Thursday, March 13, 2008

Being Cautious with those Widgets

A few days ago my wife greeted me in the morning with a news that her blog is acting strangely. A friend commented that her blog has been popping up ads with some malicious and adult content. So without having a chance to do my morning routine, I sat down in front of our notebook and immediately noticed that there indeed was something strange about her blog. Logging into her blog, it immediately started popping out unwanted ads. I also noticed that there were some ad links that is evident in her blog. Checking it out it, I noticed that those ads were from clicksor. The scary thing is I couldn't remember installing any codes in her blog that would correspond with those ads. You see when it comes to the nitty gritty HTML codes of her blog, my wife normally would ask me to do things for her. So since I did not put any codes there, I suspect either here account was hacked and somebody placed those codes in there.

So I started to to log into her account and read the HTML code of her blog one by one, yup! you read it right, I did analyzed everything line by line. Still, I was not able to see any malicious code that would point me to the culprit.

The next thing I did was, from instinct, started to remove each widget which have its own script. and lo and behold! when I removed the widget responsible in displaying her pagerank, those ads disappeared!

I did it three times (delete & insert the widget) to make sure the ads was really associated with that PR widget. Having isolated the problem I permanently removed it.

Thinking about it, that was a sneaky way for that widget to earn ad bucks from bloggers. The things is as far as I remember, that widget was there ever since my wife's blog was PR3 and it didn't pop up any ads during that time. The ads started to pop up when her PR was increased to PR4.

I can't remember if it was part of their TOS for using their widget. If it was then my bad for not understanding it. Still, even if it was I don't find there strategy amusing, or much less, ethical.

just my two cents.