GoodWebsite.net | GoodWebsite - Blog
Check out our blog and our interesting updates.
website design, web design, web development, ecommerce, e-commerce
15882
blog,ajax_fade,page_not_loaded,,vertical_menu_enabled,side_area_uncovered_from_content,qode-child-theme-ver-1.0.0,qode-theme-ver-7.9,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Blog

22 Feb This week a client asked us to rescue a hacked site. (Which we did.)

A client approached us this week - her site built and hosted by someone else had been hacked. Websites which have been compromised by hacking attempts are increasingly common - but it's not always the end of the world when it happens. Villains often get in using what they call brute force methods, that's using machines trying different password combinations over and over again until they gain access. Sites can be cleaned up and rescued, and then appropriate security measures put in place. Sometimes your hosting might need a bit of an upgrade as well. We tend not to use the cheap as chips £3 a month hosting deals that you can get, because the tech support usually just isn't there - and at times like hacking times, you might need it. Just to figure out what the level of damage is. You have to treat it seriously because the bad guys can...

Read More

16 Mar Why would villains want to donate to our charity?

Much to my surprise, we started to get some credit card donations on the site we run for a UK registered charity which were from stolen credit cards.
(The Google Grant we managed to successfully apply for has helped the charity an enormous amount, generating traffic for donations and also to get more disabled people money from the charity - I will write about that later, separately.)
Naively I thought these might be Robin Hood style donations, robbers trying to steal from the rich to give to the poor, but no. After doing lots of research I found this mighty helpful article on the philanthropist's site, which explains all. We are now taking further steps to combat the problem.

Easy Target

Stolen credit-card numbers aren’t worth much on the underground market until verified, so thieves use online payment websites to test whether the numbers work. Some thieves pay criminal services groups to do the confirmation work using a bot, — a software application that rapidly enters the numbers into payment websites, said Don Jackson, director of threat intelligence at PhishLabs. If the payment goes through, the criminal-services group reports back to the thief that the credit-card number is valid and will work for making larger fraudulent purchases. Fraudsters also use for-profit retailers to verify stolen numbers. But businesses are often well protected, requiring multiple steps to make purchases such as setting up an account and providing personal information linked to the credit card. Many nonprofits forgo such requirements to reduce obstacles to making donations. That simple design is ideal for a thief or a bot trying to test many numbers quickly. "I think the reason charities and nonprofits are targeted is they want to set it up with as few bars to funding as possible," Mr. Jackson said. Nonprofits are also vulnerable because online donations are not tied to geography, Mr. Conroy said. If someone uses her credit card to buy coffee in her town of residence on the same day a thief uses her credit-card number to buy a television three states away, that may raise a red flag with the credit-card company. A small, fraudulent online donation is unlikely to trigger that detection system.

Costs Soar

The financial costs of these attacks on nonprofits can be significant. Credit-card companies categorize online donations as "card-not-present" transactions and place the burden for recouping fraudulent charges entirely on nonprofits. That means nonprofits have to return fraudulent donations that people report to their credit-card companies. In May 2013, Irish charity the Jack and Jill Children’s Foundation announced that it received and refunded about $170,000 in donations made via stolen credit cards. Most of the donations were less than $7. For each fraudulent charge, charities also have to pay credit-card companies "charge-back" fees, which can be as high as $25. When thieves targeted DonorsChoose.org about three years ago, it had to pay $10 to $20 in charge-back fees for each of more than 100 fraudulent donations,
Read More

07 Mar The Growth of Ransomware – now on a Mac for the first time

My interest in this was sparked by an article I heard on BBC radio 4 last week about the sudden and slightly unexpected growth in ransomware, then today the news is it's infected a mac for the first time came out. The BBC writes as below in their article today: A type of malware that locks computer files and demands a fee for their release has successfully targeted Apple computers. The security researchers from Palo Alto Networks believe it is the first time ransomware has appeared on Macs. The KeRangers malware was hidden in a version of a BitTorrent client called Transmission. The makers of Transmission and Apple say they have taken steps to stop the malware spreading. It is not clear how many people were affected. Transmission is a program that lets people download and share BitTorrent files - often music or movies - with other users' computers. After being informed of the malware, Apple revoked the...

Read More

01 Mar Right hand side ads disappear from Google

A couple of days ago Google announced that no more right hand side ads were going to appear in search results. A lot of people are up in arms about it, saying it's now going to be even harder to get good results in Google ads. Let's face it, it's always been quite hard. I don't believe in knocking Google for no reason. It seems to me to be obvious that it's more important than ever to get good reviews for your business. and to make sure that your content is optimised to get the search results you are looking for. The old days of SEO are well and truly dead. It's more about getting true content about your business up where it matters.  Google ads are still going to be an important part of the mix, especially for product based ecommerce advertisers. Product Listing Ads seem to be the...

Read More

29 Jan How do people read their email right now?

We were working on an email newsletter this morning and our client is picky. It is OK for a client to be picky, it means they care. "This doesn't look quite right in my gmail," client is saying to us. We explained so: This will read slightly differently in different email readers. That's the nature of sending to lots of different potential email reading systems. We have to average things out. What you see in your gmail is not necessarily what people will see in Outlook, Thunderbird, hotmail etc etc.We are also allowing for pc, mobile, tablet and so on.Each will be different. We average out for this pattern (figures are from trustworthy organisation Campaign Monitor) 35.6% iOS Devices 20.14% Outlook (Desktop) 13.57% Outlook.com 11% Apple Mail 9.85% Yahoo! Mail 8.43% Gmail 4.74% Android 2.34% Windows Live Desktop 1.03% Thunderbird 0.79% AOL Mail Email Client Popularity iOS Devices 35.60% iPhone 25.05% iPad 9.74% iPod Touch 0.81% Microsoft Outlook 20.14% Outlook 2000, 2003, Express 7.68% Outlook 2007 6.51% Outlook 2010 5.96% Outlook.com 13.57% Apple Mail 11% Apple Mail 5 4.31% Apple Mail 4 3.75% Apple Mail 6 1.70% Apple Mail 3 1.04% Apple Mail 2 0.20% Yahoo! Mail 9.85% Gmail 8.43% Android 4.74% Windows Live...

Read More

30 Jun What are these DNS records anyway?

A client recently asked us to point his website at one place and keep his email in another. We explained that DNS settings could be quite complicated- and they of course didn't know what we meant. Here's a quick guide to what's in the dns records which come along with your domain name. Thanks to the guys at debianhelp for this info.
DNS Records Explained with Examples DNS (Domain Name System), is the service which translates between Internet names and Internet addresses. Internet names are the names which we use to refer to hosts on the Internet, such as www.goodwebsiteblog.co.uk. Internet addresses (IP addresses) are the numbers which routers use to move traffic across the Internet, such as 211.1.13.115 What are DNS Records ? DNS records or Zone files are used for mapping URLs to an IPs. Located on servers called the DNS servers, these records are typically the connection of your website with the outside world. Requests for your website are forwarded to your DNS servers and then get pointed to the WebServers that serve the website or to Email servers that handle the incoming email. Different Types of DNS Records With Syntax and Examples Types of DNS Records A AAAA CNAME MX PTR NS SOA SRV TXT NAPTR The above DNS records are mostly used in all DNS Configurations. Now we will see each one with examples. A Record An A record or address record. Address Record, assigns an IP address to a domain or subdomain name. When the domain name system was designed it was recommended that no two A records refer to the same IP address. Suppose you have the somedomain.tld domain and want to assign 10.10.0.1 IP address to your web server, then you should create an A record with "www.somedomain.tld" as Fully Qualified Domain Name and "10.10.0.1" in the value field. From now on, all the requests for www.somedomain.tld will be sent to a server
Read More

13 May Mobilegeddon

Lots of people have contacted us this week about Mobilegeddon - which is google's way of telling you that if your website doesn't look good on a mobile or a tablet, then it will get punished in the search results. We did some nice work on bleufurniture.com  to get it to present really well on mobile. Then, from another site,  a client asked me could I explain what we had done with the viewport to make things work more smoothly. Then I realised it was pretty hard to explain. This guy below gives it a good effort. Concept: the viewport Before we continue with more JavaScript properties we have to introduce another concept: the viewport. The function of the viewport is to constrain the element, which is the uppermost containing block of your site. That may sound a bit vague, so here’s a practical example. Suppose you have a liquid layout and one of your...

Read More

16 Apr Arrrgh. A popular Chrome extension that now looks like it was spyware

A really handy Chrome extension that we actually recommended to a few people looks like it has been spyware all along. The clever developer put a time lag on the extension so that it looked perfectly innocent. Then after a week's use it downloaded info about your web browsing habits and sent it over to a server in the US. Sure, we know it says it watches your web browsing in the small print. But we have reason to be suspicious, just like the guys at Heimdal Security point out below. We say don't use web screenshot, so says ArsTechnica too.
Downloaded 1.2M times, "Webpage Screenshot" is no longer available in Chrome Store. Researchers have made a discovery that raises troubling questions about the trustworthiness of third-party extensions Google makes available for its Chrome browser—a plugin with more than 1.2 million downloads that vacuumed up users' browsing habits and used them for marketing purposes. The extension was known as Webpage Screenshot, and until Tuesday it was available in Google's official Chrome store. It boasted more than 1.2 million downloads and garnered an overall rating of 4.5 stars out of a possible 5. But according to a blog post published Wednesday by researchers at Danish firm Heimdal Security, the Chrome plugin collected users' browsing habits behind the scenes. The snooping was made harder to detect because Webpage Screenshot didn't start collecting the data until a week after the extension was installed. The following news came shortly after : Google kills 200 ad-injecting Chrome extensions, says many are malware. That crackdown comes as
Read More

10 Apr What is that #FF thing I keep seeing on Twitter

With thanks to Jan Minihane who explains this really well on her blog , a couple of people asked me what this meant #FF so I am posting up about it here. I get asked by clients and twitterers a lot what the #FF, #ff and #followfriday hash tags are that they see in tweets on a Friday, so I thought I’d put my usual rambling response up here for all to see: Firstly, what is a hash tag?
A hash tag (#) is one of many ways of searching on twitter to see what anyone in the world is saying on a particular topic. Take the General Election this year – if there wasn’t a common word that everyone used in the their tweets there would be all these disparate conversations going on and no way to tie them together – so someone coined the hash tag search ‘#GE2010′. Now anyone who searched by that term would see any tweet (worldwide) where that hash tag topic was used, whether you follow the people tweeting or not. A lot of hash tags end up as ‘Trending Topics’ on Twitter as a result. Hash tags can be used anywhere within a tweet, at the start, middle or end, wherever makes most sense. The 2 hash tags I use most often are: #Jelly – so any Jelly organisers/attendees/interested parties can see by doing a ‘#jelly’ search who’s saying what about Jelly. It’s helped me immensely to see when new Jelly events are announced (so I can RT them to help spread the word and also offer help to the organiser if needed) and help attendees at Jelly events connect easily. #Watercoolermoment – this hash tag was ‘invented’ by @e_nation (Enterprise Nation – a fabulous Home worker website) everyday at 11am to allow home workers across the UK connect by using the hash tag and discuss a chosen topic. It really is a virtual coffee break with likeminded people (and I highly recommend it!) So, what’s #FF then?
This hash tag is simply a way to recommend people that you tweet with (hence FF = Follow Friday) – whatever your reason, business or personal. It’s a hash tag that grew again out of wanting to find a common way that anyone looking for new followers could easily see who was recommending who. Here’s an example of a tweet I did last week: #FF @MerciaRecruit @Salt_Events for actively helping to spread the @4StartersUK word, big hearts So I am recommending both @MerciaRecruit and @Salt_Events because they helped me out promoting a new business venture of mine, @4StartersUK. I pretty much ALWAYS put a reason for who I’m giving a #FF to – its about quality over quantity and making an effort to thank people – think about it, if I’d just put: #FF @MerciaRecruit @Salt_Events [and various other tweeters in one tweet]
Read More