Dwayne Coots

Archive for August, 2008

So you have your own blog using WordPress and want to install a custom theme. It’s easy to do — depending on your web hosting platform and how it is configured.

The easiest way to do it is using cPanel control panel. If your host has this control panel it’s follow the instructions. If your host does not provide cPanel contact me and I’ll get you fixed up. As always, I’m At Your Servers at Gmail. 

Issues: Installing a new WordPress theme is a low impact process and at the most you may have a compatibility problem later if an update includes functions the custom theme does not support. In that very rare case you can revert back to the stock theme while you get a new custom one — or have it adapted for you.

Make sure you get your theme from a reputable site! There are many sites out there that do a shabby job of theme building and are only providing free themes so they can embed links in them to monetize your traffic — or worse. So use the WordPress theme directory or some other mainstream site to make sure it’s safe to download your dream theme.

Once you have acquired the zip file, upload it into your hosting storage area using the cPanel control panel. I recommend using the ‘File Manager’ feature of your control panel instead of an FTP client because the control panel application will unpack the zip file for you making theme installation virtually effortless.

Ready to rock? Let’s get started. Step by Step…

Read the rest of this entry »

A client recently reported some strange entries in their website statistics referrer logs. The entry was from a bot probe by a nasty outfit that is up to all sorts of evil malware stuff. The issue did raise a good questions about the security of sites and what even novice webmasters can and should do to protect themselves from site compromise.

Bot probes from a slimy outfits are common. Properly secured systems will block offending IPs but the attacking bots switch IPs all the time. This form of vulnerability probe or referrer spam is very common — just like email spam. We do everything we can to prevent it but that does not stop the evil bastards from trying… all the time.

This is why it is so important to have a strong password and to change it every few months. You should also look around in your site file structure frequently for things that don’t belong — like .c files or .exe files or even php files that you did not install. I recommend you check your site once a week for this kind of activity.

Remember, no matter how secure our servers are, your website is an open door to the world and malware developers have a powerful monetary interest in gaining control of your server resources to make money. The days of malicious teenagers gleefully scrambling your home page and laughing through a mouth full of hot pockets is long gone. Hacking websites to install malware is serious (and big) business.

So it’s also up to you as a webmaster to make sure you don’t let these demons in the door.

By the way. Take care which backlinks you click on while scanning your stats reports. That is one way referrer spam works. The malware developer creates an attack routine and embeds it in a web page. Then they deploy botnets to spider websites constantly — leaving nice little fake ‘visitor’ entries in the log files and stats. Then if you click on the link to see who visited you the malware site hits your machine with a payload. Even though you may have a great antivirus / antimalware program, pages can be constructed in ways to overwhelm your computers resources and tie up your system as the payload is being installed.

It’s a jungle. And your website is part of the food chain.

As always we’re, At Your Servers

Dwayne