You dropped a survey into my site at http://kewlaid.net.
What the fuck makes you think that it's fucking ok to put your shit on MY FUCKING SITE THAT I FUCKING PAY FOR~!
I expect a fucking response.
I did:
I posted on my domain at http://kewlaid.net where I have paid for no ads.
I saw:
Scorecard Research posted a survey on MY SITE on MY DOMAIN.
I expected:
I expected that having paid for no fucking ads, that there would be no fucking ads.
I am fucking pissed. How the fuck do you think it is ok to post fucking ads and shit on MY FUCKING DOMAIN when I pay for NO FUCKING ADS?
YOU ARE POSTING ARBITRARY CODE THAT IS NOT A PART OF WORDPRESS ON MY SITE.
Normally this would be considered hacking or theft of services. It is at the very minimum spam. It is clearly using my domain and services that I have paid for to spam people, and sure as hell looks like criminal theft of services.
I have posted here with a screenshot of the Scorecard Research survey:
https://www.donationcoder.com/forum/index.php?topic=24965.0
I'm not going to tell anyone about my online usage, but I'm sure as fuck going to ask why someone is polluting my site with spam!
So what did Wordpress say? And how DID ScorecardResearch put its garbage on your site?-cyberdiva (December 21, 2010, 09:18 AM)
Hi,
I assure you, there are no ads on your blog.
I took a look at the screenshot you posted, and there is definitely cause for concern.
We are not affiliated with ScoreCardResearch in any way, but what you're seeing is a common bit of tracking malware that you may have picked up from any site.
I recommend clearing your cache and cookies immediately and running an anti-virus scan on your computer.
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=32050
Regards,
James | Happiness Engineer | WordPress.com and IntenseDebate
I don't believe your computer is infected with anything, and this is why...
This is very clearly at the very bottom of your page code:<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script><script type="text/javascript">try{COMSCORE.beacon({c1:2,c2:7518284});}catch(e){}</script><noscript><p class="robots-nocontent"><img src="http://b.scorecardresearch.com/p?cj=1c1=2&c2=7518284" alt="" style="display:none" width="1" height="1" /></p></noscript><script src="http://s.stats.wordpress.com/w.js?19" type="text/javascript"></script>
<script type="text/javascript">
st_go({'blog':'17744093','v':'wpcom','user_id':'0','post':'0','subd':'drinkthekewlaid'});
ex_go({'crypt':'RDZ8LFkxbXFNLFlqbmNuOUklLytJVjAuaD9Xa1RJL2tfLixtbVZqSlprY3Byem0yVVBQJWtna1ZTZ1ZdalMuTFQmNjJ1ckYrbVVKcE1zVklXS0VobDg2cXQtR0Q4L3JiOXBXLFA4MzFxXWdkQVRYd3xWYVJQVWpwZFdTSyslJjlsai01L25PaW40ZG5kRGx5cm50NVI9THE5b0NoSmFmWz9UfkZFaVVZUiU2QmUsNzUxc20yYkVXQm1oV0JCXUN+Q1lJQXpBMU9IKzFr'});
addLoadEvent(function(){linktracker_init('17744093',0);});
</script>
Wordpress does not allow users to insert javascript code into pages. The only javascript that should be in your page code should be either code that is part of Wordpress itself or code from widgets that they approve and make available to users.
In other words, unless this is some feature you selected from some menu, preapproved by Wordpress, then Wordpress had to have added it without you knowing, or Wordpress itself got hacked (not just your site) and someone has inserted it into their wordpress code that is being used on all sites they host.-app103 (December 21, 2010, 09:32 AM)
Just took a quick look at a number of different blogs hosted at wordpress.com. They all have this code at the bottom of every page, including this rather famous blog (http://lorelle.wordpress.com/).-app103 (December 21, 2010, 09:46 AM)
Just took a quick look at a number of different blogs hosted at wordpress.com. They all have this code at the bottom of every page, including this rather famous blog (http://lorelle.wordpress.com/).-app103 (December 21, 2010, 09:46 AM)
That simply stinks of WP being hacked. I can't see them being dirty as they have a good name.-Renegade (December 21, 2010, 10:33 AM)
"Lorelle has contacted WordPress.com as requested details on this
issue and will get back to me. Until we hear directly from
WordPress.com, Lorelle has told me that she thinks this is just code
debugging and WordPress.com working with that service for surveys or
tracking, a non-offensive bit of code."
This was the WP response I got:Hi,
...
Regards,
James | Happiness Engineer | WordPress.com and IntenseDebate-Renegade (December 21, 2010, 09:23 AM)
Hi,
You're absolutely right, I'm sorry about that!
We use comScore for internal analytics, and Scorecard Research appears to be one of their things.
At some point, probably very recently since you're the only one to have reported this so far, they changed their terms of service to allow themselves to "serve short surveys" to our users.
Fortunately, they have provided us with an opt-out, and we're currently in the process of doing just that.
We truly apologize for this inconvenience and thank you for reporting this to us!
James | Happiness Engineer | WordPress.com and IntenseDebate
Looks like this is "legal hacking"...
Got another response from Wordpress:Hi,
We truly apologize for this inconvenience and thank you for reporting this to us!
James | Happiness Engineer | WordPress.com and IntenseDebate
Ahem... In short, Scorecard screwed Wordpress by changing their agreement. You know who does that? Darth Vader. That's who! What total douches...-Renegade (December 21, 2010, 08:06 PM)
I checked and the code is gone. Looks like they've gotten rid of it.-Renegade (December 21, 2010, 09:00 PM)
Post their screw up to Lorelle. If she screams may be higher powers tell the happy engineers to read and understand notes from 3rd party suppliers, like change of TOS.-Bamse (December 21, 2010, 09:32 PM)
I checked and the code is gone. Looks like they've gotten rid of it.-Renegade (December 21, 2010, 09:00 PM)
I checked and the code is gone. Looks like they've gotten rid of it.-Renegade (December 21, 2010, 09:00 PM)
Nope, it's still there on your site as well as all other Wordpress.com blogs. They have not removed it at all.-app103 (December 22, 2010, 01:49 AM)
The new warning triggers when the search engine finds a website where parts or all of it are not under control of the site’s owner.says Google so I guess this site or injection does qualify - as does every Google ads ;)
If it uses JavaScript, can't you code something up that erases the variables/object used by it? As I understand it, that's one of the major weaknesses of JS, there isn't a way to make objects/variables that can't be accessed by any other JS code on the site.-Deozaan (December 22, 2010, 08:45 AM)
If it uses JavaScript, can't you code something up that erases the variables/object used by it? As I understand it, that's one of the major weaknesses of JS, there isn't a way to make objects/variables that can't be accessed by any other JS code on the site.-Deozaan (December 22, 2010, 08:45 AM)
Wordpress.com doesn't allow users to use any code outside basic HTML, CSS, and approved preinstalled scripts (in the form of widgets)...so how do you propose this be done without using any javascript?-app103 (December 22, 2010, 12:52 PM)