Tag Archives: websites

Defend your WordPress site

WordPress can be a terrific website platform. However, its popularity and its open source nature make it a favorite target for attackers. Two real-time defenses:
WordPress logo

  • WordPress Simple Firewall plugin: detects bad behaviors by comment spammers, blacklisted clients. and brute force password crack attempts
  • http:BL WordPress plugin: redirects visitors who are on a public dynamic blacklist to a honeypot page, which is seeded with unique email addresses that can give away spammers.

One plugin that logs malicious activity:

  • SEO Redirection plugin: logs 404 (page not found) errors. Reviewing the log file allows an administrator to block future access of IP addresses that attempted to discover cracks in his or her firewall or execute administrative PHP scripts.Caveat: Use care to ensure that you don’t mistakenly block search engines’ spiders and other legitimate robots. (I’d erroneously blocked three IP addresses that are used by the GoogleBot spiders. That explains why the website suddenly disappeared from Google’s search results.  D’oh!)

I use and recommend all three of these WordPress plugins on self-hosted WordPress installations. They work. I’m amazed by the persistence of attackers on my WordPress sites. (Most attacks originate from Russia, Ukraine, China, Netherlands, Germany.)

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Advertisements

If this then that

A new site, If This Then That (https://ifttt.com), has begun to offer their beta version of an interesting service. IFTTT (pronounced “Gift” without the G) will do something (defined by you) when a web-based event (also defined by you) occurs. My first impression is that it’s a very high-level simple scripting language with hooks across the web and an easy-to-use graphical programming interface. The creator, Linden Tibbets, describes IFTTT.

ifttt-channelsIFTTT calls user-defined functions “Recipes”. The This part of a Recipe is a Trigger. Some example Triggers are “I’m tagged in a photo on Facebook” or “I check in on Foursquare.” Actions can be triggered by events within an impressive selection of domains (which IFTTT calls Channels): stocks, weather, ESPN, Craigslist, social networking sites, Twitter, Youtube . . . 44 in all.

In a few seconds I created a recipe that sends my cell phone a text message when it’s raining in my zip code. They suggest a recipe that will send me a text message when tomorrow’s forecast calls for rain, which is probably more sensible. Another recipe that interests me is “Email me when a new version of WordPress is released”.

For a beta product, IFTTT looks very polished. Its account creation process was painless and creating a recipe was easy. Give it a try.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

3 Writing Evaluation Tools

I ran text samples through three on-line writing analysis tools that are recommended by Doris & Bertie’s Good Copy, Bad Copy blog. The WritersDiet Test returns the most useful results, together with customized suggestions to improve your writing. The other two tests report details such as sentence length and readability.

The tests confirmed my opinion: many corporate and academic documents are horrible! The tests judged my writing to be surprisingly good and at the reading level of a US high school senior. Still, there’s always room for improvement. I’d like to make my writing easier to read. I’ll begin submitting my prose to these tests. We’ll see if it improves.

I think that Doris and Bertie’s summary of these tests is spot-on. They’re on-line so there’s nothing to install. I thank Doris & Bertie for the links. The three tests are:

  1. The WritersDiet Test
  2. Gunning Fog Index
  3. Drivel Defence for Text

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Dudu.com multilingual social networking site unavailable in U.S.

Facebook continues to lead the social networking market, but it assumes that all “friends” speak the same language. Last year, Facebook helped bridge the language gap between people when it acquired Instagram, which allows people to communicate visually, independent of human language. Now Dudu.com attempts to provide a single meeting place for people, even if they speak different languages. Dudu provides automated translation services for English, Russian, and Arabic speakers. Mobile apps for both Apple IOS and Android devices are available for free.
dudulogo
Dudu is based in Dubai and hosted in Germany. Last year, they paid $1 million for the dudu.com domain name.

Dudu.com was on-line a few days ago, but today its DNS record in the U.S. has been clobbered, and while a server responds to pings sent to its IP address (144.76.12.138), its webserver doesn’t serve pages, at least when trying to connect from a U.S.-based IP address. When connecting via a proxy server in France, though, it does work. Why? I don’t know. It’s not a good sign, especially for an enterprise that spent all that money on its domain name. Maybe there’s no money left for server security.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Common Crawl provides public access to its huge web index.

Google is a powerful search engine, as are Bing, Yandex, et al, but they’re all proprietary: their spiders crawl the web and vacuum-up information which they store within their own walls. (Google calls its web index BigTable.) Yes, we can use their search engine user interfaces, but exactly what algorithms they use remains proprietary and for the most part, secret.

SpiderCommon Crawl Foundation (Commoncrawl.org) was created in 2007 with the goal of crawling the web and making the discovered information available to the public, to do with as it pleases. Common Crawl claims to have stored about six billion web pages in their index and they publish a free library of program code to access it.

Applications that use the Common Crawl index are beginning to appear. Lucky Oyster uses the Common Crawl index to reveal previously hidden social networking relationships to users.

MIT’s Technology Review published an article recently that speculates that, thanks to Common Crawl, now Google-scale start-ups can get underway without having to crawl the web themselves, dramatically reducing their need for capital. Walled gardens such as Facebook and LinkedIn block spiders from crawling their sites — they’re all about locking up information. It’ll be fun to watch the tug of war between the proprietary and the open model in the web search arena, My money is on the open model.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

View web statistics.

Would you like to see how operating systems ranked in popularity across the web during the past month? You can see that and more web client statistics here. Statcounter.com gathers and displays data on

Operating systems stats Browser
Browser Version
Mobile Browser
Operating System
Mobile OS
Search Engine
Mobile Search
Mobile vs. Desktop
Screen Resolution
Mobile Screen Resolution
Social Media
Mobile Vendor (Beta)

These data are collected by three million websites across the globe. Read statcounter.com’s FAQ.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Office Live is dead, mostly.

Microsoft tries a slightly different approach to keeping MS Office, their cash cow, healthy.

drawing: Microsoft

In 2007, Microsoft offered a fantastic deal: sign up for Office Live Small Business, register a domain name with them, host your modest website with them, create a blog on their platform, and share Office documents with your colleagues — all for little or nothing. I’ve been hosting my website and email there since 2007. They offered enhancements, including a storefront, for modest monthly fees. The collaboration portion was supposed to sell more copies of Microsoft Office.

I suspect that many Office Live users picked and chose: I used the website and email mailbox hosting services, but used OpenOfffice (cost $0) rather than Microsoft Office (cost $479).

For a couple of years it looked like Microsoft poured major effort into Office Live, but it suffered from lack of focus. About 2009, they began pulling the plug on it: they discontinued the storefront and blogging platform (“Microsoft Spaces”). Then development stopped. In 2010 they announced that they intended to kill Office Live and transition its users to a new product, dubbed Office 365.

I lost track of how many delays followed that announcement. During this time I looked at the transition procedure. I expected to see a simple procedure, but instead found a nightmare of confusing and incorrect documentation. It showed the usual lack of focus, as though people who never worked together or even spoke the same language had thrown together the mess that they called “The Transition Guide”.

I was sure that before the drop-dead deadline of April 30, Microsoft would produce a wizard that would ease the transition. I was wrong. They didn’t. In April I rolled up my sleeves and began transitioning my Office Live data to Office 365, and did the same for about a half-dozen clients.

Office 365 seems to be based upon the Software as a Service (“SAS”) model: you rent Microsoft Office from Microsoft for a monthly fee of $6.00 per user. I’ll continue to use Open Office instead.

I just heard that Microsoft has kept the email portion of Office Live, hosted by Hotmail, alive for one more month. I just tested mine. It is indeed alive.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Caveat emptor: AT&T Advertising Solutions

AT&T Advertising Solutions uses the tactics of used car salesmen.

 

illustration by Russ Bellew

Within the past week, my suspicions about the way that AT&T Advertising Solutions handles SEO (Search Engine Optimization) were confirmed by the experience of a new client. When AT&T Advertising Solutions creates and hosts a website, they deliberately request that Google not add that website’s pages to Google’s index. (This is probably done within a website’s robots.txt file.) This prevents the website from being found via a Google search for keywords that are contained within the website’s pages. Your website can’t be found by searching for your keywords!

Then AT&T Advertising Solutions tries to upsell their “SEO Services”, which consist of, at the onset, merely allowing Google to add the new website’s pages to Google’s index. (A website administrator could do this in minutes by deleting one slash character “/” from the website’s robots.txt file.)

Sleazy used car sales tactic

The amazing thing about this is that, by default, Google would have eventually discovered and indexed the new website. Instead, AT&T goes out of their way to prevent Google from indexing your new website. This is like removing the windows from a car, selling that car without windows, and demanding more money when the customer asks, “May I have the windows, please?”.

What are your experiences with AT&T Advertising Solutions?

  • Update, October 2015: This shady operation was spun off by AT&T in 2012 and now is named YP LLC. It uses the trade name YP Marketing Solutions. Same sleazy tactics. Numerous consumer complaints.
Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Google Analytics Premium is now available (at a premium).


Google Analytics Premium website
Graphic: Google
Google introduces Google Analytics Premium. When they say “Premium”, they aren’t kidding: it costs $150,000 per year.

Google Analytics is a website owner’s favorite tool for analyzing website usage: it shows where users came from, their geographical location, what pages they visited, how long they lingered, etc. It’s available free of charge from Google.

One limitation of Google Analytics is that its website usage reports are delayed by 24 hours. If you can’t wait that long, now you can sign up with Google Analytics Premium. It offers real-time website usage information, training, a Service Level Agreement (SLA), 24 hour telephone support, and a dedicated account executive. Its cost: $150,000 per year.

For high-volume e-commerce sites with time-sensitive items (think eBay, Amazon, etc.), Google Analytics Premium may make sense.

For now, I’ll remain with the plain-Jane free of charge Google Analytics.

Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

Ask Google what malware it’s found on any website

Detail from “The Procession of the Trojan Horse in Troy” by Giovanni Domenico Tiepolo, who died in 1804.
You can ask Google if it has detected malware or similar problems on any website.
For starters, click the following URL:
Here’s what Google reported about myspace.com a few minutes ago:
What happened when Google visited this site?
Of the 31916 pages we tested on the site over the past 90 days, 72 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-17, and the last time suspicious content was found on this site was on 2009-09-17.
Malicious software includes 77 scripting exploit(s), 5 trojan(s), 1 worm(s).
Malicious software is hosted on 45 domain(s), including <deleted>.
31 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including
<deleted>.
This site was hosted on 29 network(s) including <deleted>.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, myspace.com appeared to function as an intermediary for the infection of 1 site(s)  . . .

 

You can test Google’s safe browsing analyzer on other sites by, within your browser’s address bar, changing myspace.com to another site of interest.
Recent articles about Facebook and Myspace dangers:
Thanks to Steve Gibson’s latest Security Now! podcast for this tip.

 

 

Giddyap! It’s fun to watch customers succeed.

rider: Dave Moore

Kim Moore, a student of mine, owns a horse stable and riding school. She told me last week that her husband and business partner, Dave, just won the Florida Derby. There’s a great Youtube video of Dave putting his horse through its paces in the competition: http://www.youtube.com/watch?v=iSsc06LYDwg

It’s an amazing performance. I like the part when it seems that Dave shifts the horse into reverse gear and the horse just backs up. Kim tells me that the rider is judged, among other things, on how little he relies upon the reins. She says that Dave communicates with the horse through his legs and riding position.
Orphaned website
When I first met Kim, her business had a website, but it was old and its pages were out of date. It needed to be freshened up. There was just one problem: she lacked administrative rights to her own website. (This happens a lot.) It was hosted at www.register.com, who helped her gain admin rights. Kim has recently created an entirely new website for her business: http://www.davemoorereining.com.

View websites as they once were.

The web's wayback machine
Illustration:
Jay Ward

If you are of a certain age, you may recall an animated cartoon series titled Peabody’s Improbable History, which involved a clever machine (called a wayback machine) that could transport people (and dogs) back in time. The same animators turned out the delightful Rocky (the squirrel) and Bullwinkle (the moose) cartoons.

There’s a similar “machine” on the web, which allows us to view websites as they were in the past. It’s also called “the wayback machine” and is available here: http://www.archive.org/web/web.php.

I don’t know if these web page “snaphots” are admissible as court evidence, but I’m sure that investigators of all sorts use “the way back machine”.

While you’re poring through the Internet’s archives, have a look here: http://www.archive.org/index.php. The Internet Archive is an impressive enterprise.

Visit my website: russbellew.com