Do you use Auction2Post [A2P]? If you don’t its a wordpress plugin which automatically implants listings from ebay as wordpress posts, including affiliate links through the ebay partner network from which you earn a commission. Its quite useful. Read my post about it here. Anyhow if you don’t use the plugin you can pretty much skip this post, unless you use a similar thing which is generating all kinds of nasty strings you don’t want in your posts

This post will show you how to sanitise your auction2post posts for annoying (and contract breaking) ebay auction strings, it even has 125 rules already in a file for import!

The problem

Auction2Post is great in lots of respects, its well written and does a prescribed job. Where it caused irritation for me is arguably after its done its job, after the wordpress plugin had created its posts. You see you can create posts via templates, which is great, it allows enough customisation for most, however I wanted a bit of text processing as often you are left with irritating auction footers and garbage text which make the user hit back or close at a displeasing rate (some of these ebay strings might actually make your Auction 2 posts sites break ebay partner network terms of service, its really worth sanitising your posts as I describe below!)

The Solution

This problem with Auction 2 Post and wordpress is one of the reasons Automated Editor was born, to give a bit more freedom in text processing, wordpress filters are great but I don’t think filtering hundreds of ebay phrases like that is effective.

If you want to cleanse your Auction2post posts of dirty ebay auction footers and the like here is how I currently do it:

1. Install Automated Editor plugin on the blog in question. (Get it here and install like a normal plugin.)
2. Go to the plugin (Auto Editor on its plugin menu) and read the disclaimer (big red box) and THEN accept it.
3. Download the rules file I have created (Get it at the bottom of this post) and unzip it somewhere.
   
4. Go to “Import/Export” on the Automated Editor plugin menu.
   
5. Choose the aforementioned rules file and hit import.
   
6. You should now have 125 or so rules in your rules list
7. Now go to Schedules on the plugin menu and then click Add New.
8. Scroll down and hit Select All (under the long list of rule checkboxes ebay1, ebay2 etc.)
   
9. Scroll down again and select Most Recent Post from the Target dropdown.
10. Make sure run option is on “After a post is published”.
    
11. Save it.
12. Turn on schedules.
    
13. Post a test post, either via A2P or manually, it should remove any of the 125 annoying (common) ebay auction strings it finds! Sorted.

Notes on this method:

• You will need the Full version (Ultra Pro) of Automated Editor, the free version is limited to 3 rules and this rules file alone has 125 ebay-string removing rules. It’s cheap though here.
• If you already have Auction2Post auction posts in the system you will have to setup a different schedule to operate on those, I usually set this up before I set any automation (it’s quite easy, just do the same thing and switch out “Most Recent post” for “all posts”, run it once then disable the schedule – you don’t want it operating on them all every time!)
• Currently this removes 125 strings I have found previously, mostly from uk auctions, I am considering writing a simplified version of this whole setup, an “Auction2Post Post Cleaner” which you can just activate and leave, perhaps with cloud rules, so watch this space. Good thing about the above setup though is you can continually improve your own rules file by adding your own strings.

Rules File

The link below offers a RAR’d version of my Automated Editor rules file which contains 125 x ebay string removal rules, yours for free Please however do use carefully, as with all automated-editor situations if you don’t understand what you are doing then don’t use it, this is for the people that understand the above problem and have the full version of the plugin.

Download Rules File
[Right click-Save as]

The post Remove unwanted eBay strings from A2P [Auction2post] posts with Automated Editor first appeared on Woody Hayday | Blog.

Website hacker entrance vectors (have any security holes?)

Common CMS, E-Commerce systems and forums (out of date or zero day, they all have or have had vulnerabilities) – WordPress, Drupal, OSCommerce, Gallery, PHPBB, VBulletin etc. etc. Particularly relevant here are the open source systems, but they are all susceptible – how many of these do you have installed where? For me these could of been answered with “a lot” and “some places”, clarity has now been restored but more on that later.

CMS Plugins (^^) – Often overlooked (especially by me), installed plugins can in themselves be entry vectors, often CMS’s push their communities to develop additional functionality for their system, which is a good thing, however if the system itself doesn’t deal particularly well with the security of folder structures or indeed how plugins are accessed they can offer ways in. Be careful with plugins which deal with file management and code execution (e.g. file attachers/uploaders etc.) Try to use late version highly rated plugins from reputable sources, with things like WordPress, plugins are low risk though as it has an excellent security model.

Bespoke server-side code and CMS’s – in my experience these is often LESS likely to get hacked, firstly “hackers” in this case are more likely to be script kiddies sitting in web cafes in some of the poorer world nations, they often use known exploits on common systems rather than trawl the web, searching for one off programmer mistakes. If you are behind the bespoke stuff leave out as many foot prints as possible and triple check everything. For bespoke stuff the most likely point of entry is simple SQL Injection, use SQL parameters.

FTP/WebDav – This really comes down to passwords as next indicated.

Passwords – Acquired by trojans or traffic sniffers, it becomes irrelevant what security you have in place across the whole setup if you don’t look after them properly. Avoid connecting to anything unencrypted (or at all if possible) on any network you don’t 100% trust, WIFI and wired, even if it’s a friends they could have a network sniffing Trojan on an idle machine. Install good anti-virus and protection software. Use Avast (free for private use) and Spybot Search and Destroy (these two are plenty.) Be careful with providing access to other users, whether it FTP, CMS, SSH, whatever – you may trust them but do you trust their computers?

Detection and Fixing – Realising you’ve been hit and fixing it

So after they gain entry, what would a hacker really do? Often with web hacking the motivation is kudos, money or sabotage – all are achieved through defacing, deleting or modifying web pages/logic and/or altering/downloading databases. A nightmare from the point of view of shared hosting users.

Depending on how they gain entry a hacker (or their automated executing code) may search through all of the files they can access, through ftp or server-side scripts, built to identify possible files to manipulate. They may download copies of things (e.g. databases!) but will likely set about cycling through all available webpage files and doing things such as:

• Inserting code within the page (iframes to bad websites, links to their websites – designed to improve their search engine rankings, redirect code which just shuttles people on to their sites)
• Replacing the file with a predesigned page (kudos fronts ‘this website was hacked by…’)
• Replacing common server-side functions and variables (e.g. replacing all the send values on email scripts to forward emails to an account other than the owners)

If you have a single site, or 10 or something the chances are you personally check them all every now and again, getting a little facetime at least once a week say. In this case your opportunity for hosting a hacked site is 7 days, not awful, not great – Google and browsers will start blocking your site if the hacker has inserted any code going to malware or similar, and otherwise may start to drop you down the rankings if your site now displays a ‘hacked by..’ page instead of your wholesome site.

In the case of a lot more sites on the host this can mean no detection for a longer time, if no system is in place, often first recognised through a drop in statistics/earnings (more likely earnings as in the case of iframed malware a change in the number of hits can be not hugely obvious.)

To add confusion to the mix it’s not unknown for hackers to mask their changes to you, it’s very easy with .htaccess files and php/asp headers (for example) to show content relative to its viewer. E.g. the hacker could shuttle people coming in from Google to a hacked page but people that access the site directly (typing it in) get shown the normal site. Furthermore they may not hit every site you have, perhaps a handful of random choices, some folders not others, a smokescreen like attack which could change each time.

Chances are once you get all your pages fixed and get around to looking at where the security hole is that when you recheck your sites they would have been hit again. This tells you two things, 1. The hacker is relentless (or more likely has a relentless automated program, exploiting 24/7) and 2. You have not plugged the security hole. Or if you are really unlucky you are being hacker tag teamed.

So anyway, detection. How do you go about knowing the integrity of your web portfolio? What if it spans 10 shared hosting accounts or 4 servers? Well likely if you own your own server you have spent the time/cash in locking everything down, what I suggest here would be useful to you guys but you may already have a better solution in place.

Currently there are a bunch of services which will do this for you, of which I have tried zero. “Monitoring” services are available worldwide ranging in prices drastically, for me though even the high end services didn’t offer a full set of features and were mostly hugely overpriced but for the top 50% of the portfolio, not effective for me.

The good things about using external monitoring services are obvious but none seemed to be able to offer realistic change monitoring (e.g. WordPress blogs may change content between <div id=”whatever”> and </div> every hour but the rest of the page should stay almost the same.) It is important they see the addition of malicious code to good pages and not throw constant false alarms. For ‘this website was hacked by..’ pages though they probably do a good job (as well as malware detection.) Uptime monitoring is also common as part of the packages, useful without doubt.

I suggest another way though of monitoring an established portfolio, that is the way I have resolved my recent hacker attacks, a realistic option for shared host/anywhere-in-the-world-with-a-laptop client based use. Ultimately an extension of a few older applications I wrote to manage a growing portfolio, weathered by several hacks across accounts within the past 6 months – Hard checks of every important file.

At first I wrote my system to simply allow me to take stock of the sites and CMS’s I have in place, to work out possible security holes from behind the scenes – but it turns out it works surprisingly well in identifying breaches. By checking your actual live file structure (.htaccess, index.php, default.aspx, index.html etc.) against a known correct file structure snapshot, you take the whole http part of the checking out of the loop, effectively making it a higher level integrity check than external services can ever offer.

By making Checksums of every critical file (often hackers just hit index.php, index.html, default.aspx etc.) within a given ftp/file structure and then automatically rechecking at scheduled points it becomes easy to minimise your window for financial fallout from hackers. This may seem like a time/bandwidth/processor consuming task but in actuality 100 websites with WordPress installed could be checked in a few Mb of download – in terms of modern data use that’s a few browses of a facebook photo gallery. What’s more it can run in the background, only prompting you on changes to files, as frequently as you want.

The side benefit of producing complete hosting account checksum snapshots is you are also able to accurately backup a working copy of your hosting account. Built into the checking process this means that you can then correct hackers’ malicious changes with a click of a button.

This of course does not take into account more hard-file based websites, database changes or regularly altered sites. I recommend automated screenshots to cover these or the combination of external monitoring services and integrity checking.

I have written an alpha release of this system (named Website Integrity Checker for now) and will gladly distribute/discuss it if you drop me a comment below. A beta copy might make its way out sometime.

The post Hackers wrecking your shared host account? Check your Website Portfolio Integrity first appeared on Woody Hayday | Blog.

May was a month of brick lane curries, a new art exhibition (silent city), mini golf and a bunch of other blurry stuff.

June was a good month (on the whole apart from hackers and google caffeine?!?), did incalculable amounts of coding, new site rollouts, tennis, monopoly, booked new york flights and some other stuff. Wrote a lot, drank a lot of wine, updated a bunch of auction2post sites because eBay updated their api (for the better) – standard summer month.

I started 4 draft posts across these two months but none seemed to stick, it’s not like the months were dry, posts boning csharp just didn’t fit, I was going to post csharp iis and multisql management code, a nice project I wrote to datamine from ebays new api and I was thinking of digging out my seo hub php based hub and rewriting it as a multi threaded windows app, but yeah sometimes stuff just doesn’t seem to hold enough value.

As ever though projects continue to crop up and evolve. I am working on a stupidly simple file system snapshotter after an incident with a second hacker, I will probably post about ripping data from the Nike app on the iPhone, if it isn’t up already somewhere else. Also I will make a quick program to save the top 20 wallpapers from reddit to a folder so windows 7 can automatically show me new epics (theres even an rss!) if know one else saves me the effort. Unless that is, all this stuff gets superseded. Mostly it’s just me biding my time and making broader plans

Look out for possible random posts on business intelligence, the stock market and brain architecture too, as they seem to keep cropping up.

The post Unpublished May and June 2010 first appeared on Woody Hayday | Blog.

I can see applications ranging from replacing my SEO QUAKE’s list parameter check to many many web marketing, analytics, data crawling and recording processes, all of which you could do in ms.excel, yet more accessible here. This isn’t a big deal, but landed on my lap this morning so here’s the share

The post Javascript in Spreadsheets? – Google Apps Script Does that first appeared on Woody Hayday | Blog.

The reason this post really sparked was this post on pico projectors and what pico projectors might be like in 2015. I think pico projector’s (tiny projectors that will fit in your hand but produce a projection pretty much the quality of your old tv, anywhere @ 50 inchs) will get huge. I don’t doubt for one minute that MVIS stock will be the first sign of this in the coming months (the microvision showWX is going to be the worlds first mainstream big selling pico – prediction) and this will be only the start for developing display technology. Over the next 5 years visually representative technology will blossom. We will see embedded pico-projector’s slot into city planning, home design, products such as laptops (netbooks), mobile phones, games systems, camera’s. Within lcd little growth will happen but we will likely see some sort of “ultra hd” – probably double current full hd (1080p), while embedded pico’s will feature a whole host of new resolutions, by 2015 we will definitely see full hd pico’s. This development of display technology will usher in a new age of advertisements, coupled with Augmented Reality and revolution amongst the Operating Systems.

Which brings me nicely to Augmented Reality. AR. Currently there is much buzz around Augmented reality, which I believe really is the sudden sci-fi geek realisation that technically the technology to fully provide AR is out, its been out for more than a year. Smart phones with knowledge of where they are and decent digital cameras have been around longer than the iPhone. It seems once this dawned on people everyone made a mad rush to make something AR, regardless of what it is. As a result magazines, advertisers and marketing companies largely came first (presumably they had the quickest fluid funds to pay for AR.) This marrs the technology a bit if you ask me but perhaps as AR becomes more meaning based this will change. My jury is out on AR but I think it won’t be as big a deal as everyone is making out it will be.

Business will change, or rather some business’s will change the way they use technology. You always get early adopters but I believe a good proportion of companies that operate around creative, co-operative ideology will gear up more technologically as the younger generation come into professionalism. We will see different technological assistance of work in the workplace. Board meetings will not only be worldwide (like now via Cisco tele-conferencing) but they will be assisted by interactive technology, touch and display will play large parts in this technology, beyond the Microsoft surface table and towards the science fiction of minority report. Data will be housed, represented and communicated differently. A few years ago usb sticks and solid state drives didn’t offer an easy solution to copying files, network speeds were a 100th of what they largely are today, there was no cloud. As data management and storage develop as too will the way we use it. We will probably have identifiers rather than storage in 2015. e.g. rather than copying a file to a usb stick you will simply instruct your interface to relate that data to a physical object, a soundwave (a word/phrase perhaps?) or a time of day or place, provided you can prove who you are you could then recieve it. You could carry a 200gb file with you in your wallet or on your fingernail, as the likelihood is that 200gb file will be stored centrally in what people now call the “cloud” (but will probably be a server in london or a main city) and you will simply use a relation to prompt whatever interface into providing you with this file.

There will be hurdles in achieving universal centralised data but by 2015 there will be a huge proportion less of personal computing power stored in the home. The google OS is perhaps a sign of a branching of operating systems, but I don’t see google dominating the operating system market. Microsoft have become a lot stronger over the last 18 months but the real truth of it is that neither of these developers seem to be truely embracing all of the technology developments happening. Perhaps this lag in uptake is natural, Microsoft does show some promising signs but is held back by business concerns, google seems to throw itself into the ideas without checking they are in the right direction, linux, well linux is linux. By 2015 I predict there will be at least another major world provider of what we currently refer to as operating systems. The whole concept needs re-exploring from the ground up, even starting again beyond the google os. Touch for example, AR and improved options for display are all completely ignored by all of the aforementioned operating systems, Microsoft is the only developer that even references these things but is yet to truly develop a commercial option.

Search will change too. The last few years has seen a huge uptake worldwide in searching for things which in turn has pushed marketing, sales and online business into a whole new age. It’s also cemented new business models such as affiliate marketing, search based advertising and more grey area web production. The long tail has well and truly become a reality, many successful business people spend their days driving traffic from long tail search into successful sales. This will continue but it wont settle in a single routine for long. Affiliate marketing will take to interactive media more as this becomes more integral in everyday life, search will some how adapt to a new more astute audience that is used to getting good search results fast and who quickly picks up trends and becomes integral members of up and coming online phenomena such as reddit, twitter etc. Beyond real-time, search will need to integrate much more with outside sources, new operating systems and the work out the best way to catalogue and express the ever expanding online data and how it is created and used.

HTML 5 is on its way too, this will be a major improvement but it wont be the last the web sees pre 2015. By 2015 I believe that the “internet” as we know it, a vast linked store of webpages will be a very different beast. Microsoft (XBOX), Apple (iPhone), Sony (Ps3) – these are all well known, global brands and they are all investing / operating in the new world of applications. Pioneered by Apple and the iphone the idea of segmented approved tools that are properly ordered was a (very apple) genius idea. Bringing a (standard) apple simplicity to what was previously a confusing and avoided world of software for a lot of people. Microsoft, Sky, Sony and other huge technology developers did not miss this success. In the coming years slowly these companies will target specific software/hardware at every possible market audience. By 2015 every member of your family will be buying something digital. Expanding on the segmented digitally providable media of the iphone app, television programs, games, music, films and books will all be available at the click of a button, tap of a screen or utterance of a command (and payment systems such as xbox subscriptions and ps3 accounts will remove the actual money part of the transaction further accelerating digital sales.) This new availability of media will be supported by webpages, but the web-pages are much more likely to be totally interactive, 3d integration is already in browsers but we will see more of this as well as individualised experiences. Imagine every web-page you accessed could (based on rules of privacy) know your name, interests etc – the web could be a much more interactive environment. By 2015 though I think the web could be on its way to new pastures, gone with the current ideal of “pages” accessed by address. An OS with search integrally built in could remove the requirement for a browser, content could be constructed on the fly and applications/services/movies/experiences could replace pages as we know them, with the situation that web pages changing from a square, box of a screen to a multi surface vivid world that we live in, there is no doubt in my mind that the OS and the web “page” as we know it will adapt to a new medium.

We are living in a time which is the true beginning of technology adoption, 2015 might bring a few or all of my predictions into reality, it could just as likely bring thousands more. Social adoption will drive these things forward and in return the technology will hopefully create a more co-operative, fair and equal world society.

The post 2015 – What will technology be in 2015? first appeared on Woody Hayday | Blog.

But irrelevant of the selling gumpf I had heard good things. In the uk it worked out as £68 or so with currency conversion to buy Auction 2 Post and a pack of 20 themes and it is, worth it. Worth it that is if you intend to use it to satisfy a need. I wouldn’t buy it if you are just looking for some new “get rich quick scheme” to burn your money into, get it if you know wordpress, get it if you already have some ebay sites (php bay, bans, bespoke – please say you have bespoke!) or a good use within an established site network/blog context.

There are lots of ways  you can use Auction 2 post, essentially it just posts ebay auctions as posts’ and offers you a host of ways of doing that, within templates, automatically etc. and you can stay within the ebay partner network rules as long as you invest a bit of time in reading them (you should do this when you sign up, by the way!) A word of caution at this point though, EbayPartnerNetwork is apparently getting hotter on the unscrupulous affiliate and if you were not careful you could probably tear their Terms of Service to shreds with this plugin, not that I would know about doing that! EPN (Ebay Partner Network) is lucrative and worth investing time if your a natural SEO developer, auction 2 post is a nice implementation of a wordpress plugin that helps you into this – but its all about how you use it!

I won’t go into how I am using this WordPress plugin, or how you should – there are a lot of great ways this can work for you. I have set up several experimental sites and am using it in xx other blogs, I will perhaps release some results, experiences and stats in the near future, although we don’t want A2p to get too big do we The forum’s and support for Auction 2 Post are great, zizby/radio is quick to respond to your questions about the plugin – the member area is simple but I have found a few dead links – nothing important and I am sure they’ll fix this. In essence if you know what your doing with the web and wordpress you need this plugin in your affiliate arsenal!

Get Auction 2 Post
(Just skip through the blurb and click order now)

The post Auction 2 Post first appeared on Woody Hayday | Blog.