Boomer eZine Logo

BOOMER eZINE

 

The Online Entrepreneur Magazine

Best eZine Logo

Ezine Articles Expert Logo

Volume 3 - Issue 10 1-1-09

AddThis Feed Button

Please pass Boomer eZine on to a friend.  They will thank you for it.

If a friend passed this to you, you can start your own subscription at www.boomer-ezine.com.  Complete the subscription form and you will receive a free copy of “How to Choose The Best Web Host for YOUR Website”.

 


Table of Contents for this issue.....

1.    Authors Comments

2.    Having Your Website Hacked

3.    Using the “#include” command

4.    Hostexcellence.com

5.    Conclusion

Author's Comments

 

Linda and I hope that you had a wonderful Christmas.  We enjoyed our

Christmas at home with Velma, Linda’s Mother, and Susanna, our daughter and her fiancÚ, Allen.  Our sons celebrated Christmas with their wives’ families this year.

 

You will notice that this issue of Boomer eZine is all text in this newsletter and does not point back to our website.  The reason is that someone hacked into our websites and installed some software that we do not know about.  Since we do not want to risk anyone being infected by something from our site, we deleted the Boomer eZine website and rebuilt only a few basic pages.

 

This will be the last issue of Boomer eZine until further notice.  Please read the following articles related to this incident to reduce your chances of being hacked and what to do to recover from it. 

Having your Website Hacked 

When you discover that your website has been hacked, it is like discovering that your house has been burglarized and your most valuable possessions have been stolen.  There is a feeling of deep loss and frustration that someone would do this to you. 

I received an email from a viewer that said his anti-virus software had detected possible malware on the Boomer eZine site.  My reaction was “how can that be.  The site is password protected with a strong password.  They must be getting a false positive from their software.” 

Then my son, Travis, told me that his anti-virus software had flagged Boomer eZine as having possible malware.  Time to start really looking! 

I logged onto the control panel for the webhost and started looking at the folders and files.  Lo and behold, there were some folders on the site that were totally foreign to me.  When I opened them up, they contained .php files which are executable code.  I do not write in .php. 

I knew I had a problem.  Now what to do about it? 

I called the online support for Hostexcellence and talked with a customer service rep.  He looked at the website files and said it looked like someone had gotten into the site.  He said that the website was built using Microsoft Frontpage and that hackers had found a vulnerability in Frontpage that allowed them to get the Frontpage FTP password to gain access to the site. 

I have been using Microsoft Frontpage as my website editor for years and thought nothing about it.  MS stopped supporting Frontpage a few years ago, but I continued to use it since it still generated the pages for me.  I did not dream that there was a security flaw in it that would allow someone to break into the site and ruin it for us and for our readers. 

The Hostexcellence rep said that the best thing to do would be to convert to a non-Frontpage editor since the hack probably came from the Frontpage (FP) extensions on the web server. 

As an explanation, one of the reasons I used FP was the fact that most web servers had FP extensions on them that made it much easier to create web pages.  The FP extensions on the web server created the web page on the fly as it was serving it up to the reader.  An example of this is the creation of the header, footer, and navigation bar by the extension on the server.  I did not have to have the header, footer, and nav bar on each page. 

I created a template in Frontpage and designated shared borders (top and bottom) and the navigation bar.  This template was loaded one time onto the website and each time a page was created, the FP extensions would create these common areas on the page.  This was handy since I did not have to repeat this HTML code on every page. 

Imagine how much work it would be to change the copyright date on the footer if I had to change it on every page once per year.  With the shared borders, I changed the copyright date once and it was changed on every page that was displayed. 

I went on Google and searched for “hack frontpage”.  There were several posts by hackers telling exactly how to do it. 

Well, so much of Frontpage.  Time to find a new way to build and upload web pages. 

I can read HTML code and understand what it is doing, but I do not have the time to write a page in pure HTML.  I needed to find another WYSIWYG (what you see is what you get) HTML editor. 

The most respected (and most expensive) editor is Dreamweaver.  I used to include Frontpage in this list, but not anymore.  Dreamweaver from Adobe costs approximately $300. 

I opted to find a free or less expensive editor. 

There is a whole list of free editors: 

Mozilla Composer - free

Arachnophilia - free 

Nuvu - free 

Kompozer - free 

Page Breeze - free 

Coffee Cup free trial - ($49) with a free trial. 

I downloaded Komposer and am using it.  It works fine.  I have had to find a way to create common areas of a page (header, footer, navbar) and automatically include them in each page, but there is a way to do it.  I will discuss this in the next article. 

Another consideration is the need for an FTP program to upload the new or modified page from your computer to the website.  I have a program called CuteFTP that I use for FTP work so I already had this problem solved.  There are several free FTP programs available.  The one I hear mentioned most often is FileZilla at http://filezilla-project.org

Some of the HTML editors have built in FTP software for your use so check for this feature when you are evaluating the various packages. 

I called the Hostexcellence support and asked the tech to reset the boomer-ezine.com website so it wiped out all the pages and reset the options so there were no Frontpage extensions.  I then built the home page, the table of contents, and a custom “404 page missing” page using Kompozer.  I created all the pages with the “look and feel” of the old Boomer eZine page with the header and footer. 

Let’s discuss custom error pages for a minute.  The most common error on a website is the 404 error which occurs when you input a URL that is a valid website, but the web page does not exist.  If you use the server default, you will get the standard server web page for the 404 error.  You can go into the control panel on Apache servers and specify a custom error page for any of the server errors and create your own page to handle the error. 

This is what I did since there are links all over the Internet pointing back at pages on Boomer eZine.  I want the viewer to understand that the link had been good until the hack occurred.  If you go to http://www.boomer-ezine.com/404Error.htm , you will see the custom error page. 

Now what to do? 

To rebuild the Boomer-eZine website, each page will have to be edited to convert it over from a Frontpage format to the new non-Frontpage format.  Over the years, we built a few hundred web pages so the task is monumental. 

Currently, we are evaluating the situation to see if it is worth it.  The quickest way to do this is to outsource it to someone who can work on it full time and finish it.  The question to answer is the cost worth the return. 

For now, we are not rushing to rebuild the Boomer eZine site.  We will see what the future brings.

 
Boomer Match Picture

 

Using the “#include” command 

In the process of trying to recreate the Boomer eZine web pages using a non-Frontpage editor, I needed a way to create a common header and footer.  I do not use a navigation bar on the site so that was not a concern. 

I had experimented with a feature available in Apache servers called “server side includes”.  These are abbreviated as “SSI”.  You can read a tutorial about these on the Apache website at

 http://httpd.apache.org/docs/1.3/howto/ssi.html

What I wanted to do was to create the HTML code for the header and footer in separate files and have the server include this code with each web page as the server loaded the page.  This can be accomplished using the “#include” SSI command. 

The command looks just like an HTML comment.

<!--#include virtual="footer.txt" -->

I built the HTML for the header and footer as stand alone web pages using Komposer.  I then cut the code out for header and created a text file with it and the same for the footer code.  This eliminated the HTML and BODY commands in the text file.
 
I then built the new Boomer-eZine home page (boomer-ezine.com/index.html) and inserted the include statements for the header and footer text files where I wanted the header and footer to appear.  I uploaded the header and footer text files and the home page to the website and viewed it with Firefox.  Disappointment!  The header and footer did not display.
 
More research showed that the server does not look for SSI items unless you use the extension .shtml.  This tells the server to parse the code and look for and execute server side code.  I changed the home page to boomer-ezine.com/index.shtml and the page displayed perfectly.
 
This created another problem.  Changing every page in Boomer eZine so the SSI would work would break every old link in the website since the old links were to .htm or .html extensions.  Also, there are numerous links on other sites pointing to Boomer eZine over which I have no control and there would all be broken.
 
I kept digging and found that you can make the server parse every page using a statement in the .htaccess file.  The .htaccess file is a file that you can put in each folder of your website that controls conditions in the folder.  If you place a .htaccess file at the root lever (top level) of your website, the conditions you place in it will control the entire website.
 
I created a .htaccess file for Boomer eZine with the statements:
 
AddHandler  server-parsed .htm
AddHandler  server-parsed .html
 
These tell the server to check every page it loads for this website with the extensions .htm or .html.  If the page contains SSI, execute the server side directives.  This allows me to not have to change the extensions of all the web pages in the website to .shtml and the links will continue to work.
 
I realize that this is getting more technical than the normal Boomer eZine article, but I feel this is a gem of wisdom that you should know if you want to automatically include headers and footers in your web pages.
 
Hostexcellence.com

I have used Hostexcellence.com for many years and I only have the highest praise of the support I received from the staff over the years.  The support I received during the time I was recovering from the hack was especially outstanding. 

In the process of checking the hack on Boomer eZine, I discovered that my other FP sites had been hacked.  These hacks were not as old or as severe.  I asked Hostexcellence for the backup dates they had on my account and luckily they had a backup just before the hacks occurred.  They reloaded those websites from the backups and I uploaded the changes I had made since then to bring the sites current. 

I was able to talk with real people who helped me.  I also used the trouble ticket system which worked very well.  I suspect that the support for it is in Russia from the names of the technicians, but there was always an immediate response 24/7. 

These other sites are still FP and are vulnerable to being hacked again until I change them to non-FP sites.  I will gradually do this, but it takes time and I am short of time right now. 

Conclusion 

It is a shame that someone hacks into and ruins a good website.  What is this person’s motivation?  For fun?  To get free webspace?  The challenge? 

This action ruined several years of honest work that must be recovered. 

Hopefully, we will find a way to economically recover the Boomer eZine site, but for now, this will be the last issue of Boomer eZine until further notice. 

Thanks so much for being a faithful reader over the years. 

John and Linda Howe 

www.boomer-ezine.com

www.the-best-gps.com

www.the-best-HDTV.com

www.the-best-web-host.com

www.best-retirement-calculators.com

www.boomer-marketplace.com

http://www.spend-til-the-end.com/

AddThis Feed Button


Administrative Details …………….

If you are changing email addresses in the future, put a note on your calendar to send us a blank email after you have changed your address.  Send the blank email to: boomerezine001@aweber.com.  We want you to remain a subscriber to our newsletter!

It is OK to go ahead and join our subscriber list with more than one email address.  You never know when an email will be blocked these days.  The SPAM filters are getting tighter and tighter and are blocking many legitimate emails.

If a friend sent you this newsletter, you need to send a blank email to:

boomerezine001@aweber.com

and we will send you your own copy on the next issue.


 

Boomer eZine Home

Table of Contents   

 

Copyright 2015 John Howe, Inc.

Please visit the other Boomer sites

www.frugal-senior.com www.retirement-jobs-online.com
www.best-retirement-calculators.com www.the-best-GPS.com