Skip to main content

Use Common Sense, And Protect Your Blog

We see various questions about getting advice and non standard accessories / code, from blogs and websites advertised outside Blogger / Google control - generally in Blogger Help Forum: Get Help with an Issue.
Why can't I see my blog? Every time I click on "View blog", I get a face full of ads!
and
Where can I get accessories, gadgets, and templates for my blog??
and
How do I know what accessories, gadgets, and templates are safe, for my blog?
and
Why did Blogger lock my blog, as a malware host?
All of these folks are discussing the same issue - blog content security. Some are asking properly, before they cause their problems - but others are not.

We have several known bad actors, right now - who have been putting out various blog accessories which, initially, work fine.

After thousands of victims have installed some accessories on their blogs, the owners and readers observe that the blogs are suddenly redirecting to advertising pages, or throwing popup ads on top of blog content. The latency period, for some blogs which are the first to install a new hacker provided gadget, may be as long as 6 months to a year.

By the time any malicious gadgets are discovered, identified, and removed, the victims have to deal with unhappy readers, who don't enjoy seeing a screen full of ads, instead of their favourite blog to read.

Search engine reputation is also affected by this problem. In some cases, the malicious gadgets may be detected by Blogger - and the host blog (ie, your blog) is locked, as a suspected malware host. Even if Blogger does not detect a problem, services outside Blogger will trash your blog.

Thoughtful blog owners will ask how they can get good, reliable, and safe blog accessories. I would start, by ranking the possibilities.
  1. Blogger "Add a Gadget", with gadgets labeled "By Blogger".
  2. Websites provided by well known Internet services.
  3. Blogger "Add a Gadget", with gadgets not labeled "By Blogger".
  4. Non Blogger websites provided by developers.
  5. Non Blogger websites provided by hackers and spammers.


1. Blogger "Add a Gadget", and gadgets labeled "By Blogger".

The most reliable and safe gadgets will always be found in the "Add a Gadget" library, and be labeled "By Blogger". You have to trust Blogger, if you are going to use their publishing platform in general.

The optional gadget library, and gadgets "By Blogger", is just as safe as the dashboard, and components referenced by the dashboard.

2. Websites maintained by well known Internet services.

Most well known Internet services and social networking platforms will provide gadgets that are designed for Blogger. The best gadgets will be labeled "For Blogger", and be written in Blogger compatible XML. Some general purpose gadgets, written in HTML / JavaScript, will also be suitable.

Almost any gadget in this category, if written by the staff of the service in question, will be free from malicious intent. Both FaceBook, and Twitter, for instance, provide gadget libraries. Because these gadgets were not written by Blogger staff, they will not be as reliable as Category #1.

3. Blogger "Add a Gadget", and gadgets not labeled "By Blogger".

Many gadgets provided in "Add a Gadget" will be provided by third party developers. Hopefully, Blogger / Google exercises some quality control, over gadgets distributed through their library.

That said, the first mass hacking of Blogger blogs, of 2009 - 2010, came through gadgets that were distributed from the "Add a Gadget" libraries. One such gadget was discovered, just last week.

Not all third party accessories are provided with malicious intent. Unfortunately, even if not provided maliciously, some accessories may be unreliable because of periodic changes by Blogger.

4. Non Blogger websites provided by developers.

After the unforgettable blog hijacks of 2009 / 2010, then 2010 / 2011, Blogger / Google Security got aggressive with the problems of malicious gadgets being served from their libraries. Most recent hacking attacks have been distributed from websites outside the control of Blogger / Google.

Some non Google websites are provided by third party developers, who write code almost as reliable as Blogger staff. However, if the choice for my blog was between gadgets in Categories #3 and #4, and be of equal functionality and suitability, I would choose #3 over #4 - and I would seriously recommend the same, if asked.

In some cases, legitimate third party developers have provided accessories that require access to their code libraries. The developers have gone out of business, and have cancelled the domains where the code libraries were served. The abandoned domains have been bought by spammers, as investments - based on serving ads to accumulated incoming traffic, from people surfing to the blogs and websites which have the accessories installed.

In some cases, the domains were actually abandoned by the developers. In other cases, the developers were spammers, who sold their domains for a good profit, to other spammers.

We, the blog owners, cannot really tell which case is involved, when our blogs start redirecting to pages of spam - or even malicious domains, serving malware to our readers. We do need to protect our readers, though.

5. Non Blogger websites provided by hackers and spammers.

Some websites outside the control of Blogger / Google should not be trusted. I would seriously suggest without hesitating, that you stay away from websites like "SEOYourBlog.com", "MakeMunyFromHome.info", and such.

Any blog or website, with clever initials in the name, should be considered, with great caution. Although "SEO" was originally a serious concept, most websites with "SEO" in the name will not have your best interests in mind. Likewise "GPT, "PTC", "PTS" will do you no good.

If and when you add gadgets, always add them using "Add a Gadget". Gadgets added using "Add a Gadget" can be easily removed, if they go bad. Gadgets added using "Edit HTML" must be removed using "Edit HTML" - and some gadgets will be extremely challenging to diagnose and remove.

Security begins with you.

Comments

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.