MyBlogLog has become hugely popular and was even acquired by Yahoo recently, but I recently discovered a flaw that can easily be exploited by anyone in less than 60 seconds and create free advertising on TechCrunch (and hundreds of other sites). Please don’t do this, or even try this, as it is spammy. If you run the MyBlogLog sidebar on your blog you should be aware of the flaw, so I wanted to get it out in the open (keep reading for help to get around it).
After identifying the flaw, I knew I would need to test this to verify that it was in fact possible, so I did a short experiment. First I created a dummy MyBlogLog account. Then I opened Opera (the browser), which has a feature to set a page to refresh automatically for a period of time, like every 10 seconds, 30 seconds, 1 minute, etc. After I logged in at MyBlogLog, I went to techcrunch.com and set the page refresh to 1 minute. After a few minutes of letting Opera do its refresh thing, I checked in FireFox (not logged into MyBlogLog) to verify I had the top spot. I did.
I then expanded the test to include 20 other sites that use the MyBlogLog sidebar. Mostly I used sites of people I know and blogs I read often, but you could imagine how easy it would be to find 100+ popular blogs using MyBlogLog. I set each of the 20 pages to refresh every 1 minute, and then sat back and left Opera running for about an hour.
Soon I received several email notifications from MyBlogLog about others adding me as a contact, about the same number I get in a couple of days. Later after looking at my site statistics, the peak of my traffic for the day occurred at that precise span of time.
Again, please don’t use MyBlogLog in this way, just be aware that MyBlogLog can be exploited in this way.
One redeeming feature of MyBlogLog, although not nearly adequate, is the X option. If you run a blog with a MyBlogLog sidebar you can turn off any avatars (pictures) you want by hovering over and clicking the X. You can also turn yourself off when you are at someone’s blog using the same method. But unless MyBlogLog fixes the ability to spam many blogs in this way, it will get abused and you will see sites like TechCrunch forced into removing their MyBlogLog sidebar. No one wants to monitor their site and filter out avatars all day long. So, MyBlogLog (and Yahoo now), you’ll need to figure out some way to avoid this.
And while you’re at it, can you please put a search box on your home page?