back to article sends visitors to porn link farm

Visitors to, the O'Reilly Media-owned resource, were redirected yesterday (Thursday) to a link farm pushing porn sites. Geeks who hit the site were sent to grepblogs-dot-net, a site that offers links to live adult webcams, erotic blogs and adult erotic fiction, among other things. Closing the Internet Explorer browser …


This topic is closed for new posts.
  1. Anonymous Coward

    They attacked the wrong crowd.

    Is there a list of the porn sites responsible? Give us that list and we'll DDoS the fucking bastards off the web!

  2. This post has been deleted by its author

  3. yeah, right.

    Nice to have a (relatively) safer browser.

    I use Firefox/Adblock/Noscript, which might be why I never noticed anything when I went visiting on Thursday. Of course, I might have just missed the time they were redirecting people. Was it a good porn site?

    [half-arsed plug mode]

    However, I've noticed that a lot of "problems" that other people have don't seen to affect those who use this browser combination. Having doubleclick.* mapped to also helps. I also don't tend to see advertising unless it's unobtrusive and well done (something that anyone using doubleclick seems incapable of), and I certainly don't let just any javascript run on my browser. has so far resisted making javascript mandatory to visit their site, for which I thank them.

    Various clients have commented on this easier browsing on several occasions, especially when I switch them from MSIE or Safari to this combination. Every so often they go back to their old browser and are shocked with what they used to put up with. Firefox is getting more and more bloated and buggy with each release, and their bookmark manager sucks farts from dead goats (in 3.0 beta as well damnit), and I'm not saying it any more or less "secure" than other browsers, but my experience is that the Firefox/Adblock/Noscript combination certainly makes browsing a lot more user friendly.

    I still missed out on the porn site though.

  4. Alan Donaly

    adserver and domain squatting

    The same old shit banner is served by off site company, domain is sold to porn site, porn site ends up where it doesn't belong for a few days. @BKB what does this have to do with Perl at all, try to understand what happened it may happen to you some day. BTW was the porn any good it's just that you know a porn link site might not be the last thing on earth a Perl programmer was looking for just a thought this might be good targeted advertising.

  5. Anonymous Coward

    Oh dear, that was a mistake

    Well that's a shed load of porn sites about to be erased from the net then. Honestly, you don't fuck with the type of lads and lassie using those sites. They are a 100,000 strong vigilante gang, they are tooled up with DDoS nukes and they just might not have anything better to do right now.

    If only we could harness their powers for good......

  6. Anonymous Coward
    Anonymous Coward

    @ BKB

    So the fact that someone else's javascript that pulls content from a third party site, continues to pull content from that same site after the site changed hands, means that Perl is somehow unsafe or insecure ?

    Even though perl the language itself has nothing to do with it ?

    I think you have another agenda.

  7. Anonymous Coward
    Anonymous Coward

    re: BKB

    I've never seen Perl claim to be the securest form of web programming. Neither has this incident reflected on the security of Perl as a language for anyone who understands what happened.

  8. Jon

    @yeah, right re. Firefox bookmarks

    I found that the "Flat bookmark editing" add-on improved the bookmark manager a lot. Try it:

  9. Edward Pearson

    Do none of you RTFA?

    "Considering Perl's claim to be the securest form of web programming, this incident doesn't make them look good. Incidentally Google's cache of still contains the grepblogs stuff at the time of posting this."

    Ok, I've never heard perl refered to as the "securest form of web programming". However, this has NOTHING to do with Perl, It was just a cock up by the admins not keeping track of who adertised on the site.

    "Is there a list of the porn sites responsible? Give us that list and we'll DDoS the fucking bastards off the web!"

    Woah there, take a few deep breaths. This isn't a targetted attack its just a typosquatter (Who are a real problem, we'll run out of domain names if they don't change the way the system works) who got lucky.

  10. Anonymous Coward
    Paris Hilton

    2 comments, one at By yeah, right, one at the author

    1) @ Dan Goodin:


    Perl is a popular program among sysadmins, web developers and network programmers. It borrows liberally from languages including C, shell scripting and AWK.

    ----end quote----

    uh was this really necessary? Felt like I was reading an article at cnet. At least you could've thrown [ed we probably should tell them what Perl is] or something so it doesn't look like you think that the average Reg reader needs to know what Perl is.

    2) @ By yeah, right

    Um, so the way you browse, you couldn't use google maps? You almost had me convinced, but sorry can't limit my browsing that much.

    Paris icon because she does know what a Perl Necklace is.

  11. Anonymous Coward
    Dead Vulture

    RE: Wrong Crowd

    Be careful. At least, here in NY, the Russian Mob controls most of the porn/sex stuff.

    Nasty bunch. They know more about DDoS than just about anyone. They also have novel ways of using common garden tools...

  12. Steve Welsh


    As I recall PERL stands for Pathologically Eclectic Rubbish Lister!!

  13. Jolyon Ralph

    What I found amusing

    ... was that the ads on were being served by a PHP application (phpAdsNew)

    Did some more digging about this late last night and it looks like (when you look at google caches) that the original owners of ( were trying to sell the domain, and either sold it or just let it expire.

    So the big question is has anyone talked to about the incident?


  14. Alex Forbes

    If you're not happy with FireFox, use Opera.

    ..."Firefox is getting more and more bloated and buggy with each release, and their bookmark manager sucks farts from dead goats (in 3.0 beta as well damnit)"...

    So use Opera. No need to download all these sodding "extensions" to do simple things like blocking ads or JavaScript or iframes etc. etc. either for a site or globally - Its all inbuilt in opera, aloung with ither useful features likes notes, the ability to apply a custom CSS style to a page and a zoom function which actually *works* (allows you to zoom images and controls too, not just text).

    Pity so few people use it - personally I've always rated Opera far above the likes of IE, FireFox (which is by no means bad, but I preferred "Phoenix" when it existed) and Safari.

    Such is life.

    (*Dons fire-retardant clothing and makes a hasty exit* I'm smelling the flames spouting from the nostrils of the hording fanboys already)

  15. BitTwister


    Your view might seem less ridiculous if you'd only scuttle off and read the article but I suspect you've already tried - so instead, just scuttle off and learn to read.

  16. J

    Re: They attacked the wrong crowd.

    Well, do it right then; don't get caught. Otherwise, THEY sue you and YOU end up paying tens of thousands of $$ and some jail time...

  17. This post has been deleted by its author

  18. Mike Lovell


    "Honestly, you don't fuck with the type of lads and lassie using those sites."


    - "Oooh, the Perl guys are mad at me... I'm so scared! Oooooh, the Germans... Uh oh..."

    - "'Stop it, Burns"

    - "The Perl guys are coming after me... Oh, don't let the Perl guys come after me... Oh, the Perl guys are coming after me... No, they're so big and strong... Protect me from the Perl guys! The Perl guys!"

  19. Steve P

    Re: RTFM

    Taint checks are a optional feature of Perl. If you weren't so intent on taking the quote out of context, you might have noticed that even if they were being used, it wouldn't have helped in this case.

    Though, from the second paragraph, I suspect even if had been running on IIS, written in C# talking to a SQL Server back end, you'd still say it was somehow the Perl community's fault.

  20. iain


    Logic isn't your strong point, is it mate?

    1. is run by O'Reilly, not Larry Wall or Perl (whomever that is? Do you know C# personally as well?!)

    2. Taint mode prevents a script writing to disk - nothing to do with 3rd party Javascript redirects.

    3. This was a network problem, not a programming error. Heard of DNS and domain purchasing? The world wide web??

    4. Perl hasn't got anyone's money, it's open source. It's not a bank, and why would a bank run 3rd party adverts? Should get you to log in to see the home page as well?? Perhaps all websites should all add in extra security because they're not banks too...

    Hope that helps clear things up for you.

  21. dotfnord

    This has nasty implications

    If it turns out that grepblogs had expired and then been registered by the pr0n industry, we could see others re-registering a domain name of an expiring site that feeds other sites banner ads or other material like javascript. More bang for your buck. What if the material contains a virus, or a keylogger, or creates a botnet? Why have one compromised site when you can have hundreds or thousands for the same work and cost? Online software is replacing home/work based software at an increasing rate, this could turn out badly.

    I first wrote about expiring names being used by the pr0n industry back in 2001 (if interested go to and type 'xxx-piring' in the search box at bottom of home page). I brought this to the attention of ICANN's then Chair Vint Cerf and then CEO M. Stuart Lynn and the DNSO-GA. Nothing has changed in the meantime except for the worse. I'm not a purist who says retire expired names forever, but an expired name could and should be washed by keeping it out of circulation for six months and then release it through a randomizer set for +/- 10 days. Dropped telephone numbers aren't immediately reassigned, they are washed for a few months so as not to cause chaos, which is what we have here. The registrars/registries/ICANN want the money NOW. -g

  22. This post has been deleted by its author

  23. yeah, right.

    Way off topic: @ Alex Forbes

    Last I checked Opera (admittedly a long time ago) they were pathologically opposed to decent ad blocking. Have they changed their tune?

    Guess I'll have to get the latest version now and take it for a spin. If they have decent (as in easily managed and unobtrusive) ad blocking and per-site javascript managing then I might jump ship. At least for a little while.

  24. yeah, right.

    Off topic continues: Opera

    Just tried Opera. To say that it sucks doesn't begin to describe it. In 20 minutes, the latest "official, non beta" version has succeeded in crashing twice. This is the same system where Firefox manages to run for days on end. The rest of the time Opera was often (estimate 30%) "unavailable", as in stuck in some busy-wait loop somewhere, usually while I looked at the bookmark manager. Something right dodgy there methinks.

    The bookmark manager isn't any different from Firefox (actually, it looks identical. I wonder who copied whom, and if it really matters?). The Javascript handling is marginal as far as I could see when I could access it. Don't know about the ad blocking, never got that far. Probably won't either.

    Sigh. Back to Firefox.

  25. Glen Silver badge

    re: 2 comments, one at By yeah, right, one at the author

    "Um, so the way you browse, you couldn't use google maps? You almost had me convinced, but sorry can't limit my browsing that much."

    With noscript you can allow scripts to run by domain, or can temp allow scripts by domain for 1 session.

    so add "" (or or whatever) to your allow list and your sorted.


  26. Steve P


    I'm curious - do you distinguish at all between - O'Reilly's site for selling Perl related books and conferences, and the Perl community?

    And, it is possible to write a Perl script to check that one's web page hasn't been hijacked. Of course their page hadn't been hijacked - it was a trusted third party.

    To anticipate your next statement, I'm not sure that it is, in general, possible to prevent scenarios like this. Advertisement brokers tend to require that a site link the scripts etc. directly from the broker's server, essentially bypassing the content provider.

    This is done so the broker can update the scripts whenever they need to, and can help protect against content providers gaming the system.

    However, once they are out of the loop, content providers have little ability to control what is displayed.

    This problem has happened once in approximately 10 years, and yes, it is embarrassing for O'Reilly Media, but I can't really see what could be done within the current model of advertisement serving.

  27. yeah, right.

    (off topic continues) @ Coward re: 2 Comments

    Actually, NoScript allows you to configure what javascript gets run by domain or sub-domain. So I'm not barred the pleasure of using Google maps, because I have the option of allowing javascript along with the pleasure of denying other sites access to my browser in that fashion. It's been incredibly useful these past few years.

  28. Graham Wood

    \@{ grep /\@BKB/}

    Whether the cause of the issue is related to perl or not is irrelevant in the management (and similar) worlds.

    If your company is considering what languages to use for a new website, then the management are likely to type "perl" into google (or similar). Now since they are a company, and not interested in free stuff, they're going to go to the second site that shows up - - rather than, especially with a description of " The Source for Perl -- perl development, conferences".

    Said manager suddenly gets popups of porn. They're either going to say "YAY, go for it!" or they're going to decide to go with a.n.other language.

    So yes, it will reflect badly on "the perl community", regardless of whether that is fair or not.

    PS. Apologies for the bad subject line, it's supposed to almost be perl for "to all the people that posted to BKB".

  29. David Pickering
    Dead Vulture

    html is not code

    its markup - dont force me to find you and slap you into sense

  30. Anonymous Coward
    Anonymous Coward

    re: html is not code

    It's still code. It isn't a programming language, is what you mean.

  31. Anonymous Coward

    Re: html is not code

    As the academics pointedly (and pedantically) state:


    They sure think it's code.

    However, they could probably use some sense slapped into them anyway, so how's Saturday night for you at Oxford? They don't get out much during the weekend, so you'll find most of them at home then.

  32. Anonymous Coward
    Anonymous Coward

    I don't know if perl could check for hijacking

    Although I suspect it could be loosly done why checking for a percentage of changed content against a cached version, but in this instance it certainly would seem possible to disable links based of Whois registration expiration or ownership changes pending administrative review.

    I'm just starting to learn Perl since it was dumped in my lap at work and know nothing of Java. So please excuse any ignorance of Perl or Java on my part.

  33. This post has been deleted by its author

  34. Steve P

    @Graham Wood

    Er. Good point. Thank you Graham.

  35. Scott
    Thumb Up

    In support of BKB

    Your coping a lot of flak but you have a point. As usual a lot of el reg readers are forgetting that not everybody is a knowledgeable as us

    Assume I was just starting out in programming and somebody mentioned PERL to me. I think that sounds interesting so I go to I then get a whole bunch of p0rn links and popups.

    Getting that from an official site isn't going to do much for my opinion of the language.

  36. Mark

    "Perl necklace"

    Obvious perhaps, but absolutely classic. Made my day.

  37. Anonymous Coward
    Paris Hilton

    That PERL emotion

    Or vinager shot (the most sublime experience in human existence), Pearl Jam and the rest - I would have thought that it was an obscure joke. (And yes, when I heard of PERL, I thought Necklace.) - I'm still surprised that no-one else around me has heard of the expression....

    Paris because (you need to ask ?)

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021