Thanks to Todd for alerting me that a low life spammer was exploiting Feed2JS to redirect feed links to their product site. It was clever, coy, and annoying all in one package.

The spammer was generating a feed that had embedded javascript in the channel->description field of the feed, and when rendered via Feed2JS with the HTML option, it actually was able to redirect a browser using the embedded Feed2JS code to redirect and go to another site. They are getting away to it, since the links are to numerous Feed2JS sites around- so and thus appear as legitiamte links when really they all serve to point to the spammers nest.

Specifically affected, are Feed2JS installed at:

* http://feed2js.org/ (which is DOA, someone please rap the knuckles of my former Maricopa colleagues, and ask them to check the darn XServe, hello?)
* http://www.library.yale.edu/feed/
* http://basw.co.uk/feed2js/
* http://alabelmizik.com/newhnr/newsfeed/
* http://coetechcenter.wichita.edu/feed/
* http://www.sleepmonsters.us/feed/
* http://www.asturblog.com/rss/feed2js/
* http://www.hellblazer.com/feed/
* http://franklin.tbo.net/feed2js/

If any of these are your sites, you may want to get an updated version of Feed2JS. I’ve made a quick code adjustment that disables the script insertions this spammer used, and is now available from the primary Feed2JS site at http://feed2js.org/index.php?s=download, or email me and I can send the one line of code that is updated.

It’s sad and pathetic that these sub human life forms waste my time picking up their cockroach poop piles. I did notice that the site the spammer redirects to uses Google Analytics, and I have forwarded full documentation to Google in the hopes their page rank and use of Google technology is flushed down the sewer.

I am rather sickened that this code I launched in the name of sharing is used for selfish pursuits, and also regret I have not had enough time to tend to its upkeep…. and worse that a lot of pages are still hanging on to the old Maricopa site which is out of commission.

The post "Spam Redirection Embedded in Feeds" was originally cracked open and scrambled from a rotten egg at CogDogBlog (http://cogdogblog.com/2006/08/spam-redirection-embedded-in-feeds/) on August 30, 2006.

4 Comments

  • Stephen Downes downes.ca

    Yeah. It was crap like this that caused me to close my referrer service.

  • Emily Horning

    Thanks for the heads-up. We’ll take care of the Yale library one.

  • Quentin D'Souza teachinghacks.com

    Thanks for this code update. It is much appreciated!

  • […] Since my original post about feed2js spam, a couple of complementary solutions appeared. Alan fixed the code to strip <script> tags in the HTML output. I believe that’s only part of the solution, however, since the links to the spam site are still in the HTML and google will interpret your site as actually linking to the spam site, thus increasing its rank. Earl from the U of Saskatchewan provided a diff that will address this issue by adding the rel=nofollow to link tags, causing google not to follow those links. The diff is provided here, untested by me: […]