Has Feedcat.net been sold to hackers?
23. Jul, 2011 
16 Comments
FeedCat.net is what is referred to as a “feed booster” – their services let you ‘boost’ your RSS feed to obtain more subscribers, more traffic, and more exposure. I use this service on one of my pet project web sites to help give the RSS feed some exposure, while giving my site visitors another way of catching up on new posts on the site. Win/win!
However, things have changed as of late, and a little digging helps explain why things have changed – for the worse!
FeedCat.net main page
It started in the wee hours last night, at about 1am local time – I noticed that my Google Adsense earnings were notably down, despite the same amount of traffic hitting the site. Big red flag. Opening the website in question in my web browser (Firefox 4) got me redirected almost instantly to some other, suspicious-looking web page hosted on a site using the Amazon AWS cloud service (see snapshot below). The domain/sub-domain is continue_.s3.amazonaws.com.
Huh??Dammit!! This is bad! Anyone visiting the website was being redirected to another suspicious web site, without having to click – it was completely automatic and (semi) transparent to the site visitor.
The first step in a case like this is to find the code causing the redirection: I couldn’t do it. I looked EVERYWHERE. No combination of grep, find, locate, datestamp checking, nothing was working to find the offending file(s). The second step was the database, a common attack vector. It too, was clean. Panic sets in: this site represents a significant source of revenue for me, yet today my earnings were 0.54 cents!
Now, the head scratching commences. No one has tampered with my files, no one has tampered with my database, WHAT IS CAUSING THE REDIRECTS? Since I have already determined that everything is OK under my “roof”, time to start looking elsewhere: on my site, where am I using external files from OTHER sites? File includes, java script, whatever – time to check those.
If I “comment out” (ignore) these external files, one by one, I should be able to determine the offender, right? Right. OK, let’s start with FeedCat, the aforementioned feed-boosting service: there is one bit of java script code from FeedCat that is used to display a button on my site. OK commented that out, uploaded to web server, reload page in browser – fixed?
FIXED. No redirects anymore. Problem solved. Are you kidding me? Wait wait wait, it must be a fluke. Uncommented code, saved back to server, reload page and yes, the redirect occurs. Comment out again, reload page, redirect gone. No fluke.
Here’s the seemingly harmless code that was removed:
<!--FEEDCAT.NET<div id="feedcat-box" style="float: right; margin-right: 10px"> <a href="http://www.feedcat.net/" title="RSS Feed and Atom Feed Boosting Engine"></a></div><script type="text/javascript" src="http://www.feedcat.net/js2/button.js?pub=286265&bmode= h125x16&ilng=en§ion=&wpanel=off"></script> FEEDCAT.NET -->
Suspicious redirect page hosted /w AmazonAWS
Take a look at the code yourself.
FeedCat, a seemingly on-the-level service that over 300,000 webmasters use, was suddenly causing sites to redirect to “sketchy” websites. Simply removing their code from your webpage(s) fixes the problem.
The strange thing is, I noticed on Flippa (an auction site where entire websites are bought and sold) that FeedCat.net was SOLD only 20 short days ago. Long enough for the new owners to inject their suspect code? That is my guess 
Conclusion
From what I can see, FeedCat.net was sold to hackers or people with questionable motives, and are now using the large FeedCat customer base to distribute the hacked ‘redirect’ code via java script. Oddly, I can’t find a single other person/webmaster having this issue: a Google search turned up pretty much nothing – which led me to this blog post, which hopefuly will help other people when and if it happens to them.
Am I the first, or am I totally off base? Anyone else out there having this issue? Is my blame mis-directed at FeedCat? Let’s help each other out below in the comments.
I wa also shocked to see the drop in traffic and was ready to have a security audit on my site buy decided to research first with amazon string as my searchterm and found a listing that said it was a virus and another forum said it was a hack on a 3rd party application which led me to disable feedcat.
Everything worked smoothly after that then I discovered your blog! Thank you for validating my concern!
Anton Sheker recently posted..Public Relation Officer
Ya you were getting redirected to an Amazon AWS too?
I try fitting error about what the script is problematic,google search turned up pretty much nothing. finally to the conclusion that the culprit was feedcat.net
this is the only article that talking about this bad things, thanks bro.
One of our clients experienced the same problem. I emailed Feedcat directly and here is the communication chain
**** My email to Feedcat from web form ****
We have a client that had the following code in her site for many days and then just yesterday when you went to her site it would automatically redirect to a black page with an advertisement. Why is this code doing this?
**** Petre Coman of Feedcat.net ****
Please see point 8 under our Terms Of Service:
8. Ad Sponsored
By using Feedcat.net and placing the button code on your website, you grant Feedcat.net the right to serve ads (popup ads, interstitial ads, exit ads) on your website. Feedcat.net will serve no more than one ad per unique IP every 14 days.
****** My Response Back ******
Thanks for the feedback. I will make sure that I spread the word to have everyone read point 8 in detail. A reputable service would have put a link back to the referring site. But I don’t think you guys are going for reputation… I think you’re scam.
****** Second response back from Petre ****
The ad was an interstitial ad. That page would have closed and returned to your website after a few seconds if there was no interaction with the ad page.
Tx Gerald, good info there. I got an email about Section 8 of the TOS also. The “once every 14 days per IP” is a joke, for me it was EVERY time you hit the website. Clearly changed the TOS without telling anyone.
I had the same problem of redirection now this resolved. Thanks to this information.
In behalf of Feedcat.net I want to say we are sorry for the incident this may have caused.
You can rest assured such behavior won’t happen in the future and the popup ads have been removed.
Sincerely,
Feedcat.net
How about spam? Are you aware of any of that? Cause I just got an email from feedcat saying I upgraded to premium. And I certainly have not. I never heard of feedcat until now.
Hi Mark,
Feel free to contact me at support @ feedcat.net and I can confirm you are registered if you received any of our emails and provide you with full details including the website(s) you had registered.
We never spam, we only send newsletters to our members, who agreed to receive our messages.
PS: you can check you been registered on our website by your own using the forgot password feature.
Sincerely,
Feedcat.net
No, Mark. Your firm is spammers.
I just got a “registration” email from you guys. I thought it was for something else, and when I clicked on the link, it redirected me to a PayPal login for a monthly subscription.
Nice try, Thief, but you won’t be getting my money.
Brian Combs recently posted..Brian Combs Speaking at Austin eMarketing Summit
OBVIOUSLY you will get an email from us, since you REGISTERED into our website.
And so that I make sure you will not reply here and say “no I am not”, here it is as a proof directly from feedcat.net website your details:
username: bpcombs
dispname: bpcombs
email: combs (at) ionadas.com
upass: ***
Feed: feeds2.feedburner.com/ionadas
Domain: ionadas.com
Description: Search Engine Optimization and Social Media for Local Businesses
Tags: seo ppc marketing advertising
Stop lying.
Yeah,
Ole Feedcat got me! My adsense income sunk to the lowest I’ve ever seen on my blog…
I didn’t have a clue why? And why the Heck I was being redirected to ad pages? My visitors I’m sure came to check out job postings, instead they were sent off to SPAM ADWARE LAND!
I’m pissed to have learned of this from FeedCat. I removed the bogus script and now all is good. I think I will just now cancel my entire account from Feedcat because they can’t be trusted!
Wow, thanks so much for this blog – was half-way through signing with Feedcat when i saw it – will NOT sign now !
Just 2 small queries: If i stopped before copy/pasting their HTML into mine, does that keep them out of my set-up?
Second – where is the CLOSE ACCOUNT box in their website – cant see it ?
Thanks,
paul
Ditto what Paul said.
Feedcat.net is not a trust worthy organisation and still has no option to close or manage your account that I can see. Don’t sign up for an account with feedcat.net!
Cheers,
Bob
Thanks for posting this information about FeedCat. I was thinking it might be useful, but after reading this review and the comments here I have definitely reconsidered! Very valuable information!
Thanks Bud,
I to what looking for an alternative to Feedburner for one of my Adsense websites.
Given this news I will keep on looking for another options. Your post and the commenters is greatly appreciated.