Category Archives: Internet

Why Are We So Lazy With Our Passwords

By now, almost everyone should have heard about the hacking of the adult cheating site Ashley Madison. Because the hackers decided to release all the information online (actually, I have no idea where they released it because I didn’t care), it’s caused a lot of grief and scandal and a few suicides; come on now, really?

Linux password file
Christiaan Colen via Compfight

As stupid as it is to join a site like that in today’s world, especially once we hear of all the website and corporations that have been hacked, what seems to be even more stupid are the most common passwords used on the site. Those passwords are: 123456, 12345, password, DEFAULT, 123456789. According to Gizmodo, the only bad password not listed in the top 25 of 2014 was ‘DEFAULT’. The password ‘123456789’ was in 6th place on their list; the other two in the top 5 were ‘qwerty‘ and ‘12345678‘.

Good grief; no wonder so many people seem to get hacked so easily. I mean, I know right now it’s very difficult to stop people who really want to get into your accounts but why make it too easy for them?

Now, I’m not going to act like I’m totally perfect; at least not in the beginning. I never used any of the passwords listed above (thank goodness I wasn’t quite that dumb), but I wasn’t above having very short passwords initially, as well as common names of things that might have been easy to figure out. Then again, back in the day there weren’t as many people hacking into accounts and there weren’t as many sites so we could get away with it.

What made me start changing up my passwords was having my business email account hacked. I never thought about it all that much until I was getting bombarded with email… from myself! lol I’d set up the email account in 2002 and given it a fairly easy password. However, I’d also started using a script on my site that I found online which turned out not to be all that secure.

Thus, I knew a lot of emails were going out in my name, which was painful enough, even after I removed the script. For a few years everything dwindled down and I thought I had it all fixed… until it started up again, this time way more intense than before. It took my hosting company to finally contact me and tell me they believed my account had been hacked for me to realize how stupid I was and to change up all my passwords, making them tougher & harder to break.

On one level that’s perfect; on another… well, I’m betting many of you know the other side. We create tough passwords but if we have a lot of things to get into it makes them difficult to remember. As I sit here right now I know that I only know the username and password for 3 of my 5 blogs, and for maybe 3 or 4 other websites I participate with in some way; that’s it. I’ll admit that I have a file on my computer that has all that information, and for many others I use Keeper, which is on my smartphone and mainly keeps passwords for wifi spots in restaurants I visit often.

We all need to either create very strong passwords or change our passwords at least every 90 days. Some IT authorities believe we should change them every 30 days, and many of you who work in corporate know that’s what you end up having to do.

However, even this might not be enough to keep you from having a bit of grief. I know this because last night I went to GoDaddy to update my subscription for this blog and, even though I’d changed my password a few months ago, I was blocked because apparently there’s someone out there trying to get into my account… probably not me personally but using software trying to get into multiple accounts. Luckily GoDaddy shuts it down after so many attempts, but it seems that changing my password does no good because you can’t change your account number without canceling your account and starting again; nope, I’m not doing that.

Since we can’t attain perfection across the board I warn you to do something to protect your interests. For me, I’d gone with harder passwords so I don’t have to constantly change them. When it comes to your blog, many of you might have missed my post about Limit Login Attempts since I wrote it in 2009, or my post on the Top 10 WordPress Plugin Recommendations I wrote here in May, which includes the one above and a couple others that will help you protect your blog.

Be smart with your passwords and usernames; protect yourself.
 

A Big Danger With Free Themes

I’m someone who has always said that there’s nothing wrong with using free themes for your blog because I don’t believe there’s any inherent SEO benefit to using paid themes. Some claim that they’ve seen their income go sky high once they switched, but the overwhelming majority of people don’t make a single dime more than they did using a free theme.

free 'sweet' hugs

Jesslee Cuizon via Compfight

Overall, there’s no major difference between using free or paid except for three things.
Continue reading A Big Danger With Free Themes

I’m A Spammer! Well, Not Quite…

Before I get into this post, I’d like to mention that I was interviewed for the first time about my finance site, which was pretty cool. I also wrote one of my rare guest posts for Sonia of Logallot titled 7 Certainties Of Blogging That Prevent Boredom. Check those out if you’ve got the stomach for it. 🙂

Last September I wrote a white paper and put it up on my business website for potential clients to download. I decided I wanted to capture email addresses so I could follow up on some of the people who downloaded it. That turned out to be one of the biggest mistakes of my life, and I’m still paying for it. And I should have known better.

Dean Studios (Des Moines, IA) Advert,  Early 1960s
Joe Wolf via Compfight

It worked pretty well initially, as more than 50 people downloaded it. Then suddenly I started to get a lot of returned email, only I hadn’t sent these emails out. It seemed that my business email address had been scrapped because of the script I used and was now sending spam email blasts out with my email address, though not from my IP; thank goodness!

Not only that, but these scammers have hacked into multiple people’s email accounts, though I haven’t been able to figure out which ones, because every email that comes back my way has a different person’s name on it, and every once in awhile when someone responds to it I can tell that they know the person by name.

I should have known better because this type of thing happened to me back in 2007 as well. At that time I created my newsletter page with a script so that people could give me their email address along with a message and also tell me which newsletter they wanted, as I was writing two at the time. Within months the same thing started happening, though not at the volume and length of time this one is. All I did then was remove the script and it stopped within a few weeks. This time around it’s been almost 8 months; help!

Actually, the official term is spoofing, and it seems there’s little I can do about it except hope it slows down at some point. One blessing is that, unlike years ago, my email address hasn’t been put on a blacklist. That’s because these days IP addresses are logged instead of email addresses, and none of them are coming from my IP.

Most of the time I delete the messages, but every once in awhile I download one and try to track down the IP address, though I know that’s fruitless. And I will download any emails where someone thinks they’re responding to their friend and tell them what’s going on, hoping that they’ll contact their friend and that they didn’t click on the link in the email.

What are the lessons to learn here? Check this out:

1. Find ways to verify any scripts you put on your websites. Maybe instead of just scraping your email address someone will figure out a way to get into your website or blog and hack it; it’s been done often.

2. Make sure that if you’ve got an email address on a site like AOL, Hotmail, Gmail, Yahoo, etc, that your password is strong. Don’t make it easy for scammers to find your stuff; use caps, numbers, symbols if allowed, and try to make your password at least more than 10 characters; I only have one that short.

3. If you ever receive an email from someone you know but there’s no signature file at the bottom of it, don’t open that bad boy. And if most emails you get from your friends don’t have signature files to begin with (shame on them), just look at the email and see if it resembles what you’d normally get from your friends. Some folks are just so trusting…

4. Make sure you have a good antivirus program running just in case you have a lapse of mental faith and decide to click on a link without thinking. Good software will prevent the virus or malware you just invited onto your computer from getting there.

So, feel sorry for me while taking precautions of your own; protect yourself, because there’s a lot of nefarious people out there.
 

Google Analytics And Your Blocked Keywords

About two weeks ago I read a post by our buddy Darnell Jackson of youronline.biz titled Is Google Blogger Blocking? His premise was that if you look at your Google Analytics and check to see what keywords you’re being found for that your highest number will be blocked and thus Google’s withholding critical information all of us who do SEO work or try to optimize our content for certain words and phrases can’t fully get the job done. He also sees it as a monetary thing of sorts, and he points to the reality that you could be number one for your search term but if someone ponies up the bucks they’ll actually show up ahead of you.

Bank of America security trying to prevent me from taking a photo during the Iraq war protest
Steve Rhodes via Compfight

It’s a post that should be read, and I did leave a comment on it. However, I was getting ready to go out of town for a conference and didn’t have time to really look at it. That’s what this post is about, and it’s not pretty. I agree with Darnell on a lot of it, but I’m not so sure about the money side of it all; here’s my thoughts and research.

I decided to scan the net to see what others were saying about this. I came across many articles for when this first started occurring. What Google determined to do was not show searches for people who were signed into their Google account. They would count the search, but wouldn’t reveal what terms were being searched for. Matt Cutts also stated at the time that this figure would end up being a single digit percentage, which was his way of saying that this information wouldn’t be all that pertinent to us anyway.

You know I had to check that. I went into Analytics and looked at this blog. The terminology Analytics uses is “not provided“, and the percentage of terms it accounts for… 78%! I’m thinking that doesn’t look like a single digit percentage to me. I had to look at my other blogs. My business blog: 85%. My local blog: 55%. My finance blog: 92%. My SEO blog: 74%.

Kind of staggering isn’t it? The remaining search terms make absolutely no sense; there’s nothing one can do with most of them in knowing what to try to work on.

I wondered if it only had this type of effect on blogs, although I was betting the answer would be no. My thinking was that it’s possible that because there’s so much content on blogs when compared to regular websites that maybe the figures would skew differently. The numbers? Main business site: 51%. Secondary business site: 56%. Medical billing site: 34%. Anti-smoking site: 69%. Sales/marketing site: 51%.

This indicates that overall the numbers are lower with regular websites, but they’re still quite punitive aren’t they? Do you think this is helpful at all? What’s the point of having something called Analytics if you can’t get any Analytics? For that matter, why hide search terms when you’re not going to identify the person whose using those terms?

On this front I totally agree with Darnell. It’s unfair and illogical and I’m surprised more people aren’t up in arms about this. Actually that’s not quite true; lots of people wrote about it when it first occurred, but the numbers were much lower then. There are some folks who are writing about it now along with Darnell and myself, such as this article from Website Magazine, but it’s hard to find new stuff. It seems that most SEO folks have resolved to live with it or find another way around it. I have to admit I haven’t paid much attention because I use a Firefox plugin called Rank Checker & type in search terms I’m trying to rank well for on many websites.

Where I don’t agree with Darnell as much is that it’s about money. People have always been able to pay their way to the top, and that hasn’t changed one bit. Instead, what I believe is that Google is working harder on authorship and search related to people we know when we’re signed in.

Over the past couple of years Google seems to have been pushing for “relationship marketing“, if you will, and one of the things I’ve talked about is how you can search for something and see things people you know have either written or recommended in some way before almost anything else. I’m adding the word “marketing” because I think their initial intention was that people would review restaurants and stores and then Google could find ways of contacting those stores, showing them the numbers, and then getting them to pay for extra advertising.

At this point I doubt it’s working quite that way, but I think that’s where they’re going, and though it touches upon money, I think it’s more about relationships, at least right now.

Overall I don’t like it, but other than use something like I’m using there’s little anyone can do about it. Have you checked your Analytics lately? Are some of you using other programs to check statistics with?
 

What’s Your Traffic Looking Like Lately?

Most of us track our traffic in one way or another. I’m not necessarily always checking mine, but I have a plugin on Firefox that tells me the Alexa rank for every website I visit, including my own.

sydney road sundays
Jes via Compfight

Lately I’m not happy with what I’m seeing. Except for one of my sites, my traffic is dropping across the board. And I don’t mean by a little bit either. In just a few weeks traffic has nosedived, and I’m at kind of a loss to explain it. All my blogs and websites are showing decreases. The one site that’s not showing a decrease is one where I’ve added new content when it hadn’t had anything new in almost 9 months, so it’s being paid attention to again.

The only connection I have to lower traffic, and it makes no sense, is the addition of CommentLuv Premium to the site. I decided to finally go ahead and bite the bullet because in the back of my mind I see the day when the free one won’t be supported anymore, along with the Growmap Antispybot plugin and some others, and as the reduced rate it seemed like the smart way to go.

CommentLuv usually helps promote traffic, especially if you have the dofollow attribute set, but for whatever reason my traffic has dropped on all my blogs, and it coincided with my adding it. Maybe my settings aren’t correct; maybe I’m blocking something that shouldn’t be blocked; I’m not sure.

On the flip side, comments have remained steady. If those had dropped as well I’d be worrying more than I am. And my Feedburner subscriptions haven’t fallen, so that’s a good deal as well.

I will continue monitoring traffic to see if it starts to improve any, but it’s possible that it’s the season that’s making it fall some. As it gets close to this particular holiday season, traffic often drops. When I looked at last year I saw that traffic dropped almost 20% in December when compared to November, and in 2010 it dropped 25% in the same time period.

So maybe the coincidence with CommentLuv is just that. Maybe it’s just historical precedence taking over. The same thing happens with people being admitted to the hospital by the way; more people get admitted during winter than they do in the summer. Just a little bit of trivia to make your day go well. 🙂