Monthly Archives: July 2012

Graphic designer or website developer?

You are planning a new website and wondering whether to use a graphic designer or a web developer. What’s the difference?

Most graphic designers have extensive knowledge and experience with print media. That is, they understand how to work with files that have large file resolutions, to align text and images in grids using desktop publishing programs, and make color separations and master pages. They can set CMYK and Pantone colour specifications for digital print production, and prepare files for traditional printing companies.

Unfortunately, the layout and design of your site depend on many factors that have nothing to do with its graphic design. Websites are created like jigsaw puzzles, not like posters. Think of them as many different pieces that are assembled in the browser via coded instructions, rather than a grid or layout program. The design needs to be planned by someone who understands how the design elements will work in the context of headers and footers, content areas and sidebars, as well as menu structures, widgets, plugins, tags, categories and scripts. Knowledge of web fonts – as opposed to typography – is also vital.

To create a website, a graphic designer needs to be familiar with optimizing files for the web, so they transfer quickly over the Internet and web pages load quickly. The content must be prepared for flexible images and fluid grids, because text and images on websites re-size according to the dimensions and orientation of each visitor’s monitor or cellphone. (You have to plan for people turning their iPad sideways, among many other considerations.)

In other words, a web design is not one single page, but multiple areas all coded separately. To be search-engine-friendly, all areas of the website need proper image titles, alt tags, css style sheets and media queries. Experienced web developers further test for differences between current browsers and older versions of browsers, including IE 7, IE 8, IE 9, Firefox and Chrome as well as Safari. They also understand (or should) how servers work and the most recent server technologies.

If you want your site to work efficiently on all devices, and for people to find it on the Internet, you need someone with the knowledge and experience of a seasoned website designer. This is not to say a graphic designer won’t succeed at getting something visible on the Internet  –  after all, anyone can make a website, just like anyone can cut your hair. But you may not reap the benefits of a site made by someone who understands how websites are interactive and configure themselves differently on different monitors and in different browsers.

There are some areas where you might use the services of a graphic designer to prepare files for your website. For example:

– Have a graphic designer create your logo. The logo will likely be used extensively in print media, so it’s best to have it created in the first place by someone who understands printing. It can easily be adapted to the web, but an image prepared for the web cannot be adapted to print media.

– For the same reason, a graphic designer could likewise prepare any elements of the website that will be used on business cards and brochures.

In addition:

– Be sure he or she understands the conventions of naming structures for Internet images, such as no spaces or symbols in the file names.

– If a graphic designer prepares images files for you on a Mac, be sure he or she understands the differences between how websites display on PCs, tablets and cell phones, in addition to how they look on Mac desktops, laptops, iPhones, iPads etc. There are profound differences in brightness and contrast.

Read more about differences in monitors and testing for different browsers

Additional reading
Understanding responsive design issues
http://www.creativebloq.com/responsive-web-design/problems-8122790

How Much Code Should Web Designers Need to Know?
http://speckyboy.com/2012/03/22/how-much-code-should-web-designers-need-to-know/

CAPTCHA-solving sweatshops

I get pretty bristly when I think about people being paid to make annoying stupid and illiterate comments on blogs. They do this in the hope you will approve their comments, which will give them a link from your site to theirs.

Most comments are not sent to your site by individuals, however. They arrive as a result of automated spambots. A company selling Viagra, for example, might write a general comment that can be sent to any site, such as, “I love your site so much, you are the best writer”. Somewhere in the comment there will also be a link to a site selling Viagra. If you approve the comment, which many people do because they are flattered and don’t notice the link, they now have a link from your site to theirs, which helps increase their page rank in Google. (Many people don’t even approve their comments. Their WordPress sites are left open to accept unapproved comments from anyone.)

However, before that comment can be submitted to you, the sender of the comment has to read and re-type the CAPTCHA code – that series of squiggly letters and numbers just above the “Submit” button. Since most comment spam is automated, and since automated spambots cannot read or re-type CAPTCHA codes, these companies use the services of other companies who hire real humans to decipher CAPTCHA codes. Once they have deciphered the code on your site, your site becomes one of thousands that can be re-sold in packets.

All over the world, especially in India, Malaysia, China and Russia, there are tens of thousands of non-English speaking workers hired for a pennies a day to decipher the CAPTCHA codes on WordPress comment forms.

With the going rate ranging from 80 cents to $1.20 for each 1,000 deciphered CAPTCHAs, a really fast worker can make $2 to $3 a day. Imagine deciphering 1,000 CAPTCHAs in one day, then doing it again for the next 365 days. International CAPTCHA-solving teams are effectively sweatshop labor, where people — especially young children — will just sit and be given these images to solve and will type them in all day.

In India, major CAPTCHA-solving companies openly advertise that they can crack CAPTCHA codes. They sell their services in turn to companies selling not only drugs like Viagra but search engine optimization (SEO) sites, sites selling vitamins, cosmetics and shoes, and hundreds of other types of businesses who can profit from getting their web link on your site.

Typical newspaper ads in India read:

I have 40 PCs and 55 Persons working in my office for data entry work. As 1 person can do 800 captcha entry per hour. We can deliver you good quantity with quality

Hello Sir, I will kindly introduce myself.. This is Shivakumar. We have a team to type capcthas 24/7 and we can type more than 200k captchas per day

WE ARE PROFESSIONAL CAPCHA ENTRY OPEATORS AND WE CAN DO EVEN 25000 ENTRIES PER DAY AS MY COMPANY IS A 25 SEATER FIRM SPEALISED IN DATA ENTRY

In Bangladesh at this very minute, a team of international workers is actively soliciting deals for breaking Craigslist, Gmail, Yahoo, MySpace, YouTube and Facebook’s CAPTCHA scripts, promising to deliver 250k solved CAPTCHAs per day on a “$2 for a 1000 solved CAPTCHAs” basis.

It’s a losing battle for the well-intentioned WordPress sites of the world. The only protection is to ensure you have checked off “Administrator must always approve comments” under Discussion in your General Settings. Then check your Comments regularly and immediately delete any spam comments that appear.

Sources:

http://www.zdnet.com/blog/security/inside-indias-captcha-solving-economy/1835

http://www.nytimes.com/2010/04/26/technology/26captcha.html?src=me&ref=technology

http://www.npr.org/templates/story/story.php?storyId=130594039

Nasty Facebook notifications

Some days I feel like I’m walking through a minefield.

No sooner had I posted a blog piece about WordPress comment spam today (see Caution: WordPress Comments), I noticed an email message from someone who had commented on my Facebook wall.

It was a weird comment, which should have warned me. After the fact, I also saw the tell-tale row of multiple O’s in the sender’s address, from comments@faceboook.com

But at the time, I was seduced into logging on to my Facebook account then clicking the link with a message from “Amanda Phillips” in my email program. At a quick glance it looked like any of the legitimate Facebook notifications I receive every day. (Without the swearing of course. In fact that was part of what intrigued me: Why was someone so mad at us?)

Curiosity almost killed the cat. I was immediately blasted by my Avast anti-virus/anti-malware protection which announced it had blocked an executable Trojan horse, a split second after clicking the link and a hair before it initiated.

Close, very close.

[BTW If you don’t have an anti-virus program, I urge you to stop now and download Avast here. http://www.avast.com/en-ca/index You will be very glad you did. Avast is also available for the Mac at http://www.avast.com/free-antivirus-mac As the market share for Mac grows, viruses are an increasing threat for people on Macs.]

What does a Trojan horse do? A Trojan horse is a program that gives a hacker power over your computer. It can provide the attacker with unauthorized remote access to a your files, infect your files and damage the system, carry additional dangerous parasites, and steal sensitive information. Trojans delivered to your computer through email can be are set in action when you click an infected link, play an infected video or click on an infected image. Without protection, they can wipe out your harddrive and all your programs and files.

More information about Trojan Horses can be found at Wikipedia

Read more about Facebook scams and spams at http://www.theregister.co.uk/2012/05/06/social_network_spam/

If you fall for one of these notifications like I did, I hope you have as excellent malware protection in place as I did.

Caution: WordPress comments

Think twice about accepting comments on your blog. Most WordPress comments are spam. Disguised as notes of appreciation, millions of spam comments are sent every day to WordPress blogs like yours and mine.

Most comments are innocuous, like the one above. Typically they read as a variation of:

“Great article. Keep up the great work.”
“You are very astute to write about this matter.”
“Spot on with this write-up, I truly think this fabulous website needs considerably more consideration.”

The goal of most of these senders is to have you approve their comments so they increase the number of links to their own sites. The scammers who generate these comments (by the thousands) are happy if only a fraction are accepted. But by approving them, you can be allowing potentially dangerous links to be created between their site and yours.

The more dangerous comments contain links to malware/virus/phishing sites, but you may not be able to tell by the email of the sender or other clues. Not only can you infect your own computer by accepting them, but the computers of your own visitors who may clicks on a malware link.

Other comments are much more damaging. Approving them can corrupt all the files on your site, including your design and all the posts you have made. You can lose everything. In a particularly brutal example, this morning someone contacted our company for help because he had approved a comment on his site which turned out to be malware. By approving it, it wrote malware into every .php file in his installation, installed someone else as the admin, and changed the admin e-mail address to their own. Basically he lost his entire site. He is on a server that does not do backups. This is one of the worst cases we’ve heard of.

Following are the absolute least, the most basic things you must do to protect yourself.

1. In the Discussion settings of your blog, check An administrator must approve comments.

2. Click the Comment Author Must Fill Out Name And E-mail box, which forces anyone making a comment to provide the necessary information. Some spammers might be deterred by this extra step.

3. Vigilantly check your comments by logging in to your dashboard, and trash all spam. Your speedy response can help diminish further comments from the same source.

4. Install a CAPTCHA script to ensure anyone leaving a comment has to type in the extra code. Automated spam cannot do this.

5. Never, ever approve a comment unless the writer has made a specific reference to something in your post. If the comment could have been made about any of your posts, or any other post, trash it.

6. Check the email of the sender. Trash it if the comment sender’s emails contains strange characters (like %/solarsp0), an exceptionally long address (like businessseomaster.com/index.php?main_page=product.Gravitt295@yahoomail.com), or comes from a company that sounds odd or too generic (like hotbraininsights, xxxlivecam or bestvaluerugs).

7. Never, ever upload an html page from another site. If you copy a photo from another site, be sure to rename it rather than using the entire http:// link. You never want to take the chance that malicious code from another site can infect your own.

In general, unless you have very strong reasons to believe the sender is genuine – for example, they made a comment that includes information that could only have been obtained from reading and thinking about your post, or if you visit the website associated with the email address and decide you do want to be associated with it – I recommend that you do not accept any comments at all.

It is much better to be safe than sorry.

For more information, please refer to these articles.

The Never-Ending Battle Against Comment Spam
http://www.wpsecuritylock.com/battle-against-comment-spam/

Comment Spam
http://codex.wordpress.org/Comment_Spam

Removing Malware from a WordPress Site
http://pengbos.com/blog/removing-malware-from-a-wordpress-site

Note: Be particularly careful if you’re on a Mac. Mac users do not tend to protect themselves adequately, in part because of a false sense of security caused by the company’s advertising. One study found that only 26% of Mac users have installed anti-malware software, as opposed to 92% of PC users. Read more