If when you examine your website stats you notice a lot of hits for certain images, chances are some people are displaying your images on their own websites – be it deliberately, or perhaps on a forum. This practice is known as hotlinking and the people that do it are what we would simply call bandwidth thieves.

In either case this increases the bandwidth usage of your website so if your host does not provide you with unlimited monthly bandwidth then you may have to pay extra bandwidth fees to them.

So, to stop this unauthorised use of your website’s images you can create a file called .htaccess using your favourite text editor. In this file, copy and paste the following text:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ – [F]

Note: make sure you replace the “mydomain\.com” with your own domain name – for example on the Gatt Design website that line would be:

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?gattdesign\.co.uk/ [NC]

Once you have done this, save your .htaccess file and upload it to your website’s document root directory – normally something like /public_html or /wwwroot – you will need to contact your web host if you are unsure!

Now you can test that this works by trying to display one of your website’s images on another website external to your domain name or in a forum post on another domain name for example.  You will know that this is successful because your web server will return a ‘503 forbidden’ error to the site that is trying to display the image and you will see no image displayed.

If you want, you can instead display a “hotlinking forbidden” (or whatever you wish to tell bandwidth thieves) image in place of the one they tried to display. What you need to do is change the last line of the above block of code to:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/bandwidth_thief.gif [L]

Note: make sure you change the bold text to the correct path and file name to your image!

Bear in mind that displaying an image in place of what the other website tried to show will still result in your bandwidth being used up by these other sites whereas the original method will not.

One of the key ways of ensuring your business’s success is to promote it regularly, be it online or offline.  But how do you measure the effectiveness of all of your marketing campaigns?

Here we have some free tips on how you can find out which of your marketing campaigns bring you new business, and which ones you should ditch.

Online Marketing

Web Server Statistics - a lot of hosts provide web server statistics as part of their hosting packages, these statistics will be able to show you visitor trends on your website.

For example, how many people visit your website and the days/times you get the most visitors, what other websites link to yours, and if people found your website through a search engine the web server statistics can tell you what search engine they used and also what keywords they used.

Some hosts may only provide “raw log files” – these are files generated by the web server which are written to every time something is accessed on your website.  In this case (depending on your web server configuration) you can install a statistics program such as AWStats.

Google Analytics – if your host does not provide web server statistics or raw log files, an alternative would be to use Google Analytics.  This tracking system works by asking you to insert a small piece of JavaScript into the HTML code of each page you wish to track.  Once this has been done you can log in to your Google Analytics account and see the same information standard web server statistics would normally show you.  The downside to this method is that the tracking won’t work if JavaScript is disabled in the visitor’s web browser, however this isn’t something to really worry about as only a small minority of people surf the web with JavaScript turned off.

Offline Marketing

Unique Contact Numbers – tracking how your visitors have heard of you is a bit more tricky when it comes to offline marketing.  One way around this is to provide unique contact numbers for your customers.  You may think that this would be a costly exercise because you would need to have several phone numbers installed or operate a complicated and expensive switchboard system in your office but you would be wrong!

Companies such as Flextel offer a choice of contact numbers which you can obtain for free.  These numbers, typically prefixed 0844, 0870, 0871 or ‘personal style’ 070 numbers for people on the move, transparently divert the caller to a landline or mobile number of your choosing.  You can then identify caller trends similar to what you would do with website visitors, for example time periods of calls, call lengths, etc.

Voucher Codes/Coupon Codes – if your marketing campaigns include offering your customers a discount on your products and services, giving them codes to use for taking advantage of your special offers is a great way of identifying ways in which your customers find out about you.  For example, you may advertise in several local/regional newspapers, asking your customers to tell you the codes not only benefits them (they get a discount off your products/services) but it also benefits you because you can find which newspapers you should continue to spend your marketing budget on, and which ones you should stop advertising in.

Introduction

In the UK, Internet sales by UK businesses rose to £163 billion in 2007, figures published by the Office for National Statistics (ONS) show – this is an increase of just over 30% on the 2006 figure of £125.2 billion.

Over 70% of UK businesses have a website, many of which also have an “online store“.  For many businesses, selling online is a great idea, as it opens up the doors to a wealth of new customers not just from Britain but from all over the world.  However, because the Internet is largely unregulated, unmanaged and uncontrolled, it poses a wide range of risks and threats to the systems operating on it.

What Happens If My Online Store Gets Hacked?

Aside from potentially having a non-functioning website, this may also cause serious implications for your business and also for your customers.  Here are some examples:

• Hackers may carry out a ‘DOS (Denial of Service) attack‘ – severely impacting the performance of your web server or in a lot of cases it may cease operation completely.

• If your online store’s admin control panel is insecure, hackers can use a number of methods to gain unauthorised entry to it, for instance initiating a ‘brute force attack‘ to find out what your username and password is.

• If a hacker is successful in gaining entry the security of your online store has effectively been compromised, and they can now access sensitive information such as customer’s personal details, price lists, and other intellectual property – they may also alter or destroy this information, so if you have no backup of all this information this could potentially be catastrophic for your business

Implications Of Being Hacked

As if having your website hacked wasn’t bad enough, consider the following implications to your business:

• If your website is found to be in breach of the Data Protection Act or the Computer Misuse Act, you could be prosecuted – if you haven’t taken steps to ensure the security and privacy of your customer’s data, you could be sued.

• Loss of market share and consumer confidence – your customers won’t want to buy anything from you any more if they think that you don’t care about the security of your website.

• Your business may have to cease trading – in the very worst case scenarios, you may have to cease trading/file for bankruptcy if you have a severe loss of customer confidence and are subject to one or more litigation proceedings.

How Can I Make My Online Store Secure?

There are several steps that you can take to reduce the likelihood of any of the above happening to your website and ultimately to your business.  Here’s how:

1. Get An SSL Certificate

You may have noticed that when you do any online shopping or you log in to your bank’s Internet Banking website that the URL (website address) in your web browser is preceded by https:// rather than http:// and you see a padlock icon in the address bar too.  This means that any information you send on that page and any subsequent https:// pages is secure and encrypted – so if a hacker was to use a packet analyzer on any network traffic over your network or Internet connection, they would be unable to view any personal or log in details transmitted over a secure page.

We recommend having a 256-bit SSL certificate, and obtaining one is usually inexpensive.  Your website host will be able to provide you with more information and prices to set up an SSL certificate for your website.  Some hosts will offer a free ’shared’ SSL certificate, however the downside of this is rather than having a website such ashttps://www.mydomain.com it would probably look something likehttps://secureserver.mywebhost.com/~mydomain – as you can see it won’t fill your customers with confidence as they may think they are being transferred to a ‘phishing‘ website and thus you will lose potential new customers and orders.

2. Secure Your Online Store’s Admin Control Panel

A lot of business owners overlook this rather important aspect of their website.  You may already encrypt your customer’s log in and registration details, but is your online store’s admin control panel secure as well?  Here are three simple ways to do so:

1. Give Your Admin Folder A Random Name – the most common admin folder name is funnily enough, ‘admin’, so you should rename it to a phrase that only you (or yourself and whoever else in your company needs access) knows about.  This may not be possible with certain ecommerce solutions, so check with your software vendor first.
2. Use ‘.htaccess’ And ‘.htpasswd’ To Password Protect The Folder – a good security measure is to have a double log in procedure for your admin folder.  If you use ‘.htaccess’ and ‘.htpasswd’ files to secure your admin folder, then every time you want to log in to your admin control panel your web browser will pop up a box asking you to type in the username and password that you’ve set in these files.  Ask your website host for help on setting this up, or have a go yourself.
3. Access Your Admin Folder Via SSL – make sure the URL you use to access your admin folder is preceded byhttps:// instead of http:// so that your connection is secure.
4. Don’t Link Your Admin Folder From Any Part Of Your Website – pretty simple this one.  Search engines (and hackers) can’t find your admin folder if they don’t know where it is.

3. Remove Any “Powered By …” Footer Text

This may be a little tricky to do as it depends on what ecommerce software is used on your website and what the software license says about this, but basically removing any “Powered By …” text that is in the footer of each web page on your online store will make your website less susceptible to any hacking attacks.  Why?  Well consider this scenario – a hacker has discovered a vulnerability in a popular ecommerce software package.  They can then use a search engine to find any websites that have “Powered By …” in their web pages.  Now they have easy access to a list of websites they can easily hack into.  By removing this portion of your online store’s footer text, your website will not be in the list of sites that they will want to attack.

If you still want to show what is ‘powering’ your online store (either because you have to or you want to), it would be wiser to instead replace the text with an image that has the software vendor’s logo on it for example – but give the image a random filename (don’t use the vendor’s name as part of the filename) and if possible don’t link the image to their website.

4.  Test Your Website For ‘SQL Injection Attacks’

Even with all the above security measures in place your online store may still be vulnerable to ‘SQL injection‘ attacks – inserting SQL database commands in form fields such as text boxes – so it would be worthwhile looking into having your website tested for such attacks.  There are some online tools that offer to do this automatically (free and subscription based), or you can hire the services of a security consultant to test this for you.

What is plagiarism?

Many people think of plagiarism as copying another’s work, or borrowing someone else’s original ideas. But terms like “copying” and “borrowing” can disguise the seriousness of the offense:

According to the Merriam-Webster Online Dictionary, to “plagiarize” means

1. to steal and pass off (the ideas or words of another) as one’s own
2. to use (another’s production) without crediting the source
3. to commit literary theft
4. to present as new and original an idea or product derived from an existing source.

In other words, plagiarism is an act of fraud. It involves both stealing someone else’s work and lying about it afterward.

But can words and ideas really be stolen?

According to U.S. law, the answer is yes. The expression of original ideas is considered intellectual property, and is protected by copyright laws, just like original inventions. Almost all forms of expression fall under copyright protection as long as they are recorded in some way (such as a book or a computer file).

All of the following are considered plagiarism:

• turning in someone else’s work as your own
• copying words or ideas from someone else without giving credit
• failing to put a quotation in quotation marks
• giving incorrect information about the source of a quotation
• changing words but copying the sentence structure of a source without giving credit
• copying so many words or ideas from a source that it makes up the majority of your work, whether you give credit or not

How to prevent plagiarism

The first thing you should do is make sure that your web pages include a copyright notice, to assert ownership over your content.  Copyscape offer two services where you can check if any content on your website has been used on other websites without your knowledge/permission.  The first service is free and simple, you simply type in your website address and a list of results will come up, where you can check for content on other websites.  The second service, called CopySentry, is subscription based and will do this for you automatically.

If you have discovered unauthorised use of your content, there is a helpful page on CopyScape’s website that details what you can do to resolve the problem.

The information in this tutorial has been provided by plagiarism.org and Copyscape.

Vangie Beal has created an excellent tutorial over at ecommerce-guide.com on how to create business pages and ad campaigns on Facebook.

She writes:

“Social networking site, Facebook, is used by more than 150 million people to share personal information with friends online. The site celebrated its fifth-year anniversary yesterday and is continuing to attract members with demographics that could serve e-tailers well in terms of extending market reach and increasing branding.

The Web research firm Hitwise reports that, overall, Facebook was the fifth-ranked Web site in terms of total market share of visits in January 2009. Furthermore, the time spent on Facebook has continued to increase and reached an average visit time of just over 21 minutes in January 2009.

In this Facebook how-to guide, we will show you how to use two of the business solutions offered by Facebook. First, we’ll walk through the steps you need to take to create your own Facebook Business Page (also called a fan page) and then discuss the tasks involved in creating a Facebook Ad campaign, which can be used to send visitors to your Web site or new Facebook Business Page.”

1. Pages should have well structured content – there is no point making web pages that have too little or too much information on it. Provide enough content on each page that is detailed and interesting to read. Make sure that your page content includes the keywords relating to your website that you think people will search for. Use Google’s Adwords Keyword Suggestion Tool to see what how popular your keywords are.

2. Page titles and meta descriptions should have relevant keywords – when you search on Google you will have noticed that each result is in the format of:

   Your Page Title Goes Here
   Description of your page goes here, this information comes from your meta description tag

   http://www.yourwebsite.com/page.htm – 5Kb

   This post from Google’s Webmaster Central blog explains meta descriptions in more detail.

3. Submit your website to search engines – as obvious as this sounds, a lot of people think submitting their website to Google alone is fine – it isn’t! In the very least, you should be submitting your website to the top 3 search engines – Google, Yahoo! UK & Ireland, and MSN. Consider submitting your website to niche search engines as well – that is, search engines that cater to your particular field/industry.
4. Create an XML sitemap of your website and submit it to search engines – you can create an XML sitemap of your website easily and for free by going to xml-sitemaps.com. Once you have created your XML sitemap and uploaded it to your web server, you can then submit it to search engines. An XML sitemap helps search engines spider your website, in case they miss important pages.
5. Make sure your website has a good navigation system – this helps both search engine bots and visitors to your website easily navigate your website.
6. Link to good quality related websites – linking to good well established websites will help your page rank well with Google. Even better, get them to link back to you as well! Just make sure that you only link to related websites as you may be penalised by Google for link spamming – for example, your website is about cars and you link to a website about ice creams.

1. Steer clear of link exchanges – despite the attraction of swapping (or paying for) link exchanges, your website may be penalised by Google for participating in such schemes. Read the offical word from Google for clarification on this.

2. Hidden text and links on your web pages – hiding text or links in your content can cause your website to be perceived as untrustworthy since it presents information to search engines differently than to visitors. If your website is perceived to contain hidden text and links that are deceptive in intent, your site may be removed from the Google index, and will not appear in search results pages.
3. “Cloaking” techniques – cloaking refers to the practice of presenting different content or URLs to users and search engines. Serving up different results based on user agent may cause your website to be perceived as deceptive and removed from the Google index. If your website contains elements that aren’t crawlable by search engines (such as rich media files other than Flash, JavaScript, or images), you shouldn’t provide cloaked content to search engines. Rather, you should consider visitors to your website who are unable to view these elements as well.
4. “Doorway” pages - doorway pages are typically large sets of poor-quality pages where each page is optimised for a specific keyword or phrase. In many cases, doorway pages are written to rank for a particular phrase and then funnel users to a single destination. Whether deployed across many domains or established within one domain, doorway pages tend to frustrate users, and are in violation of Google’s webmaster guidelines.
5. JavaScript redirects – when Google’s bot indexes a page containing JavaScript, it will index that page but it cannot follow or index any links hidden in the JavaScript itself. Use of JavaScript is an entirely legitimate web practice. However, use of JavaScript with the intent to deceive search engines is not. Note that placement of links within JavaScript is alone not deceptive. When examining JavaScript on your website to ensure your site adheres to Google’s guidelines, consider the intent.
6. Keyword stuffing – “keyword stuffing” refers to the practice of loading a webpage with keywords in an attempt to manipulate a site’s ranking in Google’s search results. Filling pages with keywords results in a negative user experience, and can harm your site’s ranking. Focus on creating useful, information-rich content that uses keywords appropriately and in context.

1. Make sure you have valid web pages – although this isn’t a major factor in Google determining how far up the list of search results you go for a given keyword, it will ensure that you care enough about the experience visitors to your website have. For example, your web pages may have some errors that you have not spotted, and although the pages look OK in one browser, they might look completely messed up in another. Certain errors may or may not stop search engine bots from indexing your website, so it’s best to check your code and make sure everything is fine.

2. Make your website more accessible – a lot of people in the UK may not realise this, but failing to make your website accessible to disabled visitors may lead to legal problems for you under the Disability Discrimination Act. Visit the RNIB (Royal National Institute for Blind people)’s website for more information on how you can make your website more accessible.
3. Submit your website to the ODP (Open Directory Project) – the ODP is essentially a directory of websites owned by Netscape which is edited by volunteers. The ODP is also known as DMOZ from the days when it was located at http://directory.mozilla.org. It was originally thought that website page ranks were automatically boosted if it was listed in the ODP, but actually this isn’t strictly true. The reason is that basically Google spiders the directories just like any other website and their pages have decent page rank, so they are good inbound links to have.

   In the case of the ODP, Google’s directory is a copy of the ODP directory. Each time that websites are added and dropped from the ODP, they are added and dropped from Google’s directory when they next update it. The entry in Google’s directory is yet another good, page rank boosting, inbound link. Also, the ODP data is used for searches on a myriad of websites – more inbound links!