Network Solutions hosting issue or WordPress Security Flaw

My one of client is victim of this mass hack on network solution hosted blog. I am going to share some interesting fact about this vulnerability story.

  1. when our client contacted to Network Solution support tell them to buy SSL as your site is not secure.  (6 April)
  2. I fixed theme files which is altered by this hack and checked my database for any possible code. found a funx.php on theme file and called in footer.php. site seems to fix that time for me. I used to clear my cookies to check at every refresh. my avast home antivirus and chrome browser help me to do that. Suddenly my blog database connection gone due to network solution effort i think. I changed all username and password for ftp, database, wp-admin users (8 April)
  3. When i wake up at 9 April found hacked blog again this time this this is another issue. Theme footer have reference to a function and 1 file included that is created on server. not able to remember the name 2 random file without any extension. I am not sure how someone put file on my server. I fixed the site again and and checked multiple time with clearing the cookies.  Seems fixed. I am very curious to know how this thing is happing to the site. anyone placing file on my server. (9-April).
  4. Seems everything is fixed i start working on to make site secure with ssl. fed up with redirect error and i finaly make that working. (10 April)
  5. Url is now https.  i loosed my page rank and all back link on new site. (10 April)
  6. Site is infected again. this time a plugins JavaScript file is infected. fixed again. (12 April).
  7. Till now not noticed any infection issue (14 April)

Now i am getting strange errors on site not sure this is infection or ?????

1
2
3
Error in ISAPI_Rewrite helper ISAPI extension.
12030 - The connection with the server was terminated abnormally
File: .\rwhelper.cpp, Line: 1290.

More update coming . Feel free to comment. Thanks

Update 18 April

Site is again showing virus warning. I did all step to resolve nothing works. then i rename .htaccess upload a 1.php on root with  following code

1
< ?php phpinfo(); ?>

According to my knowledge this is server issue. This is no more any WordPress Issues. May be this problem is solved by Network solution before people notiiced that.

Update 21 April

I gave up my effort with Network Solution and i shifted to another Host.

Best response on this issue

Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?

A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.

I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.

If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.

P.S. Network Solutions, it’s “WordPress” not “Word Press.”

–Matt

Should My Company Have a Blog?

One of the most common misconceptions today is that a blog is meant for personal use. This couldn’t be further from the truth. A blog is so much more than a personal diary or a daily dose of someone’s personal opinions and ideas. A blog provides an opportunity for outsiders to become engaged and active. Let me put it this way. You are missing out on a huge opportunity if your company does not have a blog. Let’s start out with the consumer’s perception of companies.

Blog Visuals

Consumers have changed the way they view companies. In the past, consumers had a limited number of choices when purchasing goods and services. Before the web, consumers purchased goods and services from a local company or possibly through a catalog. The U.S. Census Bureau estimated that total e-commerce sales for 2009 were $134.9 billion. More and more people are signing on to the web to make purchases. This has provided a significant opportunity for businesses, especially small to medium size businesses. Think about it. If I wanted to buy a bicycle ten years ago I would have went to my local Wal-Mart to make the purchase. That’s not the case today. I can get online and search specifically for the bike I want. It could be that I end up making the purchase from a small bike shop in Minnesota and have it shipped to me. The web has increased the purchasing power of consumers. We now have more choices and are not limited to what our local companies can offer. You are probably thinking what does this have to do with whether or not my company should have a blog? Everything.

It is your responsibility to differentiate yourself from your competition. It is much more difficult to do this today. Not only do you have to compete with your local competition, but you also have to compete with businesses in other cities, states, and even other countries. One way you can differentiate yourself from your competitors is with a blog. Consumers want to feel good about their purchases. I will gladly pay $10, $25, or $50 extra to a business that I feel understands my circumstances and reaches me on a personal level. That is exactly what a blog is…personal. It could be that I chose to purchase my bike from the online company in Minnesota rather than my local Wal-Mart because the company in Minnesota spoke to me in a different way through a blog.

A blog creates a feeling with consumers that they are getting inside knowledge. It helps companies establish relationships with their customers, which by default leads to trust. Do you want to see an increase in online sales or see your website become a tool rather than an expense? Get on a personal level with your consumers.

Another reason you should have a blog is because it keeps your website updated with fresh content. Common sense tells us that people are not going to visit your website repeatedly if they see the same thing each time they visit. However, if your content is changing consistently they will continue to visit your website in order to remain informed. The opportunity to sale your products and services increases greatly with the more visits you have to your website and the longer people remain on your website.

Having a blog opens up so many avenues for companies. Think about the numerous ways you can keep your website visitors engaged through a blog.

  1. Inform them of new products and services, or changes to existing products and services.
  2. Offer online discounts and promotions to your blog readers.
  3. Inform your readers of how your company is doing in relation to its’ goals and objectives.
  4. Post articles regarding your company’s involvement in charity (consumers love this).
  5. Post information about your employees.

These are just a few of the ways you can utilize a blog to reach out to your website visitors and customers. Do not use a blog to bash your competition. This is one of the cardinal sins of blogging. We, consumers, get really tired of negative publicity. So, keep it positive and be consistent.

If you are still unsure if your company needs a blog you apparently skipped this entire article and went straight to the bottom hoping to find a summary. Well, here is your summary. Yes, you need a blog. If you are on board and are ready to implement a blog then we recommend using WordPress.

About the Author:
Ray Goins is an author and owner of www.stopdev.com. StopDev provides web design and online marketing tips.

Jquery solution for Radio Group in Umbraco mc_ed_form

Just tried Umbraco a dot net based open source system. following are some of my experience on that.

  • I am totally new to dot net platform so i faced lots of problem to install Umbraco on shared server. After lots of research i  found Umbraco is not compatible with networksolution and aplus.net shared hosting. Then i choosed Softsys. All thing set with softsys.
  • Surprised to see a nice cms. take 3-4 days to try after that i am successfully deploy my first website in Umbraco.
  • I found a beautiful way to manage the content from Umbraco.


As i am not very much familiar to dot net i did,not try to modify .net macro. i played lots of with xslt to achive desired result.

My client  need personalized form and each  form have multiple radio group. i searched on net to find a solution. I found a solution mc_ed_form from forum of Umbraco but that not support Radio groups. So i tried a solution from my way , I write a jquery code to transform all drop down list to Radio group. 🙂

Following are the Unobstructive jquery code which i used in page where form is there

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
function setid(){

arr=$('select');//call all list item in a array

jQuery.each(arr, function(count, item) {

$(this).attr("id", 'lisi'+count);//changed all select to my desired id

convertit(count);// Apply the function

$(this).hide();// hide the select element on page

});

}

function convertit(co){

var $dd = $('#lisi'+co);

if ($dd.length > 0) {

var selectedVal = $dd.val();

var $options = $('option', $dd);

var arrVals = [];

$options.each(function(){

arrVals.push({

val: $(this).val(),

text: $(this).text()

});

});

}

var arr = arrVals;

$.each(arr, function(count, item) {

if(arrVals[count].val!==""){

var pg='';

var lname="#lisi"+co;

var div=$("<div></div>").addClass("wrap2");

var rname='rad'+co;

radio = $('
<input />'
).attr({  type: 'radio', name: rname, value: arrVals[count].val, id: rname, checked:pg});

label=$('<label>'+arrVals[count].val+'</label>');

$(label).prepend(radio);

$(div).append(label);

var oc=true;

$(label).bind("click", function(){

var sv=$("input[name="+rname+"]:checked").val();

$("#lisi"+co).val(sv);

});

$(lname).parent().append(div);

}

});

}

$(document).ready(function(){

setid();

});

If you found any problem with code or any modification suggestion Please let me know. I know this is not a good way to proceed but this solved my purpose. I am finding a dot net way to do it.

Successful Website Design Criteria

We believe you don’t start the design of a new or revised website by sitting down with the designer and coder of the website. Rather, we recommend you review the approaches, ideas, processes and other methods listed below to determine if they apply to your situation.

Think about your audience. Are they looking for immediate answers and solutions? We bet they are. Most likely these visitors to your website are very much like you. Chances are you use the Internet more than other types of media to search for information. If a web page doesn’t “grab your interest” within 8 – 10 seconds after landing on it… you move on!

As a “first step” we suggest that you start by reviewing the questions listed below. We are convinced that once you get to the last question… you will have a list of action items identified that will greatly improve the productivity of your current website. The success or failure of the site and/or business may very well depend upon the decisions you make after reading these questions

What Do You Know About Your Clients and Prospects State of Mind?

When visitors land on your website, they have very little time to read what you say. They have a need for information or a product and don’t want to listen or read verbose descriptions and comments. You have about 8 seconds to engage them and get them to take action. Do most visitors land on your website wanting:

  1. information,
  2. a “quick fix”,
  3. a bargain,
  4. a large selection,
  5. or a telephone call, etc.?

It is imperative to know the answers to these and many other questions BEFORE you design the pages within your website.

Do You Make Website Visitors Feel You Can Satisfy Their Wants and Needs?

Landing on any page within your website [especially the Homepage] must make the visitor know that you understand their needs, business, wants, and desires. The more you put yourself into the “mindset” of the website visitor, the better chance you have of converting their visit into something you want to happen i.e. buy, complete a contact us form, bookmark the page, pick up the phone and call you or any other method of measurable conversion.

What Approach Do You Take When Developing Pages Within Your Website?

What do you think you would want from your website if you were the prospective visitor or client? Assume you don’t know as much information as you want in order to make an informed decision. Talk to these visitors in a language they will understand. If visitors want more insight or information, tell them to click on the more info link or give you a call. They will follow your direction ONLY if you have built some level of trust or understanding.

What are You “Selling” to the Website Visitor?

Are you focused on telling them about your product or service or are you making them understand that choosing your firm will deliver that special feeling they are seeking by making the purchase? Are you sure that you made the visitor know that you understand their needs, wants, problems, etc.? What techniques did you implement to get your points across?

How are You Going to Get the Visitor to Stop and Think About Your Service or Product?

Remember… they are ready to pass by your website in a blink of an eye. What are you going to do to engage them? The answer you come up with will be critical to the success you have in gaining their confidence enough to buy or call you. Make sure what you say is NOT the same old thing they are used to seeing or reading on other websites. Be boring and you lose! Address the issues that appeal to the visitor and they WILL STOP! This is hard work… but worth the effort.

What Kind of “Call to Action” Statements are You Placing on Your Website?

Turning a visitor into a prospect or client is one of the most critical actions of your website. How will you engage them? Once they know that you understand their needs and wants, they are more inclined to follow your CTA direction. Call to Action statements are critical to the success of any website’s conversion. Guide them in a manner that is more telling, rather than selling. Don’t be afraid to be assertive.

How Does Your Website Address the “Who Are We” Issue?

Again, it is about making the website visitor feel confident that they are choosing a reputable firm or organization with which to do business. They need to read about your success. This can be done by exhibiting your affiliation with associations, awards won, satisfied client statements, client success stories, examples of your work, etc. Show them you are a “player” in your industry.

Are You Prepared to Answer: “What Makes You Different”?

What have clients and prospects said about you and your company? Have they applauded you for your approach to doing business? Did they say you made them feel like you understood their needs and wants? Think back to the reasons clients buy from you. How did you meet their needs and wants? Give your prospective clients reasons to do business with your firm.

A final thought…

Make it your primary goal to understand the potential client. Look at your website through that client’s perspective. Who are they? What makes them different? What do they individually want and need? Be informative… do more telling than selling. They will “get it” and appreciate that you have made them an educated buyer. Finally, tell them what you want them to do next. Get them to take the first step and be ready to deliver on the expectations you have set throughout your website!

Finally, be sure to hire Internet marketing professionals to do the job if you don’t have the capabilities in-house. Too much is at stake to leave this part of your business to chance! We are pleased to provide you the insightful comments contained herein.

About The Author
We have 11 years of Internet marketing experience re building successful website promotíon programs and meeting the challenges of appealing to today’s Internet visitor in the current economic environment. Call us at 631-423-0815 for further discussion on how we might be able to assist you and your team or to review the Full list of PDF documents on Internet Marketing and Conversion techniques.InternetConsultingAndCoaching.com

Mostly used programming languages and their programming advantages.

Nowadays, world wide clients are demanding for cost effective solutions along with high-performance speedy development. In recent internet marketing arena, designing a good website template and placing unique and relevant content is not enough for a profitable web businesses. Web programming is getting more value in terms of building flexible websites. Web programmers are skilled in many programing platforms and satisfying the clients with their expertise.In recent web industry as well as in software industry there are mainly three types of programming platforms getting famous in regards to their superb resource, their security and easy availability in the market and they are PHP platform, dot net platform and the java platform. These three programming platforms have their own advantages according to their work procedures 

Advantages of Java programming

  1. As a programming language Java is secure, multi threaded, distributed, high-performance, object-oriented, robust, dynamic and portable in nature.
  2. Java applets are platform independent and utilized for web programming.
  3. Mobile applications made by Java is fully compatible with any mobile operating systems. In software development this is denoted as prime feature of Java mobile applications.
  4. Enterprise Java Beans (EJB), Remote method Invocation (RMI) are globally accepted architecture for distributed systems.
  5. Struts, CORBA, Hibernate, DAO are widely accepted Java architectures which fully support internationalization (i18n) for enterprise applications.
  6. In Java programing, we can use any kind of database (paid or non-paid) as per the client’s requirement, i.e. for choosing database, Java programming language does not create any burden.
  7. We all know that Java is a open source programming language and it is easily available in the market without any hassle.

Advantages of Dot Net programming

  1. In Dot Net programing the programming codes and the HTML exist in different files.
  2. Dot Net frame works are hugely used for doing specific applications.
  3. Automatic garbage collection is possible in Dot Net programming.
  4. Dot Net uses safe type cast and Strong and powerful IDE’s for better and faster application development.
  5. As this is a consistent programming model, it has got the direct support for security, in short Dot Net is highly secured programming language.
  6. Dot Net provides an attribute called Serialization which is used for publishing or producing an item in the form of a series of information bits.
  7. It is language independent, so if the team has multiple skill expertise like C#, Dot Net, C++, developers can still work on the same project with different skills set.
  8. MS technologies provides RAD (rapid application development) to deliver project faster, because customers always prefer faster delivery.
  9. Dot Net debugging is very effort-less therefore, can fix the bugs quicker.

Advantages of PHP programming

  1. This programing language is accepted by maximum web programmers for its open source features.
  2. PHP is a server side programming language that is widely used for web programming.
  3. PHP language has some similarity with C and C++ programming. PHP syntax is quite similar to C and C++ syntax thus, a PHP programmer can easily learn it and make use of it in their respective works.
  4. PHP programming language can run on both Windows and UNIX servers.
  5. My-SQL is well known online database and can be interfaced very well with PHP. Therefore, PHP and My-SQL are an excellent combination for small business owners.
  6. PHP language has got the powerful output buffering techniques that further increases over the output flow.
  7. PHP can be used with a large number of relational database management systems, runs on all of the most popular web servers.
  8. PHP5 is dynamic, platform independent and fully object oriented language that helps to build complex and large web applications.

About the Author

Joanna Gadel has the creative knowledge as a Software developer and her educational articles on PHP programming helps her readers to better understanding in recent programing arena.

My first Post from Windows Live Writer

Plugins Background Match_thumb[4] I just installed windows live writer in my local machine. now we can write offline and post it when post is complete. I like this tool very good because we can see preview while editing. you can download Windows Live Writer from http://windowslivewriter.spaces.live.com/.  you can include flicker digg and twitter feature while writing the post. I am very exited about windows live.

Its seems that Windows live have very promising feature for blogging and networking.

Following are the feature of Window Live Writer.

  • New border treatments (including Instant Photo)
  • Crop and tilt photos
  • Insert multiple photos
  • Toolbar alignment commands enabled for images
  • Insert and upload Windows Live photo albums
  • Insert and publish video to YouTube
  • Additional spell checking languages: Arabic, Basque, Bulgarian, Catalan, Croatian, Czech, English (Australia), Estonian, Greek, Hebrew, Hungarian, Indonesian, Latvian, Lithuanian, Malay, Polish, Romanian, Russian, Slovak, Slovenian, Turkish, and Ukrainian
  • Server-side tagging (for supported blogs)
  • Type-down filtering in the Open dialog
  • Twitter, Digg and Flickr Plug-ins
  • Improved blog account setup
  • Lightbox and Windows Live Spaces inline preview support
  • Improved category control: adding categories, type-down filtering
  • Tabbed view switching
  • AutoLink glossary
  • Smart quotes/typographic characters
  • Word count
  • Support for bidirectional languages (like Hebrew and Arabic)
  • Tabs for view switching
  • Updated look and feel