Custom Domain Migration, And Redirection Blocking

We see occasional frustration, in Blogger Help Forum: Get Help with an Issue, involving broken or unreliable custom domains.

I setup the Custom Domain properly, following the Google directions.

For some of my readers, my custom domain is not opening. I can see it is going in an infinite loop in the browser - and after a long time, it's throwing errors. My domain is setup, properly. Why do I have to deal with this?

And we will investigate - and in many cases, we find the domain is setup properly.

Some custom domain published blogs have problems, which have nothing to do with the domain setup.

Some custom domain problems involve custom code, added to the template, long ago.

Not everybody is in favour of the ongoing Blogger efforts to convince blog owners to force their readers to use HTTPS / SSL, in blog access.

A number of hackers are making their websites popular, by providing code that lets blogs block forced HTTPS access - just as they provided code that blocked local country domain redirection. Some blog owners add this dodgy code, to their blogs.

This hacking lets blog owners publish their blogs, and use accessories and gadgets that only support HTTP access. Unfortunately, with third party code, you get what you get.

Some third party code, which blocks HTTPS blog access, works OK - for a while.

When a blog is published to a custom domain, redirection to "blogspot.com" causes a redirect loop - or a security check.

<script type='text/javascript'>
var blog = document.location.href.toLowerCase();
if (!blog.match(/\.blogspot\.com/)) {
  blog = blog.replace(/\.blogspot\..*?\//, ".blogspot.com/ncr/");
  window.location.replace(blog);
  }
</script>

This is clever code, seen some time ago when used to block country local domain redirection. Then, as now, some blogs might be deleted or locked as malware hosts - or the blogs would become intermittently inaccessible.

Is the unreliability appropriate? You can add what code you like, to your blog. Eventually, what you add may cause you problems.

---

Some #Blogger blog owners add clever code, to block HTTPS Redirection, to their blogs. This is the same hacker provided code, used long ago to block local country domain redirection.

Like country domain redirection, the code added may work fine, for a while. Eventually, the blog will be deleted / locked for malware hosting - or will start throwing 404 errors and similar confusion.

https://productforums.google.com/forum/#!category-topic/blogger/71k8xOXxByI

Read More

CloudFlare, Custom Domain Publishing, And HTTPS

A few blog owners, who publish blogs published to custom domains, are becoming impatient, waiting for Blogger Engineering to finish the Blogger upgrade to support HTTPS / SSL.

If I get a domain through Google Domains, will I be able to get HTTPS?

Unfortunately, no. HTTPS / SSL is simply not available, to blogs published to custom domains.

HTTPS is not available, for non BlogSpot published blogs.

Whether registered by eNom, GoDaddy, or Google Domains, it simply is not possible to publish a non BlogSpot URL as a supported custom domain, and make HTTPS / SSL available. CloudFlare, a supposed alternative, does not produce a supported custom domain.

A proxied CloudFlare domain looks like malicious redirection.

In some cases, a CloudFlare DNS "solution" tried by some blog owners, will look like dangerous / malicious redirection. Some blogs will show up as "Deceptive sites", aka "phishing".

Some blogs using CloudFlare, for custom domain publishing, will be classified as "Deceptive" sites.



Others will produce alarming warnings about malware.

"This blog is not hosted by Blogger and has not been checked for spam, viruses and other forms of malware."

Click on "Details".



Look at the warning.

Phishing sites pretend to be other websites to trick you.

And there is what you get, with a redirecting proxy service, like CloudFlare.

kireisubs.id. 300 IN A 104.27.133.198
www.kireisubs.id. 300 IN A 104.27.133.198

or

topmovies21.biz. 300 IN A 104.28.0.106
www.topmovies21.biz. 300 IN A 104.28.0.106

This is the basis for malware / phishing classification.

This is most likely a false positive - most custom domain published blogs do not contain malware. Even so, it's not likely that the "Deceptive site" classification will be easily corrected, or the malware warning interstitial removed.

And this is one more blog owner, who must next be provided instruction to correct the DNS addresses.

Having corrected as instructed, DNS addresses are now asymmetrical, and righteous.

kireisubs.id. 86400 IN A 216.239.32.21
kireisubs.id. 86400 IN A 216.239.34.21
kireisubs.id. 86400 IN A 216.239.36.21
kireisubs.id. 86400 IN A 216.239.38.21
www.kireisubs.id. 86400 IN CNAME ghs.google.com.

With DNS corrected, Google shows "Not dangerous" - but the warning still displays.

"Not dangerous".

Note "CloudFlare" is still seen as the host.

You can report an error, to SafeBrowsing.



False classification now requires time consuming site review.

Use "Report Incorrect Phishing Warning", if you believe the site is safe.

Finally, get the site reviewed, from the Security Issues page in Security Console (Webmaster Tools) - Security Issues.

And while the blog remains offline, search reputation - and the owner - will suffer.

---

Some #Blogger blog owners want to provide blogs published to custom domains - and offer HTTPS connectivity. Since Blogger cannot provide custom domains with HTTPS right now, the blog owners are using CloudFlare, which provides an HTTPS proxy.

Unfortunately, a CloudFlare proxy looks like malicious redirection - and blogs using CloudFlare are being labeled as "Deceptive" sites.

https://productforums.google.com/forum/#!category-topic/blogger/ApuJ58a4-kg

https://productforums.google.com/forum/#!category-topic/blogger/-LoJCeX6DEA

https://productforums.google.com/forum/#!category-topic/blogger/DhAFOtJFoCw

Read More

Blog Owners, Unable To Request Restore Of A Blog

One of the more intriguing issues, seen in Blogger Help Forum: Something Is Broken, involves people unable to recover control of their blogs.

I recently changed ISPs, and now I can't login to update my blog.

Occasionally, this issue becomes more complicated, because the blog is deleted - and the owner can't request that it be restored, using the automated review request wizard. Sometimes, the would be blog owner may to try to bypass the current blog recovery policy, by claiming special circumstances.

The blog has been deleted. I received no suspicious activity or password change notification emails, or emails of any kind related to my blog.

What is the story here? Can blogs just disappear from the Blogosphere, without the involvement of the blog owners - and be unrecoverable?

Recovery of a deleted blog starts with the requirement that only a blog owner can un delete a deleted blog - and this is where many mysterious disappearances start.

Only the blog owner can initiate hacked blog unlock review.

Since a Blogger blog is the property of the owner, and the owner is allowed to delete a blog any time required, it would not be right to let people who are not the owner un delete a blog - or demand that the blog be un deleted. To enforce this requirement, Blogger added the dashboard based Restore wizard.

Since only the owner will have the deleted blog listed in their dashboard "Deleted Blogs" list, only the owner can request restore of the blog in question.

Dashboard requested restores have multiple purposes.

The dashboard Restore wizard serves blog owners, with blogs deleted under various circumstances.

• Deleted by the owner.
• Deleted by Blogger, as a suspected spam host.
• Deleted by Google, for TOS Violation.

Any deleted blog will appear in a special dashboard list, "Deleted Blogs" or "Locked Blogs" - when it can be recovered. If the blog is not recoverable by the owner, there may not be a link.

Dashboard requested restores may not always be successful.

There are specific cases where a deleted blog may not be recoverable using the recovery wizard.

• The blog is locked, pending integrity check (following account lock for suspicious activity).
• The blog is owned under a different Blogger account, and is listed on another dashboard, under "Deleted blogs".
• A blog owner deleted the blog, long ago - and the blog is no longer recoverable.

A blog locked, pending integrity check, cannot be requested for restore.

Dashboard requested restores start with owner requested unlock.

The owner has to first have the owning account unlocked. Similar to the account recovery process, Blogger / Google will require that the owner provide proof of ownership, before the account will be unlocked. Only if the account can be unlocked, security specialists will inspect each blog owned by the account, and verify that each does not contain evidence of tampering by a temporarily successful hacker.

With blog security review in progress, the blog will be offline and invisible.

While a blog is under integrity check, it won't be listed on the dashboard of the owner - either under "Deleted blogs", "Locked blogs", or "My blogs". Neither the owner, nor any third parties, will be able to do anything except wait, patiently.

Blogs found to contain malware can be locked as TOS Violations, with the owner later required to remove the malware found. This requirement will apply for malware installed by the owner (intentionally, or unintentionally), or for malware installed by a hacker.

With blog malware review in progress, the blog will be offline - but visible.

With a blog locked pending malware removal, the owner is given the benefit of the doubt, and allowed to simply remove the malware, no questions asked. In some cases, Blogger may be able to assist by providing specific identification of the malware found - but this won't happen, consistently.

A blog owned under another account must be un deleted by the owner of the other account. Again, only a blog owner can have a blog restored - whether deleted by an owner, or by Blogger / Google.

A blog deleted over 90 days previously cannot be recovered. It won't appear on the dashboard of any (former) owner, since it can't be recovered.

It's dead, Jim.

Either way, you the owner have to wait for review to complete.

The basic rule is simple. If your blog was deleted, and if you're able to un delete it (or request un deletion), you'll have a link on your dashboard. If a blog is not listed on your dashboard, you can't request, with any predictable success, that it be un deleted - any more than you can demand that a non deleted blog be restored to your control.

Read More

Some Blogger Blogs Being Locked As Malware Hosts

For a long time, we've been dealing with various malware / spam mitigation issues, in Blogger Help Forum: Something Is Broken.

Recently, malware detections, long simply identified as "Malicious JavaScript" in the well known Spam Appeal Guidelines, was given its own identity, and a separate classification / appeal process. We're now seeing several common types of JavaScript, included in blogs which are typically mentioned in forum reports.

It may be helpful to describe some examples of JavaScript code being seen, so blog owners can avoid making the same mistakes, by not including these scripts in their blogs.

There are several common types of JavaScript applications, found in many blogs with the owners requesting review / unlock action.

1. CPA / Cost Per Action.
2. Multiple popups, such as a generic "Welcome!", followed by "Like my blog, before you read it!".
3. Password protection, on a page basis.
4. Security warning popups, suggesting that you need to install a recommended security software.
5. Social networking popups, demanding "Like my blog, before you read it!".
6. Traffic Redirection, targeting other blogs / websites.
7. Traffic redirection, targeting the canonical URL for the host blog.

CPA / CPALeads / Cost Per Action, and similar online marketing terminology, involves providing a reward for viewing a blog, or for subscribing to the blog feed. Some CPA scripts may be used to collect email addresses, also known as "email address mining", later used for hacking activity or spam distribution.

CPA scripts present another problem. Since Blogger blogs are intended to reward the readers by providing interesting and unique content, blogs which use CPA may be improperly designed or maintained. Blogger wants the blog owners to publish blogs which entertain or inform their readers - not blogs which require artificial or ingenious techniques to generate traffic, and visitor activity.

Multiple popups, such as an initial "Welcome to my blog!" greeting, followed by the well known FaceBook "Like my blog, to read my blog!" demand. If multiple popups should become an established practice, it's possible that malware producers could enjoy this technique, to conceal a malware installation.

Password protection, on a page basis, is an attempt to make a blog (or blog portion) private, by using a password. This protection is easily defeated, as the password is provided in the page (post / template) code, as plain text - and can easily be identified by anybody knowing how to view page source as text.

Besides the "protection" being easily bypassed, this is a problem because security scanning programs - such as the malicious scripting bot - can't pass through JavaScript code easily. When encountering this JavaScript application, your blog will be righteously classified, as a malicious script host.

Security warning popups, suggesting that your computer is infected - and offering, for immediate installation, the perfect tool to remove the claimed malware. Security experts know that this is similarly a favourite malware installation technique, where the computer owner would give permission to have the offered software installed - and the installed software would later install a botnet client or similar malicious trash.

Social networking popups are an arrogant way of wasting your readers time, and guaranteeing eventual malware classification of your blog. Popular among some WordPress blogs, the circular FaceBook "Like my blog, to read my blog!" demand is a good way to make genuine readers go elsewhere.

If you want genuine readers, who read a Blogger blog because of thoughtful, unique content, you will not get them by demanding that they boost your FaceBook popularity, before reading your blog. This is just another way of buying "Likes" - and it belongs in WordPress, not in Blogger.

Traffic Redirection, targeting other blogs / websites is a technique attempted by many hackers and spammers. The use of some blogs as gateways, leading to redistributors, which in turn lead to payload blogs or non Google websites, is part of many hacking / spam attacks. Google is trying to restrict the use of Blogger blogs as malware / spam hosts - and actively prevents scripts, which only shuffle readers from one blog to another, without choice.

Even though Blogger will not encourage you to move your blog, to Tumblr, Weebly, WordPress, or wherever, you are allowed to do this - if you feel the need.

Hello, faithful readers:

This blog is now hosted at my new blogging host. Please update your blog lists and bookmarks!

If you must do this, it's OK to post a notice, in your Blogger blog. You can even put a link, to the new blog, in the notice. You just can't use JavaScript, to automatically redirect the reader to the new blog.

Traffic redirection, targeting the canonical URL for the host blog, is a technique used by some blog owners who perceive Country Code Alias Redirection to present a problem. Some accessories installed on their blogs, and various non Google services which may be used to provide activity on their blogs, may not properly reference the canonical URL tag included in all Blogger blogs.

Since Blogger / Google wants all Blogger blog owners to benefit from improved world wide access to Blogger blogs, blogs which employ automatic canonical URL redirection may damage the effect of CC alias redirection. Blogs which host scripts which immediately redirect readers to the canonical URL, and are considered undesirable by any host government, may force an offended host government to block the entire Blogger service, in their country.

To prevent malicious misuse of Blogger by hackers and spammers, and to encourage effective long term use of Blogger by legitimate blog owners, Blogger / Google may detect any blogs which use these types of scripts as part of their general malware / spam classification strategy. Given the ability and willingness of the blog owner, to remove the JavaScript code in question, most blogs can be returned to service - but each blog will remain offline, until the removal is verified.

It's to everybody's benefit to identify, and to avoid use of, these scripts in our blogs, before it's too late. If your blog contains one of these scripts, why not remove the problem now, instead of waiting until you too have to post your problem report, in the forum

Help me! My blog was just locked for

MALICIOUS JAVASCRIPT

What do I do, now?

Read More

Malware Classification, And Country Code Redirection

We're seeing a few complaints, in Blogger Help Forum: Something Is Broken, about overly aggressive malware classification.

Many of the complaints are from blog owners who only want to publish their blogs without fear of side effects from the latest controversial feature, Country Code Alias Redirection.

Spurious malware / spam detection is a painful topic to discuss - and it's even more so when the question of country code alias redirection is discussed. Like auto pagination long ago, country code alias redirection appears to be another case of Google manipulating its customers, maliciously. If you consider this issue from the viewpoint of Blogger blogs in general, though, you may see the full picture.

Blogger blogs, like the Internet, need to be available to all countries in the world, without fear of censorship.

Redirection allows specific blogs to be blocked in specific countries.

Country Code Alias Redirection allows Blogger to selectively disable any single blog, in any single country. This selective disabling will, eventually, eliminate the need of any country government to block the entire Blogger service, in their country, because of a few culturally or politically insensitive blogs.

Country Code Alias Redirection is a righteous feature in Blogger blogs. Like many new Google features, it was added before every Internet service was made able to support it. Country Code Alias Redirection uses an Internet standard - not a Google proprietary feature - the canonical URL tag.

If you look at the header in this blog, you can see an example of a canonical URL tag.

<link href='http://blogging.nitecruzr.net/2013/02/malware-classification-and-cc-alias.html' rel='canonical'/>

That's the tag for this article, for instance.

Some non Google features and services don't support Blogger Redirection.

Some Blogger blog owners find that Country Code Alias Redirection causes problems, with some accessories on their blog. Some owners have added anti redirection code to their blogs, so the accessories on their blogs continue to work.

Country Code Alias Redirection may not work with every third party provided blog accessory or Internet service - because all Internet services, and third party accessory providers, do not support canonical URL tags.

Just because some services are not up to date with all Internet features (like Country Code Alias Redirection), this does not mean that it should not be used. The delinquent services need to be encouraged to update their code, as necessary.

Blogs which block redirection are classified as malware hosts.

Some blogs, which block Country Code Alias Redirection, are being spuriously detected as malware hosts - and this is more controversy.

The anti redirection code looks like malware - because that same code is used by spammers, to abuse the Blogger service. To not classify blogs attempting to disable Country Code Alias Redirection, would require the malware classifier to identify the intent of the blog owner - and would make malware detection more complicated.

Since Country Code Alias Redirection is a righteous feature, it's possible that anti redirection code actually should be treated as malware - even though the blog owners, adding the code to their blogs, may not consider this to be the case.

We need to discourage blocking of redirection, for everybody's benefit.

Those of us who are concerned with detection and removal of malware and spam from the Internet, in general, know that malware and spam is like a cancer - if you don't remove what you see, it's only going to get worse.

To allow anti redirection code to be installed in some Blogger blogs, will encourage other blog owners to do the same - and will inhibit the effects of Country Code Aliasing. Also, it will allow some hackers and spammers to do likewise, without fear of detection. None of these possibilities is good for Blogger blogs, in general.

Your blog may now be locked, because of redirection blocking code,

If you installed anti redirection code in your blog some time ago, your blog was just locked as a suspected malware host. and you are now anxiously waiting for malware review while your blog remains offline, we're sorry for you. But you are not being abused by Blogger - nor is your malware classification unfair.

Remove the anti redirection code, on your blog - now, while you are able. Encourage the providers of third party accessories and Internet services to update their code. And don't allow or encourage hackers and spammers to abuse Blogger blogs, or the Internet in general. Please.

Read More