How to change Hey there! I am using WhatsApp

When you install WhatsApp for the first time your status is set to “Hey there! I am using WhatsApp“, this is what you are probably seeing looking at many of your contacts and what other people who have you in their address book see about you too, you have to change this manually.

To change WhatsApp status and enter a personal message that is not “Hey there! I am using WhatsApp“, you have to access an ongoing conversation first. Once in that screen, click on your Android phone’s Menu button located at the bottom of your phone, represented by three horizontal lines, this is nearly always a physical button (on the left side of the home button).

WhatsApp change status message
WhatsApp change status message

You will now see a menu on the screen with various options, like the screenshot above, tap the “Status” option to see a new screen that says “Your current status“, that is where “Hey there!…” message goes, edit it tapping on the pencil and enter a custom message, phrase, emojis or select one of WhatsApp premade status messages on the screen, where it says “Busy“, “Available“, “At work“, “At the gym“, “Sleeping“, etc. You can keep changing the status depending on what you do so that other people who see “At the gym” get an approximate idea of when you will be available next, much better than just writing “Busy“.

After changing WhatsApp status it will only be updated on other people’s phone when they turn on data or Wi-fi. To know for sure what is being displayed about you by WhatsApp, ask one of your friends or family members to look at your contact name in their screen and describe you what they see.

My website was hacked, infected sam.php, thumbs.db and index.php files found

Today I received an email from Dreamhost security bot, my host automatic scanner that checks for hacked sites in the server, the email contained the full URL path where an infected file had been found, and a template message with the steps that I should take to make sure my website is secure. The bot also changed permissions to the infected file so that it can no longer be used to harm others while waiting for the webmaster to clean the mess.

The security steps that the email points to are not specific, this is to be expected as no human was involved in this incident, the security scan is automatic, this saves lots of time and money to Dreamhost.

I am not going to complain about them as Dreamhost job is to make sure that the server can not be hacked and this was not a server problem, it is me, the webmaster, who made the sites vulnerable with the wrong file permissions or by not updating something.  In a cheap shared hosting environment like the one I have it is unreasonable for me to expect webhosting staff to manage my sites security for me.

I have been with other hosts and I know that it is the same everywhere and 99% of hacking incidents are webmasters fault, not the host. It is impossible for a hosting company to check software vulnerabilities for the thousands of dynamic sites they host. I am highlighting this because I often come across people in forums blaming the host for their incompetence, I don’t want to be one of those, I know it was my fault that the site was hacked and it is me who has to fix it, if anything, I am thankful that Dreamhost provides me with this free security scanning service.

Cleaning hacking incident

I have spent dozens of hours troubleshooting the incident and I hope this post will help others coming across the same modus operandi. Lets start by my set up.

1) My setup: A shared hosting account containing 1 WordPress blog and 7 HTML plain sites made up of 5 pages each, with no PHP or any other coding that could be exploited, other than the blog.

2) Dreamhost security bot found a file called index.php in one of my plain HTML sites, hidden in path: /home/wwwdream/wipingdata.com/banners/index.php

3) I download the index.php file and everything is encrypted with what looks like Base64 code, hackers often encrypt their code to make it harder to understand what it does.

4) I look at file stamps, the last time I uploaded that HTML site was 3 months ago, I see a few files have with timestamps of 1 month ago, this is because the hacker uploaded them there. Browsing I find another infected file, called sam.php inside another directory, this is easy for me to spot as my site is small and being only HTML, no .php file should exist. I find out with further research that SAM.php means Simple Asynchronous Messaging and it is used to send email. The sam.php file is small and it only contains one line:

<?php
echo date(“Y-m-d H:i:s”);
?>

5) Looking at filestamps, I manage to locate another of my HTML sites infected in the same shared hosting account. Hackers are using the same method, a sam.php in the main directory and a hidden index.php placed inside a subdirectory where I keep HTML pages, this time the index.php is not encrypted.

I read it and see that the file contains code to inject PHP  in one of my HTML pages and use it to spam people or websites using my hosting account.

Using Notedpad ++ to open index.php this is the code injected above the <html> tag of my HTML page:

<?php
$db=@file_get_contents(‘../main-html-pages/Thumbs.db’) or exit(“Unable to read file ‘Thumbs.db’!”);
$keydb=@fopen(“../main-html-pages/Thumbsk.db”, “r”) or exit(“Unable to open file ‘Keys.db’!”);
$dbitems=explode(“———-“,$db);
$s=count($dbitems);
$keyitems=array();
$i=0;
while(!feof($keydb)) {
$keyitems[] = trim(fgets($keydb));
$i++;
}
fclose($keydb);
$script_url = ‘http://’.$_SERVER[‘HTTP_HOST’].$_SERVER[‘SCRIPT_NAME’];
if(@$_GET[“id”]){
$linkid = @$_GET[“id”];
if(preg_match(“/^\d*$/”,$linkid)){
$linkid=(int)$linkid;
if($linkid<1||$linkid>$s){
header(‘Location: ‘.$script_url.’?id=1′);
exit();
}else{
$id=$linkid-1;
}
}else{
header(‘Location: ‘.$script_url.’?id=1′);
exit();
}
}else{
header(‘Location: ‘.$script_url.’?id=1′);
exit();
}
$content=trim($dbitems[$id]);
$keyword=$keyitems[$id];

6) I see that the code is using two files named Thumbs.db and Thumbsk.db, notice a small letter s differentiates those files. I locate both files in my server and they have the same filestamps as the infected index.php, I download the Thumbs.db and open it with Notepad++, ignoring a warning from Windows that these files are used by the operating system and I could damage my operating system if I open them.

The Thumbs.db files I open contain text with 500 paragraphs of Nike shoes advertising in Dutch, using the <p>, the Thumbsk.db I open contains 600 Nike shoes key words

7) Reading again the infected index.php file I found first, at the end of the page above the <body> tag I see javascript has been inserted:

<script type=”text/javascript”>//<![CDATA[

(function(){var d=encodeURIComponent,f=window,g=document,h=”documentElement”,k=”length”,l=”prototype”,m=”body”,p=”&”,s=”&ci=”,t=”,”,u=”?”,v=”Content-Type”,w=”Microsoft.XMLHTTP”,x=”Msxml2.XMLHTTP”,y=”POST”,z=”application/x-www-form-urlencoded”,A=”img”,B=”input”,C=”load”,D=”oh=”,E=”on”,F=”pagespeed_url_hash”,G=”url=”;f.pagespeed=f.pagespeed||{};var H=f.pagespeed,I=function(a,b,c){this.c=a;this.e=b;this.d=c;this.b=this.f();this.a={}};I[l].f=function(){return{height:f.innerHeight||g[h].clientHeight||g[m].clientHeight,width:f.innerWidth||g[h].clientWidth||g[m].clientWidth}};I[l].g=function(a){a=a.getBoundingClientRect();return{top:a.top+(void 0!==f.pageYOffset?f.pageYOffset:(g[h]||g[m].parentNode||g[m]).scrollTop),left:a.left+(void 0!==f.pageXOffset?f.pageXOffset:(g[h]||g[m].parentNode||g[m]).scrollLeft)}};I[l].h=function(a){if(0>=a.offsetWidth&&0>=a.offsetHeight)return!1;a=this.g(a);var b=a.top.toString()+t+a.left.toString();if(this.a.hasOwnProperty(b))return!1;this.a[b]=!0;return a.top<=this.b.height&&a.left<=this.b.width};I[l].i=function(a){var b;if(f.XMLHttpRequest)b=new XMLHttpRequest;else if(f.ActiveXObject)try{b=new ActiveXObject(x)}catch(c){try{b=new ActiveXObject(w)}catch(e){}}if(!b)return!1;b.open(y,this.c+(-1==this.c.indexOf(u)?u:p)+G+d(this.e));b.setRequestHeader(v,z);b.send(a);return!0};I[l].k=function(){for(var a=[A,B],b=[],c={},e=0;e<a[k];++e)for(var q=g.getElementsByTagName(a[e]),n=0;n<q[k];++n){var r=q[n].getAttribute(F);r&&(q[n].getBoundingClientRect&&this.h(q[n]))&&!(r in c)&&(b.push(r),c[r]=!0)}if(0!=b[k]){a=D+this.d;a+=s+d(b[0]);for(e=1;e<b[k];++e){c=t+d(b[e]);if(131072<a[k]+c[k])break;a+=c}H.criticalImagesBeaconData=a;this.i(a)}};H.j=function(a,b,c){if(a.addEventListener)a.addEventListener(b,c,!1);else if(a.attachEvent)a.attachEvent(E+b,c);else{var e=a[E+b];a[E+b]=function(){c.call(this);e&&e.call(this)}}};H.l=function(a,b,c){var e=new I(a,b,c);H.j(f,C,function(){f.setTimeout(function(){e.k()},0)})};H.criticalImagesBeaconInit=H.l;})();pagespeed.criticalImagesBeaconInit(‘/mod_pagespeed_beacon’,’http://www.wipingdata.com/main-html-pages/info-wiping.html’,’oB_Uu8iFmt’);
//]]></script>

8) The code is infecting one of my wipingdata.com HTML pages, converting it to PHP and using it for spaming

9) Big surprise! I grab my back up from two months ago to restore the website, and I see the infected .php hacked files are there!

Conclusion of hacking incident

When the hackers broke into my site they waited over a month before doing anything with it. I know when they broke in by looking at the filestamps of the infected files.

hacking incident
hacking incident

I believe the hackers stood still on the hacked account doing nothing with it because they knew that the first thing a webmaster does after a hacking incident is to restore from back ups and few people keep back ups older than a month, the hackers plan is to be able to get again access to the server after the webbmaster has restored it with infected back ups, this is better than start sending spam the very same day they hack your server, the hackers guarantee that you will never be able to restore from a clean backup.

Top Advice against website hacking

I was lucky because I had a single WordPress blog hosted in this shared account, this made troubleshooting easy, if you have multiple WordPress blogs and you are hacked, it will be impossible for you to go through thousands of WordPress files and check that if they have been tampered with.

I have been in that situation before, I learned the hard way that having 20 blogs on a shared host it is madness, a single incident will ruin all of your work, there is no way you will be able to find out where the problem is, not to mention that updating everything is too time consuming to be able to do it on time.

I have been a webmaster for many years, this is not the first time my sites are hacked, if you trust experience, take my advice and never host a valuable website in a hosting account with multiple sites, if you have a valuable website, host it separately, you can do this buying second shared hosting account or buying a reseller hosting account where you can create many cPanels.

It is impossible to protect from hacking, no matter how good you are, all that is needed to break into your WordPress blog is a zero day vulnerability in one of the plugins you are using, they happen from time to time and thousands of websmasters get hacked through no fault of their own.

With every hacking incident I learn, these are my hard learned security measures right now:

  • Always keep old back ups for at least a year, one month old back ups are not good enough
  • Keep installed plugins and themes to the minimum, always download them from the official site
  • Never host multiple sites in a single shared host, get a reseller account and create multiple cPanels
  • Install Wordfence plugin in WordPress, use Keepass to store unique hard to remember passwords
  • Make sure WordPress is using salt for passwords, change the default table prefix, both things can be done in wp-config.php
  • Disable WordPress default admin user, post using a username with no administrator rights, this way the administrator username remains hidden
  • Learn about the .htaccess file and customize it to your needs

 

 

Free Adsense ready WordPress themes

I have been using Wordpress default themes because they are free, mobile friendly and supported by a big community, but, as pretty as WordPress default themes are, they have not been designed to make money. My Adsense analytics click through rate with these themes displayed less than one per cent of clicks on the adverts, totally unacceptable.

After hours of searching I came across Point, the free Adsense ready theme that I am using here and is one of the top 50 WordPress theme downloads.  This theme comes with empty banner space for standard sizes above the fold and on the sides of the theme. Swapping my old Twenty Fourteen Wordpress theme with the Point theme doubled my click through rate.

You can test this yourself downloading the Point theme from MyThemeShop free section, and if you don’t like the design or colours, in the same site you will find other free Adsense ready themes like Ribbon and Dual Shock.

MyThemeShop WordPress theme panel
MyThemeShop WordPress theme panel

In my experience the average web publisher can do just fine with one of the free themes but if you need more configuration options, MyThemeShop paid for themes, in between other things let you change the site navigation menu, displaying or hiding social buttons, changing the sidebars from right to left,  setting up a parallax site, customizing your site type fonts and headers or inserting a background image (1400px wide x 1000px heigh for best results).

I liked MyThemeShop themes so much that I ended up buying two of their premium themes, they come with free support and being able to use the themes in as many sites as I like. I have contacted MyThemeShop support staff four times and they have always replied in their support forum the same day in a matter of hours.

Other goodies included with MyThemeShop themes are free plugins, one of them has a star rating system for review sites and another plugin called MyThemeShop Connect warns you when the theme has to be upgraded. The best is that you don’t have to create any WordPress child theme to keep your customization, MyThemeShop upgrades keep all the settings you made using their control panel.

I am pretty sure that that the responsive themes I bought paid by themselves in a month or two with the increase of my click through rate.

WordPress plugins for adverts

Another way for webmasters to get a free Adsense theme is by adding advertisement plugins to the theme of your choice, a proper advertisement plugin will allow you to position and manage banner space where you wish, they come in handy to sell adverts in BuySellAds.

You can use WP125 to create small 125×125 squares that let you to have up to six adverts in your site, without looking too cluttered, running campaigns for only a number of days with an automatic take down.

How to embed PDF documents in WordPress without any plugins

If you wish to embed a PDF document in WordPress you could use a plugin, the most popular one is Google Doc Embedder, but, if you would like to keep things as simple as possible, you will want to avoid overloading your blog with plugins that can be discontinued or used for exploits if they have not been properly coded.

One way to embed a PDF document in a selfhosted WordPress without any plugin is using an specialist PDF storage cloud provider like Scribd or DocStoc, they both have free versions and I used DocStoc for some time until I realised that they were trying to pull my visitors to their site by including DocStoc links inside the PDF viewer I had embedded in the blog, and forcing my visitors to register with their site if they wanted to download the document I owned. Another DocStoc downside was the risk that they could go out of business or change their terms and conditions down the road.

Cutting it short I finally decided that the best way to embed PDF files in WordPress was Google Drive. If you have a Google account, signing up for Google Drive will only take seconds, you are given 15GB for free, as long as it is not copyrighted material you can upload and share files, organising them inside folders with an easy to use interface.

Google Drive PDF file sharing
Google Drive PDF file sharing

Unlike other sites, Google Drive business model is not about pulling your visitors to their site, their business is about pushing you, the publisher, to Google services. Google Drive will try to convince you to use Google own office suite, Google Docs, YouTube, HangOuts, Google + and all the other junk Google has to offer. The good part here is that they will not bother your readers, it will only be you who is messed with.

Instructions to embed documents

The default persmission for files uploaded to Google Drive is set to private, you will have to change this to “Share“, right click on the uploaded file and select “Share“, a pop up window will come up, click on a tiny button at the bottom of that window that says “Advance“, next to where it says “Private – Only you can access“, click on “Change” and select “On – Anyone with the link“, do not choose “Public on the web” because you will lose traffic, people will not have to visit your site if you make the documents accessible through other means.

Now click on “Save“, look above where it says “Link to share“, copy the link and paste in your browser in a new tab, you will see a download arrow, click NEXT to that arrow not ON the arrow, a small drop menu will open allowing you to “Report abuse” or “Embed item“, if you click on “embed item” you will be given an iframe code that works in all browsers and mobile devices.

Below there is an example of what an embeded Google Drive hosted PDF document looks like in a WordPress blog. To view it I pasted the following HTML code in text view: “<iframe src=”https://drive.google.com/file/d/0BwTZs6zSO6OOZWJnWWNLWWhkMWM/preview” width=”640″ height=”480″></iframe>

List of VPN affiliate programs you should avoid

I have been promoting various VPN companies as an affiliate for four years, these are the ones I recommend you to avoid, I wish I had known about them before myself.

IPVanish: High on the list, ironically, what puts me off this VPN affiliate program is the incompetence of their affiliate manager. He would keep emailing me asking that I put up banners for their company, this is perfectly fine, what it is not fine is that after informing him that I was a hobby blogger and I hardly had any traffic, he would still email me every three months asking again, to which I would reply the same, and he then would contact me once again. The impression I got is that he doesn’t keep track of email communications.

I tried IPVanish for a month for free and I wrote a blog post with a review of their services, because I don’t earn a living with my blogging, I can afford to be honest, the review advised people not to buy IPVanish. After posting it, Dave, my IPVanish affiliate manager, contacts me once again and asks me to write a review of their services, I let him know that I already did and give him the link, inviting him to reply to the post if he feels like it, he kind of says that the review is awful but never bothers to counter argument my points in the post. Really? He can’t be bothered to defend his own company? Fine by me no problem.

Three years down the road as an affiliate with IPVanish, Dave sends me one of his bi-monthly emails, he has forgotten all about me as usual, he only wants me to put up banners in my blog. I let him know that after reading IPVanish terms, I don’t like the 15 day cookie tracking and the $100 minimum pay out is too high. He offers me a 30 day cookie tracking and $50 pay out if I place an IPVanish banner in my blog, I tell him that I have $57 in my affiliate account (earned in 2 years) approved for payment, he agrees to pay me next month if I place an IPVanish banner in my blog which I do.

Two weeks later we get to payment day and no money comes in, I email Dave about the problem and he tells me that one of my already approved sales, has been “marked as fraud“, it turns out that customers only have a 7 days money back guarantee and this sale/commission had been approved for more than a month, according to his email “there are instances where our support team goes in and audits subscriber accounts” and “Unfortunately, the fraudulent account brought your commission total back down to $30. So that is the reason you were not paid out this cycle.

VPN affiliate program customer service
VPN affiliate program customer service

I am not going to work anymore with IPVanish for the following reasons: affiliate panel sucks (confusing lay out), affiliate manager sucks (he does not keep track of previous conversations), cookies suck (15 day tracking), pay out conditions suck ($100 minimum and they cancel commissions that have already been approved).

EarthVPN: I have been with them for two years, the first three months I made a few sales and I was quickly paid with Paypal after reaching  the minimum $50 pay out. However, for the last year I have had trouble getting paid in a few occasions.

Update EathVPN 2015: This company has stolen $90 from me, they don’t reply to tickets, I have also contacted them in Twitter and they did not reply, I have had a ticket opened for 3 months waiting for payment, every time they close it without any reply. I will say it clear:

EARTHVPN YOU ARE THIEVES.

Don’t take my word for it, I attach screenshots with evidence.

1- EarthVPN owns money

2-EarthVPN not replying to tickets

3- EarthVPN not replying to tickets again

4- EarthVPN ticket account

5- EarthVPN not replying to Twitter

NordVPN: Great promotion materials and high commissions, this made me read their terms and conditions with attention, I am always suspicious of high pay outs and I look for a catch. Sure enough there was one, I read that tracking cookies in NordVPN only last 7 days. I believe this is well below industry standards and it doesn’t seem right to me, many people don’t buy straight away, they wait more than a week. I would have never signed up with NordVPN affiliate program if the 7 day cookie had been prominently displayed, now that I know this I won’t even start their promotion.

VPNTunnel: I used to have an affiliate account with this small Swedish company, I made two sales, around $35 commission, then one day I noticed that they had removed their affiliate program, but affialite links where still working directing traffic to their site. VPNTunnel never contacted me to let me know that their affiliate program was to be ended and they never paid anything out. If they open again their affiliate program there is no way I will sign up again with a company that has such low business standards.

Review OpenVPN provider Acevpn

I have been using Acevpn Premium VPN package for three months, I was given the account in an online give away and I have been using it to get around georestricted online TV services like CWTV and Pandora Radio. I liked that Unblock TV comes bundled with the VPN, I had never used DNS unblocking services before. After changing the name servers in my router with the ones AceVPN gave me Unblock TV behaved flawless as advertised, no video buffering and it detected when my browser visited Hulu, activating the USA proxy in the background.

I soon learned that DNS proxy services are not a good idea if your ISP changes your computer IP every time you reboot. For the DNS proxy to work you have to link your computer IP to the proxy DNS first, when your computer IP changes you have to log into your Acevpn account, erase the old IP and add the new one. It is not hard to do, but if you get a different IP every few days it is annoying and I just preferred to watch TV with the VPN switched on instead of the DNS proxy, it saved me time.

If you have an IP that remains the same (static), Unblock TV will work just fine for you, the only caveat is that not all  TV websites are supported, iHeart radio for example, does not work with AceVPN Unblock TV, you can suggest Acevpn staff to add it, they add new sites when there is enough demand.

Windows OpenVPN provider Acevpn
Windows OpenVPN provider Acevpn

As for the VPN, you should know that AceVPN does not have a proprietary VPN client, you have to download the original OpenVPN client with no interface, servers can only be accessed right clicking on the VPN taskbar logo and configuration files have to be manually edited. The good news are that you only have to do this once and Acevpn has easy to follow instructions with screenshots about how to configure the software, however, it will take 30 minutes of your time to read those instructions.

I regard the OpenVPN right clicking system confusing, the more expensive Ultimate VPN package shows up in the list. The cheap VPN package I was using only allowed me to connect to the USA, UK and France servers, the other dozen locations were taking screen space and I could not access them.

The main points you should know about Acevpn is that their website is disorienting, they have two different VPN packages but you aren’t clearly told what the differences are in between them, Acevpn has lots of internal links that keep you going around in circles. Support was quick to reply the one time I contacted them in the forum, VPN set up instructions are neat, although, if they had a proper VPN client, the customer would not have to set up anything.

The Premium cheap VPN package is good value for money if you are happy with just three VPN servers, the Premium package that allows P2P traffic is overpriced in comparison with the competition. Acevpn privacy policy isn’t great either, all they say is that they don’t keep logs but they don’t tell you what kind of logs they are talking about, if connection or website logs and they don’t mention where their company is based.

The only reasons why you might want to sign up with Acevpn and not somebody else, is that DNS unblocking TV services are included for no extra charge. That is all I liked from them, I think that to start competing with other VPN companies they should organise their website so that basic information, like VPN package differences, can be found in less than an hour, and if they can’t afford paying a developer to build their own VPN client, at the very least don’t make customers download twenty configuration VPN files when they can only access three of them.

If you want an alternative to Acevpn I suggest PIA VPN they fix all of the shortcomings that AceVPN has and prices are equally cheap.

Visit Acevpn homepage