Skip to main content

Protect Your Blog - Install Third Party Code, Safely

Have any of you seen this sort of offer, when looking at third party accessories, and contemplating installation?
You don't do a thing! For Blogger blogs, we offer "EZ Install"! Just give us the blog URL, and an account name and password, sit back, and let us do the work!
and maybe later, you're posting in BHF: Something Is Broken
Somebody is posting spam posts on my blog!
or
Where did these ads come from? I didn't put them there!
or worse yet
Why is my blog deleted? I don't post malicious script!
All of these concerns have been noted, in real problem reports, and were caused by real mistakes.


Not everybody will note a connection between "EZ Install", and the malicious content.

With some, reputable, third party software, this won't be a problem - there's a lot of reliable third party code that only wants to provide their product, and make the install easy for you, just as claimed. But, it's always a possibility - and you would do well to consider the possibility.

Always install third party code with care. If you're going to have the third party code installed for you, do this with greater care.

If I was going to use an "EZ Install" process, here's how I would protect myself.
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Make my "EZ Install" member an administrator.
  3. Run the "EZ Install" process, and check out the software carefully.
  4. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.


If I was really paranoid (no, just a small bit paranoid), I would add a precaution:
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Upgrade the "EZ Install" member to administrative status.
  3. Backup the template.
  4. Run the "EZ Install" process, and check out the software carefully.
  5. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.
  6. Backup the template again.
  7. Compare the two backup copies, and consider carefully each change.


What the heck, you should backup the template, anyway! Comparing the two backups is just a small extra step.

It's your blog, and you are responsible for its content, both visual (what the readers see), and non visual (what only you see). It's your decision, too.

Comments

Dudel said…
Couldn't people export their blog (assuming template download already) before this and simply "try again" if things got "too wrong"?

Assuming they didn't listen to you, here, they should at least export their "normal/most active" blog often.

Another thing, my brain sends up HUGE RED FLAGS when people start asking about usernames, passwords and becoming admins on the blog.... or being able to "join it" all together.

Guess I'm saying don't trust anyone saying "I'll do it for you" unless you actually know the person... and then still not truest them. That's just me, maybe?
Chuck said…
Dudel,

Good thinking. Unfortunately, you can only export comments and posts - and template - separately. We're still waiting for Blogger to give us some ability to export gadgets, and until we have that ability, you're sort of out of luck there.

But such a script doesn't explicitly ask for becoming admin, it typically just asks you to input your current account information, and sit back. It doesn't point out that they are trapping the account name / password. And the sheep, who fall for this, don't think twice.
z-vet said…
Give us account name and password? Excuse me? How stupid one has to be to do such a thing?
Chuck said…
LOL, Z,

Hang around BHF: Something Is Broken, and see for yourself.
Dorothea said…
You are right. We can never be too careful. Better have one less widget than a lots of problems!

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.