We've known, for some time, about blog owners receiving alerts about "suspicious" / "unusual" account activity. The alerts frequently involve locked or deleted Blogger / Google accounts - and generally include the owner having to change their password, solve a CAPTCHA, and / or provide their phone number (mobile or home phone) to login.
Later, people started reporting that their blogs were being deleted - possibly as a result of having to change their password, solve a CAPTCHA, and / or provide their phone number.
I've been observing - and blocking - an annoying style of comment based spam, which I have termed "nice blog" spam, for some time.
Nice blog. I will keep visiting this blog very often.This style of spam, from what I can tell, has been published by the millions, in various blog comments, on both Blogger and non Blogger platforms.
The reason for the spam always intrigued me. Observing that the spam was published in the millions, suggested to me that it had a special purpose, intended by its creators. Looking at a typical spam message, in my email (since I moderate before publishing), I could see no consistent type of content.
- Some messages would contain links, others not.
- Some messages would mention what looked like commercial products, other references were obviously imaginary targets.
- Some messages would appear to be mere babble.
Recently, I discovered one strong possibility for the purpose of the spam - a very ingenious form of email address mining. The spam comment is only needed to allow a hacker to subscribe to a given comment stream, using the "Email follow-up comments to ..." option. It's possible that the subscription is not even affected by moderation - whether the blog owner is moderating, either before or after the comment is published to the blog, the hacker remains subscribed to the comment stream.
All that the hacker / spammer has to do is to publish a spam comment, select the "Email follow-up comments to ..." option, and watch while his Inbox fills up with subsequent comments from other Blogger / Google / OpenID account owners. Any comment containing an email address, and linking to a Blogger blog, would go straight into the hackers database.
Later, the hacker could go to work against the Blogger accounts referenced in the comments. In some cases, this would result in successfully hijacked Blogger blogs, which would become part of a spammers blog farm where advertisements of various nature could be hosted. Valuable blogs, with established reader populations, could also be used to serve malware (and more hacking) to unsuspecting readers.
The demographics of some hijacking attacks provide interesting clues. In one episode, we had a significant number of home / personal / small business blogs that had been hijacked by one specific individual. Many of the victim blogs
- Contained details relevant to the owners, which provided clues to passwords used by the owners.
- Were owned by people who used commenting extensively, for networking both with friends, and with business targets.
- Were read (and commented upon) by similar people, who similarly provided password clues in their own blogs.
Having been part of the restore process, both with people who had their blogs hijacked, and who had their accounts locked and blogs deleted, I observed that the former (hijacked blogs) seem to have decreased in volume as the latter (accounts and blogs locked / deleted) increased in volume. I don't think that the relationship is coincidental - or spurious.
My opinion is that the locking of Blogger / Google accounts - and subsequent deletion of blogs - directly results from detected attacks against the accounts in question ("suspicious" / "unusual" activity). Noting that the attacks seem to be more common to people who comment on blogs as a form of networking, it appears that commenting can lead to accounts and blogs being locked or deleted, as Google protects us against hacking.
Considering this possible cause and effect relationship, Google 2-step verification is a good idea. Click here, for Google instructions on setting up 2-step verification.
Use of 2-step verification helps safeguard our accounts against brute force hacking. This will help anybody who is anxious about accounts and blogs being deleted or locked, as a result of "suspicious" / "unusual" activity. If you own a blog which is subject to this threat, you should consider using 2-step verification.
The sanity (heart attack, ulcer) that is saved may be your own.