Apr 22

In 2005 BlogPulse reported on The Assault on Blog Spam, and Intelliseek CMO Pete Blackshaw wrote about the splog menace for ClickZ and at his Consumer-Generated Media blog. Today, we are pleased to present a guest post from Intelliseek/BlogPulse’s esteemed Software Architect, Robert Stockton, who describes common splogger behaviors and exposes their spammy methods.

Hexadecimal Dan: This guy is just a run-of-the mill splogger, though he does produce more volume than most. Until he caught everybody’s attention, he pretty regularly named all his blogs with a common word followed by a six digit hexadeximal number. Thus, it was really easy for the folks at Google to filter out those blogs, but you know that he’ll change his spots and be back at full volume soon enough. Most of his accounts were caught in the grand purge, but you can check this splog as an example. Note the inclusion of keyword-based clippings from Moreover and the direct hyperlink to “info” site at the bottom of each post. This is a heartwarming example of good ol’ down-home link farming.

Max-Volume Pete: Be it football, baseball, or the Breeder’s Cup, this guy’s schtick is sports, and with site names like Gambling Handicappers, you aren’t likely to forget it. He has just one purpose in life, and that is to get you to mvpsportsbook.com (or, if you are too smart for that, one of the 40 other betting sites referenced at the same time). For all I know, he actually writes his own original material, but he’s so proud of it that he’ll simultanously post dozens of copies of each article. Then he’ll come back later and do it again in case the first few dozen didn’t get your attention.

Affiliate Fraud Fred: Fred is a lot like Pete, except that he’s into sex. (Again, with site names like (warning!) Nude Amateur Wife, he’s not terribly subtle about it, though some of the names get pretty creative.) He really wants to get you into the Adult Friend Finder network. The nifty thing about Fred is that you’ll probably never even see one of his blogs. He’s set them up with some javascript frame-busters so that you end up directly at adultfriendfinder (or “shaggle”) without ever seeing the intermediate blog, and he’ll make sure that any enclosing frames are taken out in the process. (As a side note, in case you think that spam blogs are typically caught and cleaned out quickly, the above-mentioned blog was populated on July 26th and is still happily sitting where it was established).

Search Term Sally: You know that Sally is all about search engine optimization, because she builds her posts by pasting popular search terms into pre-built templates. You might mistake the result (such as the text at BSNN) for human-written text if English is your third language, or you are a computerized grammar-checker, but probably not. The links on the page take you to a maze of cross-linked pages without a bit of content, but that’s all right. The only entity who was supposed to read it was the Google spider.

Pen-Pal Patty: You probably don’t think that any of Patty’s creations (such as Samantha Arthur Diary) are splogs at all. They look fairly normal. There are no ads; no hyperlinks; no common themes being pushed. But there are hundreds of them, all sporting 100% stolen content, and when they de-cloak sometime in the future they are going to be firmly entrenched inside Google’s sandbox. Patty is hoping that this sneak attack is going to make her very rich.

Apr 16
2. What does Marcis consider a blog?
With as many definitions as people doing the defining, most people agree a weblog or a “blog,” as it is also known, is an online diary or journal where people write about any topic in which they have an interest and make this available for others to read via the Internet. Blogs have also been described as personal Web sites with a much simpler means to add and post new material. Blogs can also provide the ability for others to comment on what has been written.

3. What is the difference between a blog and a message board, or online chat?
Like blogs, message boards provide a forum for people to post their thoughts online. They tend to be more conversational than blogs, with hundreds or even thousands of people posting their thoughts, raising questions and responding to one another. Message boards also tend to be focused on a single subject of common interest to all of the people writing on the board. For example, a message board may focus on a specific model of car or music group.

Like message boards, online chat provides instantaneous conversation between and among people, typically about a single topic of common interest.

Blogs, on the other hand, usually have a single primary poster, can cover a variety of topics and tend to have fewer other people posting their opinions.


4. What gets discussed in a blog?
The subjects of blogs are as varied as the people writing. Most people discuss the ongoing events of their lives in their blogs, while others use it as a medium to express their opinions about specific topics. For example, many people talk about their school, work, relationships, vacations and day-to-day activities, while others use it as a forum to express their opinions on politics, music, or technology.

5. Who blogs?
While the earliest adopters of blogging were technologists searching for a simpler method of expressing their opinions through the Internet, those wishing to make their political opinions and observations available to others quickly adopted blogs. Shortly after the adoption by technologists and politicos, younger Internet users rapidly began adopting blogs as a journal or diary to share with others, however, today people of all ages and technological abilities have adopted and use blogs. For example, new mothers have adopted blogs as a convenient and time-saving way to provide updates to friends and family on developments with the new child without having to answer tens of e-mails everyday.

6. How many blogs are there?
Estimates place the number of blogs as high as 60 million by the end of 2006, with many more added each week.

7. How does Marcis determine what is being discussed on a blog?
Umbria uses a combination of approaches to understand what is being discussed by blogs. Some of the methods Umbria uses include approaches used by traditional search engines. However, Umbria takes its analysis further to insure the text it identifies directly relates to the topic of interest. By way of example, compare the following two sentences:

(1) “I went to Dairy Queen yesterday to have a blizzard.”
(2) “I got stuck in a blizzard yesterday on my way to Dairy Queen.”

If you are interested in the Dairy Queen Blizzard only sentence 1 is of interest, however, many traditional keyword based search approaches may identify both sentences of equal importance. Umbria’s technology analyzes the entire sentence instead of just keywords to insure only relevant comments are included in the topics it identifies.

8. How does Marcis deal with spam?
Spam is a large and growing problem when it comes to blogs. Depending on the topic and/or subject discussed, up to 80% of all blog postings for some categories are made up of spam blogs versus genuine author-generated blogs. Spam not removed prior to analysis may skew analysis results by as much as 50%.

Umbria uses a three-pronged approach that uses both automated and human inspection to eliminate up to 95% of spam blogs from data prior to analysis.


9. How does Umbria determine the age or gender of bloggers?
From the words the blogger uses. Umbria has developed a number of systems to help identify age and gender. One of these systems decomposes postings into their parts of speech (nouns, verbs, adjectives, adverbs, etc.) and then uses mathematical models to compare the decomposed speech with nouns, verbs, adjectives, phrases and other forms of speech from people of known ages and genders. The technology Umbria uses is a new application of linguistic analysis.

As a rough example, compare the speech of a 14-year-old female with a 43-year-old male. To the extent they use different nouns, verbs, adjectives, adverbs, phrases, or speak about different topics, these differences offer clues to help predict age and gender. All market research has a margin of error dependent upon the type of analysis being conducted. Likewise, Umbria’s analysis of blogs and other online opinion sources is limited to the perspectives of the pool of individuals who have gone online to offer opinions on products, services, brands, candidates, etc.
Apr 11
Protected: Google Website Optimizer
icon1 admin | icon2 Usabillity | icon4 04 11th, 2008| icon3Enter your password to view comments

This post is password protected. To view it please enter your password below:


Apr 9
Splogosphere
icon1 admin | icon2 Search Engines | icon4 04 9th, 2008| icon3No Comments »

We present some updates on the Splogosphere as seen at a pingserver (weblogs.com). This follows our study from a year earlier which reported on splogs in the English speaking blogosphere. Our current update is based on 8.8 million pings on weblogs.com between January 23rd and January 26th. Though not fully representative, it does give a good sense of spam in the indexed blogosphere.

(i) 53% of all pings is spam, 64% of all pings from blogs in English is spam. A year earlier we found that close to 75% of all pings from English blogs are spings. Dave Sifry reported on seeing 70% spings in his last report. Clearly the growth of spings has plateaued, one less thing to worry about.

ping_all
(ii) 56% of all pinging blogs are spam. By collapsing these pings to their respective blogs, we chart the distribution of authentic blogs against splogs. These numbers have seen no change, 56% of all pinging blogs are splogs.
ping_unique
(iii) MySpace is now the biggest contributor to the blogosphere. The other key driver LiveJournal and blogs managed by SixApart (as seen at their update stream) contribute only 50-60% of what MySpace does. The growth of MySpace blogs has in fact dwarfed the growth of splogs! Further if MySpace is discounted in our analysis close to 84% of all pings are spings! Though MySpace is relatively splog free, we are beginning to notice splogs, something blog harvesters should keep an eye on. [Note that not all blogspot blogs ping weblogs.com]
ping_host
(iv) Blogspot continues to be heavily spammed. Most of this spam however is now detected by blog search engines, a point also shared by Matt Cutts and Randy Morin. In all of the pings we processed, 51% blogspot blogs were spam!(v) Most spam blogs are still hosted in the US. We ranked IPs associated with spam blogs based on their frequency of pings, and located them using ARIN.

1. Mountain View, CA
2. Washington DC
3. San Francisco, CA
4. Orlando, FL
5. Lansing, M

Blogspot hosts the highest number of splogs, but we also found that most of the other top hosts where physically hosted in the US. Perhaps Jonathan Bailey knows more about the legal ramifications.(vi) Content on .info domain continues to be a problem. 99.75% of all blogs hosted on these domains are spam. In other words 1.65 Million blogs were spam as opposed to only around 4K authentic blogs! As long these domains are cheap and keyword rich this trend is likely to continue. Sploggers are also exploiting private domain registration services (see here).(vii) High PPC contexts remain the primary motivation to spam. We identified the top keywords associated with spam blogs and generated a tag cloud using keyword frequency.

***** auto big buy california cancer card casino cheap college consolidation credit debt diet digital discount dvd equipment estate finance florida forex free furniture gift girls golf health hotel info insurance jewelry lawyer loan loans medical money mortgage new online phone poker rental sale school *** small software texas **** trading travel used vacation video wedding

We link these keywords to del.icio.us to depict an emerging problem that is quickly becoming serious. We posted on this recently, though references date to quite a while back. [See related tag spam notes on MyWeb, Technorati and del.icio.us]We will continue our effort on tackling spam. Our ongoing research on spam is catalogued in our tagged splog resources, or better still check out our tutorial at ICWSM this March!

By Pranam Kolari on Thursday, February 1st, 2007 at 1:00 pm.

Apr 8

Sam - let’s call our interviewee Sam, it’s suitably anonymous - lives in a three-bedroom semi-detached house in London, drives a vintage Jaguar and runs his own company. But “it’s not not all rock and roll and big money”, says Sam. What isn’t? Spamming websites and blogs with text to pump up the search engine rankings of sites pushing PPC (pills, porn and casinos), that’s what.For that’s what Sam does, pretty much all day long. He - we’ll use the male notation, it’s easier - would do this anyway for fun, but it’s more than fun; he says he can earn seven-figure sums doing this. Sam is a link spammer. He’s unapologetic about it. Skilled in Perl, LWP and PHP, Sam’s first professional programming was done aged 13, when he sold some code to a gaming company. He’s 32 now, and spoke to The Register on condition of anonymity.

So how and why do “link spammers” - as they generically call themselves - do it? Are they the same as the email spammers? What do they think of what they do, ethically? And what can stop them? If you’re affected by this spam, say because you run a blog, or a website, or like the other 99.9 per cent of Net users just come across the stuff, Sam explain the important thing to remember is it’s nothing personal. They’re not targeting you personally. They’re just exploiting a weakness in a system which blossomed just at the time that Google cracked down on the previous method that spammers used, where huge “link farms” of their own web sites pointed circularly to each other to boost each others’ ranking.

“It was around December 2003: Google did what was called the ‘Florida update’. It changed the algorithm that measured how high a site should be ranked to spot ‘nepotistic’ links and devalue them. So if you had a link farm of sites with different names which linked heavily to each other, they were pushed down,” explains Sam.

So the link spammers - who prefer to call themselves “search engine optimisers”, but get upset when search engines do optimise themselves - turned to other free outlets which Google already regarded highly, because their content changes so often: blogs. And especially blogs’ comments, where trusting bloggers expected people to put nice agreeable remarks about what they’d written, rather than links to PPC sites. Ah well. Nothing personal.

“Comment spamming to blogs was going on before the Florida update, but it rose after that,” says Sam. “All we need is a website that allows some interaction.” Photo galleries based around PHPGallery - which allows votes and comments - are easy targets too. So many of them allow anyone to leave a comment.

For even a semi-competent programmer, writing programs that will link-spam vulnerable websites and blogs is pretty easy. All you need is a list of blogs - which again, even a semi-competent programmer will be able to pull together (by searching for sites with keywords such as “Wordpress”, “Movable Type” and “Blogger”) a huge list of blogs to hit.

More than competent

And people like Sam are much more than competent. “You could be aiming at 20,000 or 100,000 blogs. Any sensible spammer will be looking to spam not for quality [of site] but quantity of links.” When a new blog format appears, it can take less than ten minutes to work out how to comment spam it. Write a couple of hundred lines of terminal script, and the spam can begin. But you can’t just set your PC to start doing that. It’ll get spotted by your ISP, and shut down; or the IP address of your machine will be blocked forver by the targeted blogs.

So Sam, like other link spammers, uses the thousands of ‘open proxies’ on the net. These are machines which, by accident (read: clueless sysadmins) or design (read: clueless managers) are set up so that anyone, anywhere, can access another website through them. Usually intended for internal use, so a company only needs one machine facing the net, they’re actually hard to lock down completely.

Sam’s code gets hundreds of open proxies to obediently spam blogs and other sites with the messages he wants posted. They usually target comments to old posts, so they won’t show up to people reading the latest ones, though search engine spiders will spot them and index them. And here’s the surprising thing: link spamming is not outsourced. These people do it on their own behalf.

Here’s why. When Sam spams tons of blogs and sites with links to his sites - which are affiliates of bigger PPC sites - people see the links and, seeking some porn, pills or casino action, click through to his site, and from there to the parent site, which pays Sam for each person landing there. The PPC sites can see revenues of ?100,000 to ?200,000 per month, says Sam. He gets a slice of that - and he wants it to stay that way.

Perhaps the affiliate system could be seen as a form of outsourcing: the top-level site gets lots of people competing to find the best way to get visitors to the site. Darwin would understand. Link spamming, with its abuse of common resources, turns out the most efficient, just as cutting down virgin Indonesian and Amazonian rain forest is the most efficient way for loggers there to get wood. If it raises the global temperature of the blogging community, well, that’s life on planet internet, isn’t it?

Why not just buy a Google ad, Sam? “You don’t get anything like the same click-through ratio. Jakob Nielsen’s studies and my own show you get six or seven times more click-throughs from ‘organic’ search results. And pay-per-click on search engines costs money! It can be ?20 per click! We pay nothing to get an organic result.” But what about the moral question, that you’re using other peoples’ bandwidth and blog space and abusing it by putting your commercial message there? “The question of morals is one for the individual. While it’s legal, it will continue. It could be argued that a website owner is actually inviting content to their site when they allow comments.”

When Sam begins a spam run, he has one target, though he’ll accept any of six. Principal one: come top of the search engines for his chosen site’s phrase. “But you’ll accept coming in at 1,2 or 3, or if you come at 8,9 or 10. Actually, 8, 9 and 10 have better conversion rates. I don’t know why. Maybe the eyes fix on it when you scroll down the page.” And the cost of doing it? Once the code is written, pretty much zero. “Bandwidth is cheap,” he says. “You set it going in the evening and come back in the morning to see how it’s gone.”

But what about the legal question? Here’s where Sam distances himself, very definitely, from email spammers - particularly those who use tailored viruses to turn broadband-linked PCs into spam generators. “I’m using badly-configured proxy servers. I believe that’s different from those which are hacked. But I speak to the top seven or eight link spammers, and they don’t use bot PCs. People who do blog spamming won’t be doing email spamming.”

Using proxy servers, Sam argues, is legal. (There seems to be some confirmation of this: you’re not altering the machine’s configuration, which would be illegal under the Computer Misuse Act, you’re just using it to do something.) Sending viruses and using bots is not. “As well as being illegal, how much email spam gets through? The big link spammers, and me, we don’t want to end up sharing a cell with a 300-pound guy called ‘Bubba’. The moral argument, of whether this is the ‘right’ thing to do, is for the individual,” says Sam. “The legal question is another matter.”

In fact, the law would probably favour Sam. It’s hard to argue the difference between a person using a computer to post a comment, and a person using a computer to use a computer to post a comment. Will the initiative by Google, Yahoo and MSN, to honour “don’t follow” links defeat Sam and his ilk? “I don’t think it’ll have much effect in the short, medium or long term. The search engines caused the problem” - we didn’t quite follow this bit of logic, but Sam continued - “and they’re doing this to placate the community. It won’t work because most blogs and forms are set up with the best intentions, but when people find hard graft has to go into it they’re left to rot. To use this, they’ll all have to be updated. The majority won’t be. And there’ll just be trackback spamming.”

By this Sam means spammers setting up their own blogs, and referencing posts on zillions of blogs, which will then incestuously point back to the spammer, whose profile is thus raised. So what does put a link spammer off? It’s those trusty friends, captchas - test humans are meant to be able to do but computers can’t, like reading distorted images of letters. “Even user authentication can be automated.” (Unix’s curl command is so wonderfully flexible.)

“The hardest form to spam is that which requires manual authentication such as captchas. Or those where you have to reply to an email, click on a link in it; though that can be automated too. Those where you have to register and click on links, they’re hard as well. And if you change the folder names where things usually reside, that’s a challenge, because you just gather lists of installations’ folder names.”

For Sam, every day brings more challenges. Not just from the angry bloggers; nor only from the search engines coming up with new algorithms and HTTP tags. There’s all the other link spammers too. “It’s like a 1500-metre race. You get a little bit ahead but then the others catch up,” says Sam. But he’s confident he’ll stay in what is primly called the “search engine optimisation” business for a while yet.

Why? Because the demand exists. “The reality is that people purchase Viagra, they require porn, they gamble online. When people do that, there’s money being made.” And if this sounds suspiciously like an “ends justify means” argument to you - it does to us too. But Sam doesn’t mind. He’s just adding a few thousand more blogs to his list and readying the next spam run. Nothing personal.

Apr 7

WordPress Security
You can protect your administration scripts (scripts under wp-admin), where most attacks originate including this one, by restricting access to your admin scripts to specific IP address or IP address range. You can also add a basic authentication on top of WordPress by using your httpd.conf file or .htaccess. This adds a layer of security which any hacker will have to overcome before he gets to your WordPress vulnerabilities.

This WordPress blog was hacked for few hours on 24th December (nice Christmas present!) from Russia. The hacker exploited several WordPress vulnerabilities in administrative scripts to gain full access to the website (as permitted to apache user), including the ability to upload & run scripts, delete any file owned by apache user, view the file and directories etc. This is a full disclosure on the how the site was hacked and how I detected and removed the hack along with few comments on the state of WordPress security. I added a WordPress plugin and made modifications to prevent any such hacking attempts in future using WordPress. This is a must read for WordPress bloggers.

How the site hacking was detected?

The website was normal. However when I tried to publish or even save a post, it simply showed a blank page. The post was never published or even saved. I knew something was wrong.

My first suspect were couple of plugins which contacted external servers after a publish. I disabled them. I also disabled the ping sites as they were sometimes known to cause problems. None of that helped. I progressively disabled all of the plugins. Even with all the plugins disabled, the post wouldn’t publish. I was left with only one option.

I decided to trace WordPress code to find out the cause of error. I started with the file for post submission - post.php. I found something startling with WordPress code which seriously undermines its security, a flawed design choice but more on it later. post.php calls admin.php which calls wp-config.php which in turn calls wp-settings.php. wp-settings is an interesting file. This file isn’t just about settings. It loads tons of files, loads and executes the plugins and more. The problem was, as I originally suspected, in the plugins but which one? The code which loads the plugins in WordPress is:


if ( get_option('active_plugins') ) {
	$current_plugins = get_option('active_plugins');
	if ( is_array($current_plugins) ) {
		foreach ($current_plugins as $plugin) {
			if (’’ != $plugin && file_exists(ABSPATH . PLUGINDIR . ‘/’ . $plugin))
				include_once(ABSPATH . PLUGINDIR . ‘/’ . $plugin);
		}
	}
}

The active plugins, as you can see, are loaded directly with include_once. How do I find the plugin which while loading is causing the script to die?
I added simple syslog() statements before and after the plugin. However it generated copious output from all the traffic.
Remember I was debugging on a heavily trafficked live site. So I added a define in post.php which I was checking before doing a syslog. The debugging code was:
if (’’ != $plugin && file_exists(ABSPATH . ‘wp-content/plugins/’ . $plugin)) {
if(defined(’TG_ADMIN’)) syslog(LOG_ALERT, “Loading $plugin…”);
include_once(ABSPATH . ‘wp-content/plugins/’ . $plugin);
if(defined(’TG_ADMIN’)) syslog(LOG_ALERT, “Loaded $plugin…”);
}

The result was surprising. The first plugin loaded was not even a plugin I knew existed, let alone use it. It was named ro8kbsmawge.txt. The full path to the plugin was /../../../../../../../../../../../../../../../../../../tmp/ro8kbsmawge.txt
Effectively the file path was /tmp/ro8kbsmawge.txt. A telltale sign of this hacker is the presence of the file ro8kbsmawge.txt in your tmp directory.

I renamed the file and the problem was solved for now. I could publish posts finally. However my site was still not secure against future attacks. I will detail next at how I secured my site and provide more information on the perpetrator and how the site was hacked in the first place.

How the site was hacked using WordPress?

The site exploited a vulnerability in /wp-admin/options.php which allowed it to get the authentication cookies it required to upload the file ro8kbsmawge.txt to my /tmp directory using /wp-admin/inline-uploading.php. It then used /wp-admin/plugins.php to activate the ro8kbsmawge.txt as a plugin while using options-misc along the way.

Finally the hacker accessed the site using his magic word piska233 and browsed few directories on my server before retiring for the day. All of these was done within a span of 3 minutes which leads to the conclusion that a script was used to exploit the holes and orchestrate the hacking.

The full log, except the IP address 217.74.245.85 which was removed for redundancy, of hackers action on my site is:

[24/Dec/2007:07:40:22 -0600] “POST /wp-admin/options.php HTTP/1.0? 200 1713 “http://blog.taragana.com/wp-admin/options.php” “Opera”
[24/Dec/2007:07:40:24 -0600] “POST /wp-admin/options.php HTTP/1.0? 302 471 “http://blog.taragana.com/wp-admin/options.php” “Opera”
[24/Dec/2007:07:40:26 -0600] “POST /wp-admin/inline-uploading.php?post=-1&action=upload HTTP/1.0? 200 1645 “http://blog.taragana.com/inline-uploading.php?post=-1&action=upload” “Opera”
[24/Dec/2007:07:40:29 -0600] “POST /wp-admin/inline-uploading.php?post=-1&action=upload HTTP/1.0? 200 142 “http://blog.taragana.com/inline-uploading.php?post=-1&action=upload” “Opera”
[24/Dec/2007:07:40:52 -0600] “POST /wp-admin/options.php HTTP/1.0? 200 1713 “http://blog.taragana.com/wp-admin/options.php” “Opera”
[24/Dec/2007:07:40:54 -0600] “POST /wp-admin/options.php HTTP/1.0? 302 471 “http://blog.taragana.com/wp-admin/options.php” “Opera”
[24/Dec/2007:07:40:57 -0600] “POST /wp-admin/inline-uploading.php?post=-1&action=upload HTTP/1.0? 200 1645 “http://blog.taragana.com/inline-uploading.php?post=-1&action=upload” “Opera”
[24/Dec/2007:07:41:11 -0600] “GET /wp-admin/options-misc.php HTTP/1.1? 200 7764 “-” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:15 -0600] “GET /wp-admin/wp-admin.css?version=2.0.7 HTTP/1.1? 304 - “http://blog.taragana.com/wp-admin/options-misc.php” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:15 -0600] “GET /wp-includes/js/fat.js HTTP/1.1? 304 - “http://blog.taragana.com/wp-admin/options-misc.php” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:12 -0600] “POST /wp-admin/inline-uploading.php?post=-1&action=upload HTTP/1.0? 302 - “http://blog.taragana.com/inline-uploading.php?post=-1&action=upload” “Opera”
[24/Dec/2007:07:41:21 -0600] “GET /wp-admin/plugins.php?action=activate&plugin=/../../../../../../../../../../../../../../../../../../tmp/ro8kbsmawge.txt&_wpnonce= HTTP/1.1? 200 1474 “http://blog.taragana.com/wp-admin/plugins.php?action=activate&plugin=/../../../../../../../../../../../../../../../../../../tmp/ro8kbsmawge.txt” “Opera”
[24/Dec/2007:07:41:23 -0600] “GET /wp-admin/plugins.php?action=activate&plugin=/../../../../../../../../../../../../../../../../../../tmp/ro8kbsmawge.txt&_wpnonce=7b4c8019bd HTTP/1.1? 302 - “http://blog.taragana.com/wp-admin/plugins.php?action=activate&plugin=/../../../../../../../../../../../../../../../../../../tmp/ro8kbsmawge.txt” “Opera”
[24/Dec/2007:07:41:30 -0600] “GET /?piska23 HTTP/1.1? 200 95716 “http://lamer/mwpep/?mode=shell&what=20? “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:36 -0600] “GET /?piska233 HTTP/1.1? 200 15840 “-” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:44 -0600] “POST /wp-admin/options.php HTTP/1.1? 302 471 “http://blog.taragana.com/wp-admin/options-misc.php” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:47 -0600] “POST /wp-admin/options.php HTTP/1.1? 302 471 “http://blog.taragana.com/wp-admin/options-misc.php” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:55 -0600] “GET /?piska233&dira=/tmp HTTP/1.1? 200 9930 “-” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:41:54 -0600] “GET /wp-admin/options-misc.php?updated=true HTTP/1.1? 200 7842 “http://blog.taragana.com/wp-admin/options-misc.php” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:42:36 -0600] “POST /index.php?piska233&dira=./ HTTP/1.1? 200 36721 “http://blog.taragana.com/?piska233? “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:43:23 -0600] “GET /index.php?piska233&dira=./wp-content/plugins/Wysi-Wordpress/themes/advanced/docs/es/images HTTP/1.1? 200 6506 “-” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:43:38 -0600] “GET /wp-content/plugins/Wysi-Wordpress/themes/advanced/docs/es/images HTTP/1.1? 301 298 “-” “Opera/9.24 (Windows NT 5.1; U; ru)”
[24/Dec/2007:07:43:40 -0600] “GET /wp-content/plugins/Wysi-Wordpress/themes/advanced/docs/es/images/ HTTP/1.1? 200 604 “-” “Opera/9.24 (Windows NT 5.1; U; ru)”

The good news is that no harm was done.

WordPress security issues & design flaw

The basic design flaw is that loading WordPress configuration (required for database access for authentication checks) loads wp-settings which loads tons of other PHP files as well as all the WordPress plugins and any hacks. All of these are done even before you have a chance to authenticate the user. This is extremely dangerous for administration scripts as it allows a hacker to pass arguments to and execute gazillions of WordPress files which may or may not have proper security checks in place. User authentication and entitlement should be done at the very beginning to prevent unauthenticated scripts from proceeding any further. To do that wp-config must be modified to not include wp-settings. It should be separately included where required, even at the cost of redundancy. Administration scripts (under wp-admin) requires only wp-config to get the database details to authenticate the user and identify its entitlements. After authentication the rest should be loaded. This flaw was exploited to get the authentication cookie details which was subsequently used. The exact exploit used in this case is hard to find from just server logs. However it was caused by late authentication problem as described above.

There arewere known issues with both options.php & upload script, some of which are detailed here.

One of the challenges with WordPress is that security considerations was mostly an afterthought (feel free to disagree) which were latched on as WordPress became more and more popular. You have to continuously update your WordPress to keep up with the latest patches.

There are 71 reported security advisories in Secunia (22 reported in 2007) and 9 viruses based on WordPress (one from 2007).

Most likely the site was hacked using the cookies authentication vulnerability as detailed here.

Several WordPress plugins and themes also have security advisories:
- AdSense-Deluxe 0.x (plugin for WordPress)
- AndyBlue 1.x (theme for WordPress)
- Blix 0.x (theme for WordPress)
- Blixed 1.x (theme for WordPress)
- BlixKrieg 2.x (theme for WordPress)
- Blue Memories 1.x (theme for WordPress)
- myGallery 1.x (plugin for WordPress)
- PictPress 1.x (plugin for WordPress)
- Pool 1.x (theme for Wordpress)
- Redoable 1.x (theme for WordPress)

You can read all the Secunia advisories on WordPress here.

Who was the hacker?

The IP address of the user responsible for hacking my site is 217.74.245.85. The IP address belongs to KUBANGSM-NET:

% Information related to '217.74.245.0/24AS29497'

route:          217.74.245.0/24
descr:          KUBANGSM-NET
origin:         AS29497
mnt-by:         KUBANGSM-MNT
source:         RIPE # Filtered

It is owned by:

person:       Volkov Denis
address:      61, Gimnazicheskaya str. 350000, Krasnodar, Russia
phone:        +7 8612 660126
fax-no:       +7 8612 401505
e-mail:       d.volkov@kuban.mts.ru
nic-hdl:      VD370-RIPE
source:       RIPE # Filtered

Their website is http://www.kuban.mts.ru/. They appear to be legitimate mobile & internet service provider. Most likely their internet service is being abused by the spammer. Nevertheless I decided to ban this IP address from accessing my server.

The hacker was most likely using Opera 9.24 browser (almost latest version) on Windows XP (NT 5.1). While user agent can be faked, there is no reason to suspect so in this case. The user agent string also shows that he was using the russian language file of Opera.

Magic Shell by Mag Screenshot

Anatomy of the hacking script

The hacking script is a php script with a a nice comment and TODO line:
/*Magic Include Shell by Mag icq 884888*/
//TODO: ????? ????? ?? ???? ??? (!)

Effectively it is a file manager, probably adapted from any of the free php file manager’s on the net. It allows you to:

  • Browse directories and files
  • Edit files
  • Rename files
  • Delete files
  • zip & unzip files
  • Upload & download files & directories
  • Execute arbitrary PHP scripts
  • Execute arbitrary shell commands
  • Provides basic server, system & PHP information

The bulk of the code is executed when it receives a particular query string to a normal HTTP GET request. So while http://blog.taragana.com/ will work as usual, http://blog.taragana.com/?piska233 will open with this magical hidden shell which will expose your entire website to an outside hacker.
Note: There is nothing magical about piska233. It is a password which was most likely allowed to be chosen and given as input to the original script which injected this trojan horse on my site.

A trojan which protects itself against worms…

The trojan takes steps to protect itself against worm! The code at the end which is always executed is:

$post_arr=implode('.',$_POST);
$get_arr=implode('.',$_GET);
$cook_arr=implode('.',$_COOKIE);
$post_arr_key=implode('.',@array_flip($_POST));
$get_arr_key=implode('.',@array_flip($_GET));
$cook_arr_key=implode('.',@array_flip($_COOKIE));
$other_shtuki=@file_get_contents('php://input');
$cracktrack = strtolower($post_arr.$get_arr.$cook_arr.$post_arr_key.$get_arr_key.$cook_arr_key.$other_shtuki);
$wormprotector = array('base64','user_pass','union','select','substring','or id=');
$checkworm = str_replace($wormprotector, '*', $cracktrack);
if ($cracktrack != $checkworm) die(”");

It checks for certain keywords (in $wormprotector array) within GET, POST & COOKIE data. When they are present it simply aborts. This is one of the means to detect the current version of the script. This is also the reason why it failed to submit a post. An url such as this would also die - http://localhost/wordpress/?select as would http://localhost/wordpress/?base64.
However there is nothing to be happy about. It will take less than a minute to modify the script and make it immune to detection in WordPress.

Apr 6

This is the list of sites we currently submit to.  Note that not all sites will accept your title.  For example, if you have a business utility, sites that list only games would not be appropriate for us to submit to since they will not accept that type of software.  However, we can still guarantee that a huge number of sites will be submitted to.  The list below currently has over 300 entries!

DVD Software www.dvdsoft.info
My Sharewares www.mysharewares.com
academy-info.com www.academy-info.com
Download Shareware www.downloadshareware.com
SoftDownloadz.com www.softdownloadz.com
Software Downloads www.soft3k.com
GameThat.com www.gamethat.com
Download Terra www.downloadterra.com
Your AstroDownloads www.astronomy-software.net
Download2me.com www.download2me.com
Astrodownload.com www.astrodownload.com
GodMoon.com www.godmoon.com
Absolute Freeware www.absolutefreeware.com
Shareware list www.shareware-list.com
Pick Files www.pickfiles.com
eCoservers.net www.ecoservers.net
Shareware Promotion www.shareware-promotion.org
Geek Info Web www.geekinfoweb.com
Recentsoft.com www.recentsoft.com
Shareware Laboratory www.sharewarelaboratory.com
SoftwareDc www.softwaredc.com
MacFiles.org www.macfiles.org
Heise Software www.heise.de/software
Ivertech Software Central www.software.ivertech.com
Download Orchard www.download-orchard.com
Your Free Files www.yourfreefiles.com
ThePCFriends.com www.thepcfriends.com
LeoFiles www.leokrut.com/leofiles
AmazedGames.com www.amazedgames.com
Data Mining Software Catalog www.data-mining-soft.com
Free Downloads Planet www.free-downloads-planet.info
ABCdatos Programas www.abcdatos.com/programas
DoUpload.com www.doupload.com
CoreDownload www.coredownload.com
Shareware Download Box www.shareware-box.com
Setup Group www.setupgroup.com
Software Downloads 4U www.software-downloads4u.com
Softs Land www.softsland.com
Free Download www.free-download.webzf.com
allapp www.allapp.com
OpenScreensaver.com www.openscreensaver.com
Mobile Phone World www.digimobiles.net
Free-Download www.webzf.com/padsite
Soft3000 www.soft3000.com
LMPhotonics www.sware.LMPhotonics.com
GonnaSoft.com www.gonnasoft.com
Downloadery www.downloadery.com
Download2you www.download2you.com
DiscountFiles www.discountfiles.com
DigiModes www.digimodes.com
123 Free Download www.123-free-download.com
IT Shareware www.itshareware.com
shareware5 www.shareware5.com
Most Downloaded www.most-downloaded.com
Software Sizzle www.softwaresizzle.com
Desk Arsenal www.deskarsenal.com
ZoomLoad.com www.zoomload.com
FiveSign Network www.fivesign.com
Dakota Downloads www.dakotadownloads.com
PakShareware Spot www.pakmed.net/pakshare
Xdownload.it www.xdownload.it
Top Shareware www.top-shareware.net
PALM Tools www.palm-tools.com
OSX Tools www.osx-tools.com
SYS Tools www.sys-tools.com
Download-Up.com www.download-up.com
10000files.com www.10000files.com
NPWare.org www.npware.org
DVD Trades www.dvdtrades.net/software/index.php
Download3k.com www.download3k.com
FSSD www.free-software-shareware-downloads.com
linXchange www.software.linxchange.net
shareseek www.shareseek.com
WordPerfect Software List www.wordperfect.org/wplist
ReaderSoft www.readerssoft.com/software
FreeShareWelt www.freesharewelt.de
Download Gems www.downloadgems.com
CRMX www.crmx.ath.cx
Freeware Download Box www.FreewareBox.com
Qtdd.com www.qtdd.com
THKMCS www.thkmcs.de
mp3cdsoftware.com www.mp3cdsoftware.com
ZR Software www.zrsoftware.com/SoftwareLibrary
Free PC Games www.winpcgames.com
Games32Best www.games32best.com
Soft32Best www.soft32best.com
Wapti Software Downloads www.wapti.com
Self Download www.selfdownload.com
NewFreeDownloads.com www.newfreedownloads.com
10000apps www.10000apps.com
Software-Picks www.software-picks.com
TryShareware.com www.tryshareware.com
Software maindot www.software.maindot.com
PCcrown www.pccrown.com
Files54.com www.files54.com
myCmd www.mycmd.com
Share32.com www.share32.com
Freeware-base www.freeware-base.de
Sharewareworld www.sharewareworld.de
RESOURCEdb www.resourcedb.com
5starshare Software Downlaod www.5starshare.com
Best Free Download www.best-free-download.com
Share2udownload.com www.share2udownload.com
File Converter Zone www.convertzone.com
SoftListing www.softlisting.com
e-SkySoft www.e-skysoft.net
DigiMode Download Site www.digimode10.com/index.php
Free Software Downloads www.softjamboree.com
Tuxfiles Software Repository www.tuxfiles.com
PC24hours.net www.pc24hours.net
Greg’s Archive www.inertiasoftware.com/software/index.php
Download GEMS www.downloadgems.com
BestShareware Download www.bestshareware.net
Download-Get www.download-get.com
Hot Game Downloads www.hotgamedownloads.com
5Awards www.5awards.com
Free Software www.free-downloadable-software.com
SoftwareArchives.com www.softwarearchives.com
LinkShareware www.linkshareware.com
Developer-Tools www.developer-tools.com
FindFreewares.com www.findfreewares.com
DownloadFrenzy.com www.downloadfrenzy.com
CubeShareware www.shareware.cubereality.com
Findsharewares.com www.findsharewares.com
Download Frenzy www.downloadfrenzy.com
Freeware One www.freeware1.com
Download Spin www.downloadspin.com
Download.In.UA www.download.in.ua
International PAD Database www.paddb.com
Maxx Download www.maxxdownload.com
Biggest Shareware Index www.emu8086.com/soft
Download.com.ph www.download.com.ph
Ware23 www.ware23.com
GoBuySoftware www.gobuysoftware.com
Service-1.org www.service-1.org
SplashWeb www.splashweb.com
EfreeDVD www.efreedvd.com
CoolComputing Software www.coolcomputing.com/software-store
Fast Download www.fast-download.info
Planet Shareware www.planet-shareware.com
Freeware Shareware Center www.freesharewarecenter.com
cyhnet.com www.cyhnet.com
Shareware Drome www.sharewaredrome.com
Download To PC www.download2pc.com
Windows, Mac & Mobile www.trialware.in
Free Downloads at SoftHall.com www.softhall.com
SoftWareBusters www.softwarebusters.com
Hotdownloads.org www.hotdownloads.org
www.Softows.com www.softows.com
http://www.dogearprinting.com www.dogearprinting.com
Yankee Download www.YankeeDownload.com
File Picks www.filepicks.com
Download Sidedc.Com www.download.sidedc.com
Free Trial Downloads www.freetrialdownloads.com
AnotherWin95.com www.anotherwin95.com
FileValley www.filevalley.com
do-download.com www.do-download.com
File Portal www.file-portal.net
Library of Exclusive Shareware www.ziplib.com
FraseDiaria www.frasediaria.com
SoftwareMASS www.softwaremass.com
Mp3Starfish.com mp3 software www.mp3starfish.com
Award for Best Screensavers www.awardforbest.com
All and Best Screensavers www.allandbest.com
FileTerra.com www.fileterra.com
Macrodownloads www.macrodownloads.com
MortgageTen.com www.mortgageten.com
Fine Downloads www.finedownloads.com
The Download Store www.download-store.com
Justdosoft www.justdosoft.com
EfreeDown www.efreedown.com
AppDown.com www.appdown.com
Download-game-demo.com www.Download-game-demo.com
Stufware www.stufware.com
5Cup Software www.5cup.com
SharewarePost www.sharewarepost.com
Goloads.com www.goloads.com
HiDownload.com www.hidownload.com
Softs List www.softslist.com
Sharesoftdownload www.sharesoftdownload.com
DownloadChoice.com www.downloadchoice.com
Windows-Software.com www.windows-software.com
Shareware Shuttle www.sharewareshuttle.com
CatDownload.com www.catdownload.com
Geek Files www.geekfiles.com
File Buggy www.filebuggy.com
Downloads Plaza www.downloadsplaza.com
AllforMP3.com www.allformp3.com
DigiMode Media Players www.digimode10.com
Free Download Games www.free-download-game.com
WinPCWare www.winpcware.com
eHot Scripts Repository www.ehotscripts.com
ExeFiles.com www.ExeFiles.com
ThunderWare www.thunderware.us
GetYourFile www.getyourfile.com
SubmitFile.com www.submitfile.com
Download-Software-Freeware www.download-software-freeware.com
FilesArchive.com www.filesarchive.com
SplashWeb.com www.splashweb.com
FreeFilesZone.com www.freefileszone.com
DaolnwoD.com www.daolnwod.com
SharewareShuttle www.sharewareshuttle.com
5StarShare.com www.5starshare.com
SoftwareHat www.softwarehat.com
Force10 www.force10soft.com/PADProject
SoftwareInSearch www.softwareinsearch.com
Geeez.com www.geeez.com/software
FilesWeb www.filesweb.com
itLocation www.itlocation.com
01-Download www.01-download.com
File Arcade www.filearcade.com
Freeware Arena www.freewarearea.com
JakadsSoft www.jakadasoft.com
Canadian Content Technology www.canadiancontent.net
Program Junction www.programjunction.com
Download-CC.com www.download-cc.com
Cute Apps www.cuteapps.com
EBooksLibrary www.ebookslibrary.com
ScreenZaver www.screenzaver.com
Finance-Soft.com www.finance-soft.com
Vadino.com www.vadino.com
Retailer Deals www.retailerdeals.com
The Best Software Download www.thebestsoft.com
Decent Downloads www.decentdownloads.x-istence.com
Soft20.com www.soft20.com
runterladen.de www.runterladen.de
Bob’s Software Picks www.soft.bobsoft.com
Ecommerce Soft.Net www.ecommerce-soft.net
File Oasis www.fileoasis.com
DiamondsLastForever.com www.diamondslastforever.com
3D2F.com www.3d2f.com
FlyingMonkeyStick.com www.flyingmonkeystick.com
PC Soft Land www.pcsoftland.com
Shareware Hunter www.sharewarehunter.com
Shareware Plaza www.sharewareplaza.com
DownloadTip www.downloadtip.com
Download Junction www.downloadjunction.com
Softs.info www.softs.info
Software 4 Fun www.software4fun.de
Find Softwares www.findsoftwares.com
Download 5000 www.download5000.com
FilesClub.com www.filesclub.com
Sprint Download www.sprintdownload.com
Downloads Files www.downloadsfiles.com
4 Software Downloads www.4-software-downloads.com
Amerifling www.amerifling.com
Shareware Files.Com www.sw-files.com
Handyarchive www.handyarchive.com
WinSW.Com www.winsw.com
Script Freebies www.scriptfreebies.com
WindowsMirror.com www.windowsmirror.com
Recover-Your-Passwords www.recover-your-passwords.org
Try for Buy www.Try4Buy.com
TrialFiles.com www.trialfiles.com
euroDownload www.eurodownload.com
FreewareTown www.FreewareTown.com
The Snail - Fractals www.snail-trail.com/java2004WEBAPP
soft2share www.soft2share.com
Software Knowledge Base www.softwarekb.com
Canistota Software www.canistotasoftware.com
FreshFolder.com www.freshfolder.com
Softsia.com Downloads www.softsia.com
Download3000.com www.download3000.com
Freedownloads.be www.freedownloads.be
PerfectFreeware www.PerfectFreeware.com
FileNode www.filenode.com
SuperFolder www.superfolder.com
Excel Add-ins www.excelbusinesstools.com/solutions.htm
Biz2Consumer www.biz2consumer.com
A List Downloads www.alistdownloads.com/index.asp
Multimedia Zone www.mars.netanya.ac.il:8080/~carbatzm
Amazing Savers www.amazing-savers.gopages.net
Digital Photo World www.members.lycos.co.uk/ofirga
Music Playing World www.members.lycos.co.uk/chiwa
Best-Games www.cochise.mta.ac.il:8080/~koguti
GivingFree.com www.givingfree.com
FreeSoftwareHome.com www.freesoftwarehome.com
My Pro-Choice Page www.pro-choice.netfirms.com
Nir’s Games www.nir1.freewebpage.org
Babbaks Video Tools www.babbak.netfirms.com
ScriptBiz.com www.scriptbiz.com
Share the Ware www.sharetheware.com
5 Star Files www.5starfiles.com
Softizer www.Softizer.com
Classic Games www.2classicgame.netfirms.com
Music4All www.music4all.p5.org.uk
pcShareware.net www.pcshareware.net
Dudi Gany’s Downloads www.dudigany.port5.com
Programmer’s Corner www.corner.freewebpage.org
ShareTool.com www.sharetool.com
The Simulation Site www.the-simulation-site.gopages.net
File Turf www.fileturf.com
File Lot www.filelot.com
Windows-Games.com www.windows-games.com
SoftwareWings.com www.softwarewings.com/cont.en/thestore
Home Shareware www.homeshareware.com
CRMDownload.com www.crmdownload.com
DownloadDatabase.com www.downloaddatabase.com
EcommerceDownload.com www.ecommercedownload.com
WorkflowDownload.com www.workflowdownload.com
DistributionDownload www.distributiondownload.com
FinanceDownload.com www.financedownload.com
MightyFiles.com www.mightyfiles.com
macshareware.net www.macshareware.net
BestSoftOrder www.bestsoftorder.com
CuteDownloads.com www.CuteDownloads.com
WebHosting-Files.com www.webhosting-files.com
BrowseSoftware.com www.browsesoftware.com
Ultimate Repository.com www.ultimaterepository.com
Vonna.com Software Download www.download.vonna.com
FinancialShareware.com www.financialshareware.com
1000apps www.1000apps.com
FilesLand www.filesland.com
SoftTester.com www.SoftTester.com
1000 Files www.1000files.com
AB-Archive.com (Deutsch/English) www.ab-archive.com
ActiveX Download.net www.activex-download.net
Addmine www.search.addmine.com.au
Afterwork Games www.games.yamisoft.com
AFreeGo.com www.afreego.com
BlueChillies.com www.bluechillies.com
BrotherSoft www.brothersoft.com
BUMPERSOFT www.developers.bumpersoft.com
CNET Upload.com www.upload.cnet.com
ColinProof.com www.colinproof.com
COOLGAMES.TV www.coolgames.tv
Download32.com www.download32.com
Downloadaholic.com www.downloadoholic.com
Download-By.net www.download-by.net
DownloadsArea.com www.downloadsarea.com
download-soft.com www.download-soft.com
Download-Tipp www.download-tipp.de
DownloadWasp.com www.downloadwasp.com
download.dk www.download.dk
Education Software Cooperative www.edu-soft.org/padlib
File Hungry www.filehungry.com
FileCart www.filecart.com
FileGuru.com www.fileguru.com
FileHeaven www.fileheaven.com
FindApp.com www.findapp.com
FreeFunFiles www.freefunfiles.com
Free’n'Share www.freeshareweb.com
GameAlbum.com www.gamealbum.com
GameNews www.games.softnews.ro
getsomesoft.com www.getsomesoft.com
GimmeFiles.com www.gimmefiles.com
Global Software Solutions www.npsoft.org
GoodFiles.com www.goodfiles.com
hitWEB www.hitweb.info
HotLib.com www.hotlib.com
Listsoft Software Catalog www.listsoft.com
LITIEL www.litiel.org
Mobile Phone Software www.mobile-phone-software.com
MyZips www.myzips.com
NewFreeware.com www.newfreeware.com
NPSoft.org www.npsoft.org
OneKit.com www.onekit.com
PAD Files www.padfiles.com
PeachSeed www.peachseed.com
ProgramFiles.com www.programfiles.com
Shareware Island www.sharewareisland.com
Shareware.de www.autor.shareware.de
Shareware4U www.shareware4u.de
Simtel www.simtel.net
Sofotex.com www.sofotex.com
soft14.com www.soft14.com
Softandco.com www.softandco.com/submit.html
SoftAward.com www.softaward.com
SoftDeko www.softdeko.com
Softpile.com www.softpile.com
SoftViewer.com www.softviewer.com
Software4Win www.softwarevault.com
SW-Club www.sw-club.com
TerraGame www.terragame.com
thesoftwarebank.com www.burningbox.com
Topdownloads.net www.download-tipp.de
topshareware www.topshareware.com/submit.asp
Total Shareware www.ultrasoftware.net
TSM-Soft.net www.tsm-soft.net
U.S. Computer Corporation www.uscomputer.net
UKWares.com www.ukwares.com
Unitix Shareware www.unitix.com
WareSoft www.xp-smoker.com
WiredApps www.wiredapps.com
Zonk! www.brandyware.com
Softsia.com Downloads www.softsia.com
Downshare.com www.downshare.com
Ginger Screensavers www.cochise.mta.ac.il:8080/~oved99
FileLover.com www.filelover.com
SoftwareMirror www.softwaremirror.com
PCWDLD www.pcwdld.com
FileLight.com www.filelight.com
Palm Games Bonanza www.cochise.mta.ac.il:8080/~nir
GetSomeSoft.com www.getsomesoft.com
AmazingDownloads.com www.amazingdownloads.com
North Star Solutions www.nstarsolutions.com/products
File Boost www.fileboost.net
Jump-To www.jump-to.com/shareware
Free Biz Files www.freebizfiles.com
File Chicken www.filechicken.com
Swift Downloads www.swiftdownloads.com
PerfectDownloads www.perfectdownloads.com
PayPal www.paypal.com
Master Download www.masterdownload.com
Hot-Shareware.com www.hot-shareware.com
Download A to Z www.downloadatoz.com
Server Software www.serverfocus.com/software/index.html
SEO Spot www.seospot.com/software
Security Worm www.securityworm.com/software
Backup Whiz www.backupwhiz.com/software
SearchLynx www.searchlynx.com
Download Free Games www.download-free-games.com
Shareware-store www.shareware-store.com
M-Region Software Archive www.m-region.com
Shareware River www.sharewareriver.com
softpedia.com www.softpedia.com
dgalaxy www.dgalaxy.com
Smart Downloads www.smartdownloads.net
FreewarePalm www.freewarepalm.com
Willing Software www.willingsoftware.com/pad
ColinProof.com www.colinproof.com
DownloadPlaza.com www.downloadplaza.com
PC Newsflash www.pcnewsflash.com
Terragame www.terragame.com
Sebware3 www.sebware3.free.fr/boutique/logiciels/index.htm
Buy-Software.org www.buy-software.org
BUMPERSOFT www.bumpersoft.com
findSOFTonline www.findsoftonline.com
GamesArc.com www.gamesarc.com
WareSoft www.xp-smoker.com/software
Viva Algarve www.vivaalgarve.com
COOLGAMES.TV www.coolgames.tv
Get Free Trial www.get-freetrial.us
Golden Shareware www.goldenshareware.com
XP Corner www.xpcorner.com
Software Picks Network www.softpicks.net
ProgrammiGratis.com www.programmigratis.com
HotScripts.com www.hotscripts.com
Download-By.net www.download-by.net
VCLPAGES.com www.vclpages.com
FileDevil www.filedevil.com
Techdaily.ws www.techdaily.ws
downloadpipe.com.au www.downloadpipe.com.au
OneKit.com www.onekit.com
ActiveX Download .net www.activex-download.net
FreewarePro www.freewarepro.com
DevPress.com www.devpress.com
ByKeyword.com www.bykeyword.com
3reels.com www.3reels.com
AdminFavorites.com www.adminfavorites.com
Red Hot Files www.redhotfiles.com
Haysoft www.haysoft.com
TSM-Soft.net www.tsm-soft.net
Free Downloads www.free-downloads.net
JARS www.jars.com
Amazing Files www.amazingfiles.psunrise.com
FileHeaven www.fileheaven.com
Panva Soft www.panvasoft.com/index-e.html
WinDevTools.com www.windevtools.com
Game-Searcher.com www.game-searcher.com
LITIEL www.litiel.org
Program URL.com www.programurl.com
Final Download www.finaldownload.com
ALL-Internet-Security.com www.all-internet-security.com
DownMe.Com www.downme.com/en_index.html
Download Online Games www.download-online-games.com
macgo.net www.macgo.net
MonitorTools.com www.monitortools.com
SoftForAll www.softforall.com
House of Cards, The www.thehouseofcards.com
PC Game Archive www.buydownloadedgames.com
MillionSkies.com www.millionskies.com
Stickysauce.com www.stickysauce.com
UKWares.com www.ukwares.com
Miseajour.net www.miseajour.net
FreeFunFiles www.freefunfiles.com
Killer Freebies www.killerfreebies.com/software.shtml
JeuxVideo.com www.jeuxvideo.com
PocketPC Magazine www.pocketpcmag.com/encyclopedia.asp
Freeware-Spiele.de www.download.freeware-spiele.de
thesoftwarebank.com www.thesoftwarebank.com
GameAlbum.com www.gamealbum.com
Free’n'Share www.freeshareweb.com
Popular Shareware www.popularshareware.com
PRWeb www.prweb.com
Pocket Download www.pocketdownload.com
WiredApps www.wiredapps.com
macgamefiles.com www.macgamefiles.com/index.php?cat=2
Aquafiles www.aquafiles.com
?sele Service Center www.software-4u.dk/English.html
Traders.com www.traders.com
WorldSSP.net www.worldssp.net
FindApp.com www.findapp.com
MySharewareStore.com www.mysharewarestore.com
Teoma www.teoma.com
TuDogs www.tudogs.com
Top 100 Sites Network www.top100sitesnetwork.com
Sandbrook Software Sites www.sandbrooksoftware.com/TS/TS2/Soft.shtml
Sandbrooks Download Land www.sandbrooksoftware.com/SDC/index.shtml
Mac OS X Downloads www.apple.com/downloads/macosx
Iverson Software www.iversonsoftware.com/tabularium.htm
DASOUND.COM www.dasound.com
AbsolutelyFreebies.com www.absolutelyfreebies.com
Software-For-Windows.com www.softwareforwindows.com
pocketland.de www.pocketland.de
SoftGuide www.softguide.de
DownloadsArea.com www.downloadsarea.com
Shareware King www.sharewareking.com/listings
PeachSeed www.peachseed.com
Open Directory Project (dmoz) www.dmoz.org
BrotherSoft www.brothersoft.com
BetterDownload.com www.betterdownload.com
soft14.com www.soft14.com
GlobalShareware www.globalshareware.com
Software Bundles www.softwarebundles.com
SoftLoaded www.softloaded.com
SoftViewer.com www.softviewer.com
Mac OS X Apps www.macosxapps.com
hitWEB www.hitweb.info
Shareware Tree, The www.sharewaretree.com/index.php
FileCart www.filecart.com
DownSeek www.downseek.com
Thaiware www.thaiware.com
SoftScout www.softscout.com
SoftAward.com www.softaward.com
Zonk! www.brandyware.com/zonk.htm
MacNN.com www.macnn.com
NeedMoreShareware.com www.needmoreshareware.com/index.htm
NewSoftwareProducts.com www.newsoftwareproducts.com
GarageDeveloper International www.garagedeveloperinternational.com/home.shtml
DemoNews www.demonews.com
GameNews www.gamenews.ro
SoftNews.Ro www.softnews.ro
allthesoft www.allthesoft.com
SecurityConfig www.securityconfig.com
FileHeap! www.fileheap.com
topshareware www.topshareware.com
DelphiSpirit www.delphispirit.com
download-web.de www.download-web.de
Business Software Magazine - Bulgaria www.bsoft-bg.com
Pegusis Freeware www.pegusisfreeware.com
Best Software www.best-software.co.uk/index.php
Software Miser www.softwaremiser.com
Only Screen Savers www.onlyscreensavers.com
Shareup Networks www.shareup.com
Active-X.COM www.active-x.com
download4you.com www.download4you.com
SwiftCD www.swiftcd.com
Shareware.de www.shareware.de
NOVARM Development Center www.novarm.com/shareware
Shareware4U www.shareware4u.de
Palm Spot www.palmspot.com/software
PocketGear.com www.pocketgear.com
Real Shareware www.realshareware.3rdrock.co.uk/cgi-bin/realshare.cgi
KnowledgeStorm www.knowledgestorm.com
FULL TESTS www.fulltests.com/cgi-bin/fr/site/general.cgi
New Freeware www.newfreeware.com
Downloadaholic.com www.downloadoholic.com
EpocCity www.symbcity.com/new/public
Wireless Developers Network www.wirelessdevnet.com/software
Download-Archiv.de www.downloads.de
Wireless Resources www.alphapagingsoftware.com
911paging.com www.911paging.com/software.htm
K & C Software Archive www.katstorm.com/downloads
Webmasters Resources www.webmasters-resources.com
Forum Nokia www.forum.nokia.com
Handango www.handango.com
SoftwareSeeker www.softwareseeker.com
Symbian Pages www.symbianpages.com
downloadpal.com www.downloadpal.com
Soft32.com www.soft32.com
FILE-ARCHIVE.com www.file-archive.com
GOWACKO.COM www.gowacko.com
CAD-KAS CADloads www.cadloads.com
filesubmit.com www.ezthemes.com/filesubmit
WAP Shareware www.wap-shareware.com
Unitix Shareware www.unitix.com/shareware
Sharefree2000 www.sharefree2000.de
GettyBest www.dir.gettybest.com
PalmGear.com www.palmgear.com
PDAStreet.com www.pdastreet.com
Link Everything Online www.leo.org
start4all.com www.software.start4all.com
CDNet.com www.cdnet.com/cd
Down4Free www.down4free.com/modules.php?name=Downloads
developer.com www.softwaredev.earthweb.com
Monitoring Software www.monitoring-software.net
@SoftTop www.atsofttop.com
Freebie Directory, The www.freebiedirectory.com
Security Landing www.securitylanding.com/signs/default.asp
Planete Quebec www.planete.qc.ca/logiciels
FuzzySoftware.com www.fuzzysoftware.com
Shopthings www.shopthings.com
MacOSArchives www.macosarchives.com
SOFTANDCO.com www.softandco.com
Iomega Active Disk Developer Site www.iomega-activedisk.com/developer
Actiontrip www.actiontrip.com
All Game Guide www.allgame.com
Calogiciel www.calogiciel.com
TinyApps.Org www.tinyapps.org
TheFreeSite.com www.thefreesite.com
Mobile Phone Software www.mobile-phone-software.com
CoMa’s Freeware List www.algonet.se/~hubbabub/freeware/freeware.html
FreewareNet.com www.freewarenet.com/freeware.html
AppleLinks.com www.search.applelinks.com
Open Window www.openwindow.com
macupdate www.macupdate.com
mac.org www.mac.org
MacDirectory www.macdirectory.com
Let’s Download! www.lets-download.com
123-fr.com www.123-fr.com/123telecharger
ASP Download Site www.downloads.asp-shareware.com
La Logitheque www.lalogitheque.com
ImagesPro.com www.imagespro.com
Anshare.com www.anshare.com
WinArchives www.winarchives.com
Das Freewarenetz www.freewarenetz.de
Freewareshop, The www.users.edpnet.be/freewareshop/index.htm
MajorGeeks www.majorgeeks.com
Shell Extension City www.shellcity.net
It’s Free 4 U.Com www.itsfree4u.com
EZ-Freebies www.ez-freebies.com
OnlyTheBestFreeware www.onlythebestfreeware.com
Files.com.ua www.files.com.ua/home.php
FreeSoft Server www.freesoft.ru
Gratis.com.br www.gratis.com.br
Joz’s Smallwares www.xs4all.nl/~joz/swsfrm.html
MOOCHERS www.moochers.com
MSExchange.org www.msexchange.org
QaDRAM www.delphi.qadram.com
Webmaster Directory www.webmastertools.virtualave.net/resources
TELECHARGER.COM www.telecharger.01net.com
VOLFTP www.volftp.mondadori.com/indexe.htm
DelphiSource www.delphisource.com
Delphi Super Page www.delphi.icm.edu.pl
ZDNet Downloads www.downloads-zdnet.com.com
Cool Tool Awards www.cooltoolawards.com/welcome.htm
Software Light www.softwarelight.com
Stroud’s CWSApps www.cws.internet.com
Grab-A-File.com www.grabafile.com
FREEPrograms.com www.freeprograms.com
DevArchive.com www.devarchive.com/search.php
Delphi Pages www.delphipages.com
Nettrials.com www.nettrials.com
Download Freeware-Shareware Direct www.freeware-shareware.com
Programmi.com www.programmi.com
Freeware Publishing Site, The www.katho.be/freeware
NONAGS www.nonags.com/nonags
All Freeware www.allfreeware.com
NeverExpires www.neverexpires.com
CHIP Online www.chip.de
3D Gamers www.3dgamers.com
TOP QUALITY FREEWARE www.topqualityfreeware.com
winload.de www.winload.de
skali.com www.skali.com/index.php?ch=15
Shareware Viking www.sharewareviking.com
Freeware-Guide.com www.freeware-guide.com
TOP100PROGRAMS.com www.top100programs.com
PCWORLD.COM www.pcworld.com/downloads
NewestShareware.com www.newestshareware.com
myfolder.net www.english.myfolder.net
IndianKey www.indiankey.com/shareware
FreeDownloads Center www.freedownloadscenter.com
Download-Tipp www.download-tipp.de
Shareware Island www.sharewareisland.com/default.asp
Total Shareware www.totalshareware.com
PC Win Resource Center www.pcwin.101main.net/software/index.asp
IzzyOnline.com www.izzyonline.com
Global Software Solutions www.globalsoftwaresolutions.net
Download.net www.download.net
Pass The Shareware www.passtheshareware.com
Superdownloads www.superdownloads.com.br/info/inenglish.html
Download FreeTrial www.downloadfreetrial.com
AAA-Software E-zine www.aaasoftware-ezine.com
BEST download www.bestdownload.com
Icon Today www.icontoday.com
SoftwareTyme www.softwaretyme.com
Cool Tool www.cooltool.com
Any Windows Shareware (shareme.com) www.shareme.com
Shareware Music Machine.com www.hitsquad.com/smm
Simply the Best www.simplythebest.net
upload it www.upload.it
SoftLandMark www.softlandmark.com
AudioTools.co.uk www.audiotools.co.uk
Easy Trialware www.easycab.com/shareware/Software.htm
Easy 100 Links www.easycab.com/cgi-bin/view.cgi
Hotwinfiles.com www.hotwinfiles.com
GameXtazy www.gamextazy.com/submit.php4
SAX - Shareware Author Index www.mini.net/sax
Topdownloads www.topdownloads.net
WorldWideWare.com www.worldwideware.com
Versions.com www.versions.com
WinWareLinks www.winwarelinks.com
Share*It! www.shareit1.element5.com
Kagi www.kagi.com
DigiBuy www.digibuy.com
FileForum www.fileforum.betanews.com
FileFlash www.fileflash.com
WUGNET (Windows Users Group Network) www.wugnet.com
Programmers Heaven www.programmersheaven.com
SharewareLinks.com www.sharewarelinks.com
Ultra Software www.ultrasoftware.net
Windows PC www.windowspc.com/software.shtm
Win2000 Archives (NTWare.com) www.home.win2000archives.com
SuperFiles.com www.superfiles.com
Mace Software Inc. (win-shareware) www.win-shareware.com
AB-ARCHIVE.COM www.ab-archive.com
Jerry’s Win Picks www.winpicks.com
WinSite www.winsite.com
radfiles.com www.radfiles.com
Completely Free Software www.completelyfreesoftware.com/index_all.html
Freeware Home www.freewarehome.com
npsoft.org www.npsoft.org
Paul’s Picks www.paulspicks.com
Yaskifo! www.yaskifo.com
SWREG www.swreg.org
HotDownloads.com www.hotdownloads.com
RegSoft.com www.regsoft.com
NetWORLD Connections, Inc. www.software.networld.com
Grassheap.com www.grassheap.com
Register Now! www.regnow.com
Shareware Junkies www.sharewarejunkies.com
Jumbo! www.jumbo.com
Getafile.com www.getafile.com
ReviewNow.com www.reviewnow.com
Necromancers Software Collection www.soft.necromancers.ru
Mywindows www.mywindows.com
Lockergnome www.lockergnome.com
Go-download.com www.go-download.com
EzSoft.Net www.ezsoft.net/index.asp
PAD Ring www.padring.com
SofoTex.com www.sofotex.com
Version Tracker www.versiontracker.com
Softonic.com www.softonic.com
ProgramFiles.com www.programfiles.com
FreewareWeb.com www.freewareweb.com
ListSoft Software Catalog www.listsoft.com/listsoft.php?lang=eng
Lawyerware www.lawyerware.com
GimmeFiles.com www.gimmefiles.com
GoodFiles.com www.goodfiles.com
Driverz.net www.driverz.net
File Depot www.fdepot.com
File Hungry www.filehungry.com
Filebasket.com www.filebasket.com
Shareware Junction www.sharewarejunction.com
FileClicks (koodles.com) www.fileclicks.com
FileGuru.com www.fileguru.com
IT PRO Downloads (File Mine) www.itprodownloads.com
AFreeGo.com www.afreego.com
smesource www.smesource.com/Downloads
WebAttack.com www.webattack.com
SoftwareVault.com www.softwarevault.com
Software4Win www.software4win.com
Download.lv www.download.lv
5 Star shareware.com www.5star-shareware.com
Tucows www.tucows.com
Simtel.net www.simtel.net
Quality Shareware www.quality-shareware.com
DownLoad32.com www.download32.com
Download Safari www.downloadsafari.com
Dave’s 2000Shareware.com www.2000shareware.com
Bill’s Software Picks www.billssoftwarepicks.com
ASP PAD Repository www.asp-shareware.org/pad/padlib.asp
Allen’s Winappslist www.winappslist.com
ServerFiles.com (32bit.com) www.serverfiles.com
2Haveit.com www.2haveit.com
200SharewareLinks.com www.200sharewarelinks.com
SoftPile.com www.softpile.com
CNET Download.com www.download.com.com
File Transit www.filetransit.com/software/index.php
Blue Chillies www.bluechillies.com
RocketDownload.com www.new.rocketdownload.com
Files32 www.files32.com
MyZips www.myzips.com
FreewareFiles www.freewarefiles.com
ZDNet France www.new-logitheque.zdnet.fr/logi
FilePlanet www.fileplanet.com
Superarchivos www.superarchivos.com
SoftDepia www.softdepia.com
XMLSoftware www.xmlsoftware.com
FreewareArena www.freewarearena.com
DelphiABC www.delphiabc.com
Torry’s Delphi Pages www.torry.net
VCLComponents.com www.vclcomponents.com
MalekTips.com www.malektips.envprogramming.com
tePlanet www.teplanet.com
PC-Tools.Net www.pc-tools.net/openlinx
EZGOAL www.ezgoal.com
NetworkingFiles.com www.networkingfiles.com
Megagiciel www.megagiciel.com
diffuz.com www.diffuz.com
SoftDeko www.softdeko.com
FileGate www.filegate.net
JAYDE.COM www.jayde.com
SW-Club www.sw-club.com
Game Revolution www.game-revolution.com
GameArchives www.gamearchives.com
GameZone www.gamezone.com
Apr 5

http://slashdot.org/submit.pl
http://del.icio.us/organicbm
http://reddit.com/info/68l31/comments/
http://www.furl.net/my/archive#
http://cgi.fark.com/cgi/fark/submit.pl
http://de.lirio.us/bookmarks.php/organicbm
http://www.folkd.com/page/submit.html
http://netvouz.com/organicbm
http://www.blinkbits.com/bits/login.php?redirect=/bookmarklets/save.php?v=1&source_url=http%3A%2F%2Fwww.blinkbits.com%2Fbookmarklets%2Fshare.php&title=Discover%20the%20Wisdom%20of%20Mankind%20on%20Blinkbits.com&body=
http://www.bibsonomy.org/user/organicbm
http://www.spurl.net/settings/tools.php
http://linkfilter.net/?cmd=post
http://www.simpy.com/user/organicbm
http://www.backflip.com/pub/pub_dir.ihtml
http://www.corank.com/cgi-bin/rkNews.cgi
http://web2list.com/?menu=new
http://www.ekudos.nl/artikel/63131/find_duplicate_files
http://www.hugg.com/node?destination=node
http://frassle.net/history
http://www.indianpad.com/login.php?return=/submit
http://www.wikio.com/?id=0
http://www.socialdanger.com/story.php?title=Find_duplicate_files
http://www.mypinkink.com/bookmarks.php/organicbm
http://www.blinklist.com/
http://quadriot.com/submitlink
http://www.startaid.com/index.php
http://taggly.com/bookmarks/organicbm
http://www.urlex.info/index.php?prj=74e9f30d939988db321795a017c2b40d&pd=bWVtYmVyczp7aWQ9ODIyNix2aWV3X21vZGU9bmV3X3VybH0%3Dpz_YXBwbGljYXRpb246e2FjdGlvbj1tZW1iZXJzfQ%3D%3Dpz_&md=members&inst=&view_mode=list_personal
http://www.blinkbits.com/bits/
http://www.mypinkink.com/bookmarks.php/organicbm
http://www.dropjack.com/upcoming.php
http://www.linksprocket.com/Technology/Find_duplicate_files/
http://share-news.net/Technology/Find_duplicate_files/
http://www.markaboo.com/people/me
http://www.edtags.org/bookmarks.php/organicbm
http://murl.com/bookmarks/?0+organicbm
http://www.mybookmarks.com/marks
http://www.uvouch.com/favconfirm.php?mode=add&favid=226484&posturl=http%3A%2F%2Fwww.moleskinsoft.com
http://www.thoof.com/submit/confirm/?wicket:pageMapName=p0
http://www.bringr.com/about/thanks
http://www.givealink.org/cgi-pub/mainPages/index.cgi
http://npgb.org/story.php?title=Find_duplicate_files
http://www.iloggo.com/user/oamarks/displayUserEntries
http://www.easybm.com/bmadd.php?id=0
http://www.dropjack.com/upcoming.php
http://www.findnot.com/news/OddsEnds/Find_duplicate_files/
http://mysitevote.com/story/26526
http://ma.gnolia.com/bookmarks/quicksave
http://www.trailfire.com/
http://groups.diigo.com/create
http://supr.c.ilio.us/
http://cloudytags.com/index.php?isadult=0&tag0=file&tag1=files&tag2=duplicate&tag3=search&tag4=image&tag5=size&tag6=images&tag7=differ&tag8=title&ladesc=Duplicate+File+Finder+to+Find+%26+Delete+Duplicate+Copies%2C+mp3%2C+iTunes%2C+Image+Files++%28Clone+Remover+v2.8%29+-+You+doen%26%2365533%3Bt+have+to+repeat+yourself+evermore%21+With+duplicate+file+finder+software+delete+images+or+remove+mp3+files+in+no+time.+Search+for+true+duplicates+and+wipe+them+out.+Dig+the+dupe%21&laurl=http%3A%2F%2Fwww.moleskinsoft.com%2F%2F&Section=addlink2&x=36&y=8
http://www.bookmarktracker.com/bt/mybookmarks.bmadd/action=fill
http://www.complore.com/bizdirectory/index.php
http://www.feedest.com/feedInsert.cfm
http://www.mysocialbookmarkers.com/story.php?title=Find_duplicate_files
http://mobiseer.com/private
http://www.scrigg.com/technews/Find-duplicate-files/
http://www.fcc.com/Radio-License/Find_duplicate_files/
http://www.scoopit.co.nz/login.php?return=/shakeit
http://www.linksprocket.com/Technology/Find_duplicate_files-1/
http://www.mysitevote.com/submit
http://share-news.net/Technology/Find_duplicate_files-1/
http://www.sitejot.com/add.php
http://www.kikono.org/login.php
http://www.connectedy.com/index.php
http://www.contentpop.com/Content/Find_duplicate_files.aspx
http://shakk.us/shakkus/
http://bookmarks.ph/bookmarks/organicbm
http://www.tedigo.net//myfavorites.cfm?m=a
http://tag.zurpy.com/?u=organicbm
http://www.zlitt.com/submit/story
http://indiasphere.net/stories/user/register
http://highvibeit.com/Wellness/Find_duplicate_files/
http://www.newsdoggy.com/story.php?title=Find_duplicate_files
http://www.a1-webmarks.com/links-organicbm.html
http://gd-sites.com/upcoming
http://aboogy.com/index.php
http://www.freelink.org/cgi-bin/editor.pl
http://www.ikeepbookmarks.com/browse.asp?folder=2249886&refresh=true?refresh=true&t=2%2F13%2F2008+3%3A47%3A54+AM
http://oyax.com/groups.php?id=477
http://zoogim.com/index.cgi
http://www.favoritoo.com/index.php
http://yoorl.com/page/user_login/info/authorization_required.html
http://bookmarks.oneindia.in/oamarks/
http://www.ausculture.com/upcoming
http://hibookmark.com/bookmarks.php/organicbm
http://notedby.us/story.php?title=Find_duplicate_files
http://social-bookmarking.scriptil.com/bookmarks.php/organicbm
http://commonscontent.com/story.php?title=Find-duplicate-files
http://tabmarks.com/
http://www.syncone.net/
http://fungow.com/login.aspx
http://ez4u.net/index.php
http://www.tagne.ws/Tagging/Find-duplicate-files/
http://www.tagza.com/Software/Find_duplicate_files_moleskinsoft/
http://hibookmark.com/bookmarks.php/organicbm
http://ilovethislife.net/story.php?title=duplicate_file_finder
http://linkni.cz/register.php
http://stirrdup.com/showthread.php?p=15769#post15769
http://www.earthfrisk.com/upcoming.php
http://www.mixx.com/stories/101415/duplicate-file-finder?vote=1
http://jigg.in/upcoming.php
http://www.tektag.com/login/
http://kedet.com/upcoming.php
http://www.swappractices.com/upcoming.php
http://foundit.open.ac.uk/story.php?title=duplicate_file_finder
http://prube.com/upcoming.php
http://www.mycartel.co.uk/story.php?title=duplicate_file_finder
http://lifeinnews.com/
http://primelinkz.com/Entertainment_Media/duplicate_file_finder/
http://www.motherapproves.net/story.php?title=duplicate_file_finder
http://www.newspoo.com/upcoming.php
http://www.bukmark.net/Computers_Internet/duplicate_file_finder/
http://votepress.com/upcoming
http://koolontheweb.com/bmapex
http://www.megite.com/my/bookmarks.php/organicbm
http://www.barksbookmarks.com/engine/shakeit.php
http://www.linksnarf.com/
http://www.listerlister.com/list/duplicate-file-finder
http://www.getboo.com/books.php
http://wagg.it/upcoming
http://www.bestofindya.com/news/story.php?title=duplicate_file_finder
http://www.2collab.com/user:organicbm?info=bart.addbookmark.success
http://www.bookmark4you.com/
http://blipoo.com/story.php?title=duplicate_file_finder
http://yfoozle.com/upcoming.php
http://www.bookmarkall.com/BookMark/bookmark.aspx?bid=3564
http://diggdirect.com/upcoming
http://www.scuttleplus.com/bookmarks.php/organicbm
http://idiggweed.com/upcoming.php
http://www.phetchit.com/story.php?title=duplicate_file_finder
http://www.agentb.com/general/entry/entry_id/62624
http://www.kapely.net/submit.php
http://www.yattle.com/myyattle/favorites.php?groupId=organ1778
http://www.latestramb