Posted on

Who Would Hack WritersCafe.org?

This may sound a bit random, but besides working on this blog, I’m an avid writer of poetry (and sometimes prose).

One of the sites I was writing on with regularity for a while was WritersCafe.org, which is known for poetry, stories, and occasionally articles and blog posts.  Nonetheless, I hadn’t used it for some time, and decided to log into it yesterday.

Immediately, I noticed something was off. The site has a news feed (much like Facebook or other social media sites), on which people post new poems, etc.  Often, when I tried to click on one of the new poems, I would be redirected to another site with intrusive ads on it (or worse).

Beyond that, however, I noticed other strange things.  The news feed usually announces new poems and stories that people have posted, or new members that have joined.  While looking through the feed, there appeared to be a number of fake “people” that had “joined” the site (kind of like spam profiles on Facebook or Tinder).  Some of them even featured partial nudity in the profile photos (which is uncommon):

 

WC_spam_profile2

I would not suggest clicking the “Download” button.

 

WC_spam_profile1

I must be your friend?  I think I’ll pass.

Also, some of these so-called “profiles” were posting fake “poems” that were also spam ads:

WC_spam_poem

According to my research, these ads were served by Revdepo.com, which is used by the RevenueHits ad network.  Specifically, the malicious site was cdn1.srv.revdepo.com (please don’t click that link; it’s a pain in the ass.)  If you accidentally (or purposely) clicked the links on some of these pages, you would be redirected to a site connected with that ad network in some way.

It seems to be a form of adware which, while annoying, isn’t going to be stealing my bank credentials or sending SWAT teams to my house (in theory).

Another oddity: WritersCafe.org does normally have banner ads, but generally they use something like Google AdSense.  Be that as it may, even the normal Google Ads appeared to have been hijacked.

 

google_ad_hijacked

Overall, it wasn’t a big deal, and I was actually able to block most of the adware with some of the plugins I’ve reviewed in previous posts (like Privacy Badger and Adblock Fast)!

It does, however, make me wonder what other sites have been hijacked by this particular form of adware.  And it also makes me wary, because I know that there are much worse forms of malware out there.

I’ll say this – if you’re a webmaster of any sort, keep an eye out for this adware (and other, more malicious types).  It’s not the most harmful one by any means, but it’s a real pain in the ass for your visitors!!

Hey, at least this wasn’t CSI: Cyber; then there might be two codes on top of each other!

 

 

 

 

Advertisements

About secretsofthedark

Have you heard of the dark web? Simply put, it's the "hidden internet" built on networks like Tor. "Secrets of the Dark" chronicles my dark web experiences, but is also aimed at demythologizing it and teaching about it. Want to reproduce one of the "horror stories"? Contact me at ciphas@protonmail.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s