Last week we worked on Geotagging our site so that local people will be able to find our site easier. This week we will look at a quick method to secure your folders from hackers trying to gain access or deface your sites. Anyone that is using open source software should know they are at greater risk of being exploited by hackers and should be security conscious when using that software.

Basic Security
If you have a folder, like your images folder, where you do not want someone to browse it you can add a blank index.html page into that folder. This will prevent anyone from viewing the contents of that folder. The problem with this method is that in open source software it is very easy to find the files because they are all stored in the same location. Adding a index.html file to your folder will prevent basic nosey people from browsing folders they should not be browsing. For example with WordPress I can go in an see what plugins you have installed by going to www.yourblogurl.com/wp-content/plugins/.

General Security
A lot of open based software requires you to set folders to a permission of 777. This means that those file and folders are read and writable to anyone. The result is that someone could maliciously use your site for phishing or spamming by uploading their own files in to the insecure folder.

For some software’s they only require the folder or file to be set to 777 for the initial setup to write configuration information. For example WordPress wants you to set your theme files to writable so you can directly modify them from your admin area. This is a great feature but I would suggest once you are done editing them that you set the folder and file permission back to what they were originally.

From time to time you will need to have folders set to 777 so you can upload images. You can secure these folders from certain files being browsed in those folders by creating a .htaccess file and adding the following to it…

<FilesMatch “.(php|php5|php4|php3|htm|html|shtml)$”>
 Order Allow,Deny
 Deny from all
</FilesMatch>

You can add other file types to the end if your server supports them like ASP would be |asp.

Advanced Security
There are certain folders in most open source software that hackers will look for exploits. Folders like an include folder are usually hit hard on sites. We do have mod_security installed on our own servers to block a majority of the well known exploits. To be more secure you can add your own layer of security by adding a .htaccess to your own include folders to prevent browsing of those folders completely. Add the following to the .htaccess…

<limit GET POST PUT>
order deny,allow
deny from all
</limit>

This will prevent anyone from viewing that folder at all. Some times the include is in an admin area where you or several others only need to see it. You can secure it the same way but add an allow based on your IP. Again create a .htaccess file, find your IP address and add the following…

<limit GET POST PUT>
order deny,allow
allow from 212.54.122.33
deny from all
</limit>

You may need to tweak or combine these various methods to ensure the best security for your folders.

If you get stuck let me know in the comments.

Do you sign-up at various places only to find your email spam has increased? I have done this a few times and really had no way to prove that the site/company sold my email to others.

I did some searching and using a GMail account you can now find who has spammed you w/o having 100′s of emails setups.

To get started be sure to have a GMail account. If you do not have one then create one.

Once you have your GMail account you can sign-up at various services using the GMail account. The only difference from how normally enter our email is were going to add a keyword so we can later track where the spam originated from.

Let’s presume for a second that your email address is bluefurtest@gmail.com. If I sign-up for twitter I can add the keyword twitter to that email by using a +keyword. The email would look like bluefurtest+twitter@gmail.com.

If you add  the +keyword the email will still be sent to the main account of bluefurtest. To view if a spam was sent by one of your places you sign-up click on Show Details and you will see the +keyword where the spam was sent/sold from.

If you get stuck let me know in the comments.

Last week we worked on adding keywords to our sites so we can improve search engine ranking for those keywords. As the Internet evolves you will see more people wanting to do local searches and one way they will be doing that is through Geotagging. This week we will add Geotags to our site making it so search engines that use Geotagging will be able to direct the proper traffic to our site.

All of the Geotags go into the head section of your home page (between <HEAD> and </HEAD>). To begin open your home page in your favorite editor. The first one to add is your Longitude and Latitude using geo.position…

<meta name=”geo.position” content=”49.11;-122.68″ />
<meta name=”ICBM” content=”49.11,-122.68″ />

If you have a GPS finding your Longitude and Latitude is pretty easy. If you do not have that surf over to maporama.com and enter your address. The site will provide you the details to enter in the above tag. Next add the following tags which are pretty self explanatory…

<meta name=”DC.title” content=”Your Site Name” />
<meta name=”geo.country” content=”CA” />
<meta name=”geo.region” content=”CA-BC” />
<meta name=”geo.placename” content=”Surrey, BC V3S 8Z6, Canada” />

For the geo.country and geo.region be sure to use ISO 3166 standard codes. The next part uses the Getty Thesaurus of Geographical Names. Go to their site and enter in your City into the Find Name box and enter City into the Place Type. If they do not list your town try entering the largest local city. Once you find your city you will see an ID which you can copy and paste into the the following tag…

<meta name=”tgn.id” content=”7013135″ />

Like above the bellow should be added and are self explanatory…

<meta name=”tgn.name” content=”Surrey” />
<meta name=”tgn.nation” content=”Canada” />

Save your page and upload. Now that you have these details you can submit your page to GeoURL and GeoTags. If your adding these details to your blog you can add your blog to feedmap. I also found a Geotagging WordPress plugin which you can install as well.

If you get stuck let me know in the comments.

Last week we talked about the importance of running a contest. We previously announced that bluefurdomains.com is now iPhone friendly. Making it so was not that difficult but surfing it now will certainly make it easier for customers who are using an iPhone.

Part one of making your site more iPhone friendly we talked about making an iPhone icon for those that bookmark the site and redirecting iPhone users to a specific version of your site. This post will discuss what to do with those users once you direct them to make the site more iPhone friendly.

Site Width
The maximum pixel width of the iPhone screen is 320. If your site is currently optimized for a higher resolution then I suggest doing a redesign to make it fit in the 320 width.

Hide the URL bar
With space being so limited on an iPhone screen you can use the following script to make the iPhone url bar auto hide…

<script type=”application/x-javascript”>
if (navigator.userAgent.indexOf(‘iPhone’) != -1) {
        addEventListener(“load”, function() {
                setTimeout(hideURLbar, 0);
        }, false);
}

function hideURLbar() {
        window.scrollTo(0, 1);
}
</script>

Autozoom in
You can make your site zoomed in automatically and disable the ability for the users to resize your site by adding the following to your head section…

<meta name=”viewport” content=”width=320; user-scalable=no; initial-scale=1.0;”>

If you get stuck let me know in the comments.

Around 10 million or more iPhone’s have been sold and are being used to surf the Internet. As time goes on more people will be surfing the Internet using a web phone of one type or another. This week we will focus on making our site or blog more iPhone friendly so that those who are surfing our site using an iPhone will not be lost.

Apple Touch Icon

Like a favorite icon for your web browser the iPhone has the ability to save a page to a touch icon so users can quickly access that site again. The touch icon is a 57 x 57 png image that you can set in your header. To get started you will need to create the png icon. For those that are graphically inclined just open your logo and shrink it down to 57 x 57 (you can do any box shape and the iphone will shrink it down to 57 x 57) and be sure to save it as a png. For those not so graphically inclined do the following…

1. Choose an image or logo that is bigger then 57 x 57. If it is already boxed shape that will help but is not required.
2. Go to this online image resize page. Once there upload your image you picked. Set the image size to 57 pixels for both height and width and save the file as a PNG. Download the image and save it somewhere you can find it.
3. Rename the file apple-touch-icon.png. In windows just click on the image and press F2 and you can rename it.
4. Upload the apple-touch-icon.png to your site or blog root folder.
5. On your index page add the following code to your header <link rel=”apple-touch-icon” href=”/apple-touch-icon.png”/>
6. Save your page and your done. Your icon will look something like the below screenshot on the iphone.

iPhone Theme for your Blog

If you have a blog then odds are people with an iPhone will try and surf it. Installing an iPhone theme for your blog will make it easier for them to surf your blog. I have installed the iWPhone theme and plugin on to this blog. If you install it your blog will look like below.

Redirect iPhone users to a Separate Site

If you do not have a blog and want to push iPhone users to another folder where you can then develop a more iPhone friendly design add the following to your .htaccess…

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*iPhone.*
RewriteRule ^index\.html$ iPhone/index.html

If you get stuck let me know in the comments.

PS – Thanks to Matt and Brady for the screenshots.

Last week we ran a spell  check on our site to ensure that all the spelling mistakes were removed. This week we will focus on adding a secondary MX record. MX stands for Mail eXchange and is used by DNS to route email to the proper mail server. In the off chance that our mail server is dead you could possibly loose emails. One way to prevent that is to use a secondary MX.

Mail delivery is first attempted to be delivered to the primary mail server. If that server is not reachable then the mail will be attempted to be delivered to the mail server with the second lowest MX level. If the second lowest mail server in priority can not be reached then the mail will be delivered to the mail server with the third lowest MX level and so on.
If no mail servers can be reached then mail is sometimes queued but is usually just bounced back to the sender. This can lead to lost sales and lost revenue and worst of all lost of communication and respect.

To setup a second MX the easiest is to purchase the service through DNS Made Easy. The cost is only $12.95 for a year. Once you have purchased it they will provide you with a list like the following…

20 mx1.dnsmadeeasy.com
30 mx2.dnsmadeeasy.com
40 mx3.dnsmadeeasy.com

Open a ticket with our support and ask them to setup the additional MX records in your DNS. You are now prepared encase of an emergency that your emails will not be lost.