neil Ford on November 10th, 2007 at 3:04 pm

  3. Another update:

    Via Twitter, my friend Karoli (who blogs at Drums n Whistles) noted that she suffered a similar hack a couple of years ago. The problem came from a Wordpress security hole. Info about it here:

    http://snipurl.com/1tft7

    Thanks, Karoli! I’ll look into it. I’m currently on Wordpress 2.1.2, but the lasest stable release is 2.3.1. I’ll arrange an upgrade.

    Reply

    7. Amy Gahran on November 10th, 2007 at 2:35 pm

  4. It looks like the spam is in the original post too, you just can’t see it. However, if you do a view source and search for “viagra”, you will see (I’ve replaced angle brackets with square brackets to make sure the HTML is not interpreted):

    [p][font style="overflow: hidden; position: absolute; height: 0pt; width: 0pt"][br /]
    alternative impotence natural viagra [a href="http://www.industry.ucsb.edu/technology/blog/wp-includes/js/tinymce/themes/advanced/images/xp/1/index.html"]viagra[/a] viagra overdose[br /]
    free sample viagra uk [a href="http://www.industry.ucsb.edu/technology/blog/wp-includes/js/tinymce/themes/advanced/images/xp/1/buy-viagra.html"]buy viagra[/a] viagra patent[br /]

    I’m guessing you can see this in WordPress’s post editor too. The CSS that’s applied is stripped by wed-based aggregators, which is why this is visible there. Desktop aggregators tend to leave CSS alone (since they have fewer security concerns), thus you don’t see it there.

    Reply

    8. Mihai Parparita on November 10th, 2007 at 1:44 pm

  5. Mihai — thanks for helping me figure this out. The odd thing is, I can see the spam only in web-based feed readers (bloglines and Google Reader). It doesn’t show up at all in Newsfire or Safari.

    I’ll need some help diagnosing and fixing this, but I’ve got some people I can call to help.

    Just when I was hoping to take the day off…. Sigh….

    - Amy Gahran

    Reply

    9. Amy Gahran on November 10th, 2007 at 1:19 pm

  6. It looks like the same viagra spam ended up in the feed data that was crawled (and cached) by Google Reader:

    http://www.google.com/reader/view/feed/http://feeds.feedburner.com/Contentious

    The fact that both Reader and Bloglines have the same data makes it less likely that it’s a bug in Bloglines. I’m guessing that your blog was somehow hacked. When looking at your feed:

    http://feeds.feedburner.com/Contentious

    I see the viagra links in there too.

    Reply

    10. Mihai Parparita on November 10th, 2007 at 1:02 pm

4 Trackbacks

  1. By Wordpress & Spam at Journal of Crisology on March 4, 2008 at 11:52 am

    [...] browsing for reasons it appears I’m not the only one: this blog feed reported the same problem already November 7th last year. And indeed, I’ll have to [...]

  2. By contentious.com - Spammer with a sense of humor on November 12, 2007 at 10:02 am

    [...] just found in my Wordpress moderation queue this comment, submitted in response to my post about my blog being [...]

  3. By contentious.com - My blog got hacked, probably at Blogworld Expo on November 11, 2007 at 10:23 am

    [...] Yesterday I posted about how a reader let me know that a huge chunk of spam had shown up in a post I made from Blogworld Expo in Las Vegas. As I investigated this further with the help of readers (especially Mihai Parparita) and my colleague Justin Crawford, I learned that someone had gained access to my Wordpress installation (most likely by stealing my password) and inserted spam directly into my post. This problem appears to have started only very recently — while I was at Blogworld, on the conference wifi network. [...]

  4. By contentious.com - Why blogging conferences is so damn hard on November 10, 2007 at 2:39 pm

    [...] reader, you may see a big block of spam below. Sorry about that — my blog has been hacked. I’m working to fix it.) [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*