September 20, 2008
-
“Who Owns this Xanga?”
There was a site created that – if you visited it – would send a mass message to your subs and friends with the Subject: “Who Owns this Xanga?”. That’s all that it did; it doesn’t appear to have affected sites in any other way.
We shut it down before it could have much impact. Around 6k Xangans got the message (that’s the number of people who got the message, not the number of people who clicked over to the site).
How did it work? The site took advantage of a security hole in Flash. We’re working to change things so that Flash’s security hole can’t impact any Xanga systems.
Please note: it appears that all this exploit could do is send a mass message from your account. We’re digging deeper to see if it could do anything else, but we’re pretty sure it didn’t. Just to be on the safe side, if you visited that site… you might want to change your password. If you didn’t visit that site or didn’t send a mass message yourself, you have nothing to worry about.
Dan has been working hard all afternoon to shut down this expolit. Thanks to the many users who sent us a heads up!
Comments (110)
hurray!
thanks for working on a Saturday Dan!
Cool. Thanks for all your hard work on our behalf!
Dan you are awsome!!
Good job xanga!
We love you!
even though I did hear this referred to as the xanga apocalypse! lol, it wasn’t THAT devastating!
How strange. Thanks for your quick work!
You guys are awesome!
yay no more getting hacked
On the ball as usual. Thanks for the heads up.
AWWWWWWWWWWWWSOME!!!! Thanks Xanga
Thanks for taking care of this, guys! I got three of the same message (and can I just say that your grammar is better than the person who created that site/mass message–the message was titled “Who Own this Site?”), but I didn’t visit the link.
Major props to Dan for working all afternoon on this!
WOOT DAN!!
john is my hero. and dan, you ‘da man! ~sarina
way to go guys!
Thank you. Has anything been done about the Salmon thing going around sending people instant messages after they post a new weblog?
This is kinda like the Myspace scandal, where the guy had an ‘auto-add’ script in his Heroes section, which, in chain reactions, got him more friends than Tom!
Thanks Dan you the man!!
Thanks Dan!
Cheers xanga!
O noez
This makes me happy.
Uncle Jim
thanks!! but what about a way to delete messages without having to open the message to delete it. maybe you guys could fix that too?
i got it too. thanks for the heads up!
Hmm, how stupid. I didn’t even know that was happening to people. At least it’s fixed
i was expecting more email from Palin’s personal accounts used for government business.
Thanks for fixing it. Xanga rocks!
You guys are great for working so hard to keep everything running well.
I knew you guys would be on top of it! Thank you!
Thank you Dan and John! And thanks to the whole Xanga Team. In my personal experience Xanga is the most user-friendly of the social-networking sites.
And probably Xanga is one of the safer centers too!
Thanks again!
Peace!
David
I did not receive a mass message, but I wanted to thank you for the heads up anyway and for keeping things safe for us Xangans.
Aw, thanks Dan. You always get stuck with this crap on a Saturday. We love you, man.
I promise it’s not my Xanga!
But we love ya, Dan. You rock.
okey dokey
@cApNhOwDy - i was wondering what that was … i just thought it was some nut job sending me random messages… do u know anything about it?
Thanks to Dan! Thanks to the whole team!
Whew. At least all was taken care of with minimal damage. The community really pulled together for this one.
here u go.
You guys got on that pretty quick. Nice job
Today I had a LOT of footprints. The only time I get that many was when I was featured, and since I wasn’t featured I thought I’d better check. I have over 600 footprints from Gigabot. How do I stop this? They are NOTORIOUS for generating spam.
good job guys!
What site is this?
@MyTinyWrist - It’s something that originated over on LiveJournal. I’m not sure what all the details are. But how it works, is that it sends you a message. If you reply to that message, it sends that message to another random person who just updated their blog. So then it causes a whole lot of confusion. I’ve noticed that it only affects users who have their AIM screenname posted publicly on their Xanga site.
thank gawd… and thanks Dan!
Thanks for workin’ on this!
u rock!
Good job Xanga… and thank you Dan.
Great teamwork.
You guys are the best…luckily I didn’t get spammed with it.
Can you change the message system so that we have the choice to delete messages before reading them as well?
Thanks!
thanks.
Good work I guess. Keep it up!
Tweffy
thank you.
Hahaha, I was one of the 6K
thanks xanga!
Thank you Xanga Team for sorting this out so quickly.
There is a new one apparently, Who POwns this Xanga. Check the last mssage that I flagged.
Thanks Dan, You are Awesome
thank you!
Muchas gracias, Dan the Man.
But thankfully I didn’t click on the spammy spam.
(Sounds corny, but whatevah.)
I wondered whether this will be featured on the news (in the technology section)
Thanks.
CM
I got that, and I open it, but there was no link in it, it was an empty email, do I need to change my password as well?
Glad you nipped this one in the butt
@moniet - I got one of those too… I couldn’t figure out whether it was another spam message or only one of my xangafriends being funny.
Thanks Dan & Xanga!
Also, recently there were several Xanga sites set up strictly to advertise vacation properties in France. The owner friended and subscribed to people and asked them to friend and subscribe back. The Xanga sites had nothing by videos of properties for rent/sale/lease in France. Is this legally using Xanga? Just wondering.
Well, somebody has been going around sending spam about my profile pic. The username is amanda0808. Please do us a favor and shut it down.
I got the message “Who Owns This Xanga” but am not stupid enough to check it out. I know spammers and hackers. My site was hacked once before and my blogs were deleted. Do your work and get rid of these spammers/hackers/freakzoids/cloned monkeys
Just a suggestion,
I know each website and blog host likes to be different, but think you should make a module like Blogger has for “Blog Archive”, where it organizes your blogs according to year and month, and it lists the title of your post. I think that is a much more organized way to show recent blogs, etc.
(:
I got the message like 4 times I think. Thank you for your work on this guys!!!!
Thanks, guys!
Great job!
Thanks for solving the problem. :]
@fullmetalbunny - Yeah, I mentioned it so they can look into it just in case. Sometimes things are just not THAT funny.
So this means that I can open and delete said message?
@explosive -
2. My guess on the second one is that you might be leaving the footprints yourself. Since your going to your own site won’t be recorded by the daily footprint log, these footprints are somehow still recorded sometimes and show up the only way they can… as a addition to the weekly number of footprints you have. Honestly, I know nothing about computers and this is just a theory but it happens to all of us. You pretty much learn to disregard it after a while.
4. That’s where footprints come in. It should tell you what part of your site was visited.
Hope that helps you and gives the team a little less to repond to.
could we have some of those check boxes? it would save a lot of time if we didn’t have to open up each message individually =/
*duh, duh, duh* Another one bites the dust.
Good job, Xanga.
Thanks Dan.
Thanks Dan. You rock.
there’s always someone up to no good. at least the xanga team was able to come to the rescue.. hehe.. tx for the update.
I did visit the site…but was smart and signed out before I went there. Thanks for taking care of this! All of your hard work is appreciated.
gluck
Keep up the good work!
I got it too! Luckily, I didn’t open the message entitled “Who Owns this Xanga?”. Thanks, Xanga Team!
I got a few of these messages during Saturday night.
Hopefully no-one else will cause trouble with Xanga again. At least The Xanga Team comes to the rescue to sort the problem out.
I have been meaning to ask, would it be possible to add a feature that allows us to delete a message without opening it? I’m on of those ocd people that must have everything empty or it drives me nuts. Now I have one of those messages just sitting there and it drives me insane!
Dan is my hero.
Yayyyy!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!♥♥♥♥!♥♥♥ lol ya the deleting messeges thing would be cool when you guys have da time-please and thank you ^_^
Thanks for all the work y’all do.
thanks dan… read your post before i got the message! *hug* luv u! <3 =D
@k8tthelate - right on! =D couldn’t find it either (~_^)
Aww you guys are so good to us. *Hugs!*
Thanks Dan for all the hard work to keep us Xangans free from breaches!
Thanks for taking care of it so quickly
thank you
Thanks.
Hi Xanga! Are U jus started this web, congratulation. I was jus invited by friend here. Care to bring me around.
awesome job!!
I got that message from a couple people on my old site, and it freaked me out so I made a new account.
yay…?
Great Article!!!God Bless!!!
???
i didn’t even know about this, but thanks for taking care of it right away!! you guys are great =]
<3
”’
this site is awesome … keep up the good work …♥
This levely 4 me
..your so cool dan!.
i never got any