Avinashsing Sunkur

A few days ago, I was trying to update a record in my database and encountered an error message in the form of “Incorrect key file for table xxx.MYI”. Since the update was not really that important, I decided to ignore that warning but this was a very big mistake that I would regret later. I went out for the day and when I came back at night, I found that my traffic has plummetted and when I investigated, I found that the table that was having problems earlier has crashed. So I decided to find reasons why MySql tables would crash and they are as follows:

• Unstable operating system
• Problems with the hardware
• Power failure
• Corrupted data or index files
• MySql server host was killed during an update
• External program manipulating the data or index files at the same time as MySqlId without locking the table properly

There may be other causes for MySql to crash but the reasons above are more common.

How to repair a crashed MySql table?

Fortunately MySql tables which have been crashed can be repaired quite easily. All you have to do is use PhpMyAdmin or another MySql client program and run the repair command on that table (REPAIR TABLE employee). This will bring back the table in a consistent state. You can also use CHECK TABLE employee to see if there are any problems with the tables in your database. There are additional options that you can use when repairing/checking your tables but using the syntax without them should work just fine.

How detrimental can it be to have crashed MySql tables?

The MySql table in my database crashed around 15:00 and it was not until 22:00 that I noticed the problem. That’s the problem when you’re on shared hosting – you don’t get any notifications of problems and when you email support, it takes time for them to get the problem fixed. My website is database driven which means that if the database is down, the whole website is brought down. Running the repair command took less than a minute though and everything was back up after the table was repaired.

However I lost half of my daily traffic within that time and lost half of my revenue as well. Of course, having a website that’s not working is not good for your visitors and losing money is not something that you want but those are not the biggest problems. For the duration of the downtime, search engine spiders (GoogleBot) may be crawling your website and when they encounter problems with the site, they can quickly remove your webpages out of their index and that will cost you even more than 1 day of downtime. Your rankings might suffer as well as a result of the downtime.

Everyone these days seem to have a facebook account. Why shouldn’t they? Facebook has become a central point of communication in our daily life and helps us stay in touch with friends and family and see what they are doing without much effort. Holiday pictures, video albums and latest gossip are at out fingertips and as more people join the network, it becomes even more important for us webmasters to leverage the power of Facebook.

Use Facebook Connect to give visitors an alternative to registering on your website

Let’s face it – nobody likes having to register on websites to access a service, whether it’s for commenting on an article or asking a question on a forum. With so many websites out there, it becomes very difficult to keep track of the different username/password for each site and this is a major put off for a lot of visitors. By allowing the visitors of your site to login using Facebook, you’ll get more people to post on your site or better still engage more. You will get access to the visitor name, email address, friends and a lot more. All the essential details that you want to capture in your registration page will be made available to you with Facebook Connect. Of course this should be used to complement your own registration page because not everyone is on Facebook and you cannot just allow anyone to engage with your site without registration because that’s going to get the attention of spammers but using Facebook Connect will make users engage more with your site.

Let other people know about your content with Facebook Share button

Facebook Share button is a bit different from Facebook Like button and is meant to be used to allow sharing your content even easier. If you display a Facebook Share button on your site and a user clicks it, your content will be made available to all the friends of this user. This is viral marketing in its simplest. The average Facebook user has around 120 friends and that content will be read by that many people if not more. A count of the number of times the content has been shared is shown next to the button as well and this shows how popular was content is.

Facebook Like button is a great way to get more people to visit your website

When people click on the Facebook Like button on your website, it tells you how many people actually like your content and since this is syndicated to the user’s activity in Facebook, you will get other people to your site who want to check what it is all about.  Some people like using the Like and Share button alongside and it’s not that difficult to set up even for beginners.

Facebook API

If you have a website, you’ll need to get a Facebook API key to get the most of what Facebook has to offer you. You can use the Standard JavaScript SDK to enable Facebook features on your site but you’ll need access to that API key. Of course, if you’re a more experienced programmer, you can always code your own things and get more advanced features by querying Facebook.

I was contacted by someone on a popular webmaster forum to buy a link on a .gov.uk site which has a valid PR6. The government site belongs to a council and because government sites tend to link to each other a lot, it has a lot of good quality inbound links. Getting links on such a site can really boost your ranking especially if you use a good targetted anchor text. However they are very hard to come by. Unless you’re a non-profit organisation or offering something unique which would be beneficial for the .gov.uk site and at the same time be relevant, you’re not going to get a link from them.

Part of me wanted to buy the link because I know that it will increase the PR of my site and boost my rankings as well. The price was $150 for 3 months, $250 for 6 months and $400 for 12 months. The link would be placed on the homepage and you get to choose your anchor text. I was curious and wanted to see if other people have purchased links on that PR6 .gov.uk site. All paid links were placed like halfway down the homepage as follows:

As you can see from the above example, all these links look like spam even if it comes from a reputable website such as this .gov.uk one. Placing your website’s link there could do you more harm than good. It is not worth paying $400 a year to get such a link. If you’re already receiving traffic from Google, why would you want to risk your organic traffic and be penalised?

I didn’t include the URL for this .gov.uk site deliberately but the only reason you can buy links on there is because they’ve got an immoral person working for them. Councils are not stupid to publicly do this sort of thing but a staff who has got access to the website (probably an IT guy who maintains the website content) decided to do a little business on the side. I’m pretty sure the council is not aware of this and the moment they find out, they will fire him.

The conclusion is that buying links can jeopardise your website a lot. You’re better off using whitehat techniques and moving up the SERPs slowly but surely than regretting the big mistake of thinking you’re purchasing once in a lifetime link deal to boost your rankings.

Sometime around 28 April 2010 t0 3rd May 2010, many webmasters noticed an unusual change in the SERPs. This has been named the Google Mayday Update. The ranking algorithm was changed to make search more relevant as always. But what was this update all about? This change is most noticeable for long tail keywords rankings. Many large sites have seen a drop in traffic because they were no longer ranking for the long tail keywords (or have been dropped several places in the SERPs) and this has consequently plumetted their traffic.

Before the Google Maydate Update, a website was able to rank for long tail keywords based on domain authority. So if you had a website about finance with a high PR homepage, domain trust and good rankings for your primary keywords, then you would be able to get long tail traffic easily (eg rank for best car insurance for young drivers) if one of your finance articles mentioned a few of the long tail keywords being searched for. This was true even if your article was placed quite far from the homepage (many clicks to get to it) and also if there were few or none links pointing to it.

Solution for the Mayday update

Many ecommerce websites use generic description of products from manufacturers and as you can guess, this give rise to duplication. Now the problem is that as a customer who wants to by a particular product, you don’t want to click on each of the results on google when you have done a search and end up seeing the same description and everything for a product. You want to see something unique, something that’s going to help you in your decision making process. This is why google has started to filter out similar pages with the Mayday Update. This is supposed to help with user experience and bring more relevance to searches.

Your first step if you have been hit by the Mayday Update is to look at the pages on your site and analyse them. If you have the same content that’s practically on everyone else’s site, then you have a problem. You need unique and original content for your site but that might be hard if you have thousands of pages. User generated content is a way to add uniqueness to your product pages. You can give users the facility to review the products on your website. Don’t just show the good reviews and filter out the bad ones though! There needs to be a balance of reviews, both good and bad, otherwise people are going to find it unnatural and you’ll eventually lose potential customers (more on that some other time).

The other thing you should do is create more links to the inner pages of your site. Many people like getting links to their homepage. That’s good if you want your homepage to rank but if your other pages are buried deep down in your site, like requiring 5 clicks to get to it, well then chances are google will not index it but if it does, it may not rank it well. The closer to the homepage the better but if you can’t do that, then you need external links to point to these deep pages. This will show to Google that your page contains worthy content.

Conclusion

What many people fail to realise is that you do not need to stay ahead of Google to ensure long term ranking. Google’s aim is to provide the most relevant and accurate results for a given search query. If you align Google’s aim with your website, you’ve already secured your website’s future. So instead of changing your website everytime Google makes an algorithm change, you just need to focus on creating a better user experience for your visitors and delivering better content/services to help them out.

Have you ever wondered how you can consume a web service in PHP? Although I code main in C#, I run quite a few sites in PHP and I wanted the ability to automatically notify ping servers when new content is available at my websites. This will bring the search engine crawlers almost immediately to my sites and get my content index faster. This is automatically done in WordPress by pinging PingOmatic but for sites which run my own Content Management System (CMS), I had to do the pinging myself.

You can easily do the pinging in PHP but I wanted the ability to send pings for scheduled content release. For if my content is going to be published on a date in the future, I need to be able to send the ping at that point in time. You can get a cron job to run a script for you or like WordPress does, hook a function to all HTTP requests to see if there are any pings to send. However I find the latter innappropriate and the former is just well PHP scripts and I’d rather have it done in C#.

My idea is to create a Web Service which will accept the title of the content, the URL where the content can be found and the publish date. This will then be saved in a table. A Windows Service will then check the table to see if any pings need to be sent. My Windows Service will run at say 30 mins, pretty much like a cron job.

Okay back to consuming web services in PHP, if you use the PHP function to do that, you will get some problems (I can’t recall exactly which one it was when I was googling). The best way is to use NUSOAP. You just need to download it from SourceForge and upload nusoap.php to your server. Once that is done, you can easily consume any web services as follows:

$client = new nusoap_client('http://www.mydomain.co.uk/Services/Ping.asmx?WSDL', 'wsdl');

$err = $client->getError();
if ($err) {
//echo '<h2>Constructor error</h2><pre>' . $err . '</pre>';
return $err;
}
// Doc/lit parameters get wrapped
$param = array('title' => $title, 'url' => $url, 'publishDate' => $publishDate);
$result = $client->call('Schedule', array('parameters' => $param), '', '', false, true);
// Check for a fault
if ($client->fault) {
//echo '<h2>Fault</h2><pre>';
//print_r($result);
//echo '</pre>';
return $result;
} else {
// Check for errors
$err = $client->getError();
if ($err) {
// Display the error
//echo '<h2>Error</h2><pre>' . $err . '</pre>';
return $err;
} else {
// Display the result
//echo '<h2>Result</h2><pre>';
//print_r($result);
//echo '</pre>';
return $result;
}
}

It is very straightforward to call a web service with nusoap and I recommend it. You can find more examples of how to call web services when you download the codes from Source Forge. The above did the trick for me.

I run quite a few sites and on some of them I’ve installed WordPress for convenience. Every now and then a new version of WordPress is released and I like to keep my installation of WordPress up-to-date so that I’ve got the latest security patches and new features which have been developed. For earlier versions of WordPress (before 2.7), you had to do the install manually but with WordPress 2.7, you now have the option to upgrade automatically. As soon as a newer version is available, you have a link in the admin panel telling you to update your installation. You should be able to click on the update link and WordPress itself will download the latest files, extract them and update your WordPress accordingly. On one installation, it took no more than 15 seconds to complete the upgrade. However on my other hosting accounts, I’ve found that I just cannot update the software as it keeps asking me for my FTP details.

I know for a fact that the automatic upgrade should work but I wanted to give the FTP connection a go as well and it didn’t run as expected. WordPress couldn’t either extract some files or couldn’t create folders/files. I could have fixed the problem by giving write access to the required folder but I thought it was getting a bit too much as I don’t like the idea of putting my username/password for FTP in the first place. So I decided to find out a solution to the automatic upgrade problem instead and I spent hours researching the topic.

Here are the solutions that I tried:

• define(‘FS_METHOD’, ‘direct’); in wp_config.php (didn’t work)
• Give write permissions 777 to the whole wordpress directory for testing (didn’t work)
• Editing file.php (found in wp_admin/includes) so that getmypid() is returned instead of getmyuid() (didn’t work)

If you’ve got full access to the server where wordpress is installed, you should be able to fix the problem easily but if you’re on shared hosting, things get complicated. My wordpress files/folders are owned by me on the hosting account but when a php script is executed, it runs as the nobody account. This is the default apache user that the server uses to run scripts on the shared hosting and that’s what is causing the headache. WordPress does a test to see if a file is owned by the current user executing the script and if that fails, it promts you for your FTP connection details.

I’ve looked into ways to overcome the problem but the shared hosting account doesn’t give me shell access, otherwise I would have been able to change the owner of the files/folders. If I get to run apache as my own user account, I should be able to get the wordpress automatic upgrade to succeed but I’m still looking for a solution at the moment. I’ve looked into php scripts executing commands (with exec) but I’ve still got to learn how to use that. If you’ve got the solution, then let me know.

Many people believe that updating your website regularly is the way to achieve higher rankings in the search engines. This is not entirely true and I’ll explain why. As the web index grows bigger and bigger, search engines like Google and Bing are looking for better ways to determine what content is worth including in their index and which ones to drop. Duplicate content is obviously not going to work for rankings and if you’re rewriting content by saying the same thing in a different way, then this will not work as well. You need to be adding something original to your articles to make them stand out from all the other articles about the same subject. This is  the long term strategy and will protect you against future algorithm changes just like Google Caffeine.

Now coming back to why updating your website/blog regularly is not worth it if you’re just recycling content, you need to understand how rankings come into the play. Links play an important role in increasings your SERPs but that’s not everything. Search engines try to provide the best results for any given query; that’s their aim and hence they make algorithm changes every now and then to refine the results you see for a more perfect match. If you were to do a cosmetic surgery for some reason or another, you would go to a professional, wouldn’t you? You would consider a surgeon who is known to deliver results and this can be checked by looking at the success rates and past customer experiences and the like. In the search engine world, the same principle applies. If you own a website about “cosmetic surgery”, then you would need to have pages which talk about the different kinds of surgery available, for example, liposuction, nose job, botox etc. By having multiple pages about the different aspects of “cosmetic surgery”, you show off your expertise in this area. You will be trusted in the “cosmetic surgery” industry and search engines will love you for that. This is how domain authority is achieved.

But wait, it’s not as simple as it looks though. If you’re not providing compelling and original content which is of value of visitors of your site, then you wouldn’t move up the rankings. Each new page that you put up on your site can be a boost for the ranking of your keywords only if it is on-topic and original. Google needs to think it’s good enough to keep in its index and by targetting related things to your keywords, you would increase your power of ranking for those keywords.

Creating new content on a daily/weekly/monthly basis can bring you extra traffic provided your content is unique. If these articles address related terms for the theme of your website, you will see move up the SERP over time as you gain more trust from the search engines due to the targetting of secondary keywords/long tail keywords. However if you’re adding articles just for the sake of keeping your website updated frequently, then you will not see any benefits from it.

New content will definitely bring GoogleBot to your site more often but after Google has crawled your new content, it won’t index it if it offers nothing of value. Therefore it is better to take the time required to write a good quality article rather than rushing to write dozens of articles which people are not going to appreciate. Don’t write for the sake of writing, write to address problems that your visitors may encounter, give information that will be helpful to the visitors and in time, you’ll reap the benefits of this long term strategy.

A lot of people want to be able to run as many sites as they want with just one installation of WordPress. Before WordPress version 3.0, you had to use WordPress MU (Multi User) which was not in line with the actual WordPress codes. So basically you would be able to have any number of sites running on WordPress MU but you may miss out on some functionalities. This was not such a big deal for many people who liked the idea of running many websites/blogs from just 1 installation but now with the release of WordPress 3.0, this has been made even more simple.

The greatest benefit of being able to have a many sites on one single wordpress installation is maintenance. You just need to update your files in one place rather than update it in several places as soon as a new version comes out. It is advisable to upgrade to the latest stable version of WordPress as soon as it’s made available. So this is a big time saver in terms of updating but as well as launching new sites.

When I first tried WordPress MU, I was very keen to get my sites running but I eventually found out that to be able to run different domains on WordPress MU, you need to get a wildcard mapping for subdomains. Now because WordPress MU has been merged into WordPress 3.0, you have the same problem. I remember how difficult it was to set up and I eventually gave up.

So if you have your main blog at www.example.com and want www.myotherdomain.com to be hosted on WordPress 3.0, then you’ll have to do a wildcard mapping. Now if you’ve got a dedicated server, you can get it done quite easily but if you’re on shared hosting, then this may be a problem because some hosting companies don’t allow wildcard mapping. If you manage to do it though, there will be another problem. If you had a subdomain like subdomain.example.com, it will stop working because of the wildcard now. So you’ll have to come up with a way to handle that.

I think the idea of hosting multiple sites/blogs is very appealing especially if you want to create niche websites with just a couple of pages. However WordPress 3.0 is not ideal for that purpose nor is WordPress MU. On the other hand WP Hive which is a plugin for WordPress works brillantly.

When I heard that WordPress 3.0 allows multisite creation, the first thought that came to mind was that WP Hive will become dead (redundant) now but that’s not the case. The official documentation of WordPress 3.0 shows that you need wildcard mapping whereas with WP Hive, you only need to add the domain you want have have wordpress on as an addon domain.

I like simplicity above everything else. For those on shared hosting, I suggest you have a look at WP Hive if having multisites/multiblogs on 1 wordpress installation is what you need.

Applications which require users to register need to store the user details in some kind of data store and if you’re storing sensitive information like passwords, it is imperative that the passwords are encrypted before you store them. Often, it is easier to just store the passwords as clear text to avoid the hassle of having to encrypt/decrypt the password before using them but this will eventually lead to a BIG security flaw in your application.

Some people think that because they’ve got a small web app, they are not really at risk of hackers but the truth is that there are sick people out there who enjoy looking for vulnerabilities in your website. Of course there’s a password to access your dababase and that provides a first level of security but if that database password is compromised, then all your users will be at risk. You might be thinking what’s the worse that can happen if somebody manages to get the passwords of your users, right? Well they will have the power to impersonate that user on your site first of all, but wait this does not end here. If your website just allow registered users to post comments, it’s not just the fact that the hacker will be able to post comments on your site but research has found that many people use the same passwords for a lot of sites. Surely the hacker can get the email address of the person and if he can get into their email, he might also be lucky to find other sites which he can log into as well, pretending to be the said user. This is not something that you wish happen to you, so security is the first thing that we need to think about.

It is important to note that if you have a database administrator, he will have unrestricted access to your database and will be able to read your users’ passwords and may use them in unethical manners (hopefully he won’t,  but you should never take the chance).

Encryption/Decryption

Instead of storing the passwords as plain text in the database, you could encrypt the password and that would add a nice layer of obscurity to it but if you can encrypt it, then you can also decrypt it the same way that it was encrypted. This is because encryption/decryption engines use a key to do the work and the key can be guessed or found and this will make it easy to get the password.

Hashing algorithm

A much better way to secure the passwords is to hash them. Hashing is a one way algorithm in the sense that once you’ve got it encrypted (hashed), you cannot get it decrypted. When the user enters his password on your site, you hash the password that he entered and check the hashed value that you get against the hashed value in the database for the user’s record. It it matches, it means the user has entered the correct password.

That’s all good but because many people tend to use common names found in dictionary as their password, hash tables have been created to perform a dictionary attack on the passwords which have been hashed. Say you’ve hashed the password ‘prince’ with SHA1 and a hacker manage to get a positive sign that his hashed password ‘prince’ matches your one. This means that he will know the password. Therefore it is advisable to salt the hash to make dictionary attacks less successful.

Hashing with a salt

Before you actually hash the password, you add a salt to it, so you hash (salt + password). It is better to add the salt at the beginning of the password rather than the end. A salt is just a random word. You can create a random set of characters to use as the salt and store them together with the password in the database. The added benefit is that is two users have the same password, the hash value of their passwords won’t be the same because you’ve got a random salt added to their passwords which means a hacker cannot for sure know whether people are using the same passwords.

It is better to use a random salt rather than a single salt because the latter will make it that little bit easier to crack the password but with a random salt, the hacker will need to perform comparison for each password by using the salt and hashed password. This will increase the time taken for them to get the passwords and give you time to notify your users to change their passwords, if you know that your site’s been compromised that is.

Which cryptography to use?

MD5 has shown weaknesses and there are concerns around SHA1 because of some vulnerabilities. I’d consider using SHA256 although SHA512 is more secure. The reason is SHA512 takes twice as long to compute and I believe SHA256 is good enough for security at the moment. Let’s see what SHA-3 will give us, eh?

I’m finding it really hard these days to focus on my work. It’s been a long time since I decided to rewrite of my websites and I only seem to be gathering ideas rather than putting them to practice. I’ve noticed that when I get bored with what I’m currently doing, I just log onto facebook and see what other people are doing. It’s pretty much just gossip but it’s kind of addictive. Therefore I’ve decided to take a 30 day challenge of not using facebook.

I started this challenge yesterday (16th of June 2010) and I’ll be completing the challenge in a month’s time, on the 16th of July 2010. I don’t have many friends on facebook, probably like 25 friends but the problem that I’m experiencing is that whenever I want a break, I just sign onto facebook and without realising I’ve wasted some 30 mins.

It will be good to see if I become more productive without facebook. I might even consider suspending my account so that I don’t receive any updates through email but for the time being I’m just leaving it as is.