blogger hacked

[ArtDeco]

So two years ago, I set up a free blogger blog to get my ad cents approved. I haven't touched it for months. I checked it the other day and it looks unchanged, then I checked it in my Google reader and found hundreds of posts that I didn't write (all on topic, BTW) - click on any post and it takes me to a splog on the same subject as mine but with a totally different url. So I locked it down as well as the Blogger setting allow ( no comments, remove ad cents, change password, etc).

Two questions:

1. How do I shut off whatever vulnerability this guy is exploiting? :angryfire: and
2. How can I do this myself to other dead blogger blogs?

Any ideas welcome.

 

[Zsaleem]

Your Gmail account associated with that Blogger account is working fine?

 

[ArtDeco]

Yep. Same gmail account on the blogger, ad cents, and the reader. Other blogger blogs seems to be OK too, although the gmail account gets more spam than it used to. I never use it for anything important except Adsense.

 

[Drake]

You ever use unsecured wifi like at a Coffee shop or when traveling? They mighta got your password that way. Or school computer and didnt logoff?

 

[ArtDeco]

No to the coffeshops, and school was decades ago - pre internet. Besides the weird thing is that it's just the RSS feed that was hacked. Nothing shows up on the blog itself.

 

[bubbles]

Possibly a Cross Site Request Forgery or XSS exploit that enabled "post by email".

 

[ArtDeco]

Yeah, I turned off post by email a long time ago I think, hell I never posted to it anyway. I have seen mention of "a Cross Site Request Forgery or XSS exploit" on the net, and occasionally FF will warn one of one, but I am not sure what's involved. This guys site appears to just scrape hundreds of other car related sites and post to a Blogspot splog with adsense on it. All pretty normal except for the link injection into other people's RSS feeds.

Think I'll go do some googling. Please keep the suggestions coming - maybe we will all learn something. It's likely that it's a Wicked Fire member. God, I hope it's not a Warrior Forum member - that would be embarrassing.

 

[ArtDeco]

A bit of new information on this. All posts on the splog have a subscribe link below the original source. However if I click "subscribe" it takes me to a subscribe page on a place called wikio.com instead of the normal Google reader subscribe page that I am used to.

Also he/she isn't just scrapping worthless blogs like mine, the same thing happens with Jalopnick, Autoblog, Carscoop, Autorama, the Truth About Cars, Driive, etc. And the Google Ads logo goes to Google Germany, but the ads are in English FWIW.

Come on, 'fess up or PM me, whoever you are. I don't give a shit, in fact I'm admiring the creativity involved.

 

[jryan21]

Take a look thru xssed and see if anything in there looks familiar.

The stats on their site are interesting:

32287 total xss
1815 fixed

 

[ArtDeco]

Thanks I took a look. Scary looking code on the Internet . Duh. I don't see an obvious fix for it, either.

 

[WeWatch]

If you can PM me your URL, I'll have our scanner check it out to look for any vulnerabilities that may have let him/her in.

Or post your URL here...