WWW FAQs: Can other people edit my blog without my permission?


2007-03-28: There are four situations where other people might unexpectedly edit your blog:

1. Your password was not a good password, and it has been cracked.

2. Your password has been stolen (phished).

3. You are using poorly designed blog software that has a security hole, and a cracker who knows about the hole has taken advantage of it.

4. The administrators of the site you blog on (such as blogger or MySpace) have chosen to modify your blog.

Let's look at all three cases, and what to do to set things right again.

Bad Password, No Biscuit

If you choose your password poorly, then someone might succeed in cracking it. Your password should contain a mix of upper and lowercase letters, digits, punctuation, and no words that appear in the dictionary. As a general rule, if you find your password convenient and friendly, it's probably a bad password that an automated attack could easily crack. Choose a better one.

Are good passwords annoying and hard to remember? Sure they are! But that's life in the big city.

If your blog has already been modified by such an attacker, change your password for the blogging site.

Phishing: Watch The Address Bar!

You may have received a phishing email, or been taken in by a phishing scam on a website that managed to present a fake web page that looked just like your favorite blogging site's login page. If you inadvertently gave up your password to someone else, then you can expect to find unexpected things in your blog. Change your blog password right away. And from now on, look carefully at the address bar at the top of the browser window and make sure you are really logging into the right website!

Bad Blogging Software

If you are not using a blogging service such as blogger, then you might be running your own blogging software. Most of these programs are great, but some might be poorly designed. For instance, version 2.1.1 of the popular WordPress blogging software contained a "back door" feature introduced by a cracker (a malicious "black hat" hacker). The WordPress team did the right thing by admitting to the problem and immediately releasing a fix. But those who installed version 2.1.1 could find their blogs unexpectedly taken over.

If you suspect this has happened, immediately check the website you downloaded your blogging software from to look for news of upgrades and security fixes. You should be checking for such upgrades all the time, not just after things go wrong. After this type of attack, it may unfortunately be necessary to check all PHP and other non-static web pages for possible "back doors" introduced by your unwelcome visitors.

Unhappy Administrators

Blogging sites such as LiveJournal and Blogger are free and provide excellent services. However, they do have rules. And they might modify blogs that violate those rules.

Would they edit your blog just for fun or deface it? Of course not. You'll probably receive official notice if content in your blog is unacceptable to the administrators. Or you may simply have your account turned off.

Keep in mind that the resources of a company that provides you with a free blog don't really belong to you— if you really want complete control, consider using your own blog software on a website that you pay for.

Legal Note: yes, you may use sample HTML, Javascript, PHP and other code presented above in your own projects. You may not reproduce large portions of the text of the article without our express permission.

Got a LiveJournal account? Keep up with the latest articles in this FAQ by adding our syndicated feed to your friends list!