Author: Nancy McCord

Posted on

Solving a Blog Hack Problem

Even the very best website and most vigilant webmaster can have their blog hacked. It just happens. Typically the higher you are in the organic search results the more attempts will be made to hack your blog.

Why does someone want to hack your site?

It is typically for these reasons:

  1. Parlay on your high placement and traffic to bleed off your search engine capital to a black hat optimizers list of sites that need “SEO Juice”.
  2. Parlay on your website placement and traffic to spew malware to your site visitors to turn visitors’ computers into spam bots.
  3. Use your unprotected site as a launch pad for black hat optimization doorway pages.

There is simply nothing personal about the situation, it is simply a crime of convenience. If you are not secure, you are a target. In some cases the security problem may be on your web host’s side, but in other cases the issue is on your website’s side.

I have successfully used several WordPress plug-ins on a number of client sites to lock out the bad guys, even ones who some how seem to keep getting in. Here are three of the plug-ins that I really like to use that help to beef up your security after you have thoroughly cleaned your blog and website from a hack attack.

WP File Monitor Plus
If you are repeatedly being hacked with this plug-in, you will instantly know which core files need to be replaced. The application can email or send you a text message.

Login Lockdown
Limit attempted intrusions by locking out bots and spiders who are testing your admin and trying to crack your password. You choose what settings to lock them out with. Your MySQL database will keep a list of attempts and lockouts so you can see the date of intrusion attempts.

WP Admin Renamer Extended
I love this one. First create a new admin file with a super secure name and password. Then rename your existing admin using this plug-in. But don’t stop there. Go back in and set your old admin user as a subscriber only; effectively locking out the bad guys that even if they can get back in they can’t make any changes.

These are great starts, but be aware that if a hacker really, really wants to get in they can be extremely difficult to keep out. My motto is make it very hard for them to get in and time consuming that they simply want to move elsewhere to do their dirty work.

Posted on

Testing, Testing, Spam Relay Open?

If you get funny submissions from your website contact form you may have wondered, “what’s going on?” Here is a sample of the type of form submission that you may be getting:

firstName2: atfkbja
lastName2: atfkbja
Street: uwTnCHgFWbtDZEameGH
City: New York
State: —
Zip: 101rand[0,
BusinessPhone1: KGR
BusinessPhone2: WoM
BusinessPhone3: mcdX
BusinessPhone4: ImTIDlComments: yggULo
<a href=”http://ncrunlbfzqmn.com/“>ncrunlbfzqmn</a>,
[url=http://acppnvcxefkp.com/]acppnvcxefkp[/url],
[link=http://sukuwtwotdmm.com/]sukuwtwotdmm[/link], http://equynulmfvaa.com/

Even if you have a Catchpa or human verification code employed on your form, you may still get submissions like this. These robots are not actually completing your form, but rather spidering the form and then going right to your cgi-bin and acting on your form script. They are looking for a vulnerability to see if your server can be used as a spam relay. If you get forms like this, don’t be alarmed, as if you are working with a quality web host, your form script and send mail server are most likely secure, but not always.

Spammers once they find a website script with a vulnerability will use your band width on your hosting site to spew out their spam messages with your email and your website as the sender. One way to identify if your site is being used as a spam relay is that you may be getting hundreds of bounced messages back to your own email inbox with your own name on them.

As bounced messages do not always mean that your server is a spam relay, it is important to get with your web host and check first. It could be that your domain name is being spoofed but that your server is hacker and spam free. In other cases your server could be sending out thousands of spam messages with your name attached; potentially getting your domain name and server IP address blacklisted.

If you feel that you are getting an inordinate number of these types of forms, now is the time to get with your web host and ask them to check to make sure your server has not been compromised and is now acting as a spam relay without delay. It is not uncommon to get three or four of these types of forms a day, but if you are getting lots you should dig deeper by sending some samples to your web host and asking them to check your server.

Posted on

Google Boost Looks a Lot Like Yahoo Local

Google Boost Ad Image

If you’ve been around for a while you will know what I mean when I refer to the now defunct Yahoo Local, but Google Boost sure looks a lot like it!

That being said, I am really watching Google Boost carefully. Google Boost a new monetization tactic being used for Google Places aka Google Maps and is currently being tested in Chicago, San Francisco, and Houston. If you use it, you set up your account, add your credit card and select one of three click levels for a month. Google does the rest. It creates pay per click ads, keywords, manages your cost per click. All you do is pay.

And pay you will, with a totally automated ad serving and automated click costs don’t expect Google Boost to be saving you any money. In the Yahoo Local model, you selected how many clicks you wanted to get each month and Yahoo delivered. You even tied up the top spots in organic-looking placement on the Yahoo Local search engine. So far in the beta testing the Google Boost ads are differentiated only with a blue map icon. They look similar to an organic listing.

Additionally, Google Boost ads will appear on Google Places, Google Maps searches and even on Google.com. My feeling is that this will never replace Google AdWords, but that Google is looking to sop up the market when it comes to Mom and Pop shops with low budgets that don’t want to get into AdWords or users who think AdWords is so complicated. Google Boost is a step below even the Google Starter Edition.

But Google will make tons of money off of this new vehicle and this is why I am really watching Google Boost. You should be too!

Posted on

Our November e-Newsletter is Posted

We’ve published our November e-newsletter and wanted to share it with you. Topics in this month’s issue are:

Preview of Facebook Business Pages Demystified for Business Owners

I have been working hard on a new white paper that helps business owners understand how to get the most from Facebook Business Pages. My new easy to understand guide titled “Facebook Business Pages Demystified for Business Owners” is previewed in advance of syndicated release to you, our newsletter subscriber. The paper won’t be syndicated until later this week. Read more…

Yahoo as We Know It Was Retired in October

If you go to Yahoo.com there is still a search engine there, so what do I mean when I say that in October Yahoo was retired? Although there is a “Yahoo” still there, the search results and sponsored ads supplied are all being delivered by Bing.com and Microsoft adCenter. The final change over took place at the end of October.

This means that there is no longer a Yahoo algorithm that drives search results – it is a Bing algorithm. There is no longer a Yahoo advertising control panel – now you use the Microsoft adCenter control panel to place, bid, and change ads that appear on both Yahoo.com and Bing.com. It also means that Google finally gets some real competition when it comes to advertising and that is good news for you! Read more…

Inflating Your Daily Budget to Force Clicks on AdWords Can Get You In Trouble

You may say this never happens, but as I review all AdWords accounts that are running when a new prospect comes to me looking for a new account manager, this happens fairly frequently. Personally, I do not recommend this action.

What I am speaking of is when an AdWords account is in trouble and an account manager cannot get clicks for the client. The account manager sometimes gets desperate and tries to force clicks. Here is the common scenario. The actual client wants to spend $1,000 in clicks a month. They typically will be in a business that has a high click cost auction. The acting account manager has decided not to set the cost per click in the account to a level that Google will consider the account in the AdWords auction and so as a result AdWords serves the ads infrequently. The client may be then spending only $200 or so of a $1,000 click budget. Read more…