Skip to main content

Some Blogger Blogs Being Locked As Malware Hosts

For a long time, we've been dealing with various malware / spam mitigation issues, in Blogger Help Forum: Something Is Broken.

Recently, malware detections, long simply identified as "Malicious JavaScript" in the well known Spam Appeal Guidelines, was given its own identity, and a separate classification / appeal process. We're now seeing several common types of JavaScript, included in blogs which are typically mentioned in forum reports.

It may be helpful to describe some examples of JavaScript code being seen, so blog owners can avoid making the same mistakes, by not including these scripts in their blogs.

There are several common types of JavaScript applications, found in many blogs with the owners requesting review / unlock action.
  1. CPA / Cost Per Action.
  2. Multiple popups, such as a generic "Welcome!", followed by "Like my blog, before you read it!".
  3. Password protection, on a page basis.
  4. Security warning popups, suggesting that you need to install a recommended security software.
  5. Social networking popups, demanding "Like my blog, before you read it!".
  6. Traffic Redirection, targeting other blogs / websites.
  7. Traffic redirection, targeting the canonical URL for the host blog.


CPA / CPALeads / Cost Per Action, and similar online marketing terminology, involves providing a reward for viewing a blog, or for subscribing to the blog feed. Some CPA scripts may be used to collect email addresses, also known as "email address mining", later used for hacking activity or spam distribution.

CPA scripts present another problem. Since Blogger blogs are intended to reward the readers by providing interesting and unique content, blogs which use CPA may be improperly designed or maintained. Blogger wants the blog owners to publish blogs which entertain or inform their readers - not blogs which require artificial or ingenious techniques to generate traffic, and visitor activity.

Multiple popups, such as an initial "Welcome to my blog!" greeting, followed by the well known FaceBook "Like my blog, to read my blog!" demand. If multiple popups should become an established practice, it's possible that malware producers could enjoy this technique, to conceal a malware installation.

Password protection, on a page basis, is an attempt to make a blog (or blog portion) private, by using a password. This protection is easily defeated, as the password is provided in the page (post / template) code, as plain text - and can easily be identified by anybody knowing how to view page source as text.

Besides the "protection" being easily bypassed, this is a problem because security scanning programs - such as the malicious scripting bot - can't pass through JavaScript code easily. When encountering this JavaScript application, your blog will be righteously classified, as a malicious script host.

Security warning popups, suggesting that your computer is infected - and offering, for immediate installation, the perfect tool to remove the claimed malware. Security experts know that this is similarly a favourite malware installation technique, where the computer owner would give permission to have the offered software installed - and the installed software would later install a botnet client or similar malicious trash.

Social networking popups are an arrogant way of wasting your readers time, and guaranteeing eventual malware classification of your blog. Popular among some WordPress blogs, the circular FaceBook "Like my blog, to read my blog!" demand is a good way to make genuine readers go elsewhere.

If you want genuine readers, who read a Blogger blog because of thoughtful, unique content, you will not get them by demanding that they boost your FaceBook popularity, before reading your blog. This is just another way of buying "Likes" - and it belongs in WordPress, not in Blogger.

Traffic Redirection, targeting other blogs / websites is a technique attempted by many hackers and spammers. The use of some blogs as gateways, leading to redistributors, which in turn lead to payload blogs or non Google websites, is part of many hacking / spam attacks. Google is trying to restrict the use of Blogger blogs as malware / spam hosts - and actively prevents scripts, which only shuffle readers from one blog to another, without choice.

Even though Blogger will not encourage you to move your blog, to Tumblr, Weebly, WordPress, or wherever, you are allowed to do this - if you feel the need.
Hello, faithful readers:

This blog is now hosted at my new blogging host. Please update your blog lists and bookmarks!
If you must do this, it's OK to post a notice, in your Blogger blog. You can even put a link, to the new blog, in the notice. You just can't use JavaScript, to automatically redirect the reader to the new blog.

Traffic redirection, targeting the canonical URL for the host blog, is a technique used by some blog owners who perceive Country Code Alias Redirection to present a problem. Some accessories installed on their blogs, and various non Google services which may be used to provide activity on their blogs, may not properly reference the canonical URL tag included in all Blogger blogs.

Since Blogger / Google wants all Blogger blog owners to benefit from improved world wide access to Blogger blogs, blogs which employ automatic canonical URL redirection may damage the effect of CC alias redirection. Blogs which host scripts which immediately redirect readers to the canonical URL, and are considered undesirable by any host government, may force an offended host government to block the entire Blogger service, in their country.

To prevent malicious misuse of Blogger by hackers and spammers, and to encourage effective long term use of Blogger by legitimate blog owners, Blogger / Google may detect any blogs which use these types of scripts as part of their general malware / spam classification strategy. Given the ability and willingness of the blog owner, to remove the JavaScript code in question, most blogs can be returned to service - but each blog will remain offline, until the removal is verified.

It's to everybody's benefit to identify, and to avoid use of, these scripts in our blogs, before it's too late. If your blog contains one of these scripts, why not remove the problem now, instead of waiting until you too have to post your problem report, in the forum
Help me! My blog was just locked for
MALICIOUS JAVASCRIPT
What do I do, now?

Comments

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodicallyI need the URL of my blog, so I can give it to my friends. Help!Who's buried in Grant's Tomb, after all?No Chuck, be polite.OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Leave Comments Here

Like any blogger, I appreciate polite comments, when they are relevant to the blog, and posted to the relevant article in the right blog. If you want to ask me a question thats relevant to blogging, but you can't find the right post to start with (I haven't written about everything blogger related, yet, nor the way things are going I don't expect to either), ask your questions here, or leave an entry in my guestbook.

As noted above, please note my commenting policy. If you post a comment to this post, I will probably treat it as a "Contact Me" post. If you have an issue that's relevant to any technical issue in the blog, please leave a comment on the specific post, not here. This post is for general comments, and for non posted contact to me.

If the form below does not work for you, check your third party cookies setting!

For actual technical issues, note that peer support in Blogger Help Forum: Something Is Broken, or Nitecruzr Dot Net - Blogging is, almos…

What Is "ghs.google.com" vs. "ghs.googlehosted.com"?

With Google Domains registered custom domains becoming more normal, we are seeing one odd attention to detail, expressed as confusion in Blogger Help Forum: Learn More About Blogger.My website uses "ghs.google.com" - am I supposed to use "ghs.googlehosted.com", instead?It's good to be attentive to detail, particularly with custom domain publishing. This is one detail that may not require immediate attention, however.