news aggregator

An update to the Webmaster Tools API

Google Webmaster Central Blog - Fri, 2014-09-12 08:42

Webmaster level: advanced

Over the summer the Webmaster Tools team has been cooking up an update to the Webmaster Tools API. The new API is consistent with other Google APIs, makes it easier to authenticate for apps or web-services, and provides access to some of the main features of Webmaster Tools.

If you've used other Google APIs, getting started with the new Webmaster Tools API will be easy! We have examples for Python, Java, as well as OACurl (for fans of command lines).

This API allows you to:

  • list, add, or remove sites from your account (you can currently have up to 500 sites in your account)
  • list, add, or remove sitemaps for your websites
  • get warning, error, and indexed counts for individual sitemaps
  • get a time-series of all kinds of crawl errors for your site
  • list crawl error samples for specific types of errors
  • mark individual crawl errors as "fixed" (this doesn't change how they're processed, but can help simplify the UI for you)

We'd love to see what you're building with our APIs! Feel free to link to your projects in the comments below. Should you have any questions about the usage of the API, feel free to post in our help forum as well.


Posted by John Mueller, fan of long command lines, Google Zürich
Categories: sysadmin

Webmaster Academy now available in 22 languages

Google Webmaster Central Blog - Mon, 2014-09-08 12:01
Webmaster level: Beginner

Today, the new Webmaster Academy goes live in 22 languages! New or beginner webmasters speaking a multitude of languages can now learn the fundamentals of making a great site, providing an enjoyable user experience, and ranking well in search results. And if you think you’re already familiar with these topics, take the quizzes at the end of each module to prove it :).

So give Webmaster Academy a read in your preferred language and let us know in the comments or help forum what you think. We’ve gotten such great and helpful feedback after the English version launched this past March so we hope this straightforward and easy-to-read guide can be helpful (and fun!) to everyone.

Let’s get great sites and searchable content up and running around the world.

Posted by Mary Chen, Webmaster Outreach
Categories: sysadmin

Optimizing for Bandwidth on Apache and Nginx

Google Webmaster Central Blog - Thu, 2014-09-04 11:27

Webmaster level: advanced

Everyone wants to use less bandwidth: hosts want lower bills, mobile users want to stay under their limits, and no one wants to wait for unnecessary bytes. The web is full of opportunities to save bandwidth: pages served without gzip, stylesheets and JavaScript served unminified, and unoptimized images, just to name a few.

So why isn't the web already optimized for bandwidth? If these savings are good for everyone then why haven't they been fixed yet? Mostly it's just been too much hassle. Web designers are encouraged to "save for web" when exporting their artwork, but they don't always remember.  JavaScript programmers don't like working with minified code because it makes debugging harder. You can set up a custom pipeline that makes sure each of these optimizations is applied to your site every time as part of your development or deployment process, but that's a lot of work.

An easy solution for web users is to use an optimizing proxy, like Chrome's. When users opt into this service their HTTP traffic goes via Google's proxy, which optimizes their page loads and cuts bandwidth usage by 50%.  While this is great for these users, it's limited to people using Chrome who turn the feature on and it can't optimize HTTPS traffic.

With Optimize for Bandwidth, the PageSpeed team is bringing this same technology to webmasters so that everyone can benefit: users of other browsers, secure sites, desktop users, and site owners who want to bring down their outbound traffic bills. Just install the PageSpeed module on your Apache or Nginx server [1], turn on Optimize for Bandwidth in your configuration, and PageSpeed will do the rest.

If you later decide you're interested in PageSpeed's more advanced optimizations, from cache extension and inlining to the more aggressive image lazyloading and defer JavaScript, it's just a matter of enabling them in your PageSpeed configuration.

Learn more about installing PageSpeed or enabling Optimize for Bandwidth.


Posted by Jeff Kaufman, Make the Web Fast


[1] If you're using a different web server, consider running PageSpeed on an Apache or Nginx proxy.  And it's all open source, with porting efforts underway for IIS, ATS, and others.
Categories: sysadmin

[Honeypot Alert] Active Probes for WordPress revslider_show_image Plugin Local File Inclusion Flaw

Web Security Blog - Wed, 2014-09-03 16:22

A local file inclusion vulnerability in the WordPress Slider Revolution Plugin has been released:

Apparently this vulnerability has been discussed on some underground forums for a couple months but it wasn't until these more main stream websites published data that we saw attackers start scanning for vulnerable sites.  Our web honeypots picked up increased scanning activity today.  Here is an example full audit log dump of the HTTP request from our ModSecurity WAF:

In this attack example, the attacker is trying to access the WordPress config file in the hopes of obtaining sensitive data such as database credentials.

Recommendations Update your WordPress Slider Revolution Plugin

Sucuri Security is seeing similar activity and it also reporting that the developer of this Plugin chose to silently patch this vulnerability.  This did a disservice to the Plugin userbase to be aware of the problem and to prompt updating.  A couple notes:

  • Updating this plugin may need to be done manually if your WP manager does not provide an interface for it.
  • Beware that "disabling' the Plugin may end up being superceded by the Theme and be re-enabled.  You may need to remove it altogether if you can not update it. 
Use WAF Protections

WAFs can be used to help prevent exploitation until you can get your systems updated.  Trustwave's WebDefend WAF would block this attack either through a generic "Directory Traversal Attack" signature or through an anomaly of the learned resource profile.  For ModSecurity WAF, we have added a new signature to our commercial rules feed:

Categories: web server

PHP 5.6.0 released

php.net - Thu, 2014-08-28 00:00
The PHP Development Team announces the immediate availability of PHP 5.6.0. This new version comes with new features, some backward incompatible changes and many improvements. The main features of PHP 5.6.0 include:Constant scalar expressions.Variadic functions and argument unpacking using the ... operator.Exponentiation using the ** operator.Function and constant importing with the use keyword.phpdbg as an interactive integrated debugger SAPI.php://input is now reusable, and $HTTP_RAW_POST_DATA is deprecated.GMP objects now support operator overloading.File uploads larger than 2 gigabytes in size are now accepted.For a full list of new features, you may read the new features chapter of the migration guide.PHP 5.6.0 also introduces changes that affect compatibility:Array keys won't be overwritten when defining an array as a property of a class via an array literal.json_decode() is more strict in JSON syntax parsing.Stream wrappers now verify peer certificates and host names by default when using SSL/TLS.GMP resources are now objects.Mcrypt functions now require valid keys and IVs. For users upgrading from PHP 5.5, a full migration guide is available, detailing the changes between 5.5 and 5.6.0. For source downloads of PHP 5.6.0, please visit our downloads page. Windows binaries can be found on windows.php.net/download/. The full list of changes is available in the ChangeLog.
Categories: news, PHP

Advanced Object-Oriented Programming in PHP

PHPBuilder.com - Tue, 2014-08-26 13:48
PHP is a server side scripting language used to develop web pages. In the recent times, PHP has become popular because of its simplicity. PHP code can be combined with HTML code and once the PHP code is executed, the web server sends the resulting content in the form of HTML or images that can be interpreted by the browser. We all know the power and importance of object-oriented programming or OOP. This is a technique that is widely used in the modern programming languages.
Categories: PHP

#NoHacked: a global campaign to spread hacking awareness

Google Webmaster Central Blog - Mon, 2014-08-25 15:17
Webmaster level: All

This June, we introduced a weeklong social campaign called #NoHacked. The goals for #NoHacked are to bring awareness to hacking attacks and offer tips on how to keep your sites safe from hackers.

We held the campaign in 11 languages on multiple channels including Google+, Twitter and Weibo. About 1 million people viewed our tips and hundreds of users used the hashtag #NoHacked to spread awareness and to share their own tips. Check them out below!

Posts we shared during the campaign:
https://plus.google.com/+GoogleWebmasters/posts/1BzXjgJMGFU

https://plus.google.com/+GoogleWebmasters/posts/TMhfwQG3p8P

https://plus.google.com/+GoogleWebmasters/posts/AcUS4WhF6LL

https://plus.google.com/+GoogleWebmasters/posts/DUTpSGmkBUP

https://plus.google.com/+GoogleWebmasters/posts/UjZRbySM5gM

Some of the many tips shared by users across the globe:
  • Pablo Silvio Esquivel from Brazil recommends users not to use pirated software (source)
  • Rens Blom from the Netherlands suggests using different passwords for your accounts, changing them regularly, and using an extra layer of security such as two-step authentication (source)
  • Дмитрий Комягин from Russia says to regularly monitor traffic sources, search queries and landing pages, and to look out for spikes in traffic (source)
  • 工務店コンサルタント from Japan advises everyone to choose a good hosting company that's knowledgeable in hacking issues and to set email forwarding in Webmaster Tools (source)
  • Kamil Guzdek from Poland advocates changing the default table prefix in wp-config to a custom one when installing a new WordPress to lower the risk of the database from being hacked (source)

Hacking is still a surprisingly common issue around the world so we highly encourage all webmasters to follow these useful tips. Feel free to continue using the hashtag #NoHacked to share your own tips or experiences around hacking prevention and awareness. Thanks for supporting the #NoHacked campaign!

And in the unfortunate event that your site gets hacked, we’ll help you toward a speedy and thorough recovery:

Posted by your friendly #NoHacked helpers
Categories: sysadmin

PHP 5.5.16 is released

php.net - Fri, 2014-08-22 00:00
The PHP Development Team announces the immediate availability of PHP 5.5.16. This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597. All PHP users are encouraged to upgrade to this new version.For source downloads of PHP 5.5.16, please visit our downloads page. Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Categories: news, PHP

PHP 5.4.32 Released

php.net - Thu, 2014-08-21 00:00
The PHP development team announces the immediate availability of PHP 5.4.32. 16 bugs were fixed in this release, including the following security-related issues: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120. All PHP 5.4 users are encouraged to upgrade to this version. For source downloads of PHP 5.4.32 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Categories: news, PHP

PHP 5.6.0RC4 is available

php.net - Fri, 2014-08-15 00:00
The PHP development team announces the immediate availability of the fourth and hopefully last release candidate of PHP 5.6.0. As we entered the feature freeze with beta1, this is a bugfix-only release. All users of PHP are encouraged to test this version carefully, and report any bugs in the bug tracking system. THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION! For more information about the new features you can check out the work-in-progress documentation or you can read the full list of changes in the NEWS file contained in the release archive. For source downloads of PHP 5.6.0RC4 please visit the download page. Windows binaries can be found on windows.php.net/qa/. The stable 5.6.0 release should show up on the 28th of August. Thank you for helping us make PHP better.
Categories: news, PHP

Last 5.3 release ever available: PHP 5.3.29 - 5.3 now EOL

php.net - Thu, 2014-08-14 00:00
The PHP development team announces the immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively.PHP 5.3.29 contains about 25 potentially security related fixes backported from PHP 5.4 and 5.5.For source downloads of PHP 5.3.29, please visit our downloads page. Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.For helping your migration to newer versions please refer to our migration guides for updates from PHP 5.3 to 5.4 and from PHP 5.4 to 5.5.
Categories: news, PHP

Valentina DB Solutions for PHP

PHPBuilder.com - Tue, 2014-08-12 16:39
Learn about all the main Paradigma Software products and how to use Valentina PHP ADK as a PHP DB solution for your applications.
Categories: PHP

HTTPS as a ranking signal

Google Webmaster Central Blog - Fri, 2014-08-08 04:15

Webmaster level: all

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.

We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.

We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.



In the coming weeks, we’ll publish detailed best practices (it's in our help center now) to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our Site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool. If you are concerned about TLS and your site’s performance, have a look at Is TLS fast yet?. And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums.

We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!

Posted by Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts
Categories: sysadmin

Blackhat Arsenal 2014: Live ModSecurity Demonstrations

Web Security Blog - Tue, 2014-08-05 12:00

If you are heading out to Blackhat USA 2014 in Las Vegas this week, please stop by the Arsenal Tools area on Thursday morning to see live demonstrations of ModSecurity's advanced features.

Arsenal Demonstration Information

  • Location:  Mandalay Bay Convention Center, Las Vegas, NV.
  • Event: Blackhat Arsenal
  • Conference Location: Breakers JK, Level 2.  ModSecurity will be at Station 4.
  • Date/Time: Thursday, August 7 between 10:00 a.m. - 12:30 p.m.

Some of the live demos that will be shown include:

Hope to see you all in Las Vegas!

Categories: web server

Pages