A very peculiar thing with the RSS feeds for some of the blogs that I read has happened since yesterday.
I use FeedDemon version 1.5 (the latest version). If you’re familiar with FeedDemon, you’ll know that you have channel groups that contain individual channels (the RSS feeds) of blogs you select to receive the feeds.
This morning I noticed that one of my channel groups showed no updated feeds since yesterday morning. Yet the channel group concerned lists the feeds from blogs that are frequently updated, many times a day in many cases. A quick check of some of those blogs shows lots of updated posts, but none of the RSS feeds in Feed Demon shows those posts.
I posted a comment in the Feed Demon support forum about it. Then, I checked a little further into the properties of each of the channels – and discovered that the feed URL in every single channel in this group (28 channels) has been changed to something else, as this screenshot for one of those feeds shows.
Wow! I’ve not encountered anything like this before. Something has hijacked the RSS feed URLs for every single channel. So every time the channels in this group check for updates (that’s once per hour), it’s going to this hijacker URL. And what’s happening then, I wonder?
This may be coincidental, but the only thing I can think of that might be the cause for this is that I’ve been connected to ‘foreign’ networks for the past couple of days when I was in Paris for Les Blogs. So yesterday I was connected to the network at my hotel. Yet there was nothing that would indicate to me that anything untoward was going on.
I don’t believe for a minute that this is a Feed Demon issue, although if it’s a virus or trojan or something, maybe it might be of concern to Nick Bradbury, Feed Demon’s developer, that something like this could happen.
So I’m now running a deep scan of my PC with Norton AntiVirus as well as checking for spyware with Microsoft AntiSpyware to see if that turns up anything.
Has anyone else experienced anything like this?
Update: Problem identified thanks to Nick Bradbury. Not a virus nor a trojan, but a very poorly behaved wi-fi network in my Paris hotel. See the comments for details.
Hijacked RSS Feeds
Neville Hobson has had some of his RSS feeds hijacked. Read his detailed account. It will be interesting to see how this came about, i.e. Feed Demon issue or a hack on the web server hosting the RSS feeds. Back…
Hi Neville,
I know what happened here, and luckily it’s not a virus (although it’s almost as annoying). I’ll need to provide some technical background to explain the problem, so here goes:
Whenever any program contacts a web server, the server returns a status code which lets the program know the status of the file being requested. Among those status codes are two designed to enable redirects. HTTP status 301 means the requested URL has moved permanently, while HTTP status 302 is a temporary redirect. When a server returns a permanent redirect (301), the program requesting the URL should – if possible – remember the redirected location, as described by the W3C:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
When you use a WiFi provider such as the one you used in the hotel, they redirect HTTP requests through their service, and they should be using temporary redirects (302). Unfortunately, I’ve heard reports such as the one linked below of WiFi providers using *permanent* redirects:
http://www.iunknown.com/CommentsWithEntry.aspx?EntryId=8492bcd0-b916-462b-aabf-22dc4e5ea101
In other words, some mis-behaved WiFi providers give permanent redirects for every single URL you request while using their service, which is obviously a bad mistake on their part.
Now, when most RSS aggregators encounter a permanent redirect, they change the stored feed URL to point to the new location (as they should). This is important, since it enables feed producers to move their feeds around without affecting those reading their feeds. The problem, of course, is that accessing your feeds through a misbehaved WiFi provider like the one you used will cause all of your feed URLs to be changed.
I have experimented with alerting the user when a feed is redirected, but it’s such a common thing that it results in alerts popping up all the time. Perhaps a better solution would be for FeedDemon to show an informational dialog the first time a permanent redirect is encountered, which would describe the above problem and provide a way to temporary disable the redirects when using a WiFi provider.
Nick, many thanks indeed for that clear explanation.
After running antivirus and spyware checks turned up nothing amiss on my system, and if FD wasn’t the culprit, then I suspected that it must something related to yesterday’s hotel wi-fi connection. Indeed, reading the post you linked to (the second link in your comment) confirms this.
John Lam, the poster, talks about precisely what I did on Monday night – left my PC on all night with FD running so it could update overnight. FD was open in the channel group concerned which updates every hour. What he explained in his experience looks like what happened in mine. And of course, it also explains why only this channel group was affected.
Again, thanks for clearing this up. Your thought re a one-time FD alert is a good one, I think.
So now I need to re-do all 28 channels in my affected group. Note to self: remember to export all RSS channels to OPML files as backups before you go on your next trip…
Hi Neville,
funny that one, exactly same happened to me. My NetNewsWire in OS X would not refresh at all until kill and restart. And of course, never killed it, nor restarted since sitting in the Senate 🙂
BTW, enjoyed talking to you in Paris!
Détournement de flux RSS ?
C’est une expérience désagréable que relate Neville Hobson.
Les faits:
Après un séjour dans un hôtel parisien, Neville constate un matin que les adresses des flux RSS stockées dans son agrégateur ont été modifiées. Que s’est il passé ?
L’explica…
probably not hijacked
Doc reports that Neville Hobson is seeing his RSS feeds
Hi Sig. I heard about wi-fi woes from quite a few people in Paris. Not so much the overload at the Senat but just unable to connect. Stories like two people stting next to each other, one gets a signal the other doesn’t. Or one using a Mac, the other a Windows PC, where one gets a signal and the other doesn’t.
Similar woes re our colleagues from the US with their cell phones and weirdness in making calls, but that’s another story…
Great talking to you as well!