The fine folks that brought you BlogPress SEO are offering subscriptions for their product, or something along those lines. They are charging $97.00 a month for a single site subscription, and $597.00 a month for a 100 domain subscription. So now they are charging you and installing a backdoor in your site. But wait, there’s more. Who ever updated the page neglected to remove the download link or API key generator.
Looking at the available .zip archive. From the plugin header, the version has been bumped up from 1.4 to 1.5, looks like Joost’s fix still applies, for now. It looks like the original backdoor is gone. However, the part that sends the admin email address on plugin activation is still there. And, he is still authenticating using the admin email address in the flaky function that used to have the backdoor in it.
New to this 1.5 version, other than the original backdoor being removed, a updating function that works off of their own site. They are one step away from working around Joost’s fix. Once they have done that, not only will we lose information on the version distribution, and information on their install base. I would not be surprised if they reintroduce the backdoor after the dust settles a bit.
Looking at the “Active Versions” stats from Joost’s fix to BlogPress SEO is a little frightening. While actual numbers are not available, just percentages, there are still quite a few sub 2.0 users of the plugin. And, there are no active 2.0 installs. This could be a good or bad thing. Either those users got the hint and uninstalled it, or they may have rolled back to a malicious version (which is very bad).
We know 1.4 is malware, and can assume previous versions are as well. I believe version 1.5 is still malicious and should no be used. Finally, there is the 99.9 version number. I wonder where that came from? That’s right, either someone has been tinkering around after reading this post or my prediction was correct.
Tomorrow I will take a much closer look at the “new” version’s code to see if there are any hidden surprises.
-John Havlik
[end of transmission, stay tuned]
Pingback: BlogPress SEO Aftermath? | Mtekk's Crib
Pingback: BlogPress SEO: One Week | mtekk's Crib
Pingback: BlogPress SEO is at it Again | mtekk's Crib | Creative Publishing (Not about Writing or Marketing) | Scoop.it
3 thoughts on “BlogPress SEO is at it Again”
Comments are closed.