Warning: The contents of this post are strongly adult-oriented. While the post itself will maintain a professional-though-adult tone, some of the pages I link out to are quite risque. As such, approach all links with caution and I recommend not visiting any of the links from this article with young, impressionable eyes around. Any links that link directly to a page with images that load will be noted as (NSFW) (or, Not Safe For Work) so that you can have complete confidence in knowing what is in store for you when clicking-through. If any of the links to follow don't work, then it's due to them having been nixed (which is a good thing for them). And now, without further ado...
UPDATE 5/18/11: It appears many of the links contained within this post have been removed by their owners. As such, expect mixed results if this is your first time viewing this article.
Imagine, if you will, the seemingly crazy notion that the Web site of an Ivy League school as prestigious as Harvard could have pornographic images in plain sight on public domain. It's bad enough to think that a server of Harvard's may have been hacked by someone who replaced/injected a page leading out to XXX content or something of the likes, but what is one to make of the Harvard physics council Wiki site that contains pages with terms like "barely legal blow job"? For that matter, there are a whole slew of these rogue Wiki sites with all kinds of fun and educational pages; like this one about "panty job free video clips"! Look up in your address bar when clicking those links, folks. That's Harvard.
Worse yet, how does one reconcile blog entries on a Harvard Law blog that contain pornographic images with no educational or law-relevant value to them whatsoever? Sounds ridiculous, right? I mean, how on earth could the Web site of a school as prestigious as Harvard contain this type of content -- never mind a fair amount of it at that! Just look at this screen shot of the home page of Harvard.edu (click it to see a larger version of the image):
Harvard.edu Home Page
So prestigious! So fresh! So clean! So... corruptible! Remember those blog entries on a Harvard Law blog that contain pornographic images that I mentioned just a second ago? Well, below are screen shots from two out of a number of posts on it that I found containing such images (click them to see larger versions):
Should you want to see each post for yourself, here are the links to each them, respectively:
But wait, there's more! For your consideration, here is an entire sub-domain totaling ~100 pages on Harvard.edu which seems to be dedicated to nothing but pornographic spam entries! We can easily mine these pages out via the following Google query: site:dev.flex.med.harvard.edu
And while we're on the topic of pornographic spam pages littering Harvard.edu, take at look at this one enormous collection of links on one particular page. And there are many more like this I have been able to dig up, all thanks to a little bit of Google Fu. Perhaps the icing on the cake is the fact that Harvard's site utilizes a Google Custom Search box for their site-related searches. That means that if you visit Harvard.edu and utilize the search page that's linked to in the upper right-hand corner of the home page, you're going to see results from Google -- albeit within Harvard's Web site. Give the following a shot and see for yourself how hilariously fun this is:
2 - In the search box, type the acronym "MILF" and hit the search button.
3 - Giggle/cringe in disbelief and/or pee your pants just a little because of what you see.
For those of you who aren't the interactive type, you can see what these results look like in the picture below (click it for a full-screen view):
Got MILF? Harvard does!
Now, don't get me wrong here; as far as I'm concerned, what someone wants to do with their own Web site is fine with me. Personally, I'm not the slightest bit offended by pornography; nor do I care who's into what. We're all human and people are into whatever they're into. With that said, I can't imagine that the image Harvard wants to portray is one of pornographic endeavors. From an image/branding standpoint, posts like these make Harvard look trashy. From an editorial and administrative standpoint, the comments below the posts make Harvard look lazy and apathetic. Perhaps the latter is the worst of all, considering it is from that standpoint where it seems a particular ignorance and apathy have been fostered, thus allowing for anomalies like rogue Wiki sites that are publicly editable. With such a wide array of pornographic entry points to the site, Harvard should consider undergoing a thorough investigation of both internal and external pages to help shore up their brand image and maintain the prestige.
From an SEO (Search Engine Optimization) standpoint, those links are undoubtedly of some value to the spam sites they link out to. Harvard may also benefit overall via such a purge by reducing the total number of links that link out to garbage sites. Also, I'd like to point out the fact that pornography is just one of many facets I decided to focus on where this type of investigation is concerned. Perhaps even more detrimental to a school's image than pornography would be racism. When thinking on that path, it doesn't take long to dig up pages dedicated to things like "Ku Klux Klan Chat" -- never mind much more offensive and derogatory words I prefer not to write here. Now, do I think Harvard is a racist institution? Of course not. But the fact remains, that page is there. Spam or not, it just plain looks bad. With that said, head on over to page two where I expose more schools with similar types of content and I list some particulars to look out for should you want to avoid or alleviate these types of issues on your very own Web site.
Warning: The contents that follow in links below are considerably risque.
Make no mistake that while Harvard is the primary target of this post, their results from my investigation aren't even remotely CLOSE to being the tip of the iceberg when blanketing the search concepts I applied with them across the veritable cornucopia of educational Web sites out there; never mind business sites, personal sites, or otherwise!
Then, there's always the timeless "F*#k the Skull of Jesus" sub-domain on MIT which contains some rather tasteless content(NSFW Image) that really makes me wonder what kind of value MIT sees in providing a voice to people like this. This post on Reddit contains an explanation for the simple process a student goes through to obtain *any* sub-domain name they want on MIT. As a quick visit to the home page of that sub-domain will show, it has been around since at least 1998 and Google shows that plenty of people have inquired about it over the years, so why does MIT choose to maintain it while having deleted other much less offensive sub-domains? Support of free speech, perhaps? Nah, I don't buy that for a second; especially when taking into consideration that the name of the site has nothing to do with the site's questionable posts about Princess Diana and other random nonsense.
Personally, I think it's the same apathy/lethargy I mentioned a bit ago where schools either don't care or their administrators take for granted what's on their sites and chalk the rest up to ignorance. More evidence of that can be found in directories like this one at the University of Illinois at Urbana-Champaign(NSFW image titles). It's a directory slap-full of porn DVD images that the person apparently uses for selling on the adult-only section of ebay or somewhere similar. We can gather this by the name of the directory itself: FRUTZNASTYEBAY. Once again, complete and utter ignorance on behalf of the school as to what their students/faculty are storing on their shared directories.
Now, I'm all for free speech and I completely understand that educational entities need to cover a broad spectrum of everything from the legal and politically correct to the illegal and taboo, but I feel that schools should keep affairs in relation to the later privatized within the virtual walls of their institutions.
1 - Forums: As seen in a couple of the examples above, forums can be set up for internal university groups/teams/organizations. If not properly configured/administrated, any old random spammer can come along and wreak havoc much in the way we've seen in this post.
Solution: Keep internal forums internal! If you make them publicly viewable, then make sure you require approval for new sign-ups. If there is no more purpose for a forum, retire the ability for posts to be created on it or just nix the whole thing entirely. Also, make sure you keep you forum platform up-to-date and running the most current version so as to avoid exploitation via known security holes.
2 - Wikis: Having a site/department Wiki is great, but when you make it publicly editable, you end up with those pages that discuss such topics as "Ku Klux Klan Chat" and "free granny porn."
Solution: Proper configuration/administration makes all the difference in the world here -- especially to prevent spam. There are tons of platforms which allow you to have your own Wiki. Luckily, most solutions are robust enough to allow you to filter/moderate new entries with ease so that you never have to worry about spam entries. Keep your Wiki back-end up-to-date, don't allow public entries or modifications, and/or require approval or authentication for new entries and modifications.
3 - Blog Platforms and Comments: Everyone loves blog comments -- especially spammers! Spammy blog comments may not do much in the way of SEO for the spammers if your comments are nofollow, but they still provide some type of value to them. At the end of the day, it just looks really bad to have a comments section full of viagra, rolex, and XXX adverts. Also, if you choose to implement a local WordPress installation (or something similar) and you don't keep it updated, the number of exploits for non-current versions will only continue to increase -- thus, making you an easy target. It sounds like fear-mongering and FUD, but I've had it happen to me before, so I speak from experience.
Solution: Keep your blog platform up-to-date with the latest version and apply anti-spam plug-ins. Also, moderate comments (most blog platforms allow for emails to be sent when new comments have been submitted) or restrict comments to only be allowed by people who are subscribed to the blog such that commenting requires authentication. Above all, keep your blog internal if there's really no need for public viewership or contribution.
4 - Student/Faculty Directories: We're all human and we all have our individual senses of everything, but what are your students and faculty storing in their directories? Case in point is good ol' FRUTZNASTYEBAY that I discussed earlier! It's all good that this person wants to sell porn DVDs, but I highly doubt the University of Illinois at Urbana-Champaign wants to be the public storage site of all those... choice... DVD covers in lieu of, oh, I don't know... files relevant to being a student or faculty member, maybe? Needless to say, your students and faculty -- if given publicly-accessible directories -- create unique entry points to your site that can have adverse effects.
Solution: Disallow publicly-viewable student/faculty directories and require authentication for a student or faculty member to access shared drive data. This will prevent someone from being able to link directly to a file or image. Additionally, you can make use of robots.txt to disallow Web spiders from crawling directories used for students/faculty. Just be aware that anyone can access your robots.txt file directly to see what kind of directories you're hiding from search engines, so take that into account. At the very least, a blank index.html file placed in the root of a directory will prevent anyone from being able to view the contents of that directory. While that solution isn't scalable whatsoever, it's worth the mention should you find it applicable.
In closing, I would like to make it clear that I do not have a personal agenda against Harvard or any of the other schools or sites I've listed throughout this article. The initial thought was to seek out the most outlandish content I could find residing on Harvard.edu. From there, I surmised that if I did happen to find something, then I could surely find similar residing on less-prestigious educational Web sites. Well, I did. And I can. Thank you for reading and stay tuned for my next post where I will completely blow the doors off of .edu Web sites! If you thought pornography was bad, just wait until you see what's next.