Recently I had the opportunity to register myself as a user on someone else’s blog… and I was horrified by what happened (I very much like and respect this woman). I went through the registration process completely, and then logged into the site to make a comment on a blog post I thought was worthy of such.

I was shocked to find that not only could I make that comment, but I also could edit any other blog post on the site, and add new posts there. I convinced myself that surely the weblog’s owner had some kind of safety feature set that wouldn’t let me save any edits I tried to make, or something… Being the polite person that I am, I wasn’t about to try to edit any of her posts, after all, what if some big bells and whistles went off that pointed a big finger at me for trying once I hit Save?!

After I left the comment I was there to leave, I left her site a bit befuddled, but soon forgot about it, telling myself that I know she knows better.

Lo and behold, about a week later I saw on a social site we both frequent that she was shutting down her blog immediately, probably permanently, because it had been HACKED. I am seriously left to wonder if it had really been hacked at all. After all, now it was apparent she had given the “hacker” permission to go into her site and do whatever he or she wanted to. I immediately tried to view her site out of curiosity, but sadly it was already gone.

This got me to thinking. How many blogs out there have the wrong permissions set for their users? I think it was my social friend’s intention to allow her readers to be able to comment on posts on any of her pages, but she inadvertently gave them editor, author, or contributor permission to edit all her pages and posts instead. Permissions, to the unknowing eye can by extremely difficult to understand. They can also be devastating if you set them up wrong, as she has now learned.

Please, please, please do a test run of your blog as if you are a new user immediately after launching! Try it out to see how far you can go. New users should only be able to comment on your blog posts as Subscribers, nothing more. Never over give permissions to your blog’s users and assume they will be courteous about it. Hackers are NOT courteous!

Print This Post

Now that the baseball season is finally over, I’ve spent some time finally working on one of my sites. I’ve decided it’s in enough of a state of completion (still has a few bare spots!) that I’ve gone ahead and launched it. Since it’s “by webmasters, for webmasters,” I’m sure you webmasters out there will understand that it’s still under construction, and probably always will be!

I’m still looking for a good php programmer to contribute as an expert. I’ll be expanding on the Meet the Pros section on the left sidebar. Each will click through to a page with introductions and links instead of just through to offsite blogs as they do now. That’s tomorrow’s work!

Take a look, and I hope you will feel it will be a useful resource to you as a webmaster. If you feel it is lacking in any way, please leave a comment on the forum. The general theme of the site is ‘share with your peers, and they will share with you.’ Click here to get started: marketspring.net

Print This Post

It seems all I’m hearing about is email marketing lately. I don’t know about you but I HATE it when I get unsolicited junk in my email box. Email marketing has its definite advantages, when the sender has permission to send it to you. Unfortunately most of what I get is NOT approved by me.

Being in the web design business, I have many clients who ask for email newsletter capabilities. I am more than happy to provide them with it, but we have strict rules for our clients using our servers about mass marketing through email.

First, and foremost, all email addressees on their mail lists must be clients, or must have signed up for their newsletter. We do not permit the use of purchased mail lists, and this is why; simply put, we do not want our email servers to be blacklisted.

I had a client tell me today that she was going to send out an email blast to 20,000 people this week. I almost had a heart attack! Immediately she responded very kindly with, “Don’t worry, I use an outside email campaign manager and we’ve done this many times before. We send them over a period of a couple days and haven’t had any problems yet”.

That got me thinking. I know about these mass email companies that are very popular on the web. Apparently they must be paying off the blacklist companies or something if this service she described is what they are selling? Does this also mean that they are responsible for the hundreds of junk emails I get? I know that many of the spammers manage to serve up their spam email themselves, but it sure seems like the companies who provide email campaigns like the one my client is about to do HAVE to take some responsibility for the deluge of junk mail.

Please, share your thoughts on this. I’m interested to hear. Am I off base here? You tell me.

Print This Post