SEO is an acronym for "search engine optimization" or "search engine optimizer." Deciding to hire an SEO is a big decision that can potentially improve your site and save time, but you can also risk damage to your site and reputation. Make sure to research the potential advantages as well as the damage that an irresponsible SEO can do to your site. Many SEOs and other agencies and consultants provide useful services for website owners, including:

• Review of your site content or structure
• Technical advice on website development: for example, hosting, redirects, error pages, use of JavaScript
• Content development
• Management of online business development campaigns
• Keyword research
• SEO training
• Expertise in specific markets and geographies.

Search engine optimization is often about making small modifications to parts of your website. When viewed individually, these changes might seem like incremental improvements, but when combined with other optimizations, they could have a noticeable impact on your site’s user experience and performance in organic search results. You’re likely already familiar with many of the topics in this guide, because they’re essential ingredients for any webpage, but you may not be making the most out of them.

Create unique, accurate page titles
A title tag tells both users and search engines what the topic of a particular page is.
The <title> tag should be placed within the <head> tag of the HTML document. Ideally, you should create a unique title for each page on your site.
If your document appears in a search results page, the contents of the title tag will usually appear in the first line of the results.  This can help users recognize if the page is likely to be relevant to their search. The title for your homepage can list the name of your website/business and could include other bits of important information like the physical location of the business or maybe a few of its main focuses or offerings.

Make use of the "description" meta tag
A page’s description meta tag gives Google and other search engines a summary of what the page is about. Whereas a page’s title may be a few words or a phrase, a page’s description meta tag might be a sentence or two or a short paragraph. Like the <title> tag,
the description meta tag is placed within the <head> tag of your HTML document.
Description meta tags are important because Google might use them as snippets for your pages. Note that we say "might" because Google may choose to use a relevant section of your page’s visible text if it does a good job of matching up with a user’s query. Adding description meta tags to each of your pages is always a good practice in case Google cannot find a good selection of text to use in the snippet.

Improve the structure of your URLs
Creating descriptive categories and filenames for the documents on your website can not only help you keep your site better organized, but it could also lead to better crawling of your documents by search engines. Also, it can create easier, "friendlier" URLs for those that want to link to your content. Visitors may be intimidated by extremely long and cryptic URLs that contain few recognizable words.
Lastly, remember that the URL to a document is displayed as part of a search result in Google, below the document’s title and snippet. Like the title and snippet, words in the URL on the search result appear in bold if they appear in the user’s query.

Make your site easier to navigate
The navigation of a website is important in helping visitors quickly find the content they want. It can also help search engines understand what content the webmaster thinks is important. Although Google’s search results are provided at a page level, Google also likes to have a sense of what role a page plays in the bigger picture of the site.
A sitemap (lower-case) is a simple page on your site that displays the structure of your website, and usually consists of a hierarchical listing of the pages on your site. Visitors may visit this page if they are having problems finding pages on your site. While search engines will also visit this page, getting good crawl coverage of the pages on your site, it’s mainly aimed at human visitors.

Offer quality content and services
Creating compelling and useful content will likely influence your website more than any of the other factors discussed here. Users know good content when they see it and will likely want to direct other users to it. This could be through blog posts, social media services, email, forums, or other means. Organic or word-of-mouth buzz is what helps build your site’s reputation with both users and Google,
and it rarely comes without quality content.

Write better anchor text
Anchor text is the clickable text that users will see as a result of a link, and is placed within the anchor tag <a href="…"></a>.
This text tells users and Google something about the page you’re linking to. Links on your page may be internal—pointing to other pages on your site—or external—leading to content on other sites. In either of these cases, the better your anchor text is, the easier it is for users to navigate and for Google to understand what the page you’re linking to is about.

Use heading tags appropriately
Heading tags (not to be confused with the <head> HTML tag or HTTP headers) are used to present structure on the page to users. There are six sizes of heading tags, beginning with <h1>, the most important, and ending with <h6>, the least important. Since heading tags typically make text contained in them larger than normal text on the page, this is a visual cue to users that this text is important and could help them understand something about the type of content underneath the heading text. Multiple heading sizes used in order create a hierarchical structure for your content, making it easier for users to navigate through your document.

Optimize your use of images
Images may seem like a straightforward component of your site, but you can optimize your use of them. All images can have a distinct filename and "alt" attribute, both of which you should take advantage of. The "alt" attribute allows you to specify alternative text for the image if it cannot be displayed for some reason. Why use this attribute? If a user is viewing your site on a browser that doesn’t support images, or is using alternative technologies, such as a screen reader, the contents of the alt attribute provide information about the picture.

Make use of free webmaster tools
Major search engines, including Google, provide free tools for webmasters. Google’s Webmaster Tools help webmasters better control how Google interacts with their websites and get useful information from Google about their site. Using Webmaster Tools won’t help your site get preferential treatment; however, it can help you identify issues that, if addressed, can help your site perform better in search results. With the service, webmasters can:

• see which parts of a site Googlebot had problems crawling
• upload an XML Sitemap file
• analyze and generate robots.txt files
• remove URLs already crawled by Googlebot
• specify the preferred domain
• identify issues with title and description meta tags
• understand the top searches used to reach a site
• get a glimpse at how Googlebot sees pages
• remove unwanted sitelinks that Google may use in results
• receive notification of quality guideline violations and file for a site reconsideration

Please click here to download the original pdf file provided by Google

Original Source:
http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=35291

A very serious malware has surfaced in the internet and it proves to be very dangerous and malicious than the previous versions of similar malwares. The simple reason being it sends spam, sniffs ftp login details, overwrites .htaccess files to hijack your search engine results of your website and disables essential security software.
When users visit a site that is infected with this malware, it installs itself in the visitors machine and starts acting on it own.
 It installs malware on a victims’ machine that locally modifies Google search results, replacing the legitimate results with links to affiliates’ pages. This is presumably a money-making tool for the customers that pay the malware gang to distribute the attack.

"This malware may be used by attackers to monitor network traffic and obtain sensitive information, including FTP and login credentials, that can be used to conduct further exploits," said a United States Computer Emergency Readiness Team (US-CERT) advisory on the attack. FTP credentials could be used to inject the script into more sites, spreading the infection vectors.
The malware was originally delivered from a server with a Latvian IP address, according to managed security firm ScanSafe. A script inserted on hacked legitimate websites would force them to connect to the server, delivering a drive-by download to the victims’ machine.

Gumblar has spread rapidly because malicious JavaScript on compromised sites seems to be dynamically generated. That is, it can be different on every site, or even every page on a site.

“This is just the most recent example of legitimate sites being exploited to spread malware,” Samantha Madrid, a Cisco security product manager, told SCMagazineUS.com on Thursday. “What is unique to Gumblar is that it uses a multi-phased approach to propagate itself. It does not just deliver malware to the end-user.”

To deal with the problem, Cisco offers five tips to enterprises and web sites to deal with the problem:

The biggest threat is the targeting of web servers that can be compromised to become a host, thus a properly configured web application firewall will mitigate against the threat. Its vital that organizations should remind end-users of basic security principles regarding passwords and immediately force password changes. And any exchange of credentials should be done using encryption (HTTPS), never in the clear.
When using standard content management system (CMS) or forum software, keep it up to date, and be aware of new vulnerabilities. In addition, keep on top of passwords — don’t save them, unless they are encrypted, and make sure site components do not use default passwords

Sniffing FTP Login Details
This is very dangerous and malicious part of the malware function. It sniffs the ftp logins that are used by the infected systems to upload their contents. It then sends the sniffed login details to the remote attacker. Once the ftp logins are received the remote attacker starts uploading perl files [.pl], .cgi files, .js files, .php files, .htm files which contain injected iframe or malware redirection coding. Previously these coding were evident while viewing the source of the file. But of late, they have started inserting malicious code as ascii numbers or hexas so that a noivce developer will not notice quickly.
This type of injection cannot be scanned any anti-virus software as it wont be active unless it is view from a website.
This is also injected to a website directly without ftping via sql injection or vulnerable include files that have full write permission etc. Also if the users have unprotected directories with full permission, then they will be targeted to upload directly in to the server.

Sending Spam
Once the remote attacker uploads the malicious perl file using the password that he has sniffed using the above method, that file can be used to send spam mails / phishing mails at will. It is difficult to trace them or control them as most of the websites will have send mail enabled by default.

Hijacking the Search Engine Results
One common way these attackers use to spread this malware is to overwrite your .htaccess file to send all search engine hits from google/yahoo etc to their malware site. Hence as a user you might view the site when you access the site as www.domain.com but when you click on a search result of that domain in google or yahoo, it will be redirected to a malware website.

Disables Security Software
This malware is also capable of disabling the security software such as anti-virus in that system in which it is downloaded. But this type of disabling is more predominant in windows based systems only.

How to secure yourself from such an attack

1. First change the password for all your websites immediately. Make sure that ftp login details are tough and not easy
2. Review the code of your infected website particularly look for include files, .js files etc. Look out for iframe / sql injection coding / large sequence of numbers and digits
3. Look out in your sql database for any field that has junk codes or iframes injected
4. Check for your .htaccess file in various direcotries like public_html and see whether any undesired changes are done in it.
5. Check for any .pl, .cgi file uploaded in your website or in cgi-bin folder
6. Check for any unknown files appear nearly to your file names uploaded in your website.
7. The best way to safe guard is to keep a backup of your website, mail, database. Terminate the account. Recreate it in your whm. Review the coding and database thoroughly and upload your website.
8. Make sure that your local LAN and systems are with latest version of OS with proper updates
9. Make sure that all your security softwares are upto date and function properly
10. Do not allow any one to access unwanted sites in your local LAN or system or laptop
11. Make sure that a firewall such as Windows firewall or Zone lab firewall is installed and enabled in your systems
12. Warn all your customers about this issue and make sure that they also keep their systems clean and secure
13. Advise your customers to change passwords regularly and make sure that passwords are always tough
14. Advise your customers to use secure and safe ftp software while uploading web pages and desist from uploading via public terminals

Original Source:
http://www.scmagazineus.com/Experts-offer-tips-to-deal-with-Gumblar-malware/article/137256/
http://www.infosecurity-magazine.com/view/1833/gumblar-malware-attack-sweeps-web/
http://hostlogue.wordpress.com/2009/06/12/gumblar-malware/

Downtime on websites is becoming a far more widespread problem for site owners that ever before. Coupled with the increasing amount of e-commerce shopping websites, how do you know your customers have not already visited your website and moved on because of a website unavailability problem?
Every day, thousands of small ecommerce websites like yours drop offline and stay down for hours … even days before someone realizes what has happened! Your site probably goes down periodically and you don’t even know it.
Your website is your business as long as customers can reach it. Even if your website is up 99% of the time, this translates into over 7 hours per month where your customers cannot reach you.

Using a website monitoring service to ensure that your site is available 24hrs a day 7 days a week can save you much headache as well as increasing your chances of a sale.

Free Web Monitoring provides web site monitoring to webmasters and site owners absolutely free. Monitor your web site’s availability 24 hours a day, 7 days a week with instant email alerts and weekly web site performance.

Site24×7 is the easier, faster and more effective way to monitor the uptime and performance of your websites, online services and servers.

SiteUptime is a website monitoring service that checks your website at regular intervals and notifies you via email or SMS if it becomes unavailable. Multiple monitoring servers around the world run protocol based tests on your website at specific intervals (every 2, 5, 15, 30 or 60 minutes) 24 hours per day, 7 days per week, 365 days per year to ensure that your customers and users can reach your website. If more than one location detects a connection failure, an email or SMS alert is sent to you.

InternetSeer monitoring systems remotely check your website from several geographic monitoring stations at selected intervals. If the monitoring system is unable to reach the site, an email, cell phone or pager alert is sent to notify you of the problem. Some of the key web site monitoring services available include,
Availability Monitoring, Performance Monitoring, Link and Image Checking, Transaction Monitoring and Historical and Detailed Check and Alert Reporting

ServiceUptime is free remote website uptime monitoring designed to help you detect website downtime which can mean lost revenue and profits. The worst thing is users may never return to your website again if they experience difficulties opening your website. Register for free monitoring account and take control over downtime.Whenever your website becomes inaccessible or returns incorrect data the ServiceUptime alerts you within seconds of the event via email or SMS. Be notified instantly once your site becomes inaccessible!

 Some more sites that provide this service are:

• KillerSites.com
• e-Biz Monitor
• Host-Tracker.com
• Montastic.com
• Hyperspin.com
• CheckWebsite.org

 It is vitally important that your web site is in full working order at all times. Potential customers who cannot view your product/services or gain access to information because of errors or faults will quickly go elsewhere taking with them a bad impression of your Company. Losing a potential customer is bad enough but for them to leave with a poor impression of your Company is even worse.

So why do you need a Website Monitoring service?
Basically you need to know when your website is available and when it is not. By monitoring the situation you will have a clear picture of how your customers view your website. You need to know how long it takes your Web server to respond to requests and also be informed when major errors are encountered, such as pages not found, servers not responding, or Internet routing errors. Being notified that your site is unavailable to your customers – as seen from the Internet – allows you to begin troubleshooting before your irate customers call you.

A site that is frequently inaccessible is likely to lose you business and customers. A web server and web site which is easily accessible and responsive can only increase business for your Company. This is where website monitoring informs you where your server or web site problems lie.

Why Monitor a website for availability?
You may say that your web site has been designed by professionals and will not be subject to problems. There are many companies and some very big corporations who would have agreed with you until the problem hit them, now they know to their cost how damaging it can be not to have your web at 100% performance.

Many Companies are now using website monitoring to monitor their web sites. If you too are serious about your web presence then you need to look after your web site and, rest assured, if anything untoward goes wrong with your web site you’ll be the first to know and not a disgruntled visitor.

So what kind of errors can happen to website?
There are quite a number of things that cause web sites to have errors, some are listed below

    Web Server Failure Web Server Failure
    Faulty or inadequate programming code Faulty or inadequate programming code
    Malicious attacks and hackers Malicious attacks and hackers
    Unexpected user requests Unexpected user requests
    Viruses Viruses
    Navigation Errors Navigation Errors

These are just a few of the causes that can stop your web site from functioning correctly.

People often check out a firm or Company’s web site before making a decision to buy. It is therefore very important that a website is functioning correctly and the potential customer is not left with a bad impression of a business because of a fault. Even a minor error on a website could be damaging. Why spend time and money having a web site designed only to find out that your web site has been ‘down’ and unavailable.

If you don’t check your site frequently, how do you find out if everything is working as it should be? If you are busy, the temptation is to assume that all will be OK. After all, you’ve probably paid a professional website designer to do your Company’s site, so you might be forgiven for thinking nothing can go wrong. Unfortunately this is not the case. Websites need maintaining to keep them operating as intended. Things do go wrong and most probably will, just when you are least expecting it and you can’t blame the website designer in this case!

You are probably saying, "visitors can’t expect a web site to be operational 100% of the time", and that’s probably true. There are options to guard against websites that are unavailable for whatever reason. One way is to have a back-up site on another server and if your main site is down then visitors are redirected to your back-up site. However, this option is expensive. The best way of protecting your investment and customers and visitors is to have your website up and running and working correctly. The way to do this is by knowing immediately if your website has a problem so the matter can be speedily dealt with.

Reference Source: http://www.stevedawson.com/article0009.php

Minimize HTTP Requests

80% of the end-user response time is spent on the front-end. Most of this time is tied up in downloading all the components in the page: images, stylesheets, scripts, Flash, etc. Reducing the number of components in turn reduces the number of HTTP requests required to render the page. This is the key to faster pages.

One way to reduce the number of components in the page is to simplify the page’s design. But is there a way to build pages with richer content while also achieving fast response times?

• Combine multiple script files and css files into single files.
• CSS Sprites are the preferred method for reducing the number of image requests.
• Image maps combine multiple images into a single image.
• Reduce the number of images and files in the html page

Reduce DNS Lookups

The Domain Name System (DNS) maps hostnames to IP addresses, just as phonebooks map people’s names to their phone numbers. When you type www.yahoo.com into your browser, a DNS resolver contacted by the browser returns that server’s IP address. DNS has a cost. It typically takes 20-120 milliseconds for DNS to lookup the IP address for a given hostname. The browser can’t download anything from this hostname until the DNS lookup is completed.

When the client’s DNS cache is empty (for both the browser and the operating system), the number of DNS lookups is equal to the number of unique hostnames in the web page. This includes the hostnames used in the page’s URL, images, script files, stylesheets, Flash objects, etc. Reducing the number of unique hostnames reduces the number of DNS lookups

Avoid Redirects

The main thing to remember is that redirects slow down the user experience. Inserting a redirect between the user and the HTML document delays everything in the page since nothing in the page can be rendered and no components can start being downloaded until the HTML document has arrived.

Make Ajax Cacheable

One of the cited benefits of Ajax is that it provides instantaneous feedback to the user because it requests information asynchronously from the backend web server.
To improve performance, it’s important to optimize these Ajax responses. The most important way to improve the performance of Ajax is to make the responses cacheable, by adding an Expires or a Cache-Control header. Some of the other rules also apply to Ajax:

• Gzip Components
• Reduce DNS Lookups
• Minify JavaScript
• Avoid Redirects
• Configure ETags

Post-load Components

You can take a closer look at your page and ask yourself: "What’s absolutely required in order to render the page initially?". The rest of the content and components can wait.
JavaScript is an ideal candidate for splitting before and after the onload event. For example if you have JavaScript code and libraries that do drag and drop and animations, those can wait, because dragging elements on the page comes after the initial rendering. Other places to look for candidates for post-loading include hidden content (content that appears after a user action) and images below the fold.

Preload Components

Preload may look like the opposite of post-load, but it actually has a different goal. By preloading components you can take advantage of the time the browser is idle and request components (like images, styles and scripts) you’ll need in the future. This way when the user visits the next page, you could have most of the components already in the cache and your page will load much faster for the user.

Reduce the Number of DOM Elements

A complex page means more bytes to download and it also means slower DOM access in JavaScript. It makes a difference if you loop through 500 or 5000 DOM elements on the page when you want to add an event handler for example.
A high number of DOM elements can be a symptom that there’s something that should be improved with the markup of the page without necessarily removing content. Are you using nested tables for layout purposes? Are you throwing in more <div>s only to fix layout issues? Maybe there’s a better and more semantically correct way to do your markup.
The number of DOM elements is easy to test, just type in Firebug’s console:
document.getElementsByTagName(’*').length

Split Components Across Domains

Splitting components allows you to maximize parallel downloads. Make sure you’re using not more than 2-4 domains because of the DNS lookup penalty. For example, you can host your HTML and dynamic content on www.example.org and split static components between static1.example.org and static2.example.org
For more information check "Maximizing Parallel Downloads in the Carpool Lane" by Tenni Theurer and Patty Chi.

Minimize the Number of iframes

Iframes allow an HTML document to be inserted in the parent document. It’s important to understand how iframes work so they can be used effectively.
Pros:

• Helps with slow third-party content like badges and ads
• Security sandbox
• Download scripts in parallel

Cons:

• Costly even if blank
• Blocks page onload
• Non-semantic

No 404s

HTTP requests are expensive so making an HTTP request and getting a useless response (i.e. 404 Not Found) is totally unnecessary and will slow down the user experience without any benefit.
Some sites have helpful 404s "Did you mean X?", which is great for the user experience but also wastes server resources (like database, etc). Particularly bad is when the link to an external JavaScript is wrong and the result is a 404. First, this download will block parallel downloads. Next the browser may try to parse the 404 response body as if it were JavaScript code, trying to find something usable in it.

Original Source: http://developer.yahoo.com/performance/rules.html

Microsoft fixes 28 flaws; 6 are critical

Microsoft on Tuesday released its December 2008 security bulletin. The "critical" bulletins affect Windows GDI, Word, Excel, Internet Explorer and Windows Search. The "important" updates affect SharePoint and Windows Media Components. Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches.
All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed in our forum, in the following link: http://support.fuchsiasoft.org/microsoft-fixes-28-flaws-6-are-critical-t73.html
To read more about this,please read this from our forum post

Holiday Cyber Scams

As the calendar dates for Christmas and Hanukkah quickly approach, scam artists are looking to take advantage of consumer shopping anxiety to make illicit gains. Your local Better Business Bureau is warning consumers of a new string of phishing e-mails making the rounds this holiday season. Scammers are posing as well-known companies that do a lot of business this time of year, attempting to steal personal information such as Social Security or credit card numbers.
“While most of the country is promoting peace and love this holiday season, criminals are spreading computer viruses and stealing identities,” said Tim Burns, Public Affairs Director of the Better Business Bureau Serving Eastern Michigan. “Hackers pose as trusted businesses to take advantage of the seasonal increase in online shopping and shipping. They utilize holiday themed messages to lure people into online scams and frauds”
The BBB has spotted a recent trend of phishing scams aimed at people celebrating the holiday season. Beware of these phishing scams that are circulating the Internet.
You could read more about it from our forum post in the following link: http://support.fuchsiasoft.org/holiday-cyber-scams-t74.html

Virus in your PDF file attachment – W32/AdobeReader.K

F-Secure has been monitoring a large mailing of malicious PDF files. These PDF files exploit a recent vulnerability. When such PDF files are viewed on vulnerable machines, they get infected. An unknown party has been sending out tens of thousands of mails with Subject-lines like:
Your credit report
Personal Financial Statement
Your Credit File
Balance Report
The mails contain no mail body, only an attachment called "report.pdf". When opened, the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and IE7 and downloads further malware from a server in Malaysia. The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity.
To know more about this virus, follow it in our forum post in the following link:http://support.fuchsiasoft.org/virus-in-your-pdf-file-attachment-w32-adobereader-k-t55.html

To know more about latest virus and its possible fixes, please check out our forum dedicated for new virus alerts
You could check more topics in the following link:http://support.fuchsiasoft.org/new-virus-alerts.html