Skip to main content

Protect Your Readers - Install Third Party Code, On Your Blog, Selectively

Recently, we've seen a few reports of blogs which contain malware, or links to malware.

Unlike the Adult Friend Finder splogs, and similar blogs, the blogs recently identified are generally privately published, and contain genuinely intended material. The owners have added code, provided by third parties, that contain the malicious code or links to other web sites which contain the malicious code.

Inclusion of malware, or links to malware, is simply what I call a Layer 4/5 security malfunction by the blog owners.

Bloggers see a shiny feature on somebody's blog (maybe a blog produced by the malware producer, maybe by another victim of the malware), and decide that they want the shininess on their blog too.

Sometimes, Blogger Security will provide warnings.

Sometimes, but not always, Blogger Support will identify bad stuff.
It seems now that many of the reported URLs have a 'BlogLinker.com' code snippet in them- *please* stay away from this widget in the future; it is completely nefarious.

But we have to take the responsibility, here. Blogger Support can't help your readers repair their computers, after they are infected. If they manage to take your blog offline before it infects the general public, don't expect an email telling you what they found. You're going to have to find out what you did wrong, maybe with no blog to examine.

When you see interesting features on other blogs, be selective!

When you see a shiny feature on another blog or web site, think carefully. Maybe some online web site analysis would be a good idea, to avoid adding code to your web site that might hurt your readers.

If you don't check out a shiny item on somebody else's web site, before you install it, somebody else might check it out on your web site after you install it.

Blogger Buzz: Keeping Your Blog Secure points out other possibile problems.
For example, a site counter widget may indeed be providing your blog with helpful tracking data, but at the same time may also be discreetly sending that information to advertisers for the purpose of collecting the online habits of your readers. A blog template you downloaded from a third party site might include pop-up ads or links to dangerous sites that install malware on visitor's computers.

Even accessories that are distributed benevolently may break.

Even code that is not distributed for malicious purpose may harm your blog. You may end up using extraordinary means to remove it, too.

Third party code can be useful, when it's benevolently provided. Make sure that any code that you install on your web site is not harmful or malicious to your computer, or to your readers computers, before you install it.

Comments

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Add A Custom Redirect, If You Change A Post URL

When you rename a blog, the most that you can do, to keep the old URL useful, is to setup a stub post , with a clickable link to the new URL. Yo! The blog is now at xxxxxxx.blogspot.com!! Blogger forbids gateway blogs, and similar blog to blog redirections . When you rename a post, you can setup a custom redirect - and automatically redirect your readers to the post, under its new URL. You should take advantage of this option, if you change a post URL.

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.