Posted by Mitch Mitchell on Sep 14, 2015
By now, almost everyone should have heard about the hacking of the adult cheating site Ashley Madison. Because the hackers decided to release all the information online (actually, I have no idea where they released it because I didn’t care), it’s caused a lot of grief and scandal and a few suicides; come on now, really?
As stupid as it is to join a site like that in today’s world, especially once we hear of all the website and corporations that have been hacked, what seems to be even more stupid are the most common passwords used on the site. Those passwords are: 123456, 12345, password, DEFAULT, 123456789. According to Gizmodo, the only bad password not listed in the top 25 of 2014 was ‘DEFAULT’. The password ‘123456789’ was in 6th place on their list; the other two in the top 5 were ‘qwerty‘ and ‘12345678‘.
Good grief; no wonder so many people seem to get hacked so easily. I mean, I know right now it’s very difficult to stop people who really want to get into your accounts but why make it too easy for them?
Now, I’m not going to act like I’m totally perfect; at least not in the beginning. I never used any of the passwords listed above (thank goodness I wasn’t quite that dumb), but I wasn’t above having very short passwords initially, as well as common names of things that might have been easy to figure out. Then again, back in the day there weren’t as many people hacking into accounts and there weren’t as many sites so we could get away with it.
What made me start changing up my passwords was having my business email account hacked. I never thought about it all that much until I was getting bombarded with email… from myself! lol I’d set up the email account in 2002 and given it a fairly easy password. However, I’d also started using a script on my site that I found online which turned out not to be all that secure.
Thus, I knew a lot of emails were going out in my name, which was painful enough, even after I removed the script. For a few years everything dwindled down and I thought I had it all fixed… until it started up again, this time way more intense than before. It took my hosting company to finally contact me and tell me they believed my account had been hacked for me to realize how stupid I was and to change up all my passwords, making them tougher & harder to break.
On one level that’s perfect; on another… well, I’m betting many of you know the other side. We create tough passwords but if we have a lot of things to get into it makes them difficult to remember. As I sit here right now I know that I only know the username and password for 3 of my 5 blogs, and for maybe 3 or 4 other websites I participate with in some way; that’s it. I’ll admit that I have a file on my computer that has all that information, and for many others I use Keeper, which is on my smartphone and mainly keeps passwords for wifi spots in restaurants I visit often.
We all need to either create very strong passwords or change our passwords at least every 90 days. Some IT authorities believe we should change them every 30 days, and many of you who work in corporate know that’s what you end up having to do.
However, even this might not be enough to keep you from having a bit of grief. I know this because last night I went to GoDaddy to update my subscription for this blog and, even though I’d changed my password a few months ago, I was blocked because apparently there’s someone out there trying to get into my account… probably not me personally but using software trying to get into multiple accounts. Luckily GoDaddy shuts it down after so many attempts, but it seems that changing my password does no good because you can’t change your account number without canceling your account and starting again; nope, I’m not doing that.
Since we can’t attain perfection across the board I warn you to do something to protect your interests. For me, I’d gone with harder passwords so I don’t have to constantly change them. When it comes to your blog, many of you might have missed my post about Limit Login Attempts since I wrote it in 2009, or my post on the Top 10 WordPress Plugin Recommendations I wrote here in May, which includes the one above and a couple others that will help you protect your blog.
Be smart with your passwords and usernames; protect yourself.
Posted by Mitch Mitchell on Jul 24, 2013
I’m someone who has always said that there’s nothing wrong with using free themes for your blog because I don’t believe there’s any inherent SEO benefit to using paid themes. Some claim that they’ve seen their income go skyhigh once they switched, but the overwhelming majority of people don’t make a single dime more than they did using a free theme.
Overall, there’s no major difference between using free or paid except for three things.
One, if you use a free theme at some point you should think about changing up some things here and there so that it truly becomes yours. You’re going to want to do as much as you can to help yourself stand out and become unique if it’s connected with your business model.
Two, because you don’t always know who created the free theme, you might end up having to deal with issues of copyright and images, such as when I wrote this post about images and Getty Images and one of my clients.
Three… totally different matter. Last week a couple of my blogs were hacked, and if you follow that link you’ll find out what I did about it in case you ever go through it yourself. I have lots of protections on my blogs that I thought would take care of such things, and for the most part they worked. But it seems there’s a potential back door, and that’s what I’m warning you about.
Most people don’t ever take a look into the coding that makes up themes; I have. Back in the day I’d learned pretty quickly that often in the footer of some themes there’s some hidden code that links back to a website of the creator, and it’s not always a good thing.
For the first year or so of this blog my top search keywords had to do with credit cards, and I had no idea why because I’d never covered the topic on this blog. Then I learned about the code & footers and I took a look through the Appearance/Editor feature of the blog dashboard, only to discover that I couldn’t see anything in there. What I had to do was download it to my computer, open it up in my HTML program, and run some cool program at the time that revealed the link. Of course I removed it, even though the “license” said you could use the theme if you didn’t make any changes to the footer (oops), and I’ve never had that issue again.
However, what I’d also done back in the day for this blog and my main business blog is download a bunch of themes to test out, selected one, and then moved on with life. On the business blog I changed its theme 3 times before settling on the one it’s got now, but I never changed the theme on this blog once I selected it, though I have modified what it looks like.
The main thing I didn’t do, that ended up causing me major problems and something I’m going to warn you about? I never deleted any of those other themes that I wasn’t ever going to use. I never even thought about it because I never had a reason to look at the Appearance/Themes area ever again. On two of my other blogs I used the same theme I now use on my business blog, as it’s easy to modify and change up, and I modified the theme on my local blog before I ever uploaded it, so no worries there.
The hackers were able to exploit something in one theme on both my business blog and this one; that’s all it took to bring down all my blogs and all my websites, since they’re all on the same server. They didn’t get into anything; I’m not even sure if they were going to try. Lucky for me my hosting company, 1&1, caught the intrusion on their own and locked down all my sites, giving me time to fix things later the next day.
I’m betting that anyone with a blog more than 3 years old has something on it that they’ve forgotten about for years and not even tried to update. This is why there’s always someone warning you about making sure you update your blog software and your plugins, and of course recommending that you backup your blogs whenever possible.
In conclusion, as with anything that’s free you take your chances with free themes, though the same can be said for some paid themes. Your best bet is to go with newer free themes as they’ll have fewer files that can be exploited, and once you select a theme kill all the others you tested and try to make sure there’s nothing hidden in the footer except maybe a link directly to the person who created it. In that regard I don’t mind giving credit where credit is due, as long as there wasn’t anything sneaky in there.
Posted by Mitch Mitchell on May 16, 2013
Before I get into this post, I’d like to mention that I was interviewed for the first time about my finance site, which was pretty cool. I also wrote one of my rare guest posts for Sonia of Logallot titled 7 Certainties Of Blogging That Prevent Boredom. Check those out if you’ve got the stomach for it. 🙂
Last September I wrote a white paper and put it up on my business website for potential clients to download. I decided I wanted to capture email addresses so I could follow up on some of the people who downloaded it. That turned out to be one of the biggest mistakes of my life, and I’m still paying for it. And I should have known better.
It worked pretty well initially, as more than 50 people downloaded it. Then suddenly I started to get a lot of returned email, only I hadn’t sent these emails out. It seemed that my business email address had been scrapped because of the script I used and was now sending spam email blasts out with my email address, though not from my IP; thank goodness!
Not only that, but these scammers have hacked into multiple people’s email accounts, though I haven’t been able to figure out which ones, because every email that comes back my way has a different person’s name on it, and every once in awhile when someone responds to it I can tell that they know the person by name.
I should have known better because this type of thing happened to me back in 2007 as well. At that time I created my newsletter page with a script so that people could give me their email address along with a message and also tell me which newsletter they wanted, as I was writing two at the time. Within months the same thing started happening, though not at the volume and length of time this one is. All I did then was remove the script and it stopped within a few weeks. This time around it’s been almost 8 months; help!
Actually, the official term is spoofing, and it seems there’s little I can do about it except hope it slows down at some point. One blessing is that, unlike years ago, my email address hasn’t been put on a blacklist. That’s because these days IP addresses are logged instead of email addresses, and none of them are coming from my IP.
Most of the time I delete the messages, but every once in awhile I download one and try to track down the IP address, though I know that’s fruitless. And I will download any emails where someone thinks they’re responding to their friend and tell them what’s going on, hoping that they’ll contact their friend and that they didn’t click on the link in the email.
What are the lessons to learn here? Check this out:
1. Find ways to verify any scripts you put on your websites. Maybe instead of just scraping your email address someone will figure out a way to get into your website or blog and hack it; it’s been done often.
2. Make sure that if you’ve got an email address on a site like AOL, Hotmail, Gmail, Yahoo, etc, that your password is strong. Don’t make it easy for scammers to find your stuff; use caps, numbers, symbols if allowed, and try to make your password at least more than 10 characters; I only have one that short.
3. If you ever receive an email from someone you know but there’s no signature file at the bottom of it, don’t open that bad boy. And if most emails you get from your friends don’t have signature files to begin with (shame on them), just look at the email and see if it resembles what you’d normally get from your friends. Some folks are just so trusting…
4. Make sure you have a good antivirus program running just in case you have a lapse of mental faith and decide to click on a link without thinking. Good software will prevent the virus or malware you just invited onto your computer from getting there.
So, feel sorry for me while taking precautions of your own; protect yourself, because there’s a lot of nefarious people out there.
Posted by Mitch Mitchell on Apr 23, 2013
I’ve been experimenting with my videos again. For the last 7 days in a row I’ve put up a video on my main channel, and I also put up one new video on my business channel. I want to talk about this and of course share my channel and one of the videos with you.
A couple of posts ago I talked about the concept of being fascinating while trying to gain more influence. Just before that Brian Hawkins of Hot Blog Tips, one of my Google Hangout buddies, introduced me to a guy named Lamarr Wilson on YouTube. I checked out the video, loved it, started watching a bunch more, then subscribed.
I’ve done this type of thing before, subscribed to a channel I found and watched a bunch of videos, but somehow this guy made a strange impact on me. On one of his videos he talked about taking a challenge and posting a new video 5 days in a row. Then later he extended it, and now he’s got nearly 600 videos on the channel. He also has some good video editing equipment, something I don’t have, and probably a way better camera than I have, but I digress.
Video is the wave of the future and in actuality it’s the best way to get people’s attention now. Who knew who Psy was before Gangham Style last year, which reached a billion views I believe? Look at his latest, which has reached 200 million in a couple of weeks. This type of thing proves that there’s always a possibility of reaching a wider audience if you not only make videos but can find a way to be fascinating while doing so.
However, it probably takes some practice, possibly some editing. I can’t do anything about the editing, but I can do something about the practicing. So I’ve been making videos that don’t necessarily have to coincide with this blog. I’ve done the same with my business video channel, making videos that have to do with business issues but not necessarily tying them all in with blog posts. I can always go back and embed those videos into something later on if they’re pertinent, but for now the idea is to try to create more videos, practice my craft, and build up the portfolio.
The first video in the series was tied into my post titled Using Tragedies To Promote Agendas and it became the first of my videos to ever get 100 viewers; woo-hoo! Every subsequent video… well, not so much. The videos, just like blog posts, take promotion, and I’ve been slow to get there.
That’s one reason for this particular post. I want to promote those other videos by posting one here, then hoping you’ll be encouraged to check out my channel, the link for which is over there to the right, and see what else I might be offering that you might want to check out. Truth be told the last bunch are way different than some of my older videos in that I’m trying to show a bit more personality instead of ranting all the time; don’t get used to the lack of rants though. 🙂
Anyway, the video I’m sharing talks about making videos; talk about timely! I created this video last week and didn’t know I was going to write about it later on; see how this all works? Now, if I’ll only stop yelling at the beginning of each video we’ll be on our way. Oh yeah, a teaching point, one I have to keep reminding myself of. It seems that those people who subscribe to the blog via email don’t ever see the videos, and without a link they don’t have anything they can click on to go see the video. So, what I’m going to try to remember to do is pop the link underneath the video so those folks can partake in the fun; something you should think of as well.
Here we go; enjoy, and comment below.
Posted by Mitch Mitchell on Apr 11, 2013
About two weeks ago I read a post by our buddy Darnell Jackson of youronline.biz titled Is Google Blogger Blocking? His premise was that if you look at your Google Analytics and check to see what keywords you’re being found for that your highest number will be blocked and thus Google’s withholding critical information all of us who do SEO work or try to optimize our content for certain words and phrases can’t fully get the job done. He also sees it as a monetary thing of sorts, and he points to the reality that you could be number one for your search term but if someone ponies up the bucks they’ll actually show up ahead of you.
It’s a post that should be read, and I did leave a comment on it. However, I was getting ready to go out of town for a conference and didn’t have time to really look at it. That’s what this post is about, and it’s not pretty. I agree with Darnell on a lot of it, but I’m not so sure about the money side of it all; here’s my thoughts and research.
I decided to scan the net to see what others were saying about this. I came across many articles for when this first started occurring. What Google determined to do was not show searches for people who were signed into their Google account. They would count the search, but wouldn’t reveal what terms were being searched for. Matt Cutts also stated at the time that this figure would end up being a single digit percentage, which was his way of saying that this information wouldn’t be all that pertinent to us anyway.
You know I had to check that. I went into Analytics and looked at this blog. The terminology Analytics uses is “not provided“, and the percentage of terms it accounts for… 78%! I’m thinking that doesn’t look like a single digit percentage to me. I had to look at my other blogs. My business blog: 85%. My local blog: 55%. My finance blog: 92%. My SEO blog: 74%.
Kind of staggering isn’t it? The remaining search terms make absolutely no sense; there’s nothing one can do with most of them in knowing what to try to work on.
I wondered if it only had this type of effect on blogs, although I was betting the answer would be no. My thinking was that it’s possible that because there’s so much content on blogs when compared to regular websites that maybe the figures would skew differently. The numbers? Main business site: 51%. Secondary business site: 56%. Medical billing site: 34%. Anti-smoking site: 69%. Sales/marketing site: 51%.
This indicates that overall the numbers are lower with regular websites, but they’re still quite punitive aren’t they? Do you think this is helpful at all? What’s the point of having something called Analytics if you can’t get any Analytics? For that matter, why hide search terms when you’re not going to identify the person whose using those terms?
On this front I totally agree with Darnell. It’s unfair and illogical and I’m surprised more people aren’t up in arms about this. Actually that’s not quite true; lots of people wrote about it when it first occurred, but the numbers were much lower then. There are some folks who are writing about it now along with Darnell and myself, such as this article from Website Magazine, but it’s hard to find new stuff. It seems that most SEO folks have resolved to live with it or find another way around it. I have to admit I haven’t paid much attention because I use a Firefox plugin called Rank Checker & type in search terms I’m trying to rank well for on many websites.
Where I don’t agree with Darnell as much is that it’s about money. People have always been able to pay their way to the top, and that hasn’t changed one bit. Instead, what I believe is that Google is working harder on authorship and search related to people we know when we’re signed in.
Over the past couple of years Google seems to have been pushing for “relationship marketing“, if you will, and one of the things I’ve talked about is how you can search for something and see things people you know have either written or recommended in some way before almost anything else. I’m adding the word “marketing” because I think their initial intention was that people would review restaurants and stores and then Google could find ways of contacting those stores, showing them the numbers, and then getting them to pay for extra advertising.
At this point I doubt it’s working quite that way, but I think that’s where they’re going, and though it touches upon money, I think it’s more about relationships, at least right now.
Overall I don’t like it, but other than use something like I’m using there’s little anyone can do about it. Have you checked your Analytics lately? Are some of you using other programs to check statistics with?