Tag Archives: php

.net anonymity CSS firefox Google heat maps hot spot how-to HTTP headers IDE information theory Localographer Papers sessions spam web-development WordPress

Fixing a ‘This site may harm your computer’ warning, part 3: Clearing a spammed forum

Sun setting behind a sculpture in the park near Google Earlier I wrote about the steps you should take if your site has been hacked and is being slapped with a “This site may harm your computer” label. In that post we covered some of the sneaky ways scammers will insert text into your posts on WordPress and other blog software.

But what if it’s even worse? Let’s say you installed a forum like phpBB to play around with but haven’t been keeping up with security updates. Or, even worse, your ftp account has been compromised and spammers have installed their own bulletin board or other content in a subfolder or subdomain. You don’t want Google and Yahoo thinking you are a spammer, so what do you do?

In that worst-case scenario, you’ll first need to change your passwords and make sure you have control of any and all ftp accounts, telnet accounts, etc. You may need to work with your host to make sure everything is locked down. Web server security is a big topic in it’s own right so from here on out we’ll assume you’ve already got that covered.

Step 1 – Delete the spam!

The first thing to do is delete the spammy bulletin board. Go ahead and delete all the contents of the directory. Don’t delete the directory itself quite yet. This does two things – it stops the spammers from getting any benefit from wayward visitors to your site and it causes your web server to start serving 404s (not found) to search engine spiders.

You can go one step further and explicitly tell browsers and spiders that this stuff is gone forever- by serving a 410 (gone). You can do this with any server-side language, my example will be in PHP. Create a new index.php file in your formerly-spammed directory that looks like this:

<?php header("HTTP/1.1 410 Gone");
header("Status: 410 Gone");?>

This will cover the main directory and then you can use mod_rewrite to redirect all the deleted pages to your 410 file.

Step 2 – Update your robots.txt

At this point search engine spiders will be able to figure out that the pages should be removed from their indexes, but only one page at a time as they re-crawl your site. You want it out of there ASAP, so create a robots.txt entry to tell spiders to stay away from the whole directory. It should look something like this:

User-agent: *
Disallow: /forum/

If the spam was in a subdomain, you’ll need to make sure you have a robots.txt file in the root directory of the subdomain that disallows the whole thing:

User-agent: *
Disallow: /

Step 3 – Tell Google about the spam

Log in to Google Webmaster Tools and look under Tools -> Remove URLs.  Create a new removal request for the subdirectory or subdomain you’ve cleaned.  This might seem a little redundant, since you’ve already done two steps that will let search engines know you’re no longer serving up spam.  But it’s worth being as explicit as possible to get your site’s reputation cleared as quickly as possible.

Bonus tip:  Subdomains and Google Webmaster Tools

If your spammed forum was in a subdomain, let’s say http://forum.exmaple.com, you’ll need to add the subdomain as a new site in Google Webmaster Tools.  You’ll need to go through the site verification process for the subdomain, too – it won’t verify automtically like if you had added a subdirectory as a new site.

By the way, if you’d like some more tips about keeping your site clean and tidy, check out this great post on the Google Webmaster Central Blog.

Any questions? Comments?  Tips that I’ve missed?  Please post in the comments section below.

How do you set up a PHP development environment?

DSCN1377-1Are you a budding web developer wondering where to start?  An old hand looking for new tools?  Let me tell you a little bit about how I do my PHP / web development work, and maybe some it will be of use to you.

I am starting up some work on Mealographer again.  It definitely needs it, I did a usability test about a year ago and still haven’t fixed the issues I uncovered.  I haven’t been doing a lot of work in PHP recently, at my day job is all Java all the time.  I used to be happy with a text editor, a server somewhere and a browser, but since I’ve been using Eclipse I’ve become spoiled by better tools.

So what do you need to get started?  If you just want to play around, all you need is:

A text editor.  You can use Notepad, but I’ve used HTMLKit in the past.  It’s free and it does basic stuff like syntax highlighting nicely.

A server.  You can set everything up on a remote server, many have PHP accounts for as low as $5/month.  Right now I use Site5 [referral link].  I also want to give a shout out to Q5Media, though PHP isn’t their main thing.

A browser.  This is pretty basic, but worth mentioning.  You need Firefox, which is free to download.  You’ll also want to test things in IE, which you probably already had.

You can do real work with just the above.  It’s worth taking advantage of all the great tools out there, though, including:

An integrated development environment (IDE) – I’m pretty happy with Eclipse for Java development (or the related IBM RAD 6).  What about for PHP?  Right now I’m trying to decide between PHPEclispe and the PDT plugin.  Anyone have an opinion on which way to go?

A local development server – If you want to run PHP locally on windows, you can install Apache or get PHP working on IIS.  In my experience, though, you can’t beat WAMPSERVER – it includes Apache, MySQL and PHP and makes configuration pretty easy.

Source control – There’s no way to keep track of a project of any real size without a change management system.  I have used CVS a lot, and SmartCVS is a good free client.  There are also CVS plugins for Eclipse.  I have heard a lot of good things about Subversion as well.

Web developer plugins for Firefox – seriously, if you don’t have these, you might as well tie your hand behind your back when writing JavaScript of CSS.  Here’s a good list of Firefox plugins.

So that’s what I use – what am I missing?  Post suggestions in the comments below.

Software Comparison: ASP.NET vs PHP

ASP.NET and PHP

Virtually every medium or large web site now uses some kind of server-side scripting to generate web pages and interactive features instead of static html. A number of technologies are used for this purpose, including PHP, ASP.NET, Perl, ColdFusion, and JSP. This paper will look at Microsoft’s ASP.NET and an open-source alternative, PHP, and compare them in terms of cost, performance, support, features and ease of use for web development.

 

Comparing ASP and PHP can be difficult because they are not exactly the same class of software. PHP is simply a server-side scripting language. The PHP homepage describes it as “a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.”1 ASP, more properly ASP.NET, is not a language per se, and allows users to program Microsoft Internet Information Services (IIS) in Jscript, Vbscript, and C#, among others. ASP.NET is a little harder to define than PHP. ASP stands for Active Server Pages, and .NET, according to Microsoft, “is a set of Microsoft software technologies for connecting information, people, systems, and devices. It enables a high level of software integration through the use of Web services—small, discrete, building-block applications that connect to each other as well as to other, larger applications over the Internet.”2

 

Despite major structural differences, the two can and should be compared because they can be used to create the same kinds of medium-to-large, dynamic, often database-driven web sites. Server-side scripting allows sites to easily edit and update information, offer interactive features like forums and personalization, and track user traffic.

  Continue reading