Author Archives: admin

Checking your WordPress blog for hacked files

WordPress is a very empowering software, but also can be easily exploited because of how it was created. WordPress was designed to make it easy for users to customize their blog without having to login to the server, but this opens up possibilities for holes. I’ve had a couple of my WordPress sites hacked and I wanted to share a few tips to help identify files that have been hacked.

Scan your site for free – sucuri.net provides a free security scanner that you can point at your WordPress site and have it check for spam links or possible security issues. It won’t catch all of the issues, but it is a great place to start.

What if sucuri finds spam links? How will you get rid of them? I’ve created a very simple bash script that allows you to check multiple WordPress sites for offending text. The script can also be run from the command line of the server that your wordpress is installed on.

  1. Create a file on your wordpress server and call it secure.sh and then paste the text below in it, replacing example.com/ with the directory of your wordpress install
#! /bin/bash
grep -r "netstat" example.com/

In this case netstat is a networking command line call that I found in some of my hacked files that allow the hackers to gain server access. You can replace the “netstat” with any text and it will scan through all of the files and list out files with it.  If sucuri finds spam links, put some of the text in quotes and run the command. Note that you can run

grep -r "netstat" example.com/

from just the command line as well and get the same results. When you are running the command or bash script, it may show that it is unable to access certain directories in your wordpress installation. These are most likely hacked directories. Check the permissions of the directories and change them so that you can get access to them. In my case, the directory’s name was log. I changed the permissions of the directory using:

chmod -R 700 example.com/somedir/log

where example.com/somedir/log would be replaced with the directory that wasn’t able to be read.

Once you change the permissions then you can delete the directory. Check to make sure there isn’t any critical files in the directory first.

I’m in no way a security expert but the steps above helped me identify and clean up hacked code.

Quality of Service and Customer support

One of the biggest components to making life easy for a Customer Support agent is having a good product. But let’s be honest, every product has its flaw and because of this the customer support/service agent’s role is critical for filling in the gap when the product fails.

I had a recent interaction with a customer support agent that left a very bad taste in my mouth as the agent didn’t understand the gravity of the situation.

Background:

Every year I run the annual RECSS awards which recognize outstanding customer support and service across multiple industries. This year was the 3rd year for this award. The process leading up to the winners only lasts about 2-3 months and is an intense time of marketing through word of mouth along with usual mediums like email and social media. This year I sent out my email through Vertical Response ,as I have done in previous years, letting them know that voting is open. I luckily received an email from one of my subscribers letting me know that the links in my email were leading off to a phishing site. Now as a disclosure my email list isn’t that large, but every person on the list is important and they are able to help spread awareness of the awards program after receiving the email. I checked the links I had setup in my email and confirmed there wasn’t a typo and then went to the email and clicked on the links and sure enough they were leading off to a random spam site.

I contacted Vertical Response about this and first asked how this happened. They replied and said it was an internal error and that their team was working on it and they apologized for the inconvenience. This was very frustrating as this was more than just an inconvenience, which I would consider a delay in sending an email campaign, but instead a major mess up. I replied and asked for a refund of the amount of money I’ve spent with them which didn’t exceed $50. I was going to take my refund, move onto a different vendor and chalk it up to a horrible issue. I didn’t get a response for a while and so I sent another email asking for them to confirm the refund of my payment and they replied that they provided credits in my account and gave me some more credits for use on my next campaign.

Now I had no intention of using the service again after that issue. All I wanted was my money back so I could move on. I asked them again if I could just get my money back and they said they couldn’t refund credits that have already been used. I can understand this from a business standpoint but at the same time this was a major error on their part and all I got was more credits.

In the end what I really wanted was someone to reach out to me on a personal level to understand why I was so frustrated so at least I was heard. If someone would have at least done that, then I would have still moved on, but I wouldn’t have this left over feeling of being taken advantage of.

Oh well, I’m using MailChimp now and loving their interface along with the ease of extending it. It is a little bit more than VerticalResponse, but well worth it in my opinion.

E-commerce Solution evaluation

I’ve been doing some research around hosted E-commerce solutions and wanted to post my results in hopes that people can offer insight into the best solution or recommend one that I haven’t covered yet. Below is the information I’ve pulled together thus far. I’d appreciate any feedback on the options and any recommendations for options I haven’t considered.

  Cafe Commerce Shopify Volusion Magento Go Big Commerce
Paypal Processing Yes Yes Yes Yes Yes
Credit Card Processing Yes Yes Yes Yes Yes
Transaction fees for processing CCs (if company processes on your behalf) 2.16% Based on Auth Provider 2.17% Based on Auth Provider Based on Auth Provider
Mobile e-commerce support No No – iphone mgmt Yes Not Available Yes
Coupons Yes Yes Yes Yes Yes
API No Mention Yes Yes (with $99/mo plan) Yes Yes
Custom CSS Yes Yes Yes Yes Yes
Custom HTML  No Yes Yes Yes Yes
Shared SSL included Yes Yes Yes Yes Yes
Custom Domain support Yes Yes Yes Yes Yes
Hosting included Yes Yes Yes Yes Yes
Support 24×7 Yes No Yes Yes No
Quickbooks integration No Yes ( starts at $10/mo) Yes (3rd party integration. Prob addtl cost) Yes (addtl cost starts at $299/year ) Yes
           
Founded 2011 2006 1999 2001 2003
Good Starting Level $30 $59 $39 $25 $39.95
Transaction fee (not associated with CC) No Yes (1% at this level) No No No
Max number of products to add Unlimited 2,500 500 500 500
Bandwidth Unlimited Not available on site 3GB 8GB 3GB
Storage Unlimited 500MB Not available on site 800MB 300MB

Midwest tour recap

I was fortunate enough to work remotely the past couple of weeks so that I could do a mini Midwest tour. I started off in Saint Paul, MN and connected with friends. It was great to play catch up. From there we went down to Winona for Pam’s cousin’s wedding. The wedding was beautiful and everyone had a great time.

Next stop was my sister’s place in Illinois. I hung out there for a couple of days and got to celebrate my nephew’s birthday through a fun visit to a mini golf and go cart center. I also helped my sister setup their new trampoline and got to bounce around on that a bit. It was good just having downtime with my sister and her family as usually we only get to connect around holidays or special events and there isn’t enough socializing time or even time just to hang out.

I went to my brother’s place in Indiana next. I lucked out to see my niece’s end of the year dance recital. It is crazy to see how fast they have grown and how talented they are. I also got to play video games with my nephews and brother. We made it to a couple of movies including Kung Fu Panda and Xmen, both were good. I also got to have downtime with my bro and weight lifted along with grabbing some breakfast.

I think moving forward I’m going to try and do one of these trips every year, except the next time I need to have Pam with me. I was away from her for about a week and a half and it was way too long. Also I missed Lucy and she missed me too. Pam said she waited outside of our bedroom door in the morning and whined as she was waiting for me to come out. Poor pups.

All in all it was a great break from routine and amazing bonding time. Thanks to all of the family that I saw and stayed with. Definitely a highlight of 2011.

Intranets aren’t dead, they’re just getting started

With the creation of Biztranet.com, I’ve been doing more research into Intranets including their impact on businesses, adoption among small businesses, and overall awareness. I was surprised to find that among small businesses, Intranets are still unknown.

If you have worked at a company that has more than 100 employees, there is a good chance that you have used an intranet. It can go by many names including: portal, intranet, extranet, internal website, and also creative names that are only relevant within the company walls.

The benefits of an Intranet are much needed, especially at the small business level to decrease confusion, increase collaboration, and improve overall capture of knowledge. One user of intranet software cited that they saw a reduction of email sending by 40% because of their Intranet. This is because it acts as a central repository for information.

My main goal when creating Biztranet was to be able to offer a hosted Intranet service to small businesses that was affordable, but still very powerful. Now I don’t do plugs on my blog that often, but if you go to http://www.biztranet.com and fill out the contact us form at the bottom of the page, mention this blog post and I’ll give you a 20% discount off any of the plans (monthly or annually). This offer is only valid until June 15th 2011.

Spread the word and increase awareness of Intranets. They can help you save time and money.

Chivalry isn’t dead

Pam told me today about a guy that was hitting on her, this happens often, and in this case and previous cases when the guy sees that she has a wedding ring they immediately back off and say, sorry I didn’t realize that you are married.

Now Pam wasn’t leading them on, she is just nice like me. But it is nice to see that chivalry isn’t dead from the standpoint that people respect the institution of marriage and won’t disrupt it. Now I know that not everyone is like this, but it is refreshing to see that there are people out there that still act this way.

Catalina…just amazing

For Pam’s birthday we went to Catalina. Neither of us have been to the island and I have to say it was amazing. Imagine a beach community that is stuck in the 50s. No new developments via real estate, streets are clean, food is good, views breathtaking, things to do abundant, and a general overall feeling of happiness. That is Catalina in a nutshell.

We went to the Casino (not in the gambling sense, but in the old italian term sense). In the building was an old theatre decked out with an organ that we were fortunate enough to hear being played before the movie we went to see. Here is the exterior of the Casino:

The highlight of the trip was of course being able to have time with Pam, but the 2nd highlight was getting the top score for a football throwing game in the arcade. My legacy will stand on that island.

We also made it over to the island museum which had an exhibit on photos of the beatles and eric clapton as photographed by Pattie Boyd.

We made it up to the Wrigley Botanical Gardens too. For those of you who don’t know, Catalina island was once owned by William Wrigley Jr, who also owned Wrigley’s Gum and the Chicago Cubs.

We didn’t get a chance to see the bison on the island, but since it was really easy to get there (1 hour north to Dana Point, hop on boat, 1 hour 20 min boat ride) we’ll most likely go back again.

My return to MindTouch

I put in my notice to leave MindTouch to start my own business in the beginning of April. A part of my new business is providing contract services to my clients. One of them being MindTouch. After a few webinars and trainings for MindTouch, they decided to offer me a new position at the company along the lines of a Sales Engineer for the sales team. After giving it some good thought, I decided to return to MindTouch in addition to running my company. My life goal is to be autonomous with my own company, but this is a role where I can have a big impact on the adoption of MindTouch and continue to help the company grow which is important to me.

I look forward to this new position and to working with the great people at MindTouch again.

Funny customer service chat

This is a conversation that I had this morning with a customer service rep from a company who will remain nameless:

Rep: How are you doing today?
Me: Pretty good, it is overcast here but that is expected in May
Rep: It is raining here at the moment
Me: Oh yeah, where are you located?
Rep: Philippines
Me: Oh, ok
Rep: You know where that is?
Me: Yeah
Rep: Have you been here before?
Me: No
Rep: How do you know where it is?
Me: from a map

Glad my cartography classes didn’t fail me 🙂 I at least know that the green stuff isn’t water (for those readers that have seen arrested development)

.htaccess file to allow pingdom servers

I’m setting up some servers that are restricted but still need to be monitored. In order to do this I setup an .htaccess file that denies traffic by default expect for IPs that are allowed. Here is the file that you can use to allow servers from pingdom but restrict everything else. Note you’ll have to add your own IP address and anyone else that wants to access the site:

order deny,allow
deny from all
allow from 83.140.19.38
allow from 67.228.213.178
allow from 208.43.68.59
allow from 94.46.240.121
allow from 72.46.130.42
allow from 173.248.147.18
allow from 173.204.85.217
allow from 84.246.230.247
allow from 212.84.74.156
allow from 64.141.100.136
allow from 178.255.152.2
allow from 64.237.55.3
allow from 178.255.155.2
allow from 178.255.153.2
allow from 178.255.154.2
allow from 96.31.66.245
allow from 82.103.128.63
allow from 67.205.112.79
allow from 78.136.27.223
allow from 67.192.120.134
allow from 207.97.207.200
allow from 207.218.231.170
allow from 95.211.87.85
allow from 83.170.113.102
allow from 74.52.50.50
allow from 74.53.193.66
allow from 204.152.200.42
allow from 85.25.176.167
allow from 174.34.162.242
allow from 70.32.40.2
allow from 174.34.156.130
allow from 69.59.28.19

Pingdom may change server IPs periodically so please confirm that the IP addresses are correct before adding them.