Skip to main content

Hacking Detection Is Generally Not Caused By The Blog Owner

We've been helping Blogger blog owners deal with spurious fuzzy content classification, for many years.

We started out, long ago, with blogs deleted because of spam classification. Later, Blogger added malware classification - and most recently, porn classification ("adult content", with objectionable advertisements).

These three classification categories involve fuzzy blog content analysis.

A fourth category, which similarly results in blog(s) being deleted, I describe as "hacking detection".

The fourth category complements the other three, because the primary symptom of all four are remarkably similar.
Help me! Blogger has deleted my blog!!
This is a frequent complaint, seen in Blogger Help Forum: Something Is Broken.

One problem with using the term "hacking" is that some account owners take this diagnosis personally.
Why do you mention hacking? I am not a hacker!
And in almost all cases, the owners are correct.

Blogs are deleted by Blogger, currently, because of several different reasons.

  1. DMCA Violation.
  2. Hacking detection.
  3. Malware detection.
  4. Porn detection.
  5. Spam detection.

I list the different categories, collectively, because they are frequently reported, using the common symptom.
My blog was deleted, and I did not do it!

DMCA, malware, porn, and spam locks generally are blog owner caused.

DMCA, malware, porn, and spam are generally based on what the blog owner did (though in many cases, what the owner "did" was simply to publish a blog). Hacking, on the other hand, is generally based on action by someone other than the blog owner.

DMCA, malware, porn, and spam classifications are based on content analysis (automated), or complaint (manual) - and these classifications can be somewhat avoided by the blog owner. Don't steal content or publish a blog containing malware, porn, or spam, to reduce your chance of having the blog classified.

Hacking detection starts with action by a hacker - and a botnet.

Hacking detection, on the other hand, is based on analysis of Blogger account traffic - and this classification can not be avoided, as easily, by the blog owner. Hacking generally involves use of a cloud of computers, to systematically break into a Blogger account owned by the victim.

Though frequently, a hacking attack starts with unintentional disclosure of personal information by the victim, actual hacking activity is typically not initiated by the victim.

This particular "hacking" activity is not difficult to detect, considering Google resources. The Google account access process simply looks for lots of similar activity, using fuzzy analysis. Having the ability to compare activity against multiple accounts, over long periods of time, Google looks for trends - persistent activity against the same account, from multiple computers and / or against multiple accounts, from the same computer.

When interesting patterns of activity are detected, Google sends out mysterious warnings, mentioning "suspicious" / "unusual" account activity. I have, personally, received half a dozen such warnings - before I added Two Step Verification.

Google has the infrastructure and the technique, to look for hacking.

Detection of hacking attacks is best conducted by Google, because they can look for repetitive activity against multiple Blogger / Google accounts, from multiple computers located worldwide.
  • Most account owners can login to their accounts in one or two tries.
  • Very few account owners will, intentionally, attempt to login to their accounts, concurrently, from computers in Argentina, USA, and Zaire.
  • Very few computers will be used to access Blogger accounts owned by people in Brazil today, in China tomorrow, and in Denmark next week.

Recovering from hacking detection will require blog owner activity.

Recovery from hacking detection requires willful action by the victim - though Blogger makes the required action so simple, its purpose becomes transparent. The victim, or account owner, is simply required to change the account password, solve a CAPTCHA, and / or verify account ownership by providing various personal details.

Having initiated hacking recovery, the account owner is able to login to Blogger - but is greeted by an empty dashboard.
You are not yet the owner of any blogs. Create a blog, and get started!

If the blog owner publishes multiple blogs, the blog may be accessible - but from the new "My blogs" menu. Or, in this case, even "My blogs" won't provide access.

This is where the confusion starts.

Not all Blogger account owners personally publish a blog. Some people setup Blogger accounts simply to comment on, and / or Follow blogs published by other people - and won't, necessarily, publish a blog using the account in question.

Hacking does not require existence of a published (or public) blog.

Blogger accounts with no owned blogs may still be under attack by hackers - and are subject to hacking detection. This makes the primary symptom so confusing.
You are not yet the owner of any blogs. Create a blog, and get started!
People who don't own any blogs (under this Blogger account) may, or may not, see this as a problem.

In cases where the initial symptom is a deleted blog, the blog owner must recover the hacked (locked) account, before the blog can be recovered. This is one more scenario where unplanned, anonymous blog ownership, just causes more confusion.

Hacking detection recovery requires patience, by the blog owner.

Having initiated hacking recovery, a blog owner is simply expected to wait patiently, until the blogs owned by the account are verified as free of content added by the hacker. Unfortunately, we sometimes see the blog owner, impatiently reporting in Blogger Help Forum: Something Is Broken.
I had to change my password, and having done that, Blogger deleted my blog!

Sometimes, hacking detection starts with the Blogger account owner, repetitively trying to recover access to the account, by sequentially trying every possible password (sometimes trying the same password, repeatedly).
I know it's one of these! But which one? Did I maybe type the one, incorrectly??
This repetitive action looks the same as any malicious hacking attack - and that is why hacking detection is so hard to canonically diagnose.

If you are a victim, report your problem - and be patient.

Please, consider these details, the next time you post your problem report.
Help me! Blogger has deleted my blog!!
In some cases, I may respond with a mention of hacking detection. If I do that, please don't take my response as a personal attack upon you.
Why do you mention hacking? I am not a hacker!

Even though being the victim of a hacking attack is not the fault of the account / blog owner, that person may still have to bear some of the responsibility. In general, blog owners have to support themselves - learn how to protect themselves, and use 2-step verification.

Comments

D7ana said…
My blog had been deleted, but it is back again. Yippee! I am so happy that it has been restored. Thank you for passing my problem on so that it could be fixed.

AgustIn said…
Dear Nitecruzr:

Some weeks ago I complained because of the deletion of my blog peroratamagna.blogspot.com. You noted that there were strange code I put, perhaps automaticaly and without a malicious intention.

I asked for restoring many times at the Blogger page, without results. What do you recomend me? Thank you very much.

Agustín Rela, agusrela(at)gmail.com. 2013.June.2013.

Nitecruzr said…
Agustin,

You need to start a new discussion - and when you are answered, you have to respond to the answer.

Please don't just post a problem report, and assume that the problem is being taken care of.

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Add A Custom Redirect, If You Change A Post URL

When you rename a blog, the most that you can do, to keep the old URL useful, is to setup a stub post , with a clickable link to the new URL. Yo! The blog is now at xxxxxxx.blogspot.com!! Blogger forbids gateway blogs, and similar blog to blog redirections . When you rename a post, you can setup a custom redirect - and automatically redirect your readers to the post, under its new URL. You should take advantage of this option, if you change a post URL.

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.