Another Wordpress Blog

Seo Egghead has evidently discovered a WP 2.3.1 vulnerability HTML-tainting attacks. (The vulnerability evidently exists in W.P 2.1). The apparent application is to inject ads into bloggers older posts; these would tend to look like paid links. The problems for you would be a potential drop in page rank.

SEO Egghead recommends bloggers check their posts for insserted links to mp3 sites he has discovered at his site, and provides a plugin for this purpose.

I may be wrong, but I think you need to use his plugin. You should be able to get the same information by clicking “manage” in your dashboard, finding the big “search box” and entering ‘adshelper’. Then, click search. WP will return a list of posts containing links to “adshelper”. Next repeat the search for ‘softicana’. If both searches return zero pages, you’re clean.

While your at it: why assume these are the only hacker-advertisers? Take a little time and search for words like “mp3″, “casino”, “mortgage”, “viagra” and anything else you can dream up. If you find anything, blog about it so other bloggers can learn and check.

With luck, if my suggested method of testing useless, and you really do need to use the plugin, Seo Egghead will pop in and tell us I’m wrong. (I asked at his blog last night, and I’ll keep checking for an answer .)

Are you wondering how I did?
I seem to be ‘clean’ on both ‘adshelper’, ‘softicana’ and a variety of other terms I dreamed up.

Hmmm… Plugin idea
If these sorts of HTML tainting attacks are common, I should probably write a plugin that periodically scans all blog posts for a standard set of blacklist terms, plus terms in the users own blacklist. Monthly checks at all our blogs would let us catch these things and warn others. It would be an easy plugin… hmmm….

If readers do run this test, and any come up “tainted”, I’ll seriously consider writing that plugin. Meanwhile, I need to get through updating all my existing ones first!

After last week’s Google events, I figure it’s worth reporting page ranks (whatever they may mean.) Here are PR for my blogs:

• BBB has toolbar page rank of 3. This is up from none.
  Does it deserve a PR=3? Beats me. Obviously, the answer to this question depends on what page rank is supposed to mean, what the metrics are supposed to measure and what ranks other bloggers were given. In many cases, I know the answer to the final question, but not the first. I also have no idea what the answers to the first two questions might be.
  
  
• My knitting blog, has a toolbar page rank of 3. It had a page rank of PR= 5 last March and dropped to PR4 during that update. I noticed the page rank of many knitting blogs dropped at that time. My blog’s page rank dropped to 2 last week, and is now back up to 3.

  Does it deserve a PR=3? Or PR4? Or PR2? Once again, who knows? I’ve been neglecting that blog mostly because the knitting has been going slowly. It has quite a few links to internal pages because they are a unique resources for knitters. The top blog page has quite a few editorial links in sidebars because that’s what non-monetized knitting blogs do.)
  

• My diet blog- which I started, totally abandoned, and doesn’t have many links has a toolbar page rank of 2.

  Does it deserve a PR=2? That blog probably deserves a lower page rank!

  Of course, if I wanted to make money, I should be working on developing the diet blog because dieting is easy to monetize. Even with a PR of 2, it would be fairly easy to sell hidden links, affiliate advertising and PPC adveritizing. Unfortunately, the topic bores the heck out of me! I’d rather work a few more hours on my real job than spend those hours writing about dieting.
  

So, that’s about it!

Hi John Reese,
I read your you plan to kick out bloggers who place widgets in the footer because you think we are cheaters.

John, your reaction shows you aren’t reading the blogs I read. “Cheating” is not the main reason why Blogrush widgets are often found in the footer. If you understand the main reason, you’ll be able to help bloggers, and improve Blogrush.

Do you want to know why the Blogrush Widget is in my footer?

I moved the widget to the footer because it often loads s__l__o__w__l__y and causes my sidebars to hang. ( I complained about this here. You’ll find Steve Cronin also moved the widget to the footer because it often loads s__l__o__w__l__y . I’m sure if you search a bit more, you’ll find other bloggers who have done the same. )

John, if you aren’t noticing the issue, it’s because you have a consistent, high speed connection. My service from Comcast is finicky.

I’m planning to fix my sidebars to deal with slow loading widgets.

Unfornately, fixing the sidebars will involve CSS; which I’m terrible at. Also, revamping my theme to compensate for slow loading widgets is not a high priority, particularly since the Widget seems to send 0.22% of my total traffic.

I prefer to spend time writing my own pillar content which I think will attract much, much more traffic than Blogrush.

Here’s what you, John Reese, could do to help me, other bloggers, and Blogrush.

It appears you think you can best fix this by threatening us, and kicking us out for placing the code in the footer. Of course, you can do that. But that would reduce the reach of Blogrush.

So, in the spirit of cooperation, might I suggest a fair solution that would help us all?

Could you, or your company post a tutorial on how to correct our themes to prevent Blogrush from interfering with our page loads? This would help you; it would help me. It would help Blogrush.

After you post this tutorial, could you send us a nice email us so we can read that post?

Sincerely,