Just released – my new probe blocker. Automatically block IP addresses of probes that are scanning your site, looking for vulnerabilities, spamming your forms, etc. Nasty robots are probing websites all the time, looking for security holes, hidden content, and forms that they can spam.

This software installs on your website and blocks any IP’s that hit specific traps that are set up. At this point those robots are banned from your site, and can do no more harm. If they come back from another IP, they will be blocked as soon as they hit a trap. You get emailed immediately when a trap is tripped.

See more here!

In the early days of the web (ca. 1996-1999), one big concern new users had regarded filtering web content.  Parents were worried about their kids seeing inappropriate content, etc.  The Internet was new territory for them, and they approached it cautiously.  In general, their concerns were well founded – “adult” and gambling sites abounded, and it wasn’t unusual to get spam that included graphic images right in the message.

Fast forward to today.  The web is ubiquitous – many families have wireless broadband networks in their house, and multiple devices accessing the internet.  It has become a utility of sorts – always there.

However, the concern over content filtering seems to have dissipated.  Today’s parents are so used to the internet, that they don’t seem to think twice about filtering content for their children.  Maybe because we are adept at navigating the the web, and “block out” links or sites that will take us to the wrong spot, we assume our children won’t get to any sites they shouldn’t be seeing (by accident or purposely).  As a parent of young children, I see their friends using iPads, iPhones, etc. without a whole lot of supervision.  But I hear little (no) talk of filtering or even the need to filter it (at least from the parents, anyway).

Well, I went looking for a solution, and settled on this one:

www.opendns.com

This is actually a free solution (though I pay $20 / year for the advanced options) and works through your router.  So all the computers on your network can be protected using this solution.  (Note: smartphones that use WIFI networks will not be filtered.)  It essentially re-routes your DNS lookups to opendns servers, which can determine if the site violates any preset rules.

Technically, this isn’t foolproof, but it’s a great step forward in filtering the junk out of your home.  If you think you need filtering for your house, give it a whirl.

I’ve added a new page on the site:

http://www.robertswebforge.com/payment_gateway_comparisons.php

which attempts to make it easier to figure out which payment provider to sign up with.  You need a provider to accept credit cards, and a gateway for online payments.  (Most offer both merchant and gateway accounts if you need them).

The fees charged vary, so I’m attempting to provide you a clear idea what you’ll be losing…err, paying each month from your sales.  It’s not 100% accurate, but should point you in the right direction.

I intend to add more providers to this list and update it as time allows – there  are a lot to choose from, but I will stick to the bigger ones that I trust.  I work with a lot of e-commerce sites, using various payment gateways, so I’ve heard the good, bad, and ugly about the process.

Hope this helps you in getting your e-commerce costs down!

There’s been a push over the past few years to move more and more applications “to the cloud”, and off of your desktop / laptop computer.  Google docs has been trying to convert MS Office users away from the traditional Word, Excel, etc. applications to use the online application.

The functionality is pretty good, and it’s neat to be able to store and share your documents online.  You can edit them from anywhere, right in your browser.   However, with all “cloud” applications, there is still the risk of downtime, as this article shows:

Google Docs Stumbles, Goes Down

I think google is trying to remedy this, but creating a hybrid approach, where you can store documents “offline” on your computer, and sync up with the online version.  This may be a solid approach that works in the long run.

However, it’s still a bit risky to store your documents online.  Security is another big issue.  If  someone hacks (that never happens, right?)  into the “cloud” where the documents are stored, your sensitive data could be at risk.  When so much data is centralized like that, it’s a huge target for hackers.  Also, since these platforms offer easy “sharing”, you need to be careful you don’t accidentally share a confidential document with the whole world.

In summary, I think Google Docs has its place, but for mission critical and confidential documents, I’m still sticking with local apps, and local storage.

If you are an online merchant, and you haven’t heard about PCI Compliance yet, you probably will soon.  Credit card companies are slowly pushing online retailers to tighten up their security to reduce fraud.

Maintaining PCI DSS compliance is a potentially a huge obstacle for online retailers.  This document provides some links to understand the basics of what you will need to do.  Essentially this requires two main steps: a questionnaire, and an external scan of your server.  Some scanning vendors are providing an “all in one” spot for you to handle both of these requirements.  We’re partnered with ControlScan, which provides this service for $249/ year.

Here are some links that will help you learn more about PCI compliance:

PCI FAQ: Click here – seems like most merchants will be level 4, which means you need to run quarterly scans from an “approved scanning vendor”.

Here’s a short blog post with video that explains PCI DSS.  It explains that this movement is largely to contain fraud, and stem losses being incurred by banks, businesses, and consumers.

Approved Scanning vendors: Click here

At this point it seems like few gateway providers are “pressuring” their merchants to be PCI compliant, which makes sense – the cost of becoming and maintaining compliance will cause many “hobby” merchants to pack it in, or move to a third party payment system (paypal, google, etc.), and cancel their merchant accounts altogether.  In the long term, I expect more hosting companies to offer and tout “PCI Compliant” server platforms.  Shopping cart vendors are also moving this way.  However, the burden will always be ultimately on the merchant to prove they are using a compliant setup, so I believe now is the time to get your site moving in that direction.

My recommendation at this point (if you are an online merchant) is to go through the process at least one time, to see how close you are to compliance.  Make changes based on the results to get as close as you reasonably can, then keep the documentation until your provider asks.  Then you’ll have a quicker path to pci compliance if you are required to be so.