Danilo apologizes for writing the 2nd post on AG that hammers REALTOR.com…

in two days and it reminded me that I’m about to hammer into REALTOR.com for the 2nd time in a short-while…  but I dont’ expect to appoligize at the end… 😉

Today’s beef?

The realtor.com team managing their blog platform is acting reckless.

Here’s the background: Last week, I let the realtor.com team know that Trace at BrokerScience had found some prett bad spam was filtering into a feed of their main blog: Let’s Talk.   I know they received my message because I received both notes and calls from the team thanking me. (Trace was not so lucky in terms of getting feedback).   Plus, at some point last week, they removed the spam from all their existing posts.  So far, so good.

Then today, I noticed that two recent posts on their feed are still spewing out spam (to sites selling Viagra, vicodin, tramadol, etc.).   Here’s a screenshot from my reader to give you an idea:

spam links from realtor.com\'s feed

This is a BIG deal because it means that even after the realtor.com blog platform learned that their platform was compremised (i.e. someone had hacked into their system), they kept the site up in a compremised mode that allowed those same hackers to return and insert more spam links into their posts.

Here’s some more background on this particular hack.   In the past 6 months, I’ve seen two other blogs have this SAME issue and each time I’ve written a personal note to the host.  Yet, I’ve purposefully never blogged about any of these sites getting hacked because I’m afraid that some people will mistakenly blame the WordPress platform.  The reality is that in every case the host had not upgrade to the latest stable version of the software and when they did upgrade, the problem went away.

I honestly don’t have a problem with a host that is running an old version of the software and gets hacked as a result (Been there and learned from that).  What frustrates me in this case is that the realtor.com team knew their site was hacked, but rather than upgrade to the latest version of the software, they left a compromised site live.   That’s just reckless… especially since there are more than a few ways to automate the process