Skip to main content

Protect Your Blog - Install Third Party Code, Safely

Have any of you seen this sort of offer, when looking at third party accessories, and contemplating installation?
You don't do a thing! For Blogger blogs, we offer "EZ Install"! Just give us the blog URL, and an account name and password, sit back, and let us do the work!
and maybe later, you're posting in BHF: Something Is Broken
Somebody is posting spam posts on my blog!
Where did these ads come from? I didn't put them there!
or worse yet
Why is my blog deleted? I don't post malicious script!
All of these concerns have been noted, in real problem reports, and were caused by real mistakes.

Not everybody will note a connection between "EZ Install", and the malicious content.

With some, reputable, third party software, this won't be a problem - there's a lot of reliable third party code that only wants to provide their product, and make the install easy for you, just as claimed. But, it's always a possibility - and you would do well to consider the possibility.

Always install third party code with care. If you're going to have the third party code installed for you, do this with greater care.

If I was going to use an "EZ Install" process, here's how I would protect myself.
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Make my "EZ Install" member an administrator.
  3. Run the "EZ Install" process, and check out the software carefully.
  4. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.

If I was really paranoid (no, just a small bit paranoid), I would add a precaution:
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Upgrade the "EZ Install" member to administrative status.
  3. Backup the template.
  4. Run the "EZ Install" process, and check out the software carefully.
  5. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.
  6. Backup the template again.
  7. Compare the two backup copies, and consider carefully each change.

What the heck, you should backup the template, anyway! Comparing the two backups is just a small extra step.

It's your blog, and you are responsible for its content, both visual (what the readers see), and non visual (what only you see). It's your decision, too.


Dudel said…
Couldn't people export their blog (assuming template download already) before this and simply "try again" if things got "too wrong"?

Assuming they didn't listen to you, here, they should at least export their "normal/most active" blog often.

Another thing, my brain sends up HUGE RED FLAGS when people start asking about usernames, passwords and becoming admins on the blog.... or being able to "join it" all together.

Guess I'm saying don't trust anyone saying "I'll do it for you" unless you actually know the person... and then still not truest them. That's just me, maybe?
Nitecruzr said…

Good thinking. Unfortunately, you can only export comments and posts - and template - separately. We're still waiting for Blogger to give us some ability to export gadgets, and until we have that ability, you're sort of out of luck there.

But such a script doesn't explicitly ask for becoming admin, it typically just asks you to input your current account information, and sit back. It doesn't point out that they are trapping the account name / password. And the sheep, who fall for this, don't think twice.
z-vet said…
Give us account name and password? Excuse me? How stupid one has to be to do such a thing?
Nitecruzr said…

Hang around BHF: Something Is Broken, and see for yourself.
DaisyCrazy said…
You are right. We can never be too careful. Better have one less widget than a lots of problems!

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

Where's The Dashboard?

We see this confusion, a couple times a week, in Blogger Help Forum: How Do I? . Where is the dashboard? In the Classic Blogger GUI, the display which contained the "Blog List" (at the top), and the "Reading List" (at the bottom) was labeled "Dashboard". Many people also called the "Settings" / "Template" screens for the various blogs, linked from the Blog List, the dashboard. The New Blogger GUI has no page with the label - and no links "To The Dashboard". The Navbar (another unlabeled feature) has two links - "Design" and "New Post" - which lead to different dashboard sections, when you are appropriately logged in to Blogger . And, the "B" logo at the far left of the navbar will, similarly, take you to the Blog List / Reading List.