Block malicious bots from scanning your site

Looking at my site statistics I have been observing how for the past three months a bot scans my site multiple times a day. I don’t know the purpose, but I know that it is using a fake ISP name and user agent, companies running a bot for a good purpose, like research or archiving a site, don’t mislead webmasters with fake metadata data, I assumed this is a malicious bot and I obviously wanted it blocked.

The fake ISP that my analytic StatCounter software shows for this bot is labelled as “Merck & Co.”, a multinational pharmaceutical company, the operating system shows as Windows 8 and the browser is either Chrome or Firefox. At first glance everything looks fine, I only realised it is a bot because my blog has less than a hundred visitors a day and it was  odd to see twenty daily visits from Merck & Co. when they are not even computer related. I dug deeper to see what URL it was visiting and it appears it scans all tags, I then looked at the IP host name, that is when it became clear  to me that it was a bot with a fake ID, the hostname (reverse IP) belonged Amazonaws.com (Amazon Web Services), a cloud service renting cheap servers.

Wordfence list of blocked IP
Wordfence list of blocked IP

Every single Merck & Co.” hit scanning my site came from the same US Amazon data centre and they are using more than one server, they have thousands of IPs, although in the same range. On a side note, a month ago my Adsense account had a 1000% increase in earnings, it earned me $1000 in a single day when it normally earns me $1/day. It was obvious that a bot had been clicking on advertisements,  and since this wasn’t me, I am assuming that a black hat hacker was trying to dry out Adsense funds out of a competitor.

As soon as I noticed it, I reported the scheme to Google myself to avoid any account suspension, you can report suspicious activity using your Google Adsense panel, the Adsense team never replied, I expected this, Google Adsense is known for never replying to their partners and treating them like garbage who don’t deserve a reply, the only reason for using them here is that for small traffic sites like mine they pay a little bit more than others.

There are two ways to block malicious bots from scanning your site, one of them is manually, it can be used if you have very few computer IPs you want to block and you don’t expect them to change. To manually block an IP from visiting your site download the .htaccess from your server using an FTP client like FileZilla, edit .htaccess in your computer, it will very difficult to do this with Notepad in Windows, Notepad has problems saving files with a dot (.) in front. To edit .htaccess use a proper editor for programmers, I recommend Notepad ++, it is the one I use and it is free (notice the ++ sign infront).

Add the following lines at the end of your .htaccess file, changing the listed IP address for the one you would like to ban:

# User IP Banning
<Limit GET POST>
order allow,deny
deny from 54.160.11.154
allow from all
</Limit>

If you want to block more IPs, add more lines that say “deny from” followed by the offending IP, as many as you need. If you want to block a whole range use the line “Deny from 54.160.1.0/24” (notice the /24 at the end, that is not an IP, that is the 512 IP addresses). By the way, the IP example I am using is the real bot IP scanning my site.

A second way to block an IP range from hitting your website is using a security WordPress addon called Wordfence. This addon allows you see live traffic, it scans your website to find malware and it monitors changes to core WordPress files, Wordfence automatically blocks IPs attempting to login into the administrator page too many times, this stops brute force attacks, you can use this addon to block a single computer IPs, adding it manually, or you can block a whole IP range, that is what I did to stop the fake “Merck & Co” bot.

Wordpress security addon Wordfence
WordPress security addon Wordfence

After installing Wordfence in your blog go to “Advance Blocking” and enter the IP range you would like to stop from visiting your site separated with a hyphen. You can learn the bot IP range by looking at the site analytics software, in this case the range I blocked was 54.69.0.1 – 54.69.255.255 and 54.68.0.1 – 54.68.255.255 those IPs belong to Amazon servers in Woodbridge,  USA. And if you ever change your mind, click on “Delete blocking pattern” and the IP range will be able to access your site again.

Wordfence also gives you the choice of blocking an specific browser or user agent, but it will not be useful against malicious bot, like “Merck & Co.”, the user agent is fake. You are also able to block a whole country from visiting your site and setting up double login authentication using your smartphone, but those are paid features. For the small hobbyist webmaster, the free version of Wordfence is enough to protect you, even if no bot scans your site, it can protect you in other ways.

Visit Wordfence homepage

 

HostMetro review, what they don’t tell you

I decided to sign up with HostMetro after contacting their support team to confirm that they allowed adult content. I liked that they had cPanel, unlimited bandwidth, unlimited addon domains, one click install and far better pricing than their competitors. It also caused me a good impression that HostMetro support team was straight forward about my first enquiry and very quick to answer, the 24/7 live chat, email and phone number for support became the icing on the cake.

Another thing I liked from HostMetro is that unlike some of the big hosts enticing you to sign up with them for a year with a discount voucher and charging you double when the promotion expires, HostMetro pledges to never increase renewal fees even if you signed up using a huge discount. This moved me to buy the 3 years hosting plan to lock in the bargain price permanently.

HostMetro control panel addons
HostMetro control panel addons

Sign up process was simple, account activation immediate and features all as promised. I moved six of my WordPress blogs from the old host that I had given up because of a price increase, and had Pingdom set up to monitor HostMetro uptime. Everything was too good and uptime was my main concern.

For the following two weeks performance seemed to be marvelous, for a site hosting adult content that consumed a fair amount of bandwidth I had no slow down or downtime at all, I could not be any happier, right until I decided that I should back up my account.

Anybody familiar with cPanel knows that there is a “Backup” button that you can use to create a full account back up, I was unable to see this button anywhere in HostMetro cPanel. I opened a ticket and HostMetro told me that they had removed the “Backup” button from the panel because some users were consuming too many resources with it, but I could have the button reinstated for a price, $1.95/month. It rattled me that HostMetro would give me such a lame excuse to charge extra for a feature that all hosts have by default. Back up is not an email or site monitoring addon, backup is an essential feature that you can’t live without, no serious webmaster would spend their time building a site and have no backup.

HostMetro support informed me that if I wanted to it is possible to backup the sites with FTP, and they are right, but FTP takes you much more time than cPanel backup as there is no file compression and MySQL databases have to be kept separately.

I was not happy about HostMetro gimmick to get more money out of me so I asked for a refund, support then replied to the ticket that they were willing to reinstate cPanel “Backup” button for free. Unfortunately I already felt uneasy about the company and I did not want to be tied with them for three years and risk who knows what down the line when there is no possibility of refund, I insisted on my refund and without any hassle within four days Hostmetro had send my money back to Paypal and the account was cancelled.

Overall, uptime for the two weeks I was with them was good, support was quick and reliable, prices are cheap, and they were quick to refund me without problems. It is a pity that HostMetro marketing was deceiving. I have a mixed feeling about this host because they treated me properly and the extra $1.95/month they asked for  being able to back up the account still makes the prices reasonable.

My advice is that you give them a go because maybe they have changed their cPanel back up policy by the time you read this and if you contact HostMetro support threatening with closing the account if you don’t have this feature they are very  likely to offer you this for free like they did with me.

Visit HostMetro homepage

Hostmetro 20% discount coupon with word: moneyoff

The best free and budget DreamWeaver alternatives

If you are the occassional web designer not earning a full time income with your job Adobe Dreamweaver high price will place it out of your reach and many of the features it comes with might be an overkill, or maybe you are just like me and believe that paying a monthly fee instead of a one off charge to use a web editor is a big rip off, or maybe you just don’t want your valuable private projects to end up in Adobe Dreamweaver cloud servers and expose them to theft and espionage. The following post will give alternatives to the overpriced Adobe Dreamweaver to all of you.

Free WYSIWYG web editors

  • BlueGriffon: A decent open source WYSIWYG web editor for Mac, Windows and Linux based on the Gecko rendering engine, any page you design with this editor will look exactly the same in Firefox as they both use Gecko to display pages. The editor’s user interface can be used by anybody who is familiar with a text editor, to insert images or save a page you just click the intuitive logos, pointing the page elements to the right place in the website or switch to code view if you know HTML. BlueGriffon capabilities can be extended with addons available for download at their site.
  • OpenElement: A Windows web editor that allows you to quickly add rich media, a built-in image optimizer can retouch photographs to reduce its size, saving time by not having to open an external graphics editor. The editor will keep the structure organized and make sure that links are not broken. You can use this editor to create a robots.txt or .htaccess file and add metadata or analytic tools to your site, with numerous free templates to set up a professional looking website in just a few hours. A very complete and poweful free web editor for beginners and advanced users alike.

    Free web editor OpenElements
    Free web editor OpenElements
  • Google WebDesigner: Mac, Windows and Linux editor to create responsive websites following the latest HTML5 and CSS3 rules for displaying pages in any devicw. Two different design layout is available, design and code view. This web editor is targeted at graphic designers who want to create 3D and animated objects, I would not advise it for beginners, you need to be comfortable undestanding animation software and time frames.

Budget WYSIWYG web editors

  • Xara Web Designer: Web authoring with responsive design that will automatically create variants of your website with different sizes and serve them dynamically when it detects the screen size. This software includes a design gallery with themes, clipart, graphics and social media widgets for you to add. The showcase of websites built using Xara Web Designer gives the impression that this web editor can create very professional looking websites that come out as complex and laborious and would be hard to guess that they were created with a budget web editing program.
  • Web Architect: Tabbed split view web editor with support for PHP, JavaScript, jQuery and other advanced technologies. You will find a tag palette, code inspector for HTML, XML and CSS, W3C markup validation service, a wizard to create Cascading Style Sheets, code snippets and integrated Internet Explorer, Firefox and Chrome preview modes. Programmers can add Python, Perl scripts and other languages then see it live on the browser with a feature called “SmartEdit“. This web editor has built-in SFTP/SSH to securely upload your website to the server and a free PDF manual helps you find your way around.

    mirabybe Web Architect
    mirabybe Web Architect
  • StudioLine Web Designer: Web design software with an advanced image editor to help you create slideshows or mobile pages. This is probably the web editor with the most complete image graphics editing, you could save money if you don’t have an image editor already by just buying this program instead of two separate ones. There is no need to know HTML code, you can drag and drop images around to position them in your page, the editor could be ideal for people who are comfortable with the Photoshop like programs and need to create a page from time to time. A large number of layout templates, rollover buttons and dynamic menus are included.
  • NetObjects: With a huge library of templates and free stock photos you can use drag and drop to add elements to your page without having to search the Internet for them, saving you precious time and knowing that you are not breaching copyright laws. You will also find built-in support for payment processors to create an e-commerce site. Get creative designing your own site or use NetObjects wizard to quickly have a fully functioning site in no time. The interface is clean and easy to use with various panes showing you the site elements, structure and properties.
  • WebSiteX5: With different program versions for advanced and novices also varying in price according to capabilities. This web authoring program can build simple websites or complex online stores, it comes with hundreds of free web templates that should have what you need or buy extra templates if you want to have thousands of them. The built-in browser has the Chromium rendering engine, an integrated web server helps you preview your site as it would look live without having to upload it. Free graphics and widgets that can be added to your website making it look really professional but built with little coding knowledge.

    Incomedia WebsiteX5 Evolution
    Incomedia WebsiteX5 Evolution
  • TOWeb: Responsive website creation software, this editor is ideal to design a small website for a small business in just a day. A site will have four or five pages with basic contact details that can be accessed from any desktop computer or mobile device without breaking the page. You can also add SSL to your site and generate a good looking professional website editing one of the many available HTML5 templates with What You See Is What You Get and add maps and polls in no time.
  • Artisteer: This is probably the most elementary of paid for web editors I have seen, advanced users will want to avoid it but beginners will love the quantity of free templates that come with it and how easy it is to build a website editing the text like you would do in LibreOffice or any other text editor. After creating a website you can upload it to your server with the built in FTP client or use the export feature to convert it to Joomla, WordPress or other Content Management Software. Designing a website can not get any easier than this, Artisteer will even create unique templates and export them to Blogger for those using that platform.

How to create a WordPress child theme for beginners

A WordPress child theme allows you customize and edit your WordPress theme without risking doing irreparable damage or losing all changes you have made after updating the theme.

A WordPress child theme inherits the parent theme functionality,the Cascading Style Sheet is imported from the original theme and all modifications you make to it are stored in the child theme instead of the parent so that they can not be overwritten.

Beginners can create a child theme using one of the following plugins:

One Click Child Theme: It can be used in shared hosts to create a WordPress child theme with a single click. It doesn’t require you to learn how SFTP works.

Child Themify: Compatible with multiple sites, a WordPress special edition called MU (Multisite) able to administrate more than one wordpress installation with a single interface.

Wordpress child theme diagram
WordPress child theme diagram

Orbisius Child Theme Creator: It can create unlimited child themes from a single parent theme. This plugin includes a child theme editor to compare side by side the original parent theme file with the modified one.

Creating a child theme manually

Advanced users can create a child theme if they know how to SFTP to a server and edit Cascating Style Sheets.

To have a WordPress child theme you first have to create a child theme folder inside wp-content/themes you can name that folder anything you like, normally, if it was based on the twentyfour theme it would be called twentyfour-childtheme

Then you code an empty style.css file as written below, just replace where it says twentyfour with the name of your original theme:

/*
Theme Name: Awesome Twenty Fourteen
Template: twentyfourteen
*/
@import url(“../twentyfourteen/style.css”);
/* Theme customization starts here */

Save the style.css file and upload it to the twentyfour-childtheme folder you have previously created.

Now you will see the new twentyfour-childtheme inside the Worpress administration panel going to Appearance>Themes  activate it and you ready to customize the new layout without fear of breaking anything. Reverting changes will be as easy as activating the original theme.

Just a warning, I have found it difficult to add analytics to a child theme because I am not well versed in web design. I got around it by downloading the StatCounter plugin for WordPress so that I don’t have to edit my theme to add any analytics code and the code will always be there after a theme update or change.

To save you time, I am making my child theme CSS file described above available for download in this post. You will also find an empty functions.php file and an empty images folder, those are used to augment the level of child theme customization, like creating a widget, you don’t have to necessarily use everything, uploading all files will not tear apart your layout.

Download twentyfourteen child theme files

Review Arvixe shared hosting package

After extensive research I picked Arvixe to host my site over the other dozen of budget hosting companies due to the good online reviews, their quick reply to one of my presale questions, cheap prices, the size of the company guaranteeing that they will not evaporate overnight, the host allowing adult content and because they are not part of the Endurance International Group (EIG), a big hosting corporation worth hundreds of millions of dollars that owns HostGator, BlueHost, iPage, FatCow and other 50 different hosting brands marketed as if they were independent to hide that they belong to the same owner.

I was unhappy the way HostGator had been dealing with my hosting account since they were taken over by EIG and I wanted to make sure that when I switched host I would not be using the same EIG parent company under a different brand.

Feature wise, Arvixe provides a cPanel account with the same unlimited space and bandwidth that all of the other big hosts, with the pleasant extra of a free domain registered under your own name that you get to keep without having to pay for it for as long as you remain with Arvixe, and if you move host, you can transfer the domain name to the registrar of your choice. This alone is worth $10/year.

Arvixe hosting custom cPanel
Arvixe hosting custom cPanel

The signing up process is straight forward, with automatic approval if they payment isn’t flagged as fraud. I used Paypal and within minutes account credentials were received in my email inbox with standard information on how to configure DNS servers and SFTP.

Support is provided 24×7 by live chat, US based phone number, online forum and email. I opened five tickets in total and they were replied to in an average of two hours, I posted a couple of complaints in their online forums and they replied to me in five to six hours. I don’t live in the USA so it might have been night there when I posted.

Arvixe support was always helpful, the email address of their Quality Assurance team appears next to the tickets and you are invited to contact them if you are not happy with the support you receive, and if Quality Assurance does not solve your problem, you can escalate it to the Arvixe management team. Their contact email address is found in the signature of all Quality Assurance email communications, with a sentence encouraging you to write to the management if something is not addressed properly.

I have been with six different hosting companies in the last few years and Arvixe is outstanding when it comes to customer support. This is the only big hosting company I know of where you can directly contact the top bosses.

Now comes the dreadful part where I suffered multiple server downtime during my first days of hosting with Arvixe (langur server), sometimes as much as eight hours of downtime straight, other times just a few minutes, random and unexpected, making it impossible for me to update my blog, feeling unsure if the next mySQL error would allow me to save the data or go belly up and lose everything.

I posted a complaint in Arvixe public forums, thinking that since everybody can read them, they would take it more seriously than a private ticket. Arvixe response was to apology, stand by their 99.9% uptime guarantee and refund me one month hosting fees within hours of me bringing up the issue.

I decided to remain with them because Arvixe seemed to really care about the customer and no host is safe from possible server problems, but lo and behold, for the next three weeks my Pingdom account monitoring the website uptime sent me more downtime notifications. At the end of the month Pingdom indicated a total of 11 outages with a total server uptime of 96.68%, well below my expectations even for a budget shared host.

I believe they would have refunded me a second month hosting fees if I complained again but I decided that it was not worth the trouble. I lose five times refund fees in missing advertising revenue with just one day of downtime. It rattled me that in just seven days I had experienced the same downtime than for the last two years.

Pingdom server monitoring Arvixe hosting
Pingdom server monitoring Arvixe hosting

I decided to call it quits when I received an Arvixe notification informing all langur server users that we were going to be migrated to a new server because of hardware stability issues and during the next few hours of hosting we could notice sluggish performance visiting the site.

I took advantage of Arvixe 60 days money back guarantee, double the length of time that other hosts offer. After moving my sites to a more expensive semi-dedicated server with HawkHost, I asked Arvixe to cancel my account and refund me the two years I had paid in advance.

Arvixe Quality Assurance team offered me to promptly move my sites to a different server  but I was too rattled about the time I lost moving sites and I already had a new host so I turned down their offer. In less than 24 hours Arvixe refunded me every single penny, they did not charge me any Paypal fee or domain fee, which according to terms and conditions, were entitled to.

I had a bad experience with Arvixe but I was only with them for one month and they acknowledged the problem. I think that they deserve a second chance to make sure that the awful server downtime was only an unlucky coincidence that happened right after I signed up. Had it not been for the downtime the rest of the hosting package was perfect and perhaps in the future I could be back with them.

They also have a BusinessClass Hosting costing $20/month, with less users per server and better hardware. But with the meager advertisement income I make here, this was not an option for me.

20% off Arvixe hosting using the code: hosting20deal

JustBrowsing Linux live CD for no traces browsing

JustBrowsing is a bootable Linux live CD based on Arch Linux, it has been designed for Internet browsing on a live environment. You can not access your computer hard drive with it or use any other software that is not Firefox or Chrome, however, you can resort to browser addons to extend capabilities, a calculator and notepad extensions are included in the Chrome browser and can be launched using shortcuts in the operating system deskbar.

The live CD concept is to have a tool to browse the Internet on a computer that is not yours, like a friends house, school or workplace. JustBrowsing boots with lighting speed, you don’t need to enter any username or password, during the boot up process select if you want Firefox or Chrome and in a few seconds the browser will autolaunch taking up the full screen, except for a deskbar located at the bottom of the screen, there you can swap browsers without leaving the OS, launch browser apps and configure a VPN connection.

JustBrowsing Linux live CD does not make any changes to the existing operating system on the compute and after rebooting the computer it will not leave recoverable tracks behind, like cookies or browsing history.

Linux live CD JustBrowsing
Linux live CD JustBrowsing

Regarding privacy, you still must have into account is that if it is not your own network, a network administrator can set up the firewall to restrict Internet access, log or monitor your activities in real time. JustBrowsing will not help you to get around network Internet filtering, although a webproxy shortcut is included, the URL is likely to be blocked by the network filtering list

You can’t install JustBrowsing in your computer but there is a .ova (Open Virtualization Archive) virtual appliance available for download and it could be used with VirtualBox in Windows or within a USB thumbdrive.

JustBrowsing default search engine is privacy friendly DuckDuckGo, is best not to change it to any other that tracks your search queries, like Google. A couple of dozen entertainment bookmarks are bundled with the browser, the Music and TV section had links to USA only services, i.e. Hulu, Songza,Slacker, sites that you will not be able to use if your computer IP is not in the USA.

I liked how easily you  are able to switch in between browsers without logging in and out and how the browser autolaunches, as well as the speed at which it does. Having VPN software was a big bonus but there were no configuration shortcuts, the user still needs to know VPN credentials and set them up, not very practical for short Internet browsing sessions. I would have liked to see an easy way to set up a VPN with preconfigured settings or a Tor proxy browser addon.

JustBrowsing live CD Chrome browser webapps
JustBrowsing live CD Chrome browser webapps

JustBrowsing live CD does an splendid job of setting you up for quick Internet browsing, privacy could be improved by not relying so heavily on Google apps, like the shortcut links to Gmail and Google docs, the shortcut to a webproxy is flimsy privacy as many websites will not work with PHP proxies. I would be happy to use JustBrowsing live CD to stop snooping on the local computer but I would not trust it to stop a network administrator from looking at what sites I visit.

Something else to have into account is that many public computers have been set up to stop live CD and USB booting, my experience is that the practicability of using these kind of tools on a computer that is not yours is not very high, and public library computer administrator are not going to change the computer boot settings for you any time soon.

If you find that you can’t change BIOS or UEFI settings and can’t boot the live CD, I would download VirtualBox portable to a USB thumbdrive and launch JustBrowsing .iso from inside Windows, with the added benefit of being able to save the VirtualBox session and settings in the thumbdrive.

Visit JustBrowsing homepage

Best shared hosting companies allowing adult content

It is very easy to find shared hosting packages, some of the big hosts allow occasional adult content but if you need shared hosting to host a dedicated pornography website you will have to read the terms and conditions carefully or risk suspension.

I have been searching for cheap shared hosting that accepts porn for one of my clients. I decided to pick only big hosting companies because they own the hardware and are not reselling server space. After hours of research this is the list of the best shared hosting companies to host porn that I could come up with:

DreamHost ($50 discount clicking on link) :This company has a wide open free speech policy allowing any content that is legal in the United States, including pornography. Their custom hosting control panel is very easy to use and their shared hosting comes with unlimited bandwidth and space.

Arvixe (%20 off discount code: hosting20deal): A well established US hosting company providing shared and dedicated hosting to businesses and individuals. I researched online reviews for Arvixe in trusted forums like WebHostingTalk and nearly all of them were good,  I also asked Arvixe support team if they allow pornography in shared hosting and they confirmed it.

HawkHost: According to their support team replying to my inquire, HawkHost will accept any content that is legal in the United States, this includes pornography as long it is not copyrighted material and you have the right to use the images, their shared hosting allows you to choose server location in the US or the European Union.

Adult shared hosting Hawkhost
Adult shared hosting Hawkhost

Certified Hosting: A subsidiary of Naked Hosting, Certified Hosting has budget packages with unlimited addon domains, space and bandwidth appropriate to host a dozen adult blogs if you have the time to manage that many sites.

HostGator: Part of Endurance International Group, one of the largest hosting companies in the world, they own more than twenty different brands, like BlueHost FatCow, iPage, HostMonster. Adult content is only allowed in HostGator as far as I know. They share resources with their sister companies, if you are not happy with one of them, don’t move to the other brand as it will be the same.

GlowHost: Their shared hosting packages come with unlimited bandwidth and competitive prices similar to those of their peers, GlowHost live chat confirmed to me that they allow adult material, as long it conforms to US and State law, in their own words: “if it’s legal content, it’s fine“. They offer support via live chat, phone and email, the company has been around for many years and James from live chat was very eager to help me out, my first impression was that of outstanding support.

Cheap shared hosting Glowhost
Cheap shared hosting Glowhost

HostMantis: This US webhost offers two kind of shared hosting, “Standard” and “Premium”, adult is only allowed in their lower performance plan, this is due to the premium plan using LightSpeed, a hosting technology developed by a company that bans using it to host pornographic content. Having said that, I know of hosting companies that are using LightSpeed and are hosting porn, but I understand that the USA is the land of lawsuits and if you happen to be there, like HostMantis is, you have to take great care.

HostMetro: The company is only a couple of years old, I was unable to find trusted reviews for them. HostMetro convey the impression of being a big corporation, they have 24/7 support via email, online chat or US phone number. I asked in the live chat if they allow hosting of porn and they confirmed it to me.

Squidix: A webhost located in the US with good reputation, the first year of shared hosting comes heavily discounted, this is a good way for you to make sure that their services fulfil your expectations. There are two shared hosting packages, both with unlimited bandwidth, the only difference is available hard drive space. Support is provided via live chat, phone and email.

Amerinoc: This company has been providing adult hosting for many many years. They recently have updated their website designand they have good reviews in many adult webmaster forums and an affiliate program that I have seen promoted in the adult industry. Never used them myself, that is all I can say.