ITCommunion

mod_rewrite: Seach Engine Friendly URL's

2010-04-12T12:12:00.001+07:00

The evolution of the World Wide Web (WWW) has seen URL's evolve from a very simple format to more and more complicated with the advent of database-driven sites and now back to simple. We look at how best to achieve search engine friendly URL's using mod_rewrite.

1. Background

In the early days of the WWW, websites were built by hand with each page saved as an individual HTML file. This allowed them to be easily indexed, copied and moved around as each element of the site was a unique file.

The next development was CGI scripts to server dynamic content. This led to URI such as:

http://www.example.net/cgi-bin/page.cgi
http://www.example.net/cgi-bin/script.pl?param1=val1&param2=val2

The addresses could be cleaned up a bit, with the GET parameters being incorporated into the URI:

http://www.example.net/cgi-bin/script/param1/param2

Then along came various scripting languages that allowed pages to be dynamic without having to sit in a specific directory:

http://www.example.net/script.php?param1=val1&param2=val2
http://www.example.net/script/param1/param2

The second example in this case would normally use Content Negotiation to recognise the address as a call to the script, with the remainder of the address (/param1/param2) accessible as an environment variable.

It was around this time that search engines such as Google emerged and suddenly everything had to be 'indexable' by search engine spiders with names such as Googlebot and Slurp (and now msnbot). The 'holy grail' being to make the site look as if it was made of of hand-crafted HTML files. In other words, we've come full circle.

The examples below describe the process of achieving this goal of simple URLs for comlex dynamic content.

2. Search Engine Friendly URL's

A typical component of a website is a 'latest news' database. Individual news items would be accessed as:

http://www.example.net/news.php?id=20050901

(a call to the news.php script passing a single GET parameter which identifies which item to display)

Now we introduce the RewriteRule:

RewriteRule ^news/([0-9]+) /news.php?id=$1

Translation:

IF the request starts with news/ followed by one or more digits;
THEN call the news.php script with the id parameter set to those digits.

The URI then becomes:

http://www.example.net/news/20050701

Or, because we left the RHS of the regular expression open, we can also use:

http://www.example.net/news/20050701.html

There is a slight problem here in that, if Content Negotiation is enabled, this URI could be taken as a call to the news.php script with the rest of the URL (/20050701.html) being unused. This is because there is no file called /news/20050701.html, and no file called /news, but /news.php does exist and Content Negotiation is all about finding that out. In that situation the correct news item won't be displayed.

The solution? We could re-name the script, change the format of the URI, or turn off Content Negotiation (which you might want to do in any case), but there's a simpler option:

RewriteRule ^news/([0-9]+) /scripts/news.php?id=$1

By moving the script into a sub-directory, which we can do now because it's no longer called 'in place', we avoid any chance of conflict. The /scripts/ directory can, and should, now be secured to avoid direct access.

One of the major benefits of using rewrite rules and 'hiding' the script is that ONLY requests matching the regular expression can access it. In this case it's not possible for someone to pass a non-numeric parameter, and any attempt would result, rightly, in a 404 Not Found response.

An even better rule in this case could be:

RewriteRule ^news/([0-9]{8}) /scripts/news.php?id=$1

or, if you want to be really strict and enforce the .html extension:

RewriteRule ^news/([0-9]{8})\.html$ /scripts/news.php?id=$1

Next we look at what to do if other sites or search engines are already linking to your dynamic pages.

3. Converting Dynamic to Search Engine Friendly URL's

If you follow the example in the previous section, you might see a lot of 404's in your logs because addresses that used to work have now been deprecated.

Wouldn't it be great if we could set up a PURL to handle this.

It's actually quite simple:

RewriteCond %{QUERY_STRING} ^id=([0-9]+) RewriteRule ^news\.php /news/%1.html? [R=301,L]

Note: regular expression matches from a RewriteCond are referenced using % wheras those in a RewriteRule are referenced using $.

Translation:

IF the query string starts with id=(one or more digits)
AND the request is for /news.php
THEN redirect (301) to the search-engine-friendly URL with no query string

The reason for having a 301 Permanent redirect is that search engines such as Google will take that to mean that the previously indexed page now exists at the new location, and pass on any PageRank accumulated at the old address.

You also don't want there to be multiple ways to access the same content as that can trigger a duplicate content penalty with the search engines.

If you change your URL structure more than once over time, you might end up with a chain of 301 redirects leading from the oldest to the newest format so it's a good idea to map everything out on paper or on a development server before going live.

4. Common Mistakes

Trying to match a query string in the RewriteRule

The query string is never visible to the rewrite rule - RewriteRule only sees the address portion of the request. As shown above you need to use a RewriteCond on %{QUERY_STRING} before your RewriteRule.

Appending QUERY_STRING to the rewrite target

This probably seemed like a great solution at the time:

RewriteRule ^book/([0-9]+)\.html /scripts/book.html?id=$1&%{QUERY_STRING}

but you're much better using the built-in QSA flag:

RewriteRule ^book/([0-9]+)\.html /scripts/book.html?id=$1 [QSA]

Note: QSA stands for Query String Append.

Trying to match or redirect to page anchors

Page anchors - addresses ending in #anchor - are handled entirely on the client-side and never passed to or from the server. This makes sense if you think about it as you can go from one anchor to another in your browser without the page reloading.

Missing images and style-sheets

After a redirect such as:

RewriteRule ^book/([0-9]+)\.html /showbook.php?id=$1

relative paths to images will no longer work. That's because as far as the web browser knows, you're currently in a directory called books. The fix is to use absolute paths when referencing images and other resources. For example:

5. References

Fighting Form Spammers

2010-04-12T12:11:00.002+07:00

One of the most annoying developments on the Internet in recent years has been the rise of automated 'spambots' - autonomous virus-like programs that post a never-ending stream of rubbish to guestbooks and contact forms. This article describes a real-life example in which spammers are combated through a variety of means.

1. Form Validation

What you need to consider when setting up a form are the following points:

which fields are going to be 'mandatory'?
which fields need to be validated as numbers, dates, etc?
is there any way for the form to be submitted with invalid data?

The first tool you have available is the ubiquitous JavaScript that can be used for client-side form validation. You should use JavaScript to prevent the form being submitted with missing or obviously invalid data.

Because JavaScript can be disabled in the browser - and some browsers don't even run JavaScript - you need to always re-validate the form data using a server-side script before taking any action such as inserting into a database or sending an email.

This is an opportunity to use more powerful regular expressions to check that the format and values of dates and email addresses are valid. You can even check that the domain of an email address actually exists and has a mail server.

What you haven't yet achieved is blocking automated scripts from submitting your form.

2. Adding a CAPTCHA

To separate human users from automated scripts you need to implement a Turing test to the form - something that is simple for a human user but difficult for an automated script to negotiate.

This is most often implemented by adding a CAPTCHA image to the form - an image that presents a series of digits or letters to be read and re-typed into a form field. You can find more detailed instructions, and source code, in the article Protecting forms using a CAPTCHA (using PHP).

At this point you've eliminated at least 95% of form spammers. Depending on the CAPTCHA you use there may be one or two scripts that are intelligent enough to decipher the graphic and complete the form anyway.

3. Identifying the Source

One option for combatting the remaining spammers - and the only option for very large websites with a lot of people attempting to compromise them - is to continue to change and upgrade the CAPTCHA graphic, or implement a different Turing test, such as presenting a simple equation that has to be solved before the form can be submitted.

For smaller sites you might find that all the spam now getting through your form is coming from a single computer or netblock. In that case you have the option of blocking them from within your script or at the firewall.

The first option is simply a matter of comparing their IP address ($_SERVER['REMOTE_ADDR'] in PHP) to a black-list. The firewall option is slightly more complicated.

First you need to analyze your log files to narrow down the problem IP addresses. This command will tell you who has submitted the form:

$ grep "POST /theform\.php" combined_log

You can improve on this using awk:

$ grep "POST /theform\.php" combined_log | awk '{print $1}' | sort | uniq -c | sort

In the real-life example that triggered this article the output of a similar command was the following:

1 XX.132.59.38
4 XXX.225.176.73
6 XXX.225.177.190
8 XXX.225.176.177

The first address is the list is a 'friendly', but the others - clearly from the same netblock - are associated with contact form spam. Using our subnet calculator, we input the lowest and highest of these 'unfriendly' ip addresses and come up with the netmask XXX.225.176.0/23, covering a range of 512 IP addresses.

4. Blocking at the Firewall

The final step is to add a rule to your firewall using iptables:

# iptables -I INPUT 2 -p tcp -s XXX.225.176.0/23 --dport 80 -j REJECT --reject-with tcp-reset

Note: this command inserts the rule at line 2 in the firewall, but you can change that as needed.

This inserts a DROP command for all HTTP (port 80) traffic coming from the IP block that we've identified. Not only will they be prevented from submitting the form, but also from accessing other areas of the website.

In our case, this measure was necessary because it appeared that this netblock was spamming a number of different sites on our server - and a search showed that other servers and websites were being targeted as well.

The result has been a complete halt of form-based spam to all websites on our server!

Source: the-art-of-web.com

Blocking Unwanted Spiders and Scrapers

2010-04-12T12:11:00.001+07:00

If you're concerned about bandwidth, server resources, or just trying protect your content from automated scrapers then you should realise that it's not a fight that can be won. Having said that, here's a case study on how to recognise and block unwanted user agents from accessing your website, using mod_rewrite and an .htaccess file.

1. Recognising the Enemy

Let's start by scanning the logs to find out which IP addresses are making the most request.

awk '{print $1}' combined_log | sort | uniq -c | sort | tail -40

Note: Replace combined_log with the location of your actual combined-log file, or use *combined_log to process all at once.

This returns a list of the top 40 IP addresses in terms of the number of requests. We'll stick to the top 5 for now:

824 XX.173.68.90
956 XX.184.192.199
983 XXX.9.3.10
1068 XXX.231.187.166 }
1098 XXX.235.117.192

The number on the right is obviously an IP address. The other numbers are the total number of requests made from each address. We can make this a bit more informative by displaying the domain associated with each address:

awk '{print $1}' combined_log | sort | uniq -c | sort | tail -40 \ | awk '{print $2,$2,$1}' | logresolve | awk '{printf "%6d %s (%s)\n",$3,$1,$2}'

Note: you'll need to know where the logresolve function is located on your server, and be able to call it.

This returns the same list, but with the IP addresses also being resolved into domain names:

824 example.rr.com (XX.173.68.90)
957 example.optonline.net (XX.184.192.199)
983 example.centie.net.au (XXX.9.3.10)
1068 example.gulftel.com (XXX.231.187.166)
1098 example.westnet.com.au (XXX.235.117.192)

Now you might recognise some of the heavy-hitters. Some of them might be you, or a server script that runs periodically over the site (checking links or building a search index for example) or a legitimate search engine spider (Googlebot, msnbot, Slurp, ...). You should be able to safely ignore them.

With the others, let's see what they're up to.

2. Divide and Conquer

Firstly, let's confirm the number of requests, and whether they're accessing a single or multiple sites. We start with the IP address with the most requests.

grep -c XXX.235.117.192 *combined_log | grep -v \:0

Note: This is only going to be useful if you're scanning multipe logfiles.

In our case, the top IP address was only accessing a single site. That probably means that they have a particular interest in, and may in fact be the owner or regular user of that site. You should check this out before taking any action.

The second IP address turned out to be accessing multiple, unrelated websites. This merits further investigation so see if they're a legitimate spider or something less wholesome.

Let's see exactly what they're after:

grep XXX.231.187.166 combined_log | more

Things you should be looking for now:

Timing of requests - regular, random, sporadic, ...
Pages requested - small sample, random sample, systematic, pages only, images only, ...
Server Status Codes - 200, 301, 401, 403, 404, ...
User Agent - none, browser, search engine, spider, ...

For this IP address we see a typical spidering pattern, but no requests for robots.txt, no pause between requests and they triggered some 401 Unauthorised responses. Their user agent is always "Java/1.4.1_04".

The other three IP addresses returned similar results. The only difference being that the user agent changed slightly. We've made an 'executive decision' that they're all going to be blocked.

3. Turning Back the Tide

The following lines added to your .htacces file will block any requests coming from IP addresses starting with XXX.23 or XX.1 where the User Agent starts with Java:

# anonymous Java-based spiders
RewriteCond %{REMOTE_HOST} ^XXX\.23[0-9] [OR]
RewriteCond %{REMOTE_HOST} ^XX\.1[0-9][0-9]
RewriteCond %{HTTP_USER_AGENT} ^Java
RewriteRule .* - [F]

We could also have listed the IP addresses one at a time, but other tests showed a number of 'Java' user agents coming from the same ISP, or at least the same IP-block.

You need to be a little bit careful here. Sometimes an IP address belongs to a proxy server which means that an entire organisation or thousands of subscribers to an ISP could be affected if your rules are too indiscriminate. Unless you're certain that an IP address or IP-block is only being used by malcontents then try to always add a User Agent RequestCond so you don't end up blocking legitimate users.

4. Repairing the Breach

Having turned up a number of 'Java' agents that we decided to block, we might want to investigate other request with similar user agents. For example, user agents starting with Java:

awk -F\" '($6 ~ /^Java/)' combined_log | awk '{print $1}' | sort | uniq -c | sort

This returns a list of IP addresses similar to those above. The addresses we've already picked up will appear at the top, and you'll also see the less-active ones and have the option to investigate further.

As we mentioned at the start of this page, you're never going to be block all the 'bad' agents while letting in the good ones. There are simply too many possible variations. There are automated solutions for blocking IP addresses on a temporary or permanent basis based on behaviour, but that's a whole different ball-game.

Source: the-art-of-web.com

Analyzing Apache Log Files

2010-04-12T12:10:00.002+07:00

There are many different packages that allow you to generate reports on who's visiting your site and what they're doing. The most popular at this time appear to be "Analog", "The Webalizer" and "AWStats" which are installed by default on many shared servers.

While such programs generate attractive reports, they only scratch the surface of what the log files can tell you. In this section we look at ways you can delve more deeply - focussing on the use of simple command line tools, particularly grep, awk and sed.

1. Combined log format

The following assumes an Apache HTTP Server combined log format where each entry in the log file contains the following information:

%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"

where:

%h = IP address of the client (remote host) which made the request
%l = RFC 1413 identity of the client
%u = userid of the person requesting the document
%t = Time that the server finished processing the request
%r = Request line from the client in double quotes
%>s = Status code that the server sends back to the client
%b = Size of the object returned to the client

The final two items: Referer and User-agent give details on where the request originated and what type of agent made the request.

Sample log entries:

66.249.64.13 - - [18/Sep/2004:11:07:48 +1000] "GET /robots.txt HTTP/1.0" 200 468 "-" "Googlebot/2.1"
66.249.64.13 - - [18/Sep/2004:11:07:48 +1000] "GET / HTTP/1.0" 200 6433 "-" "Googlebot/2.1"

Note: The robots.txt file gives instructions to robots as to which parts of your site they are allowed to index. A request for / is a request for the default index page, normally index.html.

2. Using awk

The principal use of awk is to break up each line of a file into 'fields' or 'columns' using a pre-defined separator. Because each line of the log file is based on the standard format we can do many things quite easily.

Using the default separator which is any white-space (spaces or tabs) we get the following:

awk '{print $1}' combined_log # ip address (%h)
awk '{print $2}' combined_log # RFC 1413 identity (%l)
awk '{print $3}' combined_log # userid (%u)
awk '{print $4,5}' combined_log # date/time (%t)
awk '{print $9}' combined_log # status code (%>s)
awk '{print $10}' combined_log # size (%b)

You might notice that we've missed out some items. To get to them we need to set the delimiter to the " character which changes the way the lines are 'exploded' and allows the following:

awk -F\" '{print $2}' combined_log # request line (%r)
awk -F\" '{print $4}' combined_log # referer
awk -F\" '{print $6}' combined_log # user agent

Now that you understand the basics of breaking up the log file and identifying different elements, we can move on to more practical examples.

3. Examples

You want to list all user agents ordered by the number of times they appear (descending order):

awk -F\" '{print $6}' combined_log | sort | uniq -c | sort -fr

All we're doing here is extracing the user agent field from the log file and 'piping' it through some other commands. The first sort is to enable uniq to properly identify and count unique user agents. The final sort orders the result by number and name (both descending).

The result will look similar to a user agents report generated by one of the above-mentioned packages. The difference is that you can generate this ANY time from ANY log file or files.

If you're not particulary interested in which operating system the visitor is using, or what browser extensions they have, then you can use something like the following:

awk -F\" '{print $6}' combined_log \ | sed 's/($[^;]\+; [^;]\+$[^)]*)/()/' \ | sort | uniq -c | sort -fr

Note: The \ at the end of a line simply indicates that the command will continue on the next line.

This will strip out the third and subsequent values in the 'bracketed' component of the user agent string. For example:

 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR)

becomes:

 Mozilla/4.0 (compatible; MSIE 6.0)

The next step is to start filtering the output so you can narrow down on a certain page or referer. Would you like to know which pages Google has been requesting from your site?

awk -F\" '($6 ~ /Googlebot/){print $2}' combined_log | awk '{print $2}'

Or who's been looking at your guestbook?

awk -F\" '($2 ~ /guestbook\.html/){print $6}' combined_log

It's just too easy isn't it!

Using just the examples above you can already generate your own reports to back up any kind of automated reporting your ISP provides. You could even write your own log analysis program.

4. Using log files to identify problems with your site

The steps outlined below will let you identify problems with your site by identifying the different server responses and the requests that caused them:

awk '{print $9}' combined_log | sort | uniq -c | sort

The output shows how many of each type of request your site is getting. A 'normal' request results in a 200 code which means a page or file has been requested and delivered but there are many other possibilities.

The most common responses are:

200 - OK
206 - Partial Content
301 - Moved Permanently
302 - Found
304 - Not Modified
401 - Unauthorised (password required)
403 - Forbidden
404 - Not Found

Note: For more on Status Codes you can read the article HTTP Server Status Codes.

A 301 or 302 code means that the request has been re-directed. What you'd like to see, if you're concerned about bandwidth usage, is a lot of 304 responses - meaning that the file didn't have to be delivered because they already had a cached version.

A 404 code may indicate that you have a problem - a broken internal link or someone linking to a page that no longer exists. You might need to fix the link, contact the site with the broken link, or set up a PURL so that the link can work again.

The next step is to identify which pages/files are generating the different codes. The following command will summarise the 404 ("Not Found") requests:

# list all 404 requests
awk '($9 ~ /404/)' combined_log
# summarise 404 requests
awk '($9 ~ /404/)' combined_log | awk '{print $9,$7}' | sort

Or, you can use an inverted regular expression to summarise the requests that didn't return 200 ("OK"):

awk '($9 !~ /200/)' combined_log | awk '{print $9,$7}' | sort | uniq

Or, you can include (or exclude in this case) a range of responses, in this case requests that returned 200 ("OK") or 304 ("Not Modified"):

awk '($9 !~ /200|304/)' combined_log | awk '{print $9,$7}' | sort | uniq

Suppose you've identifed a link that's generating a lot of 404 errors. Let's see where the requests are coming from:

awk -F\" '($2 ~ "^GET /path/to/brokenlink\.html"){print $4,$6}' combined_log

Now you can see not just the referer, but the user-agent making the request. You should be able to identify whether there is a broken link within your site, on an external site, or if a search engine or similar agent has an invalid address.

If you can't fix the link, you should look at using Apache mod_rewrite or a similar scheme to redirect (301) the requests to the most appropriate page on your site. By using a 301 instead of a normal (302) redirect you are indicating to search engines and other intelligent agents that they need to update their link as the content has 'Moved Permanently'.

5. Who's 'hotlinking' my images?

Something that really annoys some people is when their bandwidth is being used by their images being linked directly on other websites.

Here's how you can see who's doing this to your site. Just change www.example.net to your domain, and combined_log to your combined log file.

awk -F\" '($2 ~ /\.(jpg|gif)/ && $4 !~ /^http:\/\/www\.example\.net/){print $4}' combined_log \ | sort | uniq -c | sort

Translation:

explode each row using ";
the request line (%r) must contain ".jpg" or ".gif";
the referer must not start with your website address (www.example.net in this example);
display the referer and summarise.

You can block hot-linking using mod_rewrite but that can also result in blocking various search engine result pages, caches and online translation software. To see if this is happening, we look for 403 ("Forbidden") errors in the image requests:

# list image requests that returned 403 Forbidden
awk '($9 ~ /403/)' combined_log \ | awk -F\" '($2 ~ /\.(jpg|gif)/){print $4}' \ | sort | uniq -c | sort

Translation:

the status code (%>s) is 403 Forbidden;
the request line (%r) contains ".jpg" or ".gif";
display the referer and summarise.

You might notice that the above command is simply a combination of the previous, and one presented earlier. It is necessary to call awk more than once because the 'referer' field is only available after the separator is set to \", wheras the 'status code' is available directly.

6. Blank User Agents

A 'blank' user agent is typically an indication that the request is from an automated script or someone who really values their privacy. The following command will give you a list of ip addresses for those user agents so you can decide if any need to be blocked:

awk -F\" '($6 ~ /^-?$/)' combined_log | awk '{print $1}' | sort | uniq

A further pipe through logresolve will give you the hostnames of those addresses.

Source: the-art-of-web.com

CRON: Automatically Run Jobs on Your Website

2010-04-12T12:10:00.001+07:00

CRON is a function in Unix and Linux operating systems which allows you to schedule a job and the job will run at the date and time scheduled until you delete the CRON statement.

Initially, you may consider this to be too technical for you, but not so if you will carefully read this article. It is a function of which you should be aware. Even if you do not need it now, remember about CRON for the day you will need it.

Apache server includes this function and it is easy to use with the graphical interface.

The format for CRON is "CRON * * * * * Command to execute" Each asterisk represents a field in the command and can contain the following values. If you do not want to specify a value for that particular field, leave the asterisk in that position in the CRON statement line. Each of the five fields is separated by white space.

Here are the values that each field (left to right) can have other than the asterisk:

Field -------- Value ----- Description

minute ----- 00-59 ------exact minute the cron executes

hour -------- 00-23 ------ hour of the day the cron executes(0 =midnight)

day --------- 01-31 ------ day of the month the cron executes

month ------ 01-12 ------ month of the year the cron executes

weekday --- 00-06 ----- ay of the week the cron executes (Sunday = 0, Monday = 1, Tuesday = 2, etc)

command ---varies ------ sequence of commands to execute

What prompted the need for the CRON on our site was our use of the software package that required that we copy the ClickBank master file into a file on the Boomer-eZine website periodically so our copy is kept current with the ClickBank master.

Since we get busy and forget to do this weekly, a method to have our web host perform this automatically was the answer.

The CRON function is very flexible and can be set to run on almost any time frequency you can imagine.

If you specify a minute in the first field and an hour (24 hour clock) in the second field and leave all the other fields as asterisks, the specified program will run on that hour and minute every day. If you want the program to run twice a day at 10 and 11 AM, you can write the CRON as:

CRON 0 10,11 * * * Command to execute With the proper combinations, you can set up a job to run automatically on almost any schedule that you can imagine.

Let's try a few. Write a CRON to execute on every Sunday at midnight.

If you got "CRON 0 0 * * 0 Command to execute", then you are right. The zero in the first position is on the hour. The zero in the second position is midnight. The zero in the fifth position (day of the week) is Sunday. This is what we used for our CRON settings for the CD AD Box update.

Set up a CRON to run once per year on the last day of the year at midnight.

CRON 0 0 31 12 * Command to execute If you have a graphical interface on your web server, it is easy to enter the CRON information

Sometimes the CRON function is difficult to find in your control panel. If you have difficulty finding it, send an email to the support group for your web host and ask if this is available and if so, where is it located.

As I said earlier, you may not need this right now, but remember it for when it will come in handy for you. It can greatly simplify the work of managing your website.

Using 301 Redirects

2010-04-12T12:09:00.002+07:00

Before we go any further, you are probably wondering what in the world 301 redirects are in the first place am I right? You've heard the term, heard people asking about it and are curious but it just sounds so technical you aren't sure what to do with it.

Let me assure you that 301 redirects are as easy as a click of a button and very helpful when you want to protect your domain names.

Typically companies purchase multiple domain names to protect their competition from taking their .net or .org name. For example, if you have just registered www.yourwebsite.com, it is a good idea to also register www.yourwebsite.net and even www.yourwebsite.org. Some people even go so far as to register the misspellings of their domain name just to be sure that your competition doesn't grab a hold of it.

The problem is you don't want to have to develop multiple different sites and it is frowned upon by Google to have multiple web sites with identical content. So what do you do?

You place a 301 redirect on your web site. This tells search engines where to find your preferred web site.

This helps you because if someone types in say, www.YuorWebsite.com instead of www.YourWebsite.com which is the proper way to enter your web site address, the person who typed in www.YuorWebsite.com where the "o" and the "u" are inversed will automatically be redirected to the correct web site.

Using a 301 redirect makes the search engines happy and prevents you from having to develop multiple web sites with the same content which the search engines hate anyhow.

So now that you understand why you should use a 301 redirect, how do you go about putting one on your web sites?

If you use a web host like GoDaddy, then you can redirect your domain names by a simple click of a button.

If on the other hand you want to do it yourself, then here are some simple ways to put a 301 redirect on your web site:

First and foremost, some folks might recommend that you use a JavaScript meta refresh technique on your web site. This is not recommended because it is a technique used by spammers and you certainly don't want to start off on the wrong foot with the search engines.

If you are using a Linux server (ask your web hosting company or someone close to you who is familiar with technology if you are unsure) and follow these steps:

* Go to the web site that you want to redirect from. For example, if you want to redirect www.websitenumber1.com to www.websitenumber2.com then put the following information in the root directory of the www.websitenumber1.com.

* Create an .htaccess file using the following code:

redirect 301 /the-directory-on-websitenumber1/the-page-on-websitenumber1.htm http://www.websitenumber2.com/

* Save the file as simply .htaccess

* Be sure you save the file in the root directory of your web site.

* Upload the file to your web server

* Test the file by going to your old web site address and be sure it redirects to your new web site

Please note however that the update will take about 24 hours to work.

If you are using a Windows server with. ASP pages then use the following code:

< % Response.Status="301 Moved Permanently" Response.AddHeader "Location", " http://www.websitenumber2.com">

If you are using a Windows server with ASP.net then use this code:

private void Page_Load(object sender, System.EventArgs e) { response.status = "301 moved permanently"; Response.AddHeader("Location","http://www.websitenumber2.com"); } < /script>

Be sure that if using a Windows server with either .asp or ASP.net pages that you put the code before the tags on your page.

A 301 redirect will safely tell the search engines that your site websitenumber1.com and websitenumber2.com are the same as websitenumber1.com without wasting the search engines time and you can be sure that if someone accidentally enters in the wrong domain name, they will still end up at your web site.

By Kristine Wirth

Custom Error 404 Documents with PHP

2010-04-12T12:09:00.001+07:00

This article will help developers who wish to create a new web site layout. Once you have read this, you will be able to redirect users to the new pages created via a 404 error page. Read more.
Have you ever designed your website, built the structure and decided one day that you want to completely redesign your layout? Well, if you have an established website, changing your structure can be a real pain for your users or people searching for your site in search engines. This tutorial will show you how to avoid getting those Error 404 Not Found errors and redirect people back into your new design.

Let's say that we have a few files such as this:

Your Site Root
/index.php
/page1.php
/page2.php
/page3.php

Your new layout schema that you decided to use will change to this:

Your Site Root
/index.php
/articles.php (Was page1.php)
/images.php (Was page2.php)
/guestbook.php (Was page3.php)

We will assume that you are going to remove the old files after you do your site design. When your site was running before you had about 10 websites linking to your pages and you had submitted everything to search engines. When people click on your old links, they'll get an Error 404 / Document Not Found error message. Let's avoid getting that message and direct the users to your index to avoid any traffic loss.

Utilizing Apache's built in custom error document handling you can setup your own error 404 document that redirects the user to your index page and gives them a message as well as displays your index page. The first thing we need to do is build our error handler. I use a php script that includes my index.php file, gives the user a message at the top and the re-directs them to the main page after 2 seconds. Here's how:

//errror404.php

echo "You have reached a page that has changed or no longer exists.

      You have been redirected to our index page. Please update your bookmarks!";

//Meta refresh to send them back to index.php

echo "";

//include the index.php so that we can give them something to look at besides an ugly error

include 'index.php';

?>

There you have it! A simple php script that gives you a good looking Error 404 page and redirects the user to your index page. On the next page, we'll show you how to setup a htaccess file that allows Apache to use this new error404.php script.

The next step requires you to either have administrative access to your Apache web server's configuration files or send an email to your admin and ask them to allow overrides for your website. A directive should be added to your httpd.conf for the directory which your website lives in. Let's say for this example it's /www/htdocs. Here's a line in your httpd.conf that you must have for this .htaccess file to work:



     AllowOverride FileInfo

Once you have that done, you'll need to create a file called ".htaccess" and place it inside your website's directory. Here's how simple this .htaccess file is:

ErrorDocument 404 /error404.php

Wow that was simple eh? After you have completed all of the above steps, you can now test it out. Let's call up http://www.yourdomain.com/foo.php (Where foo.php is a file that does not exist). You should be directed to your index page and see a message that appears at the top of the screen for approximately 2 seconds and then the user will be directed back to your index.php file.

Congratulations, You've successfully redirected all broken links on your website back to your index! You will no longer lose traffic due to random clean-ups of your files and site changes. Just don't delete the error404.php because that would be too ironic that you can't even display your own error document!

Here's a few more custom error documents that you can make for your website. Just use the same methods above that we used for creating these new pages. If you were really cool, you could setup a switch inside your error404.php file and manage all of your custom errors in one file. Here's the list:

Error in Client
400 Bad syntax
401 Unauthorized
402 Not Used (Payment Granted)
403 Forbidden
404 Not Found

Error in Server
500 Internal Error
501 Not Implemented
502 Overloaded
503 Gateway Timeout

More information can be found at the Apache Webserver page: http://httpd.apache.org/docs/custom-error.html

Switching to Linux - Why Dual-Booting is Best

2010-04-12T12:08:00.000+07:00

With the user-friendly Linux distribution Ubuntu gaining popularity at an astounding rate, you may be considering making the move from Windows to Linux. If you are, then you will have wondered how you will work and play without the applications and games you use every day in Windows.

Windows applications can be run in Linux, just not natively. You have two main options: Emulation and Virtualization. Neither are as effective as dual-booting but I will explain them here and their drawbacks.

Emulation allows you to run Windows applications through a "translation layer" which tricks the applications into thinking they are running on Windows. Although great advances have been made by the WINE Project and commercial offshoot, Cedega, many applications are still unsupported. Support for certain applications may even vary depending on your hardware configuration.

Virtualization takes running Windows applications on Linux a step further and is capable of running an entire Windows (or any other) operating system straight from your Linux desktop. With the free application VirtualBox, you can create a “virtual machine” and install any version of Windows you wish onto it.

A virtual machine is switched on and off exactly like a normal PC, except the entire operating system runs inside a window on your Linux desktop. You may then install any Windows applications you wish into the virtual machine and use them as you normally would.

Running applications natively in Windows, via a virtual machine, is far more reliable than running them through a translation layer, but virtualization has its drawbacks too.

When you run Windows in a virtual machine you are effectively running two operating systems, simultaneously, on one computer. This has obvious performance drawbacks. Although most office-type applications could be run this way, if your office insists on a particular piece of Windows-specific software, performance issues and lack of DirectX support severely hampers game applications.

The only way to successfully run all your Windows applications at their full capacity is to install Windows and Linux as dual-boot operating systems.

Dual-booting is the process of installing two operating systems side-by-side, to be run independently. By this method you will be presented with a menu listing your operating systems when you switch on your computer. this allows you to choose the OS most suitable for the tasks at hand, be it work or gaming.

I personally run Ubuntu 7.04 and Windows XP as a dual-boot system. I mostly use Ubuntu for day-to-day tasks and run Windows XP purely for gaming. This way, dual-booting grants me access to the best features of both operating systems and allows me to use my computer to its full potential.

Article Source: http://EzineArticles.com/?expert=Daniel_Ruscoe

Doing wonders with Apache settings

2010-04-12T12:07:00.002+07:00

So you have decided to develop your own website and here I come to give you some rock solid advices which can do wonders for you. Before that I assumed that you are going to build your website on Linux-Apache-MySQL. Here you must know some basic working guidelines of Apache and PHP. The configuration of Apache web server is decided by a file called httpd.conf and all apache settings are written there. But apache allows you to modify these settings and you can easily override your apache settings to make it suitable for your purpose. Similarly, PHP settings are written in php.ini file and you can overwrite that too. To overwrite apache settings you need to place a file named .htaccess in your web folder. This htaccess file can overwrite httpd.conf settings. An htaccess file overwrites settings from down to top approach. That is htaccess file placed under /var/home/sites/includes can overwrite the htaccess file in /var/home/sites/ .

Trapping Error: There are five kinds of errors that one website can experience. These are

1. 400 Error (Bad Request): It means that a request for a URL has been made but the server is not configured or capable of responding to it. 2. 401 Error (Unauthorized Access): It means that a request for a URL is generated but the request failed to authorize itself as per security settings. 3. 403 Error (Forbidden Error): If any URL has been made for non-access and the request tries to access it, this error is generated. 4. 404 Error (Page Not Found): If any request for URL comes to the server which is not available then this error is generated. 5. 500 Error (Internal Server Error): For any internal error the server throws this error message to browser.

The wonder is that by adding a few lines you can get past the error message and can show your own custom error message. For this develop 5 html pages which will be shown in case these errors are generated. And then add these lines to it.

ErrorDocument 400 /400-page.html ErrorDocument 401 /401-page.html ErrorDocument 403 /403-page.html ErrorDocument 404 /404-page.html ErrorDocument 500 /500-page.html

Mod_Rewrite (Your own friendly URL): Say you have a php page and the url for this is http://www.yourwebsite.com/product.php?p =cell_phone . Now ?p=cell_phone is the query string and the requested product.php page gets the value and fetches data from database using php script using the parameter. This kind of URL is not indexed by google properly. Don't worry, you can customize very easily using htaccess file. Add the following line in htaccess file and rename the link as cell_phone_product.html.

RewriteEngine on Options +FollowSymLinks RewriteRule ^([A-Za-z0-9[:blank:]_[:digit:].-]*)\._product.html$ product.php?p=$1 [L]

Now the first part ^([A-Za-z0-9[:blank:]_[:digit:].-]*) finds any name that comes before -product and store it in the variable $1. It then internally redirects it to the products.php by making the desired URL. So in browser cell_phone_product.html appears where internally product.php?p =cell_phone is parsed.

I can give you one more example which is just amazing. If any user accidentally types http://yourdomainname.com , it automatically converts it into http://www.yourdomainname.com. And the script is

RewriteEngine on Options +FollowSymLinks RewriteCond %{HTTP_HOST} ^yourdomainname.com [NC] RewriteRule ^(.*)$ http://www. yourdomainname.com/$1 [L,R=301] RewriteRule ^([A-Za-z0-9[:blank:]_[:digit:].-]*)\.html$ blank-page.php?pagename=$1 [L] RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]

Script execution time: Say one of your script files takes much time to execute. And before it finishes the execution the browser gets disconnected. In that case you can add this statement to increase or control the execution time.

php_value max_execution_time 7200

The fact is that, you can change any php settings with the above statement. The syntax is php_value %Settings_name% %settings_value%.

I wish to come up with more articles on Apache, PHP and MySQL in days to come. Till then happy learning!!

By Kanquona Bhattacharjee

Important considerations before choosing a web hosting provider

2010-04-12T12:07:00.001+07:00

The first thing before choosing a web hosting provider is that you should be fully aware of your hosting requirements. If you are a beginner wanting to host a personal web site, then your only concern is that you get a decent amount of disk space for your web site with a host that is as cheap as $5 per month. However, if you are a developer, an online entrepreneur or an online business looking for e-commerce capabilities or advanced scripting technologies, then you can determine your requirements in the following order.

(1) Whether you need Shared Hosting or Dedicated Hosting:
This depends mainly on two major requirements, the traffic your web site is expected to receive and the degree of administrative privileges you need. If you expect your web site to receive huge amounts of traffic, then you will need to have a Dedicated Server which definitely has a much greater bandwidth offering. Also you should select Dedicated server hosting if your web site requires customized options, secure information or complex applications i.e. e-commerce, dynamic content, database and multimedia applications.

(2) Whether you need Linux Hosting or Windows Hosting:
If you're going to use server technologies such as ASP, JSP etc or intend to run Microsoft applications like Microsoft Access or Microsoft SQL database on your server, then you should use a Windows hosting provider. Although ASP can be run on the Linux platform using some commercial applications, there are security and reliability concerns related to it. However, if you want to use ColdFusion, it can run on both Linux and Windows platforms.

(3) What are your Space and Bandwidth requirements:
Many web hosting providers nowadays offer generous amounts of disk space from 1 GB to 3 GB. However, if your web site mainly acts as a download resource, then your disk space requirements may be 5 to 10 times greater than this. The second consideration is how much traffic your web site is expected to receive which will let you estimate your bandwidth requirements.

(4) How many Parked Domains and Subdomains do you need:
Parked domains are very advantageous and can significantly increase the amount of traffic to your web site. Similarly, subdomains can help with your search engine rankings by pointing to specific directories of your web site. Parked domains and subdomains occasionally come free with certain web hosting packages. However if you need more, you will have to pay an additional price per month.

(5) FTP Accounts and Anonymous FTP Requirements:
You may need more than one FTP account if you have coworkers working on your web site project at different locations. The Anonymous FTP permits the general public to access certain directories on your web server to whom they have been granted permission by you. In most cases, you will need a dedicated IP address for Anonymous FTP to function.

(6) Whether you need e-commerce Features:
If you need e-commerce features, you should choose a web hosting provider that provides e-commerce functionality such as shopping carts and the ability to accept credit cards. You should also check whether their server is SSL secure.

In addition to your own hosting requirements, the following considerations must be kept in mind when looking for a quality web hosting provider.

(1) More than 99.5% uptime:
Choose a web hosting provider that has an uptime greater than 99.5% and if there is an uptime guarantee, it's even better. If your web site is for business purposes, it's very crucial that your site stays online 24 hours a day, 7 days a week and 365 days a year.

(2) Fast Servers:
The level of connectivity of your web hosting provider to the Internet is very important. So you should choose a web hosting provider with at least a T3 connection to the major Internet backbone. Analysis has shown that the average web visitor waits for about 30 seconds before your web page loads. So if your web site takes more than 30 seconds to load, chances are that you will loose a lot of visitors and consequently sales.

(3) Server Backups:
To make your data secure, your web hosting provider must have a power backup system and should backup the data to an external device in order to prevent the data loss due to failure. Check how frequently the web hosting provider backups the data, i.e. daily or weekly.

(4) Disk Space and Bandwidth:
Choose a web hosting provider that meets your disk space and bandwidth requirements. Most web hosting providers offer 1 GB to 3 GB of disk space, so if your web site is not mainly a download resource, then this factor is not that important for you. However, as regards the bandwidth, it should be as much as possible because your traffic can increase in the future thereby requiring more data transfer. Also check that you have the option of buying more disk space and bandwidth when required.

(5) Unrestricted CGI, SSH, FTP access & Anonymous FTP:
If you have a professional web site, you will need to run CGI scripts, have SSH (Secure Shell) access and FTP access. CGI and FTP access is provided by most web hosting providers whereas SSH access is provided by a few. You may also need to check if anonymous FTP access is provided.

(6) Software/Scripts:
Choose a web hosting provider that has an extensive script library that you can use to add guestbooks, forms, surveys, newsletters etc to your web site.

(7) E-commerce capabilities and SSL:
Choose a web hosting provider that provides you with e-commerce capabilities with shopping cart software and also merchant accounts. The web hosting provider must also have an SSL secure server for safe and risk-free transactions.

(8) Web-Based Administration:
Almost all web hosting providers nowadays provide a control panel to access and manage web site features. Ask for a demo of their control panel if possible and check to make sure that it is simple as well as comprehensive. The control panel should provide access to FTP, e-mail, databases, e-commerce and all other functions for effective web site management. VDeck 2.0 and CPanel are the leading brands of administration control panels.

(9) Full e-mail services:
Choose a web hosting provider that provides both POP3 and IMAP e-mail accounts, web-based e-mail, autoresponders, mailing lists, forwarding accounts and antivirus and spam filtering software.

(10) Moneyback Guarantee:
If the Web hosting provider gives a moneyback guarantee, it's even better because it makes you absolutely risk-free.

(11) 24/7/365 Customer Support:
The web hosting provider should provide as many support channels as possible including an FAQ section, a knowledgebase, video and flash tutorials, toll-free support, e-mails support, live chat support and a community forum. Try e-mailing the web host a couple of times to check how quickly they respond to your request. The customer support should be as prompt as possible and should be available 24 hours a day, 7 days a week and 365 days a year. This is crucial because if you run into problems and the support staff is not receptive or knowledgeable, you will be helpless.

Source: http://www.WebArticles.com/

Domain Name System

2010-04-12T12:06:00.002+07:00

The Domain Name System or DNS is a system that stores information about hostnames and domain names in a type of distributed database on networks, such as the Internet. Of the many types of information that can be stored, most importantly it provides a physical location (IP address) for each domain name, and lists the mail exchange servers accepting e-mail for each domain.

The DNS provides a vital service on the Internet as it allows the transmission of technical information in a user-friendly way. While computers and network hardware work with IP addresses to perform tasks such as addressing and routing, humans generally find it easier to work with hostnames and domain names in URLs and e-mail addresses. The DNS therefore mediates between the needs and preferences of humans and of software.

A brief history of the DNS
The practice of using a name as a more human-legible abstraction of a machine's numerical address on the network predates even TCP/IP, all the way back to the ARPAnet era. Originally, each computer on the network retrieved a file called HOSTS.TXT from SRI (now SRI International) which mapped an address (ex. 145.97.39.135) to a name (ex. www.example.com.) The Hosts file still exists on most modern operating systems either by default or through configuration and allows users to specify an IP Address to use for a hostname without checking the DNS. This file is now used primarily for troubleshooting DNS errors or mapping local addresses to more organic names. Such a system had inherent limitations, because of the obvious requirement that every time a given computer's address changed, every computer that wanted to communicate with it would need an update to its Hosts file.

The growth of networking called for a more scalable system: one which recorded a change in a host's address in one place only. Other hosts would learn about the change dynamically though a notification system, thus completing a globally accessible network of all hosts names and their associated IP Addresses. Enter the DNS.

Paul Mockapetris invented the DNS in 1983; the original specifications appear in RFC 882 and 883. In 1987, the publication of RFC 1034 and RFC 1035 updated the DNS specification and made RFC 882 and RFC 883 obsolete. Several more recent RFCs have proposed various extensions to the core DNS protocols.

How the DNS works in theory

Meet the players
The practical operation of the DNS system consists of three players:

The DNS resolver, a DNS client program which runs on a user's computer and generates DNS requests on behalf of software programs;
The recursive DNS server, which searches through the DNS in response to queries from resolvers and returns answers to those resolvers;
and,

The authoritative DNS server which hands out answers to queries from recursors, either in the form of an answer, or in the form of a delegation (i.e. referral to another authoritative DNS server).

Understanding the parts of a domain name
A domain name usually consists of two or more parts (technically labels), separated by dots.

The rightmost label conveys the top-level domain (for example, the address en.wikipedia.org has the top-level domain org).
Each label to the left specifies a subdivision or subdomain of the domain above it. Note that "subdomain" expresses relative dependence, not absolute dependence: for example, wikipedia.org comprises a subdomain of the org domain, and en.wikipedia.org could form a subdomain of the domain wikipedia.org (in practice, however, en.wikipedia.org actually represents a hostname - see below). In theory, this subdivision can go down to 127 levels deep, and each label can contain up to 63 characters, as long as the whole domain name does not exceed a total length of 255 characters. But in practice some domain registries have shorter limits than that.
Finally, the leftmost part of the domain name (usually) expresses the hostname. The rest of the domain name simply specifies a way of building a logical path to the information required; the hostname is the actual target system name for which an IP address is desired. For example, the domain name en.wikipedia.org has the hostname "en".
The DNS consists of a hierarchical set of DNS servers. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains "beneath" it. The hierarchy of authoritative DNS servers matches the hierarchy of domains. At the top of the hierarchy stand the root servers: the servers to query when looking up (resolving) a top-level domain name.

An example of theoretical DNS recursion
An example may clarify this process. Suppose an application needs to find the IP address of www.wikipedia.org. It puts this question to a local DNS recursor.

Before starting, the recursor has to know where to find the root servers; administrators of recursive DNS servers manually specify (and periodically update) a file called the root hints which specify recently known IP addresses of these servers, from which the DNS server can obtain a current complete list.
The process starts by the recursor asking one of these root servers - for example, the server with the IP address "198.41.0.4" - the question "what is the IP address for www.wikipedia.org?"
The root server replies with a delegation, meaning roughly: "I don't know the IP address of www.wikipedia.org, but I do know that the DNS server at 204.74.112.1 has information on the org domain."
The local DNS recursor then asks that DNS server (i.e. 204.74.112.1) the same question it had previously put to the root servers, i.e. "what is the IP address for www.wikipedia.org?". It gets a similar reply - essentially, "I don't know the address of www.wikipedia.org, but I do know that the DNS server at 207.142.131.234 has information on the wikipedia.org domain."
Finally the request goes to this third DNS server (207.142.131.234), which replies with the required IP address.
This process utilises recursive searching.

Understanding domain registration and glue records
Reading the example above, you might reasonably wonder: "how does the DNS server 204.74.112.1 know what IP address to give out for the wikipedia.org domain?" In the first step of the process, we noted that a DNS recursor has the IP addresses of the root servers more-or-less hard coded. Equally, the name servers that are authoritative for the Top-Level Domains change very infrequently.

However, the name servers that provide authoritative answers for common domain names may change relatively often. As part of the process of registering a domain name (and at any time thereafter), a registrant provides the registry with the name servers that will be authoritative for that domain name; therefore, when registering wikipedia.org, that domain is associated with the name servers gunther.bomis.com and zwinger.wikipedia.org at the .org registry. Consequentially, in the example above, when the server identified by 204.74.112.1 receives a request, the DNS server scans its list of domains, locates wikipedia.org, and returns the name servers associated with that domain.

Name servers in delegations are listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. Since this can introduce a bootstrapping problem when the name of the nameserver is in the domain about which nothing is yet known, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. This record is called a glue record.

DNS in practice
When an application (such as a web browser) wants to find the IP address of a domain name, it doesn't necessarily follow all of the steps outlined in the Theory section above. We will first look at the concept of caching, then outline the operation of DNS in "the real world".

Caching and time to live
Because of the huge volume of requests generated by a system like the DNS, the designers wished to provide a mechanism to reduce the load on individual DNS servers. The mechanism devised provided that when a DNS resolver (i.e. client) received a DNS response, it would cache that response for a given period of time. A value (set by the administrator of the DNS server handing out the response) called the time to live, or TTL defines that period of time. Once a response goes into cache, the resolver will consult its cached (stored) answer; only when the TTL expires (or until an administrator manually flushes the response from the resolver's memory) will the resolver contact the DNS server for the same information.

Propagation time
An important consequence of this distributed and caching architecture is that changes to the DNS are not always immediately effective globally. This is best explained with an example: If an administrator has set a TTL of 6 hours for the host www.wikipedia.org, and then changes the IP address to which www.wikipedia.org resolves at 12:01pm, the administrator must consider that a person who cached a response with the old IP Address at 12:00pm will not consult the DNS server again until 6:00pm. The period between 12:01pm and 6:00pm in this example is called propagation time, which is best defined as a period of time that begins when you make a change to a DNS record and ends after the maximum amount of time specified by the TTL expires. This essentially leads to an important logistical consideration when making changes to the DNS: not everyone is necessarily seeing the same thing you're seeing. RFC1537 helps to convey basic rules for how to set the TTL.

DNS in the real world
In the real world, users do not interface directly with a DNS resolver - they interface with programs like web browsers (Mozilla Firefox, Safari, Opera, Internet Explorer etc.) and mail clients (Outlook Express, Mozilla Thunderbird etc.). When users make a request which requires a DNS lookup (in effect, virtually any request that uses the Internet), such programs send a request to the DNS resolver built into their operating system.

The DNS resolver will almost invariably have a cache (see above) containing recent lookups. If the cache can provide the answer to the request, the resolver will return the value in the cache to the program that made the request. If the cache does not contain the answer, the resolver will send the request to a designated DNS server or servers. In the case of most home users, the Internet service provider to which the machine connects will usually supply this DNS server: such a user will either configure that server's address manually or allow DHCP to set it; however, where systems administrators have configured systems to use their own DNS servers, their DNS resolvers will generally point to their own nameservers. This name server will then follow the process outlined above in DNS in theory, until it either successfully finds a result, or does not. It then returns its results to the DNS resolver; assuming it has found a result, the resolver duly caches that result for future use, and hands the result back to the software which initiated the request.

As a final level of complexity, some applications such as Web browsers also have their own DNS cache, in order to reduce use of the DNS resolver library itself, which can add extra difficulty to DNS debugging, as it obscures which data is fresh, or lies in which cache. These caches typically have very short caching times of the order of 1 minute.

Other DNS applications
The system outlined above provides a somewhat simplified scenario. The DNS includes several other functions:

Hostnames and IP addresses do not necessarily match on a one-to-one basis. Many hostnames may correspond to a single IP address: combined with virtual hosting, this allows a single machine to serve many web sites. Alternatively a single hostname may correspond to many IP addresses: this can facilitate fault tolerance and load distribution, and also allows a site to move physical location seamlessly.
There are many uses of DNS besides translating names to IP addresses. For instance, Mail transfer agents use DNS to find out where to deliver E-mail for a particular address. The domain to mail exchanger mapping provided by MX records accommodates another layer of fault tolerance and load distribution on top of the name to IP address mapping.
Sender Policy Framework controversially takes advantage of a DNS record type, the TXT record.
To provide resilience in the event of computer failure, multiple DNS servers provide coverage of each domain. In particular, thirteen root servers exist worldwide. DNS programs or operating systems have the IP addresses of these servers built in. The USA hosts, at least nominally, all but three of the root servers. However, because many root servers actually implement anycast, where many different computers can share the same IP address to deliver a single service over a large geographic region, most of the physical (rather than nominal) root servers now operate outside the USA.
The DNS uses TCP and UDP on port 53 to serve requests. Almost all DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. TCP typically comes into play only when the response data size exceeds 512 bytes, or for such tasks as zone transfer.

Types of DNS records
Important categories of data stored in the DNS include the following:

An A record or address record maps a hostname to its 32-bit IPv4 address.
An AAAA record or IPv6 address record maps a hostname to its 128-bit IPv6 address.
A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.
An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address. For example (at the time of writing), www.icann.net has the IP address 192.0.34.164, but a PTR record maps 164.34.0.192.in-addr.arpa to its canonical name, referrals.icann.org.
An NS record or name server record maps a domain name to a list of DNS servers for that domain. Delegations depend on NS records.
An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain.
An SRV record is a generalized service location record.
A TXT record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework specification.
Other types of records simply provide information (for example, a LOC record gives the physical location of a host), or experimental data (for example, a WKS record gives a list of servers offering some well-known service such as HTTP or POP3 for a domain).

Internationalised domain names
Domain names must use only a subset of ASCII characters, preventing many languages from representing their names and words natively. ICANN has approved the Punycode-based IDNA system, which maps Unicode strings into the valid DNS character set, as a workaround to this issue, and some registries have adopted IDNA...

DNS software
Various flavors of DNS software implement the DNS, including:

BIND (Berkeley Internet Name Daemon)
djbdns (Daniel J. Bernstein's DNS)
MaraDNS
VitalQIP (Lucent Technologies)
Adonis DNS Management Appliance (BlueCat Networks Inc)
NSD (Name Server Daemon)
PowerDNS
Microsoft DNS (in the server editions of Windows 2000 and Windows 2003)
DNS-oriented utilities include:

dig (the "domain information groper")

Legal users of domains
Registrant

No one in the world really "owns" a domain name except the Network Information Centre (NIC), or domain name registry. Most of the NICs in the world receive an annual fee from a legal user in order for the legal user to utilise the domain name (i.e. a sort of a leasing agreement exists, subject to the registry's terms and conditions). Depending on the various naming convention of the registries, legal users become commonly known as "registrants" or as "domain holders".

ICANN holds a complete list of domain registries in the world. One can find the legal user of a domain name by looking in the WHOIS database held by most domain registries.

For most of the more than 240 country code top-level domains (ccTLDs), the domain registries hold the authoritative WHOIS (Registrant, name servers, expiry dates etc). For instance, DENIC, Germany NIC holds the authoritative WHOIS to a .DE domain name.

However, some domain registries, such as VeriSign, use a registry-registrar model. There are hundreds of Domain Name Registrars that actually perform the domain name registration with the end-user, such as eNom. By using this method of distribution, the registry only has to manage the relationship with the registrar, and the registrar maintains the relationship with the end-uers, or 'registrants'. For .COM, .NET domain names, the domain registries, VeriSign holds a basic WHOIS (registrar and name servers etc). One can find the detailed WHOIS (Registrant, name servers, expiry dates etc) at the registrars.

Since about 2001, most gTLD registries (.ORG, .BIZ, .INFO) have adopted a so-called "thick" registry approach, i.e. keeping the authoritative WHOIS with the various registries instead of the registrars.

Administrative Contact

A registrant usually designates an administrative contact to manage the domain name. In practice, the administrative contact usually has the most immediate power over a domain. Management functions delegated to the administrative contacts may include (for example):

the obligation to conform to the requirements of the domain registry in order to retain the right to use a domain name
authorisation to update the physical address, email address and telephone number etc in WHOIS
Technical Contact

A technical contact manages the name servers of a domain name. The many functions of a technical contact include:

making sure the configurations of the domain name conforms to the requirements of the domain registry
updating the domain zone
providing the 24x7 functionality of the name servers (that leads to the accessibility of the domain name)
Billing Contact

Self-explanatory, the party whom a NIC invoices.

Name Servers

Namely the authoritative name servers that host the domain name zone of a domain name.

Politics
Many investigators have voiced criticism of the methods used currently to control ownership of domains. Most commonly, critics claim abuse by monopolies or near-monopolies, such as VeriSign, Inc., and problems with assignment of top-level domains. The international body ICANN (the Internet Corporation for Assigned Names and Numbers) oversees the domain name industry.

Truth in Domain Names Act
In the U.S.A, the "Truth in Domain Names Act", in combination with the PROTECT Act, forbids the use of a misleading domain name with the intention of attracting people into viewing a visual depiction of sexually explicit conduct on the Internet

Source: http://en.wikipedia.org/wiki/Domain_names

How to Protect your Wireless Network

2010-04-12T12:06:00.001+07:00

Having a home wireless network means that you can say goodbye to ethernet cables forever and turn every room into your office. But if you don't have the right security half your neighbours could end up poaching your broadband.

Protecting your network is essential if you want to keep your broadband fast, private and hacker-free.

There are a few ways to protect yourself and there are also different levels of security, from basic to the more advanced. But once these settings have been saved you will be safe and secure and ready to log on wherever you are.

Wireless encryption

To protect yourself from hackers you need to set up a WEP or WPA Personal (WPA-PSK) key.

WEP is a simple 64 or 128Bit encryption but offers limited security and is relatively easy to break
WPA-PSK, in the forms of WPA-TKIP which offers better security and is backwards compatible with older routers and USB keys, and WPA2-AES which offers the best security and better wireless performance but which is not compatible with all older hardware

You can set up your encryption key when setting up your wireless router, and there should be an explanation of how to do so in your instruction manual.

Internet security

In addition to having an encryption key, you also need to install a few other things:

A firewall
Anti-virus software
Anti-spyware software
Anti-phishing software

You also need to ensure that any software that you have installed is always up-to-date. Hackers are continually updating their methods and developing new viruses so make sure that you regularly run live updates on the internet to make sure that your version of windows and your anti-virus software is also up-to-date.

Name your wireless

Giving your wireless signal a name, or a service set identifier (SSID), is an easy way of identifying it and can be set at the time of installation. Doing this will also allow you to enhance your security settings using wireless isolation.

Wireless isolation

This is a way of hiding your wireless network so that other people cannot "see you", making your network more private. Once you have set your SSID then you can change the settings on your router to isolate your wireless, making you "invisible".

Access lists

Access lists give an added level of security to your network. As well as having to have the password for your network, any user's computers would also have to be on the access list. They would be identified by the computer's MAC code (like a fixed address) via the router.

Now that you have set your security, you can rest assured that no one else is using your broadband or hacking into your files.

By Michael Phillips

Spam Epidemic Could Make E-Mail Obsolete

2010-04-12T12:05:00.000+07:00

Companies may become increasingly reliant on text messages and other digital communication.

Due to increasing levels of spam, companies may soon have to look beyond e-mail as the primary method of communicating with employees and customers, according to a new study.

In 2007 alone, it is predicted that nearly 97 billion e-mails will be sent daily worldwide, 40 billion of which will be spam messages, the study found.

In a recent report forecasting worldwide e-mail usage over the next five years and published by Framingham, Mass.-based market-intelligence firm IDC, this is the first year that spam e-mail volumes are expected to exceed person-to-person e-mail volumes sent worldwide.

As a result, IDC predicts that annual e-mail growth will slow down, and continue to be replaced by alternative forms of communication, such as text messages, instant messaging, and VoIP calling, especially among younger consumers.

"Spam volumes are growing faster than expected due to the success of image-based spam in bypassing antispam filters and of e-mail sender identity spoofing in getting higher response rates," Mark Levitt, program vice president for IDC's Collaborative Computing and Enterprise Workplace research, said in a statement.

IDC believes that businesses can best respond to the increasing threat of spam by acknowledging other emerging forms of communications that Internet solution providers will begin to offer customers. The study found these other options will eventually make it "more difficult for e-mail to maintain its status as the leading mission-critical electronic communications method."

IDC also suggests that businesses deploy multiple layers of antispam software and appliances at their company, and ensure that these programs are updated regularly in order to increase their effectiveness over time. Providing equal access to e-mail from both desktop and wireless access devices through Ajax and push e-mail programs, will help to reduce the volume of incoming spam mail to businesses, IDC says.

By Tamara Schweitzer

The Danger of Using the Same Password For All Websites

2010-04-12T12:04:00.002+07:00

With most businesses moving towards the Internet, it is very common for one to have multiple online accounts. You might have online accounts for your bank, credit card, E-Bay, PayPal, Google Gmail, Hotmail, blogs, etc. Every time before you open a new account online, do you stop and ponder whether you should use the same password?

While using the same password saves you the hassle of having to remember multiple passwords for various websites, it also makes it easier for hackers to hack into your accounts. Let's say you are using the same password for your Bank of America online savings account, CitiBank credit card, and Hotmail account. If your use name and password for Hotmail are stolen, the intruder will try to use the same user name and password on various websites (including Bank of America and CitiBank) to see if they can break into your accounts. When one of your accounts is breached, you are risking all of your accounts to be breached.

You can avoid this security risk by using a different user name and password each time you open a new account online. But how are you going to keep track of all the different user names and passwords for these accounts?

Some browsers (like Internet Explorer or FireFox) save your user names and passwords for you so that you don't have to retype them each time you come back to the same site. However, the data can easily be deleted by other users if you are sharing your computer with others. If you hard drive crashes, you will lose all the data that the browser saved for you.

Some websites provide a "Remember Me" checkbox so that you can bypass the login page the next time you visit the same site. These websites rely on your browser's "cookies" in order for this to work. A cookie is a hidden text file that is generated by the browser behind the scene. It can contain your user name, password, and any other personal information that the site needs to keep track of your browsing behavior.

One disadvantage of cookies is that they expire after certain period. The expiration date is set by the author of the site. The expiration date can range from 1 minute to a few years. Once expired, the cookie will automatically be deleted by your browser behind the scene and you will be prompted to type in your user name and password again. Cookies can also be deleted by others if you are sharing your computer.

Relying on your browser to keep track of you user name and password is not a safe bet. You need a more reliable tool to keep track of you login information. That reliable tool is called Password Manager. A good example of password manager is RoboForm. RoboForm encrypts all your website logins and keep them away from potential hackers. You can easily retrieve your use name and password with a click of the mouse. RoboForm automatically fills out the user name and password fields on the site and log on for you.

Download a free trial version of RoboForm and find out how easy it is to organize and automate your logins.

By Ivertech Software Central

Understanding What Voip Phone Service Is

2010-04-12T12:04:00.001+07:00

Voice over internet protocol is what voiP stands for and the ingenious technology allows you to use your internet connection to place and receive phone calls in and around the country as well as international calls. You can do away with traditional dial up phone services and save money as well. The technology is all the same from provider to provider, but the pricing and plans are significantly different. If you use a phone for your voiP service, you just dial the number and connect, if you use your computer, you simply punch in the number and wait for the person to answer.

The only thing you need to have in order to use the voiP phone service is cable or DSL because voiP needs to have a high-speed internet connection. Another thing most people do not know about this type of phone service verses the home landline is that you pay no taxes or other fees that local telephone services charge. The technology has allowed many businesses and individuals to lower their cost of phone service and make more calls then what they could before. You only need a few things to use a voiP server and have affordable phone service.

You will need an ATA box that connects your phone and computer to the modem, which connects you to the internet. If you are in a home situation, you can hook the main base of a cordless phone up to the ATA and the other extensions will work as well. You will want to hook your computer up so as to talk on the voiP phone sever and search the internet as well. With all the new technology, we see today, we might just wonder what is next. As far as that goes, the features and options are endless where voiP phone systems are concerned.

By Carl Walker

VPN Explained - The Basics Of VPN Simplified

2010-04-12T12:03:00.002+07:00

The question of exactly how to explain or define a VPN is one that is often up for discussion amongst today's network consumers and communications providers. If we look at the literal definition of the words virtual private network, it can help to understand what is, and what is not, a VPN .

Using Webster's dictionary definitions of the component words, a VPN should have the following attributes:

Virtual - defined as "being such practically or in effect, although not in actual fact or name." Therefore, the first part of the answer to our question "what is a VPN" is that it is something that acts like a hard-wired network, but is actually not.

Private - defined as "of, belonging to, or concerning a particular person or group; not common or general." So, a VPN should be one where the consumer has exclusive use of the network links. (Note, this is different from a Secure Network, which may be a private or public network.)

Network - defined as "a system of computers interconnected by telephone wires or other means in order to share information." This is the goal of a VPN or any other type of network.

VPN explained in this manner is a network technology which gives the owner the ability to share information with others on the network by means of a private, exclusive link that is created by a method other than hard-wires or leased lines; usually via the internet. Before the internet, computers in different offices, cities or even countries could only talk to each other like people could - through telephone wires. As the needs for this type of communication grew, telephone lines became replaced by higher volume wires, like T3 circuits, but the concept was the same. For computer A to talk to computer B, there had to be a physical wire connection. For security reasons, you would want to make sure that only your 2 computers used that line, so you would contract with a vendor to "lease" that circuit. However, this type of network was expensive and difficult to expand, not to mention difficult for the client to have control over.

With the advent of the internet, connections no longer needed to be physical. As long as each computer has access to the internet, information can be shared using local ISP circuits, across the internet, and to the recipient in much the same way that it was when the computers were physically connected. This is why the way VPN works is considered a "virtual" network; the entire connection is not hard-wired.

The aspects of VPN explained in this article so far have not yet discussed an ever present concern in today's world - security. In an old WAN arrangement, the security of data transmission could rely entirely on the provider's guarantees. Today, however, a VPN keeps information private by means of encryption on both the sending and receiving end. There are a variety of encryption protocols, depending on what a company's needs are, who they need to communicate with (and therefore be compatible with), etc. The data is not only encrypted, but it is encapsulated, meaning it is sent in its own private "tunnel" or connection across the internet. No one can see the data, and even if they could, they can't decipher or change it. In this way, information can be sent across the internet without being susceptible to interception or corruption by those who are outside of the VPN.

In order to create a virtual private network, you would need to decide who needs to share information, in what directions, and how often. Next you would need to prepare a listing of the hardware and software systems you are currently using at each location. You might very well need to make changes so that the computers can talk to each other easily. You'll also want to consider just how important it is that your data remains secure, as this will have an impact on what type of protocol you select. Preparing this information will have you educated for the discussions you will need to have with potential vendors.

By Van Theodorou

Home Networking - Wireless or Wired

2010-04-12T12:03:00.001+07:00

There are several methods for networking your home or small office computers. The simplest and most cost effective home networks technologies we will look at today are Wired and Wireless networks and the Pro's and Con's of each.

Wired Networks

Wired networks are seen as the most stable and reliable form of networking by people as this technology has been around for a long time.

Wired networks are great to use when you have the space and ability to run network cables through your house. In return for this effort you get a secure and reliable network with good data transfer speeds. This means that you will be able to send information from one computer to another one quickly.

A wired network is seen as more secure as any malicious users will only be able to get into your systems through your external internet connection or by connecting a wire directly to your router, switch or hub. Even then this problem can be contained through the use of firewalls, sophisticated routers or in the later case by not letting strangers into your house who are trying to run a network cable to their machine.

A wired network is seen as more reliable as the signal is sent over wires and not broadcast over a relatively uncontrollable area. Your network speeds and quality are not affected by weather conditions, thickness of walls etc.

With a wired network you can expect speeds from between 10Mbps with older technology up to 1000Mbps with newer hardware. This allows for excellent data transfer speeds between machines allowing for fast sharing of data and files over your network.

The price for wired home networking hardware is extremely cheap as the technology has been around for a long time and there is a lot of competition from manufacturers keeping the prices down. You can get a basic router or network hub from £10 - £40 pounds that will allow you to share your internet connection and files across multiple machines. A basic network card should cost between £5-10 with the faster 1000Mbps cards costing from £5-£15 each.

Replacing faulty wiring can be tricky and expensive if you have hidden it away behind your walls. Another bad aspect of having wires is that each machine must have a wire running from it to the router or hub. This may be ok when you can have the wires hidden away in the bedroom or the office but what if you want to use your laptop in the middle of your kitchen or living room. Do you really want wires running across the floor causing potential trip hazards amongst other things?

Wireless

Wireless networking offers many great advantages. The biggest advantage is portability. You can take your wireless laptop from your living room to your kitchen to your bedroom and still have access to all of your files and internet. This is great for using recipies from the internet right down to doing a little work in front of the TV.

Another advantage of going wireless is that you do not have to hide lots of wires going between your machines and router. This makes everything look tidier and more clutter free whilst also removing potential trip hazards from lots of loose cabling.

A wireless connection can be affected by many outside factors that you must take into consideration. A wireless signal can be seriously affected by the thickness of your walls, floors and also how many other wireless connections are in your area. With thick floors and walls your signals can become distorted or even wiped out causing problems transmitting and receiving information.

There are solutions on the market to increase the power of your wireless transmitters and receivers which would increase connectivity issues in the event that they occur.

Security is not a problem as such for wireless as long as you properly secure your network. The simplest form of protection is to use something called a WEP key. A WEP key is used on both the computer and wireless router and acts as a code between the two machines to keep data encrypted. If someone does not have the key they should not be able to access your network. There are further options available depending on your chosen wireless router to increase the level of security.

By not securing your wireless network you are essentially leaving the front door of your network and internet connection open to anyone who wishes to connect using their own wireless equipped computers.

Final Thoughts

As you can see, both technologies serve the same purpose but with different pro's and con's. If you are looking for an easy clutter free solution with increase mobility then I would recommend attempting a wireless network setup as long as you ensure that you set at least WEP encryption to protect your computers and internet connection from unauthorised access.

If you are looking for a slightly more secure and reliable connection then go with a wired setup. A wired setup should bring you faster networking speeds with the disadvantage of having to have wires running between devices.

By James Streep

DSL Broadband Explained

2010-04-12T12:02:00.000+07:00

DSL Broadband Access Technology

DSL broadband technology supplies significantly faster data transfer speeds than dial-up Internet, without a huge investment. It is a cost effective and convenient permanent connection.

What is DSL Broadband Technology?

Digital Subscriber Line (DSL) is a proven standard 'always on' alternative to Integrated Services Digital Network (ISDN) and other leased line options, with affordable installation and service costs. Simply installing DSL on your existing phone line and purchasing a DSL modem/router allows businesses of all sizes to access high speed broadband at a relatively low cost.

DSL refers to technology and equipment deployed on the existing copper wire telephone infrastructure to enable multi-channel, high speed access. The single twisted-pair phone line is converted to enable it to be used for high-speed data transmission, without disrupting the telephone signal.

Copper wire lines are designed to carry voice or modem signals of a frequency band up to 3.4 kHz, providing maximum data speeds of 56kbps. With broadband technology, higher data speeds are possible by utilising a broader range of frequencies. Each range of frequencies acts as a separate channel on the same copper wire to enable additional data to be transmitted, providing greater bandwidth availabilities for business applications.

Asymmetrical (ADSL) VS Symmetric (SDSL)

ADSL allows data to be transferred at different speeds: the downstream (downloading) data speeds are faster than upstream (uploading) data speeds.

SDSL allows data to be transferred at identical speeds both downstream and upstream with guaranteed throughput. For data applications needing high-upstream bit rates, such as Voice over IP, symmetric DSL delivers a fully inter-operable solution.

By Katrina Lee-Archer

What Are The Best Google AdSense Alternatives?

2010-04-09T12:23:00.000+07:00

Google AdSense has been revolutionary in terms of providing a way for webmasters to earn revenue from their web sites, particularly for smaller businesses. But are there any good alternatives to Google AdSense?

It is not usually a good idea to put all your eggs in one basket, so you should identify several alternatives. By doing this you may even discover an alternative that is more lucrative for your site, and at the very least you will be prepared in case something happens to AdSense.

Let's look at some of the best alternatives to Google AdSense advertisements on your web site.

Chitika Instead of displaying the same old advertising units with text and image ads, Chitika provide active boxes that show targeted products from various manufacturers. Chitika boxes can even show an ad box containing a product alongside several competitors' products.

Yahoo! Publisher Network At the time of writing this Yahoo! Publisher Network is still in Beta mode but once it is fully released it should be a viable alternative to Google AdSense. As with AdSense you can provide your web visitors with contextual ads. Yahoo conveniently offers four ways to receive payment including PayPal. That will be welcomed by many international webmasters who grow old while waiting for US checks to arrive and then get cleared through their banks.

Sell Advertising Spots This is a traditional alternative, but it is still a good one. If you have a strong customer base you should be able to find advertisers to purchase advertising spots on your web site. You can sell spots by the month and offer a discounted option for six and twelve months.

Write Affiliate Advertisements If you don't want to spend time trying to attract traditional advertisers you can make your own ads for affiliate products. Check out the thousands of products at ClickBank or Commission Junction. Select several products that closely match your visitors' interests. Now write affiliate ads, or use image ads with your own affiliate link.

CBprosense If you don't want to manually write your own affiliate ads for ClickBank products then you could consider automating the process with CBprosense. It is a tool that will spider your site, analyze its content and then deliver a list of relevant links to the best performing products in the ClickBank marketplace.

These are five of the best alternatives to Google AdSense advertising. There are many more and several that promise to deliver contextual ads. However I suggest that whenever you are considering an alternative that promises contextual ads, do a quick check through your favorite search engine or webmaster forum to see if anyone is actually making any revenue by using their service. It is one thing to promise the technology, and another altogether to have sufficient advertisers to constantly deliver appropriate ads to your site.

By Daniel Moro

7 Things You Didn't Know Adobe Illustrator Could Do

2010-04-09T12:22:00.000+07:00

01. The Blend Tool / Adding Lines Between Lines…

We’ve all seen those fancy cool looking vectors where lots of evenly spaced lines curve around some complicated graphics. It can really help to add movement and interest to a design and its really easy to do. This tool is how you do it.
Draw two lines with the pen tool (Hot key =”p”). Now select the blend tool (Hot key=”W”). If you would like to set some options up (eg how many lines will appear between the two you have drawn) then press “return”. On nearly all the tools this will bring up an option window where you can play about with settings. When you are ready simply select one of the lines you have drawn with the blend tool and then select the other line.

Blend 1

And… Bing, you should have a blend between the two lines. Enjoy…

Blend 2
02. The Mesh Tool / Adding Shading To A Shape…

Ok this one can get very complicated. Some have been able to create photo realistic images using this technique. However we will just use it on a simple circle. So press “L” for the circle tools and draw yourself a circle, using the shift key to keep it from distorting into an oval shape.

Mesh Tool

Make sure the circle has a fill in it and that it is selected, then press the “U” key for the mesh tool.

Now make a selection anywhere within the circle and select a different colour. The point which you made the selection will evenly gradient into the outer colours.

You can also use the direct selection tool (Hot key “a”) to select the nodes and change their colours and positions as well. Using these techniques you can create very complex meshes which can add depth and shadow to illustrations or shapes.
03. 3D / Entering The Next Dimension…

Did you think that Illustrator was limited to 2D flat vector shapes? Will it isn’t. Adobe have recently (CS1) introduced a piece of the future into Illustrator which I’m sure will become more and more advanced as time goes on. Ladies and Gents… The 3D effect.

So press “M” and draw yourself a box. When it is selected go to Effect > 3D > Extrude and Bevel. You will now be faced with a configuration window. I’d suggest you select the “preview” option so you can see whats going on.

Illustrator 3D Example 1
Have a play with the options and you can easily create simple and effective 3D objects.

Illustrator 3D Example 2

If you wanted to flatten this all you have to do is go to Object > Expand Appearance and boom, you will have yourself a flattened 3D object which you can do what you want with…

Illustrator 3D Example 3
04. Patterns / Making Fills Interesting…

Ok, create your desired pattern using normal illustrator tools and effects and simply drag it into the swatches pallet.

Illustrator Pattern tool example 1

Next time you draw a shape select your pattern as its fill and bobs your uncle, you have a tiled pattern fill. You can also turn your pattern by using the selection tool (Hot key “v”) to select your object and then by pressing return. This will bring up the “move” options pallet where you can set the angle of a pattern.

Illustrator Pattern tool example 2
05. Symbol Sprayer / Splatter some vector…

Fed up with recreating tiny details with copy and paste? The symbol tool makes little details like this easy as pie.

Make a graphic and select it. Drag it into the symbols pallet.

Illustrator Symbol Example 1

Now select the symbol sprayer tool (hot key shift s). You will see that it sprayers your symbol onto the artboard. If you wish to add a little interest you can click and hold the symbol sprayer icon on the tool pallet and then select the symbol sizer tool and other symbol related tools.

Illustrator Symbol Example 2

Tip: Symbols can be made using transparency as well.
06. Blur / Smooth Out The Vector…

What was that – illustrator is too straight edged for you? Well have you seen the “blur” effect?

Illustrator Blur Example 1

Make a shape, select it and then simply go to Effect > Blur > Gaussian Blur. You will have a few options relating to the harshness of the blur. Select OK and your vector shape will be blurred. It will retain its blur and vector edit ability, so if you wish to change its shape it will continue to have that effect applied to it. Very handy for adding quick drop shadows or atmosphere.

Illustrator Blur Example 2
07. Transparency / Bringing Depth To Overlaying Shapes…

This one has saved me many times. Create a vector shape and duplicate it so that some areas are overlapping (you can do this by using the selection tool – hot key v) and whilst a shape is being moved press the alt key, this will duplicate it. If you want to duplicate the shape in exactly the same way again press option D).

Illustrator Transparency Example

Now to add some interest. Go to the transparency palette. There will be a dropdown menu currently selected at “normal”. Click it and select “multiply”. Notice the difference? Try some of the other transparency options.

Seven Things You Didn't Know Illustrator Could Do

Source: www.attitudedesign.co.uk

AJAX & SEO - Are They Compatible?

2010-04-09T12:20:00.000+07:00

Many travel and holiday websites are now utilizing AJAX. AJAX is not new, but it is developing into a major buzzword in IT departments and at web developers. It’s also a potential source of friction between IT/development and marketing.

AJAX is short for Asynchronous JavaScript and XML, a development technique designed to create interactive web applications. AJAX makes web pages faster loading and more responsive by exchanging small amounts of data with the server so that the whole page does not have to be reloaded each time the user requests a change. This is meant to increase the web page’s interactivity, speed, and usability. One of the “classic” AJAX applications that most people are familiar with is Google Maps.

There are some major benefits to implementing AJAX on a travel or holiday websites. It can assist in delivering an improved user experience through faster loading, improved page interactivity and enhanced visual presentation. There is also the benefit of reduced bandwidth usage as smaller packets of data are downloaded rather than whole web pages.

However, there is a price to pay for delivering this enhanced user experience. The problem is that search engines can’t see your AJAX delivered content or navigation as they are unable to run the Javascript code necessary to generate the HTML content. If the search engines cannot access your content or follow your navigational links you could be seriously restricting your site’s exposure in the search engines.

There is no doubt that AJAX is here to stay, at least until something better comes along. It’s also likely that the major search engines will become more adept at spidering and indexing AJAX generated content. However, until they do, the simple solution is to avoid using AJAX where it is not needed on your site. If you do intend to use AJAX make sure that your IT department or web developer create real links and HTML content to feed the spiders with.

By Mark Scriven

Basic steps for creating a good website

2010-04-09T12:19:00.000+07:00

The first point you should consider is understanding what information your website should contain. In most cases your website should have at least the following basic structure:
Home page

An introduction to your business, services and / or products About page - An overview of your business, future vision Services / Product page - An overview of your services / products Contact page - Provide all your business contact information, address, email, telephone, fax

There are many other web pages which you can add to your website but these pages will be determined by the type of business you own. Below are examples of other pages you may require for your website:
Resources page

A resource page can be used to structure information in to categories, this information can then be downloaded by website users. You can also charge a fee for users which want to obtain this information. In most cases free download information is a very useful method of driving web traffic to your website. The resources can be in different formats such as a word document, pdf document, video clip, audio clip, graphic file, power point presentation, there are many formats which can be used to deliver information to your website users. Informative download information is a great way to advertise your business, especially if the information your provide is free, this is also know as viral marketing.
Image gallery page

An image gallery page is a good way to visually present your business, for example if you are a property developer you may want to show before and after images of a property development or if your are a photographer you may want to compile a gallery of images in to categories which would provide a good method of demonstrating your work.
Payment processing page

A basic payment processing page can be a useful mechanism for accepting payments from your clients. More advanced payment processing is know as ecommerce. There are many payment processing providers such as PayPal or Google checkout. In most cases these payment processing providers will only charge a fee if a payment is made. Most banking payment processing has a monthly fee so you should consider and research which is the most cost effective for your business.

The above pages listed are only a few example of how you can create more interacting on your website. A good way to find out what else you can achieve is to simply look at what your competitors are doing.

Listed below are some of the most common requirements for an effective website:
Meta Tag Data

Meta tag data is used by search engines to find and correctly catalog your website. It is very important that the meta tag data you add to your website is relevant to your business. There are three main types of meta tag data:
Title Tag

The title tag is important for website design search engine optimisation. The title tag is used to form a part of a search engine result. It is important to keep your title tag short but also try to list the most common keywords in your web page title tag. Each web page on your website can contain a different title tag.
Keyword Tag

The keyword tag contains words or phrases that potential visitors will use in search engines to find your business website. The main text on your website should also contain these keywords. Each page on your website should focus on a specific keyword and the text information on this page should reflect against this chosen keyword.
Description Tag

The description tag is normally placed under your title tag and should contain a short description about your business. This is an opportunity for you to sell your products and services to your potential clients. Search engines use the description tag to form a basic description of your business in search results. It is advisable to keep your description tag short and straight to the point. Get your message about your business within the first two lines of description text.
Fonts

Keep your fonts (text type) simple. I would recommend Verdana or Arial font types. These fonts are easy and clear to read. Avoid fancy fonts which are difficult to read as this will only distract a user from the key information you are emphasising.
Colours

Use high contrast colour combinations on your website, for example if your background is a light colour use a dark colour for the text. I would recommend an off white colour for the background and a dark grey (all most black) colour for the text.
Compress your images

When adding images to your website it is advisable to compress the images using a graphic application. Your images should be set to 72dpi (dots per inch) for displaying on a computer monitor, high resolutions on a website pages will not affect the quality of the image being displayed. You should save your images using , .jpg or .gif format which are the most common format used when adding images to your website. .jpg images are suitable for complex images and .gif are suitable for simple banner of title images.
Designing your website template

In most cases it is advisable to design your website for 15" monitor which use an 800 x 600 screen resolution. Although you may have a large screen monitor, many of your website visitors may have a smaller screen size, by creating a website based on a smaller resolution you will be giving all your website users access to a website which can be viewed on any monitor size. In some cases you may require more space for your website so I higher resolution design will be required, this is OK but you should always consider the end user (website visitor) before making this decision. It is also possible to create a website which dynamically changes size based on the monitor size of the user but you normally loose a lot of control over the content layout when creating such a solution.

The above comments are only the basic considerations you should make before developing a website. Below I have listed some informative websites where you can obtain more information. A good web development company will provide free consultancy at the initial stages of developing your website.

http://www.w3schools.com/html/default.asp

http://www.htmlgoodies.com/primers/html/

http://www.htmlcodetutorial.com/

You can find many other website development resources by simply visiting your favorite search engine and typing in "website development help".

By Pankaj Shah

How To Incease Website Traffic Without Breaking The Bank

2010-04-09T12:18:00.002+07:00

Internet marketers often struggle with how to increase website traffic. Most internet marketers do not want to wait to increase website traffic.

To increase your website traffic you will need to provide your visitors with good, useful information, whether you are trying to sell them something or simply entertain them.

One effective method to increase website traffic is by having a search engine discover your website link on another website, versus submitting your link manually. This is because search engines like to see that other websites link to yours, and especially websites that are similar to yours (talks about the same thing).

Here are seventeen online and offline methods that will help you increase website traffic.

1. Offer free, original, and quality content on your site. This is, by far, the single most traffic-generating activity you can take part in.

* Make sure the content is helpful to your visitors. Provide your visitors the information they need to achieve their goal or solve their problem.

* Create a fresh piece of content every two days if you can, or at least once a week.

* Do not use content generators.

2. Focus your content on keywords related to your topic.

3. Start a newsletter for your web site. When people read each issue they'll be reminded to revisit your web site. Submit it to all the free e-zine directories on the internet.

4. Submit original articles to e-zines, web sites and magazines that accept article submissions. Include your business information and web address in a resource box. This is a great way to increase website traffic.

5. Start a blog. Post original content and articles at least twice a week and ping your blog when you post to it.

6. Give away an electronic freebie (like an eBook) with your ad on it. Allow your visitors to also give the freebie away.

7. Exchange links with other web sites that are closely related to the subject of your web site.

8. Participate in forums. Post answers to other people's questions, ask questions and post appropriate information. Include your signature file containing your website's URL at the end of all your postings.

9. Start your own online discussion community.

10. Hold free online classes or seminars. You will become known as an expert on the topic.

11. Get some vinyl decals or bumper stickers created and turn your car into a moving advertisement for your web site.

12. Use word of mouth. Tell everyone you know about your website, give out business cards to passers-by in the street, and so on.

13. Give visitors a free entry into a contest or sweepstakes.

14. Let visitors download free software such as freeware, shareware, demos etc.

15. Offer free online services or utilities from your website.

16. Give free consulting to people who visit your web site.

17. Put key words and phrases in bold or italics,

With consistent effort and some ingenuity, you can increase website traffic without breaking the bank.

By Jon Roussel

How does Strategy affect Design?

2010-04-09T12:18:00.001+07:00

Client: “Performance metrics, market landscape, product strategy? You don’t sound much like a designer. Shouldn’t we be discussing color options and page templates?”

Designer: “Design is the physical, or in this case digital, manifestation of your product strategy. Of course we could define your customers’ experience with ‘paint by number’. But I think you’d agree we should figure out what you want to say to your customers and why before we dive into how we’re going to say it.”

There are two ways to view Design here.

If you view it as creating interfaces to content, then you might stop short of talking about strategy. Instead, you would focus on how to display what you’ve got. Typography, grids, information hierarchy, big buttons, huge fonts, navigation bars, etc.

The other view that Luke alludes to is one that I believe we are moving toward, necessarily: having the designers in the strategy discussion alongside the “business strategy” people talking about the “what” as well as the “how”. (btw: this is the “strategy” part of the Bokardo Design: Interface design & strategy for social web applications). I would be doing both myself and my clients a disservice if I ignored how their business strategy can drive the design. A designer has done their job well when they have created an honest implementation of that business strategy.
Design is business

Let’s be plain about it: Design is business. We can’t go on with suspicious…accountability. Designers, who excel at making hard things easy to understand through an interface, need to be part of the business discussion. Giving them Word docs and telling them to “make it look good” won’t cut it anymore. There is no accountability there, and worse, at that point much of the potential for really giving users what they need is already lost. If the Word doc is garbage, then no matter what the designer does will fail. Garbage in, garbage out. The scope of possibility is cut down to a narrow fraction of what it could be…of what the designer could come up with if they only had some time to think about how the strategy affects the design. As Peter Merholz says: Experience is the product.
So how does strategy affect design?

Look at Amazon.com. Their strategy is to help people find the best products. If they are successful at doing that then they’ll sell more. They’ve had a million insights along the way, but one of their best ones was that creating tools like wish lists actually helped realize their strategy because it allowed people to remember what they wanted and in doing so caused them to return more often. Allowing users to add comments and ratings let them sift through crucial, unbiased 3rd party information that helps them make better decisions about what’s good or not. And looking at their site from a wider view we see that Amazon has a ton of social features just like these that work to varying degrees. What was a hard problem 10 years ago was made much easier by the amazing work of the Amazon team and their innovation.

I don’t think its the case that strategy isn’t affecting design. It is, it’s just not clear how. Most of the time there is not a direct conversion between the strategy and the interface. The two sides rarely even talk, actually. The strategists are off using terms like “conversion”, “user-generated content”, and “ROI” while the designers are opining about “grid-based design”, “cross-browser rendering”, or “web standards”. These conversations are great within their own culture, but we need to find the middle ground as well, where strategy and design use the same vernacular.

I wholeheartedly agree that design is the manifestation of strategy. In software, it’s the realization of the conversation channels that a company/organization can have with its users/customers. The richness, depth, and value of that conversation is a direct result of the design. Yes, the value of the conversation is a direct result of the design.

To give you an example of where design might adversely affect the conversation, consider the case of Digg.com. As I outlined in Digg’s Design Dilemma, much of the superficiality of the conversations on Digg result from some very critical design decisions they’ve made. This isn’t an accident! It’s a direct result of the design. (Interestingly, in February Digg removed their Top Diggers list)…serving as validation that Digg is aware of the impact these design decisions make.

Another example: every time you hear about Twitter and the job they’re doing there, people say how “simple” the service is. Simple is a great word for your users to use when praising your stuff, as it means that the communication is clear.

Finally, if designers are going to be successful, then our contribution must be measured. If we are to be accountable (and I think we should want to be), then we need responsibility. Handing off…not necessarily creating…but clearly articulating and then handing off your strategy to a designer is how you give them responsibility, not whatever responsibility comes from making something “look good”.

Designers need a place at the strategy table because their work depends on and is a direct result of it. If it’s not already, realizing the business strategy of the organization in an interface should be the designer’s primary job description.

Via bokardo.com

Corporate Web Standards

2010-04-09T12:17:00.001+07:00

We’ve all heard the fairy-tales about the prince kissing the princess, but the story just ends there; they both live happily ever after, riding off into the sunset, never to be seen again. But in real life, that’s just the beginning of the story—after the kiss and the sunset comes the hard work and the real relationship.

Most of us would kill for a fresh start—a website redesign allowing you to start a project with a blank canvas, fresh code, and no limitations or legacy issues to limit your implementation or creative freedom. We would develop accessible, usable, and standards-compliant websites that should ultimately stay that way as we move on to our next challenging project.

It’s a similar situation when getting a large organization on board with web standards. Upper management might have given standards the green light in your organization, but what unfolds next can be just like that first kiss—it’s only the beginning of a much longer relationship, and, just like real life, it can be fraught with troubles.
In the Beginning

Now that web standards have become the norm for corporate websites, many in-house developers are discovering a new phase of acceptance and implementation within many large online organizations—corporate web standards.

If you work in a large company, you may recognize some of these common scenarios:

* Your company has embraced the initial concept of web standards. You hire standards-aware developers and develop standards-compliant websites.
* Your website content is created by non-developers—producers, journalists, or any content-management system (CMS) users who are not advocates of web standards.
* Only you and the other front-end developers appreciate the benefits of web standards and accessibility.
* You work with multiple teams on large projects—but you don’t work for web-standards ideologues such as Clearleft, 37signals, or Happy Cog.
* The sales and marketing teams in your company do not feel a general need to make the web a better place, they just want to make money from your websites.

Those initial stages of converting your company to web standards are much like trying to score that first kiss with the princess. You seduce them with the business benefits of web-standards development, and the rest of the arguments we have all read, written, and preached to anyone who will listen.

Getting corporate web standards in place is a sign that the real relationship is about to begin. The honeymoon is over, and now it’s time to figure out what has gone wrong and why the prince and princess now seem to be constantly bickering—when they were meant to live happily ever after.
Life in the Castle

Most of us would kill for a fresh start—a website redesign allowing you to start a project with a blank canvas, fresh code, and no limitations or legacy issues to limit your implementation or creative freedom. We would develop accessible, usable, and standards-compliant websites that should ultimately stay that way as we move on to our next challenging project.

Once the site is complete, the code and products will maintain themselves through a CMS that does not alter your perfect code, initial templates will scale to allow new content to be added without any dramatic changes to architecture, and maintenance will be a breeze.

What? Who said it sounds too good to be true..?
The Ugly Reality

So what really happens when you let your website out into the live environment? You leave it alone for a few weeks and suddenly you discover:

* It doesn’t validate anymore.
* It breaks in major browsers you know you tested it in.
* There are JavaScript errors everywhere.
* Accessibility steadily declines.
* There are unclosed

tags littered all over the place.

My past development experiences have now taught me to stop and think about the bigger picture when dealing with large corporate websites. Problems like those mentioned above can be prevented—but first let’s see how they might occur.
The Perfect Project

Last year, I lead the development of a project where we had to produce eight large media websites, all to be completed in six months. This roughly translated into launching one website every three weeks, for six months in a row.

Not the ideal build, but business constraints do create some interesting development scenarios. The plan was to take a bit of extra time developing the initial templates for the first website, creating modular, re-usable components and templates, and then roll this out into the next seven websites over the remaining months.

The project was treated as top priority within the company and a core team was hand-picked from the mainstream business. We were all looking forward to getting our hands dirty with this project; this was our chance at a blank canvas and a fresh start.

The team consisted of producers, usability experts, designers, and many developers, and we were isolated from the rest of the company and moved into a separate building so we could concentrate solely on the task at hand. It was the perfect project.
The Reality of Implementation

Initial stages of the project began and soon enough chunks of the project would be completed, neatly packaged, and passed off to the next stage of design or development. It was a finely tuned assembly line—we weren’t cutting any corners, and were planning each step logically and carefully during those initial phases.

The code being produced was clean and semantic. Scalability was always our main consideration for future-proofing a project of this scale, so the initial templates were coded with care and developed with modularity in mind.
Sample of semantic, modular code for navigation elements

After a few weeks, the pressure began to build in our isolated building. As the launch date of our initial website approached, scope creep became a big problem. Stakeholders who signed off on designs beforehand would start to see final, assembled products and make fundamental architectural changes, as they had not fully understood the signed-off documents they had approved only weeks earlier.

As a reaction to these new demands, more teams were thrown at the project. New developers were brought in and parallel builds began on two projects at one time. This resulted in more progress, more templates being produced, and a much more aggressive build to remain on schedule.

The code became an angry, growing beast. The teams, sitting right next to each other in a small room, would be much too busy to take a break and discuss naming conventions, class names or IDs, and basic architectural concepts that had been developed at the inception of this project.

Cascading-style-sheet (CSS) bloat became a serious issue as developers were rotated on and off the project. The best solution for some templates was CSS skinning—simply adding another band-aid stylesheet onto the page which overwrote troublesome styles—and this became the preferred solution, instead of sorting out the underlying issues.
Sample of bloated code caused by company pressures

In the end, each site ended up different from the last. The scalability we intended at the beginning of the project did not exist, updating the websites was confusing, and templates were not modular or making sense to any of the regular staff that actually had to maintain the code on a daily basis.
The End Results

It may all sound horrible (or maybe horribly familiar), but this project was hardly a disaster. Most of the stakeholders involved at the beginning were extremely pleased with the results, and most of the developers walked out of it more experienced and with new skills learned in an intensely, short period of time.

All deadlines were met, with very few delays or glitches that might have been expected to occur with a project of this order of magnitude and timeframe. In an ordered chaos kind of a way, everything came together in the end—the team worked well, and we still had fun working on the project.

The code was good, but not perfect. This is where corporate web standards must be taken into account, and we really needed to assess what had actually been achieved.

With this project we succeeded in:

* Eliminating all table layouts from a majority of the network.
* Using the XHTML Transitional doctype for the first time on a project.
* Creating XHTML documents that were semantically rich.
* Increasing the general usability of navigation on the websites.
* Using lots of JavaScript with accessibility and search-engine optimization (SEO) in mind.
* Raising the baseline standards of development within the company.

We still talk about this project a year later. We complain about the code that is still difficult to maintain and ways we could have made it better, but the important thing is that we now have a new foundation upon which we base our standards. Every website we produce now has higher standards than those eight websites ever had in the past. We have moved progressively in a new direction for standards within the company without many of us collectively realizing it.
The Sometimes-Evil Witch
Corporate Web Standards Are Not Always Bad

Corporate web standards—doing work that is less than perfect—may seem like a negative thing to some people, but you have to understand the context of where we have come with web standards to actually appreciate that it is a good place to be as a developer within a large organization.

When I first started with my company more than three years ago, I was updating websites that were all table-based layouts, and working with developers who not only didn’t know web standards, but also mocked them. Since those initial days of maintaining these horribly unusable and difficult-to-maintain websites, we have managed many huge wins:

* Management listened to us when it came to hiring good developers.
* Our websites work in most browsers, not just Internet Explorer.
* We were allowed to start fresh with more projects.
* We hired information architects and started thinking about our users.
* CMS developers would listen to us, and not change our code anymore.

This paved the way for the web-standards talks with management, which led to projects such as the one mentioned above, that changed the development environment for the future.
Maturing Web Standards

Looking back a few years, our goals now are at a much higher level than they were back then:

* Validation errors still occur.
* Websites do not work perfectly in every browser.
* Accessibility is not perfect and can be improved.
* Download times are sometimes slow.
* JavaScript is not always being used properly.
* Usability challenges arise when introducing new technologies such as AJAX.

This is a much better place to be than where we were three years ago, but complacency is not what brought web standards to this level in the mainstream, and it’s not what will fix these problems that plague our websites right now.

So what can you do right now about the issues of corporate web standards in your organization?
Finding Your Way Out of the Forest
Baby Steps

Working in a large company, there are likely to be a lot of little things that keep you from producing—and more importantly, maintaining—a picture-perfect standards-compliant website. It’s not just one big issue, but multiple factors that contribute to a greater whole, and it can be a bit intimidating when taken altogether.

The answer is to take baby steps. Stop and have a look at all the problems that prevent you from doing the work you want to do, then start figuring out which ones need to be fixed first.

One at a time, you can slowly start to make improvements and see changes being made in people’s attitudes towards web standards, accessibility, and in technical implementation across your large corporation. Eventually you may see results grow and improve as you gain momentum and keep fixing these small issues, but it’s wise to start small at first.
Don’t be a Control Freak

In a large organization, you can no longer control every tiny detail of an entire development, and if you try, you are going to step on people’s toes. It’s not realistic to expect that you can do everything, and attempts to do so can set you up for disappointments or failure.

Concentrate on your area of expertise and take responsibility for your section of the project. Control what you can and take care of your area, but once you hand it over to another team (e.g. back-end developers), accept that you may only have limited control over the final outcome.
Pick your Battles

You will have to make decisions about what you are prepared to give up on a project, and what you are absolutely not going to back down on. It’s a matter of picking your battles before you start the fight, and deciding what issues must make it through to the end of the project.

Is the site accessible, except certain pages beyond your control? Are validation errors happening that you cannot fix? These are issues that cannot be avoided in some companies and are not worth losing sleep over.
Just Do It

Red tape and skepticism can hold back a lot of positive, creative work being done in a large company.

Perhaps the answer is to simply identify the problem that bothers you, and fix it on your own. Often you won’t get full support until you can prove the problem can actually be fixed, so you might have to just hack up a solution when you have the time. A developer I work with decided to do just that.

Tired of the old, legacy JavaScript produced from a large third-party vendor for an ad-server solution, he decided to sit down and rewrite their JavaScript code. It’s extremely important that we implement this correctly for our users, and also for our clients that choose to advertise on our websites.

The problem occurred when Firefox upgraded their browser to version 2. Fifteen to twenty percent of visitors to most of our websites were Firefox users, but the JavaScript being used to serve the ads would break in Firefox 2, rendering as text on the website, below the Flash advertisements. We would end up with five separate ads on the page, producing large strings of JavaScript code all over the website and pushing content down the page. The vendor was informed many times by developers who were fairly upset about it, but no steps were being taken to fix the problem.

While still working on his daily projects, this developer rewrote the third-party JavaScript in his spare time, tested it, and tested it again. Eventually, once he was confident that it worked and could be applied as a solution, he needed some help within the company, as the code would have to be applied on the vendor’s side—but now that he actually had a working prototype he could propose it as a solution. This was more than enough to convince management of the efficiency of the solution, as well as to truly spotlight the problem occurring with so many of our users. Once he had this buy-in from management, it was easy to pass these changes on to the vendor and fix the problem.
Personal Sacrifice

One issue in pushing standards-acceptance in the corporate workplace actually lies with us, the standards developers.

One hopes that you are not the lone voice calling for better standards support any more—you should now have a group of supportive web developers around you, all fighting for the same cause of improving the online experience and codebase for your products. But those same traits of passion and pedantry that have pushed web standards into the mainstream can also cause problems within the company in these advanced stages of web standards development and implementation.

We all like to comment our code in different ways, use different CSS layouts, and apply different naming conventions to our classes and IDs, but this won’t work if you want to work within large project teams and develop to a company-wide set of standards.

It can actually be quite a difficult step for many developers to swallow their pride and give up personal coding conventions, and instead agree on standards that work better for the group as a whole. Once recognized and agreed upon, a general standard can really make a world of difference when developing and maintaining projects across a large company.
Restoring Order to the Kingdom

A company can be quite large, which means you get to work with many different people all day, deal with different personalities, and attend many meetings with multiple departments. This is where the power lies in working for these large organizations. These same large companies that create the problems of corporate web standards in the first place can also be the ideal place to find the answers.
Talent

When you work in a large team, chances are that you are going to work with some highly talented people. You may have just learned how to code an accessible JavaScript widget, but someone else has written the tutorial that you used to learn how—and in a large company, that person could be sitting in the next cubicle.

What is the specialty of the developer sitting beside you? Whether it’s JavaScript, exploiting CSS3 implementations, or simply being the best browser debugger in the team, these skills are there waiting to be utilized.

Tight deadlines, extreme pressure, and late nights are where I have found out just how good some of my co-workers really are. I have come out a better developer and general practitioner of the web, and learned things I hadn’t imagined I’d encounter before.
Collaboration

Large, complex teams mean large, complex projects. This doesn’t mean you have to start from scratch and make the same mistakes every time you begin a new website.

With your talented pool of developers, a library of code should be developed to ensure that you only have to agonize over those JavaScript components when necessary. Once documented, each developer should be enhancing or adding code to a central library when they have downtime, to help out with future projects.

Collaborating on the housekeeping issues is a great way to spread the work as well. Naming conventions, commenting on code, and which browser needs to be supported this week is all stuff that shouldn’t be done by one developer; it needs the knowledge of many to be able to tackle all of the minute details.
Enthusiasm

Sometimes I wonder if it’s really worth coding a section again when I know the editors are just going to throw tables and inline JavaScript into the code via the faulty CMS.

It’s far easier to get stuck in a rut while working alone where you don’t get external stimulation once in a while. But in a large company, there is no shortage of people available to compare notes with, ask for help, or simply shoot the breeze for a few minutes—all of which can help keep your passion for the job alive.
Finally, Life After the Sunset

So life is still not perfect after that first kiss, and the honeymoon stage dies quickly—soon you’re left doing each others’ laundry and fighting over whose turn it is to control the television remote.

But that doesn’t mean that everything is terrible and that you should give up as soon as you hit a bit of turbulence. Just like issues in real-life relationships, these issues of corporate web standards occur once you have found something great and stuck with it for a while.

The acceptance of web standards into the mainstream development community has created a new set of problems for many of us to deal with in our professional careers, but it’s a good place to be, if you consider how far we have come with web standards in order to be complaining about this next phase of problems.

It’s those little bumps and the occasional disaster for which you have to find a solution that give you meaning and inspiration in what you do for a living. A perfect fairy-tale life would be…well, boring.

By Scott Gledhill

New SEO Waves: W3C Standards and Accessibility

2010-04-09T12:16:00.001+07:00

One look at Google's Accessible Web Search is enough to make even the most stubborn web coder understand that compliant, accessible design is no longer the infatuation of some W3C enthusiasts, but a necessity. Even amateur SEOs will stop affirming that W3C compliance has nothing to do with getting high Google rankings.

W3C compliance has a lot to do with accessibility. Correct codes are scannable. The search engine bots scan error-free HTML better and index the sites accurately.

But when the W3C enthusiasts started this project their idea had nothing to do with SEO. The plan was to create some web coding standards that will make it easier for the web coders to program websites that are visible in all the browsers, adaptable, flexible and accessible with any reading devices, in short: websites for the users. The idea was supposed to bring advantages for all: designers, web surfers and website owners (by providing the basis for sites with a good, logical structure, that would be more economical to update, change and so on).

The W3C standards are still a matter of debate, but this will not take so long anymore. Google, the Giant of the search, is already taking steps to support the W3C initial ideas.

In Google's Accessible Web Search - right now a simple experiment - accessible sites rank higher. This is Google's effort to deliver better search results (accessible websites) for the visually impaired. This means that sites that comply with the W3C standards and pass an official accessibility tests (ex. Cynthia Says) will rank higher into the search engine result pages. Accessible sites are not visually distracting: so the graphics or/and animations are kept to a minimum and they work well even without images. Such sites are easy navigable - navigation can be managed with the keyboard. Good navigation enhances user experience and that means that it increases website usability.

The fact that Google prioritizes websites that are accessible and compliant sets clear new goals for SEOs everywhere.

The truth is that people with disabilities should be able to benefit from the same tools as everyone else. And I suppose that Google's purpose is to merge its Accessible Web Search into the standard Web search one day. More and more webtrepreneurs understand the importance of valid codes and accessibility, but till the day comes when the Web will run on smooth paths, we still have a long time to wait. In the meanwhile SEOs will introduce a new SEO service in their menu: HTML validation. I confess, I practice what I preach since 2004. It's my understanding of "web optimization." I also try to address the main accessibility issues on each site I work on, and make each and every page pass the automatic Cynthia validation.

Google's guidelines on accessibility (still under development) will probably not be as strict as those of the W3C Web Accessibility Initiative (WAI), but they'll still make a difference for the impaired users.

With already existent sites it might be difficult to comply with all the accessibility guidelines, but it will not hurt to correct at least a part of them. There are no excuses for invalid HTML codes.

To make a long story short: validate your HTML and address your accessibility issues now, to create a solid base for website usability and to avoid imminent future financial strains.

By Mihaela Lica

Corporate Logo Design

2010-04-09T12:15:00.000+07:00

A corporate logo design is essential in today's corporate world. If used effectively, it will be highly instrumental in building your corporate identity and should successfully exude the company's attitude. The viewers must have some idea about the disposition, character, or fundamental values of your company through your logo. Following certain basic principles can ensure that your corporate logo design is professional easy to remember and creates a great impact on its viewers while successfully expressing the nature of your business.

Go for Professional Logo Designers You might save a few dollars doing your own logo or getting it done from the next door boy who knows the basics of designing but if you are serious about your business you should always go for a professional logo design firm. Your corporate logo is your identity, your customers recognize you by your logo, so the more professional and sophisticated your logo is the better will be your customer's impression about your company.

Though most of the logo design companies charge exorbitant rates to create a corporate logo design but the industry is changing. These days there are companies that offer excellent professional logos for nominal charges ( e.g., corporate logo design )

Simplicity - Keep it Simple An ideal corporate logo design should be simple and memorable. Corporate houses spend thousands of dollars to ensure that customers remember them at all point of time and a simple logo is the key to that. Think about the Nike logo, it's simple and memorable--once you see the Swoosh, do you ever need to think twice about the company name?

Colors you use for your corporate logo are a very important factor in your brand establishment. If you already have your corporate colors ask your logo designer to use those colors for the logo. If you don't, suggest the colors that you think might give your prospective clients some idea about the type of business you do. For example, a company working in the fields of forest conservation might like their logo to be in green. At the same time, you also need to consider which colors will go well with your corporate stationeries as well.

Black and White version While emphasizing the colors we must also remember that it is important for a corporate logo to come out well in black and white. A corporate logo design is used in all corporate communications including fax and photocopied document where they will be in black and white and the logo design must be such that it holds the same impact even in black and white.

Minimize Colors this is more important from an economic and usability point of view. Corporate logos are often required to be printed for stationary and corporate literature. Using a one or two spot color logo can save a lot of cost compared to printing a full color logo.

Logo Format It is advisable to always use a vector format for your corporate logo design. A corporate logo may be required to be reproduced at any size for different purposes in the future. A logo design done in vector format can be expanded to any size without any loss of image quality, where as a corporate logo in raster format will loose image quality, if scaled up. Also it is easier to convert a vector logo design to bitmap than vice versa.

If you get a professional logo design firm to do your corporate logo and brief them about these basic tips (most of the knowledgeable firms are well aware of these principles) you are sure to get a satisfactory corporate logo design that would go a long way in helping you establishing your brand.

Use your Logo: Once you are ready with your corporate logo start giving it maximum exposure possible. Not only on your business cards and letterheads but also on your packaging, uniforms, pens and all possible goods should contain your logo. This gives wider exposure to your logo and people gets familiar with the corporate logo much faster. With all these you are on your way to establish your brand. Take leaps with your new corporate logo.

By Imran_Adrees

Why do you need a validated website?

2010-04-09T12:14:00.000+07:00

A lot of clients ask why they need their 'already working perfectly well' website validated. Below is a brief guide to try and answer this in a clear and simple way.

Firstly we should explain what is meant by a validated website.

Put simply, validation is the act of writing and designing a website in as 'clean' a way as possible and testing it against industry standards. It makes use of cascading style sheets (CSS) to format the page layout and text and also cleans up any 'loose coding' which could otherwise cause problems.

For a further description we refer to an excerpt from the wc3 website as they are the last word when it comes to validation!

Validation is a process of checking your documents against a formal Standard, such as those published by the World Wide Web Consortium (W3C) for HTML and XML-derived Web document types. It serves a similar purpose to spell checking and proofreading for grammar and syntax, but is much more precise and reliable than any of those processes because it is dealing with precisely-specified machine languages, not with nebulously-defined human natural language.

The Benefits of Validating your website.

1) Compatibility

When your website code is not validated you are running the risk of your site displaying unpredictably in different browsers. For example, Internet Explorer is more forgiving and likely to internally fix small amounts of 'loose coding' whereas stricter browsers such as Mozilla Firefox and Safari will display a page as it is coded. Validation makes the code uniform and means you will not have an unprofessional and unpredictable looking website or risk alienating certain users who don't use Internet Explorer!

2) Search Engine Optimisation

A website that is 'clean' is far easier for the search engines (Google, Yahoo etc) to 'read through' and index. The easier they can do this the easier it is for them to find the real meat of your site i.e the content. The other point to make here is that if your site isn't validated it is possible for search engines to place greater emphasis on the wrong part of your code and your site could therefore be missing out on being found for the most appropriate searches *

3) Accessibility

Validating a site requires the use of many accessibility techniques such as the use of ALT tag on images. Steps such as these make your site more readable for those users who are vision, motor skilled or cognitively impaired. Validation makes the site readable as it allows aids such as screen readers to read through your site correctly. Although validation is not in any way a guarantee that your site is accessible, it is a huge leap towards this and far superior to an unvalidated site.

4) Faster loading

Conventional websites made use of tables and an extensive amount of tags for formatting both the page structure and content. The use of CSS separates the structure from the content and gives the browsers less code to trawl through before they can successfully render the page. Validation also aids the browser in displaying the site faster as there is no 'loose coding' for the browser to get tangled up in or waste time trying to 'fix'.

So where does this leave you?

Firstly you might like to check your current site for validation (see the steps below).

Secondly, decide whether validation is something that you feel you should be concerned with but please bear in mind that you now have a legal obligation to have an accessible website *

Thirdly, enlist the help of a professional SEO company to review your website and carry out necessary alterations. In some cases you may be cheaper having your website completely rebuilt rather than trying to fix the current errors but don't let this put you off. Look upon it as an opportunity to spruce up your existing site and start afresh!

How to validate your website using Validation Tools:

1. Go to the W3C validator website 2. Type in the URL of your website 3. Hit the check button 4. You will be presented with a list of results. If your site validates then you can relax for now

By Lynne Foster

3 Reasons Everyone Should Clean Their Windows Registry

2010-04-07T11:38:00.000+07:00

Windows Vista Registry

Just like older Windows operating systems, the registry is an important component of the Windows Vista operating system. It is the central database in which your Vista operating system stores configuration information related to installed hardware and software. The registry also stores preferences of various users configured on your PC and the system setup information. Because the registry controls almost all functions that occur on your PC, the chances of registry errors are quite high.

Furthermore, because your operating system, hardware, and applications are dependent on the registry to carry out various activities, registry errors have a direct affect on the performance of your system and the way applications work on it. The top three problems caused by an unhealthy registry are discussed here.

Frequent System Errors

Overtime, a large number of unwanted data accumulates in the registry causing it to grow uncontrollably, making it cluttered and fragmented. A corrupted registry is unstable and generates frequent system errors, application errors, and causes system freezes and crashes.

To prevent these errors and system crashes, you need to regularly scan the registry for errors and get rid of all unwanted information stored in it. Doing this will help you maintain a compact and healthy registry and also prevent system errors.

Deteriorated System Performance

If you monitor the activity of your Windows Vista registry, you will see hundreds of entries being accessed, removed, and added to it within a short amount of time. Due to this constant addition and removal of information, registry files tend to get fragmented. Many times, when a key is removed, it leaves behind a place holder in the registry, which is actually an empty registry key and is of no use. These registry holes also unnecessarily contribute toward increasing registry size and making it unstable.

A fragmented and unstable registry deteriorates the performance of your Vista computer. Therefore, to speed up your PC, you need to regularly clean and defrag the Windows registry to maintain its contiguity and prevent it from growing too large.

Accumulation of Malicious Registry Keys

You know that all programs on your Vista PC have to access the registry to perform various operations. Well, the same goes with malware programs such as viruses, Trojans, spyware and adware too. If your PC is infected by any kind of malware, your registry is likely to be filled up with many malicious registry keys added by these programs. Although you may get rid of malware using antivirus and antispyware tools, a few registry keys may get left behind.

You can easily get rid of these left-behind malicious registry keys when you perform registry cleanup.

How Registry Cleaners Can Help

A large number of registry cleaner tools are available in the market today that you can use to perform registry fix and cleanup. Using a reliable registry cleaner tool you can:

* Scan and remove all unwanted information from the registry and ensure yourself an error-free PC.
* Defrag the registry to make the registry files contiguous and the registry compact, thereby reducing the data access time and boosting the performance of your PC.
* Perform a deep scan of the registry and weed out hidden malware registry keys.
* Make registry backups that you can use to restore the registry in case it fails.

To ensure that your PC is free from system errors and malware and is at its best performance, you should regularly clean your registry. The simplest and the most efficient method to do this is by using a registry cleaner utility.

From : Theitarticles.com

Protecting Your PHP/MySQL Queries from SQL Injection

2010-04-07T11:37:00.000+07:00

SQL injection is a serious concern for webmasters, as an experienced attacker can use this hacking technique to gain access to sensitive data and/or potentially cripple your database. If you haven’t secured your applications, I implore you to get yourself familiar with the following method and grind it into your coding routine. One unsafe query can result in a nightmare for you or your client.

I’ve read through a lot of guides, and they tend to over complicate this, so I’ll be as straight forward as possible. In PHP the easiest way is to pass your data through the mysql_real_escape_string function. By escaping special characters on fields where the user can manipulate the database, you will avoid being vulnerable. Take a look below at the example of what to do and what not to do.

// This is a vulnerable query.
$query = "SELECT * FROM products WHERE name='$productname'";
mysql_query($query);
// This query is more secure
$query = sprintf("SELECT * FROM products WHERE name='%s'",
mysql_real_escape_string($productname));
mysql_query($query);

Since I primarily code in PHP, I can’t confidently provide techniques for other programming languages. The most important part of protecting yourself is stopping users from being able to pass unaltered database manipulative special characters, like single quotes.

From : Theitarticles.com

How to Correctly Uninstall a Program

2010-04-07T11:36:00.000+07:00

Although the front-end or the part of the Windows system you see is quite simple and user-friendly, the operating system is quite complicated behind the scenes. And, a simple error or mistake can cause severe damage to your PC. Therefore, it is important that in the process of enjoying the computing experience on your Windows computer, you take proper care of it. For instance, one of the most important tasks that many computer users fail to do is to use legitimate procedures to uninstall programs from their computers. This is a very important task, because whenever you install programs on your computer several files and registry entries are added. And if you fail to uninstall your application using the correct method, many orphan files, registry entries, and programs shortcuts may be left behind. This orphaned data unnecessarily clutters your computer, and eventually leads it toward frequent system errors, freezes, and crashes.

In this article, we are going to introduce you to the proper methods that you may use to uninstall programs from your computer and prevent uninstall errors that occur due to incorrect removal processes.

Method #1: Use Add or Remove Programs

Most of the programs, especially the ones installed using the Windows Installer utility, add an entry in the Add or Remove programs list. Therefore, when trying to uninstall programs, this is the first method that you must opt for.

For example, if you want to uninstall office 2007 or remove a Norton product from your computer, you may perform the following steps:

1. Open Start menu, and then select Control Panel.
2. In the Control Panel window, select the Add or Remove Programs link.
3. Scroll down the Currently installed programs list and select the option to uninstall Office 2007 or the Norton product you want to remove.
4. Next, select the Change/Remove button to uninstall the selected program.
5. Restart your system after the uninstallation process is complete to ensure that all registry entries and related programs are removed from the system.

Method# 2: Use Program Uninstaller

Although Add or Remove Programs is usually the most commonly used utility to uninstall programs, it is usually not efficient in performing a complete uninstallation, especially when you are trying to uninstall large applications such as Norton and Office 2007. This is the reason why separate uninstaller programs are available for these programs. For instance, you can download the Windows Installer CleanUp Utility and Norton removal tool on your computer to remove Office 2007 and Norton products from your computer.

Method #3: Use the Program Uninstall Option

Many programs do not add their uninstall option in Add or Remove Programs. The uninstall option for these programs is usually available in their program folder and a shortcut to it is usually added in the Start menu as Uninstall Program_Name. For instance, if you want to uninstall WinZip from your computer, open Start menu, point to All Programs, select WinZip and then select the Uninstall WinZip option.

Because programs add a number of files and registry entries, it is recommended that after you have uninstalled your program, you scan your registry and the hard disk for any left over information and remove it from the system. To remove unwanted and orphan entries from the registry, you may use a reliable registry cleaner tool to scan and remove these entries. Also, use the Disk Cleanup tool included in your Windows XP or Windows Vista computer to remove unwanted program files from the system.

From : Theitarticles.com

How did I get infected in the first place?

2010-04-06T12:54:00.000+07:00

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1.) Watch what you download!

Many freeware programs, and P2P programs like Limewire, Frostwire, Bearshare and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

2.) Go to IE > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed.

If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3.) Open IE and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

7.) Another excellent program we recommend is SuperAntiSpyware.

The free version works well when manually updated and scanned with once per week at least

7.) A new program to the game that is highly effective is MalwareBytes' AntiMalware..

Update the free version and scan with it often. It is an excellent tool to have on your side.

7.) Another excellent program by Javacool we recommend is SpywareGuard.

It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Two good ones that are freeware to boot are Sunbelt, and Comodo

10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.

11.) Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests? They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

Happy safe computing!!

Source : http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I

Others reference link :

http://ezinearticles.com/?How-Virus-Infection-Works-and-How-to-Avoid-It&id=987057

http://www.fastpcfixes.com/pc/computer-security/

Please take a note, this messages content not used to spam or pishing user. We are only want to advise all of Prima Partner Infotek members to know deeply about security critical site.
Please ignore this message if you are objection with this message.

Malicious Office Documents Cause Security Woes

2010-04-06T12:52:00.002+07:00

Summary:

These vulnerabilities affect: Microsoft Office XP, 2003, and 2004 for Windows and Mac (does not affect the Office "Viewer" products)
How an attacker exploits them: By enticing you to open maliciously crafted Office documents
Impact: An attacker can execute code, potentially gaining complete control of your computer
What to do: Install the appropriate Office patches immediately, or let Microsoft's Automatic Update do it for you.

Exposure:

Today, Microsoft released two security bulletins describing seven vulnerabilities found in components that ship with Microsoft Office XP and 2003 for Windows, and Office 2004 for Mac. These bulletins do not affect the more current versions of Office, such as 2007 Microsoft Office System or Microsoft Office 2008 for Mac.

The vulnerabilities affect different versions of Office to varying degrees. Though the seven vulnerabilities differ technically, and affect two different Office components, they share the same scope and impact. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim's computer, usually inheriting that user's level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user's machine.

According to Microsoft's bulletins, an attacker can exploit these flaws using many different types of Office documents. In one bulletin, Microsoft specifically states PowerPoint documents are vulnerable. However, they also mention any "Office file" in their other alert. Therefore, we recommend you beware of all unexpected Office documents.

If you'd like to learn more about each individual flaw, drill into the "Vulnerability Details" section of the security bulletins listed below:

MS10-003 (http://www.microsoft.com/technet/security/bulletin/ms10-003.mspx) : Multiple PowerPoint Code Execution Vulnerabilities, rated Important
MS10-004 (http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx) : Microsoft Office MSO.DLL Code Execution Vulnerability, rated Important

Solution Path

Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.

MS10-003 :

Office XP w/SP3 - http://www.microsoft.com/downloads/details.aspx?familyid=47553f45-fa10-40e5-8267-9d42ff560a62&displaylang=en

Office 2004 for Mac - http://www.microsoft.com/downloads/details.aspx?FamilyID=7c985595-00c5-44b8-81c3-59d9967220f8&displaylang=en

MS10-004 :

PowerPoint update for:

Office XP w/SP3 - http://www.microsoft.com/downloads/details.aspx?familyid=cfc697b4-2ceb-4030-86c5-be9bc8bfd07c&displaylang=en

Office 2003 w/SP3 - http://www.microsoft.com/downloads/details.aspx?familyid=2291ae24-fa39-4ad8-a7d0-12726b68ad96&displaylang=en

Office 2004 for Mac - http://www.microsoft.com/downloads/details.aspx?FamilyID=7c985595-00c5-44b8-81c3-59d9967220f8&displaylang=en

References:

MS Security Bulletin MS10-003 - http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx

MS Security Bulletin MS10-004 - http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx

This alert was researched and written by Corey Nachreiner, CISSP.

Source : WatchGuard.com

What is Dialers, Trojans, Viruses, and Worms?

2010-04-06T12:52:00.001+07:00

I just would like to share the definition in IT security world, which you someday need to know if face with this trouble.

Dialers, Trojans, Viruses, and Worms Oh My!

If you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware.
Malware - Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.

This article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well. We will not go into specific details about any one particular infection, but rather provide a broad overview of how these infections can be removed. For the most part these instructions should allow you to remove a good deal of infections, but there are some that need special steps to be removed and these won't be covered under this tutorial.

Before we continue it is important to understand the generic malware terms that you will be reading about.

Adware - A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.

Backdoor - A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.

Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.

Hijackers - A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.

Spyware - A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.

Trojan - A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.

Virus - A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.

Worm - A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.

How these infections start

Just like any program, in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts.

Unfortunately, though, in the Windows operating there are many different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.

When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.

At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.

In details you may visit : http://www.bleepingcomputer.com/tutorials/tutorial101.html

What to do if a file is infected?

2010-04-06T12:51:00.001+07:00

THIS STICKY IS GENERAL INFORMATION FOR NEW VISITORS

PLEASE DO YOUR POSTINGS IN ANOTHER THREAD THANKS

Your AV program has alerted you that a file may be infected.
What to do next.

This is a good advice to people who have been warned by their AV program that an infected file has been found?

Open up a text editor like notepad and type detailed answers to the next questions according to the 10 steps proposed.

1. How was it detected? What was scanning, you yourself or the back-ground scanner? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.
3. When was it downloaded or received?
4. What is the exact file name with extension.
5. What was the exact wording of the message that the AV program came up with? This is important for later.
6. Now go back and do nothing yet. Scan the particular file once again with your AV product.
A. The message is in the same wording: maybe positive alert
B. If the message is not in the same wording or the scan does not find up anything this could be a false positive.
7. Check with an on line scanner or update to jotti for a second opinion. Jotti resides at http://virusscan.jotti.org/
8. Go get informed ask a Virus Encyclopedia or Virus Central, put a question on a forum.
9. Make an informed decision on the basis of what you have found.
10. Inform others about what you have learned, if the file came from a reliable source, author, programmer etc. send a friendly e-mail with your findings. This will help us all.

If you follow above steps and make notes we can help you better.

Stay malware free,

polonus

Source : http://forum.avast.com/index.php?topic=14433.0

Win32.Worm.Zimuse New Message

2010-04-06T12:49:00.002+07:00

We only would like to share that just be careful for each unknown file or email or any information which ask you to click or download or run it on your system without not clear or suspicious information.

Just please ignore them.

We proposed you to :
1. Install Desktop AV (Anti Spyware, Anti Rootkit, Antivirus) on your desktop
2. Use Desktop Firewall protection
3. Update each installed application or OS with the new patch

Prima Partner Infotek (Software & Hardware Distributor)

2010-04-06T12:49:00.001+07:00

Formerly we would like to say thank you if all of you has been joined with us in this forum.

We all very interest to share and know what does you need and your problem which is need to solved either related with our solution or out of our products solution.

Please don't feel hesitate to contact us in this forum or you may visit to : http://www.ppinfotek.com

Tips for Cleaning and Securing Your Website New Message

2010-04-06T12:46:00.002+07:00

This page is a starting-point resource – one we expect to evolve and grow over time – to provide webmasters with tips for ways to remove badware and other badware behaviors from your website and to help keep it free of badware in the future. Please note that this resource is by no means comprehensive or exhaustive and is intended only as a first step for webmasters concerned about badware. We encourage webmasters and hosting providers to research website security independently, beyond the suggestions offered here. It is the responsibility of individual webmasters and hosting providers to stay informed of news relating to website security issues.

There are three basic steps to maintaining a clean site:

I. Identifying badware behavior on your site
II. Removing badware behavior from your site
III. Preventing badware behaviors in the future

source information : http://forum.avast.com/index.php?topic=54084.0

http://www.stopbadware.org/home/security

Logs to assist in cleaning malware New Message

2010-04-06T12:46:00.001+07:00

If you wish help, here are some tools and logs that will speed up the process of getting you clean - Format courtesy of Geeks to Go

FIRST

Malwarebytes' Anti-Malware
Please download Malwarebytes' : http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.
1. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

2. If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.

3. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.

4. Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

5. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

6. Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

THEN

OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

1. Download OTL to your Desktop

2. Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

3. Under the Custom Scan box paste this in:
netsvcs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32\*.dll /lockedfiles
c:\windows\system32\drivers\*.sys /lockedfiles
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply as an attachment.

Source : http://forum.avast.com/index.php?topic=53253.msg451454;topicseen#msg451454

Benefits of the Isolated Sandbox with avast 5.0 New Message

2010-04-06T12:45:00.002+07:00

1. Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

2. Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

3. Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

4. Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

For details information, you may visit : http://www.sandboxie.com/

Avast Antivirus

2010-04-06T12:45:00.001+07:00

Avast Antivirus products are not minor updates from the existing products. They are all new. Some of the changes—such as the new user interface—are obvious. Some are not obvious at all (such as the new scanning engine). All-in-all we think they are a vast improvement from the current products—modern, light, fast, and very effective. For details, see the product detail pages on the new website.

Avast! Free Antivirus. This is our new flagship product and replaces Avast Home Edition (we changed the name to emphasize the product is free). We focus this product on users that use the internet for web browsing and email. If that is what you do on the internet, this is the product you need. We are very proud of this product and we stack it up against anyone else’s paid antivirus—in fact, we have recently started submitting this product in lieu of our paid products to all of the industry standard tests. Virus Bulletin, one of the most respected journals, recently called this product “….nothing short of a miracle” (see separate blog post). Google selected this product for incorporation in many of their Google Packs. You can download this product here: http://www.avast.com/free-antivirus-download.
Avast! Internet Security. This is our brand-new product and is focused on users that do on-line banking or shopping or that have sensitive data on their computer. We believe that these users need some extra layers of protection and developed this product to provide three more layers. This product takes the free antivirus and adds a 2-way silent firewall, a sandbox, and anti-spam. The firewall ensures that only trusted applications are able to receive or send data across the internet. The sandbox provides a means of executing your browser (or any other application) in a protected environment—thus even if you get infected, the infection does not leave the sandbox and does not harm your computer. And the anti-spam helps you get rid of all that irritating email you receive every day. And, we have made this product attractive to consumer users—a single license can be used on 3 computers in your household. This link will take you to the product and download page: http://www.avast.com/internet-security.
Avast! Pro Antivirus. This is the update to the old Professional Edition. We focus this product on individuals that want to customize their security and on businesses. It is the same as Internet Security but without the firewall or anti-spam. This allows world-class security using your own personal choice of firewall and anti-spam. Here is how to get this product: http://www.avast.com/pro-antivirus.

Source link : http://blog.avast.com/2010/01/19/avast-version-5-0-is-here/