Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blogger Hacked

Posted by michael on from the it-must-be-friday dept.

WCityMike writes "Blogger has been severely hacked into, with users' passwords and e-mail addresses being replaced with 'hacx0redbyme' or 'hax0redbyme.' Apparently, attempts to change your password or other information do not succeed due to a major database problem. Blogger currently has no official news: its main page simply apologizes for being down for repairs and its status blog has no information, probably suffering from the same accessing problem as other blogs. In the meantime, discussion, information, and advice is appearing on the weblogs of Anil Dash and Tom Coates, as well as this QuickTopic thread. Glad I use another journaling service." We usually try to avoid "Site X Hacked!" stories, but since this affects so many people - and, heh-heh, they don't have anywhere else to talk about it - here you go.

9 of 340 comments (clear)

  1. Blogger's troubles by spookysuicide · · Score: 5, Informative

    Blogger has been having a lot of troubles lately, if you can find your own web hosting, you may want to consider using the very easy to set-up movable type.

    --
    yes i run a goth/punk/emo porn site.
  2. recommendation by flanker · · Score: 5, Informative

    Disable or reset the password of the account used to FTP your blog to your web server ASAP.

    --
    Left shift 1 for e-mail...
  3. Shameless plug for my weblog. by eclectric · · Score: 4, Informative

    Luckily, I was worred when I first setup my blogger account, so i switch to a mysql database on my own webserver instead. Eventually, I ended up using movable type to manage my weblog. If you have access to a mysql database on your webserver, I would really recommend doing this.

  4. While Everyone by SomeOtherGuy · · Score: 5, Informative

    is looking for alternatives. b2 is a really good and powerful altewrnative. PHP, MySQl, and all the goodies.

    --
    (+1 Funny) only if I laugh out loud.
  5. Status Blog now has info by burgburgburg · · Score: 5, Informative
    As of 10:02 am, the status blog now reports:

    Blogger has suffered a security intrusion by a "haX0r." We have all the data that was changed backed up within a couple hours of the attack, so we can have things pretty much back to normal soon. Of course, we're assessing the situation as thoroughly as possible to make sure it doesn't happen again. Also, if you store your FTP login information in Blogger, it wouldn't hurt to change that on your server--though it is unlikely that information was accessed. Sorry for the inconvenience.

  6. Specifically ... by burgburgburg · · Score: 4, Informative
    According to netcraft.com:

    The site blogger.com is running Microsoft-IIS/5.0 on Windows 2000.

  7. Re:Blogger runs windows..... by ChazeFroy · · Score: 5, Informative

    My money is that these guys got in with an application-level hack, not an OS/server hack. The biggest fault of applications, especially web applications, is a failure by the programmer to do input validation.

    Apache, perl, and php are vulnerable to the same type of hacks, it's not just Microsoft.

  8. blogger back up by ntk · · Score: 5, Informative
    Blogger's status page was just updated (1150am-ish PST) to say this:

    We have found the cause of the vulnerability and have patched it. Everything is back restored and back online with the exception of the API server and bSTATS.

  9. Re:For all those bashing "Blogs" by dswensen · · Score: 4, Informative
    But don't compare blogs to a BBS... those were the days when you actually had to have a brain to get online, versus now

    Give this man a 5, Funny!

    I used to frequent a BBS. The rank stupidity I encountered there still amazes me -- I kept a few logs of some of those exchanges, and my reaction varies between thinking they must have been joking and wondering how they could even operate a keyboard.

    Incidentally, that particular BBS is still running, more than seven years later. I've checked in on a couple occasions, only to find the exact same users, arguing about the exact same things, obsessing over the same miniscule and irrelevant BBS policies, carving the same mountains out of molehills -- seven years later. It gave me the chills. I sometimes wonder if they're not trapped in some kind of Sartrian hell.

    The tools have advanced, there are a lot more people on the net now, but the general level of intelligence (on both ends) is about the same as it always was. What you see in an average blog isn't any more or less insightful than what I saw in the "Grips" or "Non Sequitur" forums on the old BBS.