I have had my second server space compromise in less than a year.  This is one of the less fun aspects of operating websites! My sites are (unfortunately) not high traffic sites, so the value to the hackers is somewhat limited.

The first break-in happened on my main hosting space right at the end of last year. A visitor informed me and I cleaned up the major portion of the damage over the next couple of days. The first action that I took was to change and strengthen the password to the account space. There were a few nooks and crannies that I missed and about six months later someone ran across one of those and reported it to the hosting company.

The hosting company locked the space and informed me. I called support and they provided me a scan of my space with a list of infected files, over 200, that I had missed when I was going through my original clean-up. Many of the files I just deleted because they were unnecessary. The remainder I cleaned up. I reported back to the hosting company and the space was promptly unlocked. In all my sites were unavailable for about two hours.

On the First of September my ISP informed me that the hosting space provided with my account had been compromised. I was not even aware that the space was still active. I seem to recall a communication from them a few months ago that unless I took specified action my space there would be terminated. I took no action and did not really care about the space.

When I checked the space all of the html files had been tampered with. I deleted all of the files and changed the password for the space. The dates on the affected files were the 29th of August. The ISP stated that they had received complaints about the space, and that is even more amazing than the break-in. I do not recall having any pointers to that space anywhere on the web. Considering the construction of what was there it is almost embarrassing that anyone had seen it at all.

I will probably put up a link directory on the space pointing to some of my real sites. Any bots that happen by would probably like that! This would provide some off site backlinks to some of my real sites, and that could not hurt. Maybe I will check some of the other free spaces that I had set up and do something similar there if they are still available. This could be the start of something big.

The hackers place infected files on the server when they gain access. Most are probably working for bot herders looking to compromise additional computers to add to their bot networks.

The take away from this is to use strong passwords everywhere. Most password protected spaces are protected for a reason. It is also important to use different passwords on your accounts. That way if a password is compromised on one space you don’t have to worry about what other spaces may be at risk.

Things have been busy on the article directory script front! I am having fun with the ArticleMS script and I got feed up with the Article Exchange madness.

I had put up two installations of the Article Exchange directory. The developer was hosting the articles on his server but I suspect that he ran into bandwidth problems as the installed base for his package grew. There were a couple of outages and updates to correct the problem. Somehow the first worked, possibly through a change in servers or hosting accounts. The recent update was a change in operating procedure. The files were shipped out to the installations.

When the script was rewritten I only installed it on one of the webspaces that I was using. I was not happy that while I had three spaces to display ads the promoter of the script had 20 or more of his affiliate links on each page. Then the full impact dawned on me. The articles are stored in flat files instead of a database. This makes the installation very easy as no one has to set up a database to which the script can connect.

The down side is that each article adds at least one file to the count on your server. With a CMS and database solution very few additional files are stored on the server. My hosting service is not concerned about file size, but they are concerned about the number of files in an account. They complain that too many files can slow down the server. This article directory script was about to cross the twenty thousand file threshold. Had I set up both installations that would have meant nearly forty thousand files and growing.

I had begun to work with the ArticleMS script and liked the results. I decided that the Article Exchange script had too many negatives so I choose to delete my remaining installation. It took the server several minutes to delete all of those files. I wish that I had put a clock on it, but I played a couple of games of solitaire while I was waiting for the job to finish. I have added a few more instances of the ArticleMS script and still expect my file count to be down by over nineteen thousand when the new numbers come out on Sunday.

I am finding the ArticleMS script to be reasonably easy to work with. My WordPress experience probably helps to some extent, but there are some major differences as well. The admin panel is much more basic than in WordPress, but I have found most of what I need. I have adapted the script to several purposes.

I am using it as wiki software on one site. It has a ‘trusted author’ setting in the privileges section that allows for editing other’s articles. Using that setting can make this very similar to wiki software. Since it has a file uploader I have set it up as a photo sharing section on a couple of sites. I can match the look and feel of my static pages and WordPress blogs to a great extent and can add cross linking between the sections of the sites. I am also using the built in RSS feed to place summaries of the recent articles on the home page of a couple of sites.

All in all this script is a nice addition to the tool chest.

I have been working with the ArticleMS article directory script. I have installed it on several sites to date. I decided to adapt it for use on my Mixer in a Box site so that I could invite user reports. The script will work well for this application as it is designed as a browser based text input application.

I have a very specific design for the Mixer in a Box site. I use an adaptation of an image of a SAC channel strip as the base image for the header. I have the site name in the label area of the channel strip. I wanted to maintain the look and feel of the site with the user report pages. This required rebuilding the header section of the template.

I started experimenting with moving various elements within the given framework on my test installation and have re-arranged the various elements on all of the installs to more closely resemble the other sections of those sites. The Mixer in a Box site required a rebuild rather than a simple re-arrangement.

The original header is table based and has two rows of two cells. I replaced the first row with a div. I could also replace the second row with another div and I suspect the second table that is used for the main section of the page could also be easily replaced with a div. That would just require a bit more fussing with the controlling css file. This has been a good little exercise and the result seems very good. As I write this the page is not yet linked from the site as I have some pages to complete before I am ready but if you want to check it out you can find it at:  Mixer in a Box/SAC User Reports

The script comes with the title in the upper left cell, the quick links in the upper right, a welcome (name) in the lower left and a site search box in the lower right cell. I have juggled these elements in all the locations that I have used the script. Basically, if you think of the quick links, welcome, and search as a triangle I have rotated everything one step counter-clockwise.

For this site I left the quick links and welcome sign in the second row position to which I have moved them on the other pages, but I did not want the site search in the header section. I moved it down to the main section above the content box on the right side. I have also been adding a Google translate widget to my sites that attract international visitors, so I put this on the left above the nav column as I have done on the main site. This gives the page a nice balance.

I have begun using channels with AdSense to better understand the relationships between ad position and clicks. There has been another instructive piece of information that I have learned from the exercise.

I had noticed before that Google bypassed a splash page when sending visitors to a two page site. The splash page is the site index page and the single interior page has the information about the subject of the site. I had not considered the implication, nor was the data really available from those sites.

The ad testing format that I have used effectively differentiates between visitors to the home page and to interior pages of the sites or post pages in the blogs. I have just begun incorporating the channel specific ads on a few sites. The early data shows that search visitors are sent directly to an interior page with the requested information. This should be no surprise, but I had not really thought about it.

On one site, with only a couple of days worth of data, most visitors are directed to the home page. This particular site does have an information rich home page, and the referrers other than search all point to the home page. This site is probably my strongest as far as referrer traffic vs search, and the people that find it probably don’t yet know of the terms that would most likely direct them to interior pages.

The sites with the most significant search traffic show most traffic landing on an interior page. These are the result of long tail searches and offer specific information relative to the search terms.

These are early results, and the volume of data is not really large enough to call them trends, but I will be surprised if more data changes the picture. Traffic to the interior pages will be counted as traffic to the site for page rank purposes, so the value to having good quality interior pages is clear. The fact that I use the most effective ad position on the interior pages is a bonus. I will not use that ad position on a home page under normal circumstances because of design considerations, but people are being sent to the interior pages so the ads are being seen.

While I am proceeding with the update to The Closet, I have other sites that demand a bit of attention. It is probably not set in stone, but I redesigned the info page format for the More Info pages of the Closet. I will be continuing my efforts with The Closet, but I can’t neglect some tweaks and updates to my sites that are now producing traffic.

My Viral Email Archive site is my highest traffic site at the moment. I need to keep adding content there to maintain its position. There are some other tweaks that I want to try to make the site more productive as well.

My Mixing Live Sound site probably has the greatest potential of my current crop of sites and does see a reasonable amount of traffic. I have several original articles as well as several reprint articles on this site. There are some minor layout tweaks to do and I need to add a good bit more content. I have a list of search terms that I have been saving from the daily analytics. I may also check in with WebMaster Tools to find the best order in which to provide additional content. This site is consistently my second highest traffic site and my site with the highest quality traffic.

There is a good deal of interest in my Mixer in a Box site as well. This is my site introducing the SoftWare Audio Console live mixing environment that I have been using for the last year and a half. I have several pages of content planned for the site. I also want to do some layout tweaks to this site. I had a little bump of traffic from Indonesia due to a mention on a local forum there. I get steady international traffic to this site as there is a good deal of interest in mixing live sound on a computer.

As I go through my analytics information I often have ideas of things that may work for the various sites. I mark these down in my ‘ideas’ list. I have a lot that can be done if I will only take the time to follow through on the ideas. Many of the ideas are brought to light by my current understanding of web design and web development. I do continue to read on the subjects. The trick is to balance the reading time with the doing time. One needs the knowledge to become more effective, but the new knowledge also needs to be put into practice for it to be of benefit.

I recently posted about a major site update that I plan. MeanWhile – back at the ranch – some distractions have appeared. There is the mater of new content for a few sites.

The Web PickUps site runs on having some fresh content and it is becoming my best site, so I need to keep it updated. But the major setback to the plan has been the Mixer in a Box site.

There has been an update release of the SAC software that is the focus of the site. The update (SAC Version 2.6) contains several new features. I felt that there should be a page or two discussing the new features. When I went to the site folder to make the new pages I saw that there were several planned pages that I had never completed. Traffic has been building to this site, so I decided that I should take care of some unfinished business there before I start on the major update.

The major site update has been delayed for a few days because of this. This will be a big project because there is so far to go with the site. I had little idea about how to go about this at the time that I bought the domain name. I have put some time into reading available materials and have some idea of the route that I intend to take.

There is a trickle of traffic now, but it needs to be a river. I will see if I can apply some of my recently acquired knowledge to improve things. A stream would be better than a trickle and streams usually find their way to a river, so we will be shooting for a stream of traffic first. Then we will hope for rain to grow the stream into a river.

I will keep you posted!

I am an assistant admin on one forum and admin on a forum on one of my sites. Some time back I was directed to the Stop Forum Spam Service as an aid in checking registrants to the forums. I have found it to be an invaluable tool in weeding out spammers before they have opportunity to leave their graffiti on these forums.

I have made some observations about the use of the tool and about forum spammers in general that I will share with you. The service maintains a database including IP addresses, email addresses, and user names of people (or bots) that have been reported to the service by forum admin teams. This list is quite useful in identifying at least the more prolific forum spammers.

Some Thoughts about Forum Spammers

In my experience forum spammers are mostly creatures of  habit. Probably part of this is due to being in a hurry to sign up for membership in as many forums as possible. They tend to reuse the user names and email addresses. They do not have control of the IP addresses. Some are on dynamic addresses that change frequently within a block of addresses but many are on high speed connections that tend to change less frequently. In the past many used Yahoo or Hotmail email addresses, but the current most common email service is Gmail. (I don’t believe that new Hotmail addresses are being issued.)

Telling the Good Guys from the Bad Guys

Aside from using the service there are some clues that raise red flags for me when I am going through new applications. If the country listed is different than the country from which the applicant registered I have to wonder if they are being honest or sneaky. Some registrants living in other countries will list their home country, so this is  not a firm clue, but it does raise a red flag.

Usually if the email address contains a sensible name, particularly if the email address and the user name show some relationship, you have a good candidate. The major ISPs do a fairly good job of policing spammers, so if the email is from a major ISP and the IP address agrees you probably have a good guy.

I try to always check the IP address to confirm location. PhpBB contains a database of IP addresses and in most cases some information can be found by clicking on the IP address in the admin panel. In cases where the database has no information I usually turn to DNSstuff.com or GeekTools for whois lookup. There are many whois tools available and any will do the job. This is useful in determining if they registered from their claimed country of origin and sometimes will indicate their ISP as well.

The bad guys often use a throw away email address. There will often be no visible or sensible connection between the email address and user name. This lack of connection is much more prevalent among the bad guys, but is only an indicator that the applicant should be checked a bit more closely.

Observations on the Tool

The IP address search is straight forward, but you must keep in mind that many IP addresses are dynamically assigned, so a good registration could come from an IP address that had previously been assigned to a spammer. If there is a return on the IP address I look over the results to see if the same user name or email address has been used. If the registrants claimed national origin does not agree with the location of the IP address this is a further red flag.

The user name and email searches are simple string searched. They will find and return a sequence of characters in both email adresses and user names. If there is a common series of characters in the email address and user name only one search will locate all instances of that string in the database. Knowing this allows you to make one search instead of two in some instances.

Because it is a simple string search short or common strings are likely to produce many hits from the database. I like to see longer user names or a mixture of letters and numbers because these will produce fewer false positives. If I do get a list of returns from the database I first look to the flags in the right column to find returns from the same country. These lists can be up to 500 lines, so manually checking each return could be time consuming. I also give more weight to the top of the list as these will be the most recent reports.

Other Hints

I look at the email addresses. If the email address is not from one of the webmail providers or from a major ISP I often copy just the part to the right of the @ symbol and use that in the search box. I then open a new tab and paste the address in the address bar to check on the site. Sometimes I will end up at a regional ISP’s home page and sometimes I will find a website. In either case I will have a bit more information about my applicant.

There are a couple of types of forum spammers. Some are sellers of link building services. Some are users that are attempting Internet Marketing. The second group has seen that forums are a good place to plant links but have not paid close attention to the advice. In nearly all cases that I have come across where forum posting is recommended the advice has also included that you need to take part in the conversation on the forum and not merely produce a spam post to get your link seen.

Keeping your forum free of spam posts is a service to your forum users. The Stop Forum Spam Service is a great aid to identifying known forum spammers and preventing them from desecrating your forum. It is free to use and will save you time in checking registrants if you wish to run a clean ship.

This evening I deleted my Squidoo account. I had three active lenses and one for which I had requested review. This will be my Squidoo rant post.

I had recently tried to add a fourth lens on WordPress Posting Tips. When I hit the publish button there was a message that the lens was considered a spam lens and referred to several pages including the Squidoo Terms of Service. I spent a good deal of time reading the linked pages and could not see anything that applied to my new lens. I had linked to one of my sites in the introduction as credit for the image that I had used. I thought maybe the link in the introduction was a problem, so after removing the link I hit the button again and got the same message. I then submitted the lens for review since I saw nothing in any of the links that seemed to apply. Later I remembered that I had used a screen shot that I had on file from another lens and thought maybe that was the reason. I will probably never know.

The straw that broke the camel’s back was finding an email stating that my most popular lens had been locked as spam and referring to the same pages that I had poured over recently. I could see no reason listed for the old lens just as for the new one. My lenses had earned 38 cents to date, so they were not of critical importance to me. That money will now go to a charity of Squidoo’s choice.

When a lens is submitted for review they state that the review may take up to 30 days. It would probably be less if they did not have so many false positives from their software. In all fairness, perhaps there was something with the parallel lenses that flagged them as spam. It would be nice if the pages to which they referred me would have held some mention of anything related to the lenses.

Squidoo was never very important to me. I had hoped to drive some traffic to some of my other sites with the lenses, but traffic was never significant to any of the lenses. The one article that I have up on Buzzle.com has produced much more traffic than the lens on the same subject. I decided to delete the account. I logged in and deleted the four lenses and then looked for a way to delete the account. I could not find a likely prospect, even when looking right at it.

I then signed in to the forum. I looked for the best category in which to ask the question, but decided that I should do a search because I was fairly sure that others had wanted to delete their accounts. I looked for the typical search box and there was none anywhere to be seen. I then opened a help category thinking that I would have to post the question since I saw no search box. One of the stickies was about searching before posting. They came off of the information that the search feature could be found by clicking on a menu tab that was handily named SEARCH. Why they choose to hide the function and then complain that people don’t use it is beyond me.

It was on my third try with the keyword search that I finally hit pay dirt. There were concise instructions on how to delete the account, if you could find them. I followed the instructions and am no longer a published Squidoo author.

If you are considering signing up for Squidoo you may guess that my advice would be ‘don’t waste your time’. The idea was nice and the platform was hot for a while. I think that it is past its prime by now. As far as I can see, Squidoo is a social club. If you want to be part of the club, and deal with the unstated rules, Squidoo may be for you. I believe that it is not for me.

I have a humor website, Web Pickups, that I post to on a regular basis. Recent posts draw in the auto commenting software. Not to say that the software doesn’t find older posts to bother, just that the newer posts are at the top of the list.

Some times I think that I should post these comments on the blog for the comedy value. I doubt that my real visitors would get the joke. Many of these auto comments are so far off topic that they have some comedy value. Like comments about the wonderful article and the great writing style on a post that only contains a picture.

Many people that use this auto commenting software do not learn how to use it or set it up. They also are not aware enough of keywords to target the comments properly. I occasionally run across a blog that does not hold comments for approval, but most blog owners that care leave at least the default process in place.

The default handling for comments, and the options, are under the discussion link in the settings panel of the admin area. The default is to hold a comment unless the commenter has a couple of comments that have been approved. Another default setting is to hold comments with more than two links in the post body. My comment policy states no links in the post body, and I enforce that most of the time. Of course, auto commenting software doesn’t read the comment policy anyway.

Going through the Web Pickups Blog comments is almost refreshing at times. I have allowed a few of these comments when they are well targeted. I did that more before I had much experience and realized that most of these comments are not written directly by a real person. The blogosphere would be a better place without auto commenting software just as the email inbox would be a better place without email spam.

I submitted my latest article last evening. The email confirming the receipt of the article was time stamped at 10:28 PM last evening. I have just received the article approval email time stamped at 8:17 PM this evening. That is less than 22 hours from submission to live article.

This is great service. Ezine went on an editor hiring and training binge either late last year or early this year. Articles often took most of a week to process through the system. Having an article live in less than a day is great stuff. Each article is checked by at least two editors, and must pass muster.

The article is about viral emails in support of my Web Pickups site. You can find the article here:  http://ezinearticles.com/?The-Humorous-Or-Sexy-Viral-Email—An-Internet-Tradition&id=4532436