Category Archives: Blogging

Hacked

Friday night, while browsing through an old article on my blog I stumbled onto a post that had a strange formatting issue.

This isn’t the first time I’ve noticed formatting issues on my blog, back in 2009 I had an issue with strange characters showing up. After investigating that particular problem, it ended up being a character encoding issue with MySQL. I fixed the character encoding issue, edited all of the posts that had the strange characters in them and the problem didn’t reappear.

What I noticed on Friday night was a little different, it looked as if I had mistakenly pressed <enter> half way through a paragraph. Initially I thought it might have just slipped through the cracks while writing or editing an old post, I fixed the issue and moved right along.

Half an hour later I ran into another post with the same sort of problem, very odd. This time when I went to edit the post, I switched from the WYSIWYG editor into the text editor and low and behold, I found something like the following within the post:

<div style="display: none"><a href='http://buy-cialisshop.com/' title='buy cheap generic cialis online'>buy cheap generic cialis online</a></div>

At which point I realised that my blog had been hacked. Once the hackers got in, they edited old blog posts, inserted links off to their favourite cheap pharmaceutical websites and moved onto the next website to hack trying to boost the rankings of their low quality, crap websites in Google search.

How To Fix A Hacked WordPress Website

My first plan of attack was to understand how broad the problem was throughout my blog. I obviously couldn’t go through all of my blog posts manually, as I’ve got literally hundreds of published items over the years.

To expedite that part of the process, I used a website analyser by Microsoft named IIS7 SEO Toolkit. It can crawl a website, a lot like how Google crawls the entire internet, just on a much smaller scale. Once it finishes crawling through hundreds of pages, it then analyses all the pages and provides a reporting interface that made it easy to identify all of the websites I’ve linked to over the years, including the newly inserted irrelevant spam links. I worked through that list manually, and then edited each relevant blog post to remove the spam links.

Next up I reviewed what users existed within WordPress. When you install WordPress for the first time, it will create an administrator named ‘admin’ by default or a name of your choosing. I don’t recall why but I let it create the default ‘admin’ user and I subsequently created an additional account for myself. The default admin user has a randomly generated password, so I don’t think it was the cause of the hacking but the account was removed anyway as it isn’t needed.

I suspect that the hackers got into my blog using a brute force attack. In these scenarios the attacker will attempt to login thousands of different times using a known set of passwords, often starting with dictionary words. This was an obvious problem for my site, as I was using a dictionary word for a password; I should and do know better. I’ve updated my account password to a unique, long, randomly generated one with every type of character under the sun in an attempt to avoid this happening in the future.

Not knowing for sure how the hackers breached my WordPress website, it is possible that they have edited the physical WordPress files on the web server since they may have known my account password. Just to be sure, I downloaded a fresh copy of WordPress and re-installed it to remove any possibility that they hackers had a backdoor into the site for future reference.

Like most WordPress website owners, I utilise plugins from around the internet to augment the default behaviour of WordPress. There is nothing inherently wrong with installing plugins, however the quality of the software varies plugin to plugin, as does their attention to security details. As such, each time a plugin is installed – there is an increase, albeit small, that the plugin might have some sort of security exploit within it that could potentially allow a hacker to get into a website. To reduce the likelihood of that happening, all of the plugins that are installed but not active have been deleted from the server.

To help monitor my website on an ongoing basis moving forward, I have setup a series of Google Alerts which will notify me via email/RSS if they find certain keywords within the content on my blog such as viagra, cialis, porn, poker and so forth.

In the next week or so I am going to review a bunch of different WordPress security focused plugins  and best practices as well, see what other security improvements I can make to my blog so this doesn’t happen again in the future.

Frustrating.

2012 Blogging Statistics

In keeping with my 2011 blog statistics at the end of last year, following are my efforts for 2012.

POSTS AVG. POST LENGTH TOTAL POST LENGTH COMMENTS AVG. COMMENTS
2004 1 478 487 0 0.0
2005 82 1949 159835 511 12.9
2006 103 1837 189259 865 4.5
2007 127 1977 251150 229 1.3
2008 68 1597 108623 78 0.8
2009 77 2114 162804 104 0.9
2010 81 2147 173969 105 1.4
2011 58 1737 100779 144 1.5
2012 30 1725 51765 26 0.3

Over the last few years, I’ve been aiming to break through the 100 posts per year marker. That obviously requires me to post around 9 times per month or at least twice per week. Despite it being in the back of my mind, I haven’t managed to push through that barrier yet and this year I stepped off the accelerator pedal a lot.

For those that are interested in doing the same, I’ve made the blogging statistics SQL script available for you to use.

Infolinks In-Text Advertising Review

Infolinks In-text AdvertisingIn March I decided that I’d start testing different blog advertising products that were available on the market. I’ve been out of the website advertising game for nearly two years, which is practically a lifetime in internet time.

My first blog advertising test was going to be with Infolinks In-Text Advertising. Infolinks is an interesting product in that an advertiser can choose the different keywords or key phrases that they want to advertise on, such as “blog advertising”. In that regard it is similar to how Google AdWords and Google Adsense works. What makes it interesting and quite different, is that while Google Adsense provides text links or banner ads to a publishers website in a predefined space allocated by the publisher, Infolinks adds additional hyperlinks to the page based on the phrases that an advertiser wants to be associated to.

Infolinks Example AdvertisingWhen a user views a website publishing Infolinks ads, they’ll see the standard hyperlinks added by the website owner which are traditionally underlined and blue. Along side the traditional links, they’ll see Infolinks ads or links injected into the page that are a bright green by default (which can be customised) and carry a dotted or double underline to differentiate them from a plain link. When the user hovers over one of the Infolinks links, a small popup will appear near the link they hovered displaying the advertisers chosen ad and provide a way to click through to their website.

Signup

Signing up for Infolinks In-Text Advertising was a straight forward process and my account was activated within 24 hours of completing the online form.

I was pleased to see that Infolinks didn’t ask for too much personal information, enough to do their job and not a lot more which I think is great. To often these days businesses think they have a right to all of your personal information and I just don’t think that is reasonable in today’s age.

Installation

Installation of the Infolinks website advertising service was simple, notably because this blog runs WordPress and Infolinks provide a WordPress plugin that does all of the heavy lifting.

I was able to use the Install Plugins page within WordPress, search for “infolinks” and found their plugin without any issue. If I could offer a simple suggestion, it would be to change their plugin name from “Infolinks Official Plugin” to “Infolinks In-Text Advertising Official Plugin”, just to provide a little bit of extra relevance for users scanning down the bold plugin names within WordPress.

Configuration

The configuration provided by the WordPress Infolinks plugin is quite simple. As a publisher you can turn it on or off, provide your Publisher ID and Website ID so your Infolinks ads are tracked properly along with a handful of other basic options.

Most of the configuration for Infolinks, in terms of how it appears visually within a website and how it behaves is actually handled within the Infolinks website. For example a publisher can change the colour of the links, whether to use a dotted or double underlined links, vary the maximum number of links per page and specify a website content category to improve the relevance of the advertisers ads.

While the actual installation of the Infolinks WordPress plugin was straight forward, I thought Infolinks completely dropped the ball with the most important part of the whole process and that is getting the Infolinks configuration and script into the publishers website.

Instead of making that process completely seamless, a publisher is left to their own devices to take the configuration script provided by the Infolinks website and find a way to add that script to their own website. I ended up hacking it into my site using a completely unrelated WordPress plugin and I had to stuff around to get it to work. I could have edited my WordPress theme, however that seemed overkill for something that should have been simple.

I think Infolinks are missing a huge opportunity within the WordPress community by not making this part of the process simpler. Instead of leaving publishers to their own devices to find a way to get the script into their website – they should have provided a simple textbox within the Infolinks WordPress plugin to paste the configuration script provided by the Infolinks website and then dynamically add that to the <head> section of the site using the WordPress theme API.

Reporting

Infolinks reporting interface provided the following information:

  • Net Impressions (Impressions that actually displayed Infolinks ads)
  • Clicks
  • CTR (Clicks/Net Impressions * 100)
  • eCPM ((Earnings / Net Impressions) * 1000)
  • Earnings

Out of the box they also provide five different date ranges, such as this month, last three months, since last payment along with custom date ranges, daily detail and summary views.

The above is certainly enough to get a feel for how well or poorly a website performing from an advertising stand point but I felt it was missing information about what pages on a website are generating clicks. As an example, over the last eight years I’ve been blogging I have published over 600 different posts, however I have no idea if it is three posts generating all the clicks, a particular category of posts or if it is evenly distributed. Knowing this information might influence my future writing, if there was money to be made in a particular vertical.

Earnings

Now the all important information, how much did I earn between 7/3/2012 and 9/4/2012 of having the Infolinks In-Text Advertising service running on my blog – the answer is not a whole lot.

Infolinks Earning Summary 7 March - 9 April 2012

What the above summary information says is that I served 9391 pages with Infolinks ads present, received 142 clicks, averaged 1.58% Click Through Rate with an eCPM of $0.34 and earned a total of US$2.81.

That’d mean if I continue to display Infolinks ads throughout my site for the next 12 months, I could nearly afford to buy two Gold Class movie tickets. Hardly worth the distraction to the user experience, so I’ll be moving onto the next advertising product to see if it performs any better.

Blog Advertising Infolinks In-Text Advertising

Infolinks In-text AdvertisingI thought I’d start playing around with some different website advertising networks again.

During 2006 when I first started to dabble with blog advertising, I signed up for Google AdSense. It was simple to sign up, fast to implement throughout my site and I liked that it was backed by someone like Google.

It didn’t take long before Google AdSense was earning small but useful amounts of money, which I was quite excited about. For reasons I can’t remember, in 2010 I stopped running Google AdSense through my blog and haven’t run any form of advertising since then.

For no particular reason, it seemed like a good time to start experimenting with a few different advertising networks to see what is about in the market and what might work best for my blog.

I’ve just signed up for Infolinks, which is an in-text advertising product. The signup process was simple and my new account was activated about 24 hours after my initial signup. Implementing Infolinks throughout my blog was really straight forward as they provide a WordPress plugin, so that made everything quite simple. The plugin as a handful of options and when you login to the management console on the Infolinks website you can also configure additional settings like the link colour, the type of underline, the maximum number of links per page and more.

The in-text advertising that Infolinks provides differs from Google AdSense in that Infolinks dynamically ads links to the content on a page, whereas Google AdSense adds an image banner or a block of text links in an area of the page that a publisher would nominate. For example in this post you’ll see a link I added above in blue and with a solid underline & you might also see some green links with a dotted underline inserted by Infolinks.

Infolinks works in a similar fashion to how Google AdSense runs, in that they both scan the content of the page to understand what the page is about. From an advertisers stand point, both products allow you to target a page based on the keywords/phrases that exist in the page – the major difference is in how the ad is delivered to the user.

Now that it is up and running, I just have to be patient and see if it works. If it doesn’t, I’ll keep trying a few different internet advertising networks and will invariably come full circle and add Google AdSense back into the mix at some point as well.

2011 Blogging Statistics

At the beginning of 2011, I wrote about how my 2010 blogging efforts and in keeping with that trend – below are my 2011 blogging statistics.

POSTS AVG. POST LENGTH TOTAL POST LENGTH COMMENTS AVG. COMMENTS
2004 1 478 487 0 0.0
2005 82 1949 159835 511 12.9
2006 103 1837 189259 865 4.5
2007 127 1977 251150 229 1.3
2008 68 1597 108623 78 0.8
2009 77 2114 162804 104 0.9
2010 81 2147 173969 105 1.4
2011 58 1737 100779 144 1.5

In 2009 I had aimed for between seven and eight posts per month, which I didn’t quite make and in 2010 I thought if I had pushed myself I could average slightly over eight and break through the magic 100 posts per year marker but I still haven’t managed it yet. While my number of posts is down, along with my average post length – I am happy that the number of comments has increased slightly over previous years.

For those that are interested in doing the same, I’ve made the blogging statistics SQL script available for you to use.