Skip to main content

Some Blogger Blogs Being Locked As Malware Hosts

For a long time, we've been dealing with various malware / spam mitigation issues, in Blogger Help Forum: Something Is Broken.

Recently, malware detections, long simply identified as "Malicious JavaScript" in the well known Spam Appeal Guidelines, was given its own identity, and a separate classification / appeal process. We're now seeing several common types of JavaScript, included in blogs which are typically mentioned in forum reports.

It may be helpful to describe some examples of JavaScript code being seen, so blog owners can avoid making the same mistakes, by not including these scripts in their blogs.

There are several common types of JavaScript applications, found in many blogs with the owners requesting review / unlock action.
  1. CPA / Cost Per Action.
  2. Multiple popups, such as a generic "Welcome!", followed by "Like my blog, before you read it!".
  3. Password protection, on a page basis.
  4. Security warning popups, suggesting that you need to install a recommended security software.
  5. Social networking popups, demanding "Like my blog, before you read it!".
  6. Traffic Redirection, targeting other blogs / websites.
  7. Traffic redirection, targeting the canonical URL for the host blog.

CPA / CPALeads / Cost Per Action, and similar online marketing terminology, involves providing a reward for viewing a blog, or for subscribing to the blog feed. Some CPA scripts may be used to collect email addresses, also known as "email address mining", later used for hacking activity or spam distribution.

CPA scripts present another problem. Since Blogger blogs are intended to reward the readers by providing interesting and unique content, blogs which use CPA may be improperly designed or maintained. Blogger wants the blog owners to publish blogs which entertain or inform their readers - not blogs which require artificial or ingenious techniques to generate traffic, and visitor activity.

Multiple popups, such as an initial "Welcome to my blog!" greeting, followed by the well known FaceBook "Like my blog, to read my blog!" demand. If multiple popups should become an established practice, it's possible that malware producers could enjoy this technique, to conceal a malware installation.

Password protection, on a page basis, is an attempt to make a blog (or blog portion) private, by using a password. This protection is easily defeated, as the password is provided in the page (post / template) code, as plain text - and can easily be identified by anybody knowing how to view page source as text.

Besides the "protection" being easily bypassed, this is a problem because security scanning programs - such as the malicious scripting bot - can't pass through JavaScript code easily. When encountering this JavaScript application, your blog will be righteously classified, as a malicious script host.

Security warning popups, suggesting that your computer is infected - and offering, for immediate installation, the perfect tool to remove the claimed malware. Security experts know that this is similarly a favourite malware installation technique, where the computer owner would give permission to have the offered software installed - and the installed software would later install a botnet client or similar malicious trash.

Social networking popups are an arrogant way of wasting your readers time, and guaranteeing eventual malware classification of your blog. Popular among some WordPress blogs, the circular FaceBook "Like my blog, to read my blog!" demand is a good way to make genuine readers go elsewhere.

If you want genuine readers, who read a Blogger blog because of thoughtful, unique content, you will not get them by demanding that they boost your FaceBook popularity, before reading your blog. This is just another way of buying "Likes" - and it belongs in WordPress, not in Blogger.

Traffic Redirection, targeting other blogs / websites is a technique attempted by many hackers and spammers. The use of some blogs as gateways, leading to redistributors, which in turn lead to payload blogs or non Google websites, is part of many hacking / spam attacks. Google is trying to restrict the use of Blogger blogs as malware / spam hosts - and actively prevents scripts, which only shuffle readers from one blog to another, without choice.

Even though Blogger will not encourage you to move your blog, to Tumblr, Weebly, WordPress, or wherever, you are allowed to do this - if you feel the need.
Hello, faithful readers:

This blog is now hosted at my new blogging host. Please update your blog lists and bookmarks!
If you must do this, it's OK to post a notice, in your Blogger blog. You can even put a link, to the new blog, in the notice. You just can't use JavaScript, to automatically redirect the reader to the new blog.

Traffic redirection, targeting the canonical URL for the host blog, is a technique used by some blog owners who perceive Country Code Alias Redirection to present a problem. Some accessories installed on their blogs, and various non Google services which may be used to provide activity on their blogs, may not properly reference the canonical URL tag included in all Blogger blogs.

Since Blogger / Google wants all Blogger blog owners to benefit from improved world wide access to Blogger blogs, blogs which employ automatic canonical URL redirection may damage the effect of CC alias redirection. Blogs which host scripts which immediately redirect readers to the canonical URL, and are considered undesirable by any host government, may force an offended host government to block the entire Blogger service, in their country.

To prevent malicious misuse of Blogger by hackers and spammers, and to encourage effective long term use of Blogger by legitimate blog owners, Blogger / Google may detect any blogs which use these types of scripts as part of their general malware / spam classification strategy. Given the ability and willingness of the blog owner, to remove the JavaScript code in question, most blogs can be returned to service - but each blog will remain offline, until the removal is verified.

It's to everybody's benefit to identify, and to avoid use of, these scripts in our blogs, before it's too late. If your blog contains one of these scripts, why not remove the problem now, instead of waiting until you too have to post your problem report, in the forum
Help me! My blog was just locked for
What do I do, now?


Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Free Domain Registration By "UNONIC" Is Fraudulent

Blogger blog owners, like everybody else, like to save money.

Some blog owners prefer to save money when registering a custom domain, for their blogs. We've seen several free domain registration services, providing what is claimed to be a two level Top Level Domain "co.xx" (where "xx" == various country codes).

The latest in this ongoing story appears to be "" - and 13 other "top level domains".There is also an additional free service offering third-level .tf domains, under the name United Names Organisation. They occupy 14 second-level domains, including,,, and They are run by the same company as, and are given away as URL redirections.