Domain hijacking is not something I had really come across directly until the last few days, although it seems a not altogether uncommon problem.

The case I got involved with goes something like this… Business owner gets a (non-professional) “developer”, who happens to be a relative of a friend to setup a website/shopping cart for him. The task includes purchasing a new domain for the site.

The website was duly setup and operated for some time by the Business Owner. Recently, the “developer” has decided to copy the business owner’s operation and set up in business himself selling the same products. As he had access to the product distribution contacts, client lists, product images, etc, this was relatively easy to do.

The real crunch came when we found that the domain purchased, under which the business owner had been trading for a considerable period of time, was in fact registered under the developer’s name, and was completely under his control. This led to the developer being able to redirect the domain to a site of his choosing, effectively killing the business owner’s trade overnight.

Now, this situation isn’t completely irrecoverable, but it’s certainly not a situation you would want to put yourself in if you can avoid it. Imagine if the daily traffic you receive to your site, which is directly attributed to referrals and searches based on your domain name were removed at a stroke – certainly it would take a good deal of time to recover from this situation.

The lesson here is that you need to be careful to use reputable agents when buying new domain names. This is especially true if you are leaving it to them to enter all the registration details and to look after configuration of things on your behalf (perhaps because you don’t feel confident enough to do it, or don’t have the time).

Wow, it's been a long time since I posted anything in this blog. This is a clear indication of how busy I've been recently helped other people to resolve their online trading issues, and also moving house, which has kept me busy away from my computer for a while too.

OK then, looking at the hits from search engine results on this blog, I get some new ideas for customisation tips and tricks. Here's the first one - how to add a search box to the header of your site (or anywhere else for that matter).

This is actually quite a simple thing to pull off - simply we need a text box for the search criteria, a button to launch the search, and to point the action of the thing at the right script file.

So, having located the place in the code where you want to place the search box (in header.php for instance, if you want it in the header), put in the following code:

<form action="advanced_search_result.php" method="GET">
<input type="text" name="keywords">
<input type="submit" value="Search!">
</form>

This should now do the job, but probably won't look very pretty. You can add some styling to this new element more easily if you first enclose it in a div element:

<div id="search_box">
<form action="advanced_search_result.php" method="GET">
<input type="text" name="keywords">
<input type="submit" value="Search!">
</form>
</div>

Now, let's get busy with some styling. Add the following to your stylesheet.css:

#search_box {
}

#search_box input {
}

These will affect the styling of the enclosing div and the inputs (text box and submit button) respectively. So you could so something like:

#search_box {
background: #ccc;
border: 1px solid #000;
}

#search_box input {
border: 2px solid #aaa;
}

to put lines around your box/button and have the whole thing put inside a coloured/bordered box.

Clearly, there's a lot more you can do with this, including using an image instead of a button, or colouring the button itself separately from the text input box, but I'm intending to cover CSS styling in depth in this article.

To see such a search box in action, have a look at a CRE Loaded site I put together recently: http://www.sriremotetoys.co.uk/ (not yet live at the time of writing). You should also be able to get at the stylesheet for this project, but for the lazy amongst you, here are the relevant bits:

#header_search {
margin-top: 15px;
text-align: right;
padding-right: 20px;
font-family: tahoma, verdana, arial;
font-size: 12px;
color: #21EEFA;
font-weight: bold;
}

#header_search input {
border: 1px solid #21EEFA;
}

In this case, most of the CSS effort was focussed on getting the search box to appear in the right place within the header area.

We are now able to take new registrations for our osCommerce hosting service.

Our shared hosting packages are based on high quality UK servers, based at the brand new BlueSquare Data Centre located close to Heathrow Airport in the Thames 'silicon' Valley. This allows us to offer low latency, high availability shared hosting that has been specifically configured to allow osCommerce, and the majority of osCommerce contributions, to be operated trouble-free.

All our packages include the world-leading hosting control panel, cPanel, which provides a huge range of controls through which you can manage your e-mails, webstats, subdomains, and much, much more.

What's more, you have support of a hosting provider who knows osCommerce inside-out and can assist you with any problems you might experience with operating your osCommerce store.

Right now, we will carry out installation of any build of osCommerce you require on your hosting for free and if you are looking to migrate your existing osCommerce store to our hosting then we can also carry this out for without charge.

Hosting packages start at just £10 a month - find out more at our hosting signup page.

Just thought I would post a quick notice here about this as I know that people who run CRE Loaded find their way to this site.

If you're not signed up to the CRE Loaded Forums you may have missed it, but a vulnerability was reported in builds of CRE Loaded up to and including version 6.15 back on 10th January.

The problem stems from some parts the WYSIWYG modification which forms part of CRE Loaded. In particular, elements of this function which are used to manipulate files (i.e upload, delete, etc) are accessible from the browser without having to be signed in as admin.

This is quite a nasty one as it doesn't require a great of skill to exploit and allows an attacker to, for instance, upload arbitrary php files and run them on your server. Then its quite a simple task to deface your store, grab customers details, hijack your webspace/bandwidth, attempt a rootkit installation, or any of the other things hackers enjoy doing.

If you haven't done so already I advise you to get the patch from www.creloaded.com and install it as soon as you can. The procedure only takes a minute or two and could save you a lot of repair work if the worst happens!

It has been what seems an extraordinarily long time since I wrote in this blog. No doubt when I come to check the date of the last post, that will prove to be the case, but the last few weeks, even months have been unusually busy for many reasons.

Perhaps this is a good then to reflect and report back on the progress regarding the drop-shipping osCommerce site I mention in an earlier post. This site has had Supertracker installed since it was first installed and I have been using it as a means to keep tabs on not just what potential customers are doing, but also the behaviour of search engine bots.

As an aside, I note that one of the people arriving at this site in the last 48hrs did so using the following search query: “how to get the google bot to index you every 48hrs”, and perhaps by the end of this article I provide my own thoughts on that Utopia!

Now, I know of late that some people have requested that I introduce a means to filter out search engine robot traffic from the Supertracker logs and this is something that I will introduce, but this information has actually been quite useful for me over recent months. For example, I have seen that pretty much from day 1 of the new osCommerce site being made live, Inktomi Slurp (aka Yahoo) has been spending time on and off every single day indexing every product page on my site (over and over and over again). This of course is good news, and brings in relevant search traffic to the site from Yahoo as a result.

I also see that MSN’s robot makes regular visits too, but perhaps is not quite so diligent in indexing all the pages. Googlebot however, has been a different story…. for weeks and weeks I didn’t see it at all. I have the google sitemaps contribution installed and the sitemap registered with google (though as it says on the tin – this isn’t a guarantee of anything!). So, eventually when Googlebot turns up a few weeks ago, I think, great, now it’s going to do its thing and check out the whole of my site…. But alas no, it just indexes index.php and leaves it at that. Every few days it would do this and nothing more. So, I would see a few very specific google searches arriving at my site, where people have searched for items that happen to be featured on the homepage, but not the level of traffic I was hoping for.

Then, about a month or so ago, Googlebot came back and started doing the job properly and indexing all the products and categories pages. It has made regular re-appearances every few days to do some more. However, when I search for the site by name on Google, these pages are clearly not yet available in the search results. So what could be the reasons for this?

1. It has always taken some time for new pages to show up in google search results – they will probably show up eventually.
2. My Page Rank is low because I haven’t put a lot of effort in to getting good quality links pointing to the site. Even if I had done this, what constitutes a “good” link is constantly changing as google’s algorithms get smarter, so I might be wasting my time in some cases. Also, there is some evidence that google now subjects such links to an “ageing delay” of several months, which means it is difficult to fix low pagerank overnight. With a low pagerank google may be putting a low priority on including my site.

In essence, experience tells me that this is still a waiting game. Looking at other sites I have responsibility for, they have got to, and stay at the top for a number of reasons:

1. They add new products quite often, so when search engine spiders visit, there is something new for them to store away
2. They offer great customer experiences and focus on 100% customer satisfaction. This means that they receive quality links to their site without even having to request them as their customers recommend their site to others through links posted on their own websites and internet forums.

So, what is the answer to the “how do I get google to keep coming back?” question? Well first of all, make sure your robots.txt file is set up to encourage it (there’s plenty of info on this out there, so I won’t explain here). Secondly, provide great content that is regularly updated. That’s the purpose of this weblog and I can’t believe how often the spiders come back to check it for something new. When it comes to content though, right it with the reader in mind, rather than the search engine spiders. If you write content that people actually are interested in, everything else should fall into place.

That’s the end of this article, which is something of a catch-up/gap filler I will admit, but is really intended as a way of getting myself back into the habit of writing regularly again.

I have some ideas of interesting topics I would like to share on this blog soon, but if anyone has requests of topics they would like to see covered, please feel free to drop me a line at mark at phpworks dot co dot uk.