Blogger : Content Protection




Obviously, this blog is currently served by Blogger and it’s an excellent solution for publishing blog articles that I’ve been using for multiple years, however, that being said It has very limited content protection - and it would not surprise me in the future if Google tombstone the service. ⛔️

Subscription, free, technical blog

My goal here is not to charge people a subscription because as it’s a technical blog, people will just go elsewhere to find the same information, It’s also not about increasing my SEO - The blog is for me and if it helps other people on the Internet, that’s a bonus.

Blogger provides no scraping protection

However, I am very aware from Google Analytics statistics that people are simply scraping the images and content of my website and using it in other areas, therefore, I thought it would be a good idea to have some JavaScript on my website that will prevent this action, it won’t necessarily stop it because that’s impossible, but it will deter.

WordPress move, on the Horizon

I could move to WordPress, but I haven’t got that point yet, Obviously, you get more control over WordPress, but it has other downsides however, I can do a lot more security and prevention using WordPress than I can with blogger - The move to WordPress is still on the cards if I can get the configuration correct and I’m happy with it.

🔗 Mission control : Back to topic

I diagress - in the meantime, I will be using this code on my blog that prevents the following:

1. Blocks developer tools access by preventing:

F12 key
Ctrl+Shift+I
Ctrl+Shift+J
Ctrl+U

2. Disables right-click functionality, showing a message "Please use a trusted VPN for this to be enabled"

3. Prevents content manipulation by disabling:

Copy (Ctrl+C)
Paste (Ctrl+V)
Text selection/highlighting

4. Blocks text selection across different browsers using:

Standard user-select
WebKit user-select (Safari)
Moz user-select (Firefox)

5. Prevents multi-touch gestures on mobile devices

Code Snippet : JavaScript

<script>
(async function () {
    // List of allowed IP addresses and networks
    const allowedIPs = [
        "10.44.87.21",
        "203.0.113.5"
    ];
    
    // Allowed ASN
    const allowedASNs = ["ASxxxxx"];  // ASN for allowed network
    
    // Function to check if an IP is allowed
    async function isAllowedAccess() {
        try {
            // Get IP information
            const ipResponse = await fetch("https://api64.ipify.org?format=json");
            const ipData = await ipResponse.json();
            const userIP = ipData.ip;

            // Check direct IP match
            if (allowedIPs.includes(userIP)) return true;

            // Get ASN information
            const asnResponse = await fetch(`https://ipapi.co/${userIP}/json/`);
            const asnData = await asnResponse.json();
            
            // Check if ASN is allowed
            if (allowedASNs.includes(asnData.asn)) return true;

            // If neither match, return false
            return false;
        } catch (error) {
            console.error("Error checking network access:", error);
            return false;
        }
    }

    // If access is not allowed, implement security measures
    if (!(await isAllowedAccess())) {
        // Disable developer tools shortcuts
        document.addEventListener("keydown", function (event) {
            if (
                event.key === "F12" || 
                (event.ctrlKey && event.shiftKey && ["I", "J"].includes(event.key)) || 
                (event.ctrlKey && event.key === "U")
            ) {
                event.preventDefault();
            }
        });

        // Disable right-click
        document.addEventListener("contextmenu", function (event) {
            event.preventDefault();
            alert("Please use a trusted VPN for this to be enabled");
        });

        // Disable copy, paste, and text selection
        document.addEventListener("copy", (event) => event.preventDefault());
        document.addEventListener("paste", (event) => event.preventDefault());
        document.addEventListener("selectstart", (event) => event.preventDefault());

        // Disable text highlighting
        document.body.style.userSelect = "none";
        document.body.style.webkitUserSelect = "none";
        document.body.style.MozUserSelect = "none";
        
        // Additional security for mobile devices
        document.addEventListener('touchstart', function(event) {
            if (event.touches.length > 1) {
                event.preventDefault(); // Prevent multitouch gestures
            }
        }, { passive: false });
    }
})();
</script>

What gets excluded?

If you are visiting this blog from inside either the ASN or the static IPVV4 addresses as outlined in the script, then the restrictions mentioned above, simply do not apply to that connection.

Note : You need the external address added to this so adding internal addresses will not work - Blogger will never see your 192.168.x.x/10.x.x.x address

This obviously includes my private VPN service, which only covers the subscription based service or invitation only based service not the free one.

I really want to copy content

Well, that’s just too bad, however, there are still ways you can accomplish this even with these restrictions in place, but it requires some “thinking outside of the box” 

Obviously, I’m not going to go through all the ways you can get round this at the moment because it’s still on a platform. I can’t control that using blogger because I have zero server control I’m simply just a client.

I also sometimes wonder if I should just make this private website for members only - However, as the overhead for that will be quite a large burden, I am thinking of creating a WordPress instance that hides behind a zero trust infrastructure - this would mean it would have zero Internet access other than for people that comply with my zero trust policies.

Blog is not about traffic and SEO

How many people visit my blog and trying to get more hits on my blog is not my primary objective - The primary purpose of this blog is for people that want to understand how the problems was fixed - I am not particularly bothered about catering to the people that just want to know the command to fix - It’s far more important from my point of view to understand the product and to end and know why that fix has fixed it

Always show/understand your workings out!

Maths should’ve taught to everybody this at school, if you simply list the answer, even if it is correct, you get less points than if you show your working out, this blog has always been about taking people through the journey of understanding and learning.

Hotjar - shows typical human behavior

Hotjar, however would indicate that many people scroll to the solution usually at the bottom and then leave the website - meaning, they are only after the fix of resolving the problem and not the understanding (which I get sometimes that is what’s needed, but if you’re always firefighting and being reactive, you will never see those problems coming until your knee-deep in damage control - being proactive means seeing the problems coming before they impact users and services)
Previous Post Next Post

نموذج الاتصال