But the good news? There’s no new infection. No script hijacking. No iframe injection. See my previous post for more details.

Fuck you ixwebhosting. That’s all I’ve got to say.

I don’t see any other explanation except that IXwebhosting’s servers are compromised, and their weak security was in turn compromising my site. I’ve had no problems with HostGator, and I love it.

I ultimately chose ixwebhosting.  Two years later, I’m not sure why.  I’m pretty sure I read reviews and determined that they would be a reliable host.  That estimate turned out to be… dead wrong.

In the first year, I experienced a lot of issues with ixwebhosting.  Despite a “99.9%” uptime guarantee, there were times when a problem with the sql server rendered my sites (all database driven) completely inaccessible.  In my second year, these issues seem to have been worked out, but that first year left a real sour taste in my mouth.

Then, over the past year, I’ve been battling various infections to my website.  At first, they were iframe injections that would periodically crop up.  For a time, I wasn’t maintaining any of these sites (although they were still getting a trickle of traffic), and the iframe injection got me blacklisted from Google.  Eugh.

After I sorted that out, I got hit with something like a gumblar infection.  The research I did suggested that this was a local issue – that my computer was compromised and that some kind of trojan was sending my ftp information to a remote server, which then injected script elements into my website.  I cleaned everything up, cleared my ftp information out of filezilla, and then used the web-based control panel with ixwebhosting to change my ftp password.  Still, these script elements kept coming up.  I also put a fresh install of Windows 7 (which I love, btw) onto my desktop.  If there was some kind of local infection, this would have wiped it out – and it didn’t stop the problem.

By this time, I was convinced that something was wrong at ixwebhosting.  They told me that my computer was compromised and that this led to the injections, but it just doesn’t add up.  I tried several different virus/malware scans, and nothing was found.  I changed my ftp password (and never used it in my ftp client).  I even put a fresh install of Windows on the machine.  There’s no way it’s a problem on my side.

This month, my hosting account with ixwebhosting ran out, and I dumped ‘em.  I switched to HostGator and paid for 6-months up front.  So far, I’ve got no complaints.  But it’s only been a week, so I’m not quite ready to pass judgement on them just yet.

As for IXwebhosting?  I’m ready to pass judgement on them.  They suck.  Stay away.  I signed up for two years when I bought my hosting from them, and within a few months I regretted it.  If I hadn’t been locked in for two years, I would have dumped them long ago and switched to a new host.

Initially, I had problems with iframes popping up on my pages. I cleared the themes and deleted the iframes, and periodically they would re-appear. This was annoying, and it was also damaging to my sites (although not a huge concern, since I didn’t update them regularly anymore and I wasn’t really expecting to earn much profit/traffic from them). Then, I noticed that script tags were appearing in the pages, and the whole situation got even more aggravating.

I would remove all of the script tags and clean up the entire server (replacing three wordpress installations and cleaning up three wordpress templates). A few days later, the script tags would be back.

What the heck? I eventually found some reading on the topic – start with this post about Gumblar and then look around Unmasked Parasites. I repeatedly scanned my computer with different virus programs, but I was unable to find any kind of parasite that would transmit my ftp information to a remote server.

Nonetheless, I decided that something like this had to be the problem. I again cleaned up the server, replacing all three wordpress installations and cleaning up the templates. I then cleared all of the passwords out of my FTP client (Filezilla). Finally, I went to my hosting account through my web browser and changed my FTP password to something new and never used it in Filezilla.

So far, so good. It’s been a week or so, and the virus hasn’t cropped back up. Oh, I hope it stays away…

I wanted to make a website for the yearbook club and post some of these photos in galleries. It’s a great way to promote the yearbook and the kids like seeing themselves online. There were some legal issues that I’m working out with the administration, but there were also some technical issues.

Although I obviously can create and host my own website, I don’t have access to web space with php hosting for the yearbook club. I didn’t want to mix school stuff with my own stuff, so I didn’t want to host it here. The simplest solution for me (which I also use for class blogs) was a free blog hosted on Wordpress.com.

That is, until I realized that I couldn’t easily embed slideshows from other websites (i.e. Picasa). Doh! The embed and iframe tags that are usually used to include slide shows gets wiped out by Wordpress’ security.

I figured out a work around, though. http://www.slideshare.net/ allows you to create and host unlimited slideshows for free. They also offer an option to embed the slideshow into a Wordpress blog, and its compatible with a free Wordpress.com blog. This solved my technical problems and I don’t have to worry about storage space.

Shortly, I’m going to write up an article about this for Associated Content. I’ll link to it when it’s published. In the meantime, here’s a sample gallery. The pictures are just of my backyard. I’m still working on the legal issues, so I haven’t actually hosted any slideshows of students yet.

Quite some time ago, I gave up on maintaining my various sites – notably this one and Web Cash. I simply didn’t have the time to add new content, and I’d had trouble with the theme files getting infected with iframe injections.

Last month, I decided to clean up the files and, if nothing else, keep the sites alive as they were. They bring in a small bit of revenue from ad sales, and I don’t see any reason to pass up money that could be coming in if the sites were functioning properly. So, I cleaned up all the template files, changed all the passwords associated with my hosting account and FTP accounts, and thought all would be well.

But it isn’t!

For whatever reason, I can’t seem to shake this damn problem. And every time I notice it’s back, it raises my level of anger another notch.

The infections routinely affect three files in my template: index.php, header.php, and footer.php. Each file has a new line that creates an iframe, which inevitably loads some invisible links or malware. This iframe can also get your site blacklisted from Google (after cleaning up the files, my site was re-listed on Google and I’m getting some more search traffic).

I really can’t figure out how or why the files keep getting re-infected. I’ve repeatedly changed all the passwords associated with my web host and with Wordpress. I’ve updated Wordpress to the latest version. I’ve checked the file permissions, and they seem correct. Arg…!

Tonight, I found one potential problem that might have been the culprit. I installed the Antivirus plugin for Wordpress, and it found a random script tag in my header file. I’m not entirely sure that a script tag could lead to these files being edited permanently, so I don’t know that it’s the culprit. But let’s hope… because I’m tired of checking on things and finding that the files have been tampered with yet again.

For the last two years, we’ve had some version of an autorun virus floating around on the old macs.  When you plugged your flash drive into the mac, it would write an autorun.inf file and a hidden .exe file onto the flash drive.

Now, we’ve upgraded to PCs with Windows XP.  It only took a few months for the entire network to become infected.  I think the tech coordinator may have quashed the virus in the media center computers, but I think it’s still alive and kicking in my classroom.  Unfortunately, due to the user permissions she set, I can’t effectively clean it off my computer.

Instead, I follow a ritual in cleaning the files off my flash drive. If you’re facing a similar problem, check out the quick guide I wrote for Associated Content on how to clean an autorun.inf file off your flash drive. It shows you how to delete the files from a command prompt as well as how to write a batch file to automatically delete the files with a simple click of the mouse.

I came up with the idea while reading through the IRS documentation about the Hope Credit, Lifetime Learning Credit, and Tuition and Fees Deduction.

I just started graduate school, and next year I’ll be taking advantage of one of these tax benefits. While reading the IRS page, I thought it’d be nice if there was a simplified version that explained the important details without getting hung up on all the legalese.

I don’t know if I accomplished that, but I learned a lot about the tax credits while working on it!

In addition to summarizing the IRS documentation, I created a simple calculator to estimate how much each tax credit/deduction would net you on your tax return. It works nice, and I like the styling of it. If I get around to it, though, I want to make it work via AJAX (currently it posts to a php file and then redirects back to the page).

I also plan on posting a series of quick “Question of the Days” about the tax credits and deductions.

I don’t plan on spending a lot of time on the site – maybe an hour or two each week adding QotDs, and a few hours promoting/linking throughout the web – and I’m curious to see how well it’ll do in SERPs and, more importantly, PR. Cause, you know, PR can equal cash.

Something about teaching, two advisorships (including the yearbook), home ownership, and two graduate classes just sucks the energy out of me. When I make it home, if I don’t have work to do for school or around the house, I just don’t have the energy to sit down and write. For a while, I was doing some short pieces about Fallout 3 in the Nerds at Play category, but I couldn’t muster enough oomph to dive into any deep articles about education or web design.

Although I love blogging, and I really hoped that combining all of these sites into one site would help me keep up with it, it doesn’t fit into my life at the moment. Too much going on.

However, I’m still not ready to just drop the whole web dev bug altogether. Which means it’s time for a new direction.

One problem I’ve found with a blog is that there’s a push to post regularly. What good is subscribing to a blog if there are no posts for weeks at a time? I know I’ve unsubscribed from other people’s sites because of weeks of downtime.

Instead of blogging – at least as a main venture – I’ve decided to shift to smaller, one-off sites. Theses mini-sites will probably be 5-20 pages in size, and they probably won’t include a blog/weekly articles section.

Why Shift from a Blog to Static Sites?

First, I’m not pressured to work regularly. When I have a lull from my other responsibilities, I can sit down and work on a site. If I’m busy, I can wait a week or two. There’s no pressure to have it done right now.

Second, it’ll let me work on my web development skills. Since creating this site, I haven’t done a lot of fiddling with designs and programming. Creating new sites every month or two will give me an excuse to break out some of those design skills and sharpen them.

Third, I can create some revenue through text links like TNX. I’ve ear-marked online revenue for electronics and supplies that I use in the classroom, so I’d like to continue to make some extra pocket cash this year. I think this mini-site model will yield more profit per time invested.

So No Blogging… At All?

I wouldn’t say that. It’s just not going to be my main project.

I definitely want to create a sustainable education blog. As I get started on this doctoral program, I know that I need to get out there and get my name and my work recognized by a larger audience than my Rutgers professors. I’m unsure if it’ll be here or located somewhere else, but in the next year or so I definitely plan on working on that.

I’ll probably also create a minimalistic personal blog to track all of my projects. I may re-vamp this site over the summer to fulfill that role. I’ll write quick updates about new projects going up, share lessons learned about web dev, and ponder about new project topics. It’ll more or less be a place for self-reflection about the whole process.

So… don’t expect to see a lot around here in the near future. I may stop in from time to time, but the days of posting something on a daily basis are unfortunately gone. They were fun, but short lived.

There are a number of things I like, but there is one thing that everyone can use: Google’s hosted Javascript libraries.

Last year, Google launched a project to host a handful of popular Javascript libraries. Among the initial offerings is jQuery – the Javascript library that I use on this site. They also have some other widely used options – like prototype and MooTools.

Basically, Google hosts the most recent (and some legacy versions) of the library on its server. You can then link the remote copy of the JS library to your site instead of hosting it yourself.

Why Should I Use Google Hosted Javascript Libraries?

Because it could be faster.

If two sites use the same Javascript library but host it locally, the user has to reload and recache the library for each site. jQuery.js on life-of-brian.com is different from jQuery.js on css-tricks.com – even if the file is exactly the same.

By pointing the user’s browser to the Google server, it will recognize that .js file in the cache and not download it a second time. So if life-of-brian.com and css-tricks.com both used the jQuery library on Google’s servers, the user would have to cache it once – and it would be preloaded when he or she visited the second site.

A secondary benefit (of concern only to large sites) is that it doesn’t put a strain on your bandwidth. This shouldn’t be a big deal for most people, but some high volume sites may find this comforting.

How Do I Load Google’s Hosted Javascript Libraries?

You could use the fancy load() function of Google’s AJAX API, or you could simply add a <script> element using the remote address on Google’s server.

I chose to go the second route with this site. I wanted to load both the jquery library and the jquery ui library (mainly for the tabs in the sidebar), so I included the following two lines in my header:

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.5.3/jquery-ui.min.js" type="text/javascript"></script>

You can find a list of all the URLs on the AJAX API documentation page.

Why Not Do This?

I don’t see a lot of potential for harm, but there could be some drawbacks.

No version control. Presumably Google is going to keep hosting important legacy versions of each library, but this takes version control somewhat out of your hands. It also means you can’t use the development releases – only the stable releases are hosted on Google’s server.

No hacking the library. You won’t be able to introduce custom hacks into the library if its hosted on Google’s server. I don’t know how many people do that anyway. I’ve never jumped into to hack a compressed library file – I just use it as is and add any custom code to another .js file.

Google could sabotage your site. Unlikely, but I suppose it’s possible. If you’re paranoid, steer clear.

Check It Out

I’ve been using it for a week or so, and I haven’t noticed any problems. In theory, it’s a great idea, but it’ll only work if a large number of sites (especially highly trafficked sites in a variety of niches) opt to use it.

I’m going to do my part and point my users to Google’s servers. Why don’t you?

If you’re lucky enough to still be in college, you may have gobs of time to waste. Those of us that have moved on to the real world don’t have that luxury. Blogging and publishing on the ‘net needs to fit into an already busy schedule.

With that in mind, it’s definitely worthwhile to take stock of your blogging habits and make sure you’re working efficiently. If you don’t budget your time effectively, you’ll either burn out quickly or fail to meet your goals.

I found some tips for budgeting your blogging time in a recent post on Problogger. It’s got some great tips, but there’s one I’d like to point out in particular: don’t waste your time on social networking sites.

But Don’t Social Networking Sites Bring Traffic?

Yes and no.

Digg and StumbleUpon can definitely bring in big numbers, but that’s not going to happen just because you submit your article. If you submit the article, it won’t be very long before it drops off the page of recent entries – and it’ll be lost in oblivion forever.

In order for your article to get rated well, move up the rankings a bit, and draw some real traffic, you’re going to need other people to submit your post and/or review it. That probably means that people are coming to your post by another means (search engine traffic, RSS subscribers, links) and then Digging or Stumbling your article.

In other words, write a good article and wait for other people to Digg it. If you spend a lot of time Digging and Stumbling your own articles you’ll probably end up at best wasting your time and at worst being labeled a spammer.

What About Making Networks on Social Networking Sites?

You might be thinking, “What if I make a deep network on a social networking site? Won’t that help drive a lot of traffic when I submit an article?”

If you can rise to be one of the top users of the site, then sure. But be prepared to spend a lot of time Digging, Stumbling, Redit-ing, or whatever. Chances are you don’t have that much time (if you still want to blog, wake up for your real job, and keep your family), so focus on the things that are realistically attainable.

There’s a nice quote in the ProBlogger post that sums this up:

A better use of your time is to write a Digg-worthy post, or a post that will spread like wildfire on StumbleUpon or Delicious — not because you’re friends with lots of the users, but because it’s insanely useful, interesting, controversial, or what have you.

Use Social Networking Sites Passively

My advice would be to use social networking sites passively.

Write great articles and then include a bookmarking bar under the title and at the end. If people think it’s Digg-worthy, they’ll Digg. If they don’t, it won’t matter if you Digg it.

Digg seems to me to be a tool for content consumers, and as a blogger you fill the role of a content producer. There’s just no efficient, feasible way for you to manipulate a social networking site into sending you traffic – you need to rely on the consumers to promote it for you.