Dylan Hunter

Yep, that’s the way for a legitimate site to generate traffic - look for permission vulnerabilities in folks’ blog software, (i.e. Wordpress suggests setting template permissions to 766) and then hack in and insert Javascript re-directs to your site using some domainstat crud.

Another fine thanks and reminder to use Firefox with NoScript, (and to switch permissions back to 755! ). Reloaded my blog, and for the first time got the javascript blog intercept on my own site. Took a look, found the crap, edited it out, switched the permissions back, and up again.

For anyone using Wordpress for your blog software, (and the only reason I’m specifically mentioning Wordpress is that there’s a suggestion on the template page to change permissions to 766) please check your templates for javascript that you didn’t insert, (again, referencing domainstat) delete from all affected templates, save and then switch permissions on those files to 755, and you should again be ok.

Yep, even if we presume that Coolrip is a legitimate site, (don’t know either way) is a good reminder to be _very_ careful of who you engage to get you traffic, and if the acquisition numbers are very low, know that whether you were informed or not, you’re funding tactics like these, including folks hacking into other computers, writing computer viruses on your behalf, etc., and, unfortunately, deserve any and all bad press you might get as a result, if you either didn’t ask, or turned a blind eye to.