Friday, December 21, 2012

Visitor Logs Cause Undue Concern

We see periodic concern, expressed in Blogger Help Forum: Something Is Broken, over apparent visitor access to blog maintenance wizards, using the Quick Edit icons.
I found this entry, in my StatCounter log. How did this person get access to my blog?
http://www.blogger.com/post-edit.g?blogID=7834826019588534175&postID=890014875501476492&from=pencil
Was my blog hacked?


This may not be a justified reason to panic, however. One may first wish to check that Stats (or whatever visitor log is in use, in this case) is properly configured, to not track your own activity. The link that you see may reflect your activity.

Even if the visitor log entry in question does not appear to reflect your own activity - even when allowing for the vagaries of geo location, you may still do well to remain calm.

Thanks to the unpredictable nature of cache, some blog artifacts may be visible to people other than blog owners.

Cache in your browser, on your computer, or even on your network, may cause the Quick Edit icon - which provides you with access to the sensitive wizards, which control the content of your blog - to also be visible to the casual visitor to your blog. Any idly curious visitor may even click on such an icon, when visible.

However, visibility of the icon does not guarantee access to sensitive blog controls. Here's what I saw, when I clicked on the link above.

D'Ohh!!!

Maybe, you'd like to verify that your blog is safe?
  1. Extract the URL, from a Quick Edit pencil, or screwdriver / wrench, on your blog.
  2. Verify that the link works, by testing it in your browser. See that you can access the post editor or the wizard, for the pencil or screwdriver / wrench.
  3. Save the verified URL, somewhere safe.
  4. Clear cache, cookies, and sessions (yes, clear all 3!).
  5. Restart your browser, and do not login to Blogger.
  6. Load the saved URL.
  7. What do you see?

If the above suggestion isn't interesting, I'll let you try to attack my blog.

Similar to the problem with phantom visitors reading a private blog, or maybe seeing your email address where other people can see it, or even porn sites linking to your blog, this may not be an issue to concern you. Calm down, and get back to work.

Dude, hit me with a comment!