SoloSEO

Free Advertising on TechCrunch with MyBlogLog Flaw

Posted by Michael D Jensen on January 10th, 2007

TechCrunch MyBlogLog Free Ads

MyBlogLog has become hugely popular and was even acquired by Yahoo recently, but I recently discovered a flaw that can easily be exploited by anyone in less than 60 seconds and create free advertising on TechCrunch (and hundreds of other sites). Please don’t do this, or even try this, as it is spammy. If you run the MyBlogLog sidebar on your blog you should be aware of the flaw, so I wanted to get it out in the open (keep reading for help to get around it).

After identifying the flaw, I knew I would need to test this to verify that it was in fact possible, so I did a short experiment. First I created a dummy MyBlogLog account. Then I opened Opera (the browser), which has a feature to set a page to refresh automatically for a period of time, like every 10 seconds, 30 seconds, 1 minute, etc. After I logged in at MyBlogLog, I went to techcrunch.com and set the page refresh to 1 minute. After a few minutes of letting Opera do its refresh thing, I checked in FireFox (not logged into MyBlogLog) to verify I had the top spot. I did.

I then expanded the test to include 20 other sites that use the MyBlogLog sidebar. Mostly I used sites of people I know and blogs I read often, but you could imagine how easy it would be to find 100+ popular blogs using MyBlogLog. I set each of the 20 pages to refresh every 1 minute, and then sat back and left Opera running for about an hour.

Soon I received several email notifications from MyBlogLog about others adding me as a contact, about the same number I get in a couple of days. Later after looking at my site statistics, the peak of my traffic for the day occurred at that precise span of time.

Again, please don’t use MyBlogLog in this way, just be aware that MyBlogLog can be exploited in this way.

Hide MyBlogLog AvatarOne redeeming feature of MyBlogLog, although not nearly adequate, is the X option. If you run a blog with a MyBlogLog sidebar you can turn off any avatars (pictures) you want by hovering over and clicking the X. You can also turn yourself off when you are at someone’s blog using the same method. But unless MyBlogLog fixes the ability to spam many blogs in this way, it will get abused and you will see sites like TechCrunch forced into removing their MyBlogLog sidebar. No one wants to monitor their site and filter out avatars all day long. So, MyBlogLog (and Yahoo now), you’ll need to figure out some way to avoid this.

And while you’re at it, can you please put a search box on your home page?

42 comments Visited 27856 times January 10th, 2007 Michael D Jensen

Related Posts:

  • Free Links from MyBlogLog!
  • Using Social Networks like MyBlogLog for Marketing
  • Nobody Logged Into MyBlogLog Anymore?
  • The Missing MyBlogLog Tools – Get More from MyBlogLog
  • Fools Gold – The Risk of Buying Links
  • Entry Filed under: Advertising,Blogging,SEO,Traffic

    42 Comments Add your own

    • 1. TechCrunch Gives Away $10&hellip  |  January 10th, 2007 at 8:06 pm

      [...] new comments SoloSEO Blog » Free Advertising on TechCrunch with MyBlogLog Flaw on Yahoo Acquires MyBlogLogJeremy Luebke on Cingular and Apple Dropped the SEO Ball with iPhoneCameron Olthuis on Cingular and Apple Dropped the SEO Ball with iPhoneJeremy Luebke on Cingular and Apple Dropped the SEO Ball with iPhoneMatt McGee on Cingular and Apple Dropped the SEO Ball with iPhone [...]

    • 2. MyBlogLog Got Spammed (an&hellip  |  January 11th, 2007 at 12:13 am

      [...] Michael Jensen shows that it is quite easy to spam MyBlogLog (recently acquired by Yahoo), and he used TechCrunch as the guinea pig for his experiment. We, like many other blogs, display the MyBlogLog widget (right bottom sidebar), which shows recent visitors, along with their photo, to the site. [...]

    • 3. Michael D Jensen  |  January 11th, 2007 at 1:14 am

      Look we’re on TechCrunch! :)

    • 4. Emre Sokullu » More&hellip  |  January 11th, 2007 at 1:42 am

      [...] SoloSEO proposes an alternative cross-platform “solution” using Opera. [...]

    • 5. TechCrunch Japanese ア&hellip  |  January 11th, 2007 at 2:09 am

      [...] Michael Jensenは、(最近Yahooに買収された)MyBlogLogをスパム攻撃するのが実に簡単であることを暴露しているが、その実験でTechCrunchをモルモットに使っていた。多くのブログと同じように私たちもMyBlogLogウィジェット(右下のサイドバー)を置いていて、このサイトに最近来た人たちのニックネームと写真が表示されている。 [...]

    • 6. MyBlogLog Flaw - Andy Bea&hellip  |  January 11th, 2007 at 4:02 am

      [...] MyBlogLog Flaw Related tags:mybloglog rss rss reader social networking yahooSoloSeo is in the news today for noting a flaw in MyBlogLog. Techcrunch, and Andy Beal have had their say. [...]

    • 7. Cornwall SEO » Tech&hellip  |  January 11th, 2007 at 4:14 am

      [...] SEO solo has an article about how he set up a spam experiment. [...]

    • 8. TechCrunch en français &&hellip  |  January 11th, 2007 at 4:30 am

      [...] Michael Jensen démontre qu’il est assez simple de spammer MyBlogLog (récemment acquis par Yahoo) and il a utilise TechCrunch comme cobaye pour sa démonstration. Comme beaucoup d’autres bloggeurs nous avons placé un module MyBlogLg qui affiche les récents visiteurs en plus de leur photo. [...]

    • 9. Paul Walsh  |  January 11th, 2007 at 9:15 am

      Funny you should raise this as a concern because one of the developers working for me setup her profile using the Segala logo by mistake. So, it can be used by spammers but it can be done by mistake too when inexperienced users fail to realise what they’re doing.

      Perhaps they should have someone monitoring it.

    • 10. MyBlogLog usato per fare &hellip  |  January 11th, 2007 at 10:10 am

      [...] Infatti Michael Jensen, usando un semplice browser ed uno script avrebbe forzato il posizionamento della propria icona sul blog in questione. Icona che punterebbe ad una improbabile web 2.0 company. Il tutto per dimostrare che servizi come MyBlogLog anche se piacevoli non offrono ancora protezioni da usi impropri. [...]

    • 11. All about seo technology &hellip  |  January 11th, 2007 at 2:17 pm

      [...] MyBlogLog is on so many popular blogs that it was just a matter of time before it started to be abused by spammers. At first, people were able to sign up for fake accounts under other people’s name and now users are able to leverage it for free advertising. [...]

    • 12. Inside SEO with Mr SEO &r&hellip  |  January 11th, 2007 at 3:33 pm

      [...] However, since they do, small blog owners can now have a logo on their site for FREE, giving the small blogger access to the other blogger’s high traffic and tapping into it. The downside is that once you visit a blog that uses the MyBlogLog Widget, your logo gets pushed down the list until it is finally removed. With high trafficked blogs this can happen very quickly. Michael Jensen of SoloSEO explains how to use the Opera browser to have it refresh as often as he likes. [...]

    • 13. Cornwall SEO » What&hellip  |  January 11th, 2007 at 4:28 pm

      [...] Solo seo has already proved this can work and Techcrunch is worried about widget spam. [...]

    • 14. Paula Mooney  |  January 11th, 2007 at 5:05 pm

      Sweet deal on the script. Can I have it? Just kidding! I prefer to MANUALLY enter all my comment spam. :-)

    • 15. Tony Cai  |  January 11th, 2007 at 5:08 pm

      lol, i’m doing this!!

    • 16. TYPELiFE  |  January 11th, 2007 at 9:16 pm

      LoL, I think you might be my psychic mind twin. (Check out my blog, we posted an article about the same subject on the same day, hahaha. Found it eerie when I got linked here!)

    • 17. Web San Diego - WebSanDie&hellip  |  January 11th, 2007 at 10:31 pm

      [...] http://www.soloseo.com/blog/2007/01/10/free-advertising-on-techcrunch-with-mybloglog-flaw/ [...]

    • 18. Michael D Jensen  |  January 12th, 2007 at 4:06 pm

      Art and spam in one with MyBlogLog, very well coordinated.

    • 19. Exploiting MyBlogLog for &hellip  |  January 12th, 2007 at 9:59 pm

      [...] Now on to SoloSEO’s post about spamming MyBlogLog-powered blogs. Had 1152 visits the last time I checked. Digg It | Post to del.icio.us | Post to Reddit [...]

    • 20. SoloSEO Blog » Fool&hellip  |  January 13th, 2007 at 4:11 am

      [...] Case in point… Wouldn’t it be nice to have a link from Michael Arrington of TechCrunch.com? TechCrunch is ranked as the 481st most popular website on the web, with some 139,000 subscribers. In fact Rand Fiskin himself ranked Arrington number 2 on his list of the top 10 most influential search marketing experts this week. So in the field of search marketing, TechCrunch would be an excellent link to pick up. Well, my esteemed partner, Michael Jensen, put a little experiment together earlier this week, using MyBlogLog, Opera, and TechCrunch.com he was able to exploit a potential spamming problem within the MyBlogLog system. He ran the test using TechCrunch.com and about 20 other sites, then revealed the experiment results in a post here. The result? Michael Arrington himself wrote about the experiment in his post entitled MyBlogLog Got Spammed (and so did we). Michael Jensen is a person with a real passion for learning, discovering, and sharing things, he values MyBlogLog, and he saw something that caught his eye, so he ran a few tests and logged his findings. His post turned out to be pretty interesting to many, and the traffic, and natural links, have followed throughout the week. [...]

    • 21. SoloSEO Blog » Usin&hellip  |  January 17th, 2007 at 11:32 pm

      [...] Social networks are amazing from a “data mining” perspective. I’ve had a few posts about MyBlogLog recently, uncovering an easily exploitable flaw and announcing the Missing MyBlogLog Tools. As I’ve looked in depth into the MyBlogLog “network” that is accessible by the public, I’ve realized how much potential there is for doing so much more than what most social media companies do with their networks. A recent research paper (actual paper; thanks to here for blogging it) discusses this in detail, how social networks like MyBlogLog and MySpace create an opportunity for network-based marketing. It’s an interesting read for any entrepreneurs and social media marketing lovers out there. [...]

    • 22. WebProBlog - Internet Bus&hellip  |  January 22nd, 2007 at 10:31 am

      [...] However, it’s not all milk and cookies over at the blogger tool because of a growing concern over spam activity. Over at SoloSEO, Michael Jensen (who’s quickly becoming a MBL watchdog) has written a couple of posts about the increase in spam activity at MyBlogLog; something that can be expected when a service offers anything resembling site promotion features. [...]

    • 23. SoloSEO Blog » Free&hellip  |  January 22nd, 2007 at 12:12 pm

      [...] For all the help we’re giving MyBlogLog (mybloglog flaw, missing mybloglog tools), you’d think we were getting paid (we’re not), or at least getting a free trip to Yahoo! HQ (not yet…). [...]

    • 24. PPC Blog » Spammin &hellip  |  January 23rd, 2007 at 1:09 pm

      [...] It seems I wasn’t the first to think of this, check out the SoloSEO blog. Here’s a snippet of a test he actually ran a week or two ago – I then expanded the test to include 20 other sites that use the MyBlogLog sidebar. Mostly I used sites of people I know and blogs I read often, but you could imagine how easy it would be to find 100+ popular blogs using MyBlogLog. I set each of the 20 pages to refresh every 1 minute, and then sat back and left Opera running for about an hour. Soon I received several email notifications from MyBlogLog about others adding me as a contact, about the same number I get in a couple of days. Later after looking at my site statistics, the peak of my traffic for the day occurred at that precise span of time. [...]

    • 25. Beware of MyBlogLog Trick&hellip  |  January 26th, 2007 at 12:50 am

      [...] Spam is a natural response to popular services. As SoloSEO demonstrated how easy it was to spam Techcrunch using the autorefresh feature. The MyBlogLog guys are busy fixing spam, but new innovative ways emerge everyday to spam MyBloglog. [...]

    • 26. engtech  |  January 28th, 2007 at 9:07 am

      Hi,

      just a note that your right sidebar is broken on this post in Firefox 2.0.0.1.

      The main content has 680px width while the sidebar has 85px width.

      I looked at a few other posts and the problem seems to be limited to this one.

    • 27. Alex Schultz: APIs&hellip  |  January 30th, 2007 at 9:13 pm

      Keyword Spamming YouTube…

      Google is being exploited by spammers on Google video and YouTube. When they start paying for content it will only get worse! Jeremy wrote a little rebuttle of a MyBlogLog spammer, cornwall seo talks about it tooand browsing google video…

    • 28. TrackBacks » Blog A&hellip  |  February 19th, 2007 at 10:26 pm

      [...] SoloSEO Blog » Free Advertising on TechCrunch with MyBlogLog Flaw (tags: spam blogging mybloglog) [...]

    • 29. Why you were logged out o&hellip  |  February 22nd, 2007 at 9:02 pm

      [...] Visitor tracking across several sites used to cause public outcry over privacy issues (remember DoubleClick in the late nineties), but most bloggers just loved the idea of leaving a visible surfing trace and have other blog readers visit their own blog in return.  Membership grew fast, and Mybloglog got acquired by Yahoo just half a year later.   That acquisition caught the attention of … attention spammers, who had an easy time manipulating the system.  What can be easier than faking surfing behaviour? [...]

    • 30. My BlogLog Got Spammed &l&hellip  |  February 24th, 2007 at 4:01 am

      [...] อย่างไร 1: Michale Jensen แนะนำให้ลองลงทะเบียนใหม่ด้วย account ที่เราต้องการใช้ลงโฆษณา เช่น จากนั้นใช้ Opera browser เปิดเข้าไปที่ blog ไหนซักแห่ง ตั้ง autorefresh ทุก 5 นาที เท่านี้โฆษณาของเราก็จะได้อยู่บนๆ ของ MyBlogLog ของ blog ดังๆ แล้ว [...]

    • 31. I Banned MyBlogLog »&hellip  |  February 24th, 2007 at 11:43 am

      [...] So after leaving myself open to XSS exploits, JavaScript exploits, bandwidth hogs, giving away advertising, slow load times, and dealing with countless iPhone / Viagra / Gambling / Hoodia / Paris Hilton / Eat at Joe’s / Check out My / Spam / Spam / Spam, it’s leaving my site. I think I’ll keep the Avatars on the comments though; it makes stuff a little less boring. So go leave some comments or something.     Subscribe to this feed | Add to del.icio.us | Email this | Add to Technorati Favorites! | Digg This! [...]

    • 32. Ajax Girl&hellip  |  March 23rd, 2007 at 5:19 pm

      [...] Michael Jensen shows that it is quite easy to spam MyBlogLog (recently acquired by Yahoo), and he used TechCrunch as the guinea pig for his experiment. We, like many other blogs, display the MyBlogLog widget (right bottom sidebar), which shows recent visitors, along with their photo, to the site. [...]

    • 33. The Pisstakers&hellip  |  April 1st, 2007 at 12:49 pm

      MyBlogLog Sunday…

      MyBlogLog is a brainchild of others more talented than I! Ostensibly, it is a widget – a visual log of bloggers who visit My (or your) blog.

      More accurately, the widget is a reflection of something bigger. There are some good and bad points…

    • 34. pulanet » Blog Arch&hellip  |  May 10th, 2007 at 1:58 pm

      [...] Techcrunch reader Michael Jensen previously demonstrated a simple browser trick to spam MyBlogLog widgets by auto-refreshing the browser every minute or so. [...]

    • 35. Yahoo upgrades MyBlogLog &hellip  |  May 15th, 2007 at 9:16 am

      [...] Michael Jensen has discovered a way to place your ‘ads’ on top ranking blogs who use the MBL widget. He created a new account with the advertising he wanted included as the profile image. He then opened TechCrunch (the blog he used as an example) in his Firefox browser and set it to autorefresh every minute or so. The result was that the “user” kept coming back to TechCrunch and popping to the top of the widget. Some of the traffic that clicked through to the user page on MyBlogLog made its way back to the destination site. Here’s what it looked like [...]

    • 36. TightReviews.com » &hellip  |  May 15th, 2007 at 10:10 am

      [...] Michael Jensen has discovered a way to place your ‘ads’ on top ranking blogs who use the MBL widget. He created a new account with the advertising he wanted included as the profile image. He then opened TechCrunch (the blog he used as an example) in his Firefox browser and set it to autorefresh every minute or so. The result was that the “user” kept coming back to TechCrunch and popping to the top of the widget. Some of the traffic that clicked through to the user page on MyBlogLog made its way back to the destination site. Here’s what it looked like [...]

    • 37. Mark  |  May 16th, 2007 at 5:59 am

      Several of our users use MyBlogLog and I shall certainly inform them of this issue… although hopefully with the upgrades Yahoo has just announced, this issue will be resolved.

    • 38. Online and Offline Promot&hellip  |  August 18th, 2007 at 8:59 am

      Online and Offline Promotion…

      I couldn’t understand some parts of this article, but it sounds interesting…

    • 39. MOST MOST » Blog Ar&hellip  |  January 15th, 2008 at 7:24 pm

      [...] Spam is a natural response to popular services. As SoloSEO demonstrated how easy it was to spam Techcrunch using the autorefresh feature. The MyBlogLog guys are busy fixing spam, but new innovative ways emerge everyday to spam MyBloglog. [...]

    • 40. MyBlogLog Spammers Can Tr&hellip  |  February 9th, 2008 at 4:53 pm

      [...] Techcrunch reader Michael Jensen previously demonstrated a simple browser trick to spam MyBlogLog widgets by auto-refreshing the browser every minute or so. [...]

    • 41. Article Database » &hellip  |  February 13th, 2008 at 9:41 am

      [...] MyBlogLog is on so many popular blogs that it was just a matter of time before it started to be abused by spammers. At first, people were able to sign up for fake accounts under other people’s name and now users are able to leverage it for free advertising. [...]

    • 42. MyBlogLog and spam | Locu&hellip  |  February 21st, 2009 at 12:55 am

      [...] I am amused by these ways to spam MyBlogLog, a little widget you can put on your weblog that shows the last people who visited your site, described by Emre Sokullu and Michael Jensen. [...]

    Leave a Comment

    Required

    Required, hidden

    Some HTML allowed:
    <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    Trackback this post  |  Subscribe to the comments via RSS Feed

    Solo SEO Blog


    Subscribe


    Add to Google
    Subscribe in Bloglines

    Calendar

    January 2007
    S M T W T F S
    « Dec   Feb »
     123456
    78910111213
    14151617181920
    21222324252627
    28293031