Prevent access to backup files

Nowadays, more and more sites are dynamic web applications, driven by WordPress, Joomla, Drupal… or other free, open source CMS, as well as custom “closed source” CMS. All of them are more or less vulnerable. According to Sam Ransbotham, as stated in “An Empirical Analysis of Exploitation Attempts based on Vulnerabilities in Open Source Software” open source applications are more vulnerable then close source.

Improve loading web page with base64 encoded content

Not so recently Vladimir Vukićević at his post “To Sprite Or Not To Sprite“, had put on glance CSS Sprites advantages and disadvantages.

Summarized:

CSS Sprites advantages:

• Improves page load speed. Widely known is that establishing connection between client and server takes more time then receiving the data.
• Doesn’t overload the server. Almost every web server log all the requests, need time to respond, and might “serve” certain amount of requests in a moment.

CSS Sprites disadvantages:

• Client side memory usage. Even though sprite image is compressed (usually transparent .png), the web browser renders decompressed image. Almost every css sprite image has empty/transparent unused space.
• Creating and positioning sprites. During developing process, developers have to spend more time creating and positioning css sprites, instead of using images.

Better approach

How to avoid multiple requests without using css sprite image? The answer is: use inline images included into css file as base64 image data.

Better Convert pdf to jpg using ghost script

Problem

During working on Wigoo, I’d need to “break” uploaded .pdf document to multiple .jpg/.png images.

I didn’t try to solve it with PHP because of few reasons:

• The system should manage huge .pdf files, more then 50MB or more then 50 pages. Consequently, conversion (.pdf to multiple .jpg) will take a lot of time, and it is not nice to show blank screen to the user/visitor while converting. Even though, client browser will close the connection if doesn’t receive response timely. Therefore, conversion process has to been started as background process.
• There are already made reliable applications, so I don’t need to reinvent the wheel. It makes coding easier/faster. This will increase productivity.

Custom list order number position

During Wigoo development process, CEO requested to place numbers under each list item content.

Positioning elements is not a problem, but list item bullets are not elements. Consequently, list item bullets can not be positioned (top, right, bottom, left) to it’s content.

Possible solution is to place <span> as last element into each <li> and change the content with JavaScript, but it is stupid solution.

The best solution is placing pseudo element after each <li> content, but the problem is setting it’s dynamic content.

Use hooks to avoid email harvesting

In our previous post “Protect email addresses from harvesting“, we had explained a method how to protect email from email harvesting, without reducing usability and the user’s productivity by using JavaScript.

In this post, we want to extend the usage of the script with Codeigniter.

Codeigniter is great, lightweight, PHP MVC Framework.

The idea is: after generating the content, find all e-mails and replace them to human readable format, ready to replace them back with previous explained JavaScript.

My .htaccess

Every WEB developer, who is working with apache web server, should have a basic knowledge of .htaccess.

.htaccess can do:

• Improving security issues – e.g. you can forbid listing directory content or force https protocol
• SEO friendly URL rewriting – e.g. instead www.site.com/index.php?category=computers&product=123, you can rewrite it to www.site.com/computers/productname.html
• Improve page loading – compress static content output, add expires headers etc.
• Customize server error responses – e.g. Replace ugly 404 error with fancy sitemap

SEO Friendly Hiding

Today, every serious company is fighting for higher search engine position. Search engine position depends on thousands factors, but few of them are significant.

Every web page should meet following criteria:

• To meet the W3C Standards, (I want to emphasize semantically correct HTML)
• Accessibility
• Usability

SEO is directly connected with above mentioned criteria.

In general, three techniques are “driving force” of a web site:

• HTML – the content, does not care how it looks, nor where is positioned…
• CSS – define how to display HTML elements (design issues such color, size, position… of the elements)
• JavaScript – manipulate (not create) the content

Sometimes, in order to satisfy design/typography issues, developers are forced to use non standard fonts. Beginners are not aware of importance of accessibility/usability on the web, and will place simple <img> tag instead of semantically appropriate <h[1-6]> tag for the headings, but… more experienced developers will use SEO Friendly CSS Hiding (Accessibility/SEO Friendly CSS Hiding snippet) which is much better, but search engines do not like hiding techniques. Search engines can detect CSS hiding techniques, but still tolerate.

We can flag text that appears to be hidden using CSS at Google. To date we have not algorithmically removed sites for doing that. We try hard to avoid throwing babies out with bathwater.

Matt Cutts

Protect e-mail addresses from harvesting

Introduction

How do we receive spam?

There are few techniques that allow to the spammers to “find out” your e-mail address. Here are a few most popular techniques:

• Spambots
• Viruses
• From IRC and chat rooms

In this post I will focus on spambots, which use techniques called “E-mail address harvesting” in order to extract e-mail addresses from web sites.