HeadsetOptions // promotes individuals and businesses launch, grow or reinvent themselves by leveraging the power of web design, SEO and WordPress to create brand
identities and gain market share

If your site gets any traffic at all, chances are your RSS feed is scraped and misused by some one trying to score on SERP for the work you have toiled on. This very blog is constantly ripped by sploggers who have no regards to intellectual property rights or just plain simple dumb to realize they are stealing. Here are three sites where you can find the entire content of our blog scraped/ripped/stolen and posted as their own. Of course I did not link to them because I really don’t want you to visit them:

• myblogmix.com (this m^*&*0 f$%*r even uses one of our themes on his splog!)
• frenzygraphics.com
• urlfan.com

How do you stop them?

Jonathan Bailey, a security expert (Plagiarism Today) who also writes on Blog Herald, lists 6 steps to identify and fight content theft. We religiously followed the suggestions for months now (that post on BH was from last November), but none worked thus far. Google is yet to acknowledged our letters (used his cease and desist letter templates, which is a good source, thanks!). I even took solace in thinking maybe they have a backlog or that they will eventually write back, but nothing really happened.

Why is it hard to stop them? My guess is (I am speculating here):

1. These sites actually generate more revenue for Google Adsense than you do. Leveraging contextual advertisement economics is one reason why there are so many splogs.
2. We are not “big enough” to leverage the outcome in our favor. (I know it sounds like one of the content theft myths )

But here’s the logic, let’s say you steal content from Yahoo or Reuters, rest assured your ass is toast and your site will get banned forever, but steal from a blog running on a shoe string budget and you know where I am going; no one cares.

How can we combat it?

With a little effort, we can combat this issue. I must warn you, this is neither a bullet-proof method nor easy to do. You need to be the admin of the blog and have access to both the template files and other server related files. You will have to be comfortable enough to do one of two things on your end.

1. Edit you theme template files
2. Access and edit your .htaccess file

Just follow the steps and you should be heading in the direction to securing your RSS feeds.

Identify the Culprit

The very first thing to do will be to figure out if your content is being stole and if so, who is stealing it? A simple Google search should tell if your content is stolen, look at the SERP and if you find other sites with content unique to yours then open and check them out, that just might be your content.

Also, if you use WordPress and Akismet to power and protect your blog like we do, one place to start will be in the Akismet page where trackbacks and ping-back spam is held for moderation. Follow the trackbacks to see if your content is stolen and used as is, if so, first mark them as spam and then copy the IP address (which looks like something like this: 210.48.152.20) on to a Notepad or other text editor.

One other place to look for is your feed subscribers list. We use FeedBurner, this fabulous feed service offers the Pro stats (which is free actually) package that has an option to view feed subscribers with “uncommon” usage. This list usually has all your sploggers, so that is an easy way to identify them. However, with this method, you will have to use a WhoIS (http://www.whois.sc/) service to identify the IP address. Either way, you need to identify the IP address of the splogger.

Create an IP Ban

This is where you prepare the defense system. There are many ways to go about, we will discuss three methods below.

Using Javascript to redirect the IP when culprit tries visiting your site:

1. Copy and past the following Javascript into a text editor (where you have your IP addresses stored)
   1. <script type=”text/javascript”>
   2. // Block IP address script- By JavaScriptKit.com (http://www.javascriptkit.com)
   3. // For this and over 400+ free scripts, visit JavaScript Kit- http://www.javascriptkit.com/
   4. // This notice must stay intact for use.
   5. //Enter list of banned ips, each separated with a comma:
   6. var bannedips=["23.23.23.23", "11.11.11.11"]
   7. var ip = ‘<!–#echo var=”REMOTE_ADDR”–>’
   8. var handleips=bannedips.join(”|”)
   9. handleips=new RegExp(handleips, “i”)
   10. if (ip.search(handleips)!=-1){
   11. alert(”Your IP has been banned from this site. Redirecting…”)
   12. window.location.replace(”http://www.google.com”)
   13. }
   14. </script>

   Source: Javascript Kit

2. Change the variable bannedips to include the IP you need to ban (so change the 23.23.23.23 and 11.11.11.11 to the IPs you want blocked)
3. Open your header.php file or edit Header from WP Admin
4. Copy and past this Javascript right below the <head> tag and above the </head> tag
5. Save and close the file

What this essentially does is redirect the culprit who is trying to access your site to Google. It need not be Google, you could redirect them back to their own site.

Using deny command for specific IP in .htaccess:
This is where you create a simple allow-deny command on the server side to ban IP on access.

1. Copy and paste the following code to your text editor
   1. order allow,deny
   2. deny from 23.23.23.23
   3. deny from 11.11.11.11
   4. allow from all
2. Change the variable deny from to include the IP you need to ban (so change the 23.23.23.23 and 11.11.11.11 to the IPs you want to block)
3. Open FTP and access your server (some of you might have to use the File Manager in you CPanel) and access the .htaccess file.
4. If you do not have one, create a simple .htaccess file by simply saving a text file on your root and renaming it .htaccess (note that this file has no name, just the extension which is htaccess)
5. Copy paste the allow deny code to the .htaccess file
6. Save and close the file

What this essentially does is deny access to the IP listed.

Using redirect rewrite rule for specific IP in .htaccess:
The other method is to use the rewrite command.

1. Copy and paste the following code to your text editor
   1. RewriteEngine On
   2. RewriteCond %{REMOTE_ADDR} ^210\.48\.152\.(.*)$
   3. RewriteRule .* http://www.myblogmix.com/rss.php [R,L]
2. Change the RewriteCond from 210\.48\.152\. to the IP you are banning, in this example, we are redirecting all the IPs from 210.48.152, and risk banning some legit bloggers from Malaysia from access our blog
3. Copy paste the allow deny code to the .htaccess file
4. Save and close the file

What this does is redirect the IP back to it’s own RSS feed, creating a loop of a sort.

Note that all the methods described here work only if the splogger is using a static IP, but that is not necessarily true, hence the not bullet-proof disclaimer. One way to expand the ban is by dropping the last digits of the IP, for example, in 23.23.23.23, drop the last .23 to make it 23.23.23, this however will ban all IPs from that service provider.

Check Back and Repeat

This final step is as important as the first; that is to constantly check to see if your sites content is stolen and repeat the banning process.

So has it worked on our site?
The answer is not a simple yes, but has worked to some degree and this is obviously work in progress, it is a matter of who is faster in adopting to the change, unfortunately in our case, the sploggers are. One other method that was not discussed is the use of partial feeds, which we will save for a future post. For more information about Splogs and how to combat it, visit Plagiarism Today.

// Tagged Awareness, Code, Contextual Ads, Design, Economics, Google, Google Adsense, HTML, Javascript, Malaysian, Media, RSS, SEO, Search Engine Optimization, Spam, Splog, WP, Web, Web traffic, blog, blog traffic, hacks, how to, resources, tag, techniques, tips, wordpress, wordpress templates, xhtml // 05.06.2008 at 7:14 pm // 5 Comments »

Here’s a quick and easy way to present a continuous list in two or more columns without having to hard code it. A recent project required a list of authors across two columns; the author names and links were auto generated using a WP tag so listing them in 2 columns required some simple CSS magic.

A typical list is below.

1. <ul>
2. <li>Web Design Link 1</li>
3. <li>Web Design Link 2</li>
4. <li>Web Design Link 3</li>
5. <li>Web Design Link 4</li>
6. <li>Web Design Link 5</li>
7. <li>Web Design Link 6</li>
8. </ul>

When rendered without any styling, it will appear like this:

• Web Design Link 1
• Web Design Link 2
• Web Design Link 3
• Web Design Link 4
• Web Design Link 5
• Web Design Link 6

Now wrap the unordered list within a div, let’s call the div “twocol” for the sake of this example:

1. <div class=”twocol”>
2. <ul>
3. <li>Web Design Link 1</li>
4. <li>Web Design Link 2</li>
5. <li>Web Design Link 3</li>
6. <li>Web Design Link 4</li>
7. <li>Web Design Link 5</li>
8. <li>Web Design Link 6</li>
9. </ul>
10. </div>

Add this style for class “twocol” in your stylesheet.

.twocol ul { width:400px; } /* this could be any length in px or % */
.twocol ul li { width: 40%; float: left; list-style: circle; padding-left: 18px; margin: 0px;}

Now the new list will look like this:

There you have it, a very simple way to display your lists of any length in two columns. The same method can be used to accomplish any finite number of columns, but with each additional column, the width of each column proportionately decreases.

// Tagged CSS, Code, Design, HTML, Web, Web Design, hacks, how to, resources, techniques, tips, xhtml // 05.05.2008 at 10:51 am // 2 Comments »

I worked on a site a while ago for a famous West Coast Kora Musician and Master Teller of Tales, Baba. Yesterday, out of the blue he sent me a nice piece of story which I thought I should share with the world. With everything that is happening around us, the war and our economy, this story offers a welcome break and a much needed dose of wisdom, wit and wonderful storytelling all in one; so without much ado, here’s the story.

Visit Baba at babathestoryteller.com for more.

// Tagged Design, International, Kora, Media, WP, Web Design, blog, mp3, music, socio-political, truth, wandering thoughts, web sites // 05.01.2008 at 11:26 pm // Have your say »

Block Rocker is an “back to the basics” widget ready WordPress theme based on a TextPattern template by Squared Eye.

Demo, Download and License

Test the theme by running the demo, then grab a copy of Block Rocker WordPress theme. This theme is free for personal use, we urge you refer to the license section below before downloading if you plan on using it commercially or otherwise. The theme works with WordPress versions 2.0.x through 2.5.

The theme was ported over from TextPattern by the collaborative effort of MandarinMusing WordPress Theme and Headsetoptions Web Design. This effort was made possible with support by SAS 70 Audit and Baseball Cards.

The theme is released under a combined CC and GPL license. The CSS (stylesheet) and images are released under a Creative Commons Attribution 2.5 License, while the rest of the theme files are released under a GNU GPL License. What this means is, if you are to use this CSS/images to redesign, you are required to link back to the theme authors in the footer. You can make any changes to the php files any way you like. However, we prefer you leave the credits for the theme intact to help users find this theme easily. You are not allowed to redistribute this theme in part or whole. Contact us if you plan on using it commercially or if you have any special needs.

Free Support and Paid Customization

Like the other 100 or so themes from our team, this theme too is supported for free. Please go to our WordPress downloads and support page for WordPress themes support and tips.

For customization of themes or web design projects, visit Headsetoptions.org. You may view, download and test run more of our Free WordPress themes at MandarinMusing.com.

Please do spread the word if you like our themes, make a donation if you love it!

// Tagged 2 column, Announcements, Design, Flickr, Grid, New Release, Search Engine Optimization, TextPattern, Theme, WP, WP Theme Viewer, Web Design, Widget, free css templates, free wp theme, headsetoptions, mandarinmusing, web 2.0, web sites, wordpress, wordpress skins, wordpress templates, wordpress themes // 04.29.2008 at 11:13 pm // Have your say »

When a client of mine upgraded to WordPress 2.5.1 from WordPress 2.5 she encountered an issue where the database will not upgrading, resulting in the “WordPress 2.5.1 is available! Please update now.” flashing in her dashboard and every other admin pages. On initial search of the WordPress support forum, we found the following strings that pointed us in a certain direction:

• http://wordpress.org/support/topic/172004
• http://wordpress.org/support/topic/168964

Neither strings suggest solutions that are easy or safe, however, I urge you check these posts and then search your install via file manager/FTP/WebFTP to ensure you do not have files with the following extensions anywhere within a writable directory such as uploads: _new.php, _old.php, .php.pngg, .php.jpgg, or .php.giff.

One this was clear from these support forum strings though was that my clients site was hacked from the time she switched to WordPress 2.5 to the time she tried upgrading to WordPress 2.5.1, all within 48 hours.

On further troubleshooting, this time on the backend, we realized the kink was within the “wp_options” table in the database. So we had to identify the kink first, then fix it. The methodology is to seek and destroy the hacker included code and then force a database update.

I must warn you, if you are not comfortable playing with your core WordPress files and your database tables, I suggest you hire a professional or WordPress consultant (shameless plug).

• First off, ensure your WordPress 2.5.1 files have completely replaced your older version.
  One (not so guaranteed) way is to open your /wp-includes/version.php file and check the version number, this can also be accomplished using file manager/FTP/WebFTP
• Make a note of the database number in the /wp-includes/version.php file which will be under $wp_db_version, it should be 7796 in the case of WordPress 2.5.1
• Now, you will need access to your database for the following steps, your host should allow you to view and edit your databases via phpAdmin,
• Log in
• Select the database in question (your WordPress install will have it’s own database in many case)
• Make a copy of your entire database using the export feature and method described here
• Then make a backup of only your wp_options table
• Open the wp_options table sql file in a text editor such as Notepad++
• Use the find/search function (Ctrl+f) and look for /..
• Look for codes that are similar to the one below:

1. i:11;s:117:”../../../../../../../../../../../../../../../../../../../../../../ tmp/tmpbYCT9H/sess_fc9148b41a8cbe4c05b21053bdd8e6c2″;

• Delete the hacker included code
• Use the find/search function again and look for db_version
• Check your database number in the wp_options table against the database number $wp_db_version in /wp-includes/version.php file
• If they are the same, then change the database number in the wp_options SQL file to one number behind the version in your /wp-includes/version.php file, say to 7795
• Save it
• Upload the wp_options SQL back to your MySQL server using the import feature, this should only rewrite that one table
• Now open a new browser and type in http://yoursite.com/wp-admin/upgrade.php
• The browser will then walk you through the database update which should take you about a minute or less
• Then login in to your WordPress admn panel and check, the “WordPress 2.5.1 is available! Please update now.” should no longer be there
• Immideatly change the password, make it as strong as possible
• Go back to your files once again and check the CHMOD of your uploads file
• If it is set to 777 or 775, change to 755 or less

You are done, your WordPress 2.5 will be successful upgrade to WordPress 2.5.1.

// Tagged Announcements, Awareness, Bug Fix, Code, Design, PHP, Security Fix, Spam, WP, Web, Web Hosting, blog, hacks, headsetoptions, how to, internet, news, resources, techniques, wordpress // 04.28.2008 at 10:27 am // 1 Comment »

For good SEO, it is preferential to open your comment authors URI in a new page. Why you might ask? Google and other search engines track sites you visit, they can tell what that site contains (obviously), how long you stayed there and where you went next. The intended use of this information is to find if the sites you visited were relevant to your search keyword and/or if all the sites you visit are related. That could also work against you if your site get a lot of spammers commenting on it. Here’s how.

Let’s say you get a comment on your site that look legit, so you want to see who this Mr. X is, you click the author name and visit his site to find youself in a very spammy site. Your natural instinct at that point is to hit the back button on your browser.

Everything looks fine thus far. But let’s look at it from Googlebots stand point.

• You are on your clean site
• You go to a spammy site
• Then back to your clean site

So are these sites related? Even if the obvious answer to you is no, how can the machine distinguish it? If we play that scenario such that you closed the spammy sites window to exit it, you will not risk hitting the back button to return to your site.

Now you may ask, how often does that happen? The answer to that question depends on how often you get spam comments that get past Akismet.

Since these are the days of spam and splogs, you are no longer sure if the person commenting is doing it for sincere reasons or just spamming you. Nonetheless, if you must, you are better off visiting their site in a new window.

WordPress comments have “nofollow” tag to any link in comments by default, so the link love part is take care of. Now to make the author link pop-up into a new window, you need to be willing to edit a few lines in your WordPress core file comment-template.php within the wp-includes directory. If you are not comfortable touching the core file, I suggest you make a copy of the same within the wp-includes directory as a backup just in case you mess up.

The edit is accomplished via file manager, FTP or webFTP, if you do not have access to the core files of your WordPress install, you are probably on a hosted service such as WordPress.com, in which case you should seriously consider moving to a self-hosted WordPress. In any case, here are the steps:

• Open file manager/FTP/WebFTP
• Log into server and go to the WordPress install
• The root should have three folders, wp-admin, wp-content, and wp-includes
• Open wp-includes
• Look for a file called comment-template.php and open it in a text editor like Notepad
• Now use a search/find function (Ctrl+f in FF or IE) and look for:

1. <a href=’$url’ rel=’external nofollow’>$author</a>

• Add to that line (before href):

1. target=’_blank’

• So your edited tag should look like this:

1. <a target=’_blank’ href=’$url’ rel=’external nofollow’>$author</a>

That is it, now clear you cache (if you have WP Cache active) and test it on any of your earlier post with comments. If you think pop-up windows are uncool, remember that spams are bad news and being associated with it can not be any better. If yours site needs strict XHTML validation, I suggest you try using Javascript to accomplish the same.

// Tagged Akismet, Blogging Tips, Code, Conditional, Design, Google, HTML, Javascript, PHP, Pop-up, SEO, Search Engine Optimization, Spam, WP, Web Design, Yahoo, blog, hacks, how to, resources, site validation, tag, techniques, tips, wordpress, xhtml // 04.26.2008 at 8:52 pm // 3 Comments »

WordPress 2.5.1 is already out, so the blog you upgraded last month, is outdated and worse, could be vulnerable. A Common Vulnerabilities and Exposures (CVE 2008 1930) which reads as below is now known to be the reason for this hastened release:

An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts.

This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection.

If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user.

Note that this applies to those site that allow users to register, so if you have multiple authors or prefer users to register to comment, download WordPress 2.5.1 and upgrade using our painless technique!

// Tagged Announcements, Design, New Release, Security Fix, WP, Web, blog, internet, resources, wordpress // 04.25.2008 at 3:37 pm // 1 Comment »

I get this question a lot; do you web design or blog design? and I say, is there a difference?

Most new site that I work on are built using free CMS like WordPress and Textpattern so they tend to have a bloggy feel to it, so I see where this question might arise from. But to me, a work done specifically to be published online, irrespective of the site being a blog, is considered “web design”, if it’s on the web and it involves designing, its web design.

With that said, there are many interpretation of what constitutes as web design. Not all web designs are created equal. For example, does a flash based work really count as a web design? Or is it more like a movie presented online? The reason I bring this up is, the second most popular question I get asked via my contact form is “do you do flash sites?” when I say no, they usually ask, why?

The answers is really simple, granted you can see a flash based site and to a good degree can be visually impressive, but can the machine see it? Try viewing the source code in your browser and you will find that most flash sites (with very little exception that have transcripts embedded) are just a line or two of code to a source file and that is it, so it’s like a movie. You can see it, but the machine can not. And if the machine can not, it is not worth a dime in today’s world of publishing with Google or Yahoo in mind (search engine optimization?).

So if you need a blog or a web site designed, come on in, we are open for business.

// Tagged Announcements, Business, Code, Design, Google, Media, Movie, Richmond, SEO, Search Engine Optimization, TextPattern, WP, Web, Web Design, Yahoo, blog, blogging, headsetoptions, tips, wandering thoughts, wordpress // 04.24.2008 at 10:20 pm // 2 Comments »