| LED Digest 2137: Ethical Tracking, also Loading Times |
|
|
|
================================================== The LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" pair Networks: The LED's Web Host Hosting and Domain Reg. from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam, led-digest.com http://www.led-digest.com .............................................. April 12, 2006 Issue #2137 .............................................. .....IN THIS DIGEST..... ======= NEW ==================== <Moderator Comment> ~ Duped Subjects --== Ethics of Tracking Clicks ==-- ~ Jason Ohrum "Is it ethical to add a small 1 pixel gif with the link on their listing page...?" --== Site Loading Times ==-- ~ Greg Watson "...stats for one of my newest websites showed 30.43% dial-up users." ==== CONTINUING ================= --== Protecting Code ==-- ~ John Smart "Passwords should be kept below the root." ~ Andreas Huttenrauch "There are also many online services available that will decode scripts..." --== Bandwidth Theft ==-- ~ Claudiu Spulber "I would suggest analyzing a little the .htaccess documentation." ==== BILLBOARD =================== --== WebAwards ==-- ~ Bob Licciardi --== The WayBack Machine ==-- ~ Lee Roberts --== Phishing Update ==-- ~ John Quinlan ========== NEW =================================== <Moderator Comment> Sorry about the duplicate subject lines in the last two issues ("Hiding Code"). Must be strain from the hours I've been putting in on the LED site: www.led-digest.com. Take a look -- but remember that it's only just begun and is *very* rough. Hope it's a great week, adam -------------------- From: Jason Ohrum Subject: New Topic - Tracking Clicks We have a small directory and need to track clicks to member websites, but unfortunately this means redirecting to another page then ultimately to the website of the customer. Is it ethical to add a small 1 pixel gif with the link on their listing page so the page still confers link popularity? Thanks in advance. Jason Ohrum -------- new post - new topic -------- From: Greg Watson Subject: New Topic - Design for Connection Speeds For years, I closely adhered to design principles of creating fast loading web pages. However, over the last year I have tended to focus on other issues and pay significantly less attention to the speed at which new pages can be loaded. What a shock this morning when I looked at stats for one of my newest websites that showed that 30.43% of visitors to this site were dial-up users. Now I don't know how accurate that statistic is -- but regardless, it indicates that a significantly greater number of internet users are still on dial-up than I had intuitively presumed... Greg Watson ======== CONTINUING =============================== From: John Smart Subject: Protecting code > I know that PHP is server based... but someone > told me that there might be ways to get the PHP > code from a site and I wonder if that is true. - Claudiu Spulber, LED 2136 The PHP code cannot be seen client side - unless mistakes are made. Passwords should be kept below the root. In English, suppose that yourdomain.com/index.php can be found on the server at '/docs/http/yourdomain.com/web/index.php' then your password file should be kept at '/docs/http/yourdomain.com/passwords.inc.php'. The second tip is do NOT use .inc as a file extension, because not all servers protect that, and some will show the code, if a troublemaker guesses the file name. Always use .php or .inc.php. If you cannot trust your host, then it is time to find a new host! We have all sorts of valuable client data on our servers, and they know we won't touch or compromise the integrity of their source. Finally, study security! If you are using an Apache server I would strongly recommend Apache Server Unleashed (Sams) and the PHP4 Bible (Converse park). Both of these have good security information. John Smart, Technical Director InternetDesign.com - A Human Touch in a Digital World -------- new post - same topic -------- From: Andreas Huttenrauch Subject: Protecting code The problem with protecting PHP code is very similar to trying to protect HTML and images. There are many "solutions" available, but none of them work. The simple systems are pretty easy to hack, and most of them use some form of self-encoding which simply requires the script to unencode itself during the run process. The more advanced systems are more difficult to hack, but in order to run them, require the client to install server-side software, which most ISP's will not permit. Major encoders like Zend are OK because most ISP's actually offer this, but very few ISP's will let you install new decoders. There are also many online services available that will decode scripts for you (just search for php decode). Obfuscation is a good method as it makes it rather difficult to make sense out of your source code. POBS is one of the better obfuscator, and when combined with encoding, gives a pretty good result. It is important to also realize before attempting to protect code, that you'll probably have to tweak (re-write) some code to enable it to work when obfuscated or encoded, and you'll also now have to deal with seperate sets of source and (non-debuggable) executable code, which makes working with the code a major pain. At the end of the day, it depends on how important the protection is to you. The more you try to protect PHP source, the more you inconvenience your customers, and this may reduce sales. The less you protect code, the more you open yourself up to piracy, which may reduce sales. Andreas Huttenrauch Globi Web Solutions www.globi.ca -------- new post - new topic --------- From: Claudiu Spulber Subject: Bandwidth theft > What I'd like to do is prevent someone from linking > to [my images] instead of copying them... Any help > in saving my bandwidth from theft would be greatly > appreciated. - Barb Radisavljevic, LED 2135 Hi Barb, I would suggest analyzing a little the .htaccess documentation. You can start looking at http://snipurl.com/p25p [vortexmind.net] for tips on how to prevent hot-linking and also blocking certain sites. Be sure to test the file well before you put it live, I know someone who accidentally blocked access to everyone for all images ;) (no no, not me). Regards, Claudiu Spulber http://www.backup4all.com// http://www.novapdf.com// ==== BILLBOARD =================================== From: Robert P. Licciardi Subject: WebAwards > The WebAwards is the standards-defining competition > that sets industry benchmarks based on the seven criteria > of a successful Web site... A complete list of past winners > can be found at www.enter-webawards.org. - William Rice, LED 2131 Are you serious? I took a look at the Antfarm... what an irritating site... menus on the trees are too hard to read... do not contrast well with background... fonts too small... the music is irritating and even though I have closed the site the damn music is still in a throbbing irritating loop and I can't find how to turn it off. Too many menus.... too many choices... and it doesn't deliver the messaqe without getting the viewer tired of looking and listening to it. The bottom line... how much money does this website make for it's owners? I'd like to know. That should be pointed out in your winners section. Bob Licciardi -------- new post - new topic -------- From: Lee Roberts Subject: WayBack > I took a quick look at the WayBack Machine... > but I noticed that the updates listed there (at > least, for my site) are not very current. - Tom Anson, LED 2136 The Wayback Machine located at Archive.org only shows changes to the home page. It only shows the major changes. It is a great tool to view historical information, but it doesn't show graphics if they no longer exist on the Web site. Sincerely, Lee Roberts http://www.roserockdesign.com http://www.applepiecart.com -------- new post - new topic -------- From: John Quinlan Subject: Phishing update Hi People, There has been a lot of coverage in this newsletter recently about spam, and whilst I agree that it is a pain having to filter out and double check to make sure no "real" mail has fallen through the net, let's concentrate on a specific type of spam -- phishing. Phishing costs us all money, yes it is the credit card companies and the banks that sooner or later pick up the tab, but they are not philanthropists and pass those costs back to us all. Whether we are a credit card holder or merchant we are paying for the frauds perpetrated on the gullible. Yes a lot of them are to be honest amateurish, with basic spelling mistakes and grammar errors but they are getting better and better all the time. The sites set up at the backend are often undistinguishable from the real thing. The regular Internet user could almost be forgiven for being sucked in. Governments seem to be ineffective in some cases and downright useless in others, so once again it is left to a group of volunteers to do something about it. A group of security professionals are running a site. A global phishing termination operation sponsored by CastleCops and Sunbelt Software, the volunteer PIRT Squad is comprised of folks who report phish, investigate phish, and actively work on phish takedown and termination (original concept by Robin Laudanski). If you can extract the headers and links from an email then you can use this simple form to report it http://castlecops.com/pirt , alternatively just forward it to This email address is being protected from spam bots, you need Javascript enabled to view it If you have a few minutes to spare it would be appreciated if you could lend your voice to a petition that my company are promoting to get the UK Government to do more about warning the public about the dangers on the net. You can do this by checking out http://www.sioli.co.uk/petition.html. Thanks, John Quinlan ------------------------------------------------------- The LED Digest is sponsored by pair Networks: pair.com for Hosting | pairNIC.com for Domains © Copyright 1995-2006 Orange Wheel, LLC. All Rights Reserved. "If you reveal your secrets to the wind you should not blame the wind for revealing them to the trees." - Kahlil Gibran |
