Skip to main content

Blogger blogs redirecting to "scrapur . com"

This week, we've seen several reports in Blogger Help Forum: Something Is Broken, from Blogger blog owners, reporting the latest hijacking of their blogs.
My blog is being redirected to a spam site - was it hijacked?


As is all too frequently the case, the redirection appears to come from third party code or gadgets, willingly installed by the blog owner. Examination of the website in question appears to indicate a long expired domain.
This domain name expired on Nov 7 2012 11:32:24:000AM
It's possible that, right now, this is not a maliciously planned hijack - though any expired domain can be re purchased for a devious or malicious purpose.

In several cases, the redirecting code appears as part of an installed XML gadget, a version of "Recent Comments". In other cases, we have observed naked JavaScript code, installed directly into the blog template. Here are identified examples - though you may see other variants.
<script style="text/javascript" src="http : // scrapur . com / index / wp-content / uploads / 2008 / 04 / rc . asp"> </script>
or possibly
<script src='http : // scrapur . com / index / wp-content / uploads / 2008 / 02 / smile . js' type='text/javascript'></script>
(Note the URLs have been modified, to prevent search engine indexing of a potentially malicious domain).

Use of a text proxy, such as Rex Swain's HTTP Viewer, when run from any browser, will allow you to safely examine the blog source, without interference by the redirecting code. In this case, simply load your blog using the URL, then use the browser test search, for "scrapur", in the proxy log. This will let you see if the code in question is part of an HTML gadget - or it is installed directly in the template.

As with many reported hijacks, access to the Blogger Layout and Template wizards appears to be affected. If you need to remove this code from your blog, you may find yourself unable to use either the Layout wizard (to remove an identified gadget) or the Template wizard (to remove directly installed code). In this case, you will need to use Firefox with Noscript - or a similarly well protected browser - to prevent the redirecting code from executing.

After removing the identified code from your blog, as always, clear cache and restart the browser. Finally, I'll remind you again, to please be particular - only install third party code from trustworthy providers.

>> Top

Comments

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

What's The URL Of My Blog?

We see the plea for help, periodicallyI need the URL of my blog, so I can give it to my friends. Help!Who's buried in Grant's Tomb, after all?No Chuck, be polite.OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".