Blog Maintenance - Searching for the Poison Pill

UPDATE:  After a couple of hours I found the "Search Engine Genie" XSS (cross site scripting) in the PAGERANK button at bottom (er.. formerly at the bottom, it's erased now).   I have a headache from reading HTML now but hopefully this puts us back in business without (ironically) punishing our pagerank.  The lesson learned in this case is not to borrow Gadget Script from third parties.  What is interesting is that the pagerank button was there for a long, long time before I got this warning.  

Dear readers, please be patient while we try to find the source of a report that an unsafe link has been found in one of the blogs.  There are a lot of comments and a lot of postings to screen through and it may take time.   This site may be taken down for several hours or days if we find the "search engine genie" hijacker is actually found here.

The good old days of letting any person comment with any link, or using links to other sites which may change ownership and become "link poison" years later, may be over.  Or this may be a false flag.  If I link to a site that I disagree with, I think of it as being transparent, but it also means that if the owner of the site I link to wants to get back at me, they can insert something at the link which poisons my blog on google.



Ideally I would like to take time at the winter break to screen the thousand posts here, delete the weak, and edit the strong.  That may prove daunting, and it may also take away some of the dynamic craziness which some folks say they love.    I've already stopped the musical interludes which I enjoyed in past years (they slowed the bandwidth for readers in India, Africa, etc., and may have to use fewer photos as well.

In one particular case, I did catch one particular company/organization poisoning the blog via comment spam.  That was 2 years ago, and the timing coincided with the Good Point Ideas Blog disappearing from feed in Google News.  I don't do this full time, and may need to back off of using this blog as a personal journal.   Alexis  de Tocqueville wannabes have to learn html screens...

One thing I've found already is that in the Windows Explorer browser that an advertisement is appearing in the right column, beneath the Digg / Technorati / Stumbledupon / Twitter buttons, which was not authorized and does not appear in Chrome.    When I tried to remove the "blogger gadget" for the link buttons, I found I cannot.  This is a possible source and I may delete all the gadgets and links in the sidebar as a precaution.

"Internet Explorer has modified this page to prevent cross-scripting" is another clue appearing there.

Back to work

No comments: