BlueLayerMedia - Creative Web Services

You wake up in the morning one day and decide to browse your site to see how many visitors are on your site.  With cup of coffee in one hand, you click that bookmark that you’ve clicked now for the 504th time but…this time something is different….a dark red screen.   Hmmm…could this be your site?  A look in your address bar confirms it is your site.  What on earth could have caused this!?!?

Unfortunately, someone found a security hole in your website and exploited it. In most cases the “hacker” has injected your pages with various types of malicious code which could be anything from porn sites, to Viagra sales to programs designed to infect your visitor’s computers.  On top of that, they probably have left a file in your website allowing them free access to your host and in turn, any other sites/files you have on that host.

This warning obviously won’t go away on its own. The malicious code must be removed, your site secured and then Google notified that the clean up was completed.  Once Google verifies your site is fine, the warning will be removed.

Unless you’re proficient with HTML and in other cases PHP, trying to clean up your site can leave it in worse shape.

We have completed over 55 clean-up type jobs where we were able to successfully remove the malicious code and in most cases provide additional security to the site to keep it from happening again.  In some cases your site is your livelihood and time is money.

Our average clean-up cost is $40.00USD, one hour of our time.  For a specific quote, please contact us and we can take a look at your site and give you an exact quote and time frame for us to clean up your site and get it back on its feet!

Are you getting the dreaded “Oops! We are unable to process your request” error message after freshly setting up WP e-commerce plugin and your Google API?  If so, we have the quick and easy fix for you.  Just follow the steps below and you should be good to go.

1. Access the WP backend then Products
2. Click Settings
3. Click the Payment Options tab
4. Select Google Checkout as your payment gateway
5. Click on Set Shipping Countries in the payment gateway box on the right
6. Untick all other countries besides USA

That is all it takes to get Google Checkout working with WP e-commerce!

One of our more larger clients asked us to create a site based on the WordPress platform and utilize the WP e-commerce plugin  as a shopping cart.  One of the many issues our client was facing right out of the box was the inability for WP e-commerce to pass his SKU along to his PayPal gateway.

After going over the plugin in depth and confirming via the author’s site that this feature is  currently not available, we did what we do best.  We made our own!

Our fix is quite simple.  Download and overwrite your existing paypal_multiple.php file with ours and your SKU’s will now be passed on to PayPal. Excellent for those using a fulfillment center.

Download Here:

Client Area

As we approach nearly 1000 downloads on our Prosper202 fix, we’ve seen a few comments where people needed a little additional help on how and when to overwrite the functions.php file.

To make life easier, we’ve included our fix in this package. All you have to do now is:

1. Download it
2. Extract it
3. Upload it to your host (or we can host it for you, just contact us for more info)
4. Install it as per the instructions on the official Prosper202 site
5. Enjoy!

The file has moved to our client area.  Registration is free and so is the file.

Update (6/27/2010): In order to cover our costs of encoding our modifications we will be releasing this file to members only.  Membership is $1.00.  We’ve had to encode our work in order to protect our file from being re-released by someone else with no credit given to us.

More info: HERE

I thought it was time we give an update as to what we’ve thought about using RentACoder (RAC) to keep us busy when work contracted directly through our site is slow. We have been on RAC since we started nearly three months and the experiences have been a mixed bag of both good and bad.

On positive side of things, we’ve maintained a 9.95 rating after completing over 61 jobs. Because of our high rating and customer satisfaction, BlueLayerMedia was given an award as a TopCoder by RAC. Additionally, we have had an opportunity to work on a few very large projects and work with some very good people.

My feelings overall toward RAC are divided. They do have an excellent business model….for themselves. There really is nothing for them to do outside of mediation (we’ll talk about that more later) and approving new jobs. I would assume the new jobs are reviewed by staff member before posting, but from what I’ve seen there are no standards as to what is posted. I saw a job posted where someone wanted a ‘coder’ to remove a blog post from someone else’s blog. Outside of hacking the blog every other person out there, including non-technical people would immediately see that is an impossibility. It took me sending them a message to have job removed.

As I mentioned before, RAC has an arbitration process which allows a buyer and coder to try and resolve their differences first, between themselves and if that is unsuccessful with the help of an arbitrator. We’ve had to use the arbitrators only on two occasions and in both incidents, I was left with the impression that RAC was more likely to side with the buyer rather than the coder. If you think about it, it does make more business sense. They need the buyers to keep posting jobs in order to keep their percentage coming in.

The first time using an arbitrator we were hired to install a script. A couple days in to the project and we noticed the script was pirated. Doing what we thought was the right thing, we notified RAC and one would assume the buyer’s account would have been suspended or some type of action taken against him. This wasn’t the case. In the end we were both admonished not to use/install pirated software which just boggled the mind. It seemed there was a great deal of a lack of common sense.

Lastly, selecting jobs with “fix my site to 100%” can be a never ending nightmare for a coder. Once a job is accepted and price agreed upon, if the dynamics of the job change, there is no re-negotiating of the price. If you bid $25 because you thought the job would be a simple fix and it turns to be an utter disaster, there is no wiggle room at all, without going in to mediation. If you’re lucky and the buyer agrees to self mediate you’re lucky. If they press for a arbitrators involvement, you are guaranteed to lose because you did not comply with the original bid to fix their site to “100%”. Also, once a job is marked complete by a coder it can stay in that open status until a buyer closes it and accepts 100% of your work. If they never respond to you, your only recourse is to contact an arbitrator and wait for weeks on end for it to be resolved.

I pulled this off of a recently opened job: “have some simple PHP tweeks needing to be done on two sites. VERY BASIC STUFF…. must be able to do the work now!” This is all the information that is provided and from here you have two choices. Either post a message and ask for more details and hopefully receive a response or post a bid and hope that ‘very basic’ truly is. You can see by this example how easily it would be to get stuck in a losing situation if you’re the coder.

One of the few positives about RAC is they use an escrow service. Once a bid is agreed upon between buyer and coder, the buyer must place the funds that were agreed upon in to an escrow service before work starts. This prevents coders from doing work and never getting paid.

Remember in the beginning how I said RAC has an excellent business model for themselves? Here’s why. They charge a significant fee to jobs that are done via their site. The most laughable is when a buyer posts a $5.00 job and RAC’s fee is $3.00. Leaving a whopping $2.00 for a coder. The fee they charge is a based on a percentage and on one of the larger jobs we did, netted them nearly $1000.00 in fees…..for no work on their end at all. Pretty nifty huh? Unfortunately, this leads to us and I’m sure other coders having to increase their fees to compensate for the overpriced RAC fee.

People looking for coders to do work for them should be very selective. There are many, many distrustful people that will take your money and run. Take the time to research your coder, the work they’ve done in the past and find out what others had to say about them as well.

In order to offer our clients a net of safety we employ a 50/50 method which is commonly used by most freelancers. 50% payment upfront and remaining 50% after completion.

If you’re interested in seeing what we can do for you, feel free to contact us here!

Who doesn’t want something cheaper, especially nowadays right? I’ll keep this in the realm of web related programming to make it relevant. To take from one of my previous posts, you have an idea for a website and have decided to hire a coder. We’ll use RentACoder as the base for which you will be selecting a coder after placing your job online.

Before long, and more like minutes you’ll start receiving hundreds of views on your project and several bids. The prices will vary in range just as the locations of the coder will. Initially there are some things to consider. Will your coder speaking English fluently and is that a concern for you? Will your project sacrifice in the way of quality due to low cost? It is hard so say as no two individuals are alike, nor have the same set of skills, knowledge, etc.

What should be more of a concern is when you hire someone to do work for you outside of a web programmer farm such as RAC and the half-dozen similar sites that are out there is the person you are hiring going to outsource your job without your knowledge. The following video, although humorous does partly convey this issue.

More American Workers Outsourcing Own Jobs Overseas

As I said, although the video is humorous, in reality this is what does occur in the world of web programming. BlueLayerMedia has been contracted on numerous occasions to do website work where we are hired as a third party with a warning not to contact the other party. The reasons for the no contact should be obvious. The person(s) who hired us will have to answer to the person that hired them and explain why someone else is doing the job that they were hired for. Secondly, the middle-man is out of his cut.

I’ve done some very basic Googl’ing and discovered several people that we do work for front themselves off as web designers/programmers only to turn around and hire someone else to do the work for them.

If this is a concern for you, when hiring a coder, be sure to check their references as much as possible. Ask for samples of their previous work. Pick a snippet of code and ask them to explain what it does. If you want to take it one step further, show the same snippet of code to someone else and have it verified. Most people who outsource their work, have no knowledge of what PHP (for example) does. Quizzing them on a section that they should have created should yield an immediate and exact response.

Internet Explorer 6 aka IE6 was released to the public on August 27, 2001, making it over eight years old now. The question that needs to be answered is should be still be supported in current web development.

You can guarantee yourself you will get varying answers from nearly everyone you talk to. Let’s go over some pros and cons of supporting it starting with the cons first.

The technology that IE6 supported has long since passed and been replaced with newer and better technology. ‘Tis the way of the world no? It is truly a pain to code/design around. If a client wishes IE6 support there is a good amount of time setting up a site so IE6 renders it right, whereas more recent browsers, including newer versions of Internet Explorer render sites properly.

The pros in having the additional support should be obvious. You won’t have to worry about an issue arising where one or more of your visitors cannot access certain parts of your site or have it appear ‘off’ to them when browsing in IE6.

The next question is, how many people are still using a defunct browser such as IE6? Browser statistics show the use of IE6 is steadily on the decline with only 14.4% of web users still using IE6, compared to 15.9% using IE7, 9.1% using IE and a whopping 47.9% using FireFox. On a side note, for those of you that are still using any of the IE browsers at all and have not tried FireFox out yet, you’re truly missing out. FireFox is fast, lightweight, and extremely customizable.

Let’s talk about that 14.4% for a moment. Who are they and why would they choose to use a outdated browser? Merely speculating, they could be users from a corporation or large entity which simply has not upgraded to a newer version of Internet Explorer or a more mature user who simply has no desire or need to upgrade.

What should be considered is knowing your target audience. If for example, you have a knitting site, odds are you are catering to more of a mature user group and they could fall in to that 14.4% still using IE6 and might be beneficial to still support the browser. On the other hand, if you have a site about the latest and greatest motherboards, odds are your target audience is a younger, tech savvy user with the latest browser and updated systems.

The bottom line is this. Do you pay your coder/designer a bit more to ensure your site renders properly in IE6 due to your target audiences requirements or do you simply forgo it and not worry about the loss of a few users and hopes in some small way, you’re leading them down the path to upgrade?

In the end….the choice is yours.

After many nights of lying awake in bed, going over idea after idea, you’ve finally come up with something that you think will make it big on the world wide web. As you continue to think your idea transforms from a simple static page site to a full-featured dynamic website. Now comes the hard part….where to begin?

You may opt to go with an open source script such as Joomla or WordPress and there are many advantages to doing so. Take WordPress for example. It is widely supported, there are many themes and plug-ins available and most importantly…it’s free! However, after getting it all setup and looking good, you realize that you are bound by what the creators of WordPress and/or plugin authors have created. You wish you could have a nice set of forums integrated, or a full featured shopping cart to use. It’s possible to do, but does require some coding knowledge and doesn’t compare to the other options out there.

Frustrated with being controlled by your open-source solution, you now think about custom coding your website. Now a new set of challenges awaits you…choosing what web programming language you want your site coded in and more importantly, choosing a competent coder.

Everyone wants a site that is visually appealing and draws users in….and keeps them. Let’s briefly go over some of the more popular options to at least get you thinking:

• Flash: The use of flash is pretty rampant on the web now. It does provide for a visually stunning website; however there are downsides that you might want to consider. Not everyone’s browser supports the use of flash, additionally there are many network administrators that lock a user’s ability to install a flash rendering add-on, making your site virtually unusable if it relies solely on flash. Also, search engines are not very fond of flash pages and if your goal is to have high page rankings, you might want to hold off on your site being coded entirely in flash.
• PHP: By far one of the most popular web programming languages in use today and one that is supported by just about every hosting provider out there. It’s highly flexible and customizable and the possibilities are virtually endless, of course depending on your coder’s knowledge and skill. If you are considering using PHP you might want to consider having your site based on a PHP framework which we’ve discussed in this post. Using a framework can provide you with a very lightweight footprint and that translates to a fast site for you and your visitors.
• Ruby on Rails: There have been several articles on the net lately which indicate Ruby on Rails (RoR) is becoming more and more in demand. The downside to RoR is it isn’t as popular as PHP and therefore, trying to be picky when choosing a coder may be difficult. RoR can use a command line interface which makes programming in it quicker than manually typing everything out like in PHP. Additionally you will need to make sure that your host supports RoR.
• Ajax, JQuery, Mootools: The use of javascript/AJAX related code, especially JQuery, has become more in demand in the past few years. With the ability to provide on-the-fly, smooth effects on your website without a noticeable performance hit, if used properly, these can add that little flare to your site that you were trying to achieve.
• CSS: If your web designer isn’t using CSS for your site’s design then there is something wrong. CSS stylesheets tell your website’s HTML what to do and what to look like. For those of you keeping up with the evolution of CSS, you know that everyone wants a table-less design now. No more <TR> tags embedded on webpages. This allows your site’s appearance to be changed with ease if ever the need arises in the future without having to recode some of the HTML. Additionally, a properly coded HTML/CSS page is great for SEO visibility.

There are other web programming languages out there that we have simply not gone in to in order keep this posting readable.

Finally, we’d like to leave you with a few tips when choosing and working with a coder:

• Check their previous work and see if they design/code in a format that is acceptable to you. Be wary of a coder who has no prior experience in a particular language but says they can still work with it.
• Do they have verifiable work experience or is their portfolio page filled with images but no links?
• Communication is key. We both know things change along the way when designing/coding. Try to provide as much information up front and as soon as things change, let your coder know.
• Be open to suggestions from your coder/designer. You know what looks good to you, but we know what works best. The goal is to produce an end product you’ll be happy with for a long time.
• Start out with a realistic deadline in mind. Hiring a coder to design and then code a website with a two day turnaround time is a bit unrealistic. Additionally, if your project is able to be completed during that time, you might find quality has suffered at the expense of quickness.

This is just a very brief overview and hopefully got you thinking if you’re looking at having a website made. As always, feel free to contact us if you’re interested in seeing what we can do for you!

Over the last several weeks we’ve worked on several jobs that had to do with malicious iframe code being inserted in to their websites and the trend doesn’t seem to be slowing one bit.

In fact, some years ago I website that I helped run fell victim to the same type of attack. Today we’ll cover why someone would want to do this, what to do about it once it happens, how did it happen in the first place and finally how to prevent future attacks.

1. Why someone would want to do this to you:

Out of all the jobs we’ve worked the code that was added to the site was generally along the lines of <iframe ‘more code here’ visibility=’hidden’</iframe>. In short what the code ends up doing is displaying an unauthorized ad to your visitors generating them revenue at your cost. If you use FireFox with the NoScript addon you’re less likely to see the ads as well. Which is why on your own sites it is always a good practice to allow all the scripts to run and ads to display so you can see exactly what your visitors are seeing.

2. What to do once it happens:

Where the code is injected in to your files and how many times is left completely up to the ‘hacker’ adding the code in. If all works in your favor a minimal amount of your files will be modified. We worked on a job recently where hundreds of the files had been modified, with different snippets of code and in different places in the files. It made for one lengthy cleanup job. If you are familiar with HTML/PHP it is just a matter of going through your files, looking for the malicious iframe code and removing it. A word of caution to those unfamiliar with HTML/PHP, be careful with what you are removing. PHP is especially picky when it comes to its code and if you happen to remove a single ‘<’ or ‘{‘ by accident, you’ll quickly see an error once you reupload your cleaned file.

Your other alternative would be to hire someone, such as us (I know, shameless plug) who can go in and clean up your files for you without removing unnecessary code by accident.

3. How did this happen in the first place:

Probably the most important question to ask and get an answer to. Most of these occurrences happen when someone uses an open source type of web script such as Joomla, Vbulletin, Invision Power Board, Oscommerce, etc. Some of these platforms are more likely to be exploited than others which are really good with staying on top of found exploits. Two that seem the most common are Joomla and Oscommerce. The main reason behind these two being more exploited than others is not because of the core files themselves but the amount of free addons coded by anyone and everyone with varying levels of knowledge on how to prevent exploits.

An eye opening experience is to take a look at this website: www.milw0rm.com. Go to the top of the page and type in ‘Joomla’ in the search function and you can see the massive list of found exploits, most having to do with third party addons.

Once someone figures out that you’re running Joomla in this particular example and an addon that has an exploit, they simply take the POC (Proof of Concept) code, modify it to their needs and run it on your site. In most cases this will give them unchecked access to your site via the admin backend or another way. Once they’re inside 9 times of out 10, a shell script is uploaded which provides them more details on your hosting environment, how much space is available, ability to open new ports and of course, modify as many files as they’d like. All without you ever knowing. That is until Google notifies you that your site is considered malicious by them.

4. How to prevent this from happening again:

As the saying goes: “Where there is a will, there is a way”. Meaning, if someone truly wants in your site, they probably can after a great deal of effort and time. Sites that run on an open source script with countless addons are far easier to get inside of than say a custom coded site or a web script that keeps itself updated upon finding new exploits.

For those of you that are currently stuck with using an open source script instead of going with something custom coded, my advice would be to check the main site of the script for new security updates as well as addon author’s sites for security updates. If you find that you really don’t need a plugin/addon, get rid of it instead of leaving it on your site unused. You never know, that one could be just the backdoor someone was waiting for.

As web programming advances, it is imperative for the end user to do some research to see what options are available to them and how it could affect you and your coder. Let’s start with choices of forums. The two that I will be covering are Invision Power Board (IPB) and Vbulletin (VB).

I have used both and was equally impressed with the amount of features they contain for both end user and administrator. However, there is one significant difference that we need to talk about. The way they handle adding on themes and addons is completely different.

Let’s start with how each forums handles addons (aka plugins). IPB requires that you ‘hack’ or manually modify the PHP files in order to have the plugin work. Here’s a few reasons why I personally dislike this method:

• After installing a plugin(s) upgrading your forums to a newer release more than likely will render your installed plugins useless. You’ll have to go in and re-add the plugin by hand once again.
• Most plugins provide good instructions for installation for even those with zero PHP knowledge can install them with minimal error. However, missing a single “;” or “{” when copying and pasting from the instructions can render your site completely useless until the error is fixed.
• Some plugins require that you replace code *cringes*. Not only is this worrisome in itself but if you try to install another plugin that looks for the original code, you could find yourself pulling your hair out trying to get everything to work.

So with that in mind, here is why I like using VB:

• VB’s plugin system makes installation errors nearly a thing of the past by using hooks. The way you install a plugin is browse to the file on our computer and upload it. Once you activate it you’re good to go, nothing else to worry about.
• If you need to upgrade your forums, you don’t have to worry about rendering every plugin you installed useless. Only the ones that are not compatible will no longer work.

Let me move on to two other scripts that are not identical in operation, but I think after reading you’ll understand the point I’m attempting to make.

WordPress has to be the most popular blogging script on the market right now. Conversely, Oscommerce is another popular e-commerce script. Both are free and widely used all over the internet. Let’s do some vital comparisons between the two from a coder’s standpoint shall we?

Let’s take a look at WordPress:

• WordPress uses a system similar to that of VB. If you want to install one of the many free plugins available all you have to do is download it, and either upload it manually via FTP or through the admin backend. Activate it and you’re off and running. Even updating plugins is a snap with how the backend will alert users a new plugin is available and an option to upgrade them automatically.
• WordPress’s codex is available online for all to see and use. WordPress’s codes makes creating plugins relatively easy from a coding standpoint as well.

Now on to Oscommerce:

• Oscommerce is similar to IPB in they way it uses plugins or “contributions” as they’re called. Each contribution must be manually added in by modifying existing PHP code.
• Oscommerce’s handling of templates is by far my least favorite. Each template is hard coded in to the core files and includes images. The only benefit to this is, it makes for a straightforward installation. After installation is complete your new shiny site doesn’t need any additional work. The downside is this particular method makes upgrading your site, adding modules difficult and at times impossible.

As you can probably see, by using “hooks” software makers allow the open-source community to add useful features and options to the software without all of the headaches. I truly believe in the future web scripts will follow the path of WordPress and Vbulletin to make installing plugins, and upgrading your site easy. So for your next site, pay attention to the ways in which templating and plugin installation is done as it could cost you in the long run.