Blogs have the power to deliver rich and relevant content to readers on a consistently updated basis. It also invites feedback and discussion from the online community. Such features are greatly valued by search engines. With careful planning and execution, blogs can increase a website’s popularity, leading to increased traffic volume and higher search engine rankings.

Whether your blog is business or personal, you should ensure that you are optimising your blog for both your readers and search engines. Unfortunately, optimisation is an important step that far too many blogs seem to be skipping over, even those that have a broad appeal to surfers and have the potential to be popular.

Optimising a blog is like optimising any other website in general. The content and pages must be search engine friendly, and it needs links from other websites. However, optimising a blog is a bit different than your standard website search engine optimization (SEO), particularly because most blogs run off standard blog platforms, or as a hosted blog on someone else’s domain name. And there are design issues that can be unique to blogs which can impact your rankings. When optimising your blog, contentwriting.com.au makes it easy for users to return and engage in your blog without dealing with any of the hassles that can cause them to abandon other sites or blog entries. Why? Repeat visitors are very important to your blog and its popularity. Also we make sure that your blog’s content get indexed by search engines.

As it has been witnessed that there has been a revolutionary change in the style of people exchanging goods and services, everything is going online. Each and every business, be it— small, large or big shot corporates wants a web presence.

And where people do not have even a single minute to spare, they prefer shopping online. And with this need, came the concept of e-commerce shopping cart. In this regard, an open source software is your choice to develop your ecommerce website. Besides, e-mails, newsletters, blogs, RSS feeds also use open source software applications. With the rapid growth of e-commerce, open source software have made their stand in the web designing and development industry.

Demands and needs change with every hour, and people don’t take the pain of physically visiting shops when everything in this world is one click away. It not only saves time, but money as well. Such growing demand for such online shops makes it very important for the programmers and the developers to take the minimum time for version release and such open sources broaden the scope by providing free code.

Open source software are hundred in numbers but Magento, Joomla!, Drupal, X Cart, Zen cart, etc. have proved to develop the most effective and dynamic shopping carts. Such open source web design and development are popular because they are free, dynamic that is, open for changes, codes can also be changed and for many more such dynamic uses.

Some multiform open source growth collection includes What You See Is What You Get (WYSIWYG ) is an editor used helps users to make changes in no time. LAMP (Linux-os; Apache-web server; MySQL-database server; PHP-programming language) is a one stop technology used with PHP. RIAs are used for web growth in building desktop as well as web applications. In other words, the scope of web growth lies in the hands of such technologies.

Therefore, it can be said that such open source software have given ecommerce web development a rising platform where it has become essential for the prospective growth of an economy.

If you are a website owner or developer, you are probably aware of the threat of hackers. There are many ways to protect your database-driven ASP or PHP website from hacker attacks, ranging from weak to strong security measures. Here you will learn about the most common and effective ways to slow down hackers who use methods like SQL injection attacks and XSS (cross-site scripting) via the URL querystring and form inputs. Two general types of hacker blocking techniques are discussed, including custom error pages and input validation. These methods are simple enough that you can do it yourself with only basic coding knowledge. Your best strategy would be to put up a combination of as many little obstacles as possible.

Instructions

Things You’ll Need:

Basic HTML coding skills

Basic programming skills, such as ASP

Basic database skills, such as SQL

Access to website host, files and FTP

1.Step 1
SQL database-driven websites are at risk.
Any web page which passes parameters to a database can be vulnerable to attacks. This includes e-commerce shopping carts or any other website that has a form for login, search, etc. Any SQL database-driven website is at risk of hackers who may be able to enter into the database through a back door. Usually these back doors are present in URL querystrings and form inputs, such as Login forms, Search forms, or other user input textboxes that can communicate with a database.

2.Step 2
An overview of hacking.
Generally, a hacker can enter bogus characters into the URL querystring or a textbox. The bogus input is then interpreted as SQL rather than ordinary user data and is executed by the unsuspecting database. As a result, the website may break and display an error, allowing the hacker to glean private information about the database. Even worse, the hacker’s hazardous scripts may actually be executed on the database, causing security breaches and/or permanent damage.

3.Step 3
How hackers do it.
The first goal of a hacker is to repeatedly try to break a website, causing it to display a variety of valuable errors that give away private database details. In this way, he can gain insight into the structure of the database and ultimately create a map or footprint of all its tables and columns. The second goal of the hacker is to actually manipulate the database by executing scripts in malicious ways. With control over the database, the hacker may possibly steal credit card numbers, erase data or infect it with viruses, among other nasty things. In essence, the URL querystring and textbox are the two backdoors into a database. Getting errors and manipulating the backdoors are the two methods used by hackers to ultimately destroy a database.

4.Step 4
Hack your own website.
Let’s look at how a hacker might go about breaking into a website. Using the first technique described, he can hack the URL querystring and cause an error to be displayed. You can do a simple test to hack into your own website via the URL querystring. All you have to do is type something else directly into the address bar at the end of your querystring.

Type your URL like the following example and press enter:
http://www.mywebsite.com/bookreports.asp?reportID=21

Now simply add a single quote to the end the querystring and press enter:
http://www.mywebsite.com/bookreports.asp?reportID=21′

5.Step 5
Generate an error.
As predicted, you may have successfully broken your website and received an error as follows.

Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ‘ AND users.userID=reports.reportsID’.
/bookreports.asp, line 20

The single quote causes an unclosed quotation mark error and now the once-secret table names and column names of your database are publicly visible. After generating a series of these kinds of valuable errors, a hacker can piece together private database details which will ultimately help him break into and wreak havoc on the database.

6.Step 6
Hide website errors.
The top most effective solution for keeping the private details of your database from getting into the hands of a hacker is to setup a custom error page for your website. This way, a hacker will never see any detailed error messages. If you do nothing else, this is the number one thing that every website must have. Otherwise, you are giving the hacker an open invitation into your database and practically offering him all the information he needs to launch an attack.

7.Step 7
Setup custom error pages.
Some hosting services automatically use custom error pages to help protect your security. To setup your own custom error page, you will need to consult your web host for instructions. Generally, you will create a new HTML page to look the way you please and that says something short and sweet, like ‘Sorry, the page you have requested is unavailable.’ Then save it as error404.htm and upload it to your server. Following the instructions from your host, you will change the website settings to point to the new error page. This will stop many hackers right in their tracks.

8.Step 8
Manipulate the URL querystring.
Besides fishing for errors, a hacker can enter even more dangerous code than a simple single quote into the URL querystring. In an effort to execute malicious scripts on a database, a variety of creative coding is employed, such as %20HAVING%201=1 or maybe %20;shutdown with no wait– or much worse. Once the hacker is able to execute scripts, the vulnerable database is like putty in their hands. The hacker never has to know the database login or connection string because he is using the URL querystring which already has an open connection.

Warning: Test this on your own website only if you really want to erase a table in your database. Simply, enter the following text after the end of your URL querystring and press enter. Be sure to use the real name of one of your tables (preferably a test table!) in place of myTablename.

http://www.mywebsite.com/bookreports.asp?reportID=21′; drop table myTablename–

Your table is permanently deleted.

9.Step 9
Manipulate the form input.
The other most common point of entry besides the URL querystring is the form input. A hacker may manipulate any textbox within an HTML form. A search box or a login form with username and password fields are all prime targets. The hacker can enter bogus characters into the textbox and submit the form. The input is then interpreted as SQL rather than ordinary user data and executed by the database. Again, this attack will either cause an error so he can glean private information about your database, or it may actually insert hazardous scripts and wreak havoc on the database.

Warning: Test this on your own website only if you really want to erase a table in your database. Simply, enter the following text into your textbox (say, a search box or username box) and then submit the form. Be sure to use the real name of one of your tables (preferably a test table!) in place of myTablename.

fred’; drop table myTablename–

Your table is permanently deleted.

10.Step 10
Block input containing malicious code.
By now, you probably have a good idea of how much damage a hacker can do and you are ready and willing to do whatever it takes to stop them. The number one way to block a hacker from manipulating the URL querstrying and textboxes is to block their input. But, how do you determine who they are, what they will input and whether or not it is safe? Unfortunately, you cannot know. So, you must assume that all user input could be potentially dangerous. A common saying in the programming world is that ALL INPUT IS EVIL. Thus, it must be treated with caution. Everything from everybody should be checked every time to ensure dangerous code does not slip in. This is accomplished by checking all input that is submitted via a querystring or form and then rejecting or removing unsafe characters before it ever reaches the database. If this sounds like a lot of trouble, you are right. But, it is the price we pay to protect our websites and databases from the wrath of hackers. It is your responsibility as the webmaster to ensure that only clean, safe input is allowed to enter your database.

11.Step 11
Input validation.
To check if the input entered into the URL querystring or textbox is safe, we can use input validation rules. In other words, using ASP code on a web page can validate the input collected from the querystring or form to make sure it contains only safe characters. Once the input is deemed safe, it can be stored in a new variable, inserted into the SQL string and sent to the database. For more details about validation, see my companion article in the resources section or at http://www.ehow.com/how_4434953_block-hackers-asp-validation.html .

12.Step 12
The wash and rinse cycle.
Input validation should be a two-part process, like a wash and rinse cycle. We want to thoroughly clean all input by first checking for safe characters and second by checking for bad strings. See the resources at the end of this article for a more in depth discussion on this method. The code for the good character function and the bad string function can be found in my companion article in the resources section or at http://www.ehow.com/how_4434953_block-hackers-asp-validation.html .

13.Step 13
Filter characters.
Another method that can be used in conjunction with the above two functions, but is considered to be very weak when used alone, is to sanitize the input by filtering or escaping.

A well-known threat is the single quote or apostrophe because it breaks the SQL statement. Following is an ASP example that renders the single quote harmless, by replacing it with two single quotes.

‘doubleup single quotes
newSafeString = replace(searchInput, “‘”, “””)

Other variations for the replace function include stripping out the script tag and replacing it with a space. Or, filter out characters such as the dollar sign $ quotation mark ” semi-colon ; and apostrophe ‘ the left and right angle brackets <> the left and right parentheses ( ) the pound sign # and the ampersand &. Or convert these characters to their HTML entities.

Remember to use a solution that best fits your website or consult a professional.

14.Step 14
Finally, there are a few other security measures that you can research and explore on your own. Remember a hacker can easily save a copy of your webpage, then modify the HTML and javascript, then re-upload the page. Therefore, it is best to never use javascript alone for input validation since it can easily be removed, and instead duplicate any javacript validation with ASP validation. Also, hidden input fields are a threat in the same way since they can easily be altered to include bogus code. Other tips include: Never give away any clues about your database, including making your input field names the same as the database field names. Always set a max length for inputs and truncate the excess.

15.Step 15
If you would like to pursue more advanced security techniques, please see the resources at the end of this article. Topics discussed include, password policies, buffer overrun, creative table and column names, table name aliases, set and check data types, .bak files, stored procedures with parameters, and log files.

SHRIH DESIGNS provides you with affordable website design and web development services in a professional manner backed up with a top priority customer service. Every aspect of your website design and development – design, content creation and streamlining, programming to complete development, web site hosting is done a professional manner along with affordable web site design rates. Shrih.net also caters to your online brand building process by providing wide range of search engine optimization & Internet marketing services. A professional website design and development organization does not limit its service in building up your website but also extends its services to proper marketing of your web presence to the potential online clientele.

Shrih Designs launches its Blog, through which it will provide Tutorials, Web designing informative Articles, learning videos for Web designers.

iPhone 4 has some new competition: Motorola and Verizon announced their next Android phone, the Droid X. How does it compare to the iPhone 4?