Dang it! – JohnnyA got me again
This time he hit two of my minor blogs, that I didn’t harden as well as my big blogs. My bigger problem is that I don’t know how he got back in. I cracked his code and read through it carefully but still don’t know what it does entirely.
There are some troubling lines of code though. For example these few lines change file permissions and edit for immediate or later code insertions. Although he’s using 0644 and not 777 which would make files wide open to public read/write/execute, which is even more curious.
if (!is_writable($b6)) @chmod($b6, 0644);$b8 = @filemtime($b6);@copy($a6,$a6.’1.php’);@touch($b6,$b8,$b8);@touch($a6.’1.php’,$b8,$b8);
$d0 = rand_checkstr();$e1 = array(“((^index.*\.|^default.*\.|^main.*\.|^.*body.*\.|^login.*\.|^.*content.*\….
My guess is that his code infiltrates and copies itself or inserts more malware into existing files using normal hooks (like </body>, </head>, and </html>. This is normal stuff… but then it lies dormant until he runs another script that uses cross-site scripting. I suspect this is a classic Trojan script written in PHP, although I’m not a hacker so how would I know.
So it’s incredibly important to run some scans through your database , use PHPMyAdmin, search for eval( and $0=. Just be careful not to delete your whole database. That’s really easy to do it you’re not familiar with using PHPMyAdmin.
It might also be good to replace all your plugins and WordPress core files with fresh copies. Also be on the lookout for new files his script might be created as future-use backdoors. I’ve not found any of these yet but he seems like a really tricky bastard and that would be an obvious feature to add to his script.
Also be sure to change your blog and FTP passwords. I don’t think it’s unthinkable that JohnnyA has found a way to crack the WP password hash. This would be very difficult to do but he’s gotten so deep into my blogs’ core code that I think it’s good prevention to change your password.
Also check the file permission on your files via FTP and triple check your .htaccess file. I use WP-Super-Cache to rewrite the .htaccess file and help speed up performance.
There are some other plugins you can install like Exploit Scanner which seem to help you explore vulnerabilities. But I’ve not found any tool that words perfectly to block this JohnnyA.
50,613 Absolute Unique Visitors Today on Tiny House Design
What an amazing day on Tiny House Design today. Jay Shafer and his tiny house were featured on the Yahoo homepage and we got thousands of new visitors to our tiny house blogs. I had a record day eclipsing my previous record by a factor of five. I typically get about 50,000 unique visitors on Tiny House Design each month, so to get that much traffic in ONE DAY is really incredible.
My inbox is still crammed full of questions from new readers. The most common questions are:
- Where can a tiny house be parked?
- How much do they cost?
- How do I get started building one?
I’ll do some writing on these topics in the coming week to see if I can help shed some light on these popular topics.
Big thanks to Yahoo. It’s really wonderful to see this very important alternative housing topic covered so prominently. I also want to sincerely thank my friends Jay Shafer, and Steve Weissman over at the Tumbleweed Tiny House Company!
The Trouble with Monetizing a Green Blog with Advertising in Pale Shades of Green
One of the main methods green bloggers use to support themselves financially with their blogs is by working with advertising networks that sell ad space for them. Google AdSense is often the first choice by bloggers because their solution is so easy to implement. Virtually any blogger can sign-up and start earning money right away, including those with low traffic blogs. Google also does a reasonably good job of targeting relevant ads to the website content too. This is good for the advertiser, blogger, and reader because it keeps the paid content in context and improves the effectiveness of the advertising as well as the user experience.
Once a blog’s traffic increases to a certain level it becomes eligible for ad networks that pay per impression instead of per click like Google. Google limits you to three ad units per page. The benefit of adding another ad network is that you can theoretically double your ad revenue by doubling the number of ads on the page, as long as you don’t run into the downside of the law of diminishing returns by filling the page with ads.
I was running 7 ad spaces on TinyHouseDesign.com until today, but finally became dissatisfied with the pale green ads my second ad network was delivering. I also became very dissatisfied with their management when my sell-through rate dropped dramatically without any satisfactory explanation. I’ll keep one ad unit running in a prominent spot for a few months to see if this is just a temporary issue.
Catch-22 for Ad Networks
You see I think the main problem is that most of the advertising dollars out there right now are coming from large corporations that typically to focus on green-washing campaigns more than truly green endeavors. So ad networks are probably caught in a catch-22 just like most small businesses in America. They can either cling to their ethics and face ruin or accept a wider variety of advertising deals and survive.
Catch-22 for Bloggers
Green bloggers who rely on advertising revenue as their main source of income are also stuck in a hard spot. They can either choose to struggle and cut out these pale green ads or buck it up and let them continue running.
Thanks God for Day Jobs & Multiple Income Streams
Luckily for me I have a good day job. So instead of continuing to let these pale green ads run on TinyHouseDesign.com, I’ll refocus my attention on monetizing my site in other ways, like drawing more tiny house plans.
We’re Stronger Together
I’ve been saying this a lot lately and mean a lot by it. I also suspect most of us need a little reminding that every system (natural or human-created) is stronger than the sum of it’s parts. Not to beat an old cliché to death, but sometimes we forget why the simple truths are true.
This particular truth happens because the connections between the separate parts actually contribute to the value of the combined group. In other words, strength doesn’t just come from the total mass of the group but the relationships that are formed between the parts. It’s like the connections themselves add mass to the total.
In business we see this happen in large companies regularly which are simply large organized groups of very talented people working toward the same set of goals. Corporations often get disrespected when their goals don’t include serving society or one abuses its power; I can think of many examples. I can also think of a few large corporations that serve society well, like Google. Google is an excellent example of how a large group of focused brilliant people can create incredibly powerful tools and technology. But even this gentile giant could easily step out of line and inadvertently step all over the people it intended to serve if its goals changed and excluded the people it once served.
In nature we see this happen when there is a wide diversity of natural living things in an ecosystem. A balance is found when the fabric of the interconnections finds a sustainable level. In other words when everyone has enough to eat and no one is getting eaten into extinction.
In a democracy we see this happen when the people still feel like they have a say their government and have joined together around central beliefs and values.
In communities we see this happen all the time when people come together around common issues, topics, and values. This can happen at many scales from a group of two or more people with the strength increasing as the number of people increase.
I personally stumbled on this realization as a community of very real people began to form around my blog, Tiny House Design. I’ve been amazed with the rapidly forming online community of people determined to solve their own housing challenges.
I’ve also experienced this first hand with the community of tiny house bloggers and builder who are as passionate as I am about raising awareness around housing issue and the benefits of living with less. As we share our learnings we’ve been able to focus in on the most important issues and topics is helping to grow the community.
$100 day blogging
This was a pleasant surprise this morning. I looked at yesterday’s ad revenue across my blogs and noticed that just between the two ad networks I subscribe to I had a $100 day yesterday. That doesn’t include selling any house plans either. While it’s not the most I’ve ever made in a day blogging it is definitely progress.
This also a good example of how pro-blogging really works, at least in my experience. It begins with a leap of faith and the writing must come from the heart. Actually that part should never stop. You’ll shout into the dark for quite some time and people may begin to listen. Then you’ll learn through comments and analytics what people are most interested in and focus on those topics. As more people subscribe and become regular readers traffic grows and slowly income streams develop. Progress often comes as spikes in traffic followed by higher bumpy plateaus, but grows steadily over time.
I never intend to leave my day job to blog full time because it’s a wonderful income stream all by itself. In other words my goal is to become completely debt free, not quit my day job. I think a lot of people make the mistake of making self employment a goal; I did once, but I think the goal should really be bigger than that.
I’ve made it about the lifestyle and life I want to live which is about becoming more self-sufficient and living more sustainably. Money and debt reduction are just tools I can use today for helping me achieve these goals.
Basic Simplicity Theme version 1.4.1
This past week I finished an update to Basic Simplicity. I also launched a new blog dedicated to the theme to help focus on theme content. I’ll also be writing about my adventures in problogging with an emphasis on avoiding all the deep bullshit you’ll read about making money.
Don’t get me wrong, you can make money blogging, but it seems most of the probloggers are so focused on selling the idea of blogging to schemers that they often sound like schemers themselves with all their ebooks, mentorships, and classes. I have no plans to ‘make money’ writing about blogging; I’ll stick to selling something of real value, tiny house plans. So in other words… what I’ll have to say about blogging will be free.
So if you want a slightly different tone I hope you’ll follow me at BasicSimplicity.com. I also setup a Twitter account specifically for Basic Simplicity theme and blogging tweets @basicsimplicity.
How to publish your blog on the Amazon Kindle
I just finished submitting two of my busiest blogs to be published on the Amazon Kindle. It was really easy to do but there is no guarantee they will approve it. I’ll post here again and report back later on whether my blogs were approved or rejected. But in the mean time let me explain why and how to publish your blog(s) on Kindle.
Overview
What’s a Kindle? Amazon has developed a electronic tablet for reading electronic books.
A blog on Kindle? Amazon has opened Kindle up for reading blogs just like you would read an electronic book. Subscribers pay a monthly subscription fee to Amazon.
Why is there a subscription fee? There is no option to deliver the blog free on Kindle at this time. I guess Amazon is thinking that a small subscription fee is worth the convenience of reading blogs on Kindle.
Do I get paid? Blog publishers get 30% of the monthly subscription fee. The subscription rate pricing is determined by Amazon.
How To
Step 1. Create an Account: (Create your Kindle Publishing Account) You’ll need to provide your tax identification number (like Social Security Number), address, and answers to security questions like your mother’s maiden name, and other information just like you would for any affiliate account. This is not the same as your Amazon Associates account.
Step 2. Add a Blog: You’ll need to prepare the following graphic images and information before you’ll be able to complete their submission form:
Screenshot: This image must be 800×600 pixels or smaller and less than 1.0 MB. You must use GIF, JPEG, TIFF, or BMP.
Masthead: This image must be 430×50 pixels or smaller and less than 1.0 MB. You must use GIF, JPEG, TIFF, or BMP.
Blog Description: Write a concise description of your blog that surfaces the most popular features of your blog. I always refer to my Google Analytics account when trying to understand the most popular content on my blogs.
Keywords/Tags: They allow 128 characters worth of keywords/tags. Be sure to choose wisely because these are used when people search for Kindle content.
RSS Feed URL: I submitted my original WordPress generated RSS URL. I didn’t want my Kindle account to rely on my Feedburner RSS URL. If you don’t know what your RSS URL is just view source and look for a line of code that looks like this:
<link rel=”alternate” type=”application/rss+xml” title=”Tiny House Design RSS Feed” href=”http://www.tinyhousedesign.com/feed/” />
The RSS URL in this example is: http://www.tinyhousedesign.com/feed/
Submission Form: Here is a screenshot of their submission form. Just click the thumbnail to see the full size image.
Step 3. Wait for Approval: It takes up to 72 hours for Amazon to approve or reject your submission.
Conclusion
This seems like a really interesting way to monetize and promote a blog. I think it’s still too early to know if Kindle will be a big hit like the iPhone but it does make sense to jump in early and get your blog on Kindle. It takes little time and costs no money and has great potential.
The newest Kindle seems like a really nifty device. I like it mostly because it would make it easy to downsize the bulk of a library and reduce the number of possessions we own. As a simple living advocate and anti-consumerist it’s a little ironic that I’d actually see value in any consumer product but this one would actually reduce the books your have to store.
Create your Kindle Publishing Account
Update! Both blogs I submitted were approved and are now available on Amazon Kindle. Take a look:
WP Super Cache Lowers My Hosting Cost
A couple of weeks ago I began re-testing a popular WordPress plugin called WP Super Cache. I had tried it before but had installed it incorrectly and crashed my biggest blog. This time I installed it right and it works great. It works by making flat HTML files of your blog’s web pages and moves the traffic load to Apache (the web server software) and off MySQL (the database software).
The benefit of this is that Apache can take the load and MySQL burns up the servers processor, relatively speaking. My host, Media Temple, charges more money when you use more than your fair share of your shared server’s processor. This seems fair and I like Media Temple because their system can auto scale-up to take huge traffic days, and I’ve had several on Tiny House Design.
My testing has shown that WP Super Cache does reduce my cost because it lightens the load on MySQL. It also speeds up my page loads because Apache is incredibly efficient at serving up flat HTML pages and images.
So I highly recommend WP Super Cache but will also warn you to be sure to read all the installation documentation and learn how to back it out if you experience a crash.
Here are screenshots from my GPU usage (processor use) at Media Temple and Google Analytics during the same time period. As you can see traffic was flat and GPU usage remained low.
Above: Control panel on Media Temple that shows low GPU usage.
Below: Report on Google Analytics.
Basic Simplicity 1.3 (new version of my WordPress theme)
I submitted my minimalist WordPress theme to the Free Theme Directory the other day and got a note back from them with a few suggestions. It didn’t take long to implement their recommended improvements and now Basic Simplicity 1.3 is available.
[download id="1"]
Updated WordPress Theme – Basic Simplicity Version 1.2
Over the last few nights I whipped up a simple administration screen for my free WordPress Theme. Now you can make very quick style changes right in the WordPress user interface; there’s no need to edit the stylesheet. You can also add your Google Analytics code, Google site verification code, and custom CSS.
These will be the last few edits for a while; I think I have it working well enough to start using basic simplicity on all my blogs. I have a few more features I’d like to add but I’ll hold off and give this version a careful test drive. If you give it a try too and run across any bugs please let me know. If you have any suggestions for future versions I’m all ears as well.
