Skip to main content

Blogger blogs redirecting to "scrapur . com"

This week, we've seen several reports in Blogger Help Forum: Something Is Broken, from Blogger blog owners, reporting the latest hijacking of their blogs.
My blog is being redirected to a spam site - was it hijacked?


As is all too frequently the case, the redirection appears to come from third party code or gadgets, willingly installed by the blog owner. Examination of the website in question appears to indicate a long expired domain.
This domain name expired on Nov 7 2012 11:32:24:000AM
It's possible that, right now, this is not a maliciously planned hijack - though any expired domain can be re purchased for a devious or malicious purpose.

In several cases, the redirecting code appears as part of an installed XML gadget, a version of "Recent Comments". In other cases, we have observed naked JavaScript code, installed directly into the blog template. Here are identified examples - though you may see other variants.
<script style="text/javascript" src="http : // scrapur . com / index / wp-content / uploads / 2008 / 04 / rc . asp"> </script>
or possibly
<script src='http : // scrapur . com / index / wp-content / uploads / 2008 / 02 / smile . js' type='text/javascript'></script>
(Note the URLs have been modified, to prevent search engine indexing of a potentially malicious domain).

Use of a text proxy, such as Rex Swain's HTTP Viewer, when run from any browser, will allow you to safely examine the blog source, without interference by the redirecting code. In this case, simply load your blog using the URL, then use the browser test search, for "scrapur", in the proxy log. This will let you see if the code in question is part of an HTML gadget - or it is installed directly in the template.

As with many reported hijacks, access to the Blogger Layout and Template wizards appears to be affected. If you need to remove this code from your blog, you may find yourself unable to use either the Layout wizard (to remove an identified gadget) or the Template wizard (to remove directly installed code). In this case, you will need to use Firefox with Noscript - or a similarly well protected browser - to prevent the redirecting code from executing.

After removing the identified code from your blog, as always, clear cache and restart the browser. Finally, I'll remind you again, to please be particular - only install third party code from trustworthy providers.

>> Top

Comments

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Add A Custom Redirect, If You Change A Post URL

When you rename a blog, the most that you can do, to keep the old URL useful, is to setup a stub post , with a clickable link to the new URL. Yo! The blog is now at xxxxxxx.blogspot.com!! Blogger forbids gateway blogs, and similar blog to blog redirections . When you rename a post, you can setup a custom redirect - and automatically redirect your readers to the post, under its new URL. You should take advantage of this option, if you change a post URL.

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.