An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Thursday, April 16, 2015

"I've Been Hacked" - A Dreaded Cry Of Anguish

As long as computers exist, and people are needed to provide technical advice, the one problem report that many of us fear is anguished, and brief.
I got hacked!
To many of us, this means that we have not been doing our job - because the first job of technical support is, unfortunately, security.

Hillary Clinton got hacked, recently - and she was lucky. The hacker that attacked her was only poking around - and had no actual intent to cause harm. The owner of a successfully hacked Blogger blog may not be so fortunate.

If you act promptly. and plan wisely, you can prevent long term inconvenience.

There are several ways to hack a Blogger blog.
  1. Account theft.
  2. Intentional giving up control.
  3. Mail-to-Blogger.
  4. Owner installed gadgets.

The only real hack starts with account theft.

If a blog thief manages to gain access to your Blogger account, he can transfer control of any blogs that interest him, to an account that he owns. Once this happens, he owns the stolen blogs.

Too many blog thefts have been conducted - successfully - by blog thieves, who claim to be victims of a previous theft. Now, Blogger Support will admit to inability to distinguish his theft from your intentional transfer of control - and they will protect his ownership of his newly acquired blog.

Now, account theft prevention is the basis for inability to recover blog control, with a forgotten password / account name - so determined is Blogger Support to prevent blog theft. In short, this is not a likely scenario, any more.

The owner may intentionally give control.

The blog owner may give a hacker access to the blog, to install a desirable accessory. The suggestion
You don't do anything - just give us your account and password, and we'll install for you!
Can be attractive, to some owners.

Similarly, some owners make a team blog - and later regret their generosity. Once you intentionally give someone else control, you give up control - and the blog becomes no longer yours.

This is the most commonly reported theft problem - and it is entirely an owner responsibility.

You can disable Mail-to-Blogger - or change the password.

A Mail-to-Blogger hijack will produce posts that bear your signature (they will be published, using your Mail-to-Blogger account!), but contain material that neither you, nor your readers, will appreciate.

Once you change the Mail-to-Blogger secret address ("password"), to a non guessable value, the unwanted content will stop. You'll have to spend time cleaning up the mess.

Once corrected, the only thing that you have to worry about is loss of reputation, from your readers - and possible spam host classification, by Blogger / Google. Neither will be negligible, but you can survive - once Mai-to-Blogger is disabled or updated, and unwanted content is removed.

This was a problem, some time ago. Blogger actively warns blog owners, when this is likely.

If you install a malicious gadget, you can remove the gadget.

Whether you installed a malicious gadget months ago, and it was just activated by the hacker / publisher - or you installed a malicious gadget just last week, and it was detected before being activated, you can remove a malicious gadget. Depending upon how you installed a malicious gadget, it may be more or less easy to remove.

Like the aftermath of a Mail-to-Blogger hijack, the only thing that you have to worry about is loss of reputation, from your readers - and possible malware host classification, by Blogger / Google. Again, neither will be negligible, but you can get through it - once any malicious gadgets are removed.

This is becoming less and less common, as blog owners are educated.

Act promptly / plan properly, and experience far less inconvenience.

With both malicious gadgets, and Mail-to-Blogger hijacks, the sooner you detect and remove the problem, the easier it will be to recover your reputation - and, to avoid / recover from, malware / spam classification. It's in your best interest - and your readers best interests - that you act immediately, when observing or suspecting a problem. And don't install dodgy gadgets - be more choosy about accessories.

There is no known recovery procedure, once your blog is successfully stolen. For account / blog theft, the best policy is prevention. Google 2-Step Verification is inconvenient - and using it requires planning - but the inconvenience and planning is far less painful, than the inconvenience and self flagellation, that you will experience, if your blog is stolen.

Even a temporary or unsuccessful account theft, and subsequent locked account and blogs, while you wait anxiously for recovery, will be far more painful than the task of setting up and using 2-Step Verification. Every time I login from a new / changed computer, and have to wait while Google sends me a token to my phone, is agonizing - but still, far less agonizing than having my account and blogs stolen.

Don't sweat the small stuff.

Look at the above hacking categories. How many involve activity that should be visible, in Stats or any other visitor logs? The correct answer here is simple.

None.

When you look at your Stats log, and see something that you don't understand, stop worrying.

OMG!! Am I being hacked???

The hacker that you see, in your visitor log, is not one to fear. If you are going to fear somebody, fear the account hacker, in Category #1 - or the owner enabled blog thief, in Category #2. Then setup Google 2-Step Verification - and get back to working on your blog.

Dude, hit me with a comment!

Oana D. said...

I like very much your blog, thank you for providing me your link. Your articles contain very useful information! (Y) [that means one big like :)]

Gracey said...

Interesting about the gadgets. I don't think I realized you could hack a blog that way.

I pretty much only use official gadgets supplied by Google. That started because some of the third party gadgets used to come with ads in them and I didn't want others ads.

Thanks for the info!