Rogue Link showing in “Visitors Clicked”

wordlily · Member · Dec 7, 2009 at 3:45 am
Copy link
I have click-throughs yesterday especially but still a very small number today to the exact same site you listed, bkkquiltgroup. I tried finding my blog in google, and clicking through, but I’m not seeing any ads. I have already look at the ‘possibly related’ content, and I’m pretty sure it’s not that.
raincoaster · Member · Dec 7, 2009 at 3:58 am
Copy link
you didn’t clear your browser cache and cookies before you checked google. Log out and do that, then check.
tellyworth · Staff · Dec 8, 2009 at 12:23 am
Copy link
This is fixed now.

Please contact support staff directly if it happens again:

Contact
hanswolters · Member · Dec 8, 2009 at 8:39 pm
Copy link
It’s not fixed.

xanax-p.tld 4
http://xanax-p.tld 1

I changed the tld so it will not link.

My biggest guess is that there is a big problem with the click widget (maybe some kind of sql injection).
hanswolters · Member · Dec 8, 2009 at 8:51 pm
Copy link
Ok, some more info. The holder of the domains that are spammed here are handled by:

Registrant:
Gregory Manriquez
6303 Raleigh St.
Lubbuck, TX 79414
US

Domain name: NDPARKING.COM

Administrative Contact:
Manriquez, Gregory
6303 Raleigh St.
Lubbuck, TX 79414
US
+1.4159927628
Technical Contact:
Manriquez, Gregory
6303 Raleigh St.
Lubbuck, TX 79414
US
+1.4159927628

Registration Service Provider:
APLUS.NET,
877.275.8763
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.

Registrar of Record: Aplus.net
Record last updated on 13-Nov-2009.
Record expires on 26-Apr-2014.
Record created on 26-Apr-2005.

Domain servers in listed order:
NS2.NAMEDRIVE.COM 64.66.238.254
NS3.NAMEDRIVE.COM 206.130.11.196
NS1.NAMEDRIVE.COM 216.8.176.114

Domain status: ok

Maybe it’s a good idea if you contact these people and tell them to stop this.
designsimply · Member · Dec 8, 2009 at 9:25 pm
Copy link
@hanswolters the xanax-p.tld and xanax-p.tk domains have been reported and should be gone soon. We appreciate your help reporting these. Let us know at http://en.support.wordpress.com/contact/ if you find any more!
hanswolters · Member · Dec 8, 2009 at 9:33 pm
Copy link
@designsimply

Currently I do not see any of the spam links left. Will keep an eye on it.

Thanks,

Hans
justjennifer · Member · Dec 8, 2009 at 9:34 pm
Copy link
@husdal- you don’t have to come in from a search engine anymore to see ads. While I was logged out (cache and cookies dumped), I checked out a post in the “Freshly Pressed” blogs from the WordPress.com landing page and lo and behold there were ads.

/lightbulb
thephilwells · Member · Dec 10, 2009 at 10:14 pm
Copy link
My clicks plugin showed a clickthru to a tinyurl that laid over a narrativepatterns dot com url.

Showed up as tinyurl dot com slash dnyuhpsjfv, and linked at first to a “narrativepatterns” url as described in @hanswolters’s blog:

More WordPress security troubles

and now links to a “z4u2” url that will probably try to sell me insurance:

http://whois.domaintools.com/z4u2.com
tellyworth · Staff · Dec 10, 2009 at 10:16 pm
Copy link
Please don’t post examples on the forum. contact staff directly.
justjennifer · Member · Dec 10, 2009 at 10:43 pm
Copy link
Glad to say that both my primary blogs have had these kinds of links removed from their Dashboard. Thanks for the speedy action.
ninglun · Member · Dec 11, 2009 at 5:18 am
Copy link
Rogue links still happening.
timethief · Member · Dec 11, 2009 at 5:27 am
Copy link
You did the right thing by NOT posting the link
Contact Staff directly http://en.support.wordpress.com/contact/
hanswolters · Member · Dec 11, 2009 at 12:24 pm
Copy link
Posting the link with an altered top level extention is not causing any harm. It’s good for people to be aware of the kind of troubles they might get in to.

No items found.