Issue a Release, Have Sex with a Dog, Call a Reporter, Fornicate with a 12-year-old…
NSFW warning for wording.
Some things don’t mix.
Lemonade and Tuna fish. Yeah, more than one person in my office today agrees that no, those two don’t mix.
I’d also add that bestiality and PR don’t mix. Neither do sex with underage children and press releases.
Why do I bring up this lovely topic on a random Thursday?
A few nights ago, someone asked me if I knew a certain person in PR. I responded that I did. He then asked what I thought of him. I said basically, I thought he was good at what he did.
This someone then told me, "when you get a second, go to his website, and click on "view source," or select all and paste everything pastable into a notepad, and look at the bottom.
Which I did.
And down there, in the bottom of www.rlmpr.com, I found the following:
LS/IMAGENES1/logo/2/gang-raped.html’>gang raped, young teen rape, raped soldier, raped guys, schoolgirl gang rape, naked rape stories ‘http://jmcweb.org/HOTELS/IMAGENES1/logo/2/raped-school-girls.html’>raped school girls, man raped, xxx nonconsensual sex and rape pictures and stories, sex and violence, sublime date rape, violence sex "http://jmcweb.org/HOTELS/IMAGENES1/logo/3/animal-fucking-sex-with-human.html">animal fucking sex with human, bestiality samples, farm animal and girl sex, xxx bestiality, dog on girl sex, dog sex cartoons href="http://jmcweb.org/HOTELS/IMAGENES1/logo/3/cum-horse.html">cum horse, beastiality sex stories, animal sex sites, sample horse sex mpegs, beastiality links, dog human sex <="http://jmcweb.org/HOTELS/IMAGENES1/logo/3/vaginal-beastiality.html">vaginal beastiality, horse dick sex, hardcore bestiality, sex with female dog, gay horse sex, free gay bestialityAnimal sex porn dvds and beastiality home video
Yeah, I audibly gasped when I first read it, too.
As of 11:15am EST on Thursday, Novembr 15th, it’s still very much up there.
Now before we start jumping to conclusions here, I want to go on record that I don’t believe Richard Laermer is into anything listed above, nor do I believe that he intentionally posted what’s above.
But… It begs the question - What the hell is it doing there?
I asked a few very, very smart Search Engine Optimization guys what they thought about the code on rlmpr.com.
The reactions seemed to fall into two camps:
1) "There are "bots" out there looking to exploit open forms on blogs (or any website) to post their links to porn and a wide variety of unsavory items. I’ve seen this, and variants of this posting, on our site through a couple forms with weak captchas (because the data never goes out to the public). Short story… his blog has ineffective captchas or other anti-spam tactics.
2) There is not reasonable or rational basis for him including this code on his page as a professional. I bet he did it by mistake. He (or his web designer) probably liked some HTML design on a site (I prefer not to imagine the site) and simply copied the source code and made edits to the portions not noticing this section which, depending on how it was coded, may be invisible to the browser."
I’m going to give RLM the benefit of the doubt and go with number one. Why? Because I can’t imagine anyone at RLM PR would even knowingly type "animal-fucking-sex-with-human" while either coding a site or reviewing said code.
But - and here’s the scary part: I’m not the first person to discover Laermer’s hacked site. In fact, I’m not the second or third person.
In fact, there’s an email trail dating back almost a month ago alerting Richard that his site has been hacked. His response?
From: Richard Laermer
Sent: Tuesday, October 30, 2007 8:19 AM
Subject: Re: Inquiry from Web SiteWe checked. It doesn’t seem to be us. It’s odd.
—– Original Message —–
To: Richard Laermer
Sent: Tue Oct 30 07:58:51 2007
Subject: Inquiry from Web SiteHi, Richard. Still curious why your website includes hidden, explicit pornographic search terms. Surprised no one has blogged about what I presume is your use of this technique to improve your search engine rankings…any comment before someone does blog about it?
It’s right there on the front page of www.rlmpr.com. How exactly is it not "us?"
Not for nothing, but if someone emailed me and said, "hey, geekfactory.com has a bunch of hidden explicit pornographic terms on it," I’d probably do a lot more than "check." I’d get rid of them, take the site down, and remove whatever problem there was.
For whatever reason, this doesn’t seem to concern Richard, or anyone else at RLMPR.
About an hour later, Richard, in response to another email that said "um, yeah, it kinda IS you," sent out this email:
From: Richard Laermer [mailto:richard@RLMpr.com]
Sent: Tuesday, October 30, 2007 9:36 AM
Subject: Re: Inquiry from Web SiteI am really shocked. I just wrote our tech guy. This is weird. Thanks for pointing it out. This stuff creeps me out!
Best -richard
It’s been sixteen days. Richard really must be super-creeped out, huh?
The text is still up there.
The hack still exists.
Here’s a thought - if the hack dumped porno terms on to the website, I wonder what else it might have done? A few trojans in there, per se? Email grabs, perhaps? Good thing it’s not an e-commerce site, huh?
I guess my biggest concern is that this is a shop dedicated to PR. Part of PR is reputation management. To manage reputation, you need to be proactive.
How is knowing leaving pornographic, bestiality, and child molestation terms on your website for a minimum of sixteen days in any way shape or form being proactive?
Don’t you think, if this happened to a client, the first thing you’d do would be to tell them to take down the site and put up a placeholder and then get a tech crew in ASAP to find the problem, secure the leak, and fix the site? Then, after making sure that the site is clean, and more importantly, PATCHED and SEALED, only then can you put the site back up.
So there you have it. I don’t understand why, and as you can see, emails to RLM have not resulted in a fix.
So what’s the lesson here?
Reputation management doesn’t mean just looking good from the outside. It’s kind of like a cancer that you don’t know about until it’s too late. Fortunately, it can be fixed here - but reputation management starts at home - and more importantly, should be a daily part of your routine, both for your clients, as well as for you.
6 Responses to “Issue a Release, Have Sex with a Dog, Call a Reporter, Fornicate with a 12-year-old…”
made me go ‘holy sh*t!’ and immediately go check the source code on morgandorado.com.
Thankfully nothing here. Phew. Good post.
The invisible source code on PRDifferently reads:
I’m good enough, I’m smart enough, and gosh darnet people like me.
Disgusting.
ouch not a good thing to have one a page for searchengin rankings.
I’ve talked to a coder befor one of the things he dose to prevent spam and bots is in the raw code he has one aditional form field that can not be seen by posters but a bot of computer would see this field and be able to fill it in. If it gets filled in it automaticly gets canned just one more level to add as some are now getting around catchpas. Good open source seams to have less exploites with so many people openly looking at the code things tend to get caught and patched more quickly
Ok. It’s fixed now. But really - we’re living in such mediocre times that this is what passes as news. Go figure eh?
It happens more than people want to think, and through a whole range of circumstances. Two examples:
* A couple of years back, the guy who basically leads/runs Wordpress got nailed for embedding links to skeevy (albeit non-porn, as I recall) sites in the core Wordpress code. Installed WP during that time? You also installed skeevy backlinks. When it was discovered, the backlash was HUGE and the damage to the project took quite a while to repair.
* My ISP, Dreamhost, had a massive data-security breach early last summer that resulted in 3,000 compromised accounts, including mine. After hearing from a couple of folks that they couldn’t get to their blogs (I host several PR blogs for people), I started digging around in the code and found that a ‘bot had systematically replaced key elements of the code in every Wordpress installation (maybe a dozen in all on my account alone) with redirects to a Trojan-loading site. At the time, our solution was to take everything down immediately and spend a solid day or two fixing things.
A few lessons, at least from my geeky-but-not-full-time-IT-guy perspective:
* Audit your code periodically. Assume that people are trying to f**k with your web site on a targeted or random basis.
* Have trusted back-ups of whatever codebase you’re using, be it your CMS and theme, your static site, or whatever. Know how to make them live on your own and on very short notice, if need be.
* This last point is pure opinion and reflects my “why aren’t people geekier?” bias: Learn HTML — maybe not a lot, but just enough that if shit happens (as it inevitably will), you can throw the kill switch or delete a few lines of offending code yourself, within minutes.
I have a paper toy website that gets a huge amount of traffic, two to seven thousand people every day downloading paper toys for to make with their kids. I’ve tried really hard to keep it a safe site that parents feel good about their kids visiting, no outside links, no ads and yet I’ve been ripped off a couple of times.
I had to get rid of my guestbook because the comments from home school moms became interlaced with ads for piercings. I had a little “email this page” ap that allowed people to send toys to their friends that became a portal for spam, so it had to go.
I agree with the last post. Learn some HTML and check your page source every now and then.
Best thoughts,
Marilyn.