• Feed

    Subscribe in a reader

    Subscribe in Bloglines

    Subscribe to Nafurai by Email

    • « | Main | »

    Upgrade your Blog or face hate email

    By maurizio | October 11, 2007

    Nice title, isn’t it?
    Unfortunately it’s true.
    Blogging software is complicated and programmers sometimes make mistakes on it.Sometime the problem is not the blog itself but the software that lies below it. It happens that some of those problems can be used to gain access to your web server account. This kind of bugs could be seen as a problem for the webmaster only but that’s far from the truth. A cracker (or script kiddie, whatever you prefer to use to define those “hacker” ) isn’t really interested in hacking your “Make Money Online” blog just to show his skills and he’s not interested in reading your stats too. The modern crackers are interested in your database, especially user data. That’s why your readers could start sending you hate mail.

    I did that myself.

    If you haven’t understood yet, the interesting data on the Database are comment’s email addresses. Do you remember the small text “not displayed” near the comments’ email address request? Well, that email address is secret and only the owner of the blog can see it. If a cracker gain access to your database, he can read all your users’ email addresses!

    If you are unlucky to be in that situation and one of your users did a little experiment like I did, you’ll start to get email from him.
    My experiment was to use a unique address for every blog where I leave a comment. I don’t write in many blogs so it’s not that difficult. I keep track of them and they are less than 50. A couple of days ago I started to receive email do that address so I wrote some kind of “hate” email to the owner with a question if he’s the spammer or if he had some problem with the server.
    If he was honest with me (and if I trust what he said) he was a victim of that defacement. Actually the victims are all those people who wrote a comment on his blog leaving the real email address.

    Today I’ve received 20 spam to that address (they should be 10 because for some reason they were doubled. Stupid spammers).

    Next time you see a security update for your blog, download it immediately.

    Share This

    Topics: Ramblings | 1 Comment »

    Read other related posts:

  • Words Illusions
  • BloggingToFame is spamming me!
  • Clicky API is out of beta

    • One Response to “Upgrade your Blog or face hate email”

    1. Johnny Ong Says: MyAvatars 0.2
      October 17th, 2007 at 5:42 pm

      never came across my mind at all

    Comments

    Subscribe without commenting