After 5 Web Design | February 10, 2007
I found another small security problem in Php Link Directory. It seems that in include/function.php pld relies on the HTTP_X_FORWARDED_FOR server variable. This is an unreliable variable and can be spoofed quite easily. Because of this, spammers are sending prebuilt posts to directories through proxy servers. This causes PLD to report the submitter's IP address incorrectly, so if you attempt to ban the submitter's IP address, they remain unaffected (while some poor schmuck who has had his IP address "borrowed" will be unable to submit links to your directory).
To fix this, open include/functions.php and find the following (around line 114 in pld 2.xx and around line 806 in pld 3.xx):
function get_client_ip() {
if (isset ($_SERVER['HTTP_X_FORWARDED_FOR']))
$ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else
$ipAddress = $_SERVER['REMOTE_ADDR'];
return $ipAddress;
}
and change it to:
function get_client_ip() {
$ipAddress = $_SERVER['REMOTE_ADDR'];
return $ipAddress;
}
This will cause pld to report the IP of the proxy (which is much tougher to spoof) instead of the fictitious IP address. Banning this IP will mean that proxy server will no longer be useful to the spammer.
Not quite as good as sending a cruise missile to the terrorist's house, but at least it gives you a way of preventing spam submissions.
After 5 Web Design | October 19, 2006
We discovered a pretty serious flaw in the code for PHPLD. It turns out that you can submit HTML in the Description, Title, and Owner's Name fields. After briefly dreaming of how easily we could hack the 10,000+ installs of phpld to gain all the free links we wanted (even in paid directories!), we reported it to the boys at
PHP Link Directory. We not only reported where the vulnerability was, we also sent them the code that could be used to fix it. Unfortunately, they haven't yet patched the code available for download, nor have they posted any information on how to patch the script.
Fortunately, the fix is rather simple. Open your submit.php file in your favorite editor and find these lines (on or around line 125):
$data['LAST_CHECKED'] = gmdate('Y-m-d H:i:s');
$data['DATE_ADDED'] = gmdate('Y-m-d H:i:s');
$data['DATE_MODIFIED'] = gmdate('Y-m-d H:i:s');
Insert these three new lines of code after them:
$data['DESCRIPTION'] = strip_tags($data['DESCRIPTION']);
$data['TITLE'] = strip_tags($data['TITLE']);
$data['OWNER_NAME'] = strip_tags($data['OWNER_NAME']);
This code will strip all the html tags from the Description, Title, and Owner's Name fields (in case it wasn't obvious). As a caveat, it will also prevent your admin panel from being hidden by spammers who are currently submitting malformed html links that say crap like "My dear web designer, it is nice."
Digg this
After 5 Web Design | July 10, 2006
I recently got a new cell phone, and I am in the process of learning all the new features. This got me thinking, what is the future of the cell phone?
The most fundamental aspect of telecommunications is to allow you to connect with someone who is not physically close to you. Thus the words "tele" (meaning distant) and "com" (meaning communications)...duh! However, communication takes many forms. The spoken word is communication, and cellphones have this covered pretty well. Email and text messaging covers written communication well, and you can do this with cellphones too (although the keypad certainly leaves me wanting). Many cell phones even have a TTY mode to allow communications with deaf people (still no braillex models though to my knowledge...although that
may soon be a thing of the past). But visual communication is not so great with cellphones. Sure, camera phones allow you to take pictures, and the pictures can be sent to another cell phone (at least according to my new manual), but this is slow and clunky. It is also not video.
To me, the ultimate expression of any telecommunications device is to give me the same feelings and impressions I would get if I were there. Cell phones need to be able to act as a real time tv camera. They need to give me the sites and sounds of actually being in the room with the person. I need to be able to interact with the data the other party is viewing. Ideally, I would even like to be able to interact with physcal objects at the remote location or smell the smells at the far end. Anyone who has read any Sci-Fi/Fantasy books will immediately recognize that what I want is an avatar. And while this may sound far off, just look at how far we've come since the first cell phone.
After 5 Web Design | December 23, 2005
Because of the sheer amount of comment spam we have been receiving (over 200 a day!), we are now limiting comments to the two weeks following the post. After the New Year we will start looking for better blog software. Any recommendations?
After 5 Web Design | December 5, 2005
It may be a bit early to say, but MSN is trouncing Google.
We suspected this the other day when we were searching for all the sites using the Article Dashboard softwre. We used the link: and linkdomain: commands to find all the sites linked to Article Dashboard, because their script includes a link to their site at the bottom of every page. MSN returned 39,131 results. Google? 2,410.
Another indication of MSN's creeping dominance was found in the server logs for my personal blog last night. MSN has spidered my site 23 times in the last month. Google has spidered it 83 times. But look at the results of a Site: command:
MSN: 139
Google: 5
Now, it could be that I've made some kind of G sh*t list due to my one Adsense incident, but I don't think so. I think it's just a matter of Google needing to learn the lesson pinball machine makers learned many years ago. In the old days, hitting a bumper on a pinball machine scored you one point. Then some brilliant guy got the idea to make a bumper worth 10 points. Oddly this made their machine more popular. Soon bumpers were worth 100 points, and those machines were more popular than the ones that only gave 10 points. Now-a-days, bumpers on pinball machines are worth 1,000 - 10,000 points. Even hardware manufacturers know this lesson well. When's the last time you bought a hard drive and actually got the number of gigs (or most likely megs) of storage advertised on the box? When purchasing AMD chips, what number is printed on the box? It's clock speed? Do 56k modems really go 56k?
In all fairness, just because MSN displays more info about sites than Google doesn't mean they have more. All the Google insiders point out that they get to see way more data on a daily basis than all us regular schmoes, and they like to point out that they see daily pagerank updates in their offices. So without knowing the real numbers, it may be unfair to compare Google and MSN results.
Or is it?
Google certainly judges your site by what's on the page, so if what's good for the goose is good for the gander, then judging Google by the results on their page is certainly fair.
Also, just because MSN has more information than Google doesn't mean their search results are more relevent. This could be a sign that Google has successfully weeded out more spam sites than MSN. But consider this, if I'm looking for the best candy in the world, which do you figure I'm going to chose: The candy store with the most popular candies, or the candy store with the widest selection? If MSN can organize their information in a way comparable to Google, I'll likely be cancelling my Adsense account.
After 5 Web Design | November 30, 2005
After 5 Web Design is happy to announce the release of Article Distributor. What is it? It is a semi-autonomous article submission application that can help article authors quickly submiter their articles to over 200 article sites. It only works with sites that use the Article Dashboard software, but with over 200 installations,
Article Dashboard is very popular.
Article Distributor is freely available from our Products -> Software page or can be downloaded from
http://www.after5webdesign.com/software/articledistributor.zip.
Note: During install, you may get a 1935 error. This is a permission denied error. It means you need to disable your virus scanner so the msxml4.dll can be copied to your Windows System folder.
After 5 Web Design | October 31, 2005
After 5 Web design is pleased to annouce our new one way link directory. The cost is currently $3 because unlike other directories, inclusion in the After 5 Web directory will also mean inclusion in all of our directories. All links are SEO friendly, spiderable, and pass PR.
There are currently only two other link directories:
http://www.ndthunder.com and
http://www.dakotatundra.com. Each directory is on a seperate IP address (69.93.45.234 and 216.86.146.12 respectively), and each directory is a functional directory in its own right, so these are not merely duplicated content scraper sites.
We have plans to add new directories as quickly as possible (in fact seven are in the works right now!), and the price will change accordingly. Pricing will be $1 per directory, so when we have 5 directories ready, the price will be increased to $5, and when we have 10 ready, the price will be $10. However, listing your link now will automatically get you included in all our future directories, so buying early is to your advantage.
After 5 Web Design is happy to be of service to the web master community.
After 5 Web Design | October 26, 2005
If you've added your link to a bunch of directories, but none of them are showing up as backlinks in the search engines yet, you need this nifty tidbit I just discovered. I was playing with rss this morning trying to add a custom feed to My MSN. Doing some searching on their site revealed the following:
When your site is published as Really Simple Syndication (RSS), it can be indexed by programs that "crawl," or search, the Web for new content. When your site is indexed, users can find your site by searching for your content with the search box that appears when you click Add Content. If you search for content from your site or domain and you get no results, your site hasn't been indexed yet.
Reading further down the page, I learned one of the ways to increase traffic to my site:
Get your site indexed by the My MSN RSS search tool. By entering the Web address of your RSS feed into My MSN, your site will be searchable by My MSN within 24 hours.
So how does this relate to backlinks? Easy! If any of the directories you submitted to offered an RSS or XML feed, you could add that feed to your My MSN page, and that page would get spidered by MSN. Google and Yahoo also offer the ability to add custom rss feeds to your personal page, and presumably, they too will have to spider the page to get the content. Thus, you can ensure that your nice directory links are indeed found, spidered, and counted by the major search engines.
After 5 Web Design | October 20, 2005
Barring somoen pointing out a bug I over looked, our site is now done. I'd love comments on it. :)
After 5 Web Design | September 29, 2005
http://www.internetworldstats.com/am/us.htm
http://www.nielsen-netratings.com/pr/pr_050928.pdf
Nielsen Net Ratings reported that 42% of the US population uses broadband (meaning a connection speed of more than 56k) to access the internet. They also report that 68.5% of the US population accesses the internet. This means that about 59.5% of internet users are using a broadband connection. In 2002, it was estimated that only 13.8% of the US population would be using broadband by 2005.
68% internet penetration is an amazing number considering that the World Wide Web has only been around since 1991, and the first web browser (Mosaic) was developed in 1993. It's a long way to go in 12 years.
Telephone penetration rates have hovered around 95% for the last few decades. Telephone has been around for well over 100 years (128 if I remember my dates correctly).
{Note: The first commercial TV set were manufactured in Germany in 1934, but the US didn't start until 1938. By 1942, only about 8,000 had been produced. WWII kind of interupted things, and TV production was stopped until 1945.}
Comparing television's penetration rates for 1946 of 0.5% to 1962's 90% penetration, it appears that TV only took 16 years to reach 90% penetration, but one cannot doubt that GI's talked about the wonders of TV and used their disposable post-war income to accelerate TV's adoption. So, 90% pentration may have taken between 16 to 24 years if not for the war.
The standards for color TV were set in 1953, but color television did not reach 50% penetration until 1972. Nearly 20 years later.
56% of US households had cable or satellite television service in 2003 according to ZenithOptimedia.
Is there any doubt that the internet will transform (or has already transformed) our culture the same way television or the telephone did? In most cases, a business cannot truly be called a business if it does not have a telephone. Given these facts and figures, can one doubt that the internet will become one of the most integral resources available to businesses? We don't think so.