Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the oxygen domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/thorschrock.com/test/wp-includes/functions.php on line 6131
Text Link Ads Exploit Allows You To Sell Ads in Unpublished WordPress Drafts - Small Business Consulting - Peanuts to Profits With Thor Schrock

Thor Schrock

From Peanuts to Profits

Text Link Ads Exploit Allows You To Sell Ads in Unpublished WordPress Drafts

$100 In Free Links From Text Link Ads!One of the throw away blogs I maintain runs Text Link Ads and generates about $100 a month for me. A few days back I was writing a post for that blog when I was interrupted by my two year old son. I clicked Save and diverted my attention.

I returned to the post a few minutes later and found that I had received a new email.  It was an advertisement alert from TExt Link Ads telling me a new ad was sold on one of my posts.

I noticed that the link in their email was structured funny.  I use keywords in my post page names, but the TLA email said an ad was placed on http://www.URLNAMEHERE.com/?p863.

That didn't make any sense.  I double checked to make sure I didn't accidentally publish the post instead of saving it, and sure enough it was in my drafts folder.

This means that Text Link Ads lists unpublished drafts from your WordPress blog in the inventory they sell to their advertisers.  The exploit potential here for gaming the Text Link Ads system is huge.

I am not in the business of screwing over advertisers or advertising networks, but there are plenty of people out there who are.  Just look at the made for AdSense blog phenomenon.

Is the Exploit Scalable?

Imagine if some of the larger MFA players got their blogs into the TLA system and exploited this vulnerability.  It would add up fast for some quick money.  Many people don't run Text Link Ads on their primary blogs because of the fear of a Google penalty for selling text links.  MFA blogs have already been slapped in most cases, and with Google now allowing visitors to opt out of seeing their ads and restricting the clickable areas within them, these automated content farms are just looking for another way to cash in.

How to Execute the Exploit

The exploit is simple and is actually automated by the TLA's own plugin.

  1. Sign up for a Text Link Ads account with your highest ranking PR website.  Get approved, and then add all of your other websites added to the approved account.
  2. Once your blogs are approved, load up your drafts folder with fake posts that are loaded with sought after keywords and phrases (like Viagra, insurance, SEO, etc..)
  3. Wait a couple of days for all of your posts to get into TLA's inventory and watch the money roll in.  The ad that was sold on my throw away blog was $5.70 a month for a single word that had not even been published!

Google won't get on your case as long as you never publish the fake posts.  In the wild of the Internet the posts do not exist.  But to TLA and their advertisers, the words are bought and paid for.

This is obviously something that undermines the TLA system, and I have notifed MediaWhiz (TLA's parent company) about the exploit.  Whether they patch it or not is a completely diferent story.

UPDATE 8-19-08

Text Link Ads has emailed me to let me know the exploit has been patched.

Leave a Reply

© Copyright
 Thor Schrock