Web Design Blog

Users of the web hosting service GoDaddy had their accounts compromised for months before learning about the breach. The attackers were also able to compromise websites’ security certificates.

SCAM ALERT! Coming from PaulGoldberger.com domain:

Below is a copy of the (horribly written) message that I received -

This Notice for: yourcompany.com will expire at 11:59PM EST, 5 - Nov. - 2021 Act now! Choose your package: https://paulgoldberger.com/domain/?domain=yourcompany.com

Attention: Important Notice , DOMAIN SERVICE NOTICE

Beware of these types of messages that are coming through website's contact forms:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: 7188683382

Purpose: Newsletter

Message: Hi, I'm Donnie,

I recently saw that there's the "error 500" showing on many of your website pages. I'm positive that all these errors will not be appreciated by your current customers and you are literally losing profits as a result, and additionally they can significantly decrease the volume of visits from Google.

I've been getting these spammy messages through my contact forms lately, figured I would share so that others don't get rattled by this type of nonsense. 

I made the following video to walk through and discuss the traditional "hamburger" menu as it compares to the Off-Canvas sidebar.

The short version is the off-canvas sidebar option gives a lot more power: it can be used for more than just the mobile menu. 

Watch the video to discover the ins and outs!  

Lately I've been wondering if the Google Analytics script is going extinct. A recent political campaign gave me some statistics to examine, and I'm having a tough time reconciling Google Analytics data with my web server stats.  It seems the web server, and the CMS, are reporting a lot more traffic than Google recognizes, likely because Google Analytics' script is blocked by many ad block scripts, privacy oriented browsers, etc.

Google is announcing Core Web Vitals will become ranking signals in May 2021 in an update that will also combine existing UX-related signals.

The ‘page experience’ signal combines Core Web Vitals with the following signals:

• Mobile-friendliness
• Safe-browsing
• HTTPS-security
• Intrusive interstitial guidelines

Core Web Vitals were introduced earlier this and are designed to measure how users experience the speed, responsiveness, and visual stability of a page.

My client forwarded me this scam-solicitation earlier today and I am posting it as a warning to everyone - watch out for this "Web Envy Solutions" based out of Stafford, TX.  

The interesting part about this particular scam is they didn't email it to my client: they FAXED it!  

End-to-end encryption is one of the key features promised by ProtonMail, with a zero-access setup ensuring that not even ProtonMail can see what your messages are about. What’s more, the code and cryptography that ProtonMail is built on open source and available for anyone to see, so there’s no chance of any back doors being hidden away.

On top of the encryption, the service offers other features designed to protect your privacy. You don’t need to provide any personal details when you sign up, for example, and ProtonMail doesn’t keep IP logs of your account access. There’s also the option to set an expiration date for sent email messages, so you can use your email account more like you use Snapchat.

I noticed recently that a handful of sites had broken pagination: clicking through "Page 1 - 2 - 3 - 4" at the bottom of my blog pages, for example, were leading to URL issues where it didn't matter if you clicked on Page 3 or page 4, both pages were linking to /page-2.html or similar.

Deciding whether or not to show the number of or "hits" or "views" that an article has received is easy with Joomla: you toggle them globally, and on a per-article basis. So if you have an blog with relatively low traffic, but you have a popular article where you want to show how a hit counter, it's easy: disable the view count globally and enable it for the individual article.

After a while, this starts to get old, because you generally post an article without the hit counter showing and then if it gets a lot of traffic, you want to turn it on.

General Strategy: Multiple "Wallets"

Your day-to-day wallet will probably be tied to a centralized bitcoin exchange, like a Coinbase account. With Coinbase, you can create multiple wallet addresses under a single account (suppose you have 3 or 4 businesses, each could have their own Wallet Address that gets used for receiving payments). I think of Coinbase as your starting point: you'll most likely be using Coinbase to convert your $USD-based checking account funds into Bitcoin (or whichever cryptocurrency you choose).

Create your free Coinbase account now!
(affiliate link)

Your second wallet should be created manually, not connected with Coinbase. 

Continue reading this article on my blog...

A client recently received this letter with CORRECT domain expiration date and no clear "SOLICITATION" warning. 

In the text I circled the only actual disclaimer stating "This notice is not a bill, it is rather an easy means of payment should you decide to switch your domain name registration to Domain Registry.  

The real scam here is they were trying to charge $50/year for domain registration!  This should be lower, more like $10-20/year depending on whether you have a dot-com or dot-org or something else.  

For anyone wondering if their Twitter feeds are doctored...

Public Service Announcement:
Beware of the latest Craigslist scam, where they attempt to gain access to your Google account by tricking you into sending them the two-factor authentication codes!

While the GDPR laws are written for EU countries, many of my enterprise-level clients have been asking me to add scripts and plugins related to addressing these basic rights:

1. The right to access.
2. The right to be forgotten.
3. The right to data portability.
4. The right to be informed.
5. The right to have information corrected.
6. The right to restrict processing.
7. The right to object.
8. The right to be notified.

(original article)

Ecommerce site’s “blind trust” makes the service a perfect place to dump data.

Hackers are abusing Google Analytics so that they can more covertly siphon stolen credit card data out of infected ecommerce sites, researchers reported on Monday.

Payment card skimming used to refer solely to the practice of infecting point-of-sale machines in brick-and-mortar stores. The malware would extract credit card numbers and other data. Attackers would then use or sell the stolen information so it could be used in payment card fraud.

ZOOM, THE video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

With millions of people around the world working from home in order to slow the spread of the coronavirus, business is booming for Zoom, bringing more attention on the company and its privacy practices, including a policy, later updated, that seemed to give the company permission to mine messages and files shared during meetings for the purpose of ad targeting.

We are urging all clients to enable "2FA" (2 factor authentication) for any web-related dashboards:

• Domain registration (e.g. GoDaddy supports it, Network Solutions not yet)
• Hosting control panel (e.g. InMotion, SiteGround)
• CMS control panel (e.g. Joomla, Wordpress, Drupal)
• Newsletter / Subscriber (e.g. Mailchimp supports it, Constant Contact not yet)
• Google (Analytics, Adwords, Adsense, Webmaster Tools, etc.)

A few articles that I want to share:

• SEMrush SEO Writing Assistant - Plugin for Google Docs - checks your content for SEO friendliness on the go
• GDPR, Data Protection, and You: It's not just for the EU and California!  How to create a "compliance plan" when it comes to storing sensitive information, obtaining consent, and managing that data.  
• It's Not About SSL Certificates: Clarifies a common misconception that adding an SSL certificate makes your site more secure.  Incorrect!  It makes the traffic to and from your site more secure, but doesn't help with software / server / plugin vulnerabilities.  
• Multi-Column Editing in Joomla: For any clients who want to be able to edit multi-column content using a clean, responsive, browser-based content editor