- 22
- Jan
I recently was fixing up my blog to begin using it again, and one of the tweaks I wanted to add was a Digg Vote button on every blog post. After a little searching I found Digg This by Aviran Mordo. Great! I installed it and went on my way.
However about two hours later my email box was flooded with messages saying “Your post XYZ was dugg!”. My thoughts went chronologically somethings like this: “Nice!”.. “Uh oh, the digg effect”.. “Wait, that can’t be possible.”
I looked into it and, realized all the Digg buttons that popped up on all my posts were to someone else’s Digg story! Being a programmer myself, I dove into the source code to see what could have happened. It turned out, Digg This, while a great plugin, had some major security flaws” namely blindly assuming the referrer wasn’t spoofed by a hacker or spammer (as in the case that hit me).
I immediately began hacking the script apart, hardening the security behind it, as well as fixing a few other bugs I found. If the script received word (via a referrer) that the post was Dugg, my patched version doesn’t just assume that is accurate- it actually goes to digg.com and reads the story itself, checking if your link is actually the target of a story. If not, it blocks the hacking/spam attempt.
Essentially, what a very clever spammer did, was search for blogs with that plugin installed (not hard; it’s very popular), and sent fake hits to every post in your blog, forging the referrer to look like it came from a Digg article. Only instead of your article, they linked to theirs, causing a Digg button promoting their story to appear on every one of your blog posts! So if one of your visitors liked your article, and clicked the Digg button, they are actually benefited from the vote, not you!
My version is working great on my blog now. I called my updated, patched version Digg That, and you can download it from my Digg That - WordPress Plugin page.
There are a lot of WordPress blogs out there with a vulnerable Digg Vote button on them, let’s spread the word!
January 23rd, 2007 at 1:16 am
Great work, Harry.
I’m going to fix mine ASAP.
I have another problem (not related, I think). On articles that I don’t submit to Digg, they are given a digg button anyway from some other post of mine. Any thoughts?
January 23rd, 2007 at 1:24 am
Mickey, is that on Digg This or Digg That?
January 23rd, 2007 at 10:36 am
I was just remarking about this that there was a bug, as my digg counter started going up for the Wikipedia NoFollow Plugin for the post I made with examples of it working.
It was linking through to the original story too
I will link through to here with some juice from the same article.
Digged
January 23rd, 2007 at 11:26 am
[...] Lol, ok so the “Digg This Plugin” is seriously screwed. I link through to a Digg I made for the original blog post, and the original author - in the comments I posted a link to here as an example of it working. Digg this now thinks I have votes for this post, and the button actually seems to link through to the digg on someone elses blog. Weird… Someone has created a more secure “Digg This” plugin called “Digg That”, which apparently cures the problem, I will give it a try. [...]
January 24th, 2007 at 12:16 pm
Digg This plugin just got a security update. The problem is now fixed
January 24th, 2007 at 11:48 pm
Nice find. For my plugin, I use CURL instead of file_get_contents. I’ve never got Digg-spam once. Perhaps I’ll make the plugin use file_get_contents if CURL isn’t available, or is CURL slower than it?
January 24th, 2007 at 11:49 pm
Sorry, forgot to close the tag. Could you fix the previous comment for me please?
February 5th, 2007 at 4:19 am
I can’t seem to get the plugin to work on my wordpress. It doesnt show up in the plugin directory at all.
February 5th, 2007 at 9:30 am
xFilthyxJesusx, what version of wordpress are you using? Also, did you save the file as .php (instead of .phps, as it is when you download it)?
March 27th, 2007 at 9:01 am
Yes, I’ve got the same problem as xFilthyxJesusx. I saved the file as .php, checked the content was corrent and ok, then uploaded it and entered “,”",false); ?> in my index.php and single.php. Now I have an article (the last one, when writing this) that is on Digg.com, but nothing appears. No digg counts or nothing. I’ve tried to remove the false statement and then the submit picture appears like if the story wouldn’t be on Digg already. Can you help me?
March 27th, 2007 at 9:03 am
Sorry for the dobbelpost, but it seems like the input code has disappeared from the comment. But you probably know which code I am talking about. The one from the bottom of Digg That page. And also, the WordPress version I am using is 2.1. Thanks!
April 27th, 2007 at 10:44 am
I added the plug-in (just on the single post page) and submitted a couple of stories to digg …
… unfortunately the count doesn’t seem to work, I just get the little grey man.
Any advice?
April 27th, 2007 at 3:59 pm
Roger, do you have a link I can take a look at?
August 21st, 2007 at 12:54 pm
great article
August 22nd, 2007 at 8:10 am
I am using digg and find it fast and reliable.
September 7th, 2007 at 7:12 pm
Very interesting article, thank you
September 11th, 2007 at 11:44 pm
Thanks for your information.. I am going to update mine on my Squidoo site. thanks
September 12th, 2007 at 7:37 am
2Ankur:
Tnx for this plugin.
October 19th, 2007 at 11:40 pm
I do have digg and I got a lot of social bookmarking site. Anyway is that a Digg That installer?. Anyway can we just install it to our blogs and if someone digg our article it would link in our site already?. Anyway for this I will stumble your site and digg your blog as well. Thank you for this information.
October 22nd, 2007 at 8:47 am
thanks for the update and the information. ill blog it too!
November 5th, 2007 at 11:52 am
[...] read more | digg story [...]
November 26th, 2007 at 2:21 pm
cqkgjytmwg cqkgjytmwg cqkgjytmwgcqkgjytmwg
cqkgjytmwgcqkgjytmwgcqkgjytmwg cqkgjytmwg
November 27th, 2007 at 11:12 am
Hi, hello, privet
toyota partsw t
December 15th, 2007 at 8:06 am
very interesting, but I don’t agree with you
Idetrorce
February 11th, 2008 at 6:28 am
Hi all. Cool site Google
Thank.
February 24th, 2008 at 8:04 pm
I am necessary wish to find
March 3rd, 2008 at 10:26 am
Í have the Digg module on my blogs, so thanks for this tip… I’ll go implement. Remember, It’s all in “speed of implementation”!
April 1st, 2008 at 4:58 am
Good job , thank you very much
April 22nd, 2008 at 3:16 am
permitting myself to experience a sickening sense of disappointment where can i find free lesbian movies Ingram was a genius, but she was self conscious remarkably self kuyftjupzqk
April 23rd, 2008 at 4:59 pm
>
>
>
>
April 25th, 2008 at 2:32 am
I put my step in to your guestbook like I always
April 25th, 2008 at 2:33 am
Hallo thank you for a lovely web site I enjoyed
April 25th, 2008 at 7:47 am
This site is put together well!
April 25th, 2008 at 6:16 pm
Super Informationen verpackt in einem tollen Design.
April 27th, 2008 at 8:53 am
de, - Sunday, February 22, 2004 at 11:47:29 (PST)
April 27th, 2008 at 8:54 am
Wow! I didn’t know that site was that good!
May 11th, 2008 at 2:12 am
May 14th, 2008 at 2:53 am
Hello my friends
May 18th, 2008 at 8:49 am
Intern program for more details check out…
[url=http://www.onlinebusinessinternprogram.com/] Intern Program[/url]
May 19th, 2008 at 7:11 am
good news
thank you
May 19th, 2008 at 7:12 am
good blogs
thanks
June 25th, 2008 at 10:39 pm
Just chill on and enhance your libido for sure success.
http://www.libido-enhancers.com
July 24th, 2008 at 5:37 am
Thanks for the great info about that plugin. I’ll help spread the word.
July 24th, 2008 at 12:37 pm
Digg This - Blog Security Vulnerabilities Found
September 16th, 2008 at 2:06 am
Thanks You
September 16th, 2008 at 2:06 am
Thanks