The Little Geeni

Three Ways To Index Your Site With Google Sitemaps [Difficult,
Hard, And Easy]

Google has recently implemented a program where any webmaster
can create a Sitemap of their site and submit it for indexing by
Google. It is a quick and easy way for you to keep your site
constantly indexed and updated in Google.

The program is appropriately called Google Sitemaps.

In order for you to best use Sitemaps, you must have an XML
generated file on your site that will transmit or send any
updates, changes, and data to Google. XML (Extensible Markup
Language)is everywhere these days, you have probably seen the
orange XML logo on many web sites and its often associated with
Blogging because Blogs use XML/RSS feeds to syndicate their
content.

Today RSS is known mostly as ‘Really Simple Syndication’ but its
original acronym stood for ‘Rich Site Summary’. XML is only
simple code like HTML and it is used to syndicate your content
to all interested parties.

And the interested party in this case is Google. By creating
Sitemaps, Google is really asking webmasters to take charge of
the indexing and updating of their sites. Basically, doing the
Googlebot’s job!

This is a ‘Good’ thing! With the steady influx of new web sites
growing rapidly, indexing all this material will become a
challenge, even with the resources of Google. With Sitemaps,
websmasters can now take charge and make sure their site is
crawled and indexed.

Please note, indexing your site with Sitemaps WON’T improve your
rankings in Google. You will still be competing with the other
sites in Google for top positions. But with Sitemaps you can
make sure all your pages are crawled and indexed quickly by
Google.

There are some other big advantages of using Google’s Sitemaps -
mainly you have control over a few key variables, attributes or
tags. To explain this as simply as possible, your XML powered
sitemap file will have this simple code for each page of your
site:

http://www.yoursite.com/ 1.0 2005-07-03T16:18:09+00:00 daily

Along with ‘urlset’ tags at the beginning and end of your code,
and an XML version indication – that’s basically your XML file!
File size will depend on the number of webpages you have.

Taking a closer look at this XML file:

location – http://www.yoursite.com – name of your webpage

priority – you set the priority you want Google to place on that
page in your site. You can prioritize your pages: 0.0 being the
least, 1.0 being the highest, 0.5 is in the middle. This is ONLY
relative to your site. It will not affect your rankings. Why is
this important? You have certain pages on your site that are
more important than others, (home page, high profit page, opt-in
page, etc.) by placing high priority on these pages, you will
increase their importance in Google.

last modified – when you last modified that page, this timestamp
allows crawlers to avoid recrawling pages that haven’t changed.

change frequency – you can tell Google how often you change that
particular page. Never, weekly, daily, hourly, and so on – if
you frequently update your page this could be extremely
important.

Why do I need a XML Generator?

In order for this XML sitemap file on your site to be constantly
updated, you need a Generator that will spider your site, list
all the urls and automatically feed them to Google. Thus
constantly updating your site in Google’s massive index or
database. Keep in mind, Google also gives you the option of
submitting a simple text file with all your URLs.

Now there is already a flood of these generators popping up!
Different ways of generating your XML powered sitemap file. More
are probably appearing as you read this. For your convenience,
three ways to generate your XML Sitemaps file are listed below:

Difficult – Google’s Python Generator

That’s a relative term, if you know your server like the back of
your hand and installing scripts doesn’t scare the bejesus out
of you, you’re probably smiling at the word difficult. Google
supplies a link to a generator which you can download and set up
on your server. It will cough up your sitemap XML file and
automatically feed it to Google. Google XML Generator

https://www.google.com/webmasters/sitemaps/docs/en/sitemap-

generator.html

In order for this Generator to work, Python version 2.2 must be
installed on your web server – many servers don’t have this. If
you know what you’re doing, this will probably be a good choice.

You don’t need a Google Account to use Sitemaps but it’s
encouraged because you can track your sitemap’s progress and
view diagnostic information. If you already have another Google
Account gmail, Google Alerts, etc. just use that one to sign in
and follow directions from there.

To submit your Sitemap using an HTTP request, issue your request
to the following URL:

www.google.com/webmasters/sitemaps/ping?sitemap=sitemap_url

Hard – A PHP Code Generator

This is a php generator that you can place on your server. This
generator will spider your site, and produce your XML sitemap
file. Download the phpSitemapNG and upload it to your server.
Run the generator to get your XML sitemap file and send it to
Google. PHP Generator http://enarion.net/google/

Again, this is only hard to do if you don’t know your way around
PHP files or scripts.

Easy – Free Online Generator

These Generators are popping up everywhere, and Google now keeps
a list of these ‘third party suppliers’ of generators on their
site. Find them here: http://code.google.com/sm_thirdparty.html

One of the easiest to use is http://www.xml-sitemaps.com/ and
you can index up to 500 pages with this online Generator very
quickly and it will give you the sitemap XML file Google needs
to index your site. It will go into your site, spider it and
index all your pages into an XML sitemap of your site. You can
download this file, Compressed or Non- compressed and make minor
changes such as setting the priority, changing frequency, etc.

Then upload this file to your site as sitemap.xml to the root
directory of your server i.e. where you have your homepage. Then
notify Google Sitemaps of your XML file and you’re in business.

Of course, the only drawback, if you constantly add pages to
your site you will need to also add these pages to your XML
sitemap file. This won’t be much of a problem unless you’re
daily adding pages to your site – then you will need something
like the PHP or Python generator to do all this for you
automatically.

Google is still the major search engine on the web so getting
your pages indexed and updated quickly is the major reason to
use Google Sitemaps. If you want your site to remain competitive
it’s probably the wisest route to take.

Google Explained, Google, Sitemaps

In a recent report issued by CompTIA, the Computer Technology Industry Association, 50% of small and medium sized businesses (SMBs) had very little trust in the security offered by VoIP vendors, or for that matter, voice over IP security in general.

It is true, having your voice and data running on the same infrastructure leaves your telecommunications particularly vulnerable to all the security threats inherent in an IP network. Viruses, Trojan Horses, and worms can all wreak havoc on a network, and having your voice network go down for even the shortest time is intolerable for most business.

That said, security has come a long way, and most attacks can be stopped at the gateway by a good network administrator. While attacks on VoIP networks in particular are by no means widespread, the possibilities are there, if not imminent, and pose a very real threat to the very time sensitive requirements of voice over IP.

The following is a compilation of just some of the security threats facing a voice over IP network, as well as some security measures that could be taken to prevent such attacks.

SPIT: The new Spam for VoIP

Most anybody that receives email is familiar with the term Spam. Who among us has not received dozens of unsolicited emails, clogging up our mailboxes and causing us to waste our valuable time? Laws have been made to reduce the clutter in our mailboxes, and major offenders have been fined heavily and in some cases put in jail.

Spam is basically the broadcasting of advertisements, announcements, or other unwanted messages, over a network or networks, ending up in the mail boxes of anyone that has an email address on that network. At worst, spam is frustrating for the recipient, and can also cause network problems utilizing a good majority of bandwidth that is meant for other things. As email applications are connectionless and not sensitive to time delay, eventually the recipient will receive their emails intact, albeit a few minutes later than it would normally take.

Spam over Internet telephony, otherwise known as SPIT, can have far greater consequences than email spam. Spitters that target VoIP gateways can use up the available bandwidth, severely disrupting Quality of Service and causing a major degradation in voice quality.

The open nature of VoIP phone calls makes it easy for spitters to broadcast audio commercials just as email advertisements are broadcast. On closed networks like Vonage or Skype, or even your companies LAN, it is a little more difficult as the spitter would have to hack into the network in order to implement the broadcast. It can, however, be done.

The ability to broadcast audio messages over a VoIP network is not, in itself, necessarily a bad thing. Companies should be able to get out important messages quickly, and on a broader scope, emergency services could easily communicate mandatory evacuations, or warn of impending disasters in the event of catastrophe.

While Spit is certainly a technical possibility, to date, we have not seen a lot of it. In 2004, the peer to peer VoIP network Skype got hacked into, and users were inundated with unsolicited audio messages. Shortly thereafter, Skype had found and closed the loophole in the network. One other legal recourse is to get on the national Do Not Call list, to prevent solicitors from bombarding your voice mail box

Eavesdropping

Probably one of the scariest vulnerabilities of VoIP is the ability of an outsider to eavesdrop on a private conversation. This concept is nothing new to IP data networks, and generally requires a packet analyzer to intercept IP packets, and in the case of VoIP, saving the data as an audio file. Hackers then have the ability to learn user ids and passwords, or worse, to gain knowledge of confidential business information.

While it is true that eavesdropping occurs on traditional telephone lines as well as cellular networks, for someone to tap into your home phone line pretty much requires a physical presence outside your house. In the case of an IP network, a hacker requires only a laptop, some readily available software, and the knowledge of how to hack into your network.

Security analysts have long used encryption techniques to protect the confidentiality of data traveling through an IP network, and the same concept holds true for voice packets. The challenge with voice is to encrypt strongly and quickly, to protect confidentiality and as not to slow down the packet flow.

Nevertheless, if someone really wants to listen in on your calls, no type of telecommunication is 100% secure.

Phishing the Waters of Voice over IP

Another variation of an email attack, Phishing is designed to trick a user into revealing sensitive data such as user names, passwords, bank accounts, credit cards, and even social security numbers. In the case of VoIP, the attack could come as a voice mail message urging you to call a designated number and provide your user information. Even if the call is automated, touch tones can be easily deciphered. Depending on what information they get, hackers can use it to access bank accounts, or to steal identities.

While you can program a PBX to restrict call backs to known phishers, as more users become familiar with the pitfalls of the Internet, it becomes common knowledge to never give out sensitive information to automated media, be it via data or voice.

SIP Registration Hijacking

The Session Initiation Protocol (SIP) is becoming widely accepted as the method for setting up VoIP phone calls. The process involves a Registrar (in some cases the company PBX itself), which maintains a database of all users subscribed to the network, and basically maps their telephone number to an IP address.

Registration hijacking occurs when the packet header of either party is intercepted by a hacker, who substitutes his IP address for that of the legitimate one. Attacks can take the form of fraudulent toll free calls, denial of service attacks that can render the users device useless, or a simple diversion of communication.

Spoofing

Another hack that is well known in data networks is spoofing Also known as a man in the middle attack, spoofing requires hacking into a network and intercepting packets being sent between two parties. Once the IP address or phone number of the trusted host is discovered, hackers can use this attack to misdirect communications, modify data, or in the case of Caller ID Spoofing, transfer cash from a stolen credit card number.

SIP registration hijacking is a form of spoofing. Both of these spoofs, as well as other hacks such as eavesdropping, can be prevented by employing encryption techniques at the call set up phase. Today, the up and coming mechanism to achieve this is to send SIP messages over an encrypted Transport Layer Security channel. Putting these two protocols together forms the acronym SIPS.

There is no doubt that IP networks can be, and are, hacked into. Since a converged network consists of data and voice, VoIP is as vulnerable as any application to these disruptions, but with a downtime tolerance of no more than 5 minutes a year, such interruptions are considered intolerable for voice applications.

As of today, most of these security threats are not wide spread, and are presented here as a what could happen in the future scenario. Industry experts agree that as voice over Internet telephony becomes more wide spread, malicious hacking attempts are bound to follow.

These and other security threats can be prevented by a vigilant network staff, using all the known security precautions typical of an IP network. No VoIP solution is secure out of the box, and must be locked down by using common sense approaches, including but not limited to changing default passwords, closing down unused ports and services, utilizing firewalls and VPNs for network communications, and diligent intrusion detection.

Computer Security Explained, Security, Threats, VoIP

A penetration test (in the IT vernacular referred to as a “pen test”) is also known as “ethical hacking”, and this network security tool provides an essential function in vulnerability assessment. By actively seeking out and deploying attacks and penetration efforts against your network, you are more likely to uncover vulnerabilities and be able to take action to block holes in your security and pre-empt attacks on the perimeter defences.

Penetration testing includes both script-based and human-based attacks on the network in order to seek out and exploit vulnerabilities. The difference between this and say, criminal hackers looking to cause mischief or theft of data, is that you control the “attacker”. The “attacker” reports back to you on whether they were successful and if so, how to stop such an attack from being successful in real-life. Penetration testing will reveal network security holes but more than this, it will be able to provide you with a realistic risk assessment including the impact on your business should such an attack succeed. Knowing what such an attack may cost your business will provide you with the ability to quantify the business risk and determine whether you do in fact, need to implement a solution.

”Black Box Testing” involves a penetration test where the attackers have no knowledge of the network infrastructure. They are working from what a real, external hacker would be using – online connectivity and any human intelligence or reliance on human nature, in order to discover vulnerabilities.

”White Box Testing” involves attackers who have full knowledge of the network infrastructure and are seeking out vulnerabilities and scenarios to take advantage of perceived weaknesses.

An intermediate form exists, known as “Grey Box Testing” where some knowledge is provided, known also as “partial disclosure”.

The aim of these differing forms of testing is to compel imaginative ways to hack into the network, compromising network security . While having full knowledge of a system may lead the ethical attacker to use an obvious defect in network security, they may pass over and completely miss a less obvious but more severe vulnerability. Blind or black box testing does not allow for precise testing of certain components of the network because they don’t know how the network is established but, this form of testing does lead to more imaginative attack scenarios being developed and hence, a more realistic prospect of stopping a real attacker with mischief in mind.

Penetration testing should be a regular scheduled activity and performed at least once a year and every time the network infrastructure is added to or changed. Penetration tests are also a serious component of risk audits conducted to determine network operation and integrity. Script-based penetration testing is relatively inexpensive because of the level of automation involved and is eminently suitable for white box testing. Black box testing, on the other hand, is labor intensive because it involves real people emulating real life hackers and such a penetration test will involve more than simply running an online attack against the network, for instance, rummaging through company trash for computer information, and this dramatically increases the cost.

Computer Security Explained, Network, Penetration, Security, Testing

I first started looking into PHP frameworks last year, looking at a variety of frameworks including cake, symfony and finally Zend Framework.

When I got around to Zend Framework I was nearly ready to give up in programming with a framework, as I didn’t have a clear understanding of the MVC style of programming.

When I began looking into it I found though, that this is something that when I get used to the different style of coding, could save a valuable amount of time, and allow me to offer features to clients, that previously just would not be cost effective.

The main benefits of using a php framework I have found are as follows:

Time saving – The amount of time saved by not having to type in complex code in a lot of situations cuts the time of many projects by over 50% in most cases. Reuse of code – Many web sites that you develop have common features. Because of the way that each part of the code is separate, you are able to copy over controllers, models and view folders to the next project. An example of this is that in every project that requires a content management system(CMS) we are able to copy across the login system. Something that used to be quite a time consuming process. Now we copy it across, and add the users, and we are set to go. Access to services API’s – with the way that the web is moving these days, having the ability to twitter, yahoo and Google amongst others is a great way of expanding a web site with ease. Community assistance – There is a large community out there which is always willing to help. When you are proficient with the framework, you can also assist others, which will also improve your coding experience.(Not to mention the warm fuzzy feeling that you get for helping) Easy plugin creation – When you have a feature you want to add to the framework, just simply create a plugin, in a directory that you can copy to all your projects. I created a image resizing plugin, which allows me to upload an image and resize it with 3 lines of code. Unbelievable, when you consider how long this would usually take and the best thing is, once I made it, I have this feature available in all future projects. The time saving benefits can be enormous.

I still have a long way to go with learning many of the features, but with the rapid progress that I’m making with learning Zend Framework, the future is looking bright, and I may be able to spend more time on other areas such as marketing for our Adelaide Web Design customers web sites and bringing in exciting new features to their web sites.

Paul Purczel is an Adelaide Web Designer specializing in Content Management systems, Ecommerce web sites and Search Engine Optimisation

http://www.acewebdesign.com.au

php Benefits, Explained, Framework