Blogger Hacked

WCityMike writes "Blogger has been severely hacked into, with users' passwords and e-mail addresses being replaced with 'hacx0redbyme' or 'hax0redbyme.' Apparently, attempts to change your password or other information do not succeed due to a major database problem. Blogger currently has no official news: its main page simply apologizes for being down for repairs and its status blog has no information, probably suffering from the same accessing problem as other blogs. In the meantime, discussion, information, and advice is appearing on the weblogs of Anil Dash and Tom Coates, as well as this QuickTopic thread. Glad I use another journaling service." We usually try to avoid "Site X Hacked!" stories, but since this affects so many people - and, heh-heh, they don't have anywhere else to talk about it - here you go.

Blogger's troubles

[spookysuicide]

Blogger has been having a lot of troubles lately, if you can find your own web hosting, you may want to consider using the very easy to set-up movable type.

Re:Blogger's troubles

[inerte]

Or Drupal, a superior tool IMHO.

Re:Blogger's troubles

[taernim]

Livejournal is another great substitute for Blogger... plus, it's open source. Always a bonus. =)

Blogs, who need em?

[zaren]

I signed up for a blog once, to see what all the fuss was about. I ended up scrapping it and going back to doing page entries manually. It ended up being MUCH less hassle than having to use someone else's software, and then having to go back and re-tweak things with it. Editing HTML from the command line in a shell is much more time-efficient, IMHO.

Re:Blogs, who need em?

[Anemophilous+Coward]

That is good and all from your standpoint, being comfortable with HTML an all. However at our org. I needed to provide a way for our PR person to be able to update news pages all on her own.

Moveabletype works great for this (since I'm not a hardcore perl programmer, it was nice to have someone else do that work). I spent a few days building and modifying the page templates and setting up the site. Now all she has to do is login to a page, add a title and main story and click publish. Instantly several pages are updated with the appropriate news information, archives and search links, etc. Very nice since I don't have to waste time getting the information from her each time and create a new page. Great for her, because she can update the news website anytime she gets a press release.

I think Blogger itself is somewhat bland, mostly for the novice/home user wanting to get a voice out. For the professional there are some impressive tools that will save you time (Movabletype or Radio UserLand)

- A non-productive mind is with absolute zero balance.
- AC

recommendation

[flanker]

Disable or reset the password of the account used to FTP your blog to your web server ASAP.

Shameless plug for my weblog.

[eclectric]

Luckily, I was worred when I first setup my blogger account, so i switch to a mysql database on my own webserver instead. Eventually, I ended up using movable type to manage my weblog. If you have access to a mysql database on your webserver, I would really recommend doing this.

While Everyone

[SomeOtherGuy]

is looking for alternatives. b2 is a really good and powerful altewrnative. PHP, MySQl, and all the goodies.

Status Blog now has info

[burgburgburg]

As of 10:02 am, the status blog now reports:

Blogger has suffered a security intrusion by a "haX0r." We have all the data that was changed backed up within a couple hours of the attack, so we can have things pretty much back to normal soon. Of course, we're assessing the situation as thoroughly as possible to make sure it doesn't happen again. Also, if you store your FTP login information in Blogger, it wouldn't hurt to change that on your server--though it is unlikely that information was accessed. Sorry for the inconvenience.

Lots of services

[siliconwafer]

*shameless plug*

There are a LOT of diary/journal/blog services on the web. My personal favorite: Digital Expressions. Not a lot of customization and such, and it has a smaller userbase and a very strong sense of community.

Specifically ...

[burgburgburg]

According to netcraft.com:

The site blogger.com is running Microsoft-IIS/5.0 on Windows 2000.

Re:Good for them

[Nikkos]

Blog is short for Web Log.

Say "web log" 5 times fast and you'll understand why.

I don't see anything "pop-culture-esqe" about it.

Nikkos

Did anyone else notice....

[MCMLXXVI]

the diary-x.com link prevented a slashdot-ing with some very simple code. A simple way of preventing your server from crying uncle.
I have often thought of writing a little code that blocks refering domains if they refer too many in a set period of time.

Alternate "weblog" site refusing access from /.

[Mario+B]

If you try to access the alternate site mentionned in the message (diary-x.com), you will get the following: "Go Away I suggest outside, you look like you could use some sun.". You can access the "normal" website by copy-pasting the address (www.diary-x.com) in your browser instead of using the link (assuming your current page is NOT the slashdot mainpage).

Re:Blogger runs windows.....

[ChazeFroy]

My money is that these guys got in with an application-level hack, not an OS/server hack. The biggest fault of applications, especially web applications, is a failure by the programmer to do input validation.

Apache, perl, and php are vulnerable to the same type of hacks, it's not just Microsoft.

blogger back up

[ntk]

Blogger's status page was just updated (1150am-ish PST) to say this:

We have found the cause of the vulnerability and have patched it. Everything is back restored and back online with the exception of the API server and bSTATS.

Re:I have not figured that one out yet

[Software]

Why not run the webserver on port 21? So the users have to type http://myserver:21/foo.thml in their browsers - no big deal. Of course, you can't run an FTP service, or use AIM, and your bandwidth still sucks, but it's a start.

Re:For all those bashing "Blogs"

[dswensen]

But don't compare blogs to a BBS... those were the days when you actually had to have a brain to get online, versus now

Give this man a 5, Funny!

I used to frequent a BBS. The rank stupidity I encountered there still amazes me -- I kept a few logs of some of those exchanges, and my reaction varies between thinking they must have been joking and wondering how they could even operate a keyboard.

Incidentally, that particular BBS is still running, more than seven years later. I've checked in on a couple occasions, only to find the exact same users, arguing about the exact same things, obsessing over the same miniscule and irrelevant BBS policies, carving the same mountains out of molehills -- seven years later. It gave me the chills. I sometimes wonder if they're not trapped in some kind of Sartrian hell.

The tools have advanced, there are a lot more people on the net now, but the general level of intelligence (on both ends) is about the same as it always was. What you see in an average blog isn't any more or less insightful than what I saw in the "Grips" or "Non Sequitur" forums on the old BBS.

Pmachine

[Fluxcore]

If you have your own hosting, and PHP/MySQL then I would suggest using Pmachine. Sets up in 10 minutes and easy as pie to use.