An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Monday, December 08, 2014

Use Common Sense, And Protect Your Blog

We see various questions about getting advice and non standard accessories / code, from blogs and websites advertised outside Blogger / Google control - generally in Blogger Help Forum: Get Help with an Issue.
Why can't I see my blog? Every time I click on "View blog", I get a face full of ads!
and
Where can I get accessories, gadgets, and templates for my blog??
and
How do I know what accessories, gadgets, and templates are safe, for my blog?
and
Why did Blogger lock my blog, as a malware host?
All of these folks are discussing the same issue - blog content security. Some are asking properly, before they cause their problems - but others are not.

We have several known bad actors, right now - who have been putting out various blog accessories which, initially, work fine.

After thousands of victims have installed some accessories on their blogs, the owners and readers observe that the blogs are suddenly redirecting to advertising pages, or throwing popup ads on top of blog content. The latency period, for some blogs which are the first to install a new hacker provided gadget, may be as long as 6 months to a year.

By the time any malicious gadgets are discovered, identified, and removed, the victims have to deal with unhappy readers, who don't enjoy seeing a screen full of ads, instead of their favourite blog to read.

Search engine reputation is also affected by this problem. In some cases, the malicious gadgets may be detected by Blogger - and the host blog (ie, your blog) is locked, as a suspected malware host. Even if Blogger does not detect a problem, services outside Blogger will trash your blog.

Thoughtful blog owners will ask how they can get good, reliable, and safe blog accessories. I would start, by ranking the possibilities.
  1. Blogger "Add a Gadget", with gadgets labeled "By Blogger".
  2. Websites provided by well known Internet services.
  3. Blogger "Add a Gadget", with gadgets not labeled "By Blogger".
  4. Non Blogger websites provided by developers.
  5. Non Blogger websites provided by hackers and spammers.


1. Blogger "Add a Gadget", and gadgets labeled "By Blogger".

The most reliable and safe gadgets will always be found in the "Add a Gadget" library, and be labeled "By Blogger". You have to trust Blogger, if you are going to use their publishing platform in general.

The optional gadget library, and gadgets "By Blogger", is just as safe as the dashboard, and components referenced by the dashboard.

2. Websites maintained by well known Internet services.

Most well known Internet services and social networking platforms will provide gadgets that are designed for Blogger. The best gadgets will be labeled "For Blogger", and be written in Blogger compatible XML. Some general purpose gadgets, written in HTML / JavaScript, will also be suitable.

Almost any gadget in this category, if written by the staff of the service in question, will be free from malicious intent. Both FaceBook, and Twitter, for instance, provide gadget libraries. Because these gadgets were not written by Blogger staff, they will not be as reliable as Category #1.

3. Blogger "Add a Gadget", and gadgets not labeled "By Blogger".

Many gadgets provided in "Add a Gadget" will be provided by third party developers. Hopefully, Blogger / Google exercises some quality control, over gadgets distributed through their library.

That said, the first mass hacking of Blogger blogs, of 2009 - 2010, came through gadgets that were distributed from the "Add a Gadget" libraries. One such gadget was discovered, just last week.

4. Non Blogger websites provided by developers.

After the unforgettable blog hijacks of 2009 / 2010, then 2010 / 2011, Blogger / Google Security got aggressive with the problems of malicious gadgets being served from their libraries. Most recent hacking attacks have been distributed from websites outside the control of Blogger / Google.

Some non Google websites are provided by third party developers, who write code almost as reliable as Blogger staff. However, if the choice for my blog was between gadgets in Categories #3 and #4, and be of equal functionality and suitability, I would choose #3 over #4 - and I would seriously recommend the same, if asked.

In some cases, legitimate third party developers have provided accessories that require access to their code libraries. The developers have gone out of business, and have cancelled the domains where the code libraries were served. The abandoned domains have been bought by spammers, as investments - based on serving ads to accumulated incoming traffic, from people surfing to the blogs and websites which have the accessories installed.

In some cases, the domains were actually abandoned by the developers. In other cases, the developers were spammers, who sold their domains for a good profit, to other spammers.

We, the blog owners, cannot really tell which case is involved, when our blogs start redirecting to pages of spam - or even malicious domains, serving malware to our readers. We do need to protect our readers, though.

5. Non Blogger websites provided by hackers and spammers.

Some websites outside the control of Blogger / Google should not be trusted. I would seriously suggest without hesitating, that you stay away from websites like "SEOYourBlog.com", "MakeMunyFromHome.info", and such.

Any blog or website, with clever initials in the name, should be considered, with great caution. Although "SEO" was originally a serious concept, most websites with "SEO" in the name will not have your best interests in mind. Likewise "GPT, "PTC", "PTS" will do you no good.

If and when you add gadgets, always add them using "Add a Gadget". Gadgets added using "Add a Gadget" can be easily removed, if they go bad. Gadgets added using "Edit HTML" must be removed using "Edit HTML" - and some gadgets will be extremely challenging to diagnose and remove.

Security begins with you.

Dude, hit me with a comment!