Skip to main content

Don't Make Your Blog Vulnerable To Strategic Malware

In 2009, Blogger Help Forum: Get Help with an Issue had various reports about blogs mysteriously redirecting to "blogoholic.info".

Later that year, and into 2010, we saw new reports mentioning "smashingfeeds.com", then "sendptp.com". When we investigated the redirections, we found people with blogs that used a picturesque animated decoration known as "falling snow" - and later, as Valentines Day 2010 approached, "falling hearts".

The victimised blog owners, too frequently, admitted to having installed various gadgets provided by helpful non Blogger website owners. Diagnosing the problem, however, was frequently obscured by the claims.
But I installed that gadget months ago!
In some cases, diagnosed in December 2009 - February 2010, the misbehaving gadgets had been installed as far back as Summer of 2009.

Many misbehaving blog accessories were found available from various non Blogger websites, from helpful third party developers.

In Winter 2011 / Spring 2012, we discovered new classes of malware - gadgets being provided using "Add a Gadget", and served from Google sanctioned third party contributed libraries. We had redirectors like "pagesinxt.com", targeting websites such as "ripway.com".

We have actually observed four waves of hijack attacks upon Blogger blogs (the above two are the best documented), which appear to provide commercial or financial reward to the hackers maintaining the malicious and misbehaving gadgets. Some websites served from the "pagesinxt.com" redirection were found to be serving very deviously packaged malware - that helped to enslave various reader computers, as botnet members.

This year, we're observing more victims, who have installed gadgets from "blog-hit-counters.com", and "free-blog-content.com" - with redirectors such as "searchingresult.com". We also see problem reports from owners of blogs with NeoCounter and other NeoWorx products - and similar complaints from readers of the blogs.

When advised to remove identified gadgets, many blog owners again complain.
I installed that gadget months ago, and it's been working just fine! Surely, that is not my problem!!
But based on the other problem reports - and later by the admission of the blog owners - the gadgets removed will prove to be the source of the problem.

The lessons from all of this? You need to be very selective about where you get accessories and advice - and you need to accept skeptically - if at all - the casual evaluation.
It's working fine today, after I installed it last month - so it must be a good gadget! Now, I can recommend it to my friends!!
If it seems too good to be true, it probably is.

You get readers from informative, interesting, and unique content - not from free content and shiny gadgets.

Comments

Renee Ondrajka said…
This was very helpful. I appreciate the advice. I also removed my pin gadget, but it seems that my pictures still have it on there. What could be the reason? I still want my pics to be able to be pinned, but I thought removing the gadget would make that no longer possible. Thanks for any advice. www.stampinwithrenee.blogspot.com.
Chuck Croll said…
Hi Renee,

Thanks for asking the question.

IIRC, your blog has three Pinterest gadgets. You only need one. And if they are from "assets.pinterest.com", they can be trusted. But you should only have one.

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.