Your Website is Under Constant Attack

For those with a website, it can be an interesting and sometimes amusing experience to see what people have typed into search engines to get to your site.

Some of the things are so wide of the mark you wonder how you have appeared in a search for that term

Of my current search terms the most offbeat are:

“web designers for trade me” – would be nice, but it’s not me ūüôĀ
“is it illegal to stream tv shows online” – sure is, thanks for asking
“the sharp edge of the wedge” – ummm

Even so, I can guess at what content I have written that may tie in with these

This one I’m not so sure

“nude girls database”

One other area that is interesting is the 404 Errors. These are when someone has tried to access some page or file on your website, but it was not available. (This is a good thing to check over time as it can identify issues on your site)

Apart from old links that have not been redirected, you can find evidence of probes into your website, looking for vulnerabilities, here is a selection of what has appeared on mine:

/phpMyAdmin/scripts/setup.php
/serv/whmcs.sql
/scripts/+1l.3r(
//phpMyAdmin-2.6.2-rc1/scripts/setup.php
//PMA2005/scripts/setup.php

Someone obviously thinks they can get into PHPmyadmin via a vulnerability with an undeleted setup script.

Curiously, they have tried every possible variation of naming convention to brute force their way in.

The same goes with other know scripts like OSCommerce, Joomla etc where known vulnerabilities are tried.

The moral of the story, keep your web based scripts up to date with the latest security releases.

Tips for Choosing a Content Management System (CMS)

I frequently get asked by my clients (and prospective ones) about wanting to update their website.

I had a rant about this a while back, where a journalist accused web designers of ripping their clients off if they didn’t provide the ability to update the site themselves.

I stand by my comments that for some clients, a content management system is not wanted, nor is it in the best interests of that client.

However, for those that do want to update their site, we need to provide a solution that is both easy to use and delivers the complexity required for their needs.

These two facets, ease of use and complexity can be seen to be at loggerheads with each other, and in some circumstances that can be the case. But I will propose two solutions that cater for both ends of the spectrum.

In the past, due to the lack of affordable and easy to use CMS’ we have provided Adobe Contribute (Formerly Macromedia) as a way to allow our clients to edit their sites.

The reason for choosing Contribute was it’s simplicity. In tandem with Dreamweaver (which we use to develop with) it allows for areas of the site, such as menus, header, footer and overall structure, to be protected from the end user.

This allows for editing to be done, knowing that catastropic mistakes can’t be made.

The interface is simple and allows for most functions to be performed including editing of text, images, links and if allowed HTML snippets for things like Youtube videos or Paypal buttons.

The biggest downside is that it costs around $400 NZD for a retail copy. This is also a per license price, so if you want to edit from multiple places, you need additional licenses.

For the schools that we have done sites for this was an issue. Some paid for additonal license to get the software into key locations, but for others it was restricted to the office.

This is where web based content management systems have a significant edge.

Especially open source software, that is free from licensing costs, makes this a much easier proposition.

We currently propose two different CMS’ for our clients depending on their needs:

WordPress – The easiest to use, easiest to modify, my choice for brochure style sites.

Joomla – More complex, but manages user management much better

Overall I like WordPress better. Around a year ago, WordPress became a system that you could leave with a user and they would be able to manage their site with little input from their designer. Before that, upgrade and installation required a level of tech knowledge that was no suitable for all users.

That and the well presented plugins system, mean that a user can improve their site and feel in control of their site, without a reliance on an IT person.

There are plenty of complex sites designed with WordPress as their base system, but there are some things that Joomla does much better straight out of the box.

Joomla seems to be able to manage a multitude of types of data much easily. Especially when their are user logins involved.

Extensions like Community Builder allow for a mature user system to be maintained on a site. Plus add-ons for payment and subscriptions mean you can monetize your user base easily.

So depending on the functionality you are wanting for your site, you can find a system that will make the development of a website easier to develop and easier to use.

There are plenty of other systems out there, I have heard good things about Drupal (though I found it less rich than Joomla, it’s direct competitor) and have seen some great implementations of Expression Engine (a paid CMS, so check out prices)

But for my money, choose WordPress for a simple business website, or Joomla if you need to manage a community of users.

 

Integrating with Facebook

I am working on a project that has now required for integration with Facebook.

So I will be working to utilise Facebook logins and registrations on the external site.

I’ll post information that may be useful through the project as I expect over time, that this kind of interaction will become more common.

My early look at the Developer Documentation looks good, seems to be well documented, plus all source code is found at GitHub.

The basics seem easy enough, not even reuqiring an API key to use like buttons via iframes.

eg:

<iframe src="https://www.facebook.com/plugins/ 
like.php?href=YOUR_URL"
scrolling="no" frameborder="0"
style="border:none; width:450px; height:80px">
<iframe>

But things are not that simple, so I am off to read up on OAuth and the like.

twit live tv

Streaming Tech TV – Great Stuff

twit live tvMy latest must see is TWiT. It is a streaming online Tech tv service that has shows screened throughout the day and then replayed around the live broadcast times.

For the broadcasts I have seen, they are, for the most part, well presented and produced pieces. With a variety of themes around technology there is a good range to keep techheads up to date with whats happening.

For me the ones I return to are TNT with Tom Merritt, All about Android and The Week in Google

All have one or more main presenters usually with guests beamed in to the show by video.

There seems to be good banter between the hosts and guests which makes for a much more watchable experience.

Go and have a look for yourself.