Scorecard Research Survey (NSFW) - Ed. Wordpress hacked?

[Bamse]

But not really the point of paying for a wordpress.com premium account? - if I understand that deal correctly. They take care of everything. Ease of use for those with no time or ability to find possibly shady host them self. Someone needs a spanking at WP. Matter of having a policy about how to handle all those TOS agreements. On wordpress.org they are pretty strict with reviewing themes but plugins seems to be approved fast and without much QA. Priorities rule the world but can be changed. Cloud is safe if taken care of

On related note Google now warns about infected sites http://blogs.techrep...com/security/?p=4884 Not sure this problem qualifies but if security on computers is so so it is non existing when air borne. Many admins, high and low, are ???? about security/malware/spam problems.

The new warning triggers when the search engine finds a website where parts or all of it are not under control of the site’s owner.

says Google so I guess this site or injection does qualify - as does every Google ads

[app103]

If it uses JavaScript, can't you code something up that erases the variables/object used by it? As I understand it, that's one of the major weaknesses of JS, there isn't a way to make objects/variables that can't be accessed by any other JS code on the site.

-Deozaan (December 22, 2010, 08:45 AM)

Wordpress.com doesn't allow users to use any code outside basic HTML, CSS, and approved preinstalled scripts (in the form of widgets)...so how do you propose this be done without using any javascript?

[Deozaan]

If it uses JavaScript, can't you code something up that erases the variables/object used by it? As I understand it, that's one of the major weaknesses of JS, there isn't a way to make objects/variables that can't be accessed by any other JS code on the site.

-Deozaan (December 22, 2010, 08:45 AM)

Wordpress.com doesn't allow users to use any code outside basic HTML, CSS, and approved preinstalled scripts (in the form of widgets)...so how do you propose this be done without using any javascript?

-app103 (December 22, 2010, 12:52 PM)

I didn't realize the site was entirely run by WordPress.com as opposed to just using WordPress(.org) software.

But I suppose it was made pretty clear in the first post. Reading comprehension FTW. 

[Renegade]

There's really nothing that can be done as it is happening server-side. (I crapped myself when I read the first email thinking that my machine may have been compromised. It was a relief when I found out it wasn't.)

If you found an exploit for Wordpress, then you might be able to do something about it depending on the severity. But in all likelihood, you could only do it for a site that you control, and not for all Wordpress sites, which makes fixing the problem illegal irrespective of the scope, so why risk jail to fix the problem just for yourself?

[Renegade]

Follow-up:

Well, this is still in the code:

<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>

But I've not had any drop in surveys since.

So, the company seems to be still employed with WordPress, but they've put a stop to their little shenanigans.