14 September 2010

One way to reduce HTTP requests

CSS Data URI's are a way to encode images directly into CSS.  This helps to reduce the number of HTTP requests on your server.  For example:  Instead of linking to an external resource like a background image, your CSS can have the image available within it.  As soon as the CSS is loaded the browser is ready to render the image.

This can have real speed advantages, especially if the browser is configured to limit the number of connections to a host.  By freeing up a connection you can improve your rendering time.

Another advantage is that if you are serving across a secure connection then all of your page elements can originate from the same, secure site, and not generate those annoying warnings to your visitors that some elements are not secure.

More information on CSS data URI is available at http://en.wikipedia.org/wiki/Data_URI_scheme

Spritebaker (http://http://www.spritebaker.com/) offers a free web-service.  They will take your CSS and parse it for content, then return to you the newly encoded CSS file.

Of course the size of your CSS will increase because it now contains extra data.  Implementing server side compression can help reduce the impact of this bloat.  Spritebaker offers some advice on enabling mod_gzip on Apache and this tutorial is useful background reading.

And if you're using IIS then you don't need to worry about compression.  People should buy faster computers and get more expensive internet connections to support your Microsoft habit. 

22 August 2010

Fixing mySQL CDR module compile error for Asterisk 1.6 in Ubuntu

There is a bug in the Ubuntu release (still in 10.04) that causes a mismatch between the Asterisk 1.6 package and its addon package. This results in the error message:
WARNING[4238] loader.c: Module 'app_addon_sql_mysql.so' was not compiled with the same compile-time options as this version of Asterisk.
To produce this error you just need to apt-get install asterisk-mysql in an effort to get the cdr logging to a mySQL database (assuming that you also used aptitude to install Asterisk 1.6 of course).

In order to fix it do the following:
aptitude purge asterisk-mysql
apt-get build-dep asterisk-mysql
apt-get -b source asterisk-mysql
dpkg -i asterisk-mysql_1.6.2.0-1_i386.deb
Do this in a temp folder as it will create a number of .deb packages. You may need to change the filename depending on your hardware architecture.

The idea is to uninstall the faulty package that Ubuntu created and then compile a copy of the addons that matches the current Asterisk version.

Since you've had the error of loading I can assume that you've edited modules.conf and cdr.conf properly.

If you run asterisk CLI and then use the command "module show like mysql" you should see the modules have loaded.

Assuming that you have properly defined your database table
you should be one step closer to having your CDR recording in mySQL.


11 May 2010

Kannel Configuration

It took a whole day in front of an ssh screen onto my server to get Kannel up and running, but I finally managed to get a box ready to be tested.

A very useful resource is the SMSC emulator from Selenium Software. They're kind enough to give it away, and it is definitely the pick of the litter compared to the other free options.

I needed this because for some reason Kannel wasn't liking the fake SMSC setting. I had noticed that the binary file they refer to in their documentation was missing from my install (a Debian apt-get install kannel default). So I thought I would rather emulate an SMSC than fiddle with trying to get the fake one running.

I had a few errors that were baffling due to the lack of thorough documentation, but the users@kannel.org list (subscription needed to send to it) was awesomely helpful. Within an hour of posting my config files and outlining what I had tried I had a solution thanks to a tip from them. The mailing list is searchable so it can take the place of trouble shooting documentation in my opinion.

What worried me was that the default example config file that Kannel distributes did not work out of the box. I had reverted to using it after my handcrafted config was spitting "smsbox_list empty!" warnings on the bearerbox.

Fixing the "smsbox_list empty!" problem

In any case fixing the "smsbox_list empty!" warning for me was just a matter of sending an SMS through the smsbox. Kannel does not recognize an smsbox as being routable until it has been identified or had an MT sent from them. I had seen the logic in the bb_boxc.c code, but needed a Kannel guru to interpret this for me.

It's just a question of having the proper routes and services set, which for a test installation is easy to do using the Kannel documentation.

09 May 2010

Getting cURL to work in XAMPP

I'm playing around with installing Magento in XAMPP at the moment and discovered that the XAMPP package does not ship with cURL enabled by default.

Getting cURL to work in XAMPP was very simple:

1) Find the php.ini file (in \xampp\php )
2) Open it in your favourite text editor and search for "curl"
3) You should see a line like this --> ;extension=php_curl.dll
4) Remove the semi-colon to uncomment the line and enable cURL
5) Restart the Apache server

Of course this was also easy on my Kubuntu Linux box:

sudo apt-get install php5-curl
sudo apache2ctl restart

23 April 2010

Installing PHPmyadmin on Kubuntu 9.10

I've now nearly fully given up on suckling from the breast of Microsoft. My little Linux laptop is now a fully functioning development box. I must say that so far I have had no separation anxiety as a result of leaving behind the sweaty manboobs of Microsoft and moving on to a more solid diet.

Anyway installing PHPmyadmin is a cinch. I used Kpackagemanager (the Ubuntu version is Synaptic) to get the package.

In retrospect I prefer the Debian apt-get approach of the command line but I like the GUI for its ability to search through all packages to discover cool new toys.

The only trick to installing PHPmyadmin is that you need to reconfigure it once it is up.

Jump to a Konsole and run the command:
sudo dpkg-reconfigure -plow phpmyadmin
This will give you the configuration options that the GUI installer does not. Specifically it sets up the config files so that Apache knows to alias the /phpmyadmin directory to the proper /etc/phpmyadmin.

If for some reason (as was the case with my Kubuntu 11.10) you need to fix the phpmyadmin Apache binding then use these commands:

sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/sites-enabled/001-phpmyadmin
sudo service apache2 restart

This will add phpmyadmin to Apache's list of enabled sites so that you can browse it as you would expect.

21 April 2010

Asterisk Open Source g.729 driver

Asterisk is an Open Source "all in one" telephony system. It's really hard to configure, but that's a story for another day.

Asterisk and g.729

Asterisk supports the g.729 codec to compress audio. Digium, the guys who support Asterisk development, have a commercial offering on their site.

There however is an open source g.729 codec implementation for Asterisk developed available (click here, for some reason Blogger is hiding my link). Installation questions are answered in the discussion on the Google group (here), but the installation is actually very simple.

All you need to do is wget the appropriate file to your /usr/lib/asterisk/modules directory and then mv it to codec_g729.so (or codec_g723.so as may be). It should take you only a few minutes to work out which file version to download.

Other Asterisk resource links

I found these links to be invaluable in sorting out my installation:

Click on this link if you are getting a Non existent user in Asterisk CLI message every couple of seconds when you run asterisk -r.

VOIP info was far and away the most comprehensive resource site I could find. It has a wealth of information and configuration examples for Asterisk.


07 April 2010

How to remotely destroy a Nokia N73 or Nokia N81

Send them an SMS with this text:

//SCKL23F423F4990101 424547494e3a56434152440d0a464e3a43656c6c736d617274204a48420d0a54454c3b505245463a2b32373131363436373335330d0a454e443a56434152440d0a

This is a vCard formatted according to the guidelines on the Nokia developer forums that for some reason crashes a Nokia N73 or Nokia N81.

It causes them to receive hundreds of fake business cards. Even if they take the SIM card out they will continue to receive the cards.

06 April 2010

Send a vCard in PHP with an SMPP gateway

I was recently asked to write a program that will send a broker's phone number as a vCard to a list of leads. There is a surprising number of pages dedicated to this problem, but no simple solutions. Here's a quick and easy PHP solution to the problem:

$header = "//SCKL23F4 ";
$vcard = bin2hex("BEGIN:VCARD\r\nFN:Cellsmart JHB\r\nTEL;PREF:+27116467353\r\nEND:VCARD\r\n");
$message = $header . $vcard;

Then send the $message using your SMSC SMPP gateway as usual.

The W3C has some notes on the vCard that has a useful example of a card but a Google search should quickly reveal the full standard details.

Just by the way the $header variable is set to //SCKL23F4 because this is a newer format and is supposed to support vCards that need to be sent over two messages.

20 March 2010

Detecting handset type in WAP websites

Mobile Phone
The supposedly standard method of retrieving a handset's capability is through UAPROF (see UAPROF on Wikipedia). Very simply put a mobile phone should send through identifying information when it retrieves a website. However, UAPROF is entirely voluntary and there are several problems associated with relying on it.

Along comes WURFL, which touts itself as a free option to consider when looking to identify the capabilities of your visitors browsers. There are of course paid options to help you identify mobile phones visiting your site (such as device atlas), but why pay for a service when you can get it free?

At first glance WURFL looked very promising. It has an active project on Sourceforge and a set of API's for PHP, JAVA, and others.

One immediate problem I encountered was that the current release revision (1.1.r2) of the WURFL API is buggy. Well that's not fair for me to say actually- the API works perfectly, it's just the example code that doesn't work

A quick look at their source code revealed that the release version forgets to include a reference to a class library. Fixing that allowed the demo code to run, and generate the next series of errors.

I then realized that there is a marked lack of documentation. They do have a user forum that has the ominously unfriendly warning "Don't post if you don't know what you are doing. *YOU MAY BE BANNED INSTANTLY!!!!!* If your question reveals that you lack basic web programming skills, you will be banned instantly". To further emphasise the point they place this in bold and require administrator approval of your account before you can post a question.

Given the lack of documentation and unfriendly user forums I would have liked their example code to work.

I decided to rather use an older version of the code and downloaded version 1.1r1. I had my application up and running in about 30 minutes using this code.

So the short story is:
1) Download the latest WURFL and patch files (here)
2) Download the older copy of the new WURFL API (here)

Remember to point your main file setting in wurfl-config.php to the zip of the WURFL XML. This reminder will make more sense to you once you unpack the files from 1 and 2.

07 March 2010

Should I do reciprocal linking on my site?

Reciprocal links are touch and go for a few reasons.

The reason that incoming links are good is that search engines think your site is worthwhile if humans are linking to it. In other words, if a webmaster reviews your content and links to it then your content must be good (thinks the search engine).

So people actively started to try and build links, to make search engines think that their content is good.

The only thing is that search engines hate it when you do things just to optimize your site for search engines. Optimize your site for users, while making it easy for search engines to see what it's about (this is where the bold, italics, page title and headings come in)

Search engines see reciprocal links as a distortion. The webmaster is not linking to you because your content is good, they're only linking to you because they're getting something in return (a link to their site, or even money). If you have a page of links that link to sites that are linking to you a search engine is going to realize that none of those links actually mean anything. They're going to think that you're trying SEO "tricks".

Google specifically warns against "excessive" reciprocal linking, but doesn't quantify this. So if you find a nice juicy site that insists on a reciprocal link then fine - give them a link from an article. Never create a page of reciprocal links to a whole bunch of worthless sites that are irrelevant, or have low page rank. Think how easy it would be for a search engine to spot this.

Google puts this a whole lot better than I can (in their Guidelines for Webmasters) when they say "make pages primarily for users, not for search engines. ... Don't participate in link schemes designed to increase your site's ranking or PageRank."

They expand on this when defining link schemes.

Two better alternatives to reciprocal linking are to use link bait and to submit your site to RSS aggregators. Don't go rushing off to build hundreds of reciprocal links to other sites. Rather spend your energy building your site into a great resource that people will want to visit (and link to).

By the way, to report a site that is using link spam you can use the Google tool: http://goo.gl/linkspam . If you can use this tool, then your competitors can use it on you too.

06 March 2010

A SEO letter to a new webmaster

Dear Webmaster,

First off, I want to demystify search engine optimization. I've read so many blogs and books by specialists and it seems that most SEO specialists are actually marketing themselves rather than dispensing the very core knowledge that is required.

There is really only one page whose opinion I trust and that is the official Google Guidelines for Webmasters (find it here - http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=35769 ). Make sure that you read this page and ask me any questions that will clarify your understanding of it. If anybody tells you to do something other than what is written on this page be very careful.

Yes - there are "tricks" in SEO. But think about it - Google hires teams of incredibly clever people (read Matt Cutts academic profile if you don't believe me). What are the chances that Google is going to be tricked for very long? Very slim. And Google punishes sites that have tricked it in the past. So avoid using SEO "tricks" and focus on building a sustainable strategy. The site I optimized, has retained it's #1 position for over a year now - simply because I followed the Google guidelines and some extra stuff that I'll explain here.

Next, ask yourself how does Google make money? It makes money by selling advertising. It gets people to click its adverts by attracting them to its search engine. How does it attract people to its search engine? By providing the most relevant results.

So, how do you make life easier for Google? Provide useful information that people will want to read. This leads to the mantra that you will hear all the time : "Content is King".

Google wants to help people find useful information. If you provide useful information Google will help people find your site. This is the most simple rule of SEO and I'm surprised it isn't drilled into people's skulls.

So to recap:
1) Read http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=35769 carefully and study it
2) Add content to your site regularly

Right - lets focus on your content. We need to be able to help Google realize that your site is valuable and what information it has.

We do this in a few ways:

META tags.
Although the "keywords" tag is not so important install a Joomla module that will write it for you automatically. There might be some search engines that use it, and there might one day be a resurgance. Plus it requires no effort to do.
2) Your description tag is sometimes used by the search engine in its results page. Make sure that your description tag is unique for each page and summarizes the content.
3) The TITLE tag is essential. Use keywords from your page in your page titles. Make every page title unique.

Use keywords in headings in your text.

Bold and emphasis
Use bold and italics (emphasis) on keywords in your text. Do this once per paragraph.

Images can have an "ALT tag". Make sure that you right-click an image, click properties, and see it's ALT tag. This will be displayed to blind readers, and search engines use it as a clue to find out what the picture is about.

A keyword should actually be called a key phrase since it can consist of several words. "Key phrases" are easier to target than key words. For example: "Drug rehab in Pretoria" is easier to target than "Drug rehab" because it is a narrower market.

Use modifying words to target key phrases so "affordable drug rehab", "luxury drug rehab", "drug rehab in cape town", "best private drug rehab" will be target keyphrases/keywords.

Decide what a page is about and choose two or three keywords for that page. Use them at a rate of about 5% in your content, headings, title, meta tags, and picture ALT tags. Don't use your keyphrase over and over again just to try and impress search engines.

Under no circumstances stuff keywords into META tags, headings, or your page content. Don't make your content sound unnatural in order to stuff keywords in.

Focus your page content
When you add a page decide in advance what search phrase people will be typing in on the search engine. Use this exact phrase a few times in your article. Answer the question that people are asking.

I like to link to other pages about similar issues. I'm not to fussy about marking these links "nofollow" (some people will talk about this). I think it adds value to my readers if they can find more information from my page. Just make them target="_blank" so that people can come back to your site. Never link to bad sites (anything you would be ashamed to show your mom, your wife/husband, your boss, or a court of law is a bad site).

Regular content updates
Don't add 50 pages in one day, rather write 1 article per day for 50 days in a row. Keep your content additions regular and even. Keep adding valuable content. Aim to have at least a few hundred targetting your specific area of expertise on your site. When you reach about 500 articles you will find that you start doing really well on search engines.

* Get people to link to your site. Find the industry experts and ask them to link to you. Show them the useful information you have and how it can benefit their readers.
* Do not do link exchanges (also called reciprocal links) where somebody links to you in exchange for you linking to them.
* Do NOT pay for links (!)
* It is better to have a few high quality links than hundreds of irrelevant links. Get links from sites with a high page rank. Install the Google Toolbar into your browser to be able to see a sites page rank.
* Register on forums related to your industry. Put your site in your signature and post to these forums. Ask the moderators if they give "dofollow" links - these forums will be better for you to post on.
* Ask your suppliers to link to you.
* Find out who is linking to your competitors and approach them for links (do a Google search like this ---> link:yourcompetitorssite.com )
* Try getting a DMOZ link, but don't sweat if you can't. I'm personally surprised that search engines trust it so much, given the slow turnaround on the site.

Add a sitemap module to your site.

Search Engine Optimization is hard work, not magic. Good luck!

05 March 2010

Changing background color in SMIL

I've been working on a gateway system that will help a WASP to accept MMS requests and pass them on to the network for delivery to a mobile handset. For some reason the original designers of the gateway decided not to allow service consumers the ability to upload SMIL directly. Rather, an XML is POSTed to a webservice. The XML is then parsed into SMIL and handed to the network provider in a nice SOAP wrapper.

Why is this a problem? Well it means that only the gateway only supports a subset of SMIL. So in order to make a slide look the way that our client wants it to look we have to modify the gateway code to allow text colours and backgrounds to change.

Another problem I've had is that there seem to be very few SMIL tutorials online. When I'm learning a new language I usually pick up what I need by asking Google. Unfortunately even the mighty search engine draws a blank, provides hopelessly outdated pages, or documents like the technical specifications which I don't have time to wade through.

One useful SMIL tutorial I found was the one provided by the folks who bring you Real player. They were one of the early adopters of SMIL technology and seem to be fairly heavily invested in providing Real Player for the mobile market. Their SMIL tutorial is at least up to date, easy to read, and transfer well to open source development. Of course their player is proprietary and so isn't supported by Ambulant player (an open source SMIL 3.0 compliant player).

The MMS gateway that I'm working on was written in C# about a year and a half ago (I'm guessing). The SMIL code it produces is definitely version 1.0, which wasn't even a full W3C standard. It was only since the release of SMIL 2.0 that it has become a recommendation, which has now been superceded by SMIL 3.0. I found a useful summary of changes between two of these versions (here), but can't find a cheat sheet for version 3.0. As soon as I do I will update this post with it.

I worked out that although the gateway is sending a version 2.0 header it is parsing incoming XML into version 1.0 tags. Instead of properly parsing the incoming color parameters it had a hardcoded value setting all slides to black and white. Since the project is due immediately I decided to rather "cheat" instead of fixing the gateway to parse correctly. I wrote a small PHP image editing class that simply writes whatever text I send it on top of a background image. I then base64_encode the image and send that as normal jpeg image content in my slide. This worked first time.

SMIL defaults the and areas to a uniform black, while regions and subregions are set to be transparent. To change the background colour in SMIL 2.0 you set the backgroundColor attribute (in SMIL 1.0 you would use background-color ).

15 February 2010

Microsoft error message "452 4.3.1 Out of memory"

I'm troubleshooting a Microsoft mail server. I go through the logical process of realizing that unless Crazy Monkey Man has put some sort of voodoo magic on my server box there must be a good reason why a Microsoft product isn't working. *cough*.

Right, I telnet onto the server, authenticate myself and try sending a "mail from:" command. I get the error message "452 4.3.1 Out of memory" which I assume means I'm out of memory. So I check my server memory to see that it still has 2 gig free and is under no heavy load right now.

Hmm, how could an SMTP service demand 2gig of RAM I wonder? Not even Microsoft would be so daring to put a hardware requirement like that.

The truth is that when Microsoft says that you're "Out of memory" what they actually mean is that you don't have write privileges to a particular folder (click here if you don't believe me). They just say you're out of memory to trick you. Sort of like Microsoft's idea of a friendly joke.

Only problem is that I *do* have write privileges on the folder in question.

Further investigation reveals that Microsoft has two seperate documents on this issue and the error message "Out of memory" can actually mean one of three things. None of which involve memory. Click here if you don't believe me.

Haha, good one Microsoft. I bet you're laughing all the way to the bank with your little prank.

25 January 2010

PHP email Class

I was looking for a PHP SMTP email class and stumbled across this PHP email class by Manuel Lemos. PHPclasses.org is rapidly becoming my first port of call when I'm looking for a class to fill some general function in my code. Of all the scripting sites out there, and there are hundreds, this is possibly one of the few that I would recommend to people.

One of the reasons that I liked the script was the debugging feature that showed the server responses as they happened. I've been busy setting up firewalls, SMTP relays, and IIS (hate hate hate) so it was useful to be able to get debug info from my client software.

In any case the class worked flawlessly first time, it's free to use, and my client is happy.

19 January 2010

Squid proxy server

My job title is "PHP developer" but because I'm the only person in the office familiar with Linux I get roped into administering the LAMP stack and other systems roles.

Yesterday I was asked to investigate methods of monitoring individual bandwidth use. I've installed Squid proxy server so that all traffic is getting routed through my pet Linux box that I keep spare just for such occasions.

Right, now I'm asked to install software to filter out sites not related to work (like OkCupid... uhoh). So I find a program that slots into Squid and install it.

Bang! Facebook and all other sites mysteriously get replaced with a kitten (from icanhazcheeseburger.com) chewing network cables captioned as "Ohnoes!!!1 kitty is eating my megahurtz!". Putting me in charge results in silliness. I hope they do it less often.

Anyway, despite my best efforts to make the access denied picture cute and adorable my users still hate me. It's tough being a webslave.

A little Linux server does an admirable job of a proxy server, local intranet server, firewall, and virus scanner. My pet Linux box was resurrected from our office "graveyard" because it was old, delapidated, and useless as a development server. Our developers use Microsoft products which require modern computers. I installed Ubuntu onto this box that Microsoft says is useless and now its running a production website, a local intranet, handling our proxy, caching our DNS, scanning traffic with Clam, filtering sites, and our users have commented that our internet is faster than it used to be. I didn't have to pay for any of the software or buy new hardware. Crazy monkey man would be sorely disappointed.

PS: If icanhazcheeseburger.com asks I'll happily remove their image. I hope that linking and crediting is good enough.

13 January 2010

Prevent XSS attacks

XSS (Cross Site Scripting) is a surprisingly easy weakness to exploit on unprepared websites. To describe it at its highest level an XSS attack involves injecting code into a webpage and having a user execute it on the grounds that they trust the website you have hijacked.

There are a great many vectors for an XSS attack to come through, but for the most part applying a few simple safety precautions will greatly improve your site security.

XSS attacks can be split into one of three categories:

  1. Stored XSS attacks - are those where the attacker stores malicious code in your database, forum, comment section or elsewhere on your site. The victim receives the code when they request that particular content from your website.

  2. Reflected XSS attacks - are those where the malicious code is reflected off the server and sent to the victim as part of search results, emails, error messages, etc. This can be set up by tricking the victim into clicking a specially crafted link (or filling in a malicious form) that generates the appropriate response from the insecure server.

  3. DOM XSS attacks - are those where the payload is delivered on the client side by manipulating the script once it has been sent by the server.
It is essential for web developers to sanitize their data so that it does not open doors to these simple attacks.
Cardinal rule: Don't insert data you can't trust
Don't put received data into scripts, tags, HTML comments, attribute names, or tag names. Especially don't run Javascript that you receive.

If your language has automatic functions to sanitize strings (e.g.: PHP has filter_var) then use it.  Be cautious of using functions that are designed to work with html entities, some XSS attacks can work around this.

This applies to HTML elements, Javascript, CSS, attributes, names, and everywhere else that you use received data.

Useful XSS prevention resources

Acunetix provides a free version of their vulnerability scanner that does a good job of detecting XSS attacks.

The Open Web Application Security Project (OWASP) has an extensive wiki on website security.

These guys provide us with users who click on links they shouldn't. Without them we wouldn't have a job.

Trevor Sewell is a UK developer who has kindly provided a PHP XSS class that sanitizes POST data.

11 January 2010

Google Guideline - How spiders view your site

In its "Guidelines for Webmasters" document Google notes that "search engine spiders see your site much as Lynx would".

A web spider is a program that searches through the internet for content (see here for more definitions.)

Lynx is a web browser that was used in the good old days of internet before we had fancy things like mouses, graphics, or sliced bread. Put very simply Lynx is a bareboned web browser that supports a minimal set of features. You can download a free copy from this website. There are other uses for Lynx other than SEO (such as pinging a webpage in a crontab), but for SEO it is mainly used for usability and visibility testing.

If you don't feel like installing new software there are a number of online spider emulators that will try to show you how a spider views your website. One that I found is available here.

Now that we have the means to see how Google spiders view our website we can have a look at what implications the guideline has for our site.

Firstly we need to realize that search spiders "crawl" through your site by following links. Obviously if a spider is unable to read a link then it won't find the page the link points to.

Certain technologies like can make links invisible to spiders. Google can now index text from Flash files and supports common Javascript methods. They don't currently support Microsoft Silverlight so you should avoid using it (it's probably a good idea to steer away from Microsoft proprietory formats anyway no matter how much crazy monkey man screams "developers!" and sweats in his blue shirt).

Google maintains an easy-to-read list of technologies that it supports. You can find it online here.

View your site in a spider emulator or Lynx and make sure that you can navigate through the links. If you can't then there is a good chance that Google can't either.

One way to nudge spiders along is to provide a sitemap. This also helps your human readers. Remember that Google does not like you to have more than 100 links on a page so if you have a large site try to identify key pages rather than providing an exhaustive list.

Some people argue that if you need a sitemap then your navigation system is flawed. Think about it - if your user can't get to content quickly through your navigation system then how good is your site at providing meaningful content? Personally I like to balance this out and provide sitemaps as an additional "bonus" while still ensuring that all my content is within 2 clicks of the landing page.

07 January 2010

Getting Google to notice you

Keep it simple

I've read so many articles by SEO experts outlining how to get a high position on search engines. After ranking a website at number 1, and keeping it there for well over a year now I can offer some solid advice.

The truth is that getting a good, sustainable ranking is a relatively simple affair. However, SEO experts want to make it sound as complicated as possible. How else will they be able to charge you their consultancy fee?

Before you continue reading my blog read this link:
Google Guidelines for Webmasters.

If you adhere to those guidelines you will get ranked.

Stating the bleeding obvious

Question: How does Google make money?
Answer: Primarily by selling advertising.

Question: How does Google make money from advertising?
Answer: By getting lots of people to look at it and click through to their clients

Question: How does Google get lots of people to look at their adverts?
Answer: By have a good service that they want to use (the search engine)

Question: How does Google get people to click to visit their clients?
Answer: By showing adverts that are relevant to the user.

Helping Google for fun and profit

Too many SEO's spend time trying to manipulate Google. You really should be spending your time and effort trying to help Google make money. If you understand my logic above you will create sites that are useful and valuable to users. This makes it easier for Google to provide its users with meaningful search results. This makes it easier for Google to make money.

The mantra "content is king" is a direct consequence of following this logic. If you provide lots of valuable content then Google will see that your site is useful to users and will promote it in its search rankings.

The more money Google can make from indexing your site, the higher it will rank. Google is not a charity, that's why the owners have private jets and an airport to park them on.

If you make their life easy they will love you. If you try to trick them they will punish you. I always assume that the people at Google are cleverer than me. Matt Cutts academic record is enough to convince me not to try to be clever, for example.

Moving onwards with SEO

I'll spend some time examining the various Google guidelines over some postings in the future. To a newcomer they may seem pretty daunting.

I'll also cover some topics such as internal linking, sales funnels, and calls to action.

These are not neccessarily related to SEO but are directly related to the performance of your website. That said, I have found that by having a well structured internal linking campaign my Google ranking improved for certain "champion pages" which I then also pointed my pay per click (PPC) campaigns at. This dropped my cost per click and improved my organic results.

04 January 2010

5 practical ways to reduce spam

Internet "spam" is a term coined to describe unsolicited emails that companies and individuals send out en masse. Because it is very cheap to send an email spammers will send millions of emails out. Even if just one or two people purchase their product the spammer will still make a profit. Spam ranges from being simply annoying to being an outright scam or even dangerous. Consider as an example the ability to purchase medication without needing to see a doctor or obtain a prescription. Spammers send this information out to children.

Spam messages eat up a large amount of internet bandwidth which leads to service degradation for legitimate users. It has become such a problem worldwide that many countries are adopting legislation to combat it.

Spam Statistics

Currently the world's worst offending country is the United States, followed by China and the Russian Federation. America has adopted the CANSPAM act which is aimed at reducing spam, but this has yet to show significant effect in the amount of spam messages coming out of America.

There are many companies that deal with spam. In order to obtain a quick indication of spam statistics I chose one at random and viewed their stats. They recorded 2,509,170 spam complaints in the 24 hours prior to writing this example. Now consider that there are many other companies dealing with spam and not all users will actively complain about spam. This means that the global statistic must be a great deal higher than this.

Reducing Spam

  1. Ask your ISP if they use a spam filter on their servers and consider swapping to another company if they don't. One of the most popular products is "SpamAssassin". It's free and easy to configure. Having a company filter spam on their servers will reduce your bandwidth costs (since you won't be downloading spam messages) and improve your security by blocking malicious emails before you download them. Of course this also means that you will save the time you used to spend manually downloading and deleting the messages.

  2. Avoid publishing your email address on your website or Internet forums. Spammers use web "spiders" to search the internet for email addresses to send spam to. If you are going to publish your email address on your website make an effort to obfuscate it with Javascript or some other method. One approach is to write out your email address in full: For example - info@drugalarm.co.za becomes info @ drugalarm [dot] co [dot] za. Obviously it can't be hard for a spammer to program a search spider to scan for these common patterns so this method is far from foolproof.

  3. Use the services of websites that offer free temporary email addresses when you're registering on a forum or service that you either don't trust or don't intend to use more than once. Mailinator.com is a good example of this sort of service. Remember that because you're using a temporary email address you won't be able to use it to retrieve passwords, track parcels, etc.

  4. If your spam problem is severe you could consider setting up a challenge response system. This runs on your mail server and sends a reply to anybody who sends you an email. If the person replies to the challenge reponse their email address gets added to the list of people who may email you (and they won't have to keep confirming they're not a spammer). Most spammers will not be able to receive or replt to these challenges. One negative side effect of using this system is "back scatter" - spammers routinely fake the "from" field of their emails so your challenge response will target whoever the spammer is pretending to be.

  5. Augment your server side protection by using programs that run on your computer. There are several effective and free solutions that will reduce your spam load. SpamPal is one such program. It is fairly simple to setup and is quite effective in reducing spam. A drawback of using client-side spam filtering is that you will still be paying for the bandwidth required to download your spam messages.

Ultimately the world's spam problem will only be solved when people stop buying their products or falling for their scams. Educate your friends and family about the risks of purchasing products from spam messages. Make sure that you understand what a 419 scam is so that you can avoid making a spammer rich.