Wednesday, March 02, 2011

Team Ownership, And Blog Security

A well known adage describes multi-personal issues, in general
A chain is only as strong as its weakest link.
In terms of blogs with multiple owners, each individual owner becomes one link, in the chain of blog security.

Any blog with multiple administrators ("owners") is subject to its abuse by any one of the owners. Whatever the abuse involves
  • Installation of dodgy code.
  • Dodgy installation practices.
  • Addition of untrustworthy members or administrators.
  • Theft of the blog by removing all other administrators.
You (the original creator of your blog) absolutely must exercise discretion, in inviting other people to jointly administer a blog with you.

Any one administrator can install malicious code, can use an EZ Install procedure to invite a hijacked Blogger account, can add another administrator who can do any of these things, or can even remove all other administrators. Just one person (the "weakest link") can cause chain breakage (a damaged, hijacked, spam locked, or stolen blog).

Blog authors can also cause problems - either with dodgy links or posts.

You simply must choose your administrators - and team members, with great care. Blogger cannot intervene in internal issues which involve team membership.

>> Top

8 comments:

Betty Soapmaker said...

SO true! Thanks for the reminder.

JK said...

I have a question, if you don't mind answering. A little off topic, but I wasn't sure where to leave it. If I am signed in to my Google account, and click on a blog link - and then see the page that says "This blog is open to invited readers only," will that blog owner be able to see that I (from my e-mail address or Google account) attempted to read the blog, or access the page?
Thanks so much for any insight.

Chuck said...

JK,

Many visitor logs will show your access to the home page of the blog, when the overlaying "interstitial notice" page "This blog is open to invited readers only" is displayed.

http://blogging.nitecruzr.net/2010/04/private-blogs-and-your-visitor-log.html

So yes, you may show up, in some access log (or be counted by Stats, for instance) as having read the home page. This is one reason why the individual numbers in Stats won't ever add up to equal the other individual numbers. In the Popular Posts list, there is no entry for "Home Page" - just for individual posts.

http://blogging.nitecruzr.net/2011/01/detail-numbers-in-stats-will-never.html

However - and please do not panic here - no access log will have the ability to display your email address or Google account. Your Google login state is only available to Blogger / Google code, such as the comment wizard, or the private blog access checking (which leads to the interstitial display). Your Google login state is not available in any visitor log.

http://blogging.nitecruzr.net/2009/12/identifying-your-visitors.html

BlossomFlowerGirl said...

A little off-topic perhaps, but reading about blog security, reminded me of this. Sometimes when leaving a comment on a blog, it asks for your email address saying it won't be published. Can the owner of that blog see your email address and how secure is this?
I now a void leaving a comment on blogs which ask for this just in case.
Thank you in advance.

Chuck said...

Blossom,

If this is a Blogger comment form, your email address is only used to authenticate you to Blogger - and what is published to the blog is the username, and a profile pointer. I examined my incoming comment email, and that's all that shows.

In other words, what you see published above is what I know about you. Nothing more.

On the other hand, if you're asking about a comment posted outside Blogger, that's completely unpredictable.

It's not impossible that a non Blogger / Google website based email mining scheme is being used, as the start to a Blogger blog hijacking operation. With that said, even unwisely sharing one's email address / Blogger account name isn't an immediate doorway into one's Blogger account.

You've asked a good question though, and one that deserves some thought.

BlossomFlowerGirl said...

Chuck,

It's interesting reading about Blogger comment forms and comments posted outside Blogger. The blogs where I found an email address was required were (from memory) mainly Wordpress and ones that had Nuff Nuff on them.
Thanks for letting me know that the email address can't be seen.
Cheers.

Chuck said...

Blossom,

I'd trust WordPress, equally as I'd trust Blogger / Google. "Nuff Nuff" though is too cute a name for me to trust their service. I'm not getting any useful hits, from Googling "nuff nuff".

gerald chan said...

Nice blog you have! keep up the good work =)
www.myoff.neta