Over the weekend I received a MyBlogLog phishing email asking me to add someone I have never heard of as a co-author. While I deleted the email right away it seems the idea has worked. The spammer has attached their website to a lot of popular bloggers communities. More from John Chow
This morning, while I was checking my MyBlogLog community, I noticed that another site has mysteriously appeared on the list of sites and blog I author.
Bad enough? It gets worse, you don’t even need to phish!
Normally, in order to add a co-author to your blog the co-author has to approve you via an email link. One might think there would be a hidden security code in that link? Guess again! In order to add anyone as a co-author of any blog all you need to know is two things: 1) The blog ID 2) The member ID The first think you do is make a normal co-author request. Since you know they will never actually approve it you make up your own approval code instead.
I think there has been enough of this now that I am considering saying goodbye to MyBlogLog on my personal blog. I’m definitely not having it on here. It doesn’t offer any value that I can tell and in fact is now threatening to actually cause many bloggers problems.
If you want to have community-boosting features on your blog, best to stick to those under your own control.