A Better Spammer

The only good spammer is a dead spammer.

Well, Mango is a better spammer, because his account has been TOSsed. His alter ego Shady (note the email address in the profile) is still valid though, so I have no doubt that we’ll be seeing more shite like this (spamvertised URL neutralised to prevent search engine contamination).

Hi friends,today i found an incredible site while surfing today which makes money making so easy from home. All the things one needs to know about easy money making from part time work at home. Ii decided to tell you all about it.
Its a must check. here’s the link:
h t t p : / / e b i z w e b b i z . c o m / m a n g o i n s t y l e / e a r n /

When you see the above shite, or other turds like it, please report it and neutralise it.

He’s not dead (we could only wish), so I won’t call him a good spammer. But he’s a better spammer than he was yesterday.

And while we wait for Google Support to delete his posts, please report them again. Here’s the current list:

• In How Do I?
• In Share Your Blog

Please, everybody, do your part and report this asshole until Google Support deletes the posts.

And to you, Mr Mango, or Shady, or whatever, the following Google Blogger Help forums are off limits:

• Customizing Templates
• Publishing Trouble
• How Do I?
• Something Is Broken
• Share Your Blog

Stay Away.

(Update, July 5): Loves has joined Mango in the spammer afterlife.

Putting A Post At The Top (A “Welcome” Post)

Many people have asked how they can have a Welcome or Index page in their blog. I have a Welcome page, in PChuck’s Network, for instance.

The only way to do this is to set the post date far into the future, so it always “posts” after any other posts, including ones which you may make in the future.

This is, fortunately, not hard to do. You change the post date, for any article made now or in the past, from the Post and Comment Options applet, under the Edit posts window.

• Click on “Post and Comment Options”.
• Under “Change Date & Time”, change the date of the post to fall far in the future (or change it periodically, when you add posts normally).
• Hit “Publish Post”.

This will, unfortunately, not work forever. Blogger Support has stated that sometime, they will use future posted dates to say “Don’t make this post visible, when published, until the post date”. When that happens, you’ll have to work a bit harder. Every time you add a new post, you’ll have to change the post date of your Index / Welcome page, so it “posts” 1 minute after the latest post.

• Add a new post.
• Republish the Index / Welcome page, with a new “post” date.
• Republish Entire Blog.

Problems Uploading Pictures? Try This Process

In my work as a network troubleshooter, I work on many problems similar to this photo upload problems situation. We have:

• Multiple people.
• Multiple computers, all different.
• Different browsers used.
• Clearing cookies.
• Some work in Compose mode, others Edit Html.
• Incanting various runes and spells, while they work.

and some are successful in uploading photos, others not. WTF?

In my professional opinion (FWTW), this indicates at least two separate problems, in various combinations, causing variant symptoms.

Maybe we have a breakthru. In Google – Blogger Help – Publishing, we have pictures by trial and error… maybe help?, by Theodor.

By trial and error I found that when starting a posting by first
– giving some enters
– upload allt the pictures
– AFTER THAT adding my texts
has been working most of the times.

That agrees with MY experiences anyway. This is how I make a post with pictures.

1. I look at all of my pictures.
2. Sort them in the right sequence.
3. Upload in reverse sequence. The upload process always puts each new picture on top of the previously uploaded picture.
4. Go thru the code, insert breaks, captions, and other punctuation.
5. Make one last look at the post as a whole.
6. Publish Post.

If you try to add pictures to an existing post, and run into problems, start a new post. You can always add links between the two posts.

I’ll be very surprised if, following this procedure, everybody’s problems were to completely vanish. But I’ll bet some will see an improvement. It may be possible to identify the other problems, if we can solve ONE problem. I think that this is a start in the right direction.

Patience, persistence, and publicity.

Deeply Hidden, and Heavily Protected, Malware

Some malware, besides making it impossible for you to interrupt its processes, will make it impossible for you to even locate on your computer. This is called rootkit protection.

Any program that lists (“enumerates”) objects on your computer, for instance,

• Process Explorer – lists processes and services running.
• Windows Explorer – lists files and folders in mass storage.

each of these programs depends upon system functions to tell it what is on your computer. None of these programs gets its list straight from system inventories, they ask system functions for a copy of those lists. Why is this relevant? Because, like any copy, things can be omitted when copying.

If your computer is infected by malware that’s using rootkit protection, the system functions that enumerate processes and services, or those that enumerate files and folders, may have been customised. When Process Explorer asks for a list of processes, or Windows Explorer asks for a list of folders in storage, the list returned by the system may be filtered by the rootkit function.

Knowing what folders and processes are related to the protected malware, the rootkit function will simply not list those items. If “C:\Malware” contains the program library for the malware that has infected your computer, “C:\Malware” simply won’t be listed by Windows Explorer. You can’t delete what you can’t see.

That’s the bad news. Now the good news.

Any file, folder, process, or service, that isn’t enumerated by a system function, is quite likely malware. There are several special programs, distributed by security experts, that enumerate system objects by bypassing the rootkit functions. They compare the results with a normal enumeration, calling the standard (and possibly rootkitted) system functions. If there are objects in the former list, that are not in the latter list, those objects are quite possibly rootkit protected malware.

Two of these special programs are

• F-Secure Blacklight.
• SysInternals RootkitRevealer.

That’s the good news. Now for the bad news, again. Many experts believe, that if Blacklight, RootkitRevealer, or a similar program, identify unknown system objects, your computer is probably compromised beyond reliablity. In this case, the only option is to nuke and pave.

Why The Hijackings?

This is frustrating as hell. I’ve been suspecting this situation since 5/2, when Geeta reported Temporarily Out of Service. Being as I’m not an employee of Blogger, just another Blogger like everybody else, I have to sit on the sidelines with everybody, and watch the fun (NOT). And I can only remind each person with a hijack situation, to Report The Problem To Blogger Support.

But I suffer, as does everybody else, while I wait for my turn at being hijacked. And wonder WTF I’m doing to protect myself (if I am), and why I haven’t been hijacked.

Why (how) are all of these blogs getting hijacked?

The Possibilities

• The bad guys are attacking thru Blogger client (unpaid staff) personal computers.
• The bad guys are attacking thru Blogger or Blogspot servers.
  • The bad guys have brute forced a security hole in a Blogger or Blogspot server.
  • A recently applied Blogger software upgrade created a vulnerability, which has been exploited by the bad guys.
• The bad guys are using botnets to detect deleted blogs, and / or to hijack Blogger accounts.
• The bad guys have been hijacking blogs for some time. The recent resolution of several (though not all) widespread Blogger problems has created a lower noise level in the forums, and the hijackings have become more visible.

One of the recent victims of the hijackings has a blog where discussions about these possibilities are in progress. Your feedback, either here, or there, will be appreciated.

The Bottom Line
Somehow we have to help Blogger Support realise that there is a problem, and then help them see a pattern, so they can identify the problem. Whether the problem is with us or them, WE are the ones who suffer. To them, it’s an 8 x 5 job. We spend hella more time worrying. Or suffering. And I’m not really sure which is worse. Being hijacked. Or waiting to be hijacked.

One of the problems is that, when there is a problem, nobody wants to diagnose the problem. They just want it fixed. Now. So the bad guys hijack our lives, with impunity.

WTF is this when a bad guy can abuse us, over and over, and the only solution is to move to a WordPress blog?

Patience, Persistence, and Publicity

When you’re trying to diagnose and solve a networking problem, these are three qualities that you need.

Be patient – with yourself, and with others. Accept the fact that you don’t know what’s going on, and move ahead.

Be persistent – with yourself, and with others. If one diagnostic procedure doesn’t tell you anything useful, try another. If one solution doesn’t produce the results you hope for, look somewhere else for another. Ask questions – of yourself, and of others.

Provide, and seek, publicity. Let others know what works – and what doesn’t. Use the Internet for what it is – a gigantic reservoir of knowledge. But be selective in where you seek advice.

Stub Post

What is a stub post?

My first one was, originally, Drop Back And Kick.

This is a better example. Just a simple post. No images, fancy formatting, or anything interesting.

What is a stub website? One that contains just one stub post.

You’ll see stubs in the test forums.

Test.

That’s all a stub is. A test post, or a test website.

Is Your Blog Getting Hijacked Thru YOUR Computer?

I’d hate to be the guy who stood in a crowded theatre (concert hall) and yelled

FIRE

so I’m sort of wondering if this advice is superfluous. But knowing computer security, it’s all possible. All of the shite that I write about is very real.

And right now we’re all smelling a lot of smoke.

Hijacking blogs is ONE practical use for malware.

Now, if there is a security weakness in Blogger that we don’t know about it, that’s up for Blogger Support to find and fix. And we have to pray that they do, and we have to feed them clues, when we have any, about what to look for. Which means, if we discover that our blog has been hijacked, we have to report the problem.

If there is a security weakness on our end, we need to know about that too. And fix the problem. Here are several possible problems.

• Weak passwords, that are susceptible to password cracking, generally brute force activity. Strengthen your password!
• Password logging malware. This is a very common problem in computers; it’s possible that there is malware out there that is targeting Bloggers.
  • Become aware of what malware is out there.
  • Check your computer, carefully, for malware. If you find anything interesting, report it, here. Let other Bloggers know what to look for!
  • Protect yourself. Layered security is a good start.
• Blogging on computers, or networks, that we can’t (shouldn’t) trust. Any time you enter your Blogger account, or password, using a public computer, location, and / or network, you are at risk. Think.
  • Using a public computer, maybe one in a library or at work, that someone can later access.
  • Using your own computer, but on a public network, maybe in a coffeeshop or at work.

Communication with other Bloggers is the best way to stop the hijackings. If they are our fault. But knowing what the hell is going on is the first step.

Moving To Your Blog To External Publishing? Plan Carefully!

Not everybody is aware of this detail, but Blogger One Button Publishing has 2 components:

1. The Blogger web site creation database, ie “Blogger.com”.
2. The Blogger hosted web sites, ie “Blogspot.com”.

Look carefully at your blog address. Is it “whatever.blogger.com”? Nope, it’s probably “whatever.blogspot.com”. Or it’s something else entirely, in which case you’ve already done what I’m discussing.

If you’ve had your blog for a while, and you tire of the limitations and problems that are common with Blogspot web sites,

• Storage limitation, ie 300MB of pictures maximum.
• Name limitation, ie “whatever.blogspot.com”.
• The ugly Navbar at the top of the page.

Then you may be ready to publish your blog externally, ie outside of “Blogspot.com”.

But, if you’re going to switch to external publishing, think first.

• If you ever tire of external publishing, and want to move back to your original blogspot.com address, you may have to contact Blogger Support, and have them delete yet another spam blog.
• If you have any readers that you want to keep, you should plan on setting up a stub blog at your old address, saying something like
  

  This blog has moved, please make a note of the new address:
  http://whatever.example.com

Minimise your exposure to potential spambot hijacks. Follow this procedure for migrating your blog to external publishing. Think about each step first, and do them in sequence.

1. Setup the new host, get the domain name straight, put a stub website there, and test it.
2. Setup a new blog, with a stub post as above, containing a single link, to your new, external host. Publish the new blog to a throwaway blogspot.com address, and test it.
3. Backup your current blog, as it is now in Blogspot.com.
4. Backup the template, into a text file. Save the backup file in several places.
5. Change the Blogger settings, on your current blog, to publish to the external host.
6. Change the Blogger settings, on your stub blog, to publish to your current blogspot.com address.
7. Republish the main blog, to the external host.
8. Republish the stub blog, to the just vacated main blogspot.com address.

If I was doing this, I would do all steps at the same time, one after the other. I would probably not take a rest break, and I certainly wouldn’t let the sun go down, before completing the last step. Seriously. Read Spam Blogs #3, if you don’t understand how frustrating it will be for you to have to have your vacated blogspot address used for a splog.

Ticket Numbers #2

In No Ticket Number For Help Form Entries?, I expressed my dismay in submitting problem reports, and getting back acknowledgement, but without a ticket number.

Today, I submitted a Spam Blog Notification, and got an interesting botmail (and the typo is in my original report):

Re: [#545569] Spam Blog Nitification

Hi there,

Thanks for contacting Blogger Support. We will review your message and respond as soon as possible. Thanks for your patience.

Sincerely,
Blogger Support

Did they restore the ticket number, and simplify the message content? Or does this vary depending upon which of the selections in the list is used:

• My blog is gone!
• I can’t post. (I’m on Blog*Spot)
• I can’t post. (I’m on my own server)
• I can’t post pictures.
• Template or Display Problems
• Comments and Backlinks
• Profile Issues
• Team Blogs
• Mail Features (BlogSend, Blogger Mobile, Mail-to-Blogger)
• Add-Ons (Blogger for Word, Picasa, hit counters, etc.)
• AdSense Issues
• Blogger is Down!
• Report a TOS violation
• Other

Update (13:19 June 22, 2006):
A second botmail, with more detail, suggesting that action is pending?

Hello,

Thanks for writing us regarding this possible Terms of Service violation. We will examine it soon and take action as necessary.

Sincerely,
The Blogger Team

Original Message Follows:
————————
From: “{U 758968 B 0}”
Subject: Spam Blog Nitification
Date: Thu, 22 Jun 2006 20:02:33 -0000

This blog redirects to a commercial site selling a possibly illegal product:
http://phentermineus.blogspot.com/

ItemType: TOS
BlogId: 0
BlogName: No blog in particular
UserID: 758968
UserQueue: 20