Category Archives: Websites

Website Hacked and Who Is Responsible?

Hacked ComputerThe words “My website got hacked!” send shivers down many people’s spines, even more so web developers. Why? Because the question often comes down to who is responsible. Simply put, the hacker is responsible. No one asked for this.

The real question is this: Who is responsible for cleaning things up? It is a good question. Much of the answer depends upon how your website is built. If it is an all HTML site, this is going to place a greater burden upon the developer. If this a CMS, content managed system site, such as WordPress, Drupal or Joomla, then the answer is: It depends.

WordPress is a free, open source software, and its terms of service states that the software is licensed under the GNU General Public License. The GNU General Public License (GNU GPL or simply GPL) is a widely used, free software license which guarantees end users the freedom to run, study, share and modify the software. There is no guarantee to performance or anything else. Unfortunately, it is also the system hackers like to target because the software is free for them to view as well.

Over 74,000,000 or 25% of the web is powered by WordPress. This makes WordPress a popular target for hackers to look at as well, because a single virus has many places to check out. Good website developers do their best to have a website built properly to make it more difficult to have hackers break in.

However, that still does not answer the question of who’s responsible for fixing the website once it’s hacked. Here are a few items to consider.

• How did the hack occur?
– Was it password compromised? If so, through whose password?
– Was the virus or hack accidentally uploaded and by whom?
– Was it a vulnerability that snuck in between updates? (If you ever wonder why there are so many updates, it is usually because of added features or fixed bugs including those that hackers have exploited.)

• Is there a security agreement in place?
– Security is different than hosting, different than maintenance and different than management
– Are there disclaimers or limits within the security agreement?

Essentially, without some type of security agreement in place, the burden of fixing the website will land on the owner of the website, unless the owner can show negligence by the hosting service or developer.

A hacked website is similar to a flat tire on a car. Without some type of roadside warranty on your tire, you need to show negligence in order to prove someone else is at fault. Otherwise, the owner of the car is stuck taking care of a flat tire, even if it is a brand new set of tires.

We certainly would not want to leave this on such a dismal note, so here are some suggestions to consider.

• Have a regular maintenance schedule
– Although this is no guarantee against hacking, it offers a huge layer of protection. Many updates are put in place AFTER hacks and vulnerabilities are discovered.
– Auto updates are a tool to consider as well

• Secure passwords
– This is one of your No. 1 defenses and helps to ensure your site is protected.

• Limited access to users
– Editor hacks would be less severe than an admin hack

• Good hosting, which allows for regular backups
– If the hack is discovered early enough, sometimes it can be fixed simply by rolling the site back to some point in the last thirty days. Note, a review of all systems, plugins, software and theme updates should be done as part of the rollback process.

• Monitor plugins

• Site-wide backup of source files

• SSL Certificate, which are files that allow secure connections between a web server and browser

• Consider third party solutions when collecting sensitive information like credit card data or personal information.

• Site Lock Plans
– Daily malware scanning and removal (manual removal may cost extra)

• Have a security agreement in place
– This does not guarantee your website won’t be hacked. It is more like insurance. If your site is hacked, you have insurance to help take care of the problem.

Even with all the above efforts, hackers are still trying to get in. If Target and Home Depot websites can get hacked with the security these corporations have in place, there is no 100% guarantee you can prevent it from happening to you. Unfortunately, there is not one perfect cure-all.

How does a security agreement work?
Essentially, the person supplying the plan is most likely taking many if not all the suggestions above and putting them into use. On top of that, they are factoring in time to take care of the hacks that still get through, because they know that a percentage of websites, even with protections, still have the possibility of issues.

Unless the hackers themselves are nabbed, the question is not so much who is responsible, but what allowed the hack to occur and how is it going to be fixed? Hopefully, if you do not have a security agreement, you were fortunate to choose a web developer willing to work with you to remedy the problem.

Website Directions

confusedAs I do more web and technology work, I sometimes see myself becoming the techno geek guy that takes things literally. It makes more sense now why. Sometimes a single missing semi colon can mess with an entire page. But, it is not just the technical stuff, but how we communicate.

A good reason to be specific with your website directions and requests can be seen in this short story.
The programmers wife tells him, “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.” The programmer returns later with 12 loaves of bread.

When I ask for a color preference, I sometimes get answers like; warm, rich, hot, high-end and attention getting. These are not colors. One could translate them as orange, gold, red, diamonds and flashing lights. I won’t even get started on the feelings being colors.

I was once asked to place a gold border around a web page. I did so and people thought it was to orange. Gold in a developers eye is and RGB or hexadecimal color as defined as what truly represents the color gold. Do you know how many greens there are? Many more then light, dark, forest and Kermit the frog. Oh, and technically, there is still a green.

Another area is editing text. When asking to have a word change, it would be courteious to reference the page and paragraph instead of saying there is a word that was spelled wrong (despite that it is generally copied and pasted from text supplied) to remove this reference from the website. It is what helps to keep minor maintenance minor.

When we ask for text we are asking for actual text. This is not photo copies, photos, pdfs, faxes or hand written notes. Text is something that can be copied and pasted into a word format. This is important as it helps to assure it is written and spell checked before receiving as well as timely for placing in the website.

Plus, Google reads text. Human beings can read letters printed on paper or shown on photos, but not Google. Search engines are our friends, so let’s keep them happy.

We really want to avoid the statement, “What I really meant…” Try and be concise and you will actually get a better product. Don’t be afraid to ask questions. And please, do not be offended if it sounds like you are being asked the same question twice because it probably means the first answer did not computer or register in a techno brained person’s mind.

Because, good enough is not good enough.

Mobile Design

Mobile Design, often called responsive design is something new and so it does pull some hype. I think a lot of it is driven from people working with WordPress and since that is database, it is easy for a new person to work with it. However, it makes your creative design very limited. BUT, it does not mean that it is something new, cool and the direction future websites may go.

The question is if it is time to jump into one.

Every time I build a website, I try to create a vision statement and purpose the website is suppose to accomplish. Some websites like http://betsyshrift.com/ benefit with mobile response in the properties area because they can add QR codes to the for sale signs which are designed for mobile devices.

Other websites like a restaurant or storefront may benefit if people are looking for a number or address on their mobile device. Northwood Distillery puts a QR code on Heath Rum posters that take them to the mobile recipes page. But again these are QR driven and make more sense to have a website that is mobile friendly.

One solution is an automatic mobile redirect. It is more devices specific and still allows the user to go to the main site if they wish. Here is a couple that I did:
http://oldeworldpastriesplus.com/mobile.html
http://www.northwoodsdistillery.com/mobile.html
http://packerlandwebsites.com/mobile.html
http://www.abramsspotlightproductions.com/Mobile_Home.html (you can buy tickets via mobile also)

The bottom line comes down to, how many of your desired visitors are going to use a mobile device and why? I think I sell a lot of sites because I approach it as a marketing solution. I charge my client a one-time cost of $150 for this and since it is part of the main website, there is no additional hosting.

Responsive may be the best option for you and is something Packerland Websites offers. More importantly is determining what Internet marketing strategy will achieve the best return on investment and serve the purpose it is intended.

Scam Domain Name Renewals

I received a “solicitation that was cleverly disguised as a domain name renewal that gave the impression that my renewal was due. They added other time of the essence language such as,” Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.”

They did have my name and address that is on public records and used it to craft an official looking notice. Since they were asking for a faxed renewal it was easy to raise a red flag o this type of scam. Since I was aware that there was 6 month left on my domain name it added more to the ‘not right’ feeling.

Their renewal fee was $75 for a year. That is nearly five times a typical renewal cost.

Maybe my eyes are getting older, but I had to cut, copy paste their disclaimer at the bottom of the email where it states, “By accepting this offer, you agree not to hold DS liable for any part.” And “You are under no obligation to pay the amounts stated unless you accept this offer.”

Normally, I delete these types of emails. But this one got me riled when they gave an opt out address to a website URL that hid their identity and was obviously not who they are. With a little digging and some complaint letters filed, we were able to determine the registrar.

Did they break a law? Probably not. Are what they are doing unethical? I’ll leave it up to you and ICANN to judge.

My larger concern is that someone who does not relize that there are companies out there would fall prey to them.

Always make sure your renewal is coming from the company you registered with. You can often times check with your web delevloper for confirmation. I would always invite and of my clients to question these things and check with me first to confirm.

Do not let these companies make you a victim.

I am testing out a WordPress plug-in called Google XML Sitemaps.

I am testing out a WordPress plug-in called Google XML Sitemaps that will cover both the blog and my website.

The reason for choosing this plug-in over others is that it was easy to add them main sites web pages as well as the blog itself. There are some great sitemap tools out there.

My favorite is the one built into my website building software. This is because it allows you to select which pages you want in your sitemap and those you don’t. It even goes a step further where you can add to the page robot text to stop the spiders from crawling.

When you have a blog as part of your website, some of the dynamics change. Each new post in the blog should have a description on the sitemap as well in order to increase your search engine optimization as well as make it easier to have your content found.

I will have a separate discussion on sitemaps themselves. For now, I want to get this post uploaded and test out the results as the sitemap being created, including the added website pages and determine where it puts it.

I’ll post back with the results

Business Side of Website Development

I was chatting with a couple people at a business group I belong to when someone asked why they my business was taking off so well when there are so many other website builders out there. Another person responded for me stating, “Because of the business approach we take in the design.”

There are a variety of reasons. You could write a book on what makes a good website business run well. So, I thought, I’d do a series about that in our blog.

When you purchase a newspaper at a stand or in a store it is folded in half usually to save space. What you see when you go to pick it up is just the top half. In the newspaper business, this is called “above the fold.” The concept is the same when someone lands on your website. What they see without scrolling on your screen is similar to only seeing the top half of the newspaper.

The paper industry understands the importance of getting your attention and interest to help encourage you to purchase a paper. A website should be the same. Also, keep in mind, people are also more scanners than readers. But that is another topic. The second thing is people read from right to left and top to bottom.

With that in mind, you then lay out your home or landing page. How you place your name, what you are, images and contact information will often be the difference of having someone stay or leave. In fact, sometimes they may have all the information they were looking for right there and pick up the phone and call or email.

If the purpose is to get a visitor to get in contact with you, how important is it for them to cruise through the rest of your site? You need to define the purpose of your site, and set the home page as a way of possibly obtaining that purpose right away. When you build a website, think of creating both a strategy and design that are effective and will meet your business goals.

A business will be much more eager to build or rebuild an existing site if it can see a clear return on investment and a strong marketing strategy. When a website designer thinks, understands and acts as a business promoter, he will in turn get more work from businesses that recognize that.