Hello, all,
This is just a quick note to inform readers that I discovered that several of my content pages have apparently been hacked (Dubious Designs, Nine Years War Resources and Scenarios, and Colonial Gaming). I won't include hyperlinks to them because I don't want to direct anyone to them (they have been replaced by other pages with advertising malware on them--the latter I am informed by my web browser security).
At this point, I don't know if this is just the start and whether or not this will spread to the rest of my blog. If so, I'll have to just shut the blog down (I don't have the energy to start over or redo what's lost).
I hope that won't be the case, but if so, I just wanted to get in a post to explain and to say thanks to everyone who has been part of this experience.
Best,
Ed M
Ed, this is a real shame. Can you provide more details on exactly what is happening? How are your posts actually hacked? If this spreads, this will be a great loss to our community.
ReplyDeleteIf you go to one of the content pages, a page shows up with a partial page for the Oregon Ducks Women's Basketball Tickets for the Colonial and Dubious Designs Page and something totally odd for the Nine Year's War content page. The Nine Years War page does retain the original (changed) name of this blog at the head (which is really odd).
DeleteI'm working through to see if this is a wider Google Account compromise or something targeted towards these pages only.
My built in browser security informs me that it has blocked thees sites due to "malvertising".
Ed
When I check the dashboard for my blog, the pages are still there. It seems that the URL has been changed. I notice that they don't start with edmwargamemeanderings.blogspot.com but instead two of them start with an old username of mine (Edmuel2000) and one with the old blog name (lead--leader.blogspot.com). I wonder if this is a hack or some sort of burp with Google?
DeleteI tried reverting to draft and then republishing, in the hopes that the URL would be redone, but it doesn't appear to have changed anything. I don't see a way to edit the page URL to redirect it. I do note that these are the oldest content pages, so I'm wondering if it has something to do with that (maybe these URLs were different all along and I just didn't notice it?).
DeleteIf the underlying posts are unaffected and only the content page is corrupt, have you tried deleting one of the content ages and recreating it?
DeleteHi Jonathan: I thought that by reverting to draft and republishing that this might have accomplished the equivalent of blanking the hijacked version and replacing it, but that didn't do the trick. I did delete a page and put up a quickie replacement (Colonial) and that seemed to work--except for the urls on the new (redone) content page pointed to the blog dashboard (very odd) as opposed to the files for download. Having said that, what I had done was simply copy and paste the material (including links) into the new page. It appears that I'll have to go through and redo all the urls in the redone content pages to get them to point at the right material (and to ensure that they are secure). This will take some time for the heavy content pages, so not sure when I'll get around to those (sigh).
DeleteDid the usual of changing passwords and scanning my system for malware, etc (clean according to Malwarebytes--which seems a pretty good program). I'm wondering if this all didn't start with Google forcing us to mess around with the permissions for all of our shared material on our G Drives. I may have thrown some switch there that inadvertantly opened a door to a security issue with the urls on those pages.
So far, the more current content pages seem to be okay (and the internal URLs point to where they should).
Fingers crossed.
Fingers crossed, indeed.
DeleteEd, that is a real shame. It might be worth opening a ticket with Google. I did that around 10 days ago on an issue of my Reader List showing things that my Blog list doesn’t yet they should mirror each other. They answered me the same day.
ReplyDeleteHope it all comes good, you have invested too much time and energy in it for the unscrupulous to spoil things. Good luck
Norm, was your issue resolved?
DeleteThanks, Norm: so far, I figured I was pretty much on my own. I'll take contacting Blogger/Google under consideration (thanks for the tip). Given that I've already blasted the pages out of existence as a precaution, I'm not sure whether I've passed the point of their being able to do much (if more pages get hijacked, though, I'll take another tack). So far, this has been limited to a few content pages--so peripheral to the main blog (as I said before: fingers crossed).
DeleteI didn’t even think that blogs could be hacked other than those annoying spam comments.
ReplyDeleteI do hope you fix the issue without too much effort. I’d hate to loose your correspondence for such a lame reason.
Looks like I'll still be blogging (fingers crossed). I may rethink the content pages given that they represent additional exposure to security issues (something that I hadn't really thought about until this happened). So far, so good, though, as far as the blog itself--looks like I'll still be around :)
DeleteHi Jonathan, all I can say at the moment is ‘I think so’. Basically someone new who I follow was not showing their new posts on my blog list on my main page, but the new post was showing in my reading list under dashboard.
ReplyDeleteThe problem was that I no longer seem able to manually add people to my list, the tool for editing the blog list has gone.
Anyway, they said go into settings, go to template and select the widget, there is an edit button on the widget. I did that and believe that I have manually added the blog, but the person has not posted since, so I can’t put it to test.
It is certainly a more convoluted and hidden way of doing things. i suspect they believe they have fully automated the task, but either mine or the bloggers settings (pehaps both) have caused a problem on his occasion.
Hi Norm,
DeleteI recall finding that they had removed the "edit" pencil icon from the Blog and Followers lists--and found (by trial and error) that you now have to drill into the template settings to add/remove followers and blogs. What an utterly stupid change (doubly so because it came without notice).
Well most of the foregoing flew right over my head and hit the wall with a loud SPLAT! Ed, but I certainly hope we do not lose your companionship because someone is trying to flog tickets for a female basketball team!
ReplyDeleteDistressing news indeed ,sounds like you're working it out, I will add my voice to Stews that I wouldn't want to lose you from the community!
ReplyDeleteBest Iain
Thanks for the expressions of support, gents. Appreciated.
ReplyDeleteHi Ed…
ReplyDeleteI noticed that on your url at the top of the blog there is a little warning symbol ( on my IPad)
On a pc it it also says Not Secure beside the symbol …
I looked up why this was there on mine whin I first started… it’s because the site isn’t redirecting to/using HTTPS…
you can change to HTTPS by going into settings… I don’t know if this will help but apparently HTTPS is more secure…
Of course I could be teaching you to suck eggs…😁
All the best. Aly
Hi Aly, I vaguely recall making this selection at some time when starting the blog. Interestingly, on my browsers on my pc (both Firefox and Chrome), the URL shows as beginning with "https://" When I call it up on my tablet, is shows the warning that the connection is unsecure. I think this has to do with the WI FI connection more than the site architecture, but I will double check: thanks!
DeleteHi againk Aly: well, I just drilled down through the settings and found the redirect to HTTPS switch (which wasn't active). I activated it and now it shows as secure on the tablet: good catch, thanks!
Delete