How long would it take you to notice that your website has been compromised?

My last post concerning mass sql hacks of websites shows what can happen if your website is distributing malware and you don’t act fast enough. In that post, I also mentioned it might be a good idea to have some sort of self-checking mechanism integrated in your CMS which would alert you if unauthorized changes were made. While I still think that’s a good idea, there’s a much easier and faster option when it comes to small, rather static websites: change detection services!

Here’s a few I found through search engines, a blog post from 2005 by Marshall Kirkpatrick and an article in c’t magazine 4/2008 (page 170):

ChangeAlarm – free, typically checks for updates once per day

ChangeDetect – free and paid membership options

ChangeDetection – free, typically checks for updates once per day, does not detect changes in HTML tags

InfoMinder – no free membership, 30 day trial available

TheWebWatcher – free for personal use, monitoring intervals starting from 1h

TracerLock – no free membership, max 20 URLs, 4 US$/month

TrackEngine – free, 19,95 US$/year for 10 “bookmarks”, 4,95 US$/month for 50 “bookmarks”, possibly includes more frequent updates for paid services

WatchThatPage – free, priority accounts available for donation of US$ 20/year. Fastest update: once per day. There seems to be no limit on the number of pages you can watch. Pages can be organized in folders. Simple keyword filtering available. Refuses to watch pages with badly mangled HTML.

Yes, I know, most of these sites scream “web 1.0” at you and – ironically – seem to be averse to change themselves (the latest news on TrackEngine are from December 2001, Merry Christmas!). They won’t really help if you’re in charge of large websites with thousands of pages. However, they might be appropriate for small websites, like this one which has been displaying “OwNed By un alien …” for months on the “liens” and “evenements” pages.

I’ll update this post after trying out some of these services (you can subscribe to my RSS feed here đŸ˜‰ ). Please note there’s also tons of change detection software (running locally on your computer) which I’m not covering here.

Good news from Paypal and Moneybookers

It was a bizarre situation: Paypal had acquired a bank license and transferred its headquarters  to Luxembourg and still, if you were a Paypal customer in Luxembourg, your only option was to withdraw funds to a U.S. bank account or to spend them. Withdrawal to a local bank account or to an account in another EU member state? No way.

At least, that used to be the situation until…  well, I have no idea when they actually changed this, but anyhow: It’s finally possible to withdraw money to a bank account in Luxembourg!

Paypal - withdraw funds in Luxembourg

As you can see, you can alternatively withdraw funds to a credit/debit card (this feature had been announced on the Paypal Blog in September).

I’m just glad I didn’t go through the trouble of establishing a bank account in the U.S. just to be able to withdraw funds.


In other “news that I apparently missed”, Paypal competitor Moneybookers [affiliate link] is allowing merchants to accept payments with the French Carte Bleue. As far as I know, this is the first and only option to accept the Carte Bleue without the need to establish a merchant account (compte commerçant) with a French bank.

While most Carte Bleues (>90%?) are nowadays co-branded with the Visa logo, giving potential customers in France the additional option of using the Carte Bleue Nationale sounds like a good idea to me, especially if the implementation is as simple as it is with Moneybookers.

I’m about to change my company’s online shops’ payment pages and might post again in a few weeks about the acceptance of Moneybooker’s Carte Bleue payment option.

Search Bar with your Associates ID

The problem: You (or your organization) has joined Amazon’s associate program. You’ve put a link on your website. You’ve kindly asked everyone you know to click on it so that you can receive a commission. Yet, many people don’t use your link, not because they don’t like you, but because they forget to visit your web site first or just think that’s too complicated.

The solution: Expand the search bar (already available on all modern browsers) to include an search which automatically transmits your associate tag (also called Associates ID).

Too complicated, you say? Not at all. You can easily set up your customized search add-on in a few minutes. Continue reading Search Bar with your Associates ID

vtiger CRM 5.0.3 release announced for April

vtiger CRM - photo montage using iStockphoto file no. 2093341vtiger announced today that the newest version of its popular open source CRM software is going to be released at the beginning of April.

I had installed their software some months ago and found it to be very powerful and promising, but still a bit too buggy for my taste. I’ll certainly have a look at the new “solid and bug-less” đŸ˜‰ release and post a review.

The danger of being paid for links

Risky BusinessWith “monetize your blog / site” ads popping up all over the blogosphere, I’d just like to quickly point out that there might be side effects other than those usually associated with suddenly becoming rich. Consider what allegedly happend to MangoSauce (possibly NSFW): “Mango Sauce was penalised because I sold links through A vengeful Google docked my “reputation” score thereby cutting referrals to the site by 75%.”

Now only Google knows if this is what actually happend, indeed there could be many reasons for being demoted on the search engine’s result pages, thereby receiving less traffic. However, while it seems to be unclear if selling links can actually damage your site’s ranking, Google’s disapproval of link selling has been very clear.

Note that I’m not saying “don’t do it” and I won’t even touch the ethical aspects of paid links. All I’m saying is “if you’re thinking about selling links, think twice, because there’s a chance your site’s ranking might suffer”.