Saturday, October 24, 2009

Keep Malicious Content Out Of Your Blog

Every day or so, we see reported from concerned bloggers, about unknown content in their blogs.
Where did those ads come from? I didn't add them!
or
How do I keep this other blogger from posting porn links in my blog?


As we add content to our blogs, and make them fun, interesting, and shiny, to attract readers, we risk adding undesirable content. This is a constant problem. The bad guys are out there, and the more fun, interesting, and shiny your blog is, the more it's likely to have readership, reputation, and value. The more readership, reputation, and value that your blog has, the more attractive it is to the bad guys.

Malicious Comments

One of the easiest way to add third party content to your blog is from allowing comments. Comments are contributed by people who, at best, you simply do not know. Any content from someone who you do not know can always be malicious, or obnoxious in some way.

Some blog owners will try to identify and block individual commentors. I will continue to insist that anybody who you should fear will not be bothered greatly by anything that you can do here.

You absolutely must moderate comments, or risk having a blog known for hosting malicious links - or worse.

Malicious Posts

Besides comments, posts are a constant concern. If you have a team blog, you have to be able to trust the other members in the blog. Post moderation, using post editor to publish, isn't an option. Anybody who you make an author can publish what they feel like publishing. You can only moderate posts after they are published, when using post editor.

An alternative to using post editor to publish is Mail-to-Blogger, where contributions are emailed to the blog. If Mail-to-Blogger is setup to publish straight to the blog, and the bad guys figure out your MTB account and password, you'll have malicious content a plenty. You can moderate before publishing, using Mail-to-Blogger.

Malicious Accessories

Any time that you install third party accessories of any type, you are placing your blog at risk.

Don't be overly paranoid - you have to make your blog interesting to your readers. But do keep the risks in mind. This is similar to layered security for your computer, which is a related concern here.

Malicious Blog Members

Sometimes, possibly having unwisely installed a third party accessory, the install process may have enabled the addition of an unknown member to the blog - and the unwanted content may be added by the attacker using this unknown member. If none of the above advice offers you an explanation for the existence of unwanted content, check your blog member list.

BlogList / Feed Gadgets

Occasionally, we may Follow a blog where the owner will later decide to try to get more traffic to the blog, and will redirect the blog feed to a cloud of random blogs. If you are Following such a blog, or have such a blog in your BlogList or Feed gadget, you'll see your BlogList or Feed gadget show odd content - and frequent spam.

>> Top

3 comments:

mrduncan2k said...

Can you please offer some assistance?

Under “BLOGS I’M FOLLOWING,” - “ITEMS”

I have found postings that qualify as SPAM

I have no idea how they showed up on my DASHBOARD but now that they are there I can’t find a way to delete them or to keep others from appearing.

I moderate comments coming in for posting or not, but there is no apparent way to rid myself of this problem, there is no delete button available.

Chuck said...

Under “BLOGS I’M FOLLOWING,” - “ITEMS”

I have found postings that qualify as SPAM

I have no idea how they showed up on my DASHBOARD


You need to start a discussion in BHF: Something Is Broken, so we can explore this in detail.

Ellie K said...

You rule as the definitive Anti-Spam Czar! I just found my way here after months of seeing your "nite" doppelganger on Google Product sites.

What a clever implementation of the Blogger template: I don't have a glimmer of an idea how you did some of these customizations.

You seem altruistic, assisting the bloggers-in-dire-need on Google Blogger Help. I have been, and will continue to be, one of those folks.

Well done, and thank you!