rants from the dark side of marketing

Power your WordPress

Before a couple months I was doing some googlehacking and wanted to see how many stupid blackhats are on the net. I searched for queries like “inurl:RSS2B2″, “inurl:RSS2B3″, “inurl:RSS2B” (these are some of the default folders for Rss2blog) in Google and yahoo. I found several folders indexed, most of the times because there wasn’t and index.html file in the root. Next I tried the default login details admin:admin and a lot of them allowed me to login. Next was Traffic equalizer web version. I used “inurl:TEadmin”, “inurl:TEADMIN” etc which are the default folders. Again admin:admin did the trick.

What could I do with access to their scripts?

I could set their rsstoblog to post and ping every 1 minute, which gets your blogger blogs banned, your host overloaded and your ip banned from the pinging. I could delete all their folders with Traffic equalizer. I could generate 1 million pages with junk. I could find a hole that gave me unlimited access to their site and create a backdoor. If I followed the links to their splogs I could find more of their sites, which would surely have the defaults too.

So if you don’t change the login at least change the folder name and always remember to put an empty index.html file on all your sites.

I also found other scripts which could be exploited as well as a couple scripts that I hadn’t heard of. One of them was WordPress Elite which I found on 2-3 sites. I couldn’t find any more info about it except a “coming soon” site and that it had to do with wordpress management/automation. A couple days ago I saw that WordPress Elite had been live for some time and I checked out the site.

Some of the things it does:

Upgrade your wordpress install to the most up to date version.
Change themes to ANY blog without uploading any files.
Insert your ping list into the update services area to ping blog directories.
Removes the default “Hello Word” post in the default theme.
Makes the blogrolls invisible. Keep visitors on your sites.
Improves the permalink structure.
Installs 9 (and growing) ultra powerful plugins (my favourite being the “auto link” plugin which interlinks all your blogs)
Show post summaries – Summaries can then lead to the full post.
Manages all the login details and links to all your blogs from one location.
Choose how many posts to show per page.

Also notable is the RSS Announcer free bonus, which submits your feeds to multiple feed directories and search engines.

It’s a hosted service which I don’t like but it is really saving me some time with my small number of non automated blogs. I don’t know if it could help you with your splogs but if you have more than a couple blogs then you might be interested in it.

Posted on Thursday, October 27th, 2005 at 4:37 am under Rants. You can skip to the end and leave a response. Pinging is currently not allowed.

6 Comments

Gary Huynh Says:

Thanks for the plug. I enjoy reading your posts and have been reading for some time now. WordPress Elite was just released as a standalone version so you can install it on your own host. Did you get that update email from me today?

G3kk0 Says:

On Te: You could also replace all the affiliates and insert your adsense publisher ID. Unless your target was checking their stats and had the brains to check their sites closely they would just assume the sites tanked.

I bought several sites from a guy cause he thought they had tanked. I got them for a great price and they are still some of my best earners. And no, I didnt hack his site to get em. I am rutheless but fraud, no no no–errr, at least most of the time.

IrishWonder Says:

Let me guess: this content has been stolen off the syndk8 forums?

blackhat-seo Says:

Stolen from Syndk8? Only one post comes to mind, and that’s my post about using someone else’s rsstoblog.

What’s with the comments today Irish? (assuming you are IrishWonder indeed)

David Quincy Says:

Hi, I have read your site from time to time. I stumble on your rant about RSStoBlog, and then found an actual video that described your exploit 2 weeks later posted inside a forum in my coaching club. Your readers might enjoy this. Hopefully this will make them take your advice..
http://www.websitedefense.info/teaser is where I found the video

Rob Says:

I own WordPress Elite. Gary has since sold it off to Jason Cooper. You might want to check out WPManagerDX.com ‘s script. It blows the pants off of WP Elite!

Leave a Reply

You must be logged in to post a comment.

 

Subscribe

RSS feed

Contact


Pages


Search


Asides

Content may be king, but distribution pays the king’s mortgage.

8/12/09» 15:51» link» comments

Google acquired reCaptcha about a month ago, you might want to throttle your reCaptcha solving per IP address from now on.

14/10/09» 16:22» link» comments

Matt Cutts on how Google deals with spam.

7/10/09» 14:31» link» comments

Why you don’t want to shard.

Real World Web: Performance & Scalability.

NGINX + PHP-FPM + APC.

Gearman is interesting.

31/08/09» 4:46» link» comments
 
 
Copyright 2008, blackhat-seo.com