Not all blog owners understand the reasons behind the locked Blogger / Google accounts.
Even less understand why recovery of locked accounts, and of the blogs owned by the locked accounts, is not immediate. We see the occasional report, in Blogger Help Forum: Something Is Broken.
Brute force hacking of our Blogger / Google accounts, by hackers / spammers, who have use of the various botnets in the Internet, is a constant activity. Opposing activity, by the Security teams in Blogger / Google, to not let hackers and spammers take control of our accounts and blogs, is just as constant.
Some of the Security activity requires our patience - and blog owners, having to recover their deleted blogs, are not always patient.
The Security processes, in Blogger / Google hacking prevention, have to work from a worst case scenario, when detecting hacking activity.
Immediate detection of hacking is not always a possibility.
Account hacking cannot always be detected instantly. When hacking is detected, the hacking prevention process has to consider the possibility that the accounts under attack have already been compromised.
When Blogger / Google Security detects possible brute force hacking against an account, they lock the account - and delete the blogs owned by the account.
Alternatively, they quarantine the computers used in the hacking activity. This is where we see the notice of "suspicious account activity" - and possibly the dreaded "403 Forbidden".
Post detection security analysis looks at owner mistakes, and for hacking artifacts.
When we discover a locked account, and request its restore, the security process looks for signs of security weaknesses allowed by the account owners - or possibly added by the (temporarily) successful hacker. In some cases, the owner may be required to change the account password, and receive instruction on using a more secure ("strong") password.
Ongoing efforts by Blogger / Google, to make the account recovery easier for the blog owners to endure, may cause mystery about blogs missing from the dashboard, without obvious recovery options.
After the account is restored, all blogs must be carefully checked.
After the Blogger / Google account is restored, the integrity of the blogs owned by the account must be verified.
These are simply examples of what must be done, to ensure that our blogs were not compromised, even temporarily, by the hacking just detected. After you get your account back, it's not a bad idea for you to verify this, on your own. If you just got your blog back, after resetting your Blogger account password and / or verifying your phone number, check your template carefully, looking for references to unfamiliar JavaScript code, hosted outside Google address space.
Account / blog verification will take time.
The process of account and blog integrity verification will require an unpredictable time period - and needs to be done with the blogs inaccessible to anybody but the Blogger / Google security processes. The blog being offline may not be immediately observed by the owner - and this may cause more confusion.
Blogger Support is aware that nobody wants to deal with the stress of having a locked or deleted blog - especially after they have gone through the process of verifying their account. They are also well aware of the frustration that is present when someone reports
Locking the owned blogs, after hacking activity is detected, complements the ongoing policy of not disclosing the account names, in helping to keep our blogs under our control.
---
http://blogging.nitecruzr.net/2013/01/confusion-over-recovery-from-locked.html
Confusion Over Recovery From Locked Blogger / Google Accounts
Even less understand why recovery of locked accounts, and of the blogs owned by the locked accounts, is not immediate. We see the occasional report, in Blogger Help Forum: Something Is Broken.
I had to change the password on my account - and now my blogs are deleted! Why should I wait another "24 to 48 hours" to get my blogs back?This blog owner does not understand the possible reasons for the locked account - and the work that goes on after the account is unlocked.
Brute force hacking of our Blogger / Google accounts, by hackers / spammers, who have use of the various botnets in the Internet, is a constant activity. Opposing activity, by the Security teams in Blogger / Google, to not let hackers and spammers take control of our accounts and blogs, is just as constant.
Some of the Security activity requires our patience - and blog owners, having to recover their deleted blogs, are not always patient.
The Security processes, in Blogger / Google hacking prevention, have to work from a worst case scenario, when detecting hacking activity.
Immediate detection of hacking is not always a possibility.
Account hacking cannot always be detected instantly. When hacking is detected, the hacking prevention process has to consider the possibility that the accounts under attack have already been compromised.
When Blogger / Google Security detects possible brute force hacking against an account, they lock the account - and delete the blogs owned by the account.
Alternatively, they quarantine the computers used in the hacking activity. This is where we see the notice of "suspicious account activity" - and possibly the dreaded "403 Forbidden".
Post detection security analysis looks at owner mistakes, and for hacking artifacts.
When we discover a locked account, and request its restore, the security process looks for signs of security weaknesses allowed by the account owners - or possibly added by the (temporarily) successful hacker. In some cases, the owner may be required to change the account password, and receive instruction on using a more secure ("strong") password.
Ongoing efforts by Blogger / Google, to make the account recovery easier for the blog owners to endure, may cause mystery about blogs missing from the dashboard, without obvious recovery options.
After the account is restored, all blogs must be carefully checked.
After the Blogger / Google account is restored, the integrity of the blogs owned by the account must be verified.
- The blog content must be examined for spammy content added.
- The blog Permissions list must be checked, for backdoor accounts added.
- The Mail-to-Blogger settings must be considered as a possible backdoor.
These are simply examples of what must be done, to ensure that our blogs were not compromised, even temporarily, by the hacking just detected. After you get your account back, it's not a bad idea for you to verify this, on your own. If you just got your blog back, after resetting your Blogger account password and / or verifying your phone number, check your template carefully, looking for references to unfamiliar JavaScript code, hosted outside Google address space.
Account / blog verification will take time.
The process of account and blog integrity verification will require an unpredictable time period - and needs to be done with the blogs inaccessible to anybody but the Blogger / Google security processes. The blog being offline may not be immediately observed by the owner - and this may cause more confusion.
Blogger Support is aware that nobody wants to deal with the stress of having a locked or deleted blog - especially after they have gone through the process of verifying their account. They are also well aware of the frustration that is present when someone reports
Somebody is publishing spam on my blog - and I can't access the dashboard to remove the spam!
Locking the owned blogs, after hacking activity is detected, complements the ongoing policy of not disclosing the account names, in helping to keep our blogs under our control.
---
http://blogging.nitecruzr.net/2013/01/confusion-over-recovery-from-locked.html
Confusion Over Recovery From Locked Blogger / Google Accounts
Comments
This frequently results from someone trying to brute force hack your Blogger / Google account. It's annoying, I'm sure - but it's probably less annoying than discovering that your blog is now being published by a spammer.
As far as "How long will it take to get everything back?" - that's up for you to tell us, once you find out. This is the first report of this nature, that I've seen in a few weeks, so Google may have tweaked another security setting.
Setup 2-step verification, to prevent this from happening again.
http://blogging.nitecruzr.net/2013/03/if-you-comment-on-blogs-extensively-you.html