Munging

 

More Website Security

If you will look at the sidebar on the left you will see my contact info. You can email me by clicking on that link, which will open your email client.

Now if I had just typed my email address in, any old email scraper could have crawled my site and lifted it. An email scraper is a bot which crawls around websites, especially business websites and searches for email addresses. It may be someone who wants to spam you. It may be a hacker who wants to spoof your email address (send spam as though it came from your website).

Scraping bots look for certain words or symbols such as “mailto” or “@”. Some are even good at finding email addresses where the owner has gotten tricky and spelled out the word at instead of using the symbol “@”.

So how does one protect their email address from being scraped?

A technique called “munging”.

Munging means using the ASCII code of characters, letters, numbers, and symbols. So if you look at the picture above – you see all those numbers and symbols? That’s ASCII code. If you write out your email address in ASCII code (include it in the html section where you want it to appear, or use your theme dashboard to position it appropriately), whoever visits your website will see your email just as if you had written it out.

Any bot however will only see what you see in the image above. A bunch of numbers. (Using this method will stop about 85% of current spambots looking for email addresses)

So protect your email from spammers, spoofers, and hackers. Learn how to mung.

If it’s too hard for you…here’s a Munging Tool graciously provided by Project Honeypot. A project which tracks spammers and hackers and works with law enforcement to stop them.

 Website Securityelhombredenegro via Compfight cc

Website Security

Website security is an important part of any business. Having your website taken over by a hacker is not something you want to have happen. And it happens more often than you think. Having your links redirected, data stolen, perhaps even a complete rewrite of your site.

What’s that? You say you haven’t even looked at your company’s website in months? Years?  Best take a look at it. Some company from China may have co-opted your entire domain to get an edge over the competition having replaced your hard work (or expensive work if you paid to have your website created) with their own.

Today I want to talk about website security. Specifically WordPress security since WordPress has become, thanks to its flexibility and wide variety of plugins available, a platform of choice for so many businesses.

WordPress

The first thing you should do, or have whoever maintains your website do, is to change the log-in username to something besides “admin”. As a matter of fact, do not allow them to create a username which is any of the following –

admin, admin1, aaa, adm, sysadmin, administrator, user, root, support, test, qwerty, manager, guest, apache, info, operator, webmaster, backup, demo, member, private, or password.

Downloads

Does your site offer a download? Paid or free it doesn’t matter. What did you name it? Hackers will use a simple technique where they will type your URL into the address bar and append the following to the address –

/?s=download

This forces WordPress to search and list all posts which contain the word download, and in all likelihood the very file you were trying to protect.

Robots

A second avenue of attack for those seeking files to download is the robots.txt file. The robots.txt file is a file which tells search engine spiders and webcrawlers not to look at certain pages and directories.

What the hacker will do is once again type in the URL and append the following to it –

/robots.txt

This will allow them access to the text file which will contain some code such as the following –

Disallow:/NothingHere

That line basically means – don’t see the subdirectory “NothingHere”.
So…why wouldn’t someone want a spider to see that subdirectory? Probably because there is stuff there. A lot of the time it’s the download page.

Don’t name your files conspicuously. Don’t put your download pages on your sitemap.

Wordfence

Wordfence is a WordPress plugin that can be installed free of charge. There is a paid upgrade if you would like to enable Cellphone Sign-in verification.

Log in to your WordPress site Admin Log-in.

Looking down the left hand sidebar, click on Plugins/Add new.

Type ‘Wordfence’ into the search box and hit return.

Choose Install from the plugin page.

One you have been notified that the plugin has been installed, activate it. You will need to go to the plugin website for a free API key. Copy it and paste it in the appropriate box at setup. Then fill out the general info.

Now on the left sidebar you should see Wordfence listed. The first thing to do is to choose ‘Options’.
Make sure all of the Alerts checkboxes are checked.

Under Live Traffic View, check the box for Don’t log signed in users with publishing access.

Under Scans to include, check all boxes except for the paid box that is at the top, and the scan files outside WordPress at the bottom of the list.

Under Firewall rules check the box to immediately block fake Google crawlers.

Under How long is an IP address blocked when it breaks a rule choose 1 month.

Under Login Security Options choose – Force admins and publishers to use strong passwords.
Lock out after 1 failure.
Lock out after 1 forgotten password attempt.
Count failures over the period of 1 day.
Amount of time a user is locked out – 60 days.
Check the final three boxes.

Under Other Options input your own IP address.
Check all the boxes.
Save changes.

Don’t worry about setting the lockout tries to only 1 try. If you forget and lock yourself out, you can change both your username and password in cPanel for another go.

Illegal Entry

Hackers will try to spoof your log-in info. That’s why we had you change your username and passwords. But you can check to see how many people are trying to log in as you by going to the Wordfence plugin, and choosing “Live Traffic”. Now look at the tabs across the top of the workpage that comes up and click on Logins and Logouts.

Any of these that are not you should be blocked. Click on block.

Now look to the left sidebar again and click on Blocked IPs.
You will see a list of all the IPs that you have blocked.
Click to block permanently.

Depending on how many people are trying to hack your website the notifications for these attempts should die down within a few weeks of blocking most of the active hackers.

This is a good start for safeguarding your website so you can concentrate on doing business. Not wondering where your website has gone.

BrandingMorphsuits by peter mackinnon


Branding

No, I’m not talking about writing an award-winning personals ad that’s going to score you that hot date.  I’m talking about branding for the entrepreneur. The lone entrepreneur who has no other employees. From the sole proprietor, to the garage-dad fleamarketer, to the baking-mom cookie caterer. Freelancers, consultants, any one person shop.

So we just have to look at the person because they are their brand…right?
Not so fast. First off, a business can have several brands. Even if there is only one chief cook & bottlewasher. Especially the more multi-faceted a business is.  There might be a brand for each targeted audience.

First, we should look at what a brand entails. A business does not own their brand. Not in the way most people think. A brand is owned by the customers of the business. The customers are the ones who think certain things, and feel a certain way about your company.

It’s not just a catchy name or fancy logo. It’s a lot more. Branding encompasses the whole of the look of your business and products, your image, your brands colors, fonts, and tagline. Even the furnishings and office your clients may get to see. How does it make them feel? Think of your favorite place to eat, how does it make you feel while you are there? They spend a lot of time and money-making sure you feel that way.

It’s also your business promise. What you promise to deliver to your clients, over and over and over again. Whether that is excellent service, a unique product, or the best price. Your clients need to feel and believe they can count on you.
The promise you make to your clients is expressed with your tagline or slogan, the business practices you establish, and the end products or results you provide.

Meaningful brands are made on solid principles & values that the business has made public.

A brand is the feeling your customer (and vendors) get from working with you. It’s the feeling that you, that your company is the solution to their needs or problems.

Maybe. The lone entrepreneur needs to step outside their business and see it the way their customers do. You can certainly be a part of your brand. But a business can be sold…you cannot.

The lone entrepreneur developing their brand needs to keep such things as the background of the company, its objectives, the target audience(s), the message, your competition, its distinguishing characteristics, the tone, any creative considerations that need to be in place, even the language and mannerisms you use in dealing with clients.

It’s identity for your business.

In the beginning, its personality might be you. But as you and it grows, it might become multiple companies with different goals.

Don’t confuse your personal identity with your brand. A business brand is much much more.

It can help to know who is speaking when you interact with people. Is it your business, or is it you the person being social?

As you go along you must on occasion re-examine your goals for creating the company, your companies goals (it’s mission statement), and how they fit together and accomplish things as you move into the future.

When someone asks you what you do, or asks about your business, your brand slogan is a good way to capture them and further your brand. No more than ten to twelve words. Make it emotional. Make it informative.

Remember what Steve Jobs said about the iPod – “it’s a thousand songs in your pocket”, and he has grabbed generation after generation with it.

paypal

Paypal Bus by Richard Masoner

 

If you’ve ever had a Paypal account, you maybe wish you hadn’t. Or maybe you’re just looking for an alternative.  Well here are 60 alternatives. Be sure to check them out thoroughly, do your due diligence, before signing up with any of them or placing funds with them.

 

1 http://www.payza.com
2 http://www.noca.com/
3 https://www.paydivvy.com/Default.aspx
4 https://www.wepay.com/
5 http://www.gopaytoo.com/
6 https://www.serve.com/
7 https://www.v.me/
8 https://www.dwolla.com/home
9 https://payments.amazon.com/
10 https://checkout.google.com
11 https://www.xoom.com/
12 http://www.2checkout.com/
13 http://www.clickbank.com/index.html
14 https://www.moneybookers.com
15 https://epay.propay.com/
16 https://www.ikobo.com/
17 http://www.libertyreserve.com/
18 http://www.nochex.com/
19 http://www.gspay.com/
20 http://www.ccnow.com/
21 http://www.shareit.com/
22 http://www.ccbill.com/
23 http://kagi.com/index.php
24 https://ibill.net/default.aspx
25 http://www.adyen.com/
26 http://www.vindicia.com/
27 http://www.clickandbuy.com/WW_en/home.html
28 http://www.neteller.com/
29 http://www.payoneer.com/
30 http://www.paypoint.com/
31 http://www.bigcommerce.com/
32 http://www.verotel.com/
33 http://home.plimus.com/ecommerce/
34 https://www.braintreepayments.com/
35 http://www.mycommerce.com/Solutions_SWREG_Overview.aspx
36 http://www.shareit.com/
37 http://www.fastspring.com/
38 http://www.payvment.com/
39 http://www.click2sell.eu/
40 http://www.clicksure.com/
41 https://www.paxum.com/payment/index….iews/index.xsl
42 http://www2.obopay.com/merchant/
43 https://www.popmoney.com/
44 http://www.zashpay.com/
45 https://venmo.com/
46 http://www.paymate.com/cms/index.php
47. https://www.payquicker.com/
48. www.paxum.com/‎
49. http://www.solidtrustpay.com/
50. http://www.paypros.com/
51. http://www.paylane.com/
52. http://www.instabill.com/
53. http://www.chronopay.com/en
54. https://www.squareup.com/
55. http://www.bitcoin.org/
56. http://www.mercheeplus.com/
57. https://coinbase.com/‎
58. https://bitpay.com/‎
59. http://www.skrill.com/
60. https://stripe.com/‎

Solstice

Winter Solstice At Stonehenge by Gruenemann

 

Well now that December has started and Thanksgiving feasts are behind it’s time for the historical revisionists, skeptics, and armchair atheists, to come out of the woodwork proclaiming that Christmas is just a pagan holiday (or several all lumped together) appropriated by Christians…so no big deal. Capiche?

Only problem is that it isn’t exactly true.
As a matter of fact, it’s a lie.
A really reasonable lie, if your not a student of history.
But it’s a lie that can make you look like an idiot if you run into anyone who knows any history.

Now if you’ve never run into this idea, that Christianity stole Christmas from the pagans, go find your local atheist and they’ll be glad to tell you all about it.
I’m not going rehash the fairytales they prefer to believe here.

So what’s the real deal?

The first question is of course – I thought the early Christians didn’t celebrate birthdays let alone the birth of our Lord?

Well the evidence says that the early Christians were darn near OCD about the birth and childhood of Jesus. The Infancy Gospel of James and the Infancy Gospel of Thomas reiterate the human nature of our Lord, and early Christians placed importance on the actual physical human birth of Christ in recognition of this fact.

But what about cranky old Origen? Didn’t he reject celebrating any birthdays as a pagan practice?
Yes he did. But Origen was also a Platonist who held several heretical beliefs that the ordinary early Christian did not. Either way, he never mentioned straight out being for or against celebrating the birth of Jesus.

The earliest mention of a celebration of Jesus birth is in 202 A.D. in the Commentary on Daniel by Hippolytus. He places the celebration of Jesus birth as 8 days before New Year’s Day or December 25th.
Around 302 A.D. during the reign of Diocletian, Emperor of Rome, a major persecutor of Christians, it’s recorded that 20,000 believers* were barricaded inside their church and burned to death while celebrating Jesus birth.
The Philocalian Calendar, which lists the feasts believers celebrated, from 354 A.D. regards it as an established feast of the early Church.
While in 386 AD John Chrysostom declared that the celebration feast of the birth of the Christ was an ancient tradition.
A collection of writings known as the Apostolic Constitutions which dates from around 380 A.D. orders Christians to celebrate the birth of Jesus and records that this injunction originates with the apostles themselves.

So what we have is ample evidence that the birth celebration of our Lord is one of the earliest true Christian Feasts the Church had.

But didn’t the Emperor Aurelian make December 25th a pagan holiday, Sol Invictus, in 274 A.D.?
That’s right, he did. But if you remember, Christians were already celebrating that day as the birth of our Lord. Hippolytus says so 72 years earlier.

 

So wait a minute…you mean the pagans actually stole December 25th from Christians?

 

It would certainly seem so. Especially since most of these political reforms, such as Aurelian creating a holiday, seemed to be directed at  kicking Christianity to the curb.

But where did the early Christians get the date, December 25th from?

They were Jews…so they got it from Jewish tradition of course.
Jewish tradition says that a prophet lives a perfect life. Both entering life and leaving it on the same day. Western Christians held that Christ died on March 25th, while Eastern Christians held to a death date of April 6th. Which is why, if you calculate exactly 9 months later, we have Western Christians celebrating December 25th, and Eastern Christians celebrating January 6th. Ultimately most Christian groups compromised on December 25th.

So where does all the stuff about Christians stealing December 25th from the pagans come from anyway?

Well, it…like so much atheist mythology, comes from anti-Protestant and anti-Papist rhetoric during the Reformation, and that was then jumped on during the Enlightenment.

Lay the blame for starting this mess with one Paul Ernst Jablonski. A German Protestant, who went around claiming that the Roman Catholic Church was the result of Christians adopting pagan festivals. That this moved the Church from it’s more ‘pure’ state.
A Catholic monk named Dom Jean Hardouin in an attempt to refute Protestant claims that the Roman Catholic Church had been “paganized” declared that the Church had adopted the pagan festivals to spread the faith.

So there you have it.
Christmas is no pagan copycat.

Celebrate it with blessing!

 

 

 

Sources
Calculating Christmas – William Tighe
Hippolytus and December 25th – Tom C. Schmidt
Hippolytus and the Original Date – Tom C. Schmidt
Text Tradition of Hippolytus Commentary on Daniel – Roger Pearse
20,000 Martyrs in Nicodemia – OCA, http://ocafs.oca.org/
The Pagan Origin of Christmas – A. John
The Chronography of 354 A.D. – Roger Pearse
The Ancient Feast of Christmas – John A. Peck
Apostolic Constitutions, Book V, Section III
Christmas – History.com

*In all likelihood this number represents the number Christians killed during that single persecution thrust, rather than the number of people in that single church.

%d bloggers like this: