Blogger Blogs Redirecting To "blogspot - ping . com"

Today, we see the latest in the never ending saga of blog owners, who previously (maybe / maybe not recently) installed some deviously created software - whether intentionally or not - and who now find their readers unable to view their blogs, and themselves even unable to access the template editor to remove the malicious code.

My blogs are redirecting auto to ping . blogspot - ping . com", can anybody tell me how to fix this?

The malicious redirecting appears to be cause by a small snippet of JavaScript code - which has been installed, in most cases, as template HTML. Alternatively, some blog owners have added separate HTML / JavaScript gadgets, to host this code.

It's easy enough to identify - not so easy to remove, as some owners have found. In many cases, we are seeing reports that even when directly accessing the Layout wizard or Template Editor, the malicious code activates, and redirects the blog owner's browser.

Since the redirect is running from a snippet of JavaScript code, blocking the malicious code will prevent the redirection, and allow corrective access to the Layout wizard or Template Editor.

<script src='http : // ping . blogspot - ping . com / ping . js' type='text/javascript'></script>

Whichever GUI wizard you use to remove the code, remember to clear cache and restart the browser after removal and before testing for success.

Since I routinely - and consistently - use Firefox with NoScript to browse, I was able to access one victim blog without the redirection occurring, view the blog source, and extract the above code. If you use NoScript, you (the blog owner) should be likewise able to access your dashboard, and the Template Editor, and remove the bogie.

Please note that the code snippet, excerpted above, has extra spaces inserted into the URLs, to prevent advertising of the actual hijacking domain.

Anybody who knows where this bogie originated, and how it was deviously conned upon the blog owners, can help a lot of people by identifying the origin. Only when this is done, can we try to prevent the problem - rather than advise how to remove the problem.

First, install the popular Mozilla browser, Firefox. Having added Firefox, install the add-on NoScript. NoScript uses a Unix level security policy.

Deny by default, permit by exception.

Keep in mind the different trust levels of Blogger and BlogSpot - with NoScript, you will have to allow Blogger, yet forbid BlogSpot. Code from unknown domains, such as "blogspot - ping . com", will not run on any NoScript protected computer - unless you, intentionally, enable it. Knowing the threat from this bogie, you will hopefully choose to not enable this domain.

Read More

Use Third Party DNS Servers, For Domains Registered By 1And1, And Similar Registrars

Ever since Blogger added the domain ownership verification requirement to blogs published to custom domains, we've been seeing various complaints from some blog owners, who have purchased domains directly from registrars who can't provide the required DNS addresses on their servers.
Last month, Blogger Engineering, responding to the complaints, provided a workaround to the problem.
Even though not all registrars have DNS servers that will provide the right DNS address entries, most registrars will allow us to use third party DNS servers. The use of publicly available DNS servers, which can provide the required DNS addresses, will eliminate the need to transfer domain registration - when the registrar is unable to provide the right DNS addresses, using their own servers.
If you're trying to setup your domain, purchased from 1And1 or a similar registrar, you need only to setup a suitable third party DNS server. Marc Ridey, of Blogger Engineering, describes three simple steps, added to the normal third party registrar domain setup process.

1. Setup a (free) CloudDNS account.
2. Setup your normal DNS addresses (including the required domain ownership verification "CNAME") in CloudDNS, using the CloudDNS Domain Manager wizard.
3. Setup your domain, using your registrar's domain manager wizard, pointing to the CloudDNS DNS servers.

Any time that you need to update DNS addresses, use the CloudDNS Domain Manager wizard.

---

(Note): CloudDNS, when setup, may offer the option to redirect the domain root (aka "naked domain") to the "www" alias (or whatever DNS address you may setup). For best results, you should ignore that option, and use the Blogger or Google Apps redirect. There are still only three acceptable DNS models - use of CloudDNS, or any comparable DNS host, will not change that.

---

This may not be an ideal solution for the problem - it introduces a bit of complexity into the domain setup process - but it will allow owners of newly purchased domains from 1And1, Network Solutions, and others to get their domains verified, and get their blogs online again. And, since this starts with blog owners who elected to purchase their domain directly from a registrar - and setup the domain themselves - maybe it's not too much, technically.
It's also possible that this technique can be used for victims of the eNom DNS Infrastructure problem - and for those who only purchased Name Registration, directly from the registrar.

---

If you are using your third party registrar because you have actual web content (a web site, email, files, or other service) hosted by the registrar, please note the warning by Marc!

Warning: If you are using 1and1 hosting services to display a website as well as a Blogger blog, these instructions will disable the website. Please post a comment with your website address and I'll check how these instructions must be updated. If you're using eMail, remember to complete the optional eMail step.

---

>> Top

Subscribe to: Post Comments (Atom)

Search Me

Search Me

What Is This?

Translate Me

What Are These?

Follow Me

Follow Me (Expanded)

If you have lots of bandwidth / patience, check out my Expanded Followers Display.

Subscribe To Me

XML      

Subscribe To

Posts

Comments

In Martinez, California, it is...

Courtesy of timeanddate.com

Topics Index

For our new, cloud style, full page Topics Index, go here.

• Google - Blogger Buzz
• Google - Blogger bX- Problem Reporting
• Google - Blogger Contact Form
• Google - Blogger Content Policy
• Google - Blogger DMCA Violation Reporting
• Google - Blogger In Draft
• Google - Blogger Help
• Google - Blogger Help Survey
• Google - Blogger Spam Blog Resolution
• Google - Blogger Support
• Google - Blogger Known Issues
• Google - Blogger Spam Blogs Reporting
• Google - Blogger Status
• Google - Blogger TOS
• Google - Blogger TOS Violation Reports
• Google - Blogger WishList
• Google - Blog Search
• Google - Privacy Policy
• Google - Terms Of Service
• Google - Recently Updated Blogs
• Google - What Blogger Accounts Do I Have?
• Blogger Forum
• Blogger Tips and Tricks
• IT-Mate
• Malware Advisor
• Most Frequent Blogger Questions
• RBS FAQ
• Roberto's Report
• Tweak My Blogger
• Free Guestbook From UltraGuest

Key Articles and Tutorials

(Select To Hide or Show Key Articles)What Is This?

Blogger Buzz

• Grow your audience with the Google+ followers gadget - Wednesday, November 28, 2012
• New and improved Blogger mobile apps - Thursday, November 15, 2012
• Getting Help on Blogger - Friday, October 26, 2012
• Google Affiliate Ads for Blogger now in the UK! - Friday, September 21, 2012
• A more dynamic mobile reading experience - Wednesday, August 29, 2012

Known Issues for Blogger

•  - Wednesday, November 28, 2012
• Google+ Followers Gadget for Dynamic Views - Wednesday, November 28, 2012
• Missing stats for pageviews - Monday, October 15, 2012
•  - Tuesday, October 02, 2012
•  - Wednesday, September 26, 2012

Contents

• ▼ 2012(201)
  • ►  December(2)
  • ▼ November(23)
    • The Internet Has Created Various Opportunities For...
    • The Missing / Invisible Pages Index Gadget
    • Troubleshooting Custom Domain Issues
    • Troubleshooting Your Custom Domain Problems
    • After You Publish Your Blog To A Custom Domain, Sh...
    • Your Blog Address Is Unique - Though Many Other Id...
    • Blogger Magic - Verifying A Blog Feed URL
    • To Republish A Custom Domain, You Do Have To Add A...
    • Redirecting The Traffic From Your Blogger Blog
    • Use A Well Protected Browser, To Block Redirecting...
    • Add A Simple "Recent Comments" / "Recent Posts" Ga...
    • Improved Spam Review / Undelete Option In The New ...
    • Using The Google Apps Domain Root Redirect Setting...
    • Blog Owners Seeing "Error 14" Or Similar Symptom, ...
    • The Free Domain Registration Service "co.cc" Appea...
    • Blog Owners Report Mysterious Blogs Added To Their...
    • Blogger Comments Being Posted Using An Anonymous B...
    • Blogger Won't Censor Comments, Or Accept Abusive C...
    • Observe DNS Address Entry Conventions, When Settin...
    • Blogger blogs redirecting to "scrapur . com"
    • You Cannot Have The BlogSpot URL With Your Busines...
    • Accessing The Registrar's Domain Manager, After Us...
    • Use Third Party DNS Servers, For Domains Registere...
  • ►  October(7)
  • ►  September(16)
  • ►  August(13)
  • ►  July(16)
  • ►  June(18)
  • ►  May(27)
  • ►  April(22)
  • ►  March(12)
  • ►  February(19)
  • ►  January(26)

• ►  2011(257)

• ►  2010(267)

• ►  2009(297)

• ►  2008(303)

• ►  2007(242)

• ►  2006(175)

• ►  2005(6)

The Real Blogger Status - Comments

• Sail, If you purchase the domain through Blogger ... - Saturday, December 01, 2012
• Hi. I made a transfer from one gmail account to an... - Saturday, December 01, 2012
• hi. i just bought my custom domain name through bl... - Saturday, December 01, 2012
• Ah, thats too bad, but thank you. - Saturday, December 01, 2012
• Used many of your tips here over the years... neve... - Saturday, December 01, 2012

The Real Blogger Status - Posts

• Stats And The "Don't track your own pageviews" Option On Mobile Computers - Sunday, December 02, 2012
• The Dashboard Spam Review / Undelete Option Can Be Used To Your Advantage - Saturday, December 01, 2012
• The Internet Has Created Various Opportunities For Conflict - Friday, November 30, 2012
• The Missing / Invisible Pages Index Gadget - Friday, November 30, 2012
• Troubleshooting Custom Domain Issues - Thursday, November 29, 2012

• 
  The Official Google Blog

  

  Announcing the Africa News Innovation Challenge winners - Digital tools are an increasing impetus for innovation across African newsrooms. From crowdsourcing content to using infographics to tell stories, journali...

  2 days ago
• 
  Known Issues for Blogger

  - Some users are reporting that they're hitting unexpected image quota limits when uploading an image from Blogger. We're investigating the issue and will re...

  4 days ago
• 
  the Report

  Words, with Friends - *"The time has come, the walrus said..."* - and even older blokes like me, can't sustain interest for long. I have, virtually, lost my interest in bloggi...

  5 months ago
• 
  Malware Advisor

  Avast-iYogi Poor support or scam? - Brian Krebs on Security investigates, be sure to check the comments: https://krebsonsecurity.com/2012/03/aghast-at-avasts-iyogi-support/

  8 months ago
• Tweak My Blogger

  Error When Editing Template With New Interface - Since the new Blogger interface came out we have dealt with many issues and I am sad to say their is one more major flaw. The new interface seems to hate i...

  9 months ago

Show All

Pageviews past week

20436

Popular Posts

• Recovering A Deleted Page Or Post
  In late 2010, Blogger Support announced that they cannot provide the service to restore deleted posts . Once you (the blog owner) delete a ...
• Blogger Magic - A Static Home Page, Improved
  For many years, Blogger blog owners have been asking for the ability to have a static Home page, on their blog. We came up with a basic sol...
• Adding Your Blogger Blog To Your Web Site
  Most of us who blog just setup a blog, and start . Some people already have a web site, and simply want to add a Blogger blog to the web si...
• Know Your Visitors
  Most Bloggers, and publishers of other websites, shouldn't just write content, blindly. They need to know who reads the content too. Some...
• Make An IFrame To Contain Another Blog On Your Blog Page
  When you want to merge two websites (either or both being a blog), yet keep the content of each separate, the most obvious solution is to u...
• Make Your Blog Speak More Languages
  I speak and write English (Americanised English, for you Brits). Until this weekend, my blogs were all published in English, and in English...
• Removing Blogs From Your Reading List
  One of the strangest cases of confusion, exhibited in Blogger Help Forum: How Do I? , comes from people who only want to remove a blog from ...

Read More

Accessing The Registrar's Domain Manager, After Using "Buy a domain"

Setting up a custom domain, and publishing a blog to a non BlogSpot URL, is a simple enough task - when we are able to use the "Buy a domain for your blog" wizard. Sometimes, after using "Buy a domain ...", we may still have to access the registrar's Domain Manager wizard.

When we use "Buy a domain", along with setting up the domain for us, the Blogger / Google wizard sets up a new eNom or GoDaddy domain owner account. To let us later login to eNom or GoDaddy, the "Buy a domain" wizard saves the login information, for our new account - in a Google Apps desktop wizard. Here is yet one more reason why we absolutely must setup the provided Google Apps account, after receiving the Google Apps email.
The process of managing a domain, when setup using "Buy a domain", is not too complicated.
 Setup the new Google Apps account.

1. Login to Google Apps.
2. Retrieve the Google Apps registrar login information, from "Advanced DNS settings".
3. Login to the registrar (eNom or GoDaddy).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      The domain owner registrar login information is right there, in "Advanced DNS settings"

 The domain owner login information is in the Google Apps desktop.

1. Go to "Domain settings" - "Domain names" - "Advanced DNS settings".
2. Open a new browser tab or window, clicking on "Sign in to DNS console".
3. Copy the Sign-in name, and the Password, to the appropriate boxes on the sign-in dialogue, and click "Login".
4. This will put you into the Domain Manager wizard, for the new domain.

If you already had an eNom or GoDaddy account, that will be a separate account - but with this new account maintained for you, by Google. Just keep your new Google Apps account accessible and active, keep the domain registration up to date - and you'll have no problem accessing the Domain Manager wizard, and managing the domain, whenever you need.










 

Read More

You Cannot Have The BlogSpot URL With Your Business Name, If That URL Is In Use

This summary is not available. Please click here to view the post.

Read More

Observe DNS Address Entry Conventions, When Setting Up Your Custom Domain

One of the more frustrating steps involved in setting up a custom domain comes with entry of the DNS addresses, into the domain host or registrar's Domain Manager wizard. Whether you are setting up a new domain, just purchased directly from a registrar - or re publishing an existing domain, purchased using "Buy a domain" - the addition of the proper DNS addresses is essential to successful custom domain publishing.

Sometimes, you just can't get the domain manager wizard to accept what you are provided by "settings instructions". Other times, you enter the proper values, your Zone Update is accepted by the domain manager wizard - and the Blogger Publishing wizard rejects your attempts.

Even after repeated attempts to publish your blog to the domain, you can get another "Another blog ..." error - maybe an "Error 12" or variant. This may be in spite of the fact that you are retrieving a new "Name" / "Destination" periodically from "settings instructions", and dutifully adding or updating the domain ownership verification "CNAME" Alternately, you may just be adding the base DNS "A" or "CNAME" addresses.

Every blog owner needs to realise that the Domain Manager wizards have conventions for entry of both the "Name" ("Label" / "Host"), and the "Destination" ("Target" / "Points To") values in the DNS address records ("Zone Entry"). The conventions used will vary, from Domain Manager to Domain Manager - and the differing conventions will affect the success of your domain publishing attempts.

In some cases, the Domain Manager will immediately reject your entry, if you mis enter the value. In other cases, the entry will be accepted - but Blogger will reject your attempts to publish. Either scenario can be caused by misentry of either the "Name" or "Destination" value, and your overlooking the differences between "absolute" vs "relative" addresses.

This problem is observed by some as the mysterious "period" / "full stop".

• If you omit the period, and it is required, the Zone Update may take place - but the Blogger Publishing wizard will overlook or reject the resulting DNS address.
• If you add the period, and it is not allowed, the Zone Update will reject your attempt.

This can happen for either the "Name" or "Destination" value.

Here, I will note that this problem is one which neither Blogger nor Google can resolve. Whether you purchased the domain using "Buy a domain" - or directly from the registrar - if you must use the Domain Manager wizard provided by the DNS Host / Registrar, your understanding of the conventions observed by that Domain Manager are your responsibility. There are conventions for the "Name" and for the "Destination" values - and you have to find out, and follow, each.

For a domain of "mydomain.com", you will probably enter the published address - "www.mydomain.com" - as "www". This says that the "Name" value is "relative" to the domain URL. You can't enter the domain root, "mydomain.com", as "mydomain.com" - as this would give you a DNS address of "mydomain.com.mydomain.com" - and yet another "Another blog ..." error. You will probably need to enter the domain root as "@" or a similar special character. This, too, is your responsibility to verify.

If you are asking for help in Blogger Help Forum: Something Is Broken, and I am advising you, I'll be asking you for three essential values.

1. The BlogSpot URL.
2. The domain URL.
3. The "Name" value provided by the "settings instructions" document.

None of these values are optional - and strict attention to accuracy, in your reply, is essential.

Read More

Blogger blogs redirecting to "scrapur . com"

This week, we've seen several reports in Blogger Help Forum: Something Is Broken, from Blogger blog owners, reporting the latest hijacking of their blogs.

My blog is being redirected to a spam site - was it hijacked?

As is all too frequently the case, the redirection appears to come from third party code or gadgets, willingly installed by the blog owner. Examination of the website in question appears to indicate a long expired domain.

This domain name expired on Nov 7 2012 11:32:24:000AM

It's possible that, right now, this is not a maliciously planned hijack - though any expired domain can be re purchased for a devious or malicious purpose.

In several cases, the redirecting code appears as part of an installed XML gadget, a version of "Recent Comments". In other cases, we have observed naked JavaScript code, installed directly into the blog template. Here are identified examples - though you may see other variants.

<script style="text/javascript" src="http : // scrapur . com / index / wp-content / uploads / 2008 / 04 / rc . asp"> </script>

or possibly

<script src='http : // scrapur . com / index / wp-content / uploads / 2008 / 02 / smile . js' type='text/javascript'></script>

(Note the URLs have been modified, to prevent search engine indexing of a potentially malicious domain).

Use of a text proxy, such as Rex Swain's HTTP Viewer, when run from any browser, will allow you to safely examine the blog source, without interference by the redirecting code. In this case, simply load your blog using the URL, then use the browser test search, for "scrapur", in the proxy log. This will let you see if the code in question is part of an HTML gadget - or it is installed directly in the template.

As with many reported hijacks, access to the Blogger Layout and Template wizards appears to be affected. If you need to remove this code from your blog, you may find yourself unable to use either the Layout wizard (to remove an identified gadget) or the Template wizard (to remove directly installed code). In this case, you will need to use Firefox with Noscript - or a similarly well protected browser - to prevent the redirecting code from executing.

After removing the identified code from your blog, as always, clear cache and restart the browser. Finally, I'll remind you again, to please be particular - only install third party code from trustworthy providers.

Read More

Blogger Comments Being Posted Using An Anonymous Blogger Email Address

Some Blogger blog owners use their Blogger blogs as the center of their peer to peer networking life. Their readers are expected to post comments - and to leave their email addresses, as part of their message or profile, to allow direct contact. Long ago, I used the email address of some commenters as part of an easy "Contact Me" form, on this blog.
Recently, we've been noting that Blogger comments don't always include a useful email addresses - many comments simply describe the commenter as

noreply-comment@blogger.com

Not all blog owners - and readers - appreciate this change.

When I leave a comment using my google profile, it isn't linking my profile with my email address. How do I get my email address properly displayed?

and

Why do so many comments, published to my blog, show the email address of "noreply-comment@blogger.com"? How do I email my readers?

For some time, we've known of the dangers of revealing your email address to the world, in general. Blogger blog owners have been a known special risk. Google developed Google+, with the Google+ profile, to allow everybody to network with their friends - both old and new - without the risk of revealing one's email address.

Google+ replaces email completely. You can share comments, messages, photos, and videos with anybody, in a self contained universe - and you can define your own, personal universes. This leaves the need to reveal your email address completely unnecessary (though you can use email, if you wish, without knowing anyone's address - or revealing yours).

After Google+ became popular, Blogger added the option to link our Blogger blogs with our Google+ profiles. Blogger profiles, based on Google+, are cleaner, and use the Google+ displays to update. To encourage people to use Google+ for peer to peer networking activity, and to make our Blogger accounts and blogs safer, Blogger has eliminated our email addresses from all outside correspondence - including when we publish comments on Blogger (and non Blogger) blogs, using a Google+ based Blogger profile.

If we publish a comment on somebody's blog, and the blog owner has enabled comment moderation or notification, our comment shows up in the email inbox of the blog owner - but with our email address displayed as "noreply-comment@blogger.com". This prevents our email addresses - and our Blogger account names - from becoming unnecessarily revealed. Blog owner - reader comment communication is still possible - but again, without the email address of the reader being known.

Some time ago, I discovered an odd type of comment spam, which I termed "nice Blog" spam.

Nice blog. I will keep visiting this blog very often.

This spam, from what I can tell, has been published by the millions, in various blog comments. It's likely that this particular spam is being published as a very imaginative form of email address mining.

All that the spammer has to do is publish a spam comment, and select the option to "Send me replies". Any comments published later, and including the commenters actual email address, would be delivered directly to the spammers inbox. Knowing the email address - and the blog URL (how many comments do not include a link to a blog?) - the hacker would go straight to work. Later, we would see

I can't access my blog, any more - and somebody has updated it with spam!

This was a direct result of the former blog owner, having left a comment on somebody else's blog.

By eliminating our email addresses from our comments, Google is helping to protect our accounts and blogs, while letting us continue to comment on each others blogs - and to eliminate one type of unnecessary spam from our blogs.

Google+, which replaces email for networking, uses a "Friend of a Friend" relationship to let you expand your universe infinitely, with each comment, message, photo, and video that you share. It lets you control the expansion of your universe - if you wish. And, it helps keeps your Blogger blog under your control.

Read More

Blogger Won't Censor Comments, Or Accept Abusive Comment Reports

We have seen this question, periodically, in Blogger Help Forum: How Do I?

When will Blogger provide me with the option to block an abusive commenter, from my blog?

This is a request that simply cannot be fulfilled.

The issue of blocking individual commenters won't be solved by a new Blogger feature.

• It's technically impossible.
• It's contrary to Blogger policy.

Any abuser of Internet services (aka "hacker", "spammer", or "troll"), with any ability, knows how to create multiple Google accounts without effort. Blogger Engineering is unlikely to spend time developing a new feature ("Block this comment publisher") that will simply provide you with a false sense of security, have no effect in the long term, and require an unproductive use of their time.

If you realistically feel that a comment publisher represents a legal and physical threat to you, you should report the threat to your local police agency. Other than physical threats, Blogger regards comments as a "freedom of speech" issue. Comments published on your blog are jointly the property - and the responsibility - of the comment publisher, and you.

As the blog owner, you are allowed to choose which comments publish, or remain published, on your blog. You can moderate before, or after, comments are published.

If any comments offend you, moderate or delete them promptly. Concentrate on publishing your blog, and ignore the abuse. Eventually, the person abusing you will get bored, and move on.

Read More

Blog Owners Report Mysterious Blogs Added To Their Dashboard Blog List

We are seeing a small but steadily increasing stream of problem reports, in Blogger Help Forum: Something Is Broken, from Blogger blog owners, wondering where these mysterious blogs, being added to their dashboard "My blogs" list, are coming from.

Is anyone else experiencing random blogs being added to their dashboard? I login, and I notice that many blogs have been made - and they're all with names that are just a jumble of letters and numbers, but no posts. All of them lead to the same blog though.

Here's a random list of the names of 7 such blogs, which were recently created in the "blogspot.com" name space. If you wish to examine these blogs, and these have not yet been deleted by the Blogger anti spam processes, I strongly advise that you use a proxy server, or similar isolation technique. Never examine any hacking / spam attack component, unprotected.

yyxfkfgpiy
x24xd2wtu1
4o4fq0rqp9
26djmc3xyh
m9s5tdor2l
h62wo5uthr
bsojvu43gk

Some blog owners are seeing dozens of these mysterious blogs. Adding to the confusion, a couple owners have even thought that their legitimate blogs have been replaced. Fortunately, what is happening is that the legitimate blogs are still there - just not visible in the noise.

When queried for details, many owners report having received, and accepted, an offer involving FaceBook, and the suggestion to "Change your colors". Apparently, if logged in to both Blogger / Google, and FaceBook, this mysterious "FaceBook app" will simply setup quantities of BlogSpot hosted spam blogs, frighteningly reminiscent of blogs created as part of the long ago observed Russian Business Network spam blog farms.

Each blog created has the same initial content - a display, with the offer to "Change your FaceBook colors". The link to accept the offer then leads to a non Google website, which installs the malware, which creates the mysterious spam blogs, in mass quantity. For your examination, here is one example spam blog - which may or may not currently be online, using a proxy server link.

http://anonymouse.org/cgi-bin/anon-www.cgi/http://yyxfkfgpiy.blogspot.com/

We don't yet know what, if anything, is being installed on the computer used in the blogs creation - nor how malicious the virus is, when installed on one's own computer. Our advice is simple - avoid becoming a victim. If you are receiving invitations for this service, it's possible that your FaceBook friends, supposedly sending the invitations, are the current victims. If you ignore the offer, you should be safe.

Of course, if you are concerned about this situation, you might want to review your current protection.

Read More