Skip to main content

Blogs Locked After Detected Account Hacking

One Blogger mystery involves the varying periods of blog unavailability, after hacking activity is detected.
My blog just disappeared from my dashboard - and no, it's not listed under "Deleted blogs"!

When the owner mentions the notice about "suspicious" / "unusual" account activity, or having unlocked the account (by solving a CAPTCHA, receiving a phone message, changing the password) - and is advised to wait "24 to 48 hours" - many ask the obvious.
Is "24 to 48 hours" really accurate?

In reality, the legendary "24 to 48" hour time period is only a ball park figure - and both Blogger / Google, and the blog owner, contribute to the uncertainty.

The well known advice to "Wait 24 to 48 hours", after a Blogger account is locked for suspected hacking activity, is only an estimation of the waiting time, which the owner may have to endure.

Account / Blog integrity verification will, regrettably, take several days.

This is an unavoidable side effect, in account / blog integrity verification.

There are several factors which can contribute to the accuracy of "24 to 48 hours" (which maybe should be stated as "one to two business days").

  • Availability of essential Blogger / Google personnel.
  • Current hacking activity level, and ongoing Blogger / Google workload.
  • Blog content, which complicates hacking payload analysis.

Only the blog owner knows the details of the correct blog content.

We've referenced the first two factors (personnel, and hacking activity level) in the well known Blogger FAQ How long will it take?. The third involves detail which only the blog owner can provide. Many blog owners contribute to this uncertainty, in the development of their blogs.

Hackers add their own blog content - when temporarily undetected.

There are several types of content, which hackers like to add, to blogs temporarily under their control.

  1. Advertising - and similar shiny accessories.
  2. Custom code - and various template tweaks.
  3. Links to other blogs - and to websites outside Google address space.
  4. Team memberships - and multiple blog owners.

All of these features, also added by the owner - and allowed (and encouraged) by Blogger - can require extra effort as a blog is validated, after detected hacking activity.

Security experts have to look for hacker added content - and this takes time.

Blogger / Google security experts, in examining an account / blog, must look for features possibly added by the hacker. Security experts have no immediate knowledge what was added by the owner, long ago - as opposed to by a hacker, more recently.

Any advertising, custom code, external links, or team memberships, intentionally added by the owner, will contribute to time spent validating blog integrity.

  • Leave a setting or tweak added by the hacker - and the blog remains a security risk, when returned to service.
  • Remove a setting or tweak added by a blog owner - and the blog becomes broken, when returned to service.

Neither is desired, by the blog owners - nor by Blogger / Google.

The more custom content, added by the owner, the longer verification takes.
More accessories and tweaks == more time spent by security experts == more time the blog remains offline, while the owner waits in uncertainty.


This uncertainty, added to delayed deletion caused by cache latency, leads to mystery.

All of this brings to mind the old adage.
KISS
Keep it simple, stupid.

Comments

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".