Blog Content, And Confusion About Blogs Locked After Detected Account Hacking

One Blogger mystery involves the varying periods of blog unavailability, after hacking activity is detected.

My blog just disappeared from my dashboard - and no, it's not listed under "Deleted blogs"!

When the owner mentions the notice about "suspicious" / "unusual" account activity, or having unlocked the account (by solving a CAPTCHA, receiving a phone message, changing the password) - and is advised to wait "24 to 48 hours" - many ask the obvious.

Is "24 to 48 hours" really accurate?

In reality, the legendary "24 to 48" hour time period is only a ball park figure - and both Blogger / Google, and the blog owner, contribute to the uncertainty.

The well known advice to "Wait 24 to 48 hours", after a Blogger account is locked for suspected hacking activity, is only an estimation of the waiting time, which the owner may have to endure. This is account / blog integrity verification.

There are several factors which can contribute to the accuracy of "24 to 48 hours" (which maybe should be stated as "one to two business days").

• Availability of essential Blogger / Google personnel.
• Current hacking activity level, and ongoing Blogger / Google workload.
• Blog content, which complicates hacking payload analysis.

We've referenced the first two factors (personnel, and hacking activity level) in the well known Blogger FAQ How long will it take?. The third involves detail which only the blog owner can provide. Many blog owners contribute to this uncertainty, in the development of their blogs.

There are several types of content, which hackers like to add, to blogs temporarily under their control.

1. Advertising - and similar shiny accessories.
2. Custom code - and various template tweaks.
3. Links to other blogs - and to websites outside Google address space.
4. Team memberships - and multiple blog owners.

All of these features, also added by the owner - and allowed (and encouraged) by Blogger - can require extra effort as a blog is validated, after detected hacking activity.

Blogger / Google security experts, in examining an account / blog, must look for features possibly added by the hacker. Security experts have no immediate knowledge what was added by the owner, long ago - as opposed to by a hacker, more recently.

Any advertising, custom code, external links, or team memberships, intentionally added by the owner, will contribute to time spent validating blog integrity.

• Leave a setting or tweak added by the hacker - and the blog remains a security risk, when returned to service.
• Remove a setting or tweak added by a blog owner - and the blog becomes broken, when returned to service.

Neither is desired, by the blog owners - nor by Blogger / Google.

More accessories and tweaks == more time spent by security experts == more time the blog remains offline, while the owner waits in uncertainty.

This uncertainty, added to delayed deletion caused by cache latency, leads to mystery.

All of this brings to mind the old adage.

KISS

Keep it simple, stupid.

>> Top