HTML, XHTML, and CSS

When stepping into the world of web hosting, you will be inundated with abbreviations, acronyms, and recursive acronyms. Three that you should definitely know are: HTML, XHTML, and CSS. HTML is as old as the Web itself. It stands for Hyper Text Markup Language. It is the primary language of the Web. All websites use at least some of it, and a web browser’s primary function is to read it. Web servers, such as Apache HTTP Server, are designed to primarily to publish HTML-based websites.

XHTML is the extended form of HTML that was officially recommended in 2000 to clean up some of the issues with HTML 4, while also preparing for HTML 5. It has gradually become the standard for websites, and web purists insist on it. In XHTML, the structure of the site is handled in the markup, while the style is handled by CSS.

CSS stands for Cascading Style Sheets, and is a language in itself that handles all of the style (colors, sizes, text weight, borders) of the elements on a web page. All modern web browsers support CSS, and it is very useful for sites with multiple pages, as you can quickly and easily apply new styles to multiple pages without having to edit each page individually. All three languages have standards established and maintained by the World Wide Web Consortium (W3C).

Photo: Flickr

How to Index and Find Files in Linux

Question: I have a virtual private server (or dedicated server) with lots of files from numerous websites. How can I keep my files indexed and search for them whenever I need them?

Answer: There are two tools that make searching for files in Linux easy: locate and slocate. The only difference between the two is that slocate provides some extra security. This is useful if you have people on your server without full root permissions who will be performing the searches. Any files above their user level will be hidden.

If you try typing “locate filename” where “filename” is the name of an actual file, you should receive a list of all files with that name in it. If you do not, that means that your server is not setup to index the files. For that, you need another program called “updatedb”. This updates the index database with all of your files. Depending on the size of your drive, this can become an intense activity, so it is best to do it at a low usage time.

You can also schedule updatedb to run periodically using a cron job. Many Linux distributions have this enabled by default. If you need it, leave it on. If not, you might consider turning it off to save CPU and memory usage.

Photo Source: SXC

Custom Error Documents With Apache

Question: I noticed other websites have flashy 404 Not Found pages instead of the standard boring Apache page. How do I create my own custom error documents?

Answer: Creating your own error documents is easier than you think. Just follow these simple steps.

1. Design your pages the way you normally would. Make one for each error you want to customize.

The most common are 404: File Not Found, 403: Forbidden, 500: Internal Server Error, 401: Authorization Requied, and 400: Bad Request. You can also take a look at a more extensive list of error codes.

2. Copy the error documents to a folder in a web accessible directory (i.e. public_html or something similar). For example, it could be /www/public_html/errordocs.

3. Create an .htaccess file in the main web accessible directory.

4. Enter your codes and their corresponding files in the .htaccess file:

ErrorDocument 400 /errordocs/400.htm
ErrorDocument 401 /errordocs/401.htm
ErrorDocument 403 /errordocs/403.htm
ErrorDocument 404 /errordocs/404.htm
ErrorDocument 500 /errordocs/500.htm

That is all it takes. Now any future errors will be redirected to your custom pages.

Photo: Flickr

Web Attacks May Be Linked

Mary Landesman, senior security researcher at ScanSafe believes that three major waves of SQL injection attacks may be linked, originating from the same attacker. Approximately 80,000 Chinese, 67,000 U.S., and 40,000 Indian websites are still infected by a botnet due to SQL injection attacks. At one point, millions of Chinese sites were compromised. Landesman says the attacks were the work of the same attacker because of similar domain name registration information and methods used.

“It’s the thread of the domain names being used,” Landesman says. Seven of these “mal-domains” — a term coined by Landesman to describe domain names used solely to build Internet infrastructure to spread malware or otherwise cause harm — were registered under the same name and address (which are clearly bogus, being not more than gibberish).

Most of the domains were registered to a major registrar, which is uncharacteristic of such attacks. Usually attackers choose lesser-known or less reputable registrars in order to slip through unnoticed. The problem is the system, Landesman says, which allows people to register domain names using completely false information with procedure for verifying identity.

Source: Network World
Photo: Flickr

Microsoft Working with PHP

Microsoft, which has long offered proprietary alternatives to open source web platforms and scripting languages, is now offering a toolkit that will make it easier for PHP developers to utilize it’s .NET data services. PHP, which stands for PHP Hyptertext Processor and is sponsored by the commercial organization, Zend Technologies. It is licensed under a free software license.

PHP is used by hundreds of thousands of websites running various web applications and content management systems. Microsoft’s ASP scripting language has often been considered a direct competitor. For Microsoft to now be extending a hand to PHP shows that the software giant now realizes they cannot stamp out open source technology, which continues to spread in business, with many web servers and websites adopting it.

Zend Technologies and Microsoft have also formed agreement to ensure that PHP will run on Windows, a concession Microsoft is undoubtedly willing to make because most PHP application developers prefer to develop for a Linux environment. This move by Microsoft comes just weeks after it announced plans to submit GPL code to the Linux kernel, something Microsoft once described as “a cancer”.

Source: Microsoft
Photo: Flickr

ICANN: New Policy Has Reduced Domain Tasting

In past years, if you made a mistake when registering a domain name, whether a spelling mistake or some other type of mishap, you had five days to return the domain and get a refund from your registrar. This is called the Add Grace Period. ICANN would refund the registrar the cost of the domain. Some professional domainers, however, abused the Add Grace Period.

The domainers would register a large chunk of domains, create ad websites, and then monitor them. The websites that generated more ad revenue than the cost of the domains were kept, and the ones that were not profitable were dropped, all within the 5-day period. The practice is called “domain tasting”. It is a nuisance to legitimate domain customers who want to register the domains because they are unavailable during the process.

In an effort to combat domain tasting, last year ICANN introduced new policies that included not refunding registrars the fee for registries and making it more expensive for registrars by charging them $6.75 or more. The new policies, they say, have virtually eliminated domain tasting. As for those who still make honest mistakes, ICANN makes exceptions.

Source: Computerworld

The Internet is big, really big

According to new Internet data, there are now more websites than people in the world — over 1 trillion. With such large numbers, there are 150 domains per person, and it would take 31,000 to read all of them, even if you spent only one minute on each and never slept. Still, just 1.46 billion out of 6 billion people in the world use the Internet, meaning it would take a long time even for all of them combined to see all websites.

China leads the list with 338 million users, with the US trailing at 227 million. Japan, India, and Brazil round out the top five. The UK is a bit lower with 48 million users, reflective of its smaller population. The interestingly neglected part of this data and most raw data like it, is that there is no analysis of the website content.

Of the 1 trillion websites out there, how many are made up of malware, spam harvestors, phishing, fraud, schemes, ad portals, parked domains, and cybersquatting? Furthermore, of the sites that are none of the above mentioned, how many are actually useful and worth visiting? While it may be the job of Google and Bing to index legitimate sites, it will be up to someone else to catalog and evaluate them. As the Internet continues to grow, so does the need for some time of organization.

Source: News.com.au
Photo: Flickr

40% of small businesses have no website

Part of what has pushed the domain industry to new levels is a drastic increase in the number of small businesses owning websites. With the majority of people in developed nations online, businesses have finally realized the value of the web.

There are still quite a few firms stuck in the stone age, however. According to a recent study, 40% of small businesses have no online presence. At the same time, 80% of the companies surveyed with websites said the Internet was vital to their success.

Over the next decade, most of these businesses will not doubt go online, a sure sign that the domain industry will continue to grow. As more and more companies fight over fewer and fewer premium names, domain values are likely to skyrocket even further. They will also need web hosting, ensuring the future growth of that sector as well.

Most web users ignore security certificate warnings

How many times have you searched for the perfect site about the new summer action movie and clicked on a link only to be presented with a warning about a certificate. Do you stop and read the warning? Do you investigate the certificate? Would you even know if the certificate could not be trusted? According to a new study, most web users ignore their browser security certificate warnings.

SSL certificates are supposed to provide users with a level of encryption they can trust for secure (HTTPS) sites. But when a window pops up telling a user the certificate is invalid or has a problem, what should the user do? Carnegie Mellon researchers conduct a study of 409 participants to determine just that. Of the 50 percent of Firefox 2 users who even knew they were being given a security warning, 71 percent said they would ignore it.

With Mozilla Firefox 3 makes it more difficult to ignore because users have to add an exception in order to allow access to the site, but the looming questions still remain. How do users know which sites to trust? Unless they are security experts, what safety protocols could they reasonably put in place? Website owners certainly bear the brunt of the responsibility to make sure their certificates are properly signed, and this is especially important for financial institutions. The complete findings of the study will be released August 14.

Source: ZDnet Asia
Photo: Flickr

City of Eagan charges man with website coercion

The city of Eagan, Minnesota in the United States has accused a man of trying to coerce a man who had an affair with his wife, using websites. The kicker of all of this, however, is that the websites in question could both be legitimate cybersquatting cases. The article about the incident did not mention cybersquatting or any case related to it, only that the city is buying the two domains from the man for $2,000.

The man, Emmett D. Salberg Jr., registered the domains cityofeagan.org and cityofeagan.com and then allegedly created a website with defamatory sexual statements and photos about a man who had an affair with his wife. Salberg then blackmailed the alleged adulterer, insisting that he pay $5,000 to have the site shut down. On Wednesday, the Dakota County District Court charged Salberg with attempted coercion and harassment.

It is very intriguing that the city apparently investigated the man’s defamation of his wife’s alleged lover but did not pursue the domains through any sort of legal channel. Instead they seem willing to pay Salberg, a man they are trying with a crime, $2,000 for domains that he obviously used in bad faith. Salberg’s attorney maintains his innocence. Meanwhile residents of Eagan believed that their city’s website had been “hijacked” by hackers.

Source: StarTribune.com
Photo: Flickr