Before a couple months I was doing some googlehacking and wanted to see how many stupid blackhats are on the net. I searched for queries like “inurl:RSS2B2″, “inurl:RSS2B3″, “inurl:RSS2B” (these are some of the default folders for Rss2blog) in Google and yahoo. I found several folders indexed, most of the times because there wasn’t and index.html file in the root. Next I tried the default login details admin:admin and a lot of them allowed me to login. Next was Traffic equalizer web version. I used “inurl:TEadmin”, “inurl:TEADMIN” etc which are the default folders. Again admin:admin did the trick.
What could I do with access to their scripts?
I could set their rsstoblog to post and ping every 1 minute, which gets your blogger blogs banned, your host overloaded and your ip banned from the pinging. I could delete all their folders with Traffic equalizer. I could generate 1 million pages with junk. I could find a hole that gave me unlimited access to their site and create a backdoor. If I followed the links to their splogs I could find more of their sites, which would surely have the defaults too.
So if you don’t change the login at least change the folder name and always remember to put an empty index.html file on all your sites.
I also found other scripts which could be exploited as well as a couple scripts that I hadn’t heard of. One of them was WordPress Elite which I found on 2-3 sites. I couldn’t find any more info about it except a “coming soon” site and that it had to do with wordpress management/automation. A couple days ago I saw that WordPress Elite had been live for some time and I checked out the site.
Some of the things it does:
Upgrade your wordpress install to the most up to date version.
Change themes to ANY blog without uploading any files.
Insert your ping list into the update services area to ping blog directories.
Removes the default “Hello Word” post in the default theme.
Makes the blogrolls invisible. Keep visitors on your sites.
Improves the permalink structure.
Installs 9 (and growing) ultra powerful plugins (my favourite being the “auto link” plugin which interlinks all your blogs)
Show post summaries – Summaries can then lead to the full post.
Manages all the login details and links to all your blogs from one location.
Choose how many posts to show per page.
Also notable is the RSS Announcer free bonus, which submits your feeds to multiple feed directories and search engines.
It’s a hosted service which I don’t like but it is really saving me some time with my small number of non automated blogs. I don’t know if it could help you with your splogs but if you have more than a couple blogs then you might be interested in it.