Category: google

Categories
geek google hosting internet security wordpress

guess who got hacked

Night Work

Let me tell you about that time my site got hacked.

Once upon a time I received this email from Google. Now when Google emails you, you usually pay attention, even it it’s a bot. Those guys know their stuff.
The email told me that my site was possibly hacked because it was suddenly feeding spam when the Google bot was passing by.
The reason why I got this email is because I use the free web master tools from the G btw. That way they know my site has behaved nicely over the years, and when it suddenly started spewing spam, they knew something bad was up.

The scary part is that this only happened when Googlebot was munching my pages. Not when I or any other human passed by with a browser. So in other words, I didn’t have a clue.
Because it was quite the mystery, I checked my web folder and found a few suspicious files and folders in there. Suspicious, because I never put them there.

I found a folder named “coockies“, an unknown common.php, session.php and coockies.txt file. My .htaccess file was also changed. All php files and the .htaccess had the same timestamp. I compared my complete WP installation with the original installation files to be sure no other files were modified, which turned out to be the case.

The folder seemed to contain files with file names resembling URIs of my blog posts. The content was unreadable and appeared garbage. I’m guessing it was an encoded version of the spam my site was feeding Google.

At first I thought my WP blog was hacked, but the entry point was simply the modified .htaccess file. It contained a few new rewrite rules which checked the user agent of the incoming request, and if that matched any of the major crawlers, it would redirect to the new php files, which would feed the spammy content.

Cleaning up turned out to be rather easy.
I deleted all the new files, restored my old .htaccess file (hurrah for backups) and changed my site passwords just to be sure.

The fishy thing about all this is that I’m still not sure how these files got on my system (hence the password changes). The timestamp on the files seemed to point to the moment I last ran a WP and plugin update on my site. Maybe it was pulled in with a compromised plugin, but there is no way to tell which one it could have been. Another option is a compromised FTP account, but that password was already random before I changed it so that seems unlikely. I still changed it to a random and longer one to be sure.

I also took some extra defensive measures to try to avoid this kind of hack in the future, but that’s for another post.

Photo by Thomas Heylen, cc-licensed.

Categories
blog google internet

why I’m getting more hits since I updated my wordpress theme

Getting more hits in case of my blog means getting more Google love (90% of my traffic comes from the G), which means I get a higher ranking and end up higher in the search results.
So why could this be?

I don’t know really. I mean, it’s not like I A/B tested this and have raw hardcore scientific data or something like that, but that doesn’t stop us from guessing and coming up with the following list!

1. Google loves my new layout and gives me a better rating cause it’s pretty. Not likely.
2. Google loves HTML5. The previous theme was ugly HTML4.
3. Displaying full posts instead of a digest on the front page gives Google more content to index and it likes that.
4. The Twenty Twelve WordPress theme is a marvel of SEO goodness and Google fell for it.
5. Google likes a minimal layout linking to very few external sources better than something that links to plenty of external sites. Maybe it thought my blog was a bit spammy before. Who knows?

I’m thinking it’s probably 2, 3 and 5 that are doing the trick, but still I can’t be sure.
But apparently your site layout really matters judging from the stats.

The update went live in week 28. Below you can see that in the weeks before the update, I was maxing out around 150 hits a week. Afterwards, It started reached over 200.

Weekly stats after theme update

The monthly stats show the same thing.

Monthly stats after theme update
Interesting isn’t it? All of that is without actually publishing a lot of new content in that period. I wonder how long this effect will last.

Categories
geek google internet opensource

google reader replacement for geeks

Newspaper dog thinking RSS

Google Reader is quitting on us and there doesn’t seem to be an alternative if you don’t want something that tries to make your feeds look all fancy and shiny eye-candy-ish like Feedly or most of the alternatives I saw.

The things I loved in Google Reader are:

1. Accessible from anywhere (which means web-based basically), so desktop based RSS readers didn’t cut it.
2. I can use it from my Android phone, either with an app or straight from the website.
3. I can skim feeds quickly and star or tag articles I want to read later.
4. The read-later articles need to be imported into Instapaper, using something like IFTT.

I started looking at some open source solutions because I didn’t want to end up getting shut down again. In the least the services needed to allow me to import & export feeds easily in case it does bail out.

I noticed a few open source applications running on PHP that are interesting but only one of them is still actively developed and has a decent user base. So Tiny Tiny RSS is what I ended up testing out.
It’s pretty close to Google Reader (which makes sense because it’s an RSS aggregator and reader after all) but it isn’t pretending to become it, or implement every GR features. It’s sailing its own course, but since it’s pretty damn close I thought I’d give it a shot.

So here comes the geeky bit:

Since this is a web app and not a web service, you have to host it yourself.
So this means getting the code, uploading it to your server, setting up the database and configuring it.

If that didn’t scare you off, all of this is nicely explained in this lifehacker post and on the TT-RSS installation notes. So you’re pretty safe there. Recently the software was updated to enable it to run on a shared hosting server, so you can basically run it anywhere from now on.
If I wouldn’t have my own hosting I’d try to get it running on a NearlyFreeSpeech site to try it out for cheaps. You can set up a PHP site quick and cheap over there if you have the know-how.

There’s and Android application on the market you can try for 7 days for free to connect to your instance of Tiny Tiny RSS (after you open up the API settings in the configuration) and it works great. It costs only a few bucks so I figured I was willing to pay that to the author of this fine piece of work that’s available to the world for free after all.

It also supports starring and tagging posts, and it allows you to expose your starred items as an RSS feed so you can pull that into IFTT for syncing with Instapaper.

There you have it. All requirements are met with free software (except the Android app bit) and a bit of geeky work on your part to get things set up and running. So far things are running great and I didn’t run into any issues yet.
You can set this up for multiple users, so if you have friends that are also orphaned by Google Reader you can share your instance with them.

Photo by stylianosm, cc-licensed.

Categories
geek google internet privacy rant software

bursting out of the search bubble, or not

Space Helmet Bubble!

The search bubble. That thing where Google puts you in so your results are tailored to your preferences and habits. It’s kinda creepy and cool at the same time isn’t it? One of DuckDuckGo‘s main features is that they don’t put you in a bubble. So they don’t track your past queries, they don’t spy on your social media accounts to figure out what you read, like or retweet and they don’t tailor your results.

This video shows pretty nicely what that Google bubble looks like btw.

Scary isn’t it? The problem is however… it works so damn good too.

I know my results are customized, but when I look for .NET related stuff (which I do all the time at work for example) whatever I’m looking for is usually in the top 3. I know it’s biased, but heck, it works like a charm.
Outside of the bubble, I get more stuff I don’t want or isn’t what I’m looking for.

So it all depends on what you want doesn’t it? But it is a good thing to know that the bubble is there and that it learns from your queries. It’s also good to know that you can escape the bubble if you want to. And just logging out of your Google account probably isn’t good enough.

Photo by Rachel Titiriga, cc-licensed.

Categories
google internet security tips

how to figure out if a site is a scam

All right, everybody be cool, this is a robbery!

I was looking into getting some ebooks so I googled around a bit and something came up that was offering a nice deal. In fact, it was so nice that a little warning indicator popped up in my brain. It was looking a bit too good to be true, you know, the typical signs of a scam: if it’s too good to be true, it usually is.

Then I read the conditions and apparently you had to pay upfront before you could buy a book. Hmm. More warnings popped up.

So how do you determine if a site is a scam? Well, googling the name might help and turn up some warnings. But it didn’t in my case. That search however did turn up one thing by chance. A site that calculates the ranking of this ebook scam site gave me links to similar sites. When I opened one of them, it turned it had the same layout. In fact, it was a clone of the original site hosted on a different domain.

Scam?

So how many more domains like that are there? I tried a few google tricks and finally struck gold by copying a line of text from the site’s privacy policy, surrounding it with quotes to have The Google search for that exact piece of text. If that line is unique enough, it should only turn up a single website. Or websites that copied the same text. Or complete clones of the website as in this case.

The result? Google turned up a huge list of sites hosting the exact same content under a ton of different domains, sometimes with a different layout theme or logo. But plain copies none the less.

Scam!

Picture by Alex Abian, cc-licensed.