Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 04, 2016, 12:32:05 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?  (Read 9978 times)

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #25 on: December 22, 2010, 08:55:46 AM »
But not really the point of paying for a wordpress.com premium account? - if I understand that deal correctly. They take care of everything. Ease of use for those with no time or ability to find possibly shady host them self. Someone needs a spanking at WP. Matter of having a policy about how to handle all those TOS agreements. On wordpress.org they are pretty strict with reviewing themes but plugins seems to be approved fast and without much QA. Priorities rule the world but can be changed. Cloud is safe if taken care of :)

On related note Google now warns about infected sites http://blogs.techrep...com/security/?p=4884 Not sure this problem qualifies but if security on computers is so so it is non existing when air borne. Many admins, high and low, are ???? about security/malware/spam problems.

Quote
The new warning triggers when the search engine finds a website where parts or all of it are not under control of the site’s owner.
says Google so I guess this site or injection does qualify - as does every Google ads ;)
« Last Edit: December 22, 2010, 09:43:47 AM by Bamse »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,666
    • View Profile
    • App's Apps
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #26 on: December 22, 2010, 12:52:47 PM »
If it uses JavaScript, can't you code something up that erases the variables/object used by it? As I understand it, that's one of the major weaknesses of JS, there isn't a way to make objects/variables that can't be accessed by any other JS code on the site.

Wordpress.com doesn't allow users to use any code outside basic HTML, CSS, and approved preinstalled scripts (in the form of widgets)...so how do you propose this be done without using any javascript?

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,713
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #27 on: December 22, 2010, 01:41:22 PM »
If it uses JavaScript, can't you code something up that erases the variables/object used by it? As I understand it, that's one of the major weaknesses of JS, there isn't a way to make objects/variables that can't be accessed by any other JS code on the site.

Wordpress.com doesn't allow users to use any code outside basic HTML, CSS, and approved preinstalled scripts (in the form of widgets)...so how do you propose this be done without using any javascript?

I didn't realize the site was entirely run by WordPress.com as opposed to just using WordPress(.org) software.

But I suppose it was made pretty clear in the first post. Reading comprehension FTW.  :-[

« Last Edit: December 22, 2010, 01:43:12 PM by Deozaan »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #28 on: December 22, 2010, 03:09:04 PM »
There's really nothing that can be done as it is happening server-side. (I crapped myself when I read the first email thinking that my machine may have been compromised. It was a relief when I found out it wasn't.)

If you found an exploit for Wordpress, then you might be able to do something about it depending on the severity. But in all likelihood, you could only do it for a site that you control, and not for all Wordpress sites, which makes fixing the problem illegal irrespective of the scope, so why risk jail to fix the problem just for yourself?

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?
« Reply #29 on: January 13, 2011, 11:44:56 PM »
Follow-up:

Well, this is still in the code:

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>

But I've not had any drop in surveys since.

So, the company seems to be still employed with WordPress, but they've put a stop to their little shenanigans.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker