You see, I’ve set up Google Alerts for a few of my blogs (only the ones that generate income).  In my alert it not only notifies me of my latest post, but I also get to see related posts on the same topic. I like to keep up to date in certain subject areas.

Imagine my surprise when my alert came through with my latest post (along with a sentence or two snippet of my post) and a duplicate post. The duplicate post had the same title and the same snippet but with a different URL.  Huh?  What’s going on?

Naturally I clicked the URL and wasn’t too happy with what I found.  I found my first person review on someone else’s blog.  They used it word for word! Ugh! I so hate plagiarism.

What to Do Next

Once I calmed down, I left a brief comment on the offending site requesting them to remove the post as they were not given permission to copy my work word for word.

Not waiting for a response, I did a “Who is ” search to find out more about the plagiarizer.  In addition to finding the name and address of the administrative/billing and technical contact (all the same person), I found that the blog is hosted by HostGator.

Since my sites are hosted on HostGator, I signed into my account and submitted a ticket.  I gave them a link to my original work and a link to the copied work. I also provided the Who is information and asked them if they could contact the owner to have them remove my work.

HostGator’s Plagiarism System

HostGator responded with a long email containing instructions on how to file a DMCA complaint. DMCA stands for Digital Millennium Copyright Act (of 1998).  If you want to read the act, you can download it and read it in your spare time.

HostGator makes it easy to file a DMCA complaint because they have a quick and easy online form.  All you have to do is insert the following information:

• Your contact information
• Link to the original work
• Link to the plagiarized work
• Click two check boxes which affirm that you are not filing a fraudulent claim,
• Sign and date the form then click “Submit”

You’ll shortly receive an email notification of your DMCA complaint along with a link to the ticket.  They promise to address the request within 12 to 24 hours and send a confirmation once processed.

A Plagiarism Bright Spot

According to HostGator they implemented this system “…to make submitting notices of alleged infringement to us as straightforward as possible while reducing the number of notices that we receive that are fraudulent or difficult to understand or verify.”

So, if someone does plagiarize your work, just hope they’re hosted on a HostGator server.  It makes getting rid of them so much easier.  I just hope that the offender removes the plagiarized material quickly.

Now back to smelling the roses (which are buried under knee deep snow and ice).

Submit a Ticket

I’m working with Hostgator to find out why this happened. So, if you come to visit NJFM and it’s not there, don’t panic (as I did). It’s all gonna work out in the long run. I really miss the days of actually placing a phone call and getting a knowledgeable person on the other end. Now, I’ve got to submit a ticket and wait for someone to get back to me.

Plenty to Do

In the meanwhile, while my site and hosting company are playing Peek-a-Boo, I’m going out to do some yard work. The recent storms have wreaked havoc on our very, very, very old trees. We have huge limbs and branches everywhere. So, for a change, I’m leaving the laptop inside and I’m going out to get a workout. While my hubby is at work, I might even get a chance to play with the chain saw (he thinks I can’t handle it).

Hopefully, when I come back my site will be back to stay. In the meanwhile, I’m going to play in the real world today. With any luck, I’ll have all of my limbs when I return.

Have a great weekend…oh, and Happy Spring!

My blogs and websites are hosted by Host Gator. I love their service and their up time. I’ve had very little issue with them when it comes to my sites being online. As a matter of fact, they were extremely helpful when one of my blogs (or should I say several of my blogs) were hacked. They worked diligently with me to find the vulnerability and get rid of it. I’ve suffered through poor hosting companies in the past so I truly appreciate Host Gator’s hosting services.

The one problem I have with them, however, is their domain name hosting. Not only is it more expensive than others (they charge $15 a year), on several occasions, my domain name had expired without any prior notification.

Imagine my surprise when I go to modify my site only to see the generic webpage which indicates the domain name had expired. It has happened to me more than once with them and I find that unacceptable.

Each time it happened, I swore I was going to move all of my domain names elsewhere to better manage them and save money (when you have over 10 domain names at $15 a pop, you can save a bit of money if you can pay $7.50 a pop). The only thing that stopped me was going through the process of switching the domains.

It’s time to bite the bullet (this is one of those tasks that I would love to delegate, but I’ve got no one to delegate it to). The most recent debacle lasted for 4 days before I realized the site was down. Not acceptable.

Need Advice

I’m looking for a little advice here. I’ve been thinking of transferring my domain names to Go Daddy. I see they have a bulk domain name transfer option whereby transferring 5 names or more you get the privacy option for free and each name costs $6.99 per year, plus they extend your current domain term by a year for free.

I’m looking to find a reliable and cost effective domain registration alternative to Host Gator’s. My next domain name expires in early March, and I’d like to have this all done well before then. If anyone knows of a reliable company, please let me know.

It started on one of my less frequently updated and less popular blogs. I happened to go the blog and in the upper left hand corner I saw a link for the drug. Immediately I logged in, checked the appropriate WordPress files to see which one contained the offending code.

After a thorough search, I couldn’t find it. So, I did what I know to do. I searched the internet to see what other hacker victims did. It lead me to checking the databases (double ugh!). Like Dorothy and Toto being lost in the woods, that’s how I felt navigating through my back end databases. Apparently I was absent from school the year or two when they were teaching all about databases.

Not being one to give up, I learned just enough to be able to find out where the offending code was being placed. Apparently the hacker was able to add an entry into one of the database tables. I deleted it and searched the database for my other blogs. I was appalled to find similar results.

After deleting the entries, I changed my admin password and the password to my databases and was done, or so I thought. Imagine my surprise when the attacks kept occurring.

Back to the Drawing Board

In addition to ensuring each blog was updated with the latest release of WordPress, I also accessed my .htaccess file searching for malicious code. I found something that didn’t look quite right to me so I deleted it (saved a copy in case my blog blew up by its removal). Unfortunately that didn’t solve my problem.

Calling the Big Guns

After doing all that I could do (which wasn’t very much), I submitted a ticket in the Host Gator system. My sites are hosted by Host Gator and I’m very glad they are. I’ve been with other hosting companies and had to go through the agony of switching web hosts. Switching web hosting companies is not something that anyone wants to do on a whim. You only switch hosting companies if you’re forced to.

The folks at Host Gator were very responsive. Unfortunately, the first level of customer service searched through all of my files looking for malicious code and couldn’t find anything. I changed passwords again and still, the attacks kept coming. It got to the point where I would search my databases every ½ hour to remove the unwanted entries.

Escalation to a Higher Level

The ticket was escalated to a higher level. It seems the hacker was accessing my blogs remotely. We’re not sure, but I believe they gained access through one of my plugins. I have a sneaking suspicion it was my TwitPress plugin, but I can’t be 100% sure. I’ve since disabled it and am considering TwiterFeed instead.

Bottom line, they assisted me with admin password changes, user password changes, database password changes and configuration file changes. There were way too many changes for me to wrap my head around (having several blogs and all). It seemed to have worked.

The hacker most probably entered through an unlocked back door and gained access to all of the passwords and blog configuration (I thought it suspicious when the text in the right column of my blog disappeared). Having gone through such an experience I’d like to share a few sites that I came across while attempting to fix the problem.

These sites offer valuable information on how to prevent such a thing from happening to your WordPress installation.

• Did Your WordPress Site Get Hacked?

• How to Stop Your WordPress Blog from Getting  Hacked

One thing I did learn is that it’s very important to keep WordPress installations up to date. It’s easier to do now because of the auto update feature. Many times the latest release doesn’t offer any new bells and whistles. Sometimes it’s addressing potentially exploitable vulnerabilities.

All’s Well that Ends Well

I learned quite a lot from my hacking marathon.

1. I learned that Host Gator support team is extremely responsive.
2. I learned not to ignore new WordPress updates (sometimes they seem to come daily)
3. I shouldn’t have cut class when they were teaching all about databases
4. Create more secure and varied passwords (no more one password fits all)
5. It’s great to have eggs in more than one basket. While my sites were down, I was still able to continue working on my other revenue producing projects.
6. It’s good to have static websites in addition to blogs.  While my blogs were being compromised, my static websites were not affected (which is good, because that’s where my bread is buttered).

A Little Background

My regular readers know that I have a few blogs and websites. I monetize each of them with Google AdSense and a couple of other revenue generating methods. One of my sites does pretty well with Google (sometimes)

One of my blogs, however, had me perplexed. While the traffic was steady and clicks on the Google ads were constant, the income generated from the clicks was nil! I ran a report and after 180 clicks I earned a whopping doughnut! Yep, big fat Zero!

Here’s How I Rationalized It

I had originally created the blog on Blogger.com. Over time I transferred the blog to its own domain using a WordPress template. Not being able to delete the original blog from the blogspot domain, I thought Google was penalizing the reincarnation of my blog because of duplicate content. I won’t mention that I went through each post on the blogspot.com domain and encouraged readers to visit the new blog location.

My Bright Idea

After a period of frustration noticing that the clicks were mounting and the money was not, I decided to remove all Google AdSense code from the blog. I substituted Google with Chitika and Amazon and whoever else seemed to fit with the theme of the blog.

Bringing You Up to Date

Fast-forward a few months to some time in early January (a day or so ago). I started yet another project which is in the form of a blog/website. Since it’s still in the experimental stages, I won’t go into detail now. A few months from now I’ll let you know how it’s going.

Anyway, as a result of creating this new blog/website, I added Google AdSense to monetize the project. While generating the AdSense code for the new site, I got sidetracked on the Google site and noticed the “Allowed Sites” function under the “AdSense Setup” tab. Guess what I realized…(This is the embarrassing part)… I realized that I had enabled the site-specific feature in Google AdSense some time ago.

What this does is it forces you to approve the web domain that hosts your AdSense ads. The reason I enabled it a long time ago was because I heard horror stories of people having their Google accounts canceled for unknown reasons. I thought that maybe someone might have gotten a hold of the AdSense code and maliciously placed it on a spam site thus causing the account to be suspended. I know, sounds far fetched, but that’s how my brain thinks.

Duh Moment

Anyway, after looking at this I realized that I had not included m own sites in the “Allowed Sites.” That’s why I didn’t earn a dime on the AdSense clicks on my blog (all 180 of them). My low revenue was all self inflicted. How embarrassing!

The Moral of the Story

If you’re going to add Google AdSense to your website or blog, make sure you list your own site as an “Allowed Site” in order to receive income from Google AdSense.

Gotta run… I’ve got to put the code back on my “allowed” blog.