Skip to main content

Blogger blogs redirecting to "scrapur . com"

This week, we've seen several reports in Blogger Help Forum: Something Is Broken, from Blogger blog owners, reporting the latest hijacking of their blogs.
My blog is being redirected to a spam site - was it hijacked?


As is all too frequently the case, the redirection appears to come from third party code or gadgets, willingly installed by the blog owner. Examination of the website in question appears to indicate a long expired domain.
This domain name expired on Nov 7 2012 11:32:24:000AM
It's possible that, right now, this is not a maliciously planned hijack - though any expired domain can be re purchased for a devious or malicious purpose.

In several cases, the redirecting code appears as part of an installed XML gadget, a version of "Recent Comments". In other cases, we have observed naked JavaScript code, installed directly into the blog template. Here are identified examples - though you may see other variants.
<script style="text/javascript" src="http : // scrapur . com / index / wp-content / uploads / 2008 / 04 / rc . asp"> </script>
or possibly
<script src='http : // scrapur . com / index / wp-content / uploads / 2008 / 02 / smile . js' type='text/javascript'></script>
(Note the URLs have been modified, to prevent search engine indexing of a potentially malicious domain).

Use of a text proxy, such as Rex Swain's HTTP Viewer, when run from any browser, will allow you to safely examine the blog source, without interference by the redirecting code. In this case, simply load your blog using the URL, then use the browser test search, for "scrapur", in the proxy log. This will let you see if the code in question is part of an HTML gadget - or it is installed directly in the template.

As with many reported hijacks, access to the Blogger Layout and Template wizards appears to be affected. If you need to remove this code from your blog, you may find yourself unable to use either the Layout wizard (to remove an identified gadget) or the Template wizard (to remove directly installed code). In this case, you will need to use Firefox with Noscript - or a similarly well protected browser - to prevent the redirecting code from executing.

After removing the identified code from your blog, as always, clear cache and restart the browser. Finally, I'll remind you again, to please be particular - only install third party code from trustworthy providers.

>> Top

Comments

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.