Archive for July, 2009

Securing Linux Web Servers

Monday, July 20th, 2009

We are often asked by our software development and hosting customers how we secure our servers.  We have several layers of security protection, and this blog posting will mention some that we implement.

A firewall is used to only allow traffic to the outside world on a few of the TCP/UDP ports.  We obviously have to allow web and e-mail users access to the server, but almost all other ports can be closed to prevent intrusion attempts.  On our newest servers we even prevent FTP and Telnet access, since those protocols rely on unencrypted packets which are easier to intercept and hijack.

Every day we have perhaps dozens of “dicitionary” attacks that try to gain e-mail or user account access.  A dictionary attack picks a user (for example “root” or “john”) and then goes through a long, long list of possible passwords.  We use two packages Fail2Ban and DenyHosts that monitor our log files looking for dictionary attacks; if found, the originating computer is banned from accessing our servers.

When we develop online shopping solutions, we choose to not store credit card numbers online.  We securely pass this information to the credit card processing vendor, and then we only record the order information and the payment confirmation number.  For some web sites with user accounts, we encrypt the user account passwords, therefore gaining access to our user password list would still not result in someone gaining access to their online account.

Some of our hosting customers are concerned about unencrypted web traffic.  We occasionally add a feature that automatically forwards a web page inquiry from non-SSL to SSL mode, which means it forward to a page starting with “https://” thus all traffic is encrypted between our server and each web browser client.

We also have logging records and constant monitoring to help us detect intrusion attempts and help us implement even better security measures.  “Tripwire” software can also alert us when certain files are modified.

Do these basic measures above make us impervious to hackers?  Alas, no.  On two occasions in the last five years we have had hackers penetrate one of our servers.  However no damage was done and we patched those specific holes quickly.  Security is a cat-and-mouse game, and we strive to stay one step ahead.

worked in academia, corporate research labs and several technology startup companies prior to GORGES. His expertise is software architecture, database development, and system administration. Matt brings GORGES over 25 years experience developing fast and robust software on a multitude of platforms and languages.

Tags: , ,
Posted in Security, System Administration, Technology | No Comments »

Does your website need a landing page?

Monday, July 13th, 2009

What is a landing page?

Wikipedia defines a landing page as:

the page that appears when a potential customer clicks on an advertisement or a search-engine result link. The page will usually display content that is a logical extension of the advertisement or link, and that is optimized to feature specific keywords or phrases for indexing by search engines.

Wikipedia’s definition is a good one. Here’s 10 things that you should be looking at when optimizing a landing page:

  • Relevant Content
    A landing page’s content should be related to organic search results, ad campaign, anchor text in inbound links and any other advertising, online or offline. If people don’t get what they expect, they will not stick around long.
  • Multiple Landing Pages
    A landing page shouldn’t necessarily be your homepage. In many instances a homepage is a good landing page. However, for more targeted traffic and better results, you want a landing page to be focused on specific offer and specific call for action. To accomplish this, a given website could have multiple landing pages. Create some deep link landing pages (links that go to pages deep in your website) that will focus on specific offer and your conversion rate will be higher.
  • Focus on Functionality
    More and more visitors seem to judge the professionalism and credibility of a site by its design. To satisfy this, many website owners concentrate on the design aspect instead of focusing on its functionality. A well-designed landing page is essentially worthless if the prospect can’t accomplish anything. While I wouldn’t suggest skimping on the design, it shouldn’t be your priority. Focus on the exact steps you want your visitor to take and design a page with that in mind.
  • Call To Action
    You got visitors to your landing page, now direct them to take action. Make it clear a highly noticeable without overwhelming your audience. Whether it’s a sign-up form or a “buy now” button, make it the focus of your page.
  • Send a Clear Message
    Keep your landing page clean and clutter free so your visitors stay focused on your message. Emphasize the biggest reasons that they should carry out the applicable call to action with larger text, contrasting colors, images. Make it easier for them to scan the content by using lists and getting right to the point.
  • Offer Incentive
    Bribing your visitors with freebies and samples is a proven method of enticing them to sign up. Offer more then your competition but don’t sell yourself short either. Provide a list of reasons why your offer is better and what exactly the visitor can expect. Provide references and testimonials.
  • Make Visitors Stay
    Avoid sending your visitors to another page unless it is absolutely necessary. That includes any internal navigation as well as external banners. If you remove all distractions and limit navigation options, you stand a better chance of keeping your visitors around.
  • Simple is Better
    Make it easy for your visitors to complete the action you want them to. Less confusion and decision making for your visitor means better conversions rate for your landing page. Don’t offer multiple choices and throw in optional extras. Focus on the offer the page was created for.
  • Power of Freebies
    Everyone likes free offers. They are hard to resist and can be a powerful conversion tool. Whether a call to action is free or something free is received as a result of carrying out a call to action, it certainly doesn’t hurt. If your competition charges for something and you offer it for free, you’ll win the customer. Remember, just because you make a free offer doesn’t mean that it shouldn’t be quality.
  • Testing
    Testing various text, call to action forms, layouts will give you true idea what produces the best results as far as conversion. Using a tool like Google’s Website Optimizer you can easily monitor the conversion rate, bounce rate, and tons of other useful metrics found in most modern day web analytics tools. Using these metrics you can easily figure out which version will be your optimal page, one that maximizes the results.

Creating a successful and effective landing page takes a lot of work but should be the focus for anyone involved with a website. Whether you are a website owner, web designer, web developer or a web marketing specialist you must be aware of the components that comprise a solid landing page. After all this can mean website’s success or failure.

Christopher Grant, CEO of GORGES, has been building Internet web sites and commerce applications since 1994, pioneering early database-driven Web application and e-commerce projects. He has been instrumental in the construction of hundreds of Internet projects, large and small.

Tags: ,
Posted in Marketing, Website Design | 1 Comment »

The most important part of your corporate website

Monday, July 6th, 2009

Here at Gorges Web Sites, we have designed and programmed dozens and dozens of corporate websites.  Our many years of experience has led us to establish our own process for delivering business websites on a budget.

Most of our customers approach us with great ideas for the graphic design and features they would like to see on their websites.  When meeting with customers for our kickoff meeting and planning process, we avoid these topics.

Why? Isn’t the graphic design and features of a site important?  Yes, however, our process starts with the main objective your site visitors have when landing on your site.  If your website is selling or marketing products or services, your visitors are there for INFORMATION.  They don’t really care about colors, web 2.0 whiz-bang features which cost a ton, or how cool your blog software is. They have a question in their heads, and our job as website designers is to answer that question.

So the first most important step in website design is called ‘Information Architecture’.  We spend a fair amount of time talking about menus, pages, sidebars, page layouts, headings, and CONTENT.

Our goal in working with you to design your website is to deliver the key information that your customers need in a way that is easy for them to find.  We don’t want to keep them guessing which obscure menu name they have to click to find the information they are looking for.

If we can answer your prospective customers’ questions in one or two clicks and get them moving towards making a decision, then we consider our job well done.

After this process, we get into colors, styles, features, and other tactics to get your site looking top-notch.

If you’d like to hear more, we always offer no-obligation consultations to hear from you and make suggestions as to how we can help make your website work for you.

Christopher Grant, CEO of GORGES, has been building Internet web sites and commerce applications since 1994, pioneering early database-driven Web application and e-commerce projects. He has been instrumental in the construction of hundreds of Internet projects, large and small.

Tags: , ,
Posted in General, Marketing, Website Design | No Comments »

©2013 GORGES - All rights reserved
where programming meets design and lives happily ever after