Création des Logiciels de gestion d'Entreprise, Création et référencement des sites web, Réseaux et Maintenance, Conception
salam every one, this is a topic from google web master centrale blog: Webmaster level: Intermediate
As more and more users worldwide with mobile devices access the Internet, it’s fantastic to see so many websites making their content accessible and useful for those devices. To help webmasters optimize their sites we launched our recommendations for smartphones, feature-phones, tablets, and Googlebot-friendly sites in June 2012.
We’re happy to announce that those recommendations are now also available in Arabic, Brazilian Portuguese, Dutch, French, German, Italian, Japanese, Polish, Russian, Simplified Chinese, and Spanish. US-based webmasters are welcome to read the UK-English version.
We welcome you to go through our recommendations, pick the configuration that you feel will work best with your website, and get ready to jump on the mobile bandwagon!
Thanks to the fantastic webmaster-outreach team in Dublin, Tokyo and Beijing for making this possible!
this is a topic published in 2013... to get contents for your blog or your forum, just contact me at: devnasser@gmail.com
As more and more users worldwide with mobile devices access the Internet, it’s fantastic to see so many websites making their content accessible and useful for those devices. To help webmasters optimize their sites we launched our recommendations for smartphones, feature-phones, tablets, and Googlebot-friendly sites in June 2012.
We’re happy to announce that those recommendations are now also available in Arabic, Brazilian Portuguese, Dutch, French, German, Italian, Japanese, Polish, Russian, Simplified Chinese, and Spanish. US-based webmasters are welcome to read the UK-English version.
We welcome you to go through our recommendations, pick the configuration that you feel will work best with your website, and get ready to jump on the mobile bandwagon!
Thanks to the fantastic webmaster-outreach team in Dublin, Tokyo and Beijing for making this possible!
this is a topic published in 2013... to get contents for your blog or your forum, just contact me at: devnasser@gmail.com
salam every one, this is a topic from google web master centrale blog:
These days, the majority of websites are built around applications to provide good services to their users. In particular, are widely used to create, edit and administrate content. Due to the interactive nature of these systems, where the input of users is fundamental, it's important to think about security in order to avoid exploits by malicious third parties and to ensure the best user experience.
Some types of hacking attempts and how to prevent them
There are many different types of attacks hackers can conduct in order to take partial or total control of a website. In general, the most common and dangerous ones are SQL injection and cross-site scripting (XSS).
SQL injection is a technique to inject a piece of malicious code in a web application, exploiting a security vulnerability at the database level to change its behavior. It is a really powerful technique, considering that it can manipulate URLs (query string) or any form (search, login, email registration) to inject malicious code. You can find some examples of SQL injection at the Web Application Security Consortium.
There are definitely some precautions that can be taken to avoid this kind of attack. For example, it's a good practice to add a layer between a form on the front end and the database in the back end. In PHP, the PDO extension is often used to work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement. Another really easy technique is character escaping, where all the dangerous characters that can have a direct effect on the database structure are escaped. For instance, every occurrence of a single quote ['] in a parameter must be replaced by two single quotes [''] to form a valid SQL string literal. These are only two of the most common actions you can take to improve the security of a site and avoid SQL injections. Online you can find many other specific resources that can fit your needs (programming languages, specific web applications ...).
The other technique that we're going to introduce here is cross-site scripting (XSS). XSS is a technique used to inject malicious code in a webpage, exploiting security vulnerabilities of web applications. This kind of attack is possible where the web application is processing data obtained through user input and without any further check or validation before returning it to the final user. You can find some examples of cross-site scripting at the Web Application Security Consortium.
There are many ways of securing a web application against this technique. Some easy actions that can be taken include:
SQL injection and cross-site scripting are only two of the many techniques used by hackers to attack and exploit innocent sites. As a general security guideline, it's important to always stay updated on security issues and, in particular when using third party software, to make sure you've installed the latest available version. Many web applications are built around big communities, offering constant support and updates.
To give a few examples, four of the biggest communities of Open Source content management systems—Joomla, WordPress, PHP-Nuke, and Drupal—offer useful guidelines on security on their websites and host big community-driven forums where users can escalate issues and ask for support. For instance, in the Hardening WordPress section of its website, WordPress offers comprehensive documentation on how to strengthen the security of its CMS. Joomla offers many resources regarding security, in particular a Security Checklist with a comprehensive list of actions webmasters should take to improve the security of a website based on Joomla. On Drupal's site, you can access information about security issues by going to their Security section. You can also subscribe to their security mailing list to be constantly updated on ongoing issues. PHP-Nuke offers some documentation about Security in chapter 23 of their How to section, dedicated to the system management of this CMS platform. They also have a section called Hacked - Now what? that offers guidelines to solve issues related to hacking.
Some ways to identify the hacking of your site
As mentioned above, there are many different types of attacks hackers can perform on a site, and there are different methods of exploiting an innocent site. When hackers are able to take complete control of a site, they can deface it (changing the homepage), erase all the content (dropping the tables of your database), or insert malware or cookie stealers. They can also exploit a site for spamming, such as by hiding links pointing to spammy resources or creating pages that redirect to malware sites. When these changes in your application are evident (like defacing), you can easily spot the hacking activity; but for other types of exploits, in particular those with spammy intent, it won't be so obvious. Google, through some of its products, offers webmasters some ways of spotting if a site has been hacked or modified by a third party without permission. For example, by using Google Search you can spot typical keywords added by hackers to your website and identify the pages that have been compromised. Just open google.com and run a site: search query on your website, looking for commercial keywords that hackers commonly use for spammy purposes (such as viagra, porn, mp3, gambling, etc.):
[site:example.com viagra]
If you're not already familiar with the site: search operator, it's a way to query Google by restricting your search to a specific site. For example, the search site:googleblog.blogspot.com will only return results from the Official Google Blog. When adding spammy keywords to this type of query, Google will return all the indexed pages of your website that contain those spammy keywords and that are, with high probability, hacked. To check these suspicious pages, just open the cached version proposed by Google and you will be able to spot the hacked behavior, if any. You could then clean up your compromised pages and also check for any anomalies in the configuration files of your server (for example on Apache web servers: .htaccess and httpd.conf).
If your site doesn't show up in Google's search results anymore, it could mean that Google has already spotted bad practices on your site as a result of the hacking and may have temporarily removed it from our index, due to infringement of our webmaster quality guidelines.
In order to constantly keep an eye on the presence of suspicious keywords on your website, you could also use Google Alerts to monitor queries like:
site:example.com viagra OR casino OR porn OR ringtones
You will receive an email alert whenever these keywords are found in the content of your site.
You can also use Google's Webmaster Tools to spot any hacking activity on your site. Webmaster Tools provide statistics about top search queries for your site. This data will help you to monitor if your site is ranking for suspicious unrelated spammy keywords. The 'What Googlebot sees' data is also useful, since you'll see whether Google is detecting any unusual keywords on your site, regardless of whether you're ranking for them or not.
If you have a Webmaster Tools account and Google believes that your site has been hacked, often you will be notified according to the type of exploit on your site:
Your site has been hacked or is serving malware? First, clean up the malware mess and then do one of the following:
this is a topic published in 2013... to get contents for your blog or your forum, just contact me at: devnasser@gmail.comSome types of hacking attempts and how to prevent them
There are many different types of attacks hackers can conduct in order to take partial or total control of a website. In general, the most common and dangerous ones are SQL injection and cross-site scripting (XSS).
SQL injection is a technique to inject a piece of malicious code in a web application, exploiting a security vulnerability at the database level to change its behavior. It is a really powerful technique, considering that it can manipulate URLs (query string) or any form (search, login, email registration) to inject malicious code. You can find some examples of SQL injection at the Web Application Security Consortium.
There are definitely some precautions that can be taken to avoid this kind of attack. For example, it's a good practice to add a layer between a form on the front end and the database in the back end. In PHP, the PDO extension is often used to work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement. Another really easy technique is character escaping, where all the dangerous characters that can have a direct effect on the database structure are escaped. For instance, every occurrence of a single quote ['] in a parameter must be replaced by two single quotes [''] to form a valid SQL string literal. These are only two of the most common actions you can take to improve the security of a site and avoid SQL injections. Online you can find many other specific resources that can fit your needs (programming languages, specific web applications ...).
The other technique that we're going to introduce here is cross-site scripting (XSS). XSS is a technique used to inject malicious code in a webpage, exploiting security vulnerabilities of web applications. This kind of attack is possible where the web application is processing data obtained through user input and without any further check or validation before returning it to the final user. You can find some examples of cross-site scripting at the Web Application Security Consortium.
There are many ways of securing a web application against this technique. Some easy actions that can be taken include:
- Stripping the input that can be inserted in a form (for example, see the strip tags function in PHP);
- Using data encoding to avoid direct injection of potentially malicious characters (for example, see the htmlspecialchars function in PHP);
- Creating a layer between data input and the back end to avoid direct injection of code in the application.
SQL injection and cross-site scripting are only two of the many techniques used by hackers to attack and exploit innocent sites. As a general security guideline, it's important to always stay updated on security issues and, in particular when using third party software, to make sure you've installed the latest available version. Many web applications are built around big communities, offering constant support and updates.
To give a few examples, four of the biggest communities of Open Source content management systems—Joomla, WordPress, PHP-Nuke, and Drupal—offer useful guidelines on security on their websites and host big community-driven forums where users can escalate issues and ask for support. For instance, in the Hardening WordPress section of its website, WordPress offers comprehensive documentation on how to strengthen the security of its CMS. Joomla offers many resources regarding security, in particular a Security Checklist with a comprehensive list of actions webmasters should take to improve the security of a website based on Joomla. On Drupal's site, you can access information about security issues by going to their Security section. You can also subscribe to their security mailing list to be constantly updated on ongoing issues. PHP-Nuke offers some documentation about Security in chapter 23 of their How to section, dedicated to the system management of this CMS platform. They also have a section called Hacked - Now what? that offers guidelines to solve issues related to hacking.
Some ways to identify the hacking of your site
As mentioned above, there are many different types of attacks hackers can perform on a site, and there are different methods of exploiting an innocent site. When hackers are able to take complete control of a site, they can deface it (changing the homepage), erase all the content (dropping the tables of your database), or insert malware or cookie stealers. They can also exploit a site for spamming, such as by hiding links pointing to spammy resources or creating pages that redirect to malware sites. When these changes in your application are evident (like defacing), you can easily spot the hacking activity; but for other types of exploits, in particular those with spammy intent, it won't be so obvious. Google, through some of its products, offers webmasters some ways of spotting if a site has been hacked or modified by a third party without permission. For example, by using Google Search you can spot typical keywords added by hackers to your website and identify the pages that have been compromised. Just open google.com and run a site: search query on your website, looking for commercial keywords that hackers commonly use for spammy purposes (such as viagra, porn, mp3, gambling, etc.):
[site:example.com viagra]
If you're not already familiar with the site: search operator, it's a way to query Google by restricting your search to a specific site. For example, the search site:googleblog.blogspot.com will only return results from the Official Google Blog. When adding spammy keywords to this type of query, Google will return all the indexed pages of your website that contain those spammy keywords and that are, with high probability, hacked. To check these suspicious pages, just open the cached version proposed by Google and you will be able to spot the hacked behavior, if any. You could then clean up your compromised pages and also check for any anomalies in the configuration files of your server (for example on Apache web servers: .htaccess and httpd.conf).
If your site doesn't show up in Google's search results anymore, it could mean that Google has already spotted bad practices on your site as a result of the hacking and may have temporarily removed it from our index, due to infringement of our webmaster quality guidelines.
In order to constantly keep an eye on the presence of suspicious keywords on your website, you could also use Google Alerts to monitor queries like:
site:example.com viagra OR casino OR porn OR ringtones
You will receive an email alert whenever these keywords are found in the content of your site.
You can also use Google's Webmaster Tools to spot any hacking activity on your site. Webmaster Tools provide statistics about top search queries for your site. This data will help you to monitor if your site is ranking for suspicious unrelated spammy keywords. The 'What Googlebot sees' data is also useful, since you'll see whether Google is detecting any unusual keywords on your site, regardless of whether you're ranking for them or not.
If you have a Webmaster Tools account and Google believes that your site has been hacked, often you will be notified according to the type of exploit on your site:
- If a malicious third party is using your site for spammy behaviors (such as hiding links or creating spammy pages) and it has been detected by our crawler, often you will be notified in the Message Center with detailed information (a sample of hacked URLs or anchor text of the hidden links);
- If your site is exploited to place malicious software such as malware, you will see a malware warning on the 'Overview' page of your Webmaster Tools account.
Your site has been hacked or is serving malware? First, clean up the malware mess and then do one of the following:
- If your site was hacked for spammy purpose, please visit our reconsideration request page through Webmaster Tools to request reconsideration of your site;
- If your site was serving malware to users, please submit a malware review request on the 'Overview' page of Webmaster Tools.
salam every one, this is a topic from google web master centrale blog:
Today's the first day of spring in the Northern Hemisphere, so now is a perfect time to start your spring cleaning. But as a webmaster, your chores don't end after you've cleaned the garage -- you'll probably also want to do some cleaning on your server as well.
Exterior
Before we get to the interior, step outside, and see how your site looks from the street -- or in Google search results. Just head on over to your nearest Google search box, and do a site search on your site using the query format [site:example.com]. Just like you keep your street number visible on your house, and maybe even your name on the mailbox, check to see that your visitors can easily identify your site and its contents from the title and snippet listed in Google. If you'd like to improve your current appearance, try out the content analysis feature in Webmaster Tools, and read up on how to influence your snippets.
Speaking of making your address visible, how are you listed? My name is Michael, but I'll also answer to Mike or even Wysz. However, I only expect to be listed once in the phone book. Similarly, your site may have pages that can be accessed from multiple URLs: for instance, www.example.com and example.com. To consolidate your site's listings in Google, use 301 redirects to tell Google (and other search engines) how you'd prefer your pages to be listed. You can also easily let Google know about your preferred domain via Webmaster Tools. And just like I'd want my bank to understand that deposits to Mike and Michael should route to the same account, those redirects can help Google appropriately consolidate link properties (like PageRank) to the destination page.
Interior
No matter how clean your home is, all that work may go unnoticed if your visitors can't get in the door or find their way around. Review your site's appearance and functionality on multiple browsers to make sure that all of your visitors get the experience you've worked so hard to design. Not everyone uses Internet Explorer, so it's a good idea to test using browsers representing different layout engines. Firefox, Safari, and Opera all see things differently, and these three browsers likely control how at least 20% of your users are experiencing the web. For some sites it can be dramatically higher -- The New York Times recently reported that around 38% of their online readers used either Firefox or Safari.
If your site requires the use of plug-ins, check to see how this additional content behaves across different operating systems. Keep in mind that many people only update their operating system with the purchase of a new computer, so go back a version or two and see how your site works on yesterday's OS. And to make sure you're not completely shutting out visitors with limited capabilities, try to navigate your site without using images, Flash or JavaScript. If you want to see where Google may be having trouble getting in, check Webmaster Tools to see if there have been any crawl errors reported for your site.
Taking out the trash
Unfortunately, many of us have hosted unwelcome guests. If they left a mess behind, do your future visitors a favor and get rid of the garbage. Tear out spammed guestbook pages. Pull out those weeds in your forum that were planted by an off-topic advertiser. And while you're throwing stuff away, look out for any blank or abandoned pages. We've all had projects in the basement that never got finished. If your site still shows URLs with one of those circa-1997 "under construction" graphics or templates showing "Products > Shirts > Graphic T's: There are no graphic t's at this time" and they're just gathering dust, it's probably safe to say you'll never get around to finishing it. After you've collected the junk and corrected any broken links on your site, make sure you let everyone know it's really gone by using the 404 HTTP status code. You can check to see which code your server is returning by using the Live HTTP Headers extension for Firefox.
Security and preventive maintenance
To prevent problems with future visitors, especially those who may try to come in your back door at night, go through our checklist to verify you've covered security basics.
If your site's maintenance tasks, such as upgrading software packages, make your content temporarily unavailable, let your visitors know to "pardon the dust" by using the 503 HTTP status code. This will let Google know to check back later, and not index your error page as part of your site's content. If you're using WordPress, you can easily set up your message along with the status code using the Maintenance Mode plug-in.
And speaking of intruders and software updates, you just never know when something will go wrong. Before something does happen, now is a great time to evaluate your backup strategy. Like insurance for your home, the effort and expense put into it is well worth the peace of mind alone, not to mention if you ever actually need it. A good backup system archives your backups in a different location than the working site, and happens automatically to avoid the problems of forgetfulness. It's a great idea to make a backup of your site (including databases) right before running any software updates or making a major change.this is a topic published in 2013... to get contents for your blog or your forum, just contact me at: devnasser@gmail.com
Today's the first day of spring in the Northern Hemisphere, so now is a perfect time to start your spring cleaning. But as a webmaster, your chores don't end after you've cleaned the garage -- you'll probably also want to do some cleaning on your server as well.
Exterior
Before we get to the interior, step outside, and see how your site looks from the street -- or in Google search results. Just head on over to your nearest Google search box, and do a site search on your site using the query format [site:example.com]. Just like you keep your street number visible on your house, and maybe even your name on the mailbox, check to see that your visitors can easily identify your site and its contents from the title and snippet listed in Google. If you'd like to improve your current appearance, try out the content analysis feature in Webmaster Tools, and read up on how to influence your snippets.
Speaking of making your address visible, how are you listed? My name is Michael, but I'll also answer to Mike or even Wysz. However, I only expect to be listed once in the phone book. Similarly, your site may have pages that can be accessed from multiple URLs: for instance, www.example.com and example.com. To consolidate your site's listings in Google, use 301 redirects to tell Google (and other search engines) how you'd prefer your pages to be listed. You can also easily let Google know about your preferred domain via Webmaster Tools. And just like I'd want my bank to understand that deposits to Mike and Michael should route to the same account, those redirects can help Google appropriately consolidate link properties (like PageRank) to the destination page.
Interior
No matter how clean your home is, all that work may go unnoticed if your visitors can't get in the door or find their way around. Review your site's appearance and functionality on multiple browsers to make sure that all of your visitors get the experience you've worked so hard to design. Not everyone uses Internet Explorer, so it's a good idea to test using browsers representing different layout engines. Firefox, Safari, and Opera all see things differently, and these three browsers likely control how at least 20% of your users are experiencing the web. For some sites it can be dramatically higher -- The New York Times recently reported that around 38% of their online readers used either Firefox or Safari.
If your site requires the use of plug-ins, check to see how this additional content behaves across different operating systems. Keep in mind that many people only update their operating system with the purchase of a new computer, so go back a version or two and see how your site works on yesterday's OS. And to make sure you're not completely shutting out visitors with limited capabilities, try to navigate your site without using images, Flash or JavaScript. If you want to see where Google may be having trouble getting in, check Webmaster Tools to see if there have been any crawl errors reported for your site.
Taking out the trash
Unfortunately, many of us have hosted unwelcome guests. If they left a mess behind, do your future visitors a favor and get rid of the garbage. Tear out spammed guestbook pages. Pull out those weeds in your forum that were planted by an off-topic advertiser. And while you're throwing stuff away, look out for any blank or abandoned pages. We've all had projects in the basement that never got finished. If your site still shows URLs with one of those circa-1997 "under construction" graphics or templates showing "Products > Shirts > Graphic T's: There are no graphic t's at this time" and they're just gathering dust, it's probably safe to say you'll never get around to finishing it. After you've collected the junk and corrected any broken links on your site, make sure you let everyone know it's really gone by using the 404 HTTP status code. You can check to see which code your server is returning by using the Live HTTP Headers extension for Firefox.
Security and preventive maintenance
To prevent problems with future visitors, especially those who may try to come in your back door at night, go through our checklist to verify you've covered security basics.
If your site's maintenance tasks, such as upgrading software packages, make your content temporarily unavailable, let your visitors know to "pardon the dust" by using the 503 HTTP status code. This will let Google know to check back later, and not index your error page as part of your site's content. If you're using WordPress, you can easily set up your message along with the status code using the Maintenance Mode plug-in.
And speaking of intruders and software updates, you just never know when something will go wrong. Before something does happen, now is a great time to evaluate your backup strategy. Like insurance for your home, the effort and expense put into it is well worth the peace of mind alone, not to mention if you ever actually need it. A good backup system archives your backups in a different location than the working site, and happens automatically to avoid the problems of forgetfulness. It's a great idea to make a backup of your site (including databases) right before running any software updates or making a major change.this is a topic published in 2013... to get contents for your blog or your forum, just contact me at: devnasser@gmail.com