Skip to main content

Blogger blogs redirecting to "scrapur . com"

This week, we've seen several reports in Blogger Help Forum: Something Is Broken, from Blogger blog owners, reporting the latest hijacking of their blogs.
My blog is being redirected to a spam site - was it hijacked?


As is all too frequently the case, the redirection appears to come from third party code or gadgets, willingly installed by the blog owner. Examination of the website in question appears to indicate a long expired domain.
This domain name expired on Nov 7 2012 11:32:24:000AM
It's possible that, right now, this is not a maliciously planned hijack - though any expired domain can be re purchased for a devious or malicious purpose.

In several cases, the redirecting code appears as part of an installed XML gadget, a version of "Recent Comments". In other cases, we have observed naked JavaScript code, installed directly into the blog template. Here are identified examples - though you may see other variants.
<script style="text/javascript" src="http : // scrapur . com / index / wp-content / uploads / 2008 / 04 / rc . asp"> </script>
or possibly
<script src='http : // scrapur . com / index / wp-content / uploads / 2008 / 02 / smile . js' type='text/javascript'></script>
(Note the URLs have been modified, to prevent search engine indexing of a potentially malicious domain).

Use of a text proxy, such as Rex Swain's HTTP Viewer, when run from any browser, will allow you to safely examine the blog source, without interference by the redirecting code. In this case, simply load your blog using the URL, then use the browser test search, for "scrapur", in the proxy log. This will let you see if the code in question is part of an HTML gadget - or it is installed directly in the template.

As with many reported hijacks, access to the Blogger Layout and Template wizards appears to be affected. If you need to remove this code from your blog, you may find yourself unable to use either the Layout wizard (to remove an identified gadget) or the Template wizard (to remove directly installed code). In this case, you will need to use Firefox with Noscript - or a similarly well protected browser - to prevent the redirecting code from executing.

After removing the identified code from your blog, as always, clear cache and restart the browser. Finally, I'll remind you again, to please be particular - only install third party code from trustworthy providers.

>> Top

Comments

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".