October 1, 2008

Top 100 Make Money Online Blogs Hacked?

In Affiliate Marketing | 10 comments | permalink

This blog was recently hacked, and one thing I kept hearing over and over again from readers and friends was: “oh, that is so bad, I hope it never happens to my blog”.

Unfortunately, ‘hope’ is about as useless as an ejector seat in a helicopter against hackers, I don’t ever recall hearing that a hacker was unable to hack into NASA because they were hoping he wouldn’t.

So I contacted a good friend, and we decided to take matters into our own hands, we decided that this would be our good deed for the year, and almost definitely a fast-track into karma heaven.

So we rolled up our sleeves and worked well into the night, searching each and EVERY blog in the infamous top 100 make money online list for any sign that they had also been hacked.

We checked all the big names, from John Chow to Problogger, from Copyblogger to Shoemoney, Jim Kukral to Blueverse.

We started with some good news, none of the BIG 10 had been infected.

Our spirits were high, surely none of the top 100 blogs would be infected… but then I was reminded that DeanHunt.com was in the top 50 when it was hacked.

So onwards we marched, all the way from number 1 to number 100, performing checks on every site on the list.

We finally reached blog 100 in the early hours, exhausted and dizzy.

Had we found a hacked blog? Had one of the top 100 blogs been hacked?

You are not going to believe the answer…

Find out next week when I reveal all….

JUST JOKING

Yes, and yes! One of the top blogs was infected, in fact, it was a blog from within the top 50.

See the screenshot below for proof of what we found:

As you can see, the top 40 blog Affiliate Confession has been well and truly hacked and infected with invisible junk links to ringtone websites. The spam links are still there at the time of writing this.

Now let’s put this into perspective: this is a top 40 site, with over 440 feed readers, it hasn’t been neglected, infact, the most recent post was 24 hours ago, and clearly the owner knows what he is doing.

If you include DeanHunt.com that means that 1 out of every 25 blogs have been infected in the top 50 sites, and remember, these are the big players. Imagine what it is like elsewhere in other industries.

So once again, this is a shout to everyone who owns a Wordpress blog, check your site using the free tool we have created, then read this post to make sure you are protected.

For everyone else, again, we ask you to spread the word, afterall, that such big sites have been infected is BIG news, so mention this on your twitter, blogs, facebook, digg etc….

Together we can raise awareness.

Thankyou.

Dean Hunt (with a lot of help from Paul)

email this | tag this | digg this | trackback | comment RSS feed

Subscribe to my FEED or forever hold your peace

10 COMMENTS

10 comments for this post.

  1. Comment from Wayne Liew on October 1st, 2008 :

    I read your first post on this and didn’t care about the issue. Once you addressed how serious (1 out of 25) this is, I immediately checked all my sites and luckily, they are not hacked.

    Sent out a quick tweet about this to create awareness.

    Wayne
    http://www.twitter.com/WayneLiew

  2. Comment from Kieran on October 1st, 2008 :

    Thanks for the tools guys.
    I’m embarrassed to say that I too was one of the “hope I don’t get hacked crowd”. 2 sites of mine been hacked this year and on both occasions it turned out to be my fault. Forgetting to reset read/write settings after script installations.

    Lucky for me, my hacker was a friendly chap and only put up pics of his country flag and a warning. Lesson learned.

  3. Comment from David Wilkinson on October 1st, 2008 :

    Exposé for the win!

    I dearly hope you contacted the blog owner prior to pointing it out. The last thing he needs is every cross site scripter on the net hacking into his blog and causing REAL damage.

  4. Comment from tiggsy on October 1st, 2008 :

    I tried adding the .htaccess you suggested into my wp-admin folder on several blogs, and found that, when I tried to log in, i got a 404 every time. So ive disabled it. Any ideas how to fix this?

  5. Comment from Martin Malden on October 1st, 2008 :

    Thanks for all your work, Dean, Paul and everyone else who was involved, and thanks, Paul, for making the cache checker available.

    I’m letting everyone know via every communication means at my disposal!

    Thanks again,

    Martin.

  6. Comment from Garry Conn on October 2nd, 2008 :

    Keith Dsouza was hacked about an hour ago. He runs a tech blog. All this sounds just like what he just went through.

    http://twitter.com/keithdsouza

  7. Comment from Dean Hunt on October 2nd, 2008 :

    Yes, we spoke to the blog owner prior, and he sent us a nice email thankyou.

    Dean

  8. Comment from 45n5 on October 2nd, 2008 :

    it has nothing to do with the top100 and everything to do with people using WORDPRESS!

    You put a large target on your back that says “hack me” when you use wordpress, especially when you don’t religiously update the security patches.

  9. Comment from Dean Hunt on October 2nd, 2008 :

    45n5, very true.

    I should have added that actually, not all the top 100 were Wordpress sites… and we were only looking for infections on Wordpress sites.

    Which makes the stats even more worrying then.

    The top100 was only mentioned to show the average user that even the big guns are being affected.

    Dean

  10. Comment from Linn on October 13th, 2008 :

    umm, I am using wordpress as well.

    thanks for the tools link..

    i will check it out now.

    cheers

Leave a Comment