Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 08, 2016, 09:48:49 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?  (Read 9986 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« on: December 20, 2010, 11:16:13 PM »
<rant>

THOSE FUCKING DOUCHES!

I just ranted about my crappy Mac DVD drive, and then these douches (Scorecard Research) drop a survey on the site (http://kewlaid.net). It's hosted at Wordpress, so I'm pretty pissed with them as well.

Enraged that they'd put their crap on a site that I pay for, I had to use their contact form:

Quote
You dropped a survey into my site at http://kewlaid.net.

What the fuck makes you think that it's fucking ok to put your shit on MY FUCKING SITE THAT I FUCKING PAY FOR~!

I expect a fucking response.

Seriously. Isn't this criminal?

This is what they fucking did:

ScorecardResearchSurvey.pngScorecard Research Survey (NSFW) - Ed. Wordpress hacked?

Pissed. Very pissed.

</rant>

EDIT: Changed subject
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
« Last Edit: December 21, 2010, 11:11:27 AM by Renegade »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #1 on: December 20, 2010, 11:27:46 PM »
<rant>

I felt the overwhelming need to contact Wordpress as well...

Quote
I did:
I posted on my domain at http://kewlaid.net where I have paid for no ads.

I saw:
Scorecard Research posted a survey on MY SITE on MY DOMAIN.

I expected:
I expected that having paid for no fucking ads, that there would be no fucking ads.

I am fucking pissed. How the fuck do you think it is ok to post fucking ads and shit on MY FUCKING DOMAIN when I pay for NO FUCKING ADS?

YOU ARE POSTING ARBITRARY CODE THAT IS NOT A PART OF WORDPRESS ON MY SITE.

Normally this would be considered hacking or theft of services. It is at the very minimum spam. It is clearly using my domain and services that I have paid for to spam people, and sure as hell looks like criminal theft of services.

I have posted here with a screenshot of the Scorecard Research survey:

http://www.donationc...ex.php?topic=24965.0

I'm not going to tell anyone about my online usage, but I'm sure as fuck going to ask why someone is polluting my site with spam!

</rant>
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #2 on: December 21, 2010, 09:16:17 AM »
<unrant>

Well, I got a response from Wordpress, and I'm satisfied that they're not slipping in crap. Still ticked at ScorecardResearch though.

</unrant>
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 983
    • View Profile
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #3 on: December 21, 2010, 09:18:38 AM »
So what did Wordpress say?  And how DID ScorecardResearch put its garbage on your site?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #4 on: December 21, 2010, 09:23:49 AM »
So what did Wordpress say?  And how DID ScorecardResearch put its garbage on your site?

This was the WP response I got:

Quote
Hi,

I assure you, there are no ads on your blog.

I took a look at the screenshot you posted, and there is definitely cause for concern.

We are not affiliated with ScoreCardResearch in any way, but what you're seeing is a common bit of tracking malware that you may have picked up from any site.

I recommend clearing your cache and cookies immediately and running an anti-virus scan on your computer.

http://www.google.co...=en&answer=32050

Regards,

James | Happiness Engineer | WordPress.com and IntenseDebate

I ran 2 complete scans that turned up nothing, so I don't really know how it got there.

I DID install a few games though from a post in another thread. I'd never seen it before then, so it might be related. Not sure.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #5 on: December 21, 2010, 09:32:15 AM »
I don't believe your computer is infected with anything, and this is why...

This is very clearly at the very bottom of your page code:

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script><script type="text/javascript">try{COMSCORE.beacon({c1:2,c2:7518284});}catch(e){}</script><noscript><p class="robots-nocontent"><img src="http://b.scorecardresearch.com/p?cj=1c1=2&c2=7518284" alt="" style="display:none" width="1" height="1" /></p></noscript><script src="http://s.stats.wordpress.com/w.js?19" type="text/javascript"></script>
<script type="text/javascript">
st_go({'blog':'17744093','v':'wpcom','user_id':'0','post':'0','subd':'drinkthekewlaid'});
ex_go({'crypt':'RDZ8LFkxbXFNLFlqbmNuOUklLytJVjAuaD9Xa1RJL2tfLixtbVZqSlprY3Byem0yVVBQJWtna1ZTZ1ZdalMuTFQmNjJ1ckYrbVVKcE1zVklXS0VobDg2cXQtR0Q4L3JiOXBXLFA4MzFxXWdkQVRYd3xWYVJQVWpwZFdTSyslJjlsai01L25PaW40ZG5kRGx5cm50NVI9THE5b0NoSmFmWz9UfkZFaVVZUiU2QmUsNzUxc20yYkVXQm1oV0JCXUN+Q1lJQXpBMU9IKzFr'});
addLoadEvent(function(){linktracker_init('17744093',0);});
</script>

Wordpress does not allow users to insert javascript code into pages. The only javascript that should be in your page code should be either code that is part of Wordpress itself or code from widgets that they approve and make available to users.

In other words, unless this is some feature you selected from some menu, preapproved by Wordpress, then Wordpress had to have added it without you knowing, or Wordpress itself got hacked (not just your site) and someone has inserted it into their wordpress code that is being used on all sites they host.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #6 on: December 21, 2010, 09:33:58 AM »
I don't believe your computer is infected with anything, and this is why...

This is very clearly at the very bottom of your page code:

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script><script type="text/javascript">try{COMSCORE.beacon({c1:2,c2:7518284});}catch(e){}</script><noscript><p class="robots-nocontent"><img src="http://b.scorecardresearch.com/p?cj=1c1=2&c2=7518284" alt="" style="display:none" width="1" height="1" /></p></noscript><script src="http://s.stats.wordpress.com/w.js?19" type="text/javascript"></script>
<script type="text/javascript">
st_go({'blog':'17744093','v':'wpcom','user_id':'0','post':'0','subd':'drinkthekewlaid'});
ex_go({'crypt':'RDZ8LFkxbXFNLFlqbmNuOUklLytJVjAuaD9Xa1RJL2tfLixtbVZqSlprY3Byem0yVVBQJWtna1ZTZ1ZdalMuTFQmNjJ1ckYrbVVKcE1zVklXS0VobDg2cXQtR0Q4L3JiOXBXLFA4MzFxXWdkQVRYd3xWYVJQVWpwZFdTSyslJjlsai01L25PaW40ZG5kRGx5cm50NVI9THE5b0NoSmFmWz9UfkZFaVVZUiU2QmUsNzUxc20yYkVXQm1oV0JCXUN+Q1lJQXpBMU9IKzFr'});
addLoadEvent(function(){linktracker_init('17744093',0);});
</script>

Wordpress does not allow users to insert javascript code into pages. The only javascript that should be in your page code should be either code that is part of Wordpress itself or code from widgets that they approve and make available to users.

In other words, unless this is some feature you selected from some menu, preapproved by Wordpress, then Wordpress had to have added it without you knowing, or Wordpress itself got hacked (not just your site) and someone has inserted it into their wordpress code that is being used on all sites they host.

Very interesting. Thanks for that. I'll report it to them.

EDIT: Reported to Wordpress.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
« Last Edit: December 21, 2010, 09:36:43 AM by Renegade »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #7 on: December 21, 2010, 09:46:14 AM »
Just took a quick look at a number of different blogs hosted at wordpress.com. They all have this code at the bottom of every page, including this rather famous blog.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #8 on: December 21, 2010, 10:33:52 AM »
Just took a quick look at a number of different blogs hosted at wordpress.com. They all have this code at the bottom of every page, including this rather famous blog.

That simply stinks of WP being hacked. I can't see them being dirty as they have a good name.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #9 on: December 21, 2010, 10:42:13 AM »
Just took a quick look at a number of different blogs hosted at wordpress.com. They all have this code at the bottom of every page, including this rather famous blog.

That simply stinks of WP being hacked. I can't see them being dirty as they have a good name.

That's my thoughts, as well. I have contacted Lorelle, since her site is affected and if anyone can make WP take this issue seriously and investigate it, I know she can, pretty quickly.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Scorecard Research Survey (NSFW)
« Reply #10 on: December 21, 2010, 11:05:27 AM »
There is more than 1 3rd. party power here. http://support.mozil...-IE/questions/725177 so I would guess sharing or voting plugin is to blame. That problem was due to a Technorati script, see last post at link. Could be anything activated really. If you bought domain from Wordpress they have some cleaning up to do :) Their responsibility to check plugins.
« Last Edit: December 21, 2010, 11:10:36 AM by Bamse »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #11 on: December 21, 2010, 06:18:07 PM »
Just got a reply from Lorelle:

Quote
"Lorelle has contacted WordPress.com as requested details on this
issue and will get back to me. Until we hear directly from
WordPress.com, Lorelle has told me that she thinks this is just code
debugging and WordPress.com working with that service for surveys or
tracking, a non-offensive bit of code."


Edit: Lorelle contacted me again and was a bit upset that I quoted the text of her email and stated that I should have paraphrased her, instead. I promised I would change this post and I included the suggested paraphrase, quoted from her most recent email to me.

« Last Edit: December 22, 2010, 01:46:57 AM by app103 »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #12 on: December 21, 2010, 07:25:54 PM »
This was the WP response I got:

Quote
Hi,

...
Regards,

James | Happiness Engineer | WordPress.com and IntenseDebate

So, I just gotta ask... WTF is a Happiness Engineer?!? Is his computer surrounded by brightly colored flowers and fluffy bunnies?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #13 on: December 21, 2010, 08:06:03 PM »
Looks like this is "legal hacking"...

Got another response from Wordpress:

Quote
Hi,

You're absolutely right, I'm sorry about that!

We use comScore for internal analytics, and Scorecard Research appears to be one of their things.

At some point, probably very recently since you're the only one to have reported this so far, they changed their terms of service to allow themselves to "serve short surveys" to our users.

Fortunately, they have provided us with an opt-out, and we're currently in the process of doing just that.

We truly apologize for this inconvenience and thank you for reporting this to us!

James | Happiness Engineer | WordPress.com and IntenseDebate
 

Ahem... In short, Scorecard screwed Wordpress by changing their agreement. You know who does that? Darth Vader. That's who! What total douches...
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #14 on: December 21, 2010, 09:00:10 PM »
I checked and the code is gone. Looks like they've gotten rid of it.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

timns

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,211
    • View Profile
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #15 on: December 21, 2010, 09:11:17 PM »
Looks like this is "legal hacking"...

Got another response from Wordpress:

Quote
Hi,

We truly apologize for this inconvenience and thank you for reporting this to us!

James | Happiness Engineer | WordPress.com and IntenseDebate
 

Ahem... In short, Scorecard screwed Wordpress by changing their agreement. You know who does that? Darth Vader. That's who! What total douches...

If I were WordPress I would drop those mothers and warn the entire community away from them.

But then again, I'm not a Happiness Engineer. I'm a Bitter and Twisted Engineer.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #16 on: December 21, 2010, 09:15:06 PM »
comScore is a known spyware company with a number of shady tracking products, among them browser plugins that present a security risk to the user, and scripts to track behaviors of your site visitors, not just across your site but other sites as well, with the data being sold to other companies. They are not new to the world of controversy, they don't always get the user's consent for tracking, and their privacy policy is not known to be too good. They have lobbied the anti-malware companies trying to get a new category of spyware to be recognized, calling it "researchware" in order to get their spyware products whitelisted. The anti-malware companies are not falling for it.

Information Week: Is ComScore Trafficking In Spyware?
SecurityFocus: comScore receives spyware allegations
Computer World: Sears/Kmart spyware scandal (and Falkirk Wheel)
Beta News: Sears found to be using spyware to track visitors
University of Maryland: Google to partner with researchware firm comScore
The Register: How ComScore can track your mouse clicks
ComScore Doesn't Always Get Consent

There are plenty more, but the ones from TechRepublic, Forbes, and the Washington Post won't load for me.

Just do a google search for "comScore spyware" if you want tons more reading material.

The fact that Wordpress would willingly team up with this shady company is disappointing, to say the least.

I checked and the code is gone. Looks like they've gotten rid of it.

Glad to hear that, but keep your eyes on your page code from now on, any way.
« Last Edit: December 21, 2010, 11:57:08 PM by app103 »

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #17 on: December 21, 2010, 09:32:38 PM »
Post their screw up to Lorelle. If she screams may be higher powers tell the happy engineers to read and understand notes from 3rd party suppliers, like change of TOS.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #18 on: December 21, 2010, 09:35:03 PM »
Post their screw up to Lorelle. If she screams may be higher powers tell the happy engineers to read and understand notes from 3rd party suppliers, like change of TOS.

I did give her a link to this thread in my original email to her, inviting her input if she knows anything about this issue.


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #20 on: December 21, 2010, 09:56:43 PM »
This really is a textbook case in why "the cloud" is just a stupid idea in many ways.

I was softening on the issue, and using Wordpress was part of my experiment in getting things off of my own servers and into "the cloud". I just started using my Flickr account that I've had for years now.

But this really shows how all that is so widely open to abuse. It should be flat out illegal to include agreement terms that let a company change the agreement at any time. This is a perfect example. comScore/Scorecard Research changes their agreement and screws Wordpress along with all the Wordpress customers.

I really don't know if I want to use other services much when this kind of thing goes on. Still, I want to off-load things into the cloud more, but it just leaves a bad taste in my mouth.

The issue isn't about the actual services; it's about the legalese, privacy issues, and flat out abuse by unethical companies. Can I trust them? Apparently not.

I used to use Xoom many years ago, but the dotcom bust came along and it went under, and I lost everything I'd uploaded there, which was a significant amount of work. But with so many other "options" out there, companies can monetize with underhanded methods and save their necks if required.

There are just too many risks "in the cloud" for anything important.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #21 on: December 22, 2010, 01:49:42 AM »
I checked and the code is gone. Looks like they've gotten rid of it.

Nope, it's still there on your site as well as all other Wordpress.com blogs. They have not removed it at all.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #22 on: December 22, 2010, 02:57:52 AM »
I checked and the code is gone. Looks like they've gotten rid of it.

Nope, it's still there on your site as well as all other Wordpress.com blogs. They have not removed it at all.

Damn. You're right. They just moved the code up. I only checked the end where it was before. (Busy coding some imaging software right now and got lazy...)
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #23 on: December 22, 2010, 06:06:14 AM »
Nice to watch you guys in action catching a bad guy, keep it up!

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,721
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #24 on: December 22, 2010, 08:45:26 AM »
If it uses JavaScript, can't you code something up that erases the variables/object used by it? As I understand it, that's one of the major weaknesses of JS, there isn't a way to make objects/variables that can't be accessed by any other JS code on the site.