Rackspace Name Server Problem with Advanced Policy Firewall (apf firewall)

July 15th, 2012

I’m adding this here as much for myself as anyone else. If it fixes an issue for you, please let me know.

The problem:
My Rackspace virtual server (Debian Squeeze) will not will not resolve domain names via Rackspace’s supplied name servers auto-generated in /etc/resolv.conf. My resolv.conf file looks like this:


# Automatically generated, do not edit
nameserver 173.203.4.8
nameserver 173.203.4.9

Weird symptom:
Adding another nameserver IP address fixes the issue:


# Automatically generated, do not edit
nameserver 173.203.4.8
nameserver 173.203.4.9
nameserver 208.67.222.222 #OpenDNS public nameserver

The root of the problem:
APF firewall has the following innocuous configuration option:


# Block all ipv4 address space marked reserved for future use (unassigned),
# such networks have no business talking on the Internet. However they may at
# some point become live address space. The USE_RD option further in this file
# allows for dynamic updating of this list on every full restart of APF. Refer
# to the 'internals/reserved.networks' file for listing of address space.
BLK_RESNET="1"

It’s essentially blocking IP addresses reserved for future use. Those reserved IP addresses are listed in the ‘internals/reserved.networks’ configuration file shown below (truncated for brevity). Rackspace is using one of those reserved IP address spaces for its public nameservers. Re-read that part in bold – it’s the reason for this post.


# Unassigned/reserved address space
# refer to: http://www.iana.org/assignments/ipv4-address-space
#
1.0.0.0/8
2.0.0.0/8
5.0.0.0/8
23.0.0.0/8
27.0.0.0/8
31.0.0.0/8
36.0.0.0/8
37.0.0.0/8
39.0.0.0/8
42.0.0.0/8
46.0.0.0/8
94.0.0.0/8
95.0.0.0/8
100.0.0.0/8
101.0.0.0/8
102.0.0.0/8
103.0.0.0/8
104.0.0.0/8
105.0.0.0/8
106.0.0.0/8
107.0.0.0/8
108.0.0.0/8
109.0.0.0/8
110.0.0.0/8
111.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
173.0.0.0/8
174.0.0.0/8
175.0.0.0/8
176.0.0.0/8
177.0.0.0/8
178.0.0.0/8

The solution:

Set the BLK_RESNET=”1″ configuration option to false (0) or comment out the IP address that’s causing the conflict in reserved.networks. The USE_RD option mentioned in the configuration comments might be a good solution as well.

Update:

The USE_RD option looks like it’s been deprecated. The configuration option to poll the reserved address list is this one:


# The reserved networks list is addresses which ARIN has marked as reserved
# for future assignement and have no business as valid traffic on the internet.
# Such addresses are often used as spoofed (Fake) hosts during attacks, this
# will update the reserved networks list in order to prevent new ip assignments
# on the internet from getting blocked; this option is only important when
# BLK_RESNET is set to enabled.
DLIST_RESERVED="1"
DLIST_RESERVED_URL="rfxn.com/downloads/reserved.networks"
DLIST_RESERVED_URL_PROT="http"

Advanced Policy Firewall (APF) on multiple network interfaces

April 17th, 2012

I recently had to firewall multiple network interfaces (bound to different addresses) using Advanced Policy Firewall (APF). This was for virtual machines created at Rackspace with public facing access to their internal network as well as their external network. I.e., I couldn’t trust machines belonging to other customers on the local network.

APF made this really easy by enabling these options in /etc/apf-firewall/conf.apf:

# Virtual Network Sub-System (VNET) creates independent policy rule set for
# each IP on a system to /etc/apf-firewall/vnet/IP.rules. These rule files can be
# configured with conf.apf variables for unique but convenient firewall
# policies or custom iptables entries for even greater flexibility.
SET_VNET="1"


# This feature firewalls any additional interfaces on the server as untrusted
# through the VNET sub-system. Excluded are interfaces that have already been
# defined by IFACE_* variables. This feature is ideal for systems running
# private interfaces where not all hosts on the private network are trusted or
# are otherwise exposed to "open" networks through this private interface
# (i.e: the Internet, network accessible storage LAN, corporate WAN, etc..)
SET_ADDIFACE="1"

Once configured, reload APF. You can check that the rules are in place with:


iptables -L -n | grep my.first.ip.address

and


iptables -L -n | grep my.second.ip.address

PHP MySql INSERT and Return ID

April 15th, 2012

Problem: Using PHP, insert a record into a MySQL database and return the ID for the record inserted. Report on any errors that may occur.

Solution:


  $insert_id = null;
  try
  {
    if(!$result = mysql_query('INSERT INTO my_table VALUES(null,"some value here")'))
    {
      throw new Exception('Query failed');
    }
    else
    {
      $insert_id = mysql_insert_id();
    }
  }
  catch (Exception $e)
  {
    echo $e->getMessage();
  }
  
  echo $insert_id;


Version mysqldump

April 3rd, 2012

Posted for my own reference. Here’s a crontab entry that will gzip a mysqldump into a versioned filename:

10 */1 * * * mysqldump -uuser -ppassword --single-transaction database_name | gzip -9 --rsyncable > /home/backup/`/bin/date +\%Y-\%m-\%d_\%H:\%M`-database_name.sql.gz

Don’t forget to garbage collect that directory later. This will delete all files in the /home/backup/ directory older than 35 days:

0 0 * * * find /home/backup/ -type f -mtime +35 -exec rm -f {} \;

Noodle Review Update

April 3rd, 2012

At one time noodlereview.com was going to be a ratings web site detailing activities for young children in DFW. Alas, that project couldn’t get enough traction behind it so now it’s a single page of content about various types of noodles.

This is an extension of the single web page experiment I ran a while back and if it attracts some traffic I will probably use it to launch a related product or fuel advertising/affiliate sales.

As of today, it is the most random web site in my collection.

PayPal Failure of server APACHE bridge

March 1st, 2012

I’m getting this error when I try to log in to PayPal today.

Failure of server APACHE bridge:

No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.

Does not inspire confidence.

PHP Sessions in Memcache

September 16th, 2011

One of my sites is outgrowing a single server and I’ve been looking into clustering and load balancing so it can continue to expand. My biggest concern (until today) was making the PHP sessions available in a distributed environment. The standard answer is to serve sessions via the database, but this site is already top heavy when it comes to database access and I don’t like the idea of adding to that.

Memcache comes up as a viable alternative (and I already use it for other types of caching) but I was concerned about a really involved setup process and was not looking forward to re-coding session handling in my application. Fortunately, I couldn’t have been more wrong! I followed the instructions from “Storing your PHP sessions using memcached” on the Dotdeb blog and had the entire system implemented on my development server in about 10 minutes. After a round of testing, I moved it out to the production server and it’s running nicely.

Total time investment was about 45 minutes and looks solid and scalable. Much better than the week or so I had originally anticipated. Go Memcache!

A Thank You for Veterans

November 11th, 2010

Today is Veterans Day. If you are a veteran, thank you.

New Server Setup

November 5th, 2010

This is a quick checklist to setup a new production server. It’s as much a reference for myself as anything else.

  1. Create a non-root user
  2. Install SSH
  3. Move SSH login to a non-standard port
  4. Update the default apt sources
  5. Disable root logins over SSH
  6. Install Advanced Policy Firewall (easy instructions for Debian)
  7. Configure APF (ports 80,443, and the SSH port to start with). IG_TCP_CPORTS in /etc/apf/conf.apf
  8. Install MySql, Apache2, and PHP5 (in that order)
  9. Install cronolog for log rotation
  10. Add virtual host access restrictions to /etc/apache2/conf.d/access_restrictions
  11. Add an .htpasswd file
  12. Modify, but don’t remove the default virtualhost file
  13. Install rsync if you’re using it for backups
  14. Add custom “security” config file to /etc/apache2/conf.d/ to protect some areas
  15. Install subversion if you’re using it for version control

References:
http://www.dangrossman.info/2007/03/18/dedicated-server-setup-checklist/
http://www.myserverzone.net/protection/7-debian-install-apf-advanced-policy-firewall.html
http://www.webhostgear.com/61.html

Using AWK with tail -f to Watch Referers

November 3rd, 2010

Sometimes I like to see which web sites are referring traffic to me in real time. Here’s the command line script I use to do it. It uses awk to parse the incoming log file for real time display in a terminal:

tail -f mylogfile-access.log | awk -F\" '($4 !~ /mysitename|^-?$/){print $4,$2}' | uniq

I use the mysitename and ^-?$ expresssions to strip out self-generated referrals and empty referral fields.

Review of mod_pagespeed for Apache

November 3rd, 2010

Saw a post on the Google code blog about an Apache module they’ve developed to “speed up the web”. Supposedly, it’s supposed to improve load times and user experience for web sites hosted on Apache servers. I ran a few tests and did not find that to be the case.

Setup

These tests were run against a test environment for my link tracking service. It’s built on the Symfony framework and is served by an Apache2 installation on a Debian Linux server.

I downloaded and installed the mod_pagespeed module per the installation instructions and ran eleven tests with it on, and another eleven with it off. The full results are below, but for the averages I discarded the highest and lowest numbers from each set. Results were measured across a local network using the Firebug Net Panel.

Results

Average load time in milliseconds using mod_pagespeed: 514.78
Average load time in milliseconds without mod_pagespeed: 381.78

Raw Data (sorted)

with/without
439 346
441 353
446 359
478 365
502 375
518 376
521 385
538 392
588 412
601 419
705 421

Conclusions

I think this speaks for itself. Google and I must be doing things differently – no big surprise there.

PHP file_put_contents and Concurrency

November 2nd, 2010

I recently received a question regarding PHP’s file_put_contents function and possible issues with concurrency for simultaneous write requests. After a bit of research and I uncovered a good bit of speculation – most of it suggesting that concurrency would, in fact, be an issue.

That answer didn’t feel right to me so I set up a simple test.

First, I wrote a PHP script to write to a file using the file_put_contents function:
<?php
file_put_contents('test_file.txt','data'."\n",FILE_APPEND);
echo strtotime('now');

Then I made an HTML page loaded with a thousand iframes to simulate a thousand simultaneous requests. It looked something like this:
<iframe src ="test_write_file.php" width="100%" height="25"><p>iframe</p></iframe>
<iframe src ="test_write_file.php" width="100%" height="25"><p>iframe</p></iframe>
<iframe src ="test_write_file.php" width="100%" height="25"><p>iframe</p></iframe>
<snip> x1000

Results

Three page loads took an average of 118.6 seconds to fully execute, and all 1,000 lines were written to the file each time. My observation is that overlapping requests were not discarded, but were queued pending lock release on the target file to be executed at the earliest opportunity.

While my definition of concurrency may not be accurate, I will go so far as to say that practically speaking, concurrency is not an issue for simultaneous write requests using PHP’s file_put_contents function.

Who is Keeton Harrington?

October 29th, 2010

I spend too much time googling my own name. Don’t judge me.

Today, I found the following posted on the Dreams and Dragons blog (run by Jeff Moore). It is quite possibly the best compliment I have ever received. Ever.

Also the site (http://www.1km1kt.net) owner Keeton Harrington has been incredibly supportive and encouraging of all my endeavors and I really like everything he stands for.

Thanks Jeff!

Source: Monkeying Around…

Desperate for more? Here’s everything you ever wanted to know about Keeton Harrington.

PECL Won’t Install OAuth on Debian

October 15th, 2010

Recently had a problem install Oauth on a Debian server via the PECL manager. Here’s error and solution:

The error:

**snip**
running: make
/bin/sh /var/tmp/pear-build-root/oauth-1.0.0/libtool --mode=compile gcc -I. -I/tmp/pear/temp/oauth -DPHP_ATOM_INC -I/var/tmp/pear-build-root/oauth-1.0.0/include -I/var/tmp/pear-build-root/oauth-1.0.0/main -I/tmp/pear/temp/oauth -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAVE_CONFIG_H -g -O2 -Wall -g -c /tmp/pear/temp/oauth/oauth.c -o oauth.lo
mkdir .libs
gcc -I. -I/tmp/pear/temp/oauth -DPHP_ATOM_INC -I/var/tmp/pear-build-root/oauth-1.0.0/include -I/var/tmp/pear-build-root/oauth-1.0.0/main -I/tmp/pear/temp/oauth -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAVE_CONFIG_H -g -O2 -Wall -g -c /tmp/pear/temp/oauth/oauth.c -fPIC -DPIC -o .libs/oauth.o
In file included from /tmp/pear/temp/oauth/php_oauth.h:47,
from /tmp/pear/temp/oauth/oauth.c:14:
/usr/include/php5/ext/pcre/php_pcre.h:29:18: error: pcre.h: No such file or directory
In file included from /tmp/pear/temp/oauth/php_oauth.h:47,
from /tmp/pear/temp/oauth/oauth.c:14:
/usr/include/php5/ext/pcre/php_pcre.h:45: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before â*â token
/usr/include/php5/ext/pcre/php_pcre.h:46: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before â*â token
/usr/include/php5/ext/pcre/php_pcre.h:52: error: expected specifier-qualifier-list before âpcreâ
make: *** [oauth.lo] Error 1
ERROR: `make' failed

The solution:
Needed to install libpcre3-dev (Perl 5 Compatible Regular Expression Library – development files) before PECL would make.

aptitude install libpcre3-dev

Tried PECL again, and it worked!

pecl install oauth

Track Outbound Links

October 8th, 2010

Why would anyone want to track outbound links away from their web site? Looking at the Linktrack.info stats, there are two main reasons:

  1. To make sure they’re in a reciprocating relationship
  2. To gauge why their customers leave

Not particularly ground breaking news, but statistically confirmed from a random sample of 50,000 links. Do with that what you will.

Linktrack Software Upgrade

October 1st, 2010

Last week we released a minor version upgrade for Linktrack.info, our link tracking service. The release was a major success, and we’ve gotten tons of compliments and new signups. Thanks to everyone who contributed feedback and feature suggestions!

Link Tracking

Paypal Released My Funds – Still Mad Though

October 1st, 2010

Earlier this week, I called Paypal on a whim to talk to them about the giant rolling reserve placed on my account a few months ago. I’ve moved a good portion of my business away from them since they placed it, but I still process all of my recurring payments through their service (it’s a pain to migrate recurring payments) and I have a lot of money tied up in reserve.

To my surprise, the friendly customer support rep that I talked to removed the reserve from my account (both the rolling reserve and the minimum reserve) and released all of the funds for immediate use.

Initially I was thrilled about the windfall and withdrew it immediately. After the initial surprise wore off, I remembered some important facts:

  • This was my money to begin with – not a gift from PayPal.
  • If I had resolved my account issues to their satisfaction, why hadn’t anyone contacted me?
  • What would have happened if I didn’t pick up the phone myself?
  • What’s stopping this from happening again?

While I appreciate that PayPal worked with me and that I have my money, the whole experience has soured me on their service. I’ll continue to use them while it’s convenient, but during this period I took the opportunity to setup my own merchant account and integrate it with most of my payment processing.

They’ve lost 75% of my business and will lose another 20% in the next six months as I re-program my recurring payment setup. I don’t know what outcome they were hoping for, but I don’t think this is it.

Dropping PayPal

June 1st, 2010

I’ve used PayPal as a payment processor for intangible goods for the last five years ago. As of today, I’m ending my business relationship with them.

In the last few weeks I’ve learned that processing tens of thousands of dollars each year, being a customer since they were founded, responding quickly and diligently to chargeback complaints, and never having balance issue doesn’t mean squat.

Despite the above, restrictions on my account currently include a 30% 90 day rolling reserve and a $928 dollar indefinite minimum reserve which are both way above industry standards. To top it off, PayPal is now initiating and resolving chargebacks against me that are entirely independent of the customer.

Let me be clear on that last bit: without the customer’s knowledge or request, PayPal determines that a sale is not eligible and refunds the customer’s money. Why? Good question. The explanation I’ve received so far was regurgitated boilerplate which is PayPal code for “because we said so”. I call it theft.

Managing PayPal has become the largest burden in my day to day operations. It used to be a good company to work with, but it’s time to take my business elsewhere.

SignatureConfirm.com Upgrade

May 19th, 2010

In the coming weeks, SignatureConfirm.com will launch its version 2.0 software on our web site http://www.signatureconfirm.com. We’re very excited about the new software and have been working over-time to include as many of the feature requests and improvements we could. The following is a list of potential questions new and existing users might have about the new version:

What’s new in version 2.0?

We’re introducing quite a few new features for contract management, as well as a paid subscription system. Expect to see support for multiple signatures on a contract, initials on certain sections, tracking metrics, audit logs and more!

How will the subscription system work?

We’ll have different account levels at a couple of different price points. Subscriptions will be billed on a monthly basis and every account type (including free accounts) will have access to all the features. The distinction will be in the number of contracts that can be made.

Will there still be a free account option?

Yes, absolutely.

How will this affect my existing account?

Existing accounts will be automatically imported into the new system and setup with the free account option. Any agreements in those accounts will remain active and won’t be counted toward the account limit. In short, your stuff will stay where it is, you will have full access to it, and you can use the new features with it.

I have more questions – who can I talk to?

Feel free to email me anytime: http://www.danifer.com/contact

Event Feedback with Joind.In

November 11th, 2009

I had a chance to talk with the lead developer for Joind.in, an online service designed to provide speakers with efficient and timely feedback from their audience. They have a really well-designed service and I can definitely recommend it if you’re a public speaker or event organizer.

From their web site:

Like the talk? Let ’em know!

Joind.in provides the missing link between the people attending a conference and the ones that presented. The usual method of handing out paper forms is outdated and needs to be replaced. That’s where we come in – attendees can post their comments directly to each of the talks they attended, giving the speaker direct feedback on how they did and what they can do to improve.

Joind.in also has something to offer the speakers – you can track your record across the conferences and see how changes in your talk might have made a difference in your ratings.

LinkTrack Facelift

April 9th, 2009

For those of you familiar with our link tracking service, you might have noticed with recently upgraded it with lots of new features and an account management system. Please check it out and send us your feedback!

DallasPHP Strategic MySql

February 11th, 2009

I attended the DallasPHP group last night. The topic was “Strategic MySql” which was well presented and concise. Here’s what I took away from the presentation/discussion:

  • ‘Limit’ statements do not reduce the size of a query. Instead it fetches the complete result set, and then serves the limited portion to you.
  • Rather than deleting data with one-to-one queries, consider marking your data “to be deleted” and handling it in a single automated query.
  • A utility table containing aggregate information like row counts is a great place to store and retrieve commonly accessed database information without the need for a high overhead query.
  • MyISAM is 10-40% faster at writing than InnoDB, but is not as flexible.
  • Mixing table types (MyISAM/InnoDB) based on the type of data they’re holding might sound like a good idea, but the extra overhead of handling two table types cancels out the benefits. Best to choose one and stick with it throughout.
  • Storing IP Addresses as a numeric value using inet_aton() is a far better idea that a 14 character varchar() field.
  • I need to learn more about something called MySql Slow Log.
  • Definitely need to look at something called “memcache”. Was described as “the easy button”.
  • Benchmarking tools to Google: MySqlslap and ApacheBench
  • Monitoring/reporting tool to Google: sqlyog
  • MySql caching is turned on by default in my.conf.

Those are my notes – hope you found them useful. Some things I need to do more research on, others are just tidbits I might not have thought to look up on my own.

This is actually the most valuable part of any developer’s group for me. Without other programmers to talk to, I’m essentially developing in my own bubble. It’s one thing to go and look up an answer to a question, but it’s another thing entirely to know which questions to ask.

Colo4Dallas.com Review

November 10th, 2008

I finally made the decision to move the web server that powers this site and the bulk of my online businesses out of my office and into a collocation facility. This was a big step for me since I’ve been running this server out of my office on the Verizon FIOS business network for the last two years and it generates a good bit of daily income.

I’m located in Lewisville, Texas so it was important that my collocation facility be located in the DFW metroplex, be reasonably priced, and have a good reputation. After searching some of my favorite online discussion forums, I finally settled on colo4dallas.com located in Irving, Texas. I found several good online reviews, lots personal unsolicited testimonials and very few negative reports. Their pricing to house my Dell SC430 tower server and my small firewall was $109.00/month with a $50.00 one time setup fee. My plan includes 1000gb of transfer which is plenty for me. I estimate I’m using less than 100gb/month now serving database driven web pages.

I placed my order on Monday night and was contacted by a sales rep via email the next day. I gave them details about the equipment I would be bringing and scheduled a time to come by. The sales/tech reps were responsive and helpful. They assigned me IP information the same day, and I was ready to go.

I brought my equipment to them at noon on a Saturday. There were several technicians in the building, and I had to be buzzed in to access the building. After being greeted by the technician in the monitoring room and showing my ID, another technician came out after about 15 minutes to help me get setup. They were prepared for my arrival since I had scheduled in advance and were ready for me when I showed up.

Talking to the technician, I learned that I would have 24 hour access to the building and that there was always someone there to open the front door and let me in. I could use the building’s wireless access with my laptop, and there were several kiosk computers in the lobby available to me as well. If I needed hands-on access to my machine I was allowed unrestricted access to the cage where my server was located, and I could use a cart with monitor/keyboard/mouse setup as needed.

Setup on my server did not go very well since there was an issue with the network cable assigned to me and the VLan designated for my equipment. I was there for a little over three hours – 20 minutes of that was actually bringing in and plugging in my equipment, and I spent another 30 minutes configuring my router and server. The remainder of that time was spent waiting on the technician to make changes to the cabling and VLan. Ultimately, however, I had scheduled 1-3 hours to install the server and I didn’t have any other plans for the day so this wasn’t a huge issue. With this kind of thing, I would prefer it be done right rather then quickly.

While I was waiting, I took a few pictures with my phone and plugged my laptop into the network my server was on. I ran a speed test and was pleased with 20mb+ speeds (both up and down).

On returning home, I found that I have access to a nice customer web interface that bundles billing and ticket systems together, and can be used to initiate a hands-on reboot (a free service). The system also has some nice traffic monitoring reports so I can see how much traffic is being generated. I particularly like their 15 minute reboot promise.

As of writing this article, my server has only been online with colo4dallas for a few days, so I can’t speak to their uptime or reliability. I was pleased with their facility (conditioned power, secure access, etc.) as well as their online communication and reporting.

My only concern with my experience is security related. Although the facility is well monitored, once I had shown an ID I was free to roam, look at and touch most of the other customer’s servers in the building. The technician did have to open a locked door to the cage where my server was located, but once there I could have plugged in to any of the 140-150 machines in the same cage. Other cages in the facility were mostly closed to me, but power cables and network connections were reachable through the bars and I was free to tour the entire floor. Since I didn’t pay extra for a locked cage, I don’t have too much to complain about. With all the cameras and ID requirements, I don’t anticipate any issues, but I had a lot of free time in the cage waiting for setup and it came to mind.

My impression with the colo4dallas is positive, and I’m looking forward to using their service. Moving the server out of my office will cut back on my electric bill, will reduce my uptime concerns, and will give me more bandwidth to work with.

Some pictures:

PHP Arrow Operator

June 19th, 2008

I’ve started the journey to learn more about OOP (Object Oriented Programming) with PHP and have seen the ‘->’ operator used in most of the code I’ve encountered.

Although it seems to be called the Arrow Operator, I can’t find reference to it other than this page on the php.net web site. Granted, I didn’t search all that long.

From my understanding, the PHP Arrow Operator references the method (a fancy name for a function called from within a class) or a property (a fancy name for a variable called from within a class) via a defined class. In English you would be saying, “I want to use this (method or property) from this class. When I see the arrow operator in code, I read it as “from” in my head.

Here’s another statement with an Arrow Operator translated:

$instance = new simpleClass();

Open up a new instance of this class and start using its logic.

echo $instance->exampleFunction();

Look in the class simpleClass and find the function called exampleFunction. Echo the results.

How to sell a product online

May 20th, 2008

Here’s a loose template for how I sell products online on one of my information-based web sites. There’s nothing particularly difficult or crafty about it, I just try and engage the customer at the most opportune moment.

Working Example: http://www.exportrules.com
Product: the downloadable “Sample Export Compliance Manual”
1st landing page goal: get people to sign up for the newsletter
2nd landing page goal: upsell visitors on the main product

Methodology:

  1. Build a comprehensive, article database from scratch. If people are going to buy your product, it helps to look like you know what you’re talking about. This is also good for attracting free search engine traffic. Your content should be unique, well written, and useful to your audience. You can monetize these non-sales pages with AdSense or something similar, but be careful not to drive traffic away from your primary goal.
  2. Bring in qualified traffic. You can build worthwhile free traffic by writing articles mentioned above. I also use Google Adwords which brings in the majority of my customers.
  3. Landing page #1 http://www.exportrules.com/FAQ_Free_Download.php. If you sign up for the free product, this puts you in the auto-responder queue. The free product is also directly related to the main product, thereby pre-qualifying potential buyers.
  4. Landing page #2 you’ll see after you sign up for the free download. This is where I start pushing the main product.
  5. Autoresponder emails. A series of 10 emails that soft sell the product and offer helpful information. Sign up for the mailing list to see examples.
  6. An automated system for processing orders and delivering product.

What you need:

  1. A professional looking web site built around a content management system. I like WordPress. You can either skin it with a public template or have something custom made for you. I go both routes for this.
  2. An article database of original, useful articles related to your field.
  3. An email system that ties into an auto-responder like Aweber.
  4. A delivery system for your product. If you’re doing affiliate marketing with someone else’s system this is easy. If you’re doing your own deliverable you’ll need a shopping cart of something similar to process orders.

The Downside of Social Networking

May 12th, 2008

I’m seeing the concept of social networking pop up all over the internet, and more and more its being touted as a business tool. If you’re thinking of investing some time into social marketing to grow your business, make sure you’re thinking about the big picture and the possible negative consequences to what you’re about do.

With that in mind, the most important reason I’ve found NOT to get into social networking (or at least to be extra careful when you do) is that your contact list and confidential business relationships are some of the most important assets your business has!

This is especially true if you sell any kind of product that relies primarily on customer service as its primary selling point. Let’s say you’re an insurance agent contracted with one of the major carriers. In my experience insurance is a highly competitive field, but can be effectively marketed using face to face networking. Once you’ve pounded the pavement to build up a client list, are you sure it’s a good idea to publicly advertise their names and contact information? What’s stopping your competitor from contacting each of your customers with a better deal?

For retail distributors, you might want to think twice before you publish your wholesale supplier’s contact information on your Facebook friends list. For those who outsource, you may want to reconsider letting your customers contact your vendors directly.

Information is one of the largest assets most companies have available to them. While there are many positive aspects of social marketing, it’s just as important to consider what you have to lose.

Decrypting md5 strings

May 10th, 2008

I found out today that you can decrypt md5 hashes by comparing the string to a known value database. Here’s an md5 decryption search engine designed to do just that. I got this from procodr which has consumed my morning with interesting articles.

Search Engine Optimization

May 2nd, 2008

The other day, one of my clients got an email from a search engine optimization specialist. I was thrilled when he asked my opinion regarding the outfit that was wanting to do business with him, and I thought there were some points worth publishing.

Here’s the original email forwarded by my customer:

xxx,

I just got off the phone with your assistant; she was calling to find out more information about the message I left you regarding xxx xxx. She mentioned that you currently have a contract with someone who is optimizing your site to show up in Google for terms such as “Fort Worth bankruptcy lawyer.” The conversation ended pretty quick when I let her know from a professional standpoint that your website is not showing up for the major terms and probably will never show up if the work done on your site stays consistent (I think you are on page 25).

I mentioned xxx xxx to showcase our capabilities; he is a well know Dallas criminal (DWI) lawyer. We have optimized his site so that it shows up on the first page for “Dallas DWI lawyer,” and like terms (www.xxx.com). If you know anything about the market you will recognize that these are probably the most competitive terms in the market. I have met with 4 other bankruptcy attorneys in Fort Worth and am looking to work exclusively with just one. If you plan on growing your firm via the internet then it probably makes sense that we set aside time to speak at some point before the end of the week or on Monday. You may reach me at xxx.xxx.xxxx. If you would like more information please visit our site www.xxx.com.

And my response:

Hi xxx,

His is an extremely competitive industry, and it’s also a very new industry. There are some legitimate firms out there, but there a lot more snake oil salesmen. Here are some things to keep in mind:

  1. He’s talking about Search Engine Optimization which is designed to help your web site show up in the natural search results. This is different from the paid search campaign that we’ve been discussing.
  2. If search engine optimization is something you’re interested in, I would ask about their pricing, whether they intend to put you on contract, and whether they can guarantee results.
  3. The first thing most SEO companies will do is come in to work with the structure of the web site. This generally includes things like title tags, meta tags, proper use of headers, and the actual content of the site. These were all taken into consideration as we rebuilt the site, and it’s not something I charge for.
  4. Lastly, there are a lot of “tricks” to search engine optimization, but the most successful method is often times the least used because it requires a lot of effort. There is no substitution for publishing original, valuable content online. If his estimate comes back as high as I’m guessing, I would consider hiring a content writer to fill out your site rather than an SEO specialist. This is just an opinion.

Call me sometime and we can talk a bit more about this. I’ve had a good bit of success jockeying two of my projects to the top of the search engines over the last few years and I’m more than happy share what I know. They are:

Itintl.com
http://www.google.com/search?q=how+to+import

1km1kt.net
http://www.google.com/search?q=free+rpg+games

Keeton

Pay-Per-Use Web Site Model

May 1st, 2008

I’m sitting in my office trying to come up with an effective way to make the leap from web site revenue driven by advertising, to one revenue driven by payment for use of the service.

Right now, I have four web sites that are candidates for the pay-per-use business model. They are:

Here are the issues I’m facing. FYI – I don’t have answers to these questions yet (that will probably come in a later post).

  • How can I implement a pay per use model without losing a significant portion of the users?
  • What can I reasonably charge for the service?
  • How should I charge? Subscriptions? Individual Transactions?

I’m really starting to believe that online services are the next generation of the web, and I want to be a part of it.

Paypal Business Update Page Not Working

April 10th, 2008

I recently tried to update a client’s PayPal account from an individual account to a business account. After submitting the update form, I got a page entitled “Page Not Found” with a link to retry or go to the PayPal home page.

I assumed that this was a temporary issue and that they were experiencing an outage or upgrading their system. After a week of trying at different intervals I sent an email to their support department. You can see the support message below.

After receiving the reply from the support team, I re-attempted the upgrade process several more times over a few days using different browsers at with a variety of security settings.

Still unable to upgrade my PayPal account, I finally phoned in and was informed that this was a known issue and that they were unable to provide an estimated completion date. In addition, there was no way to upgrade my account manually and that I should continue to try the online form.

So, if you’re having trouble upgrading your PayPal account, this might be why.

Here’s the message I sent to support:

Original Message Follows:
————————
Form Message
customer subject: Business upgrade problem – page not found.
customer message: What would you like to do with your account type?:
‘upgrd_acct’
Additional Information: ‘When I fill out the form to upgrade my account to a business account, I get a page titled “page not found” with a link to retry the form. When will this be working again and is there another way to upgrade my account?

Thank you,

Keeton

Here’s the response:

From: webform@paypal.com [mailto:webform@paypal.com]
Sent: Sunday, April 06, 2008 7:57 PM
To: XXX
Subject: Re: MyAccount (Routing Code: XXXX-XXXX-XXXXXX-XXXX-XXXXXXX) (XXXXXXXXXXXXXXXXXXX) :ppk1

Dear XXX,

Thank you for contacting PayPal.

I apologize for the delay of our response.

My name is Solad and I am happy to assist you today. I understand that you are having difficulty upgrading your account to a business account. I apologize for the inconvenience this may have caused you. I’ll be happy to check that for you.

If you are receiving the error message ‘page cannot be displayed’ or ‘page cannot be found’ while attempting to access your account or open a new one, it may be because your browser’s security level is set too low.

For maximum security, you should consider upgrading to a Netscape or Microsoft browser supporting 128-bit encryption. Below are the instructions for viewing your browser security level.

For Microsoft Internet Explorer:

1. Open your Internet Explorer browser and select ‘Help” from the toolbar

2. Select ‘About Internet Explorer’

3. On the About Internet Explorer window, you will be given a version number and a cipher strength (encryption rate)

4. If your cipher strength is less than 128-bit, you may update by going to your ‘Tools’ tab and select ‘Windows Update’. (You may also click Help, click About Internet Explorer, and then click Update
Information.)

5. This will direct you to the Microsoft web site to upgrade your browser

You will also need to check the browser settings:

1. Click Start–>Settings–>Control Panel and open ‘Internet Options’

2. Click the ‘Advanced’ tab, scroll to the bottom of the scroll window

3. Ensure that ‘Use SSL 2.0’, ‘Use SSL 3.0’ and ‘Use TLS 1.0’ place a ‘check’ in the checkbox next to each of these options

For Netscape Communicator or Navigator:

1. Click ‘Help’ and then ‘About Communicator or Navigator’

2. In the window that opens, look for a section on RSA security

3. If this section reads, ‘This version supports U.S. security’, then your browser supports 128-bit encryption.

4. Otherwise, it will indicate you have an export version, which only supports 40-bit. (Further details are also available by clicking on Security in the Navigator toolbar)

5. If you need to upgrade your Netscape browser, go to http://home.netscape.com and click the ‘Download’ graphic at the top of the page

For other browsers, please view your help files for more information about upgrading to a more recent version.

If the cipher strength is already set to 128 bit, you will need to clear your cookies.

Double-checking your time and date on your computer may also help with your issue:

1. Click the Start button in the lower left hand corner

2. Scroll up to Settings and click on Control Panel

3. Double click Date/Time

4. Make sure the year is set to the correct year

Once your changes have been made, you may need to reboot your computer.

Please Note: If you are getting ‘Page Cannot be Displayed’ when trying to open a new account, it could be your cookies are not enabled. Once your cookies are enabled, you should be able to view the PayPal pages.

If this still doesn’t work, try clearing your cookies and cache on your computer.

If you are experiencing problems with our website that have not been encountered before, it is likely that you have a corrupted cookie. The easiest way to clear cookies is to remove them from your computer rather than the web browser.

Cookies are small text files (usually less than 1K in size) that websites send to your computer’s hard drive to identify you when you return. Think of them as your ID (identification) badge. Cookies are harmless and cannot affect the performance of your computer.

Without the cookie file, websites you frequent, like PayPal.com, will treat you as a new user each time you return.

Follow these simple steps to clear your cookies:

1. Open your Internet Explorer browser by clicking on the blue “e.”

2. Click “Tools” located at the top of the browser and select “Internet Options.”

3. Click “Delete Cookies”.

4. Click “OK” and “OK” again.

5. Restart your browser.

These steps should work for most Browsers types.

For IE 7, XP, and Vista users:

1. Open your Internet Explorer browser.

2. Click “Tools” located at the top of the browser and select “Internet Options.”

3. Under Browsing history, click the “Settings” button.

4. Click the “View files” button.

5. Click “Edit” at the top of the browser and then “Select All.”

6. Press the “Delete” key on your keyboard.

7. Click “Yes” if you are prompted with “Are you sure you want to delete the selected Cookies?”

8. Restart your browser.

To clear cookies for Macintosh using Internet Explorer, follow the steps
below:

1. Click “Explorer” or “Edit” at the top of the screen.

2. Click “Preferences.”

3. Under Web Browser preferences, click “ADVANCED.”

4. Click “Empty Now” on the right.

5. Click “OK”.

6. Restart your browser.

If it still doesn’t work, kindly contact your internet provider to change some settings on your account with them.

If you have any further questions, please feel free to contact us again.

Sincerely,
Solad
PayPal Consumer Support
PayPal, an eBay Company

Google Adwords display URL policy for Tracking URLs

March 23rd, 2008

Google recently announced that there would be an “Important Change to URL Policy Enforcement” primarily focused on matching domain names, Display URLs, Landing page URLs, and Destination URLs.

What I was unaware of prior to the article (and I’m still not sure) is that Google allows the use of tracking URLs that don’t match the landing page URL domain name. I always assumed that the landing page URL had to match the domain of the display URL – no exceoptions.

Apparently, however, it is acceptable to use a tracking URL from a service like LinkTrack to monitor link activity.

You learn something new every day I guess, but this is definitely something I will be taking advantage of in the future.