Information Security and Paranoia are synonyms
This blog, as you know, is hosted on WordPress.com. I like WordPress. One of the things I particularly like is the Site Stats page the blog owner can view. It tells me how many visits different pages receive, where they come from, what search terms are used to find me, and where visitors go if they click a link on the site.
I monitor this information out of vanity (how many visitors I get, and how high my pages appear on search engines), and simple curiosity (which of my topics get the most referrals from me).
But yesterday I noticed that someone had clicked a link I didn’t recognise. What’s more, I didn’t like the look of the link – it appeared to relate to a site in the Far East that raised a few concerns. Now I was worried. Had some innocent visitor clicked a link to a malicious site while on my site?
First thing was to check the linked site itself. Armed with NoScript blocking all scripts, I went there – and it certainly isn’t a security site. I used NoScript to invoke some page analysis tools. First I used WOT.
The site comes out OK. But, with no disrespect to WOT, I don’t have total faith in community-based reputation systems. Reputations can be manipulated. So next I used Google’s Safe Browsing diagnostics.
This is far more worrying. It was safe the last time Google checked – but it has certainly been used to host malware recently; and there was nothing to say that it wasn’t doing so again. So now I was getting really worried. Where is this link on my site? How did it get there? Who clicked it? And has that innocent visitor to a security site been infected through visiting my site?
And then it dawned on me. I checked the spam folder. And there was the link.
I asked around, and, yes, it appears that when a comment is made and held in moderation, both the site operator and the commenter can click any links contained. But, I discovered with a huge sense of relief, no-one else can.
So, since it wasn’t me who clicked the link, it must have been the spammer checking to see if his spamlink worked. All I can say is that I hope he got infected when he did.
Paranoia is bad for the heart – but good for your safety.