Keep Spamming

I was fortunate enough to be at a recent SEO meeting, we had a few people travel some distance to get to us. The Vikings from Copenhagen, Ralph from Malta and Irish Wonder from the Ukraine as well as some of the old UK faces.

It was a great meet up as usual, eating lots and drinking late into the night, not as late as it used to be, but we are all older now.

I decided to load it up again, it disappeared some time ago.

Check it out >> Keyword Density Analyser

Let me know what you think.

This was a old tool developed by a friend, BOL.

Well almost.

If like me and you have ever been a muppet and not updated loads of DNS’s and a server has moved then you need to quickly update a shed load load of IP’s on the woefully slow 123-reg then I have found a reasonable solution.

Once you have logged into the control panel of 123 reg and gone into the first domain you wish to change you will see the URL as something like:

https://www.123-reg.co.uk/secure/r.pl?d=secure_dns&domain=somedomain.co.uk

Well, instead of clicking back and forwards and using the drop down simply edit  the URL:

https://www.123-reg.co.uk/secure/r.pl?d=secure_dns&domain=someotherdomain.co.uk

Then just paste the new IP, wait for update then, edit the URL, much quicker.

I am sure this could be done with a script also, but alas this was the quickest way I could do it. I dont thinnk this would be as efficient with locked domains either.

PS I did try entering other peoples domains :-).  They have that one covered hehe

 

 

Whilst this might be like sticking my head above the parapet and asking for trouble there are some simple steps that you can take to make it harder for your WordPress installation to get hacked.

1. Lock down your wp-admin folder with htaccess
Create a new httaccess file in the /wp-admin/ folder and add the following lines

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
#My IP
allow from xx.xxx.xxx.xxx
#Any Other IPs where I might need to get access from
allow from xx.xxx.xxx.xxx

2. Move the wp-config.php file up one directory
This makes it a little harder to get to, if you move it up high enough, impossible without FTP access. WordPress looks higher in the directory tree, so panic not.

3. Create Secret Tags from the API
Within the wp-config file add the secret tags from the wordpress API:

https://api.wordpress.org/secret-key/1.1/salt/

4. Create a new admin user with and unusual name and create a normal posting user (Editor)
When you delete the old admin user it will ask to assign the posts the new user, so again don’t panic that you will lose the posts. These wordpress folks are quite clever.

5. Set up robots.txt For /wp-*
Actually create a robots.txt file if you don’t have on and add the following lines to stop search engines indexing your pages, making a little harder for people to find your install files.

User-agent: *
Disallow: /wp-*

6. Set up Askimet
This stops automated submissions from comment spammers, well not all of them, but quite a few. You will need an API key though.

If like me you hate queues and have zero patience and you want to avoid standing around like a muppet as the local council have not employed enough people then register for a postal vote.

You don’t actually have to post it, but it does allow you to walk to the front of the queue and not register 🙂

Came by thise recently from a good mate PaulH

http://www.google.com/search?hl=en&q=t3fr0gs

Just in case it disappears as I am sure it will sreenshot below:

It is with regret that I have had to remove a post that I made about First Search Consultancy who cold called me and I wrote about what was said to me, quite a bit of which was incorrect and false. If you have been redirected here from an old link that post is now gone.

There were 117 comments made from lots of different people that First Search Consultancy did not like as many were unfavourable.

First Search Consultancy had their legal representatives contact my host and as such the posts and comments have been removed.

There are other locations where reviews can be seen of First Search Consultancy who still have content up so get searching if you want to find out more.

If I had the time and inclination I would fight the problem, but for now I simply have other stuff to do that is more important.

cheers

ukgimp

Added // I have had to close comments on this one also as several comments, the type FSC don’t seem to like have been added. Sorry.

I find myself get lots of what can only be described as asshole SEO’s who are basically preying on the the uneducated. A lot of them come from webforms also.

Here is one of many examples:

Name: BeckyJack
Country:USA
becky2622@gmail.com
Message:We would like to get your website on first page of Google.All of our processes use the most ethical “white hat” Search Engine Optimization techniques that will not get your website banned or penalized.Please reply and I would be happy to send you a proposal.In order for us to respond to your request for information, please include your company’s website address (mandatory) and or phone number.

The main reason why they are retarded is that they can’t even write the spider to insert the name of the website they are posting the form too. So I would have to write back with my “mandatory” website address.

Words fail me!

When I type on here it is sometime with haste and quite often with a lack of precision, much to my girlfriend’s annoyance ( I am sure I got that apostrophe wrong). My failures are inconsequential compared to an actual sales letter we received recently for our property business.

I have blanked out the errors to protect the stupid (and me getting in the poo 🙂 )

Just to give you an idea I don’t live in Scot Coldfield (Remember I bought from them so they know where I live) and my name is Not Mr Raza, nor that of my other half.

The moral of the story is, if you are going to spend lots of hard earned on a direct marketing campaign then at least check it. This one I got looked like it was penned by someone with a very bad grasp of English, littered with errors which makes me think the company must have the same lack of attention to detail.

cheers

Code Commenting

All code should have more commenting within it than actually needed.  Some coders will moan but screw them. You need to be able to get other people to be able to understand the workings of whatever you have built and probably at a time when you don’t actually have time, i.e. it has already hit the fan.

Cross Training of Programming

If you have more than one programmer then insist that they are made to understand each others applications.  Do not accept the line that “it’s [insert name]’s code and it’s a mess”, make them follow it and ensure a good level of understanding, consider it a peer review. You never know when one of your coders might get hit by a bus!

Passwords and Server Access

Parts of this may not be needed, but make sure you have an exit strategy for the time when you may fall out with your developer.  Ensure that you know what the passwords are and that they are nicely stored in password class that if needs be you could find them and change them. You also need to keep the keys (or know where they are) to the server. Make sure you know how to get in touch with the hosting company. If you are worried about looking like a bastard boss then wrap this up in “Documentation / Processes”. You may think this is overkill but I have seen instances where partners have fallen out and the techy one has been locked out the true owner and had emails re-routed and lots of other nasties.

Insist, no demand that no one ever logs in as root. It can be dangerous in the wrong hands. Get them to log in via a user name than has sudo access. Sudo can limit all sorts of things so that you can even give user rights to access just certain parts of the system, eg apachectl

Above all, have a plan for when one day you might fall out with one of your developers. I reckon that you could hide a script in the root directory that could be a one sweep password changer which your trusted man could activate when Armageddon comes. Best to stay good friends with this person 🙂

Development Server Environment

Never ever allow development on a live server. If you do you are asking for grief and woe of biblical proportions.  Have one trusted person do the final ftp/ssh to the live server. I have seen many problems, from overwriting a CSS file (gone forever) due to two people editing on a live server to servers being borked by inexperienced unix operation and god awful code. Check out my quick install of a sever.

Test Test Test and Test Again

Generally when a developer says that something is finished and working…it isn’t ready. Get them to test each others applications. You may need a suitably picky person on tap though who can find the flaws. Get them to write them down as they occur, take a screen print of complicated errors and write instructions on how they created the error or problem so that they can be tracked down. One of the best I have seen at this was Doug Scott, who if one tiny thing did not work he would assume the whole app was not working. Very funny to watch the faces of a proud programmer.

Keeping a Clean Ship

Servers can get messy, really messy quite quickly. Quite often it is just laziness and even I have done a few sneaky folder name changes to remove something offensive looking. Certain directories are sacred, under no circumstances should there be junk or test folder structures within the public_html or near there.

 I have seen the following:

public_html1
public_html2
public_html_new

This is a sacking offence 🙂 . In the case above code libraries were even crossing over but only one was the real public_html. It was a real mess.

Don’t allow low level users create new linux usernames all over the shop. Make a clear distinction of where development can be done and stick to it.

CVS

A lot of the problems with coding and software release versions can be prevented by using  a CVS. One that was used to good effect where I once did some work was SVN and Tortiose SVN. This means you can see code develop, rollback when then is a problem, backup easily and much more.

Backups

There is no excuse for not having a backup procedure up and running including documentation. Consider something like reoback. You should actually test the backups too. I have seen a backup reinstated due to corrupted data only for that data to also be corrupted. You need to shelve off data periodically in cases of major corruption.

Backups and disaster recovery is a whole major project, but most important. Media  these days is cheap, a TB for £150!

Remember to keep one offsite at all times, no good if there is a fire/flood/burglary.

Code Libraries and Language Libraries

If you are working on a big application then you need to be able to find common stuff easily. You need OO programming here or at the very least nice functions clearly commented and placed in separate files.

I like to get language libraries created, where all the interaction between the user and the application is installed. So when you see a spelling mistake or error when a interaction has taken place you can get to is easily and change it, as it is a nicely named function (errorMsgUserWrongPassword()).

Avoid inline formatting within code as this gets messy when you want to change something.

Load testing

Nothing like getting a shiny new application working nicely when you alone are using it, so you pass it into 5 mates and it runs like a dog. There are applications to load test (Neoload) which can mimic user actions and can be ramped up. Your coders might cry at this point when they realise that only two concurrent users can log in, but better to find out before the big press launch:-).

Design with Scale in Mind

If you are spending time to build a decent application you are hoping that it will go big. So you need to think big from the start, design the DB as if your application will have all the features you could ever want, even if you don’t build them. You may want to add them one day and nothing makes people cry more than someone who has to rewrite a DB from the ground up when they could have planned for it in the first place.

Can your site handle a FARK, or front page of digg, if not, how can you make it. Consider page caching.

Can the application, if needs be, run separate DB servers or handle load balancing.  I have seen load balanced servers need manual updating of DB’s or some such weirdness and during the “balancing” stage it would write to one of the 2 different DB’s!

Ensure SEO Standards

Before any code is written ensure that the site and application will be both SEO’able and reach accessibility guidelines. It is super easy to SEO to a high level just by having certain things in place like standard headers, titles and page hierarchies. Make sure that you a template that is constructed from easily defined variables, wordpress does it well:

http://codex.wordpress.org/Template_Tags

Have a list of standard SEO errors that must never occur.

IPR Ownership

It must be watertight on who actually owns the intellectual property rights on the application, all it’s code and anything discovered during the build. You don’t want to see your killer application re-launched  by a disgruntled ex employee.