My Foul Owl Ordeal – The Juicy Details Of Getting My Blog Hacked And Being Suspended By Twitter

Warning: This is a long blog post detailing my adventures through blocked blogs and suspended Twitter accounts. If you’re looking for a short read or have a really short attention span, you’d be better off checking out my Tweets or skipping to the end of this post where there are some key lessons learned from this experience.

If you have a few minutes and are looking for the “juicy details” (you’ll learn what that means later), grab a cup of coffee, get comfy, and read on 🙂

Blogs, Tweets, Hackers, Oh My!

Okay, it’s official. I am not a social media addict. Well, not a certifiable one, anyway. As of yesterday, I successfully survived 12 days of withdrawal from my main sources of social media and came out on the other side alive. Okay…so I cheated a little bit using Facebook and LinkedIn, but shhhh….don’t tell anyone.

I’d love to report that my 12 day hiatus was the result of some exotic retreat to an off-the-grid island paradise, but unfortunately, I was forced into seclusion from my blog and Twitter by the nefarious forces at work on the Internet…probably some 14 year-old kid with entirely too much time on their hands.

Banned From Twitter – Uh Oh!!

So it was Friday morning and I had just finished up a conversation with a fellow employee about an internal microblog (similar to Twitter) that we are running at work. He had some questions about TweetDeck, so I offered to show him how I had TweetDeck configured. As we started to go through my configuration, I noticed a tweet from @carolyndouglas indicating that my account had been suspended (thanks Carolyn!).

One of my followers alerted me to the problem. Thanks Carolyn!

Huh?? How could that be? I headed on over to the native Twitter Web site and lo and behold, there was the Twitter Foul Owl right on my home page indicating that everyone should mosey along from my profile. Ouch! What had I done? Who had I offended? I consider myself to be a model tweeter, offering constructive dialog, links to valuable content, and I try to keep my snarky comments to myself (albeit sometimes unsuccessfully).

The Dreaded Foul Owl – Who Goes There?

So what was this “strange activity” that the wise Foul Owl was referencing? My follow:follower ratio wasn’t unbalanced, I wasn’t spamming anyone, and I wasn’t pitching Viagara or Xanax to my followers, so what’s the deal? Why are my Document Management or Intranet-focused tweets being considered strange? I was downright befuddled.

My Response – A Kneejerk Reaction To Being Called “Strange”

Being told that your tweets are “strange” isn’t a good feeling and my initial reaction was one of frustration and irritation. Unfortunately, I was headed to back-to-back afternoon meetings, so I had to brew a bit over my Twitter suspension before I could seek resolution. I found that the longer my day drew on,  the more fixated I became on having my content called “strange”. Who’s to judge what is strange? Was I strange because I like to talk about technology, Intranets, and Enterprise Content Management? My wife seems to think so, but she never banned be from prattling on about the latest portal upgrade or cool new document workflow solutions. Instead, she just politely nods a lot and her eyes get a bit of a glazy look, but she always smiles and pretends to be interested…but I digress.

At the end of the day, I finally had some time to look into the issue. My first step was to click the Foul Owl link below the image that offered the “juicy details” to find out why I had been suspended. Unfortunately, Foul Owl didn’t provide any useful information and there were definitely NOT any juicy details as the wise bird promised. Instead, I was taken to a Google “Oops! page indicating that the juicy details I was seeking were not available.

The Twitter Foul Owl promised me juicy details, but dumped me to a Google Oops! page.

In the immortal words of Homer J. Simpson, “DOH!”.

How dare the Foul Owl promise me the details on why I was being blocked and then send me off to the land of unfound content. Talk about strange! Well, being that I was already worked up, I decided to go the next step and check out http://help.twitter.com to see if they could provide me with some relief and maybe a description of why I was “strange” and “suspended”.

Twitter Help Wasn’t Much Help In Understanding Why I Had Been Suspended

Unfortunately, the Twitter help site was less than helpful. I was already frustrated and the Google Oops! page didn’t help, but at least the Twitter help site looked like a wealth of information. However, instead of getting any useful information about suspended accounts, I got a lot of “how to” content on Finding People on Twitter and information on the Twitter text commands. After searching and searching for a way to open a support ticket with Twitter, I finally found a tiny link buried in the middle of a TON of content.

Twitter buries the link to create a support ticket.

Now I don’t mean to complain, but when someone is looking for help, burying the link that offers that help in the middle of the page amongst a ton of content doesn’t seem to be the best user experience. Maybe this is Twitter’s strategy since it forces  folks to read through the how to find people and text commands, but my guess is that Twitter support isn’t being flooded with requests for help on finding Uncle Joe or Aunt Sally or even “how do I use the official Twitter text commands??” so I’m not sure about their strategy in burying the support link. Maybe they figure that if they bury the link amongst useless information, it is less likely to be found.

Tip #1: If your account has been suspended by Twitter and you feel the suspension is unfair, go to http://help.twitter.com and scroll down the page half way to find the link in the image above to open a ticket.

The Support Ticket Is Opened, But Still No Reason Why!

Having found the link, I went ahead and opened a support ticket. With my frustration level being pretty high, I think I did a pretty good job asking politely why I had been suspended and what I needed to do to reverse the decision. After all, I am a firm believer that ticking off your support engineer, garbage man, or waitress rarely has a good outcome.

Although the ticket was opened, I still didn’t know why I had been blocked, so I took a look at my most recent posts to see if I had offended someone.  Fortunately, I didn’t have to dig too deep to find the problem. My last tweet had been a response thanking a fellow Tweeter for a comment she made on the title of one of my blog posts

A seemingly benign tweet until I clicked the link to my blog site and was presented with the Google warning that visiting the site might harm my computer due to issues with the site. Double-DOH!!

Now what had I done? My Twitter account had been suspended, my blog was giving me a warning….ping. The lightbulb went on and I connected the two.  Since my blog was being blocked by Google and my tweets often contain links to my blog, Twitter must rely on Google warnings to identify people who are posting up links to spam or malware. Genius!! Well….Except for the part where they suspended me.

So My Blog Was Hacked And My Twitter Account Suspended

It appeared as though my weekend was about to be shot to bits. Now I had to figure out what was wrong with my blog and then figure out how to convince Twitter to un-suspend my account. Fortunately, having been in the Web business for some time, I know a few tools that helped me troubleshoot the issue quickly. First, I checked the most recent version of my blogging software. Unfortunately, I was one dot release behind, which could have exposed a weakness allowing someone to inject malware code into my site.

Next, I used a really nice tool at www.dasient.com which does a complete scan of your site to search for malware. It then tells you which pages are potentially infected. Since I had a couple of pages that were infected, I decided not to take and chances and restored my entire site from a backup to ensure clean pages and then upgraded to the latest dot release.

Tip #2: If Google, IE, or Firefox is indicating that your site is unsafe to visit, it’s a good idea to take the site offline so as not to infect any additional visitors and then run a check against your offline files (using a test server or subdirectory) at Dasient.com. Having an offline backup of all your files makes a site restore much easier.

NOTE:Dasient has since discontinued their free tool, however AVG offers a similar tool that you can use to check your site located at http://www.avg.com.au/resources/web-page-scanner/

After restoring the site and rerunning a Dasient check to ensure that no additional infection existed, I used Google WebMaster tools to request a review of my site to have the warning removed. After fixing the issue, it took less than 12 hours for Google to unblock the site.

So The Blog Is Fixed, Now To Just Get My Twitter Account Un-Suspended

Sounds easy enough, right? Blog fixed in under 24 hours, Twitter account should be a piece of cake. Unfortunately, no. To Twitters’ credit, they take malware seriously. Links are critical to the vitality of Twitter and if they didn’t take malware seriously, Twitter would quickly become a dumping ground for attackers looking to spread malicious links across the Web. So, I do have to give kudos to Twitter for taking this issue so seriously. According to the Twitter information on suspended accounts, it could be as long as 30 days before my account was cleared and I was able to tweet again. Triple DOH!!

Fortunately, it only took 12 days.

According to Twitter support, they address tickets in the order they are received, so I guess I just had to wait in line until a support tech got to my ticket. I checked in daily on my ticket, anxiously awaiting a response. Fortunately, once my ticket came up in the queue, the support rep was able to review my site, ensure that I was tweeting within their guidelines and was a good Twitter citizen, and restore my account quickly.

Five Lessons Learned From This Crazy Adventure

1. If you are using open source blogging software, it is imperative that you keep your blog software on the absolute latest release to ensure that any security holes are closed. Because the software is open source, hackers have access to the code and will exploit any security issue they can find. This means checking your site daily for new releases.
2. Twitter does not notify users when their accounts are suspended. If you’re lucky, you’ll find out from your followers. If you’re not lucky, you’ll find out when you go to post.
3. Fix any blog or site issues before you ask for your Twitter account to be reinstated. If your ticket comes up for review and your blog or site is still not clean, Twitter will not un-suspend your account.
4. Open a Twitter ticket as soon as you have a clean bill of health for your site. It will probably take a while for Twitter to reinstate your account.
5. Vigilance is key. Pay attention to those Google and Firefox malware warnings. Don’t visit the site. Give the sitemaster time to fix the problem and check back later.

Okay, so those are the “juicy details” that Foul Owl promised, but never delivered. I hope that by sharing this adventure, I can help my fellow bloggers and tweeters navigate these waters in case your are faced with a similar situation. I’d be more than interested to hear similar experiences and will try to answer any questions you might have about the process in comment responses.

Happy (and safe) blogging and tweeting!