Skip to main content

Some Blogger Blogs Being Locked As Malware Hosts

For a long time, we've been dealing with various malware / spam mitigation issues, in Blogger Help Forum: Something Is Broken.

Recently, malware detections, long simply identified as "Malicious JavaScript" in the well known Spam Appeal Guidelines, was given its own identity, and a separate classification / appeal process. We're now seeing several common types of JavaScript, included in blogs which are typically mentioned in forum reports.

It may be helpful to describe some examples of JavaScript code being seen, so blog owners can avoid making the same mistakes, by not including these scripts in their blogs.

There are several common types of JavaScript applications, found in many blogs with the owners requesting review / unlock action.
  1. CPA / Cost Per Action.
  2. Multiple popups, such as a generic "Welcome!", followed by "Like my blog, before you read it!".
  3. Password protection, on a page basis.
  4. Security warning popups, suggesting that you need to install a recommended security software.
  5. Social networking popups, demanding "Like my blog, before you read it!".
  6. Traffic Redirection, targeting other blogs / websites.
  7. Traffic redirection, targeting the canonical URL for the host blog.


CPA / CPALeads / Cost Per Action, and similar online marketing terminology, involves providing a reward for viewing a blog, or for subscribing to the blog feed. Some CPA scripts may be used to collect email addresses, also known as "email address mining", later used for hacking activity or spam distribution.

CPA scripts present another problem. Since Blogger blogs are intended to reward the readers by providing interesting and unique content, blogs which use CPA may be improperly designed or maintained. Blogger wants the blog owners to publish blogs which entertain or inform their readers - not blogs which require artificial or ingenious techniques to generate traffic, and visitor activity.

Multiple popups, such as an initial "Welcome to my blog!" greeting, followed by the well known FaceBook "Like my blog, to read my blog!" demand. If multiple popups should become an established practice, it's possible that malware producers could enjoy this technique, to conceal a malware installation.

Password protection, on a page basis, is an attempt to make a blog (or blog portion) private, by using a password. This protection is easily defeated, as the password is provided in the page (post / template) code, as plain text - and can easily be identified by anybody knowing how to view page source as text.

Besides the "protection" being easily bypassed, this is a problem because security scanning programs - such as the malicious scripting bot - can't pass through JavaScript code easily. When encountering this JavaScript application, your blog will be righteously classified, as a malicious script host.

Security warning popups, suggesting that your computer is infected - and offering, for immediate installation, the perfect tool to remove the claimed malware. Security experts know that this is similarly a favourite malware installation technique, where the computer owner would give permission to have the offered software installed - and the installed software would later install a botnet client or similar malicious trash.

Social networking popups are an arrogant way of wasting your readers time, and guaranteeing eventual malware classification of your blog. Popular among some WordPress blogs, the circular FaceBook "Like my blog, to read my blog!" demand is a good way to make genuine readers go elsewhere.

If you want genuine readers, who read a Blogger blog because of thoughtful, unique content, you will not get them by demanding that they boost your FaceBook popularity, before reading your blog. This is just another way of buying "Likes" - and it belongs in WordPress, not in Blogger.

Traffic Redirection, targeting other blogs / websites is a technique attempted by many hackers and spammers. The use of some blogs as gateways, leading to redistributors, which in turn lead to payload blogs or non Google websites, is part of many hacking / spam attacks. Google is trying to restrict the use of Blogger blogs as malware / spam hosts - and actively prevents scripts, which only shuffle readers from one blog to another, without choice.

Even though Blogger will not encourage you to move your blog, to Tumblr, Weebly, WordPress, or wherever, you are allowed to do this - if you feel the need.
Hello, faithful readers:

This blog is now hosted at my new blogging host. Please update your blog lists and bookmarks!
If you must do this, it's OK to post a notice, in your Blogger blog. You can even put a link, to the new blog, in the notice. You just can't use JavaScript, to automatically redirect the reader to the new blog.

Traffic redirection, targeting the canonical URL for the host blog, is a technique used by some blog owners who perceive Country Code Alias Redirection to present a problem. Some accessories installed on their blogs, and various non Google services which may be used to provide activity on their blogs, may not properly reference the canonical URL tag included in all Blogger blogs.

Since Blogger / Google wants all Blogger blog owners to benefit from improved world wide access to Blogger blogs, blogs which employ automatic canonical URL redirection may damage the effect of CC alias redirection. Blogs which host scripts which immediately redirect readers to the canonical URL, and are considered undesirable by any host government, may force an offended host government to block the entire Blogger service, in their country.

To prevent malicious misuse of Blogger by hackers and spammers, and to encourage effective long term use of Blogger by legitimate blog owners, Blogger / Google may detect any blogs which use these types of scripts as part of their general malware / spam classification strategy. Given the ability and willingness of the blog owner, to remove the JavaScript code in question, most blogs can be returned to service - but each blog will remain offline, until the removal is verified.

It's to everybody's benefit to identify, and to avoid use of, these scripts in our blogs, before it's too late. If your blog contains one of these scripts, why not remove the problem now, instead of waiting until you too have to post your problem report, in the forum
Help me! My blog was just locked for
MALICIOUS JAVASCRIPT
What do I do, now?

Comments

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".