Category Archives: Web Stuff

Hacked, And How I Recovered From It

In July 2013, on a Monday night, as I was getting ready to head to bed, I started having some trouble on one of my blogs. I didn’t think much of it, figuring all would be right the next morning.

SIGNAGE
Neal Fowler
via Compfight

Next morning I woke, came to the computer and tried to access that blog; access denied. I then tried accessing other blogs; some I could see, others said access denied. I then tried to look at my websites; some I could see portions, others access was denied; yeah, that’s a big problem.

I called my friend Kelvin, with whom I share the space, and asked him to look into it, as I had to get to work. He wrote me with the bad news; per the host, I’d been hacked through two of my blogs. Luckily, the host caught the attack and froze access, which was why I couldn’t access anything. He forwarded me the email which explained part of the problem, and what I had to do to fix it.

When I got back to the hotel (as I’m out of town right now) I went to work on the problem. I’m telling you what I did so and what you should do if it happens to you you’ll be able to fix it quicker than I did.

First, the email mentioned that I’d been hacked through the footer of themes on two different blogs that I wasn’t using. Truthfully, when I saw the names I didn’t even remember having those themes on those sites. It didn’t matter; they had to go. The email recommended certain files to remove through a FTP (file transfer protocol) program. I mainly use WS-FTP, but I’m going to recommend Filezilla for those times when you have to delete lots of stuff. WS-FTP lets you delete things, but it won’t delete any folders that have files in them, which can be a pain as I’ll bring up; Filezilla will take care of the entire thing for you.

I went in & deleted the files recommended, and while I was at it I decided to delete the entire theme as well off both blogs. However, all my sites were still closed down afterwards.

The next thing it recommended was for me to go in and update all the software on my blogs. Here’s where, if I’d known something I’ll mention in a little bit, I’d have bypassed. The reason I’d have bypassed it is because I had already updated all the blogging software; all I ended up doing later on was delete and re-add what I already had. If I hadn’t updated it would be a different story; I wasted a lot of time on this step, one I could have skipped if I’d had Filezilla already on my laptop, as I have it on my main computer at home.

Hacked
Nina Helmer
via Compfight

Here’s the problem. My assumption was that the hack, which wasn’t major but still problematic, had infiltrated all my sites. What happened instead is that once my host, 1&1, locked everything down, it shut down all my sites, not just the two blogs that were hacked. If I’d thought of what I’m about to tell you now I’d have saved at least 3 1/2 hours, as I spent 4 1/2 hours on the problem.

The other thing I want to tell you about is using free themes from other people. Most people who create free themes add things into the footer and hide them with some type of scrambling program. I learned that a long time ago when one of my blogs was being found for certain terms that I’d never written about. I obtained some software so I could see what was in there, stripped it out, and never had another problem with those terms after a month or so.

However, the blogs hacked are my oldest blogs, and I had downloaded a bunch of other themes that I never used, thus I never thought about those footers. I got away with it a long time, but in retrospect I should have deleted themes I was never going to use, other than those that WordPress gives you; take that as a major hint and recommendation.

Anyway, I spent hours deleting files and folders, first with WS-FTP, which took a very long time on the one blog I used it for, then with Filezilla, which went way faster but I’m on a hotel’s internet connection, not the speedy 30 MBPS I have at home, so it still took awhile. Truthfully, it’s possible that if I hadn’t reloaded that software I might not have been able to get into my dashboards and would have still had to go through the process, but I should have done this other thing first, which would have been a snap and maybe might have saved a lot more time.

Ondra  Soukup via Compfight

When the host locked down my sites, what they did was change the file permissions to 644, which basically shuts everything down; at least it did for me, as I couldn’t see any of my files online, though I could get in through the FTP. To make sure everyone else can see what you want them to see, you need to change the file permissions to 755.

You can do this a number of ways, but the fastest and easiest way to do it is to use a FTP program that can do it for you. WS-FTP can’t do it, but Filezilla can. I went online and downloaded it, as it’s free, loaded it up, then used the username & password that accesses all my sites at once so I could work on multiple accounts at the same time. What you do is right click on the file or folder you want to be accessible, see what the permission is, and change it by typing in 755 over the 644 or, possibly, xxx if that’s what you see. Then you hit okay and it releases those files and your stuff can be seen once more. When I was done, all my sites were back up, looking like they were supposed to; whew!

By the way, you might have an occasion to have files on your site which you don’t want anyone to know exists, hence you’ll want to be perspicacious in determine whether you want all your folders or files having their permissions changed.

Here are the major lessons to take away from here.

Preparing maize samples for molecular analysis, Kenya
International Maize
and Wheat Improvement Center

via Compfight

One, stay cool; by staying cool I didn’t do anything really stupid.

Two, if you don’t already have a preferential FTP program I’d recommend Filezilla. The program I use is pretty old, but I’m most comfortable with it for the most part, even if it can’t do everything Filezilla can.

Three, follow the initial instructions recommended by deleting bad stuff they tell you to get rid of.

Four, I should have tested the file permissions on one of my blogs first to see if I could regain access and if I could get into my dashboard before reloading everything; I could have always done it if I hadn’t gained access after the test.

Five, always keep your software up to date when recommendations for upgrading come your way for security reasons. At least I had that part covered.

And six… well, lucky for me I was hacked only to mess with me. They couldn’t get into my blogs or content because I have some plugins on it that protects the blogs, as well as passwords hard enough to figure out to make it more of a chore. That and quick thinking from my host saved me.

Lots to learn here; I hope it helps someone in the long run if this situation comes your way.
 

Digiprove sealCopyright secured by Digiprove © 2014 Mitch Mitchell

Basic Ways People Make Money With Their Websites

Whether you have a business website or are trying to make money off the web, invariably just being online offers you the opportunity to make money in some fashion. Many people have an idea of what making money online means to them, but it’s often a limited view, which you’ll see if you visit “make money” websites or blogs. I’m going to give you some of the basic ways that people make money, whether directly or indirectly, and a general idea of how it’s done; I’m betting most of you know these ways already.

Pretty Penny
JD Hancock via Compfight

One, you can make money by selling products. This is the easy one that most people think of, as you can sell products you make or products someone else makes. Affiliate marketing works well for some people who have niche blogs or websites.

Two, you can make money by selling services. You find this more often with people that offer coaching, counseling or consulting services.

When you think of this model, you have to think both short term and long term marketing. For instance, if I have a link up it means I’m trying to sell short term services; not necessarily that I’m hoping you’ll only use me once and go away, but these are immediate services that I want to be paid up front for.

When you have a business website and you provide services, most probably you’re working on long term services, which doesn’t mean you only offer services that last a lifetime, but are looking to build your authority and presence over time so that you can become known as an expert and thus charge more for your services.

Three, you can make money by accepting advertising. Within this model you can include things like Google Adsense and other pay-per-click (PPC) or pay per subscriber/buyer models. If you have a business website you should think long and hard as to whether you want any type of advertising on your site because there’s the potential of you sending people away. However, if you have other sites like blogs that don’t talk about business specifically, accepting advertising is a great way to build income, but you have to be cautious in how you do it.

Advertising can also take other forms. If you write a blog on a certain subject you’ll often have someone ask if they can pay for a link on an article that pertains to what they do. That’s one of the powers of being a prolific writer; there’s always someone willing to pay for some authority to link back to their site. Being known as a publisher or content curator of original information can pay well.

You need to evaluate your business to determine what your websites goals are. If you’re highlighting your business, then stay away from many forms of advertising. If you’re somewhat flexible, there are lots of options you can explore.
 

Digiprove sealCopyright secured by Digiprove © 2014 Mitch Mitchell

What Passes For Good Information Might Not Be

By now those of you who are using WordPress as your blogging platform of choice know that there’s an update, 3.9. It’s definitely changed some things, including overriding some of my settings for how I have my admin area colorized, but I’m going to let that go… for now…

panel01

Instead, I want to key on something you might not have noticed yet. If you look at the comment section of your admin area, underneath the names of people who comment on your blog you’ll now see this number. It shows how many times someone has commented on your blog; cool eh?

I thought that this would be cool to use because maybe I’d want to write a post showing how many people have commented often and how often they’ve done so. Then I looked deeper at it.

As an example I’m showing a strip of my admin panel (so, my colors are funky lol) highlighting our friend Peter Pellicia when he was calling himself Sire. You’ll notice that had made 3 separate comments; you’ll also notice that the number of approved comments WordPress is showing aren’t the same. Heck, they’re all drastically different.

I looked at a bunch of comments from Pete just to see if I could find a pattern. Turns out that answer is no. It’s not based on link, topic, email address, name… You can look at it yourself; there’s nothing defining what it’s looking at.

Thus, I’m forced to conclude that, even though it initially seemed cool, it’s really worthless information. There’s nothing legitimate I can do with it, and if you look at your information, at some point you might realize the same thing.

Sometimes that’s just how it goes. Some of us hold onto certain numbers as if they’re the Holy Grail while others look at those numbers and scoff. Let’s see… Klout score, page rank, Alexa rank, Compete rank, number of followers on Twitter, number of friends on Facebook… over and over we see numbers that are supposed to mean something that probably mean less than what we think. Some are good as a visceral reference (for instance, I tend to use Alexa as a broad based number to determine how well a website’s traffic might be, realizing that a site in the 100,000’s is working better than a site in the 3 millions while recognizing that a site in the 3 millions might be making more money if it’s targeted to its audience properly), but not much else.

For that matter, even the number of blog comments might not tell you what’s going on with your blog. The difference between a blog post with 300 comments and a blog post with 2 might be the popularity of the writer and not the content. If Sergey Brin writes a blog post and takes comments, how many people do you think will comment hoping that either he’ll see it and want to hire them to work for Google (ain’t happening kids lol) as opposed to commenting on this blog hoping I can help make them famous (that’s not happening either… for now…)?

Even Google Analytics, for all the press and publicity we’ve all given it, can’t really help us out. Most of the data about keywords is hidden in a collective area, so we don’t even know why or how people are finding us via search engines. Sometimes it’s hard to figure out what the data they’re giving us really means in the long run; that’s not helpful is it?

Bummer right? If there are so many reports and such that we can’t trust, what can we trust to help us figure things out?

First, you know what your engagement is like, so trust your instincts. I love using Adrienne Smith as an example of someone who truly gets the engagement piece. Her blog posts always get a lot of comments, and not nickel and dime stuff. She puts things on Facebook and Google Plus and you see a lot of people responding to it, even if it’s just questions like what color is your dog (I don’t think that’s specifically one she’s asked but… lol).

Me? Most of the things I put on Google Plus are ignored, and sometimes I wish more of the stuff I share on Facebook was. lol Still, I know where I stand and have an opportunity to figure out what I need to do to improve. I don’t need any of the rankings to tell me what’s going on; I can see which posts people are commenting on and I know which of my tweets get shared on Twitter.

If you didn’t sit back and look at the numbers, are you comfortable trusting your own instincts to know where you stand on social media? For that matter, do you trust your instincts to help you get through life? Let me know; I’m interested in this topic and hope you are also.
 

Digiprove sealCopyright secured by Digiprove © 2014-2017 Mitch Mitchell

Multiple Page Articles; Oy!

This is a minor rant, one I touched up a couple of months ago when I did a video rant; I’m including that below in case you want to see more things I griped about. lol

Idiot Box
Arti Sandhu via Compfight

About 2 years ago I wrote a long article on blogging. It was mainly for folks who were either new to blogging or had started blogging but found they were having some difficulties with it. My purpose was to write something known as a “pillar post”, where the intention is to highlight your expertise in something by putting a lot of information into one particular post. Search engines supposedly love pillar posts; I wouldn’t really know, but I was up for the challenge.

However, my post ended up being almost 5,900 words, and I thought that would be a bit much. Thus, I broke it into a 2-part series, starting with Better Blogging Part One and Better Blogging Part Deux. It seemed like a much smarter thing to do, breaking such a large post into two parts; I stand by that decision for the sake of the readers.

You know what we’re getting a lot of these days? These websites that will have something like The 20 Top Baseball Players Of All Time or 8 Actors Who Say They’ve Seen Ghosts or a host of posts like this. Sometimes it’s even stuff that’s good for you or knowledge you need, such as foods you shouldn’t eat or learning more about a pharmaceutical you might have to take.

And what to you get? You get the privilege of going through multiple pages to see them all; I mean, not even one page where you can see a list of all of them with any extra detail.

Now, if you’re going to give me 20 baseball players and you’re going to do a nice write up on each one, I could excuse you having 21 pages (the first page is the set up page). But having 21 pages with only the first page having any significant content… now I’m irked. I don’t know about everyone else but I don’t have the time to go through 21 pages for one article all the time. That mess got old really quick for me; I’m a curious kind of guy but my curiosity stops when someone is putting messy stuff in my way.

There are two reasons these sites do stuff like this.

One, because they know Google loves tons of pages, and even with the Panda and Penguin updates, and any other animals that might crop up here and there, these sites seem to be able to weather the ratings hit quite well.

Two, because of advertising. The sites rank high, which brings in lots of advertisers, and thus they can pack each page with a bunch of advertisers links and banner ads, knowing that an overwhelming majority of people are going to keep hitting those links to get to the next page.

A site that does a little something like this that I actually kind of like is called Cracked, which has very long and often quite detailed articles that they’ll break into 2 or 3 pages. In that instance you’re getting so much content that it makes a lot of sense breaking it up, and it’s quite entertaining stuff.

Some of you might be saying “hey, I never see any of those pages”… really? If you’d like to see an example go to CNN.com, click on any news story there, go to the end of the story you clicked on and look at the links to either more news stories or other goofy stuff. Ugh!

Now, it’s bad enough that websites are doing this, but now I’m seeing some blogs doing it. Most of them are blogs with lots of images, and what they’re doing is putting up a lot of pictures but making each picture a blog in and of itself, even if it’s a series concerning the same thing. These folks might write a paragraph about the picture if you’re lucky, but come on now… Sure, it’s building up your pages but it’s ridiculous to visitors and I’m doubting that all of these images are getting comments. The few I’ve seen have had very few comments; what’s the point right?

Maybe I’m being sensitive, so I thought I’d put it out as today’s question. Have you seen this phenomenon on websites and/or blogs, and if so what do you think about it? Does it irritate you or do you think it’s creative? Take your time in thinking about it while watching my rant video below lol:
 


 

Digiprove sealCopyright secured by Digiprove © 2014 Mitch Mitchell

CNET: The Site That Was Cool Isn’t Anymore For Downloads…

When I was first getting acclimated to being online a couple of decades ago, everyone used to say that the place to go for downloading things was CNet. Back in the day, even PC World used to always send you there to download many of the things they found that they thought were great free programs for all of us to use.

Malware
mdaniels7 via Compfight

Even though PC World still does this sometimes, they’re a lot less likely to do so these days, and there’s a major reason why. At least from my perspective, it seems like every file one downloads from there is loaded with bloat ware and, dare I say, a lot of malware, to the extent that if you’re not paying attention to what you’re loading onto your computer, the next thing you know you’ve added toolbars, coupon and sales software, and who knows what else.

It’s gotten so bad that I refuse to download anything else from them. Unfortunately, my friends haven’t learned their lessons yet, so who keeps getting the calls because something’s gone wonky with their systems? You guessed it; sigh. Thing is, it’s hard to tell someone not to download things from a site that’s so highly ranked and well known. What happened to CNet?

I’m not the first one to talk about this, and it’s not really all that new. Back in December 2011 the Inquirer talked about it in relation to a forum poster of some significance who was irked with the process. In Early 2013 botcrawl.com confirmed the malware coming through CNet’s new download site, correctly called Download.com (nope, not giving them a link).

What’s funny is many of their bigger accounts put out warnings to their potential customers saying that consumers need to make sure they’re clicking on the correct button when downloading products because it could lead to other problems if you’re not downloading the right thing. You think?

If you can, find another place to download your stuff, paid or free. Otherwise, unless you’re technically savvy, you’ll find yourself awash in ads and unable to get out from under it. That is, unless you have a friend like me who lives close enough to fix it for you.
 

Digiprove sealCopyright secured by Digiprove © 2014 Mitch Mitchell