Blogger hacked

Pyra Labs took all Blogger servers offline today after a hacker broke into the system and disrupted accounts. Pyra's Jason Shellen has just (at 9:53am California time) posted this message to the Blogger Pro discussion group on Yahoo!:

Thanks for all the helpful email and suggestions we have received!

Yes, it appears someone is having fun with one of our servers. Right now we can tell you that:

• All your data is backed up, including email, user settings and what not.
• Billing/credit card information is handled separately.
• We are working to restore from our most recent backup right now.
• The security problem that led to this attack will be fixed before we bring Blogger back online.

We are very sorry for the inconvenience. We will email this list again when all is back to normal.

The outage affects Blogger publishing only, so published content is not affected. However several observers have advised that Blogger users change the FTP ID and password settings on their hosting servers, as this information may have been compromised. Danny O'Brien has set up a discussion thread here to publish updates on what's going on.

UPDATE: Jason writes at 12.35 Pacific time: "Update: We have found the cause of the vulnerability and have patched it. Everything is back restored and back online with the exception of the API server and bSTATS."

I'll be posting further comment later on regarding the implications for Pyra and Blogger once the dust has settled.

posted by Phil 3:20 PM (GMT) | comments | link

Inviting new users to post using BlogThis!

I set up a private weblog in one of my password-protected directories last week and invited several new members of the Loosely Coupled editorial team to join it. This was one of the reasons I had been investigating .htaccess files, as described in my previous posting. The private weblog is a kind of online scrapbook, where I post snippets from articles and sites that I come across during my daily research of the Web. I wanted to share it with my co-authors, but didn't want to publish it openly (in fact, later on we may decide to provide access to this weblog as part of our subscriber-only services).

Inviting others to join a Blogger weblog is very easy — you just click on the 'Team' button and enter their names and email addresses. But since none of them are familiar with weblogging and Blogger, I wanted to supplement the default instructions that Blogger sends out to new team members. In particular, I wanted to explain about the BlogThis! bookmarklet facility, which will allow them to post clippings to the weblog in as few as two mouseclicks. I also wanted to make sure they understood that they weren't obliged to pay the $35 Blogger Pro fee. So here's what I wrote:

This email invites you to join the editors' blog at Loosely Coupled. In the message below, you'll find a link to a page where you can register as a new user. After registering, you'll be offered to upgrade to Blogger Pro for $35, but you DO NOT NEED to upgrade to be able to post messages to the blog. The upgrade is required only if you want to edit existing messages or set up a blog of your own. The easiest way to post messages to the blog is by adding a BlogThis! link to your browser.

How to add a BlogThis! link
Simply find the link you need (for most people, it'll be IE/Win) at the following URL, and drag it to the "Links" toolbar at the top of your browser (select View/Toolbars/Links if it's not visible).
http://profaq.blogspot.com/index.html#85035226

How to use BlogThis!
When you come across some text you want to post to the blog, simply highlight it and then click the BlogThis! link. A new browser window will take you directly to Blogger, and once you've logged in, the page title, link and selected text will appear in the Blogger editing screen ready to "post and publish". Quickly check to make sure the title and link are accurate, add any comments of your own, and then press the button to instantly "post and publish". (If the button isn't visible, widen the window until you see it at the far right).

Of course, if they do become regular posters then I will be obliged to fund their $35 Blogger Pro fee, since we are a commercial venture. But I feel it's in the spirit of Blogger to let them try it out for a 30-day test period. If they catch the blogging bug, they may decide to become Pro users on their own account anyway.

A shared private archive of research clippings like this is a good example of one of the many corporate uses that weblogs can be put to. We are not only maintaining a running record of our current research interests, but also building up a searchable archive that I expect will be a very productive resource when researching specific topics, products or companies in the future — a form of weblog that is often referred to as a k-log.

posted by Phil 9:46 AM (GMT) | comments | link