I write this with some trepidation: The comment spammer attacking this blog just tried to post a comment, repeated nearly 50 times, that looked like this:
javascript://chicken little
I've rejected them all. Now, it appears the spammer is sending e-mail designed to trick me into turning over my Blogger and Google account passwords, so they can take control of this blog. I am not a tech expert, so I'm growing concerned.
This mischief is at least a reaction to my posting Gannett newspaper profit margins yesterday. It also follows some nasty business last weekend involving an investigation by the U.S. Justice Department, the F.B.I., and Google into a reader's anonymous comment that they had "brought a gun to work but decided not to use it."
A question: Is that computer code above -- or just gibberish meant to look like code? Please post replies in the comments section, below. E-mail confidentially via gannettblog[at]gmail[dot-com]; see Tipsters Anonymous Policy in the green sidebar, upper right.
If that's all the text, there's nothing to worry about. It's meaningless.
ReplyDelete"We have nothing to fear, except fear itself."
ReplyDeleteI'm not afraid to tell you that I don't think the spamming is anything nefarious from corporate or anyone associated with corporate. That's not because I'm a suck up to anyone. It's because I don't think that confidential document you assume may have prompted it is all that secret. I recall seeing those figures reported back when they were fresh, in more than one place. I think the NYT did a story on newspaper corporation profits -- maybe in conjunction with other industries -- that revealed those percentages a year or more ago.
Now, the crazy dude with the bizarre gun post -- that may be another story. Or any other of Godonlyknows how many crazy dudes are out there. I don't think normal people post something like that gun post and think nothing of it, and then don't come back to answer questions from others asking, WTF? Not sayin' that crazy makes him/her dangerous, either -- I'm just sayin' ...
I also searched that javascript://chicken little in a few variations on a search engine other than Google and don't find anything prominent, at least, that would cause worry.
I think the IP address someone could get from having your blog password tells little. From how I understand this stuff, what the non-FBI person would get would not identify anyone.
Only the FBI can use its questionable "letter" (and I don't think they can do that anymore without court warrant) to demand an ISP to tell investigators what household or company had that IP address on that day. Most IPs now are dynamic, not static, so no ID could be certain without ISP records and testimony. And if it's a company or a wi-fi'ed computer, get lost because posts could come from anyone.
There's free and cheap software you can load on your own blog so you can see the IP addresses of your incoming traffic. If you had that, or if someone somehow loaded it on your blog without your knowing it, all they need is that password to trace your traffic. But it still would only take them to a broad server, not a home or business. The closest I see on my own blog is the town the post it comes from (which is very interesting and surprising to see the world map and what Google keywords brought people to your blog).
And anysay, so what at that? Speaking for myself, I don't care if anyone does get my IP. My boss knows I come here on my own time from home, as does he, and I don't know any secrets or write anything dishonest to regret even if anyone did find out.
I think someone is just teasing you, trying to make you paranoid. It's wise, IMHO, that you put all the info out there and let us all chat about it. You're a good journo, Jim.
9:51 that's nothing but a message. it won't do anything. Looks to me like he's only using threats and you are doing fine.
ReplyDelete9:51's right. It's just garbage intended to freak you out.
ReplyDeleteAgree. This is just javascript. There is no executable unless you call back to it. Meaningless.
ReplyDeleteIt's meaningless, period, but you should report this to Blogger. I'm afraid you're going to have to bone up on some of the geekier aspects of running a website, like how to track IP addresses and file a complaint with the 'abuse' people at your spammer's internet service provider.
ReplyDeleteGoogle (as with just about every other blogging software) strips out harmful HTML, including JavaScript. That's why the comment box says "you can use *some* HTML tags".
ReplyDeletePlus, that JavaScript wouldn't do anything - it's not valid code.
From a purely nongeek standpoint, this moron is simply looking to disrupt you in any and every way possible.
ReplyDeleteIf he or she is using email, you can and should report the emails to the email provider. They can take action on email.
javascript://chicken little - ha ha, how could this possibly have been computer code. More seriously, what do you mean that the person was sending you emails trying to trick you into sending passwords?
ReplyDelete