January 9th, 2008
Image by Gutter
Actually, my site hasn’t got a virus, but in my previous job working on a hosting provider’s help desk, I would often have customers calling reporting that their website was generating warnings from their anti-virus software, this would usually be due to an iframe or javascript exploit within their site. So how exactly can you stop your website being infected? Well to answer that, you need to know the three main causes of website virus infections, which are:
1) Local virus infection - a virus on your machine adds code to a page, which you upload some time later without knowing it’s there. The extra code does nothing until a pre-determined time set by the virus author at which point the code can do anything from launching pop up advert windows at visitors of the site to trying to infect other machines. The only way to prevent this from happening is to use a system less susceptible to viruses, or ensure that you keep your system virus free through the use of anti-virus platforms and some basic common sense.
2) Bruteforce FTP hacks - simply put, the ‘hacker’ uses a bruteforce attack to login and modify a small part of your site, this is usually automated, often from virus infected zombie machines. Short or easily guessable passwords are often prone to this kind of attack. These are easily preventable through the use of a good secure password.
3) File permission exploits - many hosting platforms (ours included) have the facility for you to specify file permissions, this essentially tells the server who is allowed to make modifications to your files (amongst other things), if these permissions aren’t set correctly, you can literally allow *anyone* to make modifications to your files. Ideally, all files in your site should be set to 0644 (-rw-rw—-), except in circumstances where you need files to be executable by your site users (i.e. for cgi scripts).
Here’s to a safe and virus free 2008!
December 21st, 2007
Just wanted to say a quick Merry Christmas to all (two) of my readers. I’ll probably be a bit quiet on the posting front for the next couple of weeks what with the Christmas break and all, but rest assured, I’ll be back in the new year with more web design and development tips for freelance web designers!
December 20th, 2007
If you could wish for one thing as a web designer, what would it be? Global acceptance and implementation of web standards, would surely be the obvious choice, but lets face it it’s about as likely to happen as ‘peace on earth and good will to all men’ until we can somehow encourage the lazy and selfish web developers to start thinking of the greater good.
Global domination of Firefox would also be good, but I think that will happen on it’s own eventually unless the IE team suddenly decide to take their digits out of their posteriors and make some serious progress with IE8.
So what would I wish for? To be honest, it’s really quite simple and not at all unachievable, I would like a way to use variables within stylesheets. I spend so long hunting up and down CSS files for that hex colour that I used just a few moments previously. Naturally, if I was more organised I would keep the colours in a note on my desk, but that still wouldn’t allow me to change all the examples of that colour at once.
Something like this would be brilliant:
/* css variables
$colour1 = "#830203"
$colour2 = "#bbe7f6"
$border = "1px dotted #ccc"
*/
.post {
color: $colour1;
background-color: $colour2;
border: $border;
}
Of course, it looks a little bit pointless in such a small snippet of CSS, but in larger documents it could save me huge amounts of time and effort. One thing I don’t expect is for it to be implemented within the CSS standards themselves - but a CSS variable parser written in JQuery or even PHP would be relatively simple now I come to think about it.
Actually… PHP would be really quite simple and something I might spend a bit of time sussing out for myself. Keep your eyes peeled for a solution soon.
December 20th, 2007
Today while fiddling with this very blog layout, I started to wonder, what the purpose behind this blog is. Afterall, Lorelle states in her book ‘blogging tips - what bloggers won’t tell you about blogging‘ that every blog should have a reason for being.
Photo by jamuraa
Of course, ‘I blog therefore I am’ would be an easy way out, but I don’t want this blog to be lost in the dross that is talk of kittens, rants about illness and general gossip that plagues the blogosphere.
So just what is this blog’s reason for being? Primarily it’s a place for me to show off my WordPress theme development skills, that’s right - I’m rather handy at building WordPress themes - hell give me a design and I can usually make it into a usable theme within a couple of hours.
As time goes on, I plan to improve this theme, this is just a basic ‘graphic free’ place holder, until I get my shit together and design something a bit more attractive. Until then, I need something to write about - I need content and so I’m going to blog about what I know best - web design and development.
Over coming weeks and months (and hopefully years) I plan to talk about my experience as a web developer, sharing hints and tips for n00bs and seasoned professionals alike, and hopefully share some code snippets with those who need them.
If there’s anything you would like me to talk about or something you want to know - drop a comment anywhere on this blog and I’ll see if I can oblige - think of me as an online advice column where you can ask all those web design questions that you were afraid to ask.
December 18th, 2007
I’m a web developer - I love my macs and want the latest and greatest, but you know what… I really don’t need it.
For skilled web developers, masses of memory really aren’t required - I can build a website using a simple text editor and an FTP program. If I need to go down the graphic route, then I use Adobe Fireworks CS3 which again, doesn’t really require all that much memory.
For the past three years, my MacMini has been more than enough for my needs and to be honest, it’s still more than enough for my needs, but sadly the old old PII laptop that I used for testing has given up the ghost and I need a way to test websites on Windows web browsers.
So… my choices are:
1) Buy a new Intel MacMini, install Windows via Bootcamp and survive with just the one machine.
2) Keep my existing MacMini and buy a cheapy Windows machine, just for testing purposes.
Or - mystery option number three:
3) Buy a Mac laptop and run Windows via Bootcamp.
As I’m becoming increasingly mobile, I’m seriously considering option three, as it gives me everything I need in one sleek, sexy, mobile package. Plus it means I can get one of those Sumo beanbag chairs that I’ve been wanting for so long and veg out with my laptop when I work instead of being constrained to a rather boring desk environment.
What do you guys think? Are there any options I haven’t considered? Is being desk free as fun as I imagine it? Let me know in the comments…
December 15th, 2007
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nulla dui lacus, consequat vitae, suscipit sed, feugiat sed, dui. Praesent imperdiet arcu vulputate ligula. Sed sodales pede nec magna. Vestibulum lacinia accumsan sem. Sed interdum orci nec nulla. Duis tincidunt ligula et odio. Integer convallis orci. Donec id risus at risus hendrerit vehicula. Sed ultricies. Phasellus at libero eu eros rutrum auctor. Vivamus vestibulum feugiat erat. Cras eu erat. Pellentesque eu leo in erat varius vehicula. Fusce auctor, quam a vestibulum pharetra, libero massa varius velit, eu dapibus neque purus eget mi.
Sed laoreet condimentum purus. Sed accumsan, odio vitae eleifend euismod, nisl justo pulvinar dolor, at placerat sem orci ut dui. Vestibulum ut urna quis ipsum tempor imperdiet. Phasellus interdum. Nunc at purus. Fusce feugiat. Fusce convallis. Quisque non tellus. Donec feugiat nisl vitae orci. Suspendisse condimentum nisi in sapien. Donec quis sapien. Maecenas dictum tincidunt libero. In quis arcu.
Proin sollicitudin, eros non pellentesque consequat, leo felis placerat purus, eget egestas libero odio vel enim. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Proin auctor aliquam tortor. Nunc erat neque, sagittis ut, bibendum vitae, pretium eget, nulla.
Proin sollicitudin, eros non pellentesque consequat, leo felis placerat purus, eget egestas libero odio vel enim. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Proin auctor aliquam tortor. Nunc erat neque, sagittis ut, bibendum vitae, pretium eget, nulla.
Read the rest of this entry »
December 15th, 2007
In the past I’ve worked in the technical support departments of a couple of hosting providers, and something I come across quite frequently is sites being ‘hacked’ due to customers using insecure passwords. I’ve seen some terrible password examples over the years, but the worst by far was a customer who had said his password as ‘eeeee’*. How long do you think it would it take to guess that password using brute force? The answer is not long, not long at all.
This particular customer only realised the error of his ways because some malicious soul decided to break into his webspace by FTP and alter the content to show pictures of a pornographic nature. It wasn’t until he was flooded with calls and emails from his own clients about the issue that he even knew something was wrong. This folly supposedly cost the customer thousands of pounds in lost business and unmeasurable damage to his reputation.
So how can you avoid this kind of situation? It’s really quite simple - pick a secure password. Here are my three hints for ensuring your password is secure:
1) Avoid the dictionary
A lot of brute force hacking is done by attempting words from the dictionary - so the easiest way to beat dictionary attacks is to simply not use a word/phrase that appears in the dictionary. Also - avoid all numeric passwords - these are ultra easy to guess!
2) Go Long!
The longer your password is, the longer it’s likely to take to guess. Personally I use a “pass phrase” rather than a “password”. Combining multiple words together helps to reduce the risk of your security being compromised - so rather than using ‘cat’ as your password use something like ‘mycatisbrownandfatandcalledpat’.
I have a friend who has taken this example to the extreme - using a 50 character pass phrase which is basically a paragraph from his favourite book! Long passwords are generally good, but don’t go too long - a lot of providers limit password lengths to less than 20 characters.
3) Mix it up!
Want to make your password ultra secure? Then use a combination of upper and lower case letters, numbers and none-alphanumeric characters (i.e. symbols). So… to secure our previous example even further we could make it ‘Myc@t1sBr0wn&faT_andca||edp@t’. Of course, these ultra secure passwords are a tad harder to remember, but if you’re anything like me and end up entering a password more than once a day, you’ll soon have your head round it.
So there you go - three simple tips to help you create better, more secure passwords and save yourself from the humiliation of having your website hacked and your online business destroyed.
December 11th, 2007
So here it is, the first blog on the SquareRobot Blog Log. After-all, what self respecting web developer wouldn’t have a place to wax lyrical about all their latest geeky web design thoughts and opinions?
Despite the fact that I’ve been out on the blogosphere in one form or another for over ten years I’ve never made it to the dizzy heights of super-bloggers Dan Cederholm or Jon Hicks.That said, I’m loud, opinionated and have quite a bit to say on all sorts of web development issues - stay tuned, something interesting may come of all this…
You may be interested to hear that I’ve chosen Wordpress for this particular blog. Why? Basically because I have lots of experience with it and I’m very familiar with Wordpress theme development - it would probably take me ten times as long to use anything else. Then of course, there’s the fact that Wordpress really is very very good. I really can’t think of much in the way of blogging platforms that compares.
I had toyed with the idea of building a bespoke blogging platform, but to be honest, Wordpress suits all of my needs and many more - developing a bespoke system would have taken quite a considerable amount of time, and isn’t really something I can do with my current work load.