Category Archives: mailbag

Mailbag: WordPress Evolve Theme Settings

Posted on by
5

Niks posted this question on another post here at the blog:

I also use EvoLve theme, but I has different look then yours. Mine shows the entire post on the home page and I dont want that. Can you tell me what are the configurations you are using for your theme!

These are the Evolve Theme Settings (that apply) I use:

DESIGN:
Enable Custom Background: No
Number of Sidebars: 1
Sidebar position: Right
Width: Fluid

POSTS:
Number of articles per row on home page: 2
Enable post excerpts with thumbnails: Yes
Post meta header placement: Single Posts + Archive
‘Share This’ buttons placement: Single Posts
Position of previous/next posts links: Both
Display Similar posts: Match by tags

Navigation:
Disable main menu: Unchecked

Simple enough. Good luck.

Mailbag: How Do You Backup Your Drupal ?

Posted on by
Reply

Drupal LogoI received this question from a webmaster at one of the webmaster forums I waste too much time at:

Hello,
I have read your success story. It was really impressive. You mentioned that you use Drupal and also mentioned that once you lost your Database. So can you please give me some advice on a back up solution for Drupal? Do you use any online back up?
Your help will be greatly appreciated. :)

Yes.. It’s true.. It is shameful, but I admit it. In what is now referred to as “the crash of 06″ I did lose the Drupal database for my best earning site. Because the only backup that I had was weeks old, I lost quite a chunk of data – like posts/nodes/comments/user accounts. It was a shameful time and it brings up many bad memories of the taste of Tums and hair being pulled from my head.

So, yah, i did learn from my mistake of not backup up my Drupal database – so hopefully now you can learn too!

My current backup scheme goes something like this: My server is now configured with a dedicated backup drive. Each day WHM/cPanel makes complete copies of all accounts on the server, including all files and MySQL databases. So at any given time I have backups from the last several days, last weeks, and few from each of the last 5 years on that drive. In addition to those daily backups, several times per week I create a duplicate of the live database in PHPMyAdmin and download it to my local computer. I leave a few of those duplicate databases in PHPMyAdmin for easy access should I ever need it. Since the Drupal files do not change often, I get full-file downloads about once per month or any time I apply a Drupal core upgrade and store them on my Mac with the database files.

The databases & files that get downloaded to my computer stay on their own partition for approx 1 year. They also get automatically backed up to an external HDD. And, just for a little extra peace of mind, they also get uploaded to an offsite/online backup service. So, at any given time I have multiple copies of multiple databases and file-sets in multiple places.

As for automated/online backups for Drupal or Backup Modules – I don’t really trust them. I am more comfortable exporting my databases from MySQL and getting my files via sFTP. I do use an online backup/storage service – but it is backing up the data from my Mac at home and not my server. I would not trust anything connecting into my server. At least I can keep my Mac turned off at night but my server is up 24/7.. Call me paranoid..

What about you Drupal and WordPressers? Are you taking any steps to backup your website files and database? Dont make the same mistake I did!

MailBag: What about MY success ?

Posted on by
4

MailTechnically this isn’t a “Mailbag” question because the question was posted in a comment and not sent to me via email or my Contact Page, but it brings up a good point so I thought I would share the question and answer here for everyone to read. After-all, I can’t really go around preaching about how to be successful without mentioning my own success at least once in a while, right?

Longtime readers of my blog may remember that in the past I would post quarterly or yearly updates on earnings and traffic, but for various reasons I have done that less and less. Fortunately none of those reasons were because I (or my websites) were no longer successful – am I still proof that a little-guy that does not know much about building websites, SEO, or marketing CAN BE SUCCESSFUL ON THE INTERNET!

Anyway – here is the post/question by CPVR from VirtualPetList.Com:

… Are you going to do more things to your blog this year? It would be nice to hear about your earnings from last year to this year – and how well you’re doing with Adsense and kontera.
I used to remember checking out your blog and finding it motivating to see more success.
Or, also, have you thought about talking about Grownupgeek’s latest success? Like, how is it doing traffic wise?

Am I going to do more things to my blog this year? Probably not. The new (current) look should last me for another year or two before I get bored with it, and still no plans to add any advertising to the blog. That should make my blog one of the very few “make money on the internet” type blogs that does not have any advertising on it. (I hope you guys appreciate that – tell a friend!)

Over at my main website, GrownUpGeek.Com, Adsense, Kontera, and now IDG TechNetwork all did very well in 2010. Kontera had some ups & downs (aka, very bad months), and Adsense had some record-high months. I started using IDG TechNetwork in mid 2010 and it turned out to be the real surprise of the year. Although IDG TechNetwork earnings were slightly lower than Kontera earnings each month in 2010, beginning in 2011, IDG Tech has overtaken Kontera, and is now earning more than double what Kontera earns each month. Overall earnings for 2010 were right at $60k – that is more than double 2009 which was a record bad year for earnings..

Adsense was the highest earner in 2010 with approx 70% of all earnings. Kontera brought in approx. 15%, and IDG Technetwork brought in about 5%. Various affiliate sales (Comission Junction, Plimus, Chitika referrals, direct ad sales, ect) rounded out the balance with an approximate combined 10% of earnings.

Traffic in 2010 was slightly lower than 2009 – but just barely. 2010 brought GrownUpGeek.Com just under 5.5Million page views, while 2009 had a whopping 6Million page views. So far in 2011 traffic is 10% higher than at this point in 2009, so it looks like 2011 could be another record year.

Here is to a successful 2011 for all of us! (even if it is a bit late)..

Mailbag: How To Block A Bad Bot

Posted on by
Reply

Isabel has contacted me with the following issue about bots hitting her site:

I have come upon your website in a recent google search on how to ban proxy bots. I am experiencing a problem on my forum which you seem to be all too familiar with.

As of yesterday, a malicious user has setup a BOT to attempt to gain access to administrative and member accounts by inputting passwords. At first, we IP banned everything used. But with over 20 IP bans the BOT is still at it even as of today. It hasn’t stopped since it began. It uses IP addresses from around the world.

I read your article on stopping proxies but it all sounded greek to me. I don’t know how to use or setup any of those programs. Basically, I’d like to ban this user from my site and his BOT but I don’t know the first step into figuring out how.

I have contacted my host, my forum service, and website designers for help.

Is there a way that I can simply backtrack this BOT to the real owner? Is there a way to ban this bot regardless of IP addresses used if I could find the name of it? How could I find out what BOT is causing the issue?

Sincerely,
Isabel

Presumably both your forum service, website designers or maybe even your web-host can help you with this, and of course exactly what you can do will depend on your specific server/site configuration, but here is a general outline of what you can do:
The first step in getting this bot blocked from your site is identifying some sort of a ‘signature’ to reliably identify it. Once you know a uniquely-identifying signature for the bot you can then use various methods to block it from accessing your website or server. To ID the bot and it’s signature you will have to look in your forum logs, Apache access-logs and Apache error logs.

Here are some of the things I look for:

  • IP address or IP range
  • Geographical location (based on the IP)
  • Type of access (proxy, bot-net, etc)
  • User-Agent or other header information
  • “What” it’s doing – pages/path it’s hitting, repeated page-not-found, etc

Once you have a unique signature for the bot, or way to see this bot and pick it out from all of your other visitors you can then take steps to block it. How you block the bot will depend on the level of server access you have and the tools at your disposal – here are a few tools you can use:

As an example, this is what I recently did to block a bot that was repeatedly trying create fake user-accounts at one of my sites:

The bot was coming from random IP’s from all over the world – probably from infected PC’s. None of the IP’s (or very few) were on any block-lists, none were from proxies and the user-agent and headers were indistinguishable from ‘real’ visitors. However, by looking through my Apache error logs I was able to see that every time this bot tried to create an account, it first tried to access a “sign up” page that does not exist at my site (probably does exist for some other type of forum) – So by using MOD_SECURITY and CSF I was able to put together some rules that went something like this:

IF the path="/thatspecificpage.html" THEN BLOCK with error 403 page
AND IF the same IP accesses "/thatspecificpage.html" < 3 times THEN ADD IP to firewall (permanently block)

Another example in the past was when a person was attempting to ‘brute force’ attack random accounts by trying different passwords (much like your issue) – at that time I simply installed a module for my forum-software that would ‘lock out’ accounts for a specified amount of time after a specified number of failed login attempts. By looking in my logs I was eventually able to get the IP of the person, close their account and block the IP address they were using.

Some hypothetical ways to block your bad-bot:

  • Just install BadBehavior! BadBehavior will automatically block a very large percentage of bots and may take care of the problem!
  • If the IP’s are coming from proxies or a BOTNET, use an RBL or DNSBL to block them – to determine if the IPs are in any DNSBL or RBLs check them at a site like MXToolbox.
  • If the IP’s are all in one ‘CIDR’ or a few CIDRs (ranges of IP addresses), or are all coming from the same geographical area that you don’t care about (Turkey, China, etc), block them using your firewall or .HTACCESS
  • If the bot has a particular user-agent, block it with MOD_SECURITY or your .HTACCESS file

As far as identifying the real owner or master of the bot – forget it. Unless the bot-owner is an idiot you would probably never be able to track him or her down. And, even if you could identify him, then what?  Are you  going to go over to his house and kick his ass? (yah, sounds satisfying, but he might be big!). Sure, you could report the bot-owner to the authorities, but in all reality, they probably have bigger fish to fry.  Just figure out how to get it blocked – and, just so you know, there will be more!  Welcome to the interwebs!

Again – what you do, and specifically how you do it, will depend on many things, but hopefully this outline can give you some guidance.

Mailbag: Questions.. Just.. Questions..

Posted on by
1

Allaina Abraham from www.enewbiez.com sent me some questions that I thought I would share with everyone. Some of these questions are aimed at “real bloggers” or internet marketers (of which I am neither), but I do generate a substantial income online so my answers/opinions must be worth something.. to someone.. maybe..

Why and when did you get into blogging?
I’m not really much “into” blogging. I tend to only make a blog-post when I come across something that I think may help other new webmasters learn from my mistakes or if I think something may be interesting or helpful. That said, I started blogging in 2006 solely as a way to get some deep-links from Blogger.com to my main website GrownUpGeek.com. After a year or so I moved from Blogger to my own server & domain and actually started treating the blog as a blog.

How did you first start promoting your blog?
I don’t really promote my blog (i’m getting the idea that you don’t actually read my blog much!) However, I did start promoting my website as soon as I had enough content on it to make it valuable to anyone. I did everything from dropping links in forums (with helpful posts, not ‘spamming’), to calling in a national radio-show. More recently, things like tattooing GrownUpGeek.com on people has generated quite a bit of buzz.

Is blogging your full –time job?
Now i’m sure that you don’t read my blog as you would have noticed the lack of advertising and very low volume of posts. But with regards to my website – it is not my full-time job. I have a “day job” and limit most of my website work to the evenings. I have been very tempted to quit the day job though, particularly a year or two ago when the website generated upwards of $90K. Looking back now, I’m glad that I didn’t quit because almost overnight income dropped by over 50% for the following year. Even though earnings are back up, I have learned that the internet is far too volatile (for my taste) to trust as my sole income.

Traveling around the world and experiencing different types of cultures must be great. When do you ever get the time to blog?
Yah.. That would be great, but I wouldn’t know anything about it.

What e books did you read that you think will be beneficial for a newbie to internet marketing?
I don’t think I read any eBooks when I first started, and I certainly would NOT recommend that anyone spend a dime on eBooks! Anyone can learn everything they need by joining/reading webmaster-related forums like DigitalPoint and Webmaster World. There are also a few quality, free eBooks out there!

Finally, what sound advice would you give to anyone wanting to start their own niche blog?
I always recommend that new bloggers stick with a niche that they know and love and not try to chase the high-paying keywords. I’ve seen 100 or more bloggers start up “mesothelioma” blogs, or other blogs they know nothing about only to be disappointed with the results, banned from Adsense, etc. Stick with what you know, and don’t be afraid of failure.

Mailbag: Can Paypal keep both parties’ money in an illegal transaction?

Posted on by
Reply

This mailbag question comes from Brian who seems to have run-afoul of PayPal’s rules:

I participated in a paypal transaction that was a violation of the paypal user agreement (although perfectly legal).  The other party states their account has been locked along with his balance “that paypal will now keep.”  My account has no indication that a violation has occurred, nor that it is locked.  Can paypal keep funds in a persons account even if they were a violation of it’s use policy?  I could understand the 180 days thing, and closing an account, but keeping all the funds seems just wrong!  Is there any way I can at least get my money back since the guy isn’t going to deliver the product I purchased?
Thanks
Brian

I have never heard of PayPal holding money indefinitely for violating their user-agreement.  In every case that I have read about (and in my own experience), Paypal will hold the money of one or both parties for the dreaded 180 days, but not “keep” it.  If you have sent your money to the seller and you know he is not or did not ship the goods, I would follow the standard dispute procedure in the PayPal resolution center to request a refund and let PayPal work it out.  I can think of no reason why PayPal would not return your money to you.  To be safe though, I would withdraw any money from your PayPal account before you bring any attention to it – just to be safe. I also recall that when my PayPal account was temporarily banned, and they were holding my funds, I could still log-in and issue refunds to buyers – so I think your seller may be confused.. or a liar..