Clearing a site of malware

In case your site got hacked and some malware code, virus, trojan or downloader, was inserted in your site here is a step by step tutorial on how you can clear it. First you need to identify the code that was inserted by the hacker. There are many things a hacker can and will add to your pages but most of the times you can easily spot them as they have nothing to do with your site and you know you did not add them there. Some of the most common malware codes are inserted between tags. Others are using PHP functions to generate to code itself and you can spot these by the very long rows of characters with no spaces in them. Others might have links to other sites from which they get the actual codes. These codes are added mostly to the top or bottom of your file and sometimes the hacker is deleting parts of your file to render it useless. Here is the guide how to get your site cleared of these codes: Change the password to your site to something harder to break. Using lower case and upper case letters, numbers and special characters might help in keeping hackers off your site. Also remember not to give your password to anybody you don’t fully trust. Log in to the FTP of your site and first check your index file, this is the first one hackers edit. Search for the malware code and if found remove it. Before saving you can check the date of the file as most probably other files with the same date will be hacked. Go into every folder you have on your site and check each file, specially if the date of the file matches the date of your hacked index file. Remember to check every file, it is not just the .html, .htm or .php files that are modified by hackers, java files can also contain malware codes. If your site was noticed as a malware site and it is blocked you will need to request a review from the Google Webmaster Tools. If you have not yet added your site to the webmaster tools you need to add it and request a review, but only after the site has been completely cleared of the malicious code. Google will check your site and if it is really cleared they will remove the blocking In order to keep your site safe you need to remember the following: Make your password secure. Use lower and uppercase letters, numbers and special characters Don’t give your password to anybody Don’t access your sites administration areas from unsecure locations, specially not using other computers than yours Use the security given by the server where you host your site. Make sure that the file permissions are correct. Don’t use the 777 permissions for files that are not specified that need that permission Choose your hosting well. A lot can depend on the security features the hosting company employs on their server. Check your site often to make sure that you can find out if your site was hacked as soon as possible Last and most important: Keep regular backups of your website. Some hosting companies make regular backups that can save you from a lot of work. The backups combined with the regular checking of your site will ensure that any hacking can be fixed in the shortest time with the least amount of work.

Organic search results from Bing, now on Yahoo !

Before the search engines’ merger which will take place in August this year, Yahoo started to test Bing powered organic results. They confirmed this testing by sending emails to all their advertisers in which Yahoo states clearly that tests are being done at these moments.

The email sent to advertisers say that these tests are made for ensuring a quality transition and for all the complex pieces that will combine to do it right. Even though Yahoo said there is nothing much to do as a preparation for these tests, they will test both organic and paid results from Bing, however the paid results will be kept at lower level not to impact on advertisers’ accounts.

The email also states clear that if the tests appear to deliver high quality results, in August/September Yahoo’s organic search results will be powered by Bing. After this transition, the single difference between the « before » and « after » search results will be that organic results will be served by Microsoft’s search engine Bing and no longer by Yahoo, but with the same design and interface Yahoo is using now.

These testings should determine website owners to keep an eye on organic traffic from Yahoo and Bing and to check if there are any fluctuations, differences between last months and July onwards and even consider changing search engine optimisation strategy if let’s say traffic takes a hit from theses tests.

Thomson Local – Express Way into Google Local Search & Invitation to Cold Calling

Thomson Local & Google Local Search

If your product or services is targeted at a particular locality, having it appear in Google local business result listing is very important to driving high quality targeted organic traffic to your site. Aside from the usual algorithm Google uses to rank what site is it displays before which, it displays about 6-7 local businesses right at the top of search engine result page, giving such businesses and significant exposure.
There are a number of ways to get your business listed in Google Local Business Result, one is to submit your site to Google places, a second one which most SEO seem to argue gives you better ranking in Google Local Business Result is to have you business listed on Thomson Local. This way is not unlike the way Google populates its own directory by importing DMOZ directory.

Google partnership with Thomson Local is an excellent way of verifying business’s locality and Thomson Local, a traditional business directory which is not particularly a highly sought after directory to have business listed in suddenly became “sexy” due to the fact that it is now a back door into Google Local listing.

For the aforementioned reason, this author bough several local Thomson Local directory listing to get some of his client’s site ranked better in their Locally Business Listing. No sooner did the listing appear in Thomson Local did the cold calling starts from various sources from Thomson competitor trying to persuade you to list on their directory also to energy companies wanting you to switch to them, this bring home some of the reasons many Internet business tends to avoid having their business listed in traditional print based directory.

Thomson Local may get your into Google Local Business Listing but it brings you a considerable number of unwanted calls as well.

Essential Tweak for Turning Default WordPress Install to a Website or a Blog

Customise Default WordPress Install

WordPress is probably the most popular self hosted blog software online today (hosted version is also very popular). You can easily turn any web hosting space with MySQL and PHP to a fully functional website within a few minutes with the help of WordPress. Setting up a website or a blog this way can save you hundreds of pounds off the cost of having a website created for you by a web designer.
Many webmaster have created websites exactly the way I described above, one thing that put most visitors to such site off are lazy webmasters who do not bother to customise WordPress after install or take the time to tweak and fine tune it.  The list below show some of the items that can be quickly tweak or customise to turn a default WordPress install to a good looking, SEO optimised and customised website or blog.

1. Change the default skin – This is a must, there are hundreds of free and premium wordpress skins ou there, there is not excuse for keeping the default WordPress skin after install.
2. Remove the default about us page – It is amazing the number of webmasters who cannot even bother to add their own contents on the default “About” page on wordpress. Even if you do not want to write and about us page, delete the default WordPress about text.
3. In the tagline, change “This is just another wordpress to something relating to your contents.
4. Remove all the links on the blogroll and replace it with links you like or no link at all.
5. Set the time zone to your location
6. To make it more search engine friendly, change the permalink.

Protect your servers from unauthorized access

When it comes to online security and keeping privacy protection in standard limits, you can never be too safe, that is a true fact. Unauthorized persons breaking accounts and discovering FTP servers could cost a business not only loads of money, but also some unwanted bad publicity. No matter how many characters a password contains or how weird and « unbreakable » looks, it can be discovered with easiness if it is not highly protected.

Sending passwords from one team member to another to unprotected and unsecured connection is all that a hacker waits. From that point, he can use these private details to add javascript redirects, use customers’ accounts for spamming and so on. Here are some great tips to avoid unauthorized persons’ access on your accounts :

1. Do not use FTP, but only FTPS network protocols. Mail all your customers a tutorial/guide about how to use FTPS. In addition, a good free client that can be used is to be found here :  http://winscp.net/eng/index.php
2. Never send account details on clean, not encrypted mails. In order to solve this issue, use easy PGP for important mails encryption.
3. Never connect to a cpanel account without SSL.
4. Never save your password in a FTP or even FTPS client that saves the password in a plain file, such as Total Commander. This is an often mistake that hackers take advantage of.
5. Last, but not least, change the passwords to all servers with regularity and also keep its complex and hard to being discovered.

Are all these five tips an assurance that accounts will never be hacked again and sensible information will not leak ? Sure not, but these are some great ways to keep the odds of unauthorized access lower and deliver a better protection for customers’ privacy information.

Next Page »