Data Support – Tauranga

An update is available to websites made by Data Support, this is version 3.3.2. Data Support classifies the update as high priority because there are 3 security fixes, one of which is an important security fix that adresses an issue where it may be possible to perform an XSS attack, enabling a hacker to run malicious scripts on your website.

This update is of particular importance for any website that allows user uploaded content or allows visitor comments on the website.

If you are on Data Support’s Go! Website Design plan, this update will be automatically applied to your website at no additional cost over the next week. However, Data Support charges $50+GST to update from version 3.0.x to 3.3.1 on websites using the OpenWeb plan. If you’re not sure what plan you are on, contact us.

Contact Data Support now to get this update to your website.

Every so often updates become available to the website technology that Data Support’s websites are built on. Unfortunately the uptake on these updates is not big, possibly because people don’t see their websites as much of a target for hackers.

However, it is worth knowing that hackers are interested in hacking all websites, even if it’s not a website that takes credit cards. It’s also worth knowing that lots of hacking techniques can be automated and therefore computers connected to the internet can automatically (and randomly) find websites to hack without any additional effort from the hacker. This means that all websites are targetted by hackers.

In fact, this weekend saw Tauranga’s Liquor 4 Less website being hacked (They’ve fixed most of this now, but if you’re quick and click on the forum button, you’ll see you are taken to a Russian website (I wouldn’t advise doing this without a good antivirus product installed).

Because of this, it’s a good idea to make sure your website is up to date. If you haven’t had a security update done to your website in the last 6 months, please contact Data Support to have one done.

If you are interested in hacking, here is an article outlining how easy hacking can be (With a nice demonstration). Scary stuff!

I sell a lot of websites to companies who:

1. Want to have a web presence for their customers to see them and make the company look more professional.
2. Want to get customers through the internet.

Those are both very valid reasons for having a website, but I don’t sell much SEO service. I think the reason for this is that people don’t really understand what SEO is and don’t see the need for it. In this article I want to explain (simply) what SEO is, why you need it and support this with a recent case study.

What Is SEO?

SEO stands for Search Engine Optimization. It’s basically making changes to the website (A big part of which is re-writing the website content) so it gets found in Google (or other search engines). You need SEO if you want people to find your website when they are searching for specific words. For example, try searching for “IT support Tauranga” in Google. This is what people might search for if they want “IT support” and don’t already know a business name. Look at the results, how many IT companies do you see? Excluding the paid listings, I see 6 on the first page and 5 on the second page. Why are some websites further down the list? Why do I find it hard to see anything other than just a few IT companies in Tauranga when there are many more than this? The answer is because other IT company’s websites aren’t Search Engine Optimized. This is very important because the top 3 listings in Google get 80% of the traffic in any search and you need to be found in Google to get business through your website.

Do I Need SEO?

Now you know what SEO is, you’re probably thinking “I write keywords relevant to my business on the website, I’ll get found in Google”. Well, yes, no, maybe… Why not try it out? Log out of your Google account if you have one (because this will alter the search results you see) and try searching, see if you come out on top. If you do, that’s great. But perhaps you can still get more traffic from other keywords? If you don’t, then you definately need an SEO service if you want to attract customers from your website. Take a look a this graph taken from a Google report.

The website that this graph relates to is a personal blog showing the amount of traffic to that blog before and after I did some SEO work (Click on the image to make it bigger). As you can see, without any SEO work, the website had hardly any visitors because it wasn’t showing up in Google. Clearly without SEO services, it’s very hard to get your website found in Google.

If you would like more information or to chat about SEO, please contact us.

An update is available to websites made by Data Support, this is version 3.3.1. Data Support classifies the update as high priority because there are 15 fixes, including one security fix. The security fix addresses concerns that it may be possible to perform an XSS attack, enabling a hacker to run malicious scripts on your website.

If you are on Data Support’s Go! Website Design plan, this update will be automatically applied to your website at no additional cost over the next week. However, Data Support charges $50+GST to update from version 3.0.x to 3.3.1 on websites using the OpenWeb plan. If you’re not sure what plan you are on, contact us.

Contact Data Support now to get this update to your website.

Here’s a great tip for anyone with a website. If you want to know how to get text to popup when you hover your mouse over some text. This can be done using the acronym tag and is useful if you have a lot of information to fit into a sentence and need a way to break it down into more readable chunks. For example:

Today I designed a new website, incorporating the acronym tag.

Oddly enough, the acronym tag can also be useful when typing acronyms on your website, for example:

Before learning how to make text popups, we need to know what HTML tags are (don’t worry, I’ll KIS).

What Are HTML Tags?

HTML tags are not like WordPress tags. HTML tags are a little bit of code that tells someone’s internet browser how to display something on a website. For example, an HTML tag can be used to change the colour of some text, or make some text bold. In the case of the acronym tag, it tells the internet browser to underline the text to let people know that they can hover over text to display a popup.

How To Use The Acronym Tag

Using the acronym tag is fairly easy and very effective, simply click on the HTML tab of the editor in WordPress (it’s at the top right of the window you type into in the Page / Post editor). Then on either side of the text you want people to see on your website, put the following:

<acronym title="This is the text that will pop up">text you want people to see on your website</acronym>

Then click on the Visual tab (next to the HTML tab) to go back to WordPress’s WYSIWYG editor, and that’s it. Done.

It’s been a while now, but an update is available to websites made by Data Support, this is version 3.3. Data Support classifies the update as low because, although there are a few bug fixes and minor performance improvements, there are no security fixes.

Website update 3.3 has some nice changes to the back end including:

• Tool tips / help
• Easier uploading of media (With update 3.3, your website will detect what type of media you are uploading so you can upload with just one click. Update 3.3 also supports drag and drop uploading of multiple files at once)
• A new Dashboard design with a Toolbar that can be used to get a quick overview of your website

To summarise, there are a lot of ease of use / aesthetic improvements to the back end, with some minor performance improvements to make your website load faster and some bug fixes.

For more information visit WordPress.

If you are on Data Support’s Go! Website Design plan, this update will be automatically applied to your website at no additional cost over the next week. However, Data Support charges $50+GST to update from version 3.0.x to 3.3 on websites using the OpenWeb plan. If you’re not sure what plan you are on, contact us.

Contact Data Support now to get this update to your website.

Gom Player is by far the best media player I’ve ever used. Why? because it does the basics well and the advanced stuff simply. Sure it doesn’t have as many advanced features as VLC player, but lets face it: How often do you want to sit and tweak your voice speed by +/-100 milliseconds prior to watching a video and at every 10 minute interval throughout the video? GOM Player is the best media player because of the way it handles the most frustrating thing about watching video on your computer: Finding the right CODEC!

If a video you are trying to play needs a CODEC that isn’t installed on your computer, it connects to the internet, works out which one you need and gives you a link to download it! Brilliant and simple – That’s why I think GOM Player is the best media player around to date

As iPads have been gaining popularity, a number of people have asked me if its possible to use an iPad or iPod without installing iTunes. The answer is yes, however you still need to install some software to upload your music and videos to your iPad/iPod. One alternative to iTunes is Media Monkey. Media Monkey is a free media organiser and player. It’s not the best media player, but it is a good media organiser. It lets you connect your iPad, iPhone and iPod to the computer and is therefore a great alternative to iTunes, which Apple try to force onto you.

Since the new file sharing law’s have been introduced people have changed the way they download music and films, using alternatives to peer-2-peer file sharing. Amoung these methods of downloading videos, is downloading films from YouTube using a software package called YouTube Downloader (Hosted by Altervista). However, it’s worth noting that this software is not trustworthy and has an alternate motive, less honourable than ensuring that the internet remains a place for freely sharing other people’s interlectual property

YouTube Downloader aims to change your default internet browser to Yahoo. Now, Yahoo isn’t a bad search engine, but we all know that Google is the best search engine and we only use Yahoo if we don’t get what we want from Google. We also all know that we never use Bing. Also, we don’t like software altering our computer settings without our permission. Be warned, YouTube Downloader is a sort of malware.

How To Stop YouTube Downloader Changing Your Default Search Engine

Let’s say that you’ve installed YouTube Downloader, it’s changed your internet browsers default search engine to Yahoo and every time you change it back, YouTube Downloader just changes it back again even if it isn’t running. You can stop this in two ways:

1. Click start, run, type msconfig and hit enter. Click on the startup tab and untick SearchSettings.exe.
2. The second way is more thorough because it removes the nasty files, but a little more complicated. Click start, run, type regedit and hit enter. Navigate to My computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Here you will find a list of processes that start when you log into your computer. Find SearchSettings and make note of the file it points to before delete the registry value “SearchSettings” and then deleting the file it pointed to. If you have trouble deleting this file you may need to kill the SearchSettings.exe process with from the Task Manager first.

*Data Support does not support illegally downloading videos from YouTube or any other source. Data Support’s intention is not to teach people how to avoid getting caught downloading films, but to protect them from malware if they choose to do so of their own free will.

Here’s a nice article about hacking with a real world example that you can do yourself.

There are lots of different ways to hack a website, the most common being “SQL injections” and “XSS“. Today we’re going to look at XSS.

What is XSS?

XSS stands for Cross Site Scripting. It basically involves exploiting a vulnerability in a part of the website that lets a hacker run scripts on the victims website. It’s called Cross Site Scripting because the hacker usually uploads a script to the victims website that redirects website visitors to the hackers website where they run more scripts (that do damage) and redirect the visitor back to the victims website. As far as the visitor is concerned, everything is happening on the victims website and they don’t even know that the website has been compromised.

How To Do an XSS Hack

So now you know what an XSS hack is, here’s how to do one.

First we look for a website that allows visitors to upload their own content. This could be via a file upload, a comments section or even a Twitter feed where people can leave a twitter message and it gets listed on the victims website. As an example, lets take the comments section of say…. any piece of art listed on The Auckland Art Gallery Toi O Tamaki.

So now we have a place that allows us to upload content to their website, lets upload a script. This could be any script. Ordinarily, a hacker would upload a script that secretly pulls data from the hackers website, redirects the user or does some other malicious activity like downloads a virus or something. We’re not going to do that because its illegal and we don’t want to; we just want to run a script to prove the vulnerability.

Our script won’t do anything illegal, it will just show a popup window that says “Here is a vulnerability”. So lets look at the code for a popup window:

<script>alert(‘Here is a vulnerability’);</script>

If you copy and paste the above code exactly as it is above (You’ll need to change the quote marks so they are single quote rather than curly single quotes), into the comment window, enter a name, made up email address and city into the fields required to post a comment, hit the submit comment button, then you’re done. You’ve just learned how to hack a website using XXS!

Now go back to the overview of the artwork and click on “comments” to see if the hack you just did worked. You should see a blank comment and a popup window (which is the script you just ran on the website.

You’ll notice that they also have a twitter feed. I haven’t tried it because its on every page of the website and I don’t want to ruin their website, but I suspect that they have the same XSS vulnerability in their twitter feed too.

So Auckland Art Gallery has a pretty poor website – Don’t worry I’ll notify them as soon as they actually pick up the phone when I ring them! I’ve already tried emailing them, but the email part of their website doesn’t work…

Is My Website Safe From XSS Hacks?

If your website was made my Data Support, you haven’t made changes to any plugins or code yourself (excluding content changes) and you get your website updated when updates come out (I always notify of these), then your website should be pretty safe.

Having said that, new hacks are being discovered all the time and it’s very much worthwhile to have a security audit done every now and then. If you are concerned about the security of your website or computer environment, please contact Data Support for advice.