If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

Here is the list of text based colors for use with background CSS statements. Here are tables for hex-based colors and rgb based colors.

• 3 Comments

I will state here 3 good reasons to publish content with JavaScript;

1. To hide your forms from spammers’ robots.
2. To publish content pulled from remote files.
3. To hide certain content from search engine spiders.

Any HTML content can be generated for delivery with JavaScript. Most JavaScript itself can be delivered that way, should there be reason to do so.

However, don’t generate PHP code or SSI tags into JavaScript. Those have to be available at the server before the page is sent to the browser where JavaScript can run.

1. Hiding Your Forms from Spammers’ Robots.

Spammers won’t spam through your forms if they can’t be found.

The search for vulnerable forms is mostly automated.

Robots follow links until they find a form. The detecting robot then submits the form using preprogrammed methods and with preprogrammed information. If the form has a security hole of the kind the robot is scouting for, the information is recorded for the robot owner’s later perusal.

Manually surfing to find forms and testing them would be uncommon. Spammers seem to be lazy.

Here are the steps to replace the form with JavaScript:

1. Copy your form’s source code from FORM tag to ending /FORM tag.
2. Paste the copied code into a JavaScript generator.
3. Generate the code.
4. Copy the generated JavaScript.
5. Replace the current form source code on your web page with the generated JavaScript.

It may be prudent to put a notice on the web page that will be seen only by those whose browsers are JavaScript disabled. Example:

<noscript>
<h3>JavaScript is required to use this form.</h3>
</noscript>

Now you have some protection. It’s not guaranteed to be forever effective, of course.

If you are already being spammed through your form, you’ll need to take a few steps before encoding your form with JavaScript:

1. Rename your form handling software file on your server. Keep the .cgi (or .pl) file name extension, just change the first part of the file name.
2. Change your form’s action= URL to reflect the new file name. Every form that uses that form handling software will need this change.

Now you can replace the form with JavaScript by following the steps presented earlier.

The extra step is necessary because your form handling software’s URL is already in the spammer’s database, which means they can bypass the form. Changing the software’s file name introduces an error into their database.

For extra protection, in case robots that can read JavaScript come your way, the JavaScript-ized form can be retrieved from an external file.

2. Publishing Content Pulled from Remote Files.

When certain content is to be repeated on several pages or on several domains, the content is easier to maintain when it exists in only one file.

That content can be generated as JavaScript using a JavaScript generator. Remove the first and last lines from the generated JavaScript (the SCRIPT and cancel /SCRIPT tags) and save the rest as a file on your server.

Convention says the file is to be saved with a .js file name extension. However, .txt or .htm will do the job as well.

Once the file is saved, determine its URL.

Now, all you have to do is put the following JavaScript, with correct URL, into your web pages wherever you want the content to be printed.

<script
   src="http://example.com/file.js"
   type="text/javascript"
   language="JavaScript">
</script>

Replace URL http://example.com/file.js with the URL of your content file and you’re good to go.

3. Hiding Certain Content from Search Engine Spiders.

The following assumes search engine spiders do not read and parse JavaScript. If they do understand JavaScript, now or in the future, other methods can be used to do the hiding.

Certain things are oftentimes best left out of search engine indexes. Examples are advertisements and navigation areas. Their inclusion might contaminate the indexes and even skew your keyword density.

To make ads or other sections of a web page invisible to spiders:

1. Put the source code section into a JavaScript generator.
2. Replace the original source code on the web page with the generated JavaScript.

Certain words or phrases, or entire paragraphs, can be hidden from spiders the same way.

An example of why one might want to hide a word, a product name in this case, could be an article reviewing the product. The article has an affiliate link to the product. The page also has AdSense. The name of the product in the article could attract AdSense ads for the product. And that could reduce affiliate income from that page.
There are, of course, other reasons to publish content with JavaScript. Sometimes JavaScript is the only method available. Other times, like the reasons presented here, publishing content with JavaScript is optional.

Whether or not it is optional, a JavaScript generator can help by turning text into JavaScript that will print on a web page.

• 0 Comments

Part 1 focused on the many ways to specify web page backgrounds with CSS. This part 2 addresses these subjects:

1. The background of divisions of the web page, within DIV tags.
2. The background of tables.
3. The background behind sections of text content.
4. The background behind INPUT and TEXTAREA form elements.
5. The background behind ordered and unordered lists.

This part 2 supposes you are familiar with part 1 . Without that familiarity, especially if you are a novice with CSS, part 2 can be confusing.

Like part 1 , the CSS examples in part 2 are provided in the format used when the styles are defined in the HEAD area of a web page. For site-wide implementation, you can use an external file for the same effects.

The Background of Divisions of the Web Page, Within DIV Tags

Specifying a background for a DIV section of your web page is similar to specifying the background of the entire web page. Backgrounds specified for a DIV section will lie on top of the web page’s background.

A DIV section is that portion of your web page in a DIV tag, i.e.:

<DIV>
Content of a DIV section.
</DIV>

Create a CSS class in the HEAD area of your page, like this:

<style type="text/css">
<!--
.divtest { background-color: yellow; }
-->
</style>

Now, when you create a DIV section in your web page with class divtest, the division’s background will be yellow. Example:

<DIV class="divtest">
<p>A paragraph.</p>
<img src="picture.jpg">
<p>Another paragraph.</p>
</DIV>

To specify an image as the background for the DIV, several different methods can be used. Each method requires changing the CSS class “divtest” in the HEAD area of your web page. Images, if they’re too large for the DIV section, will have their top-left portion displayed to the size of the DIV section.

1. To tile the image, where the image is repeated across the top and row by row until the entire DIV background is covered, use

   .divtest { background-image: url(image.jpg); }

2. To print the image just once, not tiled, use

   .divtest { background-image: url(image.jpg);
   background-repeat: no-repeat; }

3. To print the image just once, positioned in the top-right corner of the DIV section, use

   .divtest { background-image: url(image.jpg);
   background-repeat: no-repeat;
   background-position: right top; }

   Positioning of the image can be done in the many ways that web page background images can be positioned. See part 1 of this series.

4. To repeat the image across the top of the DIV section, use

   .divtest { background-image: url(image.jpg);
   background-repeat: repeat-x; }

5. To repeat the image along the left edge of the DIV section, use

   .divtest { background-image: url(image.jpg);
   background-repeat: repeat-y; }

6. To create a DIV section the exact dimensions of the image, use (assuming an image 200 pixels high and 400 pixels wide)

.divtest { height: 200;
width: 400;
background-image: url(image.jpg); }

The Background of Tables

Background color and images can be specified for tables, almost identical in method to specifying backgrounds for DIV sections. For testing, create a CSS class in the HEAD area of your page, like this:

<style type="text/css">
<!--
.tabletest { background-image: url(image.jpg); }
-->
</style>

Now, when you create a table in your web page with class “tabletest”, the table’s background will be whatever you specified for that class. Example:

<table class="tabletest">
<tr>
<td>
Table data cell content here.
</td>
</tr>
</table>

Image tiling and positioning, and background color styles are specified using the same specifications language as the class for DIV sections.

The Background Behind Sections of Text Content

Background color and images can be specified for standard HTML tags for text content, too. It is almost identical to the DIV and table style specifications, except no period is typed in front of the style. (The period indicates a custom class. Lack of a period indicates a style for a standard HTML tag.) Standard HTML tags for text content do not have the ability to be sized except for the amount of area the text itself requires.

To specify a background of yellow for H1 (header size 1) text and an image background for P (paragraph) text, put this in the HEAD section of your web page:

<style type="text/css">
<!--
H1 { background-color: yellow; }
P { background-image: url(image.jpg); }
-->
</style>

Now, in the following page copy, the header will have a yellow background and each paragraph will have an image as its background. Example:

<H1>My Header</H1>
<P>A paragraph.</P>
<P>Another paragraph.</P>

Image tiling and positioning are specified using the same specifications language as the class for DIV sections.

The Background Behind INPUT and TEXTAREA Form Elements

The background of form INPUT and TEXTAREA fields can be a specific color or an image. To make all INPUT areas yellow and put an image in the TEXTAREA field, put this in the HEAD section of your web page:

<style type="text/css">
<!--
INPUT { background-color: yellow; }
TEXTAREA { background-image: url(image.jpg); }
-->
</style>

Now, all INPUT and TEXTAREA fields will contain the background you specified. Example:

<form>
Your Name:
<INPUT type="text">
Narrative:
<TEXTAREA cols="11" rows="5"></TEXTAREA>
<INPUT type="submit">
</form>

Because the submit button is also an INPUT field, it will have the same background as text input fields. If you prefer to have the background of the submit button be blue (for example, it could be any color or even an image), create a custom class and then specify that style for the submit button.

Example for the HEAD section:

<style type="text/css">
<!--
INPUT { background-color: yellow; }
TEXTAREA { background-image: url(image.jpg); }
.special { background-color: blue; }
-->
</style>

Example form:

<form>
Your Name:
<INPUT type="text">
Narrative:
<TEXTAREA cols="11" rows="5"></TEXTAREA>
<INPUT class="special" type="submit">
</form>

The Background Behind Ordered and Unordered Lists

The backgrounds of ordered (OL) and unordered lists (UL), or each individual list item (LI), are specified using the same specifications language as the class for DIV sections.

If specifying an image for the background, the image will be behind the entire list if specified for UL or OL tags. However, if specified for LI, the image will be repeated behind each individual list item.

If UL and OL are specified, and LI, too, then the browser will print the LI background over the UL and OL background for each individual list item.

Here are examples for the HEAD area:

<style type="text/css">
<!--
LI { background-color: yellow; }
UL { background-image: url(image.jpg);
background-repeat: no-repeat; }
OL { background-image: url(image.jpg); }
-->
</style>

And, example lists:

<ul>
<li>
<p>A list item.</p>
</li>
<li>
<p>Another list item.</p>
</li>
</ul>

<ol>
<li>
<p>A list item.</p>
</li>
<li>
<p>Another list item.</p>
</li>
</ol>

In the above lists, the list items have paragraph spacing. The area taken up with each list as a whole will contain the specified background image. The list items will have a yellow background, which covers the image wherever the list item text is printed.

Now you have a lot of tools related to using background colors and images to help you design web pages.

• 1 Comment

Background colors and images can be used for stylistic effects and can be an important element in the design of web sites.

With standard HTML, one can assign backgrounds to a web page and to tables and table data cells. Compared to what one can do with CSS, however, HTML is limited.

With CSS, background colors and background images can be applied in many different ways.

1. The web page’s background, in any of the following manners:
   1. Background color (like standard HTML).
   2. Tiled image (like standard HTML), where the image is repeated across the top and row by row until the entire web page background is covered.
   3. Not repeated, the image printed just once. The image can be positioned anywhere in the window.
   4. Repeated across the top of the web page for one row.
   5. Repeated along the left side of the web page for one column.
   6. Fixed in position with the web page contents so the background image remains in place while the page content scrolls over the top of it.
2. The background behind divisions of the web page, within DIV tags.
3. The background behind tables.
4. The background behind sections of text content.
5. The background behind INPUT and TEXTAREA form elements.
6. The background behind ordered and unordered lists.

This article will address only web page backgrounds. Part two will address the others mentioned above.

You probably already know how to create background colors and background images with standard HTML. As a refresher, the color and/or image URL are specified in an attribute of the BODY tag. Here are the methods, the first a yellow background color, the second specifying a background image:

<body bgcolor="yellow">
<body background="image.jpg">

The bgcolor attribute provides the color, as expected. The background attribute provides the image, but tiled to cover the entire background of the window.

Now, let’s see what you can do with CSS!

The CSS examples in this article are provided in the format used when the styles are defined in the HEAD area of a web page. For site-wide implementation, you can use an external file for the same effects.

Background Color

Here is the method of specifying a page background color. For single page, put this in the HEAD area. For site-wide implementation, you’ll probably want to put the style into your external CSS file.

<style type="text/css">
<!--
BODY { background-color: yellow; }
-->
</style>

Changing the color name (or changing the #ffff00 hexadecimal equivalent), will change the background color of the one page or all pages using an external CSS file.

Tiled Image

This will put a background image into your web page, the image repeating across the top, row by row, until the web page background is covered.

<style type="text/css">
<!--
BODY { background-image: url(image.jpg); }
-->
</style>

The URL can be specified as relative or absolute. The following are all valid formats:

url(image.jpg);
url(graphics/image.jpg);
url(http://domain.com/pictures/image.jpg);

Image Not Repeated, With Exact Positioning

This will print the background just once, placing it in the top-left corner of the web page.

<style type="text/css">
<!--
BODY {
background-image: url(image.jpg);
background-repeat: no-repeat;
}
-->
</style>

To position the image in a place other than the top-left corner, use the background-position label. For example, this will print the background image at the right-top of the web page.

<style type="text/css">
<!--
BODY {
background-image: url(image.jpg);
background-repeat: no-repeat;
background-position: right top;
}
-->
</style>

The words you can use for positioning are:

top bottom left right center

Note that the above words apply to the entire web page, not just the browser window. Thus, “bottom” means the bottom of the page, not the bottom of the window.

Positioning can also be specified by distance measurement and by percentages.

This style will place the top left corner of the image 400 pixels in from the left page margin and 100 pixels down from the top page margin.

<style type="text/css">
<!--
BODY {
background-image: url(image.jpg);
background-repeat: no-repeat;
background-position: 400px 100px;
}
-->
</style>

And this style will calculate the distance 10% from the left and 20% from the top.

<style type="text/css">
<!--
BODY {
background-image: url(image.jpg);
background-repeat: no-repeat;
background-position: 10% 20%;
}
-->
</style>

Calculation is done using both the dimensions of the page and the dimensions of the image, the same percentage of each. The point 10% in from the left of the image will be placed at the point 10% from the left of the web page. And the point 20% from the top of the image will be placed 20% from the top of the web page. It can be a hard concept to grasp without a drawing. But try it, specifying different percentages until you gain an experiential understanding.

Background Image Repeated Across the Top of the Web Page

This style will repeat your background image across the top of the page, one row.

<style type="text/css">
<!--
BODY {
background-image: url(image.jpg);
background-repeat: repeat-x;
}
-->
</style>

Background Image Repeated Along the Left of the Web Page

This style will repeat your background image along the left of the page, one column.

<style type="text/css">
<!--
BODY {
background-image: url(image.jpg);
background-repeat: repeat-y;
}
-->
</style>

Background Image Does Not Scroll When Web Page Scrolls

To make your background image stay in place while the web page contents are scrolled over the top, use this style:

<style type="text/css">
<!--
BODY {
background-image: url(image.jpg);
background-attachment: fixed;
}
-->
</style>

An Application

Let’s suppose you have a nice little image of a flower. You want it for a background, printed in a row along the top of your web page. The flowers should stay in their fixed position when the rest of the web page content scrolls.

It can be done this way:

<style type="text/css">
<!--
BODY {
background-image: url(flowers.jpg);
background-repeat: repeat-x;
background-attachment: fixed;
}
-->
</style>

Knowing how to use and position background images can enhance web page design.

See part two for ways to use background colors and images in the web page content itself.

• 2 Comments

The best way to protect an email address is to never reveal it.

The two best ways to receive communication without revealing your address is (1) with web forms that don’t require your email address in a hidden field or elsewhere on the web page and (2) with spam-harvest-proof email links from flow-to.com

Sometimes, an email address must be revealed, it just can’t be helped. When there is a choice, consider using a less permanent or less important address in those situations.

It seems that once an email address gets on spammers’ lists, it is there for as long as spammers exist.

Some Ways Email Addresses Are Harvested

“Harvest” — The action of obtaining an email address, manually or with software, without permission, for the purpose of sending email to it.

Any email address that can be seen by a human can be harvested.

Any email address in the source code of accessible documents (like web pages) can be harvested.

Those are broad statements. Nevertheless, they are true.

Spammers can hire cheap labor to manually type email addresses into lists. And, spammers can hire programmers to make ever more sophisticated harvesting software.

Here are some ways email addresses can harvested.

• Email addresses can be harvested from posts in forums, Groups, guest books, News, blogs, IRC, chat rooms, instant messengers, email lists, and newsletters that publish or provide email addresses or where an email address is in your signature area.
• Email addresses on web pages can be harvested by even the most mundane of harvesting software, whether printed as plain text, hidden in HTML tags, or in a mailto: link.
• Email addresses transformed as HTML entities or obfuscated with other other HTML encoding schemes are easily extracted by even relatively unsophisticated harvesting software.
• Email addresses in user profiles at web sites where they can be viewed by the public are also vulnerable.
• Web page forms that require a recipient email address specified in a hidden field make spammers smile.
• Printed material, like directories and magazine ads, are subject to harvesting.
• Domain registration records can have their addresses harvested.
• Email addresses in online white and yellow pages are almost certain to be harvested.
• Email addresses embedded in images can be harvested.

  We used this technique on our contact pages for a long time. Eventually, they were harvested, through several address changes. Whether harvested by sophisticated software, or manually, they got on spammers’ lists.

  Also, email addresses embedded in images are not available to blind readers and those using text-only browsers.

• At this time, some JavaScript obfuscation methods seem to work pretty well as protection from automated harvesters. Yet, it can’t be depended upon. The source code for parsing JavaScript is available on the Internet.

  It’s only a matter of time until harvesting software will be able to extract email addresses obfuscated with JavaScript, just like browsers do. They might already be doing it.

• Friends’ and business acquaintances’ computers infected with specialized viruses or trojans can hand their entire address books to a spammer’s computer — and your address may be in the book.
• Replying to spam will either confirm your address or, if your From: address is different than where the spam was sent to, provide the spammer with another good address to spam.
• Some browsers can be configured to specify an email address for use when logging into anonymous FTP sessions. They might also send the address as an HTTP_FROM header line when grabbing HTML web pages. The address can be harvested in both of those ways by the unscrupulous.

  One solution: Specify name@example.com as the address — unless your browser has an actual email client built-in.

  I know of no real reason to provide a valid address for anonymous FTP sessions or for the HTTP_FROM header line. In neither case is it normally expected that the address will be used to send you email.

• In your email software, turn off JavaScript, Java applets, and any other active content that you can. Some of these, or the software they might install, might be used to send your email address, or even your entire address book, to a spammer.

In some of the above situations, a spam-harvest-proof email link URL from flow-to.com can be used in lieu of your real email address.

For example, mailto: links can be replaced with the spam-harvest-proof email link, letting your site users click to send you email — without needing JavaScript or other special browser features — like people used to do when the web was relatively harvesting software-free and spammers were less sophisticated.

And, the spam-harvest-proof email link URL can be used in ezines, magazine ads, forum posts, anywhere a regular URL can be used.

The Best Secret Email Address

An email account is a mailbox with an email address.

For best protection, the email address of your mailbox should never be used anywhere, for anything other than the identification of the mailbox.

Other email addresses can then be forwarded to the mailbox’s address.

If the address of your mailbox falls in the hands of spammers, the address can’t just be disabled like forwarded addresses can. Instead, a whole new mailbox needs to be created. All addresses that forwarded to the old mailbox now need to forward to the new mailbox.

It’s a whole lot less hassle to keep the address of the mailbox secret. Email addresses that forward to the mailbox can be deactivated and new ones created with relative ease.

Believe it or not, deciding upon a secret email address is not as straight-forward as one might think.

The very best secret email address is a random set of 12 or more characters for the “name” part (the part preceding the @ character), that contains at least one period, hyphen, or underscore, and that has never been used before.

The random 12+ characters rule is pretty good insurance against dictionary attacks. (A dictionary attack can be common words or random characters in the name part of the email address, hundreds or thousands of variations sent to a mail server in the hopes that some or at least one spam gets through.) That’s not to say a dictionary attack will never send spam to your address; just that it’s less likely.

Don’t yield to the temptation of using an old email address that you haven’t used for a long time. If it’s ever been on spammers’ lists, it may still be there.

For example, we had an email address get on spammers’ lists in mid-1999. It was deactivated soon thereafter. In 2002, I decided to re-use the address (I kinda liked it, you know). Guess what, the spam resumed immediately, the very next time I downloaded my email. It had remained on their lists all this time.

[Update: The evening of the day this article was written (late February, 2007), I reactivated that email address. The next morning, 4 spam emails were received there. After more than half a decade of being invalid, the address is still on spammers’ lists!]

If you are thinking about getting a new domain for your secret email address, check archive.org first. Type in the URL of your proposed domain name to see if the domain has existed in the past. If yes, chances are some email addresses with that domain are already on spammers’ lists.

Also, type your proposed domain name into search engines to find clues to a prior existence.

Similarly, if your email address is @ a large or popular ISP, you’re always taking a chance that your new address was used by someone else in the past.

Don’t ever reveal your secret address, not even in outgoing email.

To receive email at your secret address, forward other addresses to it.

Ways To Protect and Manage Email Addresses

Keep the email address that is your mailbox a secret. Other email addresses can be forwarded to that mailbox.

Email addresses must be revealed in certain circumstances. It just can’t be helped. All such addresses should be forwarding addresses rather than the address of the mailbox itself.

Addresses used when sending email —

When an email is sent out, the To: line contains an email address, a valid address if you want to receive replies.

Should you use only one or a very few email addresses in outgoing email, then those are the only ones vulnerable should someone’s address book be compromised.

If every email you send out causes the recipient to automatically be added to your own address book, then you already have a list of email addresses you can send a notice to if you must deactivate an address due to the amount of spam it receives.

Your web page forms —

Email addresses where web page form submissions are sent to are probably best not used anywhere else. If such an address gets on spammer’s lists, it can be a hassle to change the address in the form processing software (depending on the software, of course).

Use form processing software that doesn’t require your email address anywhere on the web page, not even in a hidden form field. Otherwise, your address is highly visible to spammers’ harvesting software.

The primary drawback to using web page forms is that sometimes the people submitting the form mistype their own email address. You can’t reply to an invalid address.

Your spam-harvest-proof email link —

The delivery address for your spam-harvest-proof email link from flow-to.com is probably best not used anywhere else. Although it’s easy to change the destination address, an uncompromised address is even easier.

Ezines, email newsletters, and email lists —

Ezines and email lists must arrive at a valid email address. It may be prudent to have these sent to an email address used only for this purpose, maybe even an exclusive address for each category of subscription.

A compromised address that needs to be deactivated then has an effect only on the subscriptions sent to it.

Filling in other site’s forms —

Some forms will not accept just anything in fields where an email address is required, what’s typed in must at least resemble an email address.

It may be prudent to use only one specific email address when filling in forms for other web sites, an address used for nothing else. If it ends up on spammers’ lists, the address can be deactivated and a new one created.

A separate email address might be used when purchasing products, and another when an email address is required to obtain an otherwise free product.

Conclusion

Using a separate email address for separate activities or purposes can reduce repercussions when one of them needs to be deactivated.

The two best ways to receive communication without revealing your address is with web forms that can’t compromise your email address and with spam-harvest-proof email links from flow-to.com

The only way I know of to fully protect an email address is to obtain one that’s never been used and then never reveal it. Even then, it is possible to receive a spam once in a while as a result of dictionary attacks.

• 0 Comments

This article will show you how to make a link to download any file on your server without revealing the file’s location.

It’s a one-click download link.

But, why?

1. For short-term promotions, after which the link can be removed, leaving the orignal file where it’s at.
2. Maybe you’re offering a link to download a real working script.
3. It can come in handy to provide access to an intermittently updated file without providing FTP login information.
4. Files not otherwise accessible by browser can be downloaded.
5. It’s also very handy for personal use, instead of FTP, for logs or other files frequently downloaded. The download link would be on a web page stored on the hard drive, not on the Internet.

The download link requires software on your server to send the file contents to the browser. Complete software for PHP and for Perl come with the article.

Choose which you prefer to use. Only one is needed.

Here is the PHP code:

<?php
# Please link to http://BontragerConnection.com/ with the text,
# “Download software provided by Bontrager Connection, LLC”
#
# This block of PHP code must be at the top of the file.
# No space or blank lines may be above it.
#
# Specify the location and name of the file to be downloaded.
$FileLocation = “/path/to/file.zip”;

# Specify the file name as it is to be represented when downloading.
$DownloadFileAs = “file.zip”;

header(’Content-Type: application/force-download’);
header(’Content-Disposition: attachment; filename=”‘.$DownloadFileAs.’”‘);
header(’Content-Transfer-Encoding: binary’);
header(’Expires: Mon, 26 Jul 1997 05:00:00 GMT’); # Date in the past.
header(’Cache-Control: no-cache, must-revalidate’);
header(’Cache-control: private’);
if(! @readfile(”$FileLocation”) )
{
$FileLocation = preg_replace(’/^\/+/’,”,$FileLocation);
@readfile($_SERVER[’DOCUMENT_ROOT’].”/$FileLocation”);
}
?>

And, here is the Perl code:

#!/usr/bin/perl
# Please link to http://BontragerConnection.com/ with the text,
# “Download software provided by Bontrager Connection, LLC”
#
# Specify the location and name of the file to be downloaded.
my $FileLocation = “/path/to/file.zip”;

# Specify the file name as it is to be represented when downloading.
my $DownloadFileAs = “file.zip”;

print “Cache-control: private\n”;
print “Content-Type: application/force-download\n”;
print “Content-Disposition: attachment; filename=\”$DownloadFileAs\”\n”;
print “Content-Transfer-Encoding: binary\n\n”;
unless(open R,”<$FileLocation”)
{
$FileLocation =~ s!^/+!!;
open R,”<$ENV{DOCUMENT_ROOT}/$FileLocation”;
}
binmode R;
my $buffer = ”;
while(read(R,$buffer,1024)) { print $buffer; }
close R;
# end of script
When you look at the code of either the PHP or the Perl script, you’ll see two places to customize. The first is the value of the $FileLocation variable and the second is the value of the $DownloadFileAs variable.

The value of $FileLocation is the location of the file on your server that will be downloaded. Specify the directory path with the file name. The file may be located anywhere on your server, even in a password protected directory.

The value of $DownloadFileAs is the file name that you want to have the file downloaded as. This is likely to be the same name (minus the path information) as the file being downloaded. But it can be different. Your downloadable file might be version-B-file.zip and you may want it downloaded as file.zip, instead.

When the customization has been completed with the script of your choice, go ahead and install it.

If installing the PHP script, verify the PHP code is at the beginning of the file. No spaces or other characters, and no blank lines, may come before the PHP code. Otherwise, the PHP code will be unable to send header lines to the browser. Upload it to somewhere in your document directories.

If installing the Perl script, upload it to your server as a plain text file (not binary), in a directory that can run Perl scripts. Then, give the script 755 permissions.

In either case, the URL for your download link is the URL to the script you installed. Construct the download link just like you would any other link.

When the link is clicked, the download commences. In most situations, the user will be asked where on their computer to store the file. The web page itself does not change.

Notes:

If the downloaded file is of zero size, the script was unable to open the file. Verify the value of $FileLocation is correct.

If the script can’t open the file at the location specified, it will try to open the file relative to the document root directory. If it still can’t open the file, nothing will be downloaded (resulting in a download file of zero size).

• 0 Comments

As is fairly common, I recently received an email from someone seeking to crosslink our two sites. It is always a wee bit of a surprise when these messages arrive, though, given my article How not to build traffic: respond to email solicitations of Link Exchanges . You’d think they’d at least reference the points made in that article in their email!

Okay, I said in my response, tell me how you would propose we accomplish this. Well, his second message with the details of the proposed exchange - to build traffic on both our sites and increase our mutual page ranks, of course - quite startled me…

Thanks for the reply. We would like to host some pages on programimi.com. For Example: www.programimi.com/partypoker.html, www.programimi/pokergames.html etc. These pages will be linked from your Homepage for navigation. Kindly let me know if this is acceptable to you and also your expectations for each page. Hope to hear from you soon.

It’s a nice enough email and sounds reasonable upon first glance, but if you think about what’s being proposed here, this is a kind of link exchange that you should always avoid: they’re asking to have a page of links and ‘context’ (the all-important link context that Google wants to see) on your site in exchange, presumably, for a single text link back to your site from their own. If you’re desperate and really did want to pursue this sort of proposal, I would at least suggest that you charge the other party a significant advertising fee for a set of links rather than just one. I mean, really, does this kind of “swap” sound equitable to you?

I didn’t think so.

Just as important as the value of links is the ownership of content. Whether you’re building a site with the intent of having some Google goodness or whether you’re creating a site that has lots of good information and just incidentally has advertising, you should always retain tight control over your content because if a page is part of your domain, you own it. People who come to your site from a search engine (and 80% of Web site traffic - or more - is a result of searches and clicking directly onto a subsidiary page) have no way of knowing who created a specific page, so it’s all lumped into content with your name on it.

And in that context, no, I’d much rather not have pages on this site talking about poker and other gambling games anyway, even if there was a nice payment involved.

What would you do in this situation?

• 0 Comments

Here’s an email message that I received today, quite similar to email messages I receive at least a half-dozen times each day:

I am contacting you about cross linking. I am interested in ProgramimiCOM because it looks like it’s relevant to a site for which I am seeking links.

Not too bad, so far. But read on…

The site offers a comprehensive selection of over 6,000 technology products at academic prices including computer hardware, software, and books. With a Page Rank of 5, the site has an excellent reputation in the industry. It has a very professional look and feel.I’ll keep the web address confidential and will send it to you only if you give me permission to do so. Just let me know if it’s OK, and I’ll send you the web address for your review. If you approve of the site, then the intention is to exchange links.

Looking forward to your reply.

Sincerely,
Ritchie Hilario - Sr. Link Builder

P.S. If for any reason you don’t want me to contact you again, email me with the words “NO EMAIL” as the subject of your message.

Link Builder
Apartado Postal #18
Tijuana, B.C. 22432

Can you see what’s wrong with this message? If “Ritchie Hilario” is genuinely interested in cross-linking, she’s going about it all wrong. First off, using Google to search for Ritchie’s name reveals no results at all, suggesting that it’s a fake name. Strike one.Secondly, a spammy opt-out “NO EMAIL” postscript is a sure sign that this isn’t someone sitting at their keyboard, finding my Web site, and then genuinely requesting a link but rather someone using a mostly automated application that blasts out thousands of these sort of link exchange requests. Strike two.

Thirdly, did you notice the “legal mailing address” at the bottom of the email? It’s there because of the toothless CAN-SPAM law and as much as I’d like to think that the border town of Tijuana has a thriving Internet business community, it’s pretty darn clear that it’s either a completely bogus address, or at least a post office box that’s routinely emptied directly into a trash can. Strike three.

But even more, Google search results and page ranking are influenced much more by them trying to capture algorithmically why a site is linking to another site. I’ve talked about this extensively on the site, including The Right Way to Link to Pages On Your Site , Three Ways to Adversely Impact your Google Pagerank , and How does Google figure out what pages are more relevant? Pagerank .

With this perspective in mind, it’s clearly not a winning strategy to blindly trade links with sites you don’t even know about, don’t endorse, and wouldn’t otherwise link to without the reciprocal link. One way I try to capture this concept myself is to ask: would you link to the site because it’s helpful, valuable, and informative for your readers, audience or customer base? If the answer is “no”, then you really need to think carefully about whether it makes sense to link to them, regardless of if they offer a link back to your site or not.

And if you do decide to cross link, to accept a link exchange offer, realize that it might actually be a fly-by-night search engine optimization “consultant” (I use the phrase loosely in this context) who will promptly try to sell you on how they can use similarly dubious tactics to help you improve your ranking for only $xxx!

• 1 Comment

UCE or unsolicited commercial email is getting worse by the day and Microsoft has announced that in the future it will be developing a system in which mail sending and receiving will be like our postal mail where a digital stamp has to be bought to send it. But until then marketers online will be continuing to send emails to potential customers in the hope of converting some of the leads that they buy into buying customers.

The internet arena of emailing is a murky one in which your email might be traded and sold in some internet networks which I have seen sell and trade in email contacts online. That is the reason why when you get one type of spam email, you tend to get more of the same type of email as your email has been sold to a large emailing list which is in turn sold to marketers to email to.

Here we will highlight some ways in which spammers can get your email address and highlight ways to deal with them.

1.Non Cloaked emails on websites

This is actually one of the most easy way to get spam. I’ve talked to a system administrator in the office and she expressed surprise at not knowing about this. Most people start building a website on free webhosts and then add their email address at the bottom of the website. While this is good for website usability which is a separate topic altogether, it allows unscrupulous people to harvest your email address with powerful online website crawling programs. What these programs do is crawl websites and then classify them and sell the extracted leads to lead vendors. So if your website is about health, they might classify your extracted email address as a health lead and sell it to other marketers to email to you.

The simple solution to this problem is to do email cloaking. This is usually a simple script which breaks up your email into two parts when a robot on the internet crawls your website. But to the normal user who looks at it, the browser combines it together to show a normal email address. Do a simple google search for “email cloaking script” and you should be able to do this by copying the script into your website.

So then you prevent spam and at the same time allow people to continue to contact you.

Another simpler solution which may confound some of your website users who are not so internet savvy is just to do use /at/ instead of @. So for instance your email will read Abc/at/abc.com rather than abc@abc.com. However as mentioned, if your target audience is older and not so good with the internet, this may be a problem and prevent them from contacting you.

2.Spam via cookies or malicious code or programs

Spyware flooding your computer is a real problem. Most people do not really realize this until they find popups suddenly appearing when they reach some pages or find that their starting page has been high jacked by some website. When you visit a website like Yahoo and log in, a cookie is deposited into your computer browser to tell Yahoo that you have logged in to their system. These cookies have short life spans and self delete when you log out of the system.

However there are some websites that have cookies for the sole purpose of tracking all email sent into and out of your computer when the browser is on. It then tracks your name and email address and sends it secretly to a central server where it then sells you name and email address to email lists. Thus some people report an increase in spam after visiting certain websites and this may be the reason.

Another reason for spam can be attributed to malicious code which can possibly install itself into your browser without you knowing it and does the same thing as the cookies in the above example but on a longer term basis as the cookies would be deleted when you clear your cookies and cache in your browser. Some of this malicious code can even do keyword logging and send your passwords and bank IDs to the programmer who came up with the code!

The best solution to the problem is to download the Mozilla Firefox Internet browser which has a built in security system which prevents such malicious code from being installed into your web browser without your knowledge and allows you to clear your cache and cookies easily. I do this on a constant basis to prevent my email inbox from being filled with spam.

3.Spyware via free programs installed

Another reason why there is an increase in spam is that there are third party spyware that is bundled with free software which is why the software is free in the first place because the spyware companies pay the programmer to bundle it with their software. Always look at the agreement before downloading any free wallpapers or free programs like weather programs as there could be a possibility that spyware could be bundled together with it and flood your email box with spam.

The best solution is to download an Anti Spyware program to detect and clear any spyware from your computer. In addition, you might find that your computer might run faster when you are connected to the internet as the spyware does take up some bandwidth in its communication to the central server.

4.Random emails

Some of the more powerful email programs have the ability to flood servers with permutations of email addresses. This means that they can basically email anyone online because they have powerful computers which run software which blasts emails to all permutations and one of them may be yours.

The more legitimate marketers will have an opt out link at the bottom of the email so that you can actually opt out of the list. On the other hand, some of the real offshore spammers have servers in China and Russia so when you do click on the link to opt out, it actually confirms that your email address is working so ironically sometimes it is best to just delete spam rather than reply to it.

5.Free offers

Spam is also derived from free offers. When you signup for some online service, there is thing called co-registration where they have many boxes for you to tick. Generally what this means is you are asking the online service to send your email address and name to an online marketer who is going to sell it to others to email to. While this is not spam as you have opted into it, it may become irritating after a while.

The better solution that I do personally is to create an email from Yahoo for the sole purpose of free offers so that I can let that email be flooded with spam. So you can get the free offer and not face the possibility of deleting 500 spam emails daily in your personal email inbox.

In conclusion, spam can be reduced if you are aware of the reasons and the ways in which online marketers and spammers can get your email. Taking an active step today to prevent them from getting your personal email is a great step forward to reducing the amount of spam you have in your inbox.

• 0 Comments

Well, the title is ironic :)

Complex Hacking - Computer Compromise

Every time I attend a “Security Guru’s” meeting, I’m amazed
by how much time and effort is spent on discussing complex
hacking and computer compromise of computer networks and
systems.

One person is going on about the latest “heap corruption”
vulnerability and another is discussing man-in-the-middle
techniques for compromising remote access systems.

Most of these vulnerabilities are very difficult to
successfully exploit. Some of them require specific host
platforms, special tools, in-depth knowledge of many
programming languages, and a lot of luck.

I’m not saying there are not tons of vulnerabilities and
exploits like these, it’s just that they are not always easy
to take advantage of, and therefore, may not present
themselves as high risk events for most organizations.

It’s The Little Things The Will Get You Every Time

During security assessments, there are times when I am able
to successfully exploit a “technical” vulnerability to gain
system or internal network access. For instance; during a
recent assessment, I identified a web application server
that appeared to be vulnerable to an IIS / ASP vulnerability
that would allow an attacker to dump all .ASP code on the
server. After some effort and a little C/C++ code, I was
able to take advantage of this exploit. After perusing
through the .ASP code on the server, I was able to gain
important information that resulted in the comprise of an
internal system.

However, the reality is it is the simple things that are the
biggest problem. Most times, internal network compromise is
the result of one or more of the following:

The installation of a web support application that has
little to no security features to begin with;

The installation of support software that has a well-known
default password for the admin account. And, the person
installing the software never bothers to change the
password;

Improperly configured communications devices such as routers
and switches;

Important, and sometimes critical documents left on web
servers. Information that only internal or technical people
should have access to;

Poor password and authentication policy. Users using weak
passwords to access accounts, especially remote access
devices that are present on the Internet;

Test servers that the have been forgotten about and are
still present on the Internet;

Poor network border architecture For instance; installing a
firewall and forgetting that there are other network that
need to be protected or should be placed behind the
firewall.

The above is just a handful of “Little Things” that get
overlooked and can result in the undoing of your networks
security measures.

As an example; Many organizations provide their internal and
external customers with a public FTP service. Most times,
this is done to allow people to easily post “non-critical”
or public information and share it with other associates.

Recently, I identified just such an FTP server. The server
allowed anonymous logons, however it contained
sub-directories that were secured. These secure directories
were only accessible by the people who owned the account. It
was obvious to me that I was not going to easily compromise
these accounts. On the other hand, sitting right in the
anonymous “root” directory was a .zip file that was rather
large. I downloaded the file, which took quite a while,
unzipped it on my desktop, and guess what it contained? It
was a compressed file of the entire FTP server, including
the secure directories.

I would bore you with what I found within these directories.
The bottom line is, I should have never had access to the
information they contained.

Conclusion

The bottom line is this; it really is the little things that
will come back to haunt you when it comes to computer
security. No system should ever be rushed into production.
This is one of the most common causes for poorly secured
systems. The team in charge of implementing new technology
needs to be educated on how to securely deploy new systems.
And if you are installing support software from outside
vendors, make sure you thoroughly review their products
security features. Also, make sure they fully disclose any
known bugs or improperly functioning features.

About the Author
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many
technology & security articles, some of which have been published in nationally circulated magazines & periodicals.

• 0 Comments