Apologies in advance to my regular readers. I intend to use this post for selfish ends. Specifically to pick the brains of tumblr owners. Anyone looking purely for femdom related material should probably skip to the picture at the end.
For anyone with a tumblr still reading, here’s my issue: As I’ve mentioned in the past, I maintain a tumblr for animated femdom material. Today I noticed that the front page was throwing up spammy pop-up windows and trying to get readers to download something that looked like malware. I spent sometime hunting around the tumblr dashboard and the settings, but couldn’t find anything that looked like suitable for debugging the issue. Eventually I used Firebug to poke around the page and found that one of the reblogged posts had smuggled in some suspicious looking javascript. It was trying to look like a Google analytics script, but when I deleted the post all the issues went away. I don’t think this was happening when I did the original reblog, so I’m guessing it got enabled once the initial post had spread around.
This seems like a horrible tumblr security hole. I would have assumed that any reblogs would be filtered and scrubbed for scripts. Or at the very least there would be a warning that the reblog contained a script. I can’t see any options in tumblr to block this kind of behavior. I also can’t see any good tools on the dashboard to debug this kind of issue. Am I missing something? Has anyone else observed similar behavior? Is tumblr reblogging this badly broken or am I just stupid?
Great as the tumblr idea is, I think its dashboard programmers need a good talking to. The functionality is very limited. Perhaps a good beating by the lady below would help focus their minds?
I found this image on the Domination on My terms tumblr. I should also add that’s not the tumblr where I reblogged the problematic post from.
I haven’t seen that myself, but I do remember that maybe a year or more ago, it seemed that a large number of Tumblrs were showing front page ads for Starbucks or some kind of coupon.
I’ve also noticed that a number of Tumblrs have really annoying popup scripts on mobile versions. In fact, I never used to worry about security on my Android, but I’m now going to look at a few malware apps for my phone, just to make sure.
Tumblr is meant to be a simple sharing platform, without a lot of backend tweaks for users, mainly because (as WordPress understands) if you give people too much leeway, somebody will do something stupid. Or malicious. Unfortunately, Tumblr hasn’t locked down its own platform enough.
I remember that coupon craze. Not sure if it died out because people got smart (unlikely) or tumblr put some sort of guards in place.
I haven’t done much tumblr browsing on mobile devices. I doubt anyone us writing malware for Windows Phone, which is at least one good reason to have one 🙂
The keeping it simple makes sense, but they really need to keep it tight on their side if they do that. Sophisticated and open or alternatively simple and limited is fine. Simple and open doesn’t work quite so well!
-paltego
I haven’t run into that problem. Hope I don’t. So can’t help in how to keep it from happening again. My complaint with Tumblr is that you can’t see what you have messaged people. Irritating! They have a ‘In Box’..why not a ‘Send box’?
Ahhh… How they taunt us!!!
~ Vista
Well I’m glad you’ve not encountered this issue. Hopefully it’s rare. Their tools are really terrible. As you say the messaging system is incredibly primitive, and I can’t see anyway a tumblr owner could have debugged this issue without digging into the page source. They should spend some of that Yahoo money on building a more sophisticated interface.
-paltego