Monday, October 12, 2009

Fighting a hacker

These past few days if you’ve come to my blog here you will have noticed occasional spam and even porn blog posts. I’ve been having a problem with my blog being hacked into by some posting these “articles” that look like I posted them. I have deleted these articles of course and reported this problem to Blogger. The problem continued even after I changed my Blogger password twice.

I even set my Blogger to account to send me an email alert when “I” have posted a blog article. When the spam hacker posts these articles my e-mail recognizes them as spam. So I've needed to check my spam box to see when my blog has been hacked into!

When I posted this problem on their Blogger help someone who asked me whether someone was merely posted comments vs. posting a blog article. When I did a key word search of this problem in the help forum I found that other people have posted this same problem and not have gotten any serious response from Blogger.

So today, Monday 10-12-09, when I found that my blog had been hacked into again in the morning, I promptly deleted the blog article and then googled “blogger hacking” and finally found an article that got me closer to the real problem. It turns out that there is a Blogger e-mail address for every blog that follows this default pattern: (your blogger name).(the first word of your blog title)@blogger.com. These e-mail accounts are created automatically by blogger whereby one can post a blog article through email.

If you use this feature you can be hacked if you have listed the Blogger e-mail addresses in your e-mail address book and someone hacks into your e-mail. I have never used this feature and these addresses are no where on my computer, but somehow these addresses were hacked and someone has been using them to post spam messages. I think in my case it's possible that the hackers know that the Blogger e-mail addresses follow enough of a pattern that they can successfully guess your blogger e-mail address if you don't manually change the address to something other than the first word of your blog title. Since the default setting is to have the feature enabled for automatic instant e-mail posting, the hackers can go to your blog site, find your public user name, the first word of your blog title and get lucky.

Later I found a link in a reponse that was posted to my Blogger help question that explained more about the problem of spammers guessing your Blogger e-mail address.

For now I have disabled this automatic instant e-mail posting feature. Let’s hope that works!

No comments: