Skip to main content

Security Vulnerability In Mail-to-Blogger Passwords

In early 2010, Blogger issued a typically terse warning of a security problem, with blogs that use Mail-to-Blogger for publishing posts.
To prevent abuse, a recent update to disabled easily guessable secret words. Please update your Mail2Blogger secret word.

I've referred to the importance of the "secret word" some time ago - and apparently this year, a few blogs are being hit by the vulnerability.

If you are using Mail-to-Blogger for publishing - and especially if you enabled "Publish emails immediately" - this is a change which you need to make.

There is an organised attack technique, where blogs, owned by accounts with weak "passwords", are being used as spam hosts. In some cases, this results in splog detection, with the well known and hated in forum triage being required, to get the blog unlocked - then cleaned.

If you are inadvertently using an author account, instead of your owner account, you may have enabled Mail-to-Blogger, while trying to recover control of the blog. Whether accidentally or intentionally, your blog is now vulnerable.

If your blog uses Mail-to-Blogger (Settings - "Mobile and email" - "Posting using email"), and you have selected "Publish emails immediately", please change your Mail-to-Blogger password, to something not easily guessable - but reliable. If you don't need to post using email, select "Disabled".

Just please - do this before you have to post, following organised brute force hacking, in Blogger Help Forum: Something Is Broken
Please, help me! My blog is locked!!

Comments

Yudi Helfi said…
I have tried to disable mail to blogger.. may it works. Thank Your for your advice..
thanks for your help. I have now disabled mail2blogger.....
Habibu Shehu said…
how do we disable mail2blogger
Chuck Croll said…
Hi Habibu,

Thanks for the question.

The "Disabled" selection, for "Posting using email" will disable M2B, and make your blog safer. Or you can make the "password" a bit harder to guess, if you really want to post by email.

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Help! I Can't See My Blog!

I just posted to my blog, so I know that it's there. I can tell others are looking at it. But I can't see it.

Well, the good news is you don't have a blog hijack or other calamity. Your blog is not gone.

Apparently, some ISPs are blocking *.blogspot.com, or maybe have network configuration or infrastructure problems. You can access Blogger.com or you can access Blogspot.com, but you can't access nitecruzr.blogspot.com, or bloggerstatusforreal.blogspot.com.

You can't access them directly, that is. If you can access any free, anonymous proxy servers, though, you may be able to access your blog.

Note: You can use PKBlogs with the URL pre packaged. Here is the address of this post (with gratuitous line breaks to prevent the old post sidebar alignment problem):
http://www.pkblogs.com/bloggerstatusforreal.blogspot.com/
2006/07/help-i-cant-see-my-blog.html


And an additional URL, to provide to those suffering from this problem, would be the WordPress version of this post:
ht…