Monday, September 20, 2010

Blogger Blogs Redirecting To "hijriah.jentayu.com/hijriah.php"

In a new volume of the series "Tales Of The Hijacked Blogger Blogs", today we have multiple reports of blogs redirecting to "hijriah.jentayu.com/hijriah.php".

This tale is somewhat less exciting than the previous episodes in this long saga, however. The problem code, which is causing the hijacks, typically appears in various HTML gadgets, and is not difficult to find. The code appears to consist of simple HTML gadgets, intentionally installed by the blog owners.

You'll probably not find this hack by editing the template HTML code - it will be an HTML gadget, located in your sidebar or maybe the blog footer / attribution section.

If you use a text only proxy, like the Rex Swain HTTP Viewer or the Web-Sniffer View HTTP, you can retrieve the blog in safety. Then, do a simple text search on "hijriah.jentayu.com". You'll find something like

</div><div class='widget HTML' id='HTML7'>
<h2 class='title'>.:: Today ::.</h2>
<div class='widget-content'>
<script src="http://hijriah.jentayu.com/hijriah.php"> </script>
</div>

See the Title of the gadget above? If you title your gadgets, it's easy enough to find.
<h2 class='title'>.:: Today ::.</h2>

Having identified the offending code, use "Page Elements" and delete the HTML gadget. And be more selective, when choosing third party code.

>> Top

12 comments:

katney said...

Say, Chuck. Would Revert Widget Templates to Default remove the code after the widget itself is removed? Just a thought, as many who get this are, like me, not code literate and have difficulty finding the offending code.

orang muo said...

terima kasih atas info saudara.. masalah blog saya telah selesai dan berfungsi seperti sediakala..puncanye ialah skrip html jentayu sebagaimana info saudara di atas. terima kasih banyak :)

Chuck said...

Kats,

No, I do not think that "reverting widget templates" will remove an entire HTML gadget.

We are going to have to help by identifying the gadgets for them, when they tell us the blog names. And they will have to use "Page Elements" and delete the gadgets.

Ticer Syah said...

hi nitecruz..
thanks for helping me back there.. i really appreciate it :)
i got my blog back.. thanks for the info! :)

ana' Geology said...

Thanks for your help, i have finished my problem,
that jentayu has been deleted

" KEMAS Sekijang Berintegriti " said...

dah jumpa code tu nak buat apa? remove ke??

Mohd Saad Hamid said...

Thanks for you help. I have deleted the html script for hijrah.jentayu.com gadget, and I got back my blog.

Yan said...

Salam,

ALHAMDULLILAH i got back my blog once i remove the code.

Mohamad said...

Thank you. Why suddenly it appear like that as I been using it for a while? So from now on how do we know the widgets which are harmless to the website/blog and which is not?

Mohamad said...

I have deleted the widget initially it was ok but then the same problem recurr what should I do.. HELP!

Chuck said...

Mohamed,

Until we figure out what is going on here, you're better off just deleting the gadget, and leaving it deleted.

Mohamad said...

Thank U Chuck, I realized by puttting a post on the scripts will also redirect my blog to jentayu. Crazy!