WordPress 2.7 – I’m Officially a Fan

Typically, when a new version of WordPress is announced — and particularly when there’s a lot of fanfare around it — I’m prone to delay upgrading. WordPress is, for the uninitiated reader, the software that runs this site as well as countless others that I own and/or manage (I’m serious… I’ve truly lost count).

Since I’m a classic “early adopter,” this behavior might seem a bit odd. I assure you it’s entirely pragmatic. The upgrade process, though not complex, can take time — especially if the number of sites you’re working with is measured in the dozens (at least). Then there are the compatibility issues (or potential compatibility issues) with themes (not usually critical) and plug-ins (sometimes these are dealbreakers).

For example, my favorite statistical tracking plug-in had problems with WordPress 2.5 for months. I found some workarounds, but it’s hard to complain or apply too much pressure to a hardworking developer who writes these plug-ins and gives them away. (Ain’t it great?!)

2.7: A Big Fat Exception

Like many, I’ve been paying attention to the previews and the news about the 2.7 release candidates. Like I said, typically this pre-release “hype” doesn’t move me.

I have, however, been seriously looking forward to the re-write of the user interface for the backend of the system. What that means in plain English is that the WordPress developers have given you — as the owner or author of the site — a completely new system to look at and work with. The whole experience of writing on and managing your site is new. Most significantly, they engaged in significant usability testing that incorporated laser eye-tracking and other sophisticated ways of measuring whether or not we’re all going to like it and find it easier to use.

By the way, you can find a nifty preview video posted here to take a look at the new management console.

So… after noticing that the final release had been posted yesterday, I decided to go out on a limb and upgrade one of my newest sites. It’s a personal blog for me (David Johnson) and it’s brand new and doesn’t have many plug-ins installed — nor complex customization — so it seemed likely to be be a good place to test. Very little stuff to break.

The upgrade process was quick and painless. I always back everything up first (good habit), which was what took the longest. And aside from an annoying message about my favorite tagging plug-in which told me I’d have to switch (and which thankfully turned out to be false), there were zero complaints. Initially, I had problems with all the nifty new Ajax features, none of which seemed to work in my browser. After rebooting and otherwise trying to make the problems go away, it occurred to me to empty my browser’s cache. Since I’m a Firefox user and have the nifty “web developer toolbar” installed, this was a mere mouse-click and a few seconds of waiting — not nearly as painful as doing the same thing in Internet Explorer. Voila! Everything worked as pictured in the video.

The result? Let me tell you… it’s gorgeous. It’s delicious. It’s easy to use. It’s very well done.

I’ve not yet tested every single plug-in I use and recommend for compatibility yet, but I’ve now upgraded 3 of my sites. I’ll be shooting a training video on the upgrade process for members of our marketing training program, so let me know if you’re interested in getting your hands on that video (we’ll have a new enrollment opportunity coming up shortly). The members of that program that are currently in training will have the luxury of finishing their training using this delightful new version of WordPress. It’ll be good!

How ‘Bout You?

What?! You don’t have a WordPress-based website yet? Hmmmm… that probably explains why you’re not ranking well in the search engines for your real prospects’ actual searches. Stay tuned for help on that! Or better yet… subscribe to updates over at the Epiphany Marketing site!

Is Ad Surf Daily a Scam?

I’ve gotten a lot of questions from friends and business associates about the Ad Surf Daily Cash Generator program. Now that the US Attorney’s office has seized assets and filed suit, with Florida Attorney General Bill McCollum right behind, it seems likely that the program will not continue.

A Few Facts

Initially, I was approached by people who wanted me to look at the program to see if it seemed legit. My friends know that I do not join multi-level marketing programs, nor anything that seems like it might be a network marketing venture. Nonetheless, I took a peek at this program to find out if there was anything suspect about it on behalf of those friends.

The first clue that there might be something “up” was that people were wondering if it might be a scam.  Why? Well… the good old adage, “If it sounds too good to be true…” comes to mind.

Here’s the premise: you sign up for the program (even with a free account, if you prefer) under a sponsor. You then begin to “auto surf” ads every day. There are rewards for doing this, including the right to place a website of your own into the ad rotating system so that other people will be forced to view your site.

At this point, it sounds a little bit like a modified version of Pay-Per-Click advertising (PPC).  With PPC, which most people are familiar with because of the right-hand side of your Google search results, advertisers bid to have their ad show up on certain sites and then only pay when someone “clicks” on their ad.

Ad Surf Daily seems to provide a cost-effective way to do this… at first glance.

But what you quickly learn is that the vast majority of people who join (and later “purchase ad packages”) don’t actually have anything to advertise. So… the question becomes, “Why are they signing up?”

It turns out that if you “purchase ad packages,” (which the US Attorney’s Office has now labeled “investing”) you have the opportunity to “earn rebates” by faithfully viewing advertisements every day.  I won’t get into the mathematics of it, but let’s just say that this appears to be highly profitable because you can earn more in rebates than you “purchased.”

There are numerous incentives and rewards built into the program that are designed to get you to purchase more ad packages. Also, as a member of the program, you are incentivized to leave your earnings in the program because the higher your “cash balance,” the more rebates you’ll be able to earn.  You can even increase your rate of earnings by paying for a monthly membership at several different levels.  There are even big rallies where you can obtain much larger bonuses by “purchasing” ad packages on the spot…

And… of course, there are commissions.  This is where some of the biggest incentives are.  This is the part where you convince your friends and family (or even random acquaintances, like some of the people who have spammed my inbox about this) to sign up under you.

I Smell A Rat…

If you’re around the participants for very long, you hear amazing stories of large cash payouts. You hear about credit card debt being wiped out, even millionaires being created.  All of this occurs in short periods of time.  You hear about the explosive growth.  You hear about the founder, Andy Bowdoin, and his impressive award that was given to him by the President of the United States.  You hear about his many successful businesses over the years.  You also watch videos online which focus repeatedly on “we’re good guys” without providing any substantive information about why you should expect this program to continue.

But I have a fundamental question:

If the bulk of the customers have no need for the item they are purchasing, where is the value that this company is actually bringing to the marketplace?

In other words, they claim their goal is to be the biggest seller of online advertising in the world. They even claim to be threatening Google’s position as market leader.  But one thing I’ve noticed… the people/companies buying ads from Google (and other PPC establishments) have one thing in common: they all have something to advertise.

One friend of mine has a local contracting business.  My question for him was, “What are you advertising in the ASD system that people might be interested in purchasing?”  The answer: his local contracting business.  My next thought is, “What the heck does someone in Bolivia do when they see an ad for a contracting business in Florida?”

As a marketer, my next thought after that is… that’s a little bit like buying a billboard on a California freeway for your McDonald’s in Memphis.

Poor use of advertising dollars.

Not so poor, perhaps, for those who have a digital product with universal appeal, or perhaps those selling something that can be purchased and then shipped anywhere in the world.  Again, however, the key would be that it has universal appeal.

Like… toothbrushes.  We all need those, right?

Anyway…

Is It Sustainable?

Back to my fundamental question.  How long can this program carry on — even if they’re careful not to promise to pay out too much money in “rebates” — when their basic product is not needed by the people who are purchasing it today?

Can it be that the only reason they are buying advertising is so that they can earn a rebate?

The answer is: absolutely, 100%, unequivocally, “yes!”

And that, my friends, creates a problem: as soon as the market figures out that:

a. there are better ways to buy advertising, and

b. this is only sustainable as long as there are more people willing to buy something they don’t need,

the whole thing comes tumbling down…

…not unlike a Ponzi scheme.

Precisely, by the way, what the US Attorney in Washington D.C., otherwise known as the Attorney General, concluded.

Is anyone guilty of a crime here? Well… that remains to be seen.  In the meantime, no one is surfing the “ads.” No one is “purchasing ads,” and nobody is spending the $53M in cash that was seized while the investigation and the lawsuits proceed.

Bad news for those who used their life savings to buy something they didn’t need.

Snoop Dog Hack – SQL Injection

If you’ve been following my blog for a little while, you know about the recent “Snoop Dog Hack.” I’ve spent countless hours recovering from this nasty attack on my content, which replaced real content with ghetto slang, but only when viewed in certain Microsoft browsers.

Hopefully, it will never happen to your website. If it has, however, allow me to save you the trouble of doing all of the research to resolve this.

-John

First, a little background…

SQL Injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.

When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you’ve entered against the relevant table in the database. If your input matches table/row data, you’re granted access (in the case of a login screen). If not, you’re knocked back out.

One of the most popular SQL Injection scripts of the past decade is known as the “Snoop Dog SQL Injection Hack.” Often created to be unique to Internet Explorer 7, this hack makes it especially tricky for web development teams to spot and fix.

The Snoop Dog SQL Injection Hack

In its simplest form, this is how the Injection works. It’s impossible to explain this without reverting to code for just a moment. Don’t worry, it will all be over soon.

Suppose we enter the following string in a Username field:

' OR 1=1

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:

SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT'

…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.

So entering `OR 1=1 -- as your username, could result in the following actually being run:

SELECT * FROM users WHERE username = ‘' OR 1=1 -- ‘AND password = ‘'

Two things you need to know about this:
[‘] closes the [username] text field.

‘--' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:

SELECT * FROM users WHERE username = " OR 1=1

1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreak havoc.

Already Been Hacked? Here’s How to Fix It and Avoid Future Attacks…

  • If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
  • Copy and paste the following code into every page with forms on your website…


<?php echo "HAPPY APRIL FOOL'S DAY PAUL AND KEVIN ?>

<?php echo "FROM JEREMY" ?>