Stupid HostGator

For those of you don’t run their own website, this post probably isn’t going to mean much to you, but for the rest of you, I think you’ll appreciate what I learned recently.

Last year during the Thanksgiving Black Friday sale, I was able to buy a year of web hosting for like $25 at HostGator. I put one of my smaller mainstream sites over there. I mean for a price like that, what can go wrong?

I know, famous last words.

Turns out, you really do get what you pay for.

The website I host with HostGator is a small WordPress website that gets less than 100 unique visitors a day.

This little website never really gives me any trouble. For the most part, it stays up, with an occasional 10 minutes down here and there — so I wouldn’t normally complain about the hosting.

But last week I got an email notifying me that my WordFence plugin was deactivated, by me. Now considering the fact that I didn’t deactivate it, I decided to log into my WordPress admin and see what was going on.

Turns out the site had gotten infected with Malware, so anytime anyone visited the website, a few of those pesky popups would appear.

I contacted tech support and they immediately redirected me to a third party company which they use and they require $150 to fix the problem for me.

I knew where the Malware was. I could FTP in and see where they had created a folder and were running a script. The only problem was, every time I tried to delete said folder it would come right back.

I wasn’t going to pay my hosting company for web hosting and an additional $150 to delete a damn folder for me. So this time I called in. Their support informed me, that they are not allowed to delete files from my server.

So I asked him, what exactly is it that you do then as tech support for host gator. He couldn’t really give me an answer.

But for $150 this 3rd party could clean up my website of the nasty Malware. They didn’t guarantee it wouldn’t come back, but at least, “for now” it would be gone. Now for $1440 they would protect me in case it did come back.

I explained to him that for a fraction of that price I could just take my website to a new hosting company and have it done for free. He didn’t seem to care.

Still, I was determined not to be defeated.

I knew I could pay WordFence $99. That would save me some money, but still, that seemed high. I just wonder if there was something else I could do myself.

Here is what I did ….

#1 I made sure there were no other users, other than myself.  If there are other users, and you know they don’t belong there, delete them at once.

#2 I delete my theme and re-uploaded a fresh copy of it so that just in case they have infected any of my theme files, I got rid of that issue.

#4 I made sure all my plugins were updated. I then deleted any plugins I didn’t absolutely need.

#5 I deleted WordPress completely –  I didn’t just install an update. I mean I actually FTP’d into my server, deleted all the WordPress files manually and then installed a fresh version of all the files that I had downloaded earlier from WordPress.com – obviously except my wp-config.php file. Make sure you don’t accidentally delete that.

PROBLEM SOLVED!

Turns out the hackers had inserted an extra file in my WordPress wp-includes directory that didn’t get deleted/updated when you updated WordPress because it wasn’t really part of the WP core files.

So next time you have an issue, don’t just give up and pay the money, try and fight it yourself first. With a little patience and persistence, you can get rid of the problem on your own.

Side note: Just to be safe I also deleted all my plugins and installed a fresh copy. I also updated the password to my WordPress database installed on that website, making it slightly longer and more complicated. I wasn’t sure if they had compromised my database but it’s always better to be safe than sorry.

 

 

Secure Your Twitter Account Today or Risk Losing it Forever

It always amazes me how many people think “it won’t happen to them”. But in reality, anyone or anything that is connected to the internet can be hacked. Period.

The more famous you are, the more likely you are to be a victim of hacking.

So what can you do to protect yourself?

1) Never share your password with anyone.

2) Don’t use the same password for multiple sites. If you use a password for Twitter, don’t use the same password for your email! If one gets hacked, you might lose both if they share the same password.

3) Have a more secure password. iloveporn123 isn’t a secure password. I’m sorry but it’s just not. You aren’t stupid you know that you use that password because it’s easy to remember. But it also makes it vulnerable.

Instead, try the more complicated version

1LuvP@rn123!

Instead of the letter I, you used a number 1. Instead of using the correct spelling of love, you use Luv but you capitalize the L in luv.

Instead of porn you spell it P@rn. That’s a capital P and a @ symbol in place of the o.

And at the end of the 123 you add the special ! character.

Sure it’s not the best password ever, but it’s a heck of a lot better than iloveporn123.

4) And last but not least, you must activate 2-factor authentication. This means to log into your twitter account (or your email) you have associated your account with your phone and you will need to enter a secondary temporary password that is texted to you.

If you are not using a 2-factor authenticator then you’re at high risk of losing your account. It’s not a matter of IF you will be hacked, but when.

Don’t be a victim! Protect your account or risk losing it forever!

 

Is Google Analytics really telling you the whole story?

I love statistics. I love knowing exactly how many visitors come to one of my websites, how long they stay and what where they came from in the first place.

Without knowing this kind of information, how can I work to improve my websites?

Google Analytics is a free tool that helps me know some amazing information about my website. It is, in fact, the best free tool out there that isn’t hosted on your own server.

But there is a problem with Google Analytics and really any tool out there that generates states that aren’t hosting on your own server, and based on your own server logs. They are notoriously inaccurate.

Years ago the inaccuracy was about 5% to 10% on small traffic websites and as much as 10% to 20% on sites with more than a few thousand visitors per month. Not that bad, right?

But times have changed and so has the technology and it makes remote tracking even more difficult so I decided to take a look at just how crazy off the numbers being reported really where.

I picked one of my websites and ran a report for the year (so far). It tells me these are the unique visitors who have visited that site in question.

Jan Feb Mar Apr
5,281 4,535 16,217 20,546

The problem is, when you actually review the real numbers, those from my server logs, you find that Google Analytics didn’t even remotely come close. Here is what my website actually had in terms of unique visitors.

Jan Feb Mar Apr
15,498 13,192 18,995 23,656
  • January was off by 10,217
  • February was off by 8,657
  • March was off by 2,778
  • April was off by 3,110

That’s 21,762 people in the first 4 months of the year that Google couldn’t properly track on just one of my websites.

This is why you need to have your own server stats program like AW stats – something that actually tracks your traffic stats internally.

Sure Google Analytics is great for many reasons, and I still strongly suggest using it, but when it comes to accurately tracking the total number of unique visitors to your website, you need to use your own server data. It’s the only way to know for sure just how many people visited your website at any given time during a month.

 

Is your home router safe? It may not be!

WordFence the popular WordPress security plugin sent out a massive email blast today letting people know that their home router may be vulnerable.

Although the vulnerability was first disclosed in 2014, it wasn’t taken seriously by many and as a result, hackers are now using it to hack home routers.

As many as 41 million home routers worldwide have the vulnerability. Basically, you should not have port 7547 open to the public. If your router has it open, you should contact your internet service provider and ask them to close it at once.

To find out if you are vulnerable click here to run the test.

Contact your ISP and let them know that port 7547 on your home router is accessible from the public internet.

Let them know that port 7547 is used by your ISP to manage the router. It should not be publicly available. Suggest that they filter access to that port to prevent anyone on the public internet accessing it.

To now allow hackers to get access to your home computer or take over your WiFi.  Get your internet service provider to close off public access to port 7547 on your router today.

On a side note, if you call your ISP and they tell you “you don’t have any ports open” insist that you do (if you took the test and failed it).

Also try here and enter 7547 in the port area and then click check.

If they say otherwise, ask them to escalate your ticket. That’s what I did. It took awhile but finally was able to get to someone that knew what he was doing and help me.

It’s annoying I know, but that’s how some internet companies are.

You have to know what you spent before you can figure out how much you actually made

A few years ago I did some work for a small clothing company. It was managed by a girl who had no idea what she was doing.

When she had money she would buy inventory. When she needed money she would run a clearance sale to get more sales, and then she would have money again to buy more inventory.

Only the problem with this is, she wouldn’t keep track of how much money she spent on her original inventory.

For example, if she spent $4 on a belt she would need to know that since she would want to make sure she sold it for more than $4 to ensure she made a profit.

However since she didn’t know exactly how much she was spending on each item and would sell them at whatever price she never really knew what she was making or losing.

Overall as you might have imagined, this system failed and the owner of the store stepped in and took over, as they fired the girl in question.

This same concept works for us internet entrepreneurs as well. If we don’t know how much we are spending to run our businesses then we don’t really know how much we are making.

Sure we may get a check for $300 from some affiliate program, but how much did we spend to make that money in the first place?

This is why record keeping is so important.

And it’s actually very simple. All you have to do is create a simple spreadsheet. Now I personally like to do this in Google Drive so I can easily access it from any device and share it with someone I may be working with at the time, but you can also use Excel or something like that.

First column you write down every expensive you have. This includes domain name registration fees, and web hosting. If you hired a graphics artist to create some banners for you or if you hire a programmer to help you. All of those things must be included.

Now add those up. I do it by year and then at the bottom divide by 12 since most of my expenses are yearly except hosting so that works for me but you can do it however you want as long as you know exactly what you are spending. That is really all that matters.

Now it comes time to add up what you earn each month. I do this on a separate tab. I don’t know why, I just prefer this format since I track income per month.

I write down the name of every affiliate program I do business with in the first column. Next I write down what I earn per month.

Now this is the important part, you have to leave a spot for when you were actually paid. Sadly it has come to this. What you must do is note every time a company actually sends you a check and for how much so that you can easily see who isn’t paying you.

I was doing business with one affiliate program for years. Then one day I thought about it and realized, wow they haven’t paid me lately. So I logged in to find I had a balance of $1,454.49.

I contacted them, listened to their excuses as to why they didn’t pay me, filled out their newly requested paperwork and three days later I had my payment in full.

Had I been keeping track of when my payments came in prior to this, I would have caught that little problem long ago.

 

 

 

Domain Names … Don’t Lose Yours

It seems like everyone has a domain name these days. They’ve become so common we don’t even think about them anymore.

There are almost 300 million registered domains. Think about that … an apartment building with 300 million apartments in it!

You know what’s even crazier? There are not more than 1,000 possibilities for domain name extensions. 248 of those 1000 are country codes are things like .love, .guru, .online, .info, .porn, or even .xyz.

The first domain name ever registered was on March 15, 1985 and it was Symbolics.com. It belonged to a now defunct computer manufacturer – MIT AI Lab. They later sold the domain name, (some 25 years later in 2009) to XF.com Investments out of Dallas for an undisclosed amount.

But what most people don’t know is that it wasn’t actually the first ever domain name. That honor goes to nordu.net. It was created in January of 1985 and was used to serve as the first root server (nic.nordu.net).

Symbolics.com was the first domain name to actually be registered through the appropriate DNS process a few months later.

The most expensive domain name ever sold was LasVegas.com. They paid $12 million in cash but also have a built in payment plan scheduled to be completed over 35 years (2005 to 2040) and the total cost works out to be $90 million!

Other hot domain name sales include …

  • CarInsurance.com – $49.7 million (2005)
  • Insurance.com – $35.6 million (2010)
  • VacationRentals.com $35 million (2007)
  • PrivateJet.com $30.180 million (2012)
  • Internet.com – $18 million (2009)
  • 360.com – $17 million (2015)
  • Insure.com – $16 million (2009)
  • Bankaholic.com – $15 million (2008)
  • Sex.com – $13 million (2010)

But that’s not what this story is about. This story is about protecting what you own.

We sometimes forget how important our domain names are.

But password hacking are more and more common. If someone can steal your credit card, social security number or password to your favorite porn site, what makes you think they can’t get into your domain name account?

The most obvious protection would be to use a strong password. This is something that is at least ten characters in length and includes both letters and numbers and the letters you use are both upper and lower case. Also throw in an odd character like a # sign too. Also don’t use words or names in your password.

Another way to protect your precious domain name account is to use the two step authentication. Simply put you are associating your domain name account with your cell phone number so to log in you not only need your password but a special code that they text you.

Your domain names are valuable and if they are stolen there is no guarantee that you can get them back. In fact there are more than a few stories (sex.com included) where a domain name was stolen and they victim didn’t get it back.

PROTECT WHAT IS YOURS! Lock down your domain name account because if you don’t, it’s not a matter if IF some jack ass will try and break in, it’s just a matter of when.

 

Domain Sellers Beware

It’s a new year and that means it’s time for a world of new scams to pop up. Today’s scam isn’t exactly new but it seems to be more prevalent. Like most scams, it plays off of people’s greed.

How it works is like this … you have a domain name that you want to sale. You list it on one of the various domain listing sites or post about it on one of the Facebook domain sales groups.

Next think you know you are contacted by someone who claims to represent a buyer and they want to buy your domain for some insanely highly value – way way more than your domain is worth.

Hello!

I represent an investor from Canada who needs your domain (———-.com) for his project.

The investor would be prepared to pay a sum in $15,000 – $20,000 range.

If you expect another figure, please specify it in the subject of your reply.

If you have more names I can help you to sell them.

Best Regards,
Eric Danielsen
Vice President
123 REG

The domain I was selling I knew wasn’t worth more than $500. So that they offered me $15k to $20k immediately put up a red flag for me.

It turns out the only way this buyer will pay you the money is if you can provide him with a domain name appraisal certificate.

But here is the catch …. this buyer will only accept one from agencies he knows and trusts.

As I’m sure you’ve guessed by now, this is a scam to get you to pay $59 to $129 for a domain name valuation service.

Simply put, they are trying to scam you into buying their domain name appraisal certificate for your domain name. There was never a buyer interested in paying way more than your domain is worth.

So don’t fall for this scam.