Jolly Good Websites for Reading Businesses Established October 1999
Tel. 0845 6445513 (national) Tel. 0118 9507617 (local)

Monday 22 December 2014

Merry Christmas and a Happy 2015

inframes.com ltd Christmas and New Year holiday closures

Christmas and New Year Office Hours

Wednesday December 24th Open 10am to 1pm
Thursday December 25th Closed (Bank Holiday)
Friday December 26th Closed (Bank Holiday)
Saturday December 27th Closed (Weekend)
Sunday December 28th Closed (Weekend)
Monday December 29th Closed
Tuesday December 30th Closed
Wednesday December 31st Closed
Thursday January 1st Closed (Bank Holiday)
Friday January 2nd Closed
Saturday January 3rd Closed (Weekend)
Sunday January 4th Closed (Weekend)
Monday January 5th Open 10am - 6pm

Email will be monitored as usual throughout the holidays for web hosting technical support queries.

Annual Hourly Rates Increase

Our standard hourly rate will increase in January 2015 from £39.00+VAT, to £40.20+VAT. This is our "rate card" rate and does not affect any project quotes agreed within contractual time limits. This fee applies to work conducted during office hours and more may be charged for Bank Holidays, evenings and weekends.

Tuesday 25 November 2014

CFMX Hosting Customers - DDoS Attack on HELM Server

HELM server
Tuesday

The HELM server is currently on the receiving end of distributed denial-of-service (DDoS) attack.

Watch this short video, which explains what a DDoS attack is and why it's so damaging



Here's the latest update from Robert, the system administrator, this morning:

Having blocked most of the attacks throughout the night we managed to remove it from most of the network but the attack is still ongoing on two IPs 62.197.38.70 and 62.197.38.199 – the shared hosting IPs.

Both of these IPs are blackholed at the moment as the DDOS team is struggling to scrub the traffic successfully due to the complexity of this attack. Everything else apart from the above two IPs should be performing as expected but service may be slightly slower due to the work on the routers and switches. Our senior network engineer is still working with the DDOS team to customize the filters/rules to block the last of the attack and we hope to update you soon to say its been completed.

More informally, Robert has described this as "the mother of all attacks", so it really is an exceptional situation.

If your website is offline right now, it's because your domain is on the first of those two IP addresses: 62.197.38.70

Email has been working fine throughout this period - it's only website traffic that is currently affected.

This incident is not connected to the ongoing migration of services away from the HELM server, which has already begun and will continue between now and the end of 2014 when the HELM server will be decommissioned.

Update from the system administrator at 3.00pm:
Unfortunately this server is still under heavy attack and we have to block the IP completely while it is being mitigated so that it does not affect the rest of the network.
We then switch it back on to see if traffic is at an acceptable level. If not, we have to disable again and block more IP addresses.
I'm afraid this is an ongoing process as attackers used compromised computers of innocent people to do the attacks, and as you block one IP address, another pops up to take its place.

Update 6pm

We are still blocking the main shared server IP to protect the sites from these malicious attacks whilst we do more work on our firewalls. This afternoon was another attack from a different source (Korea) which has been targeting only our firewall. The high availability configuration we run is working but the load its coming under is huge due to the size of the attack. The firewalls are back online now and we are seeking to install a second pair which should allow us to spread and clean the traffic and open up the shared IP addresses again, the rest of the network and services are live and functioning.

The NTT predictive service we joined the network to last night is also removing over 80% of the traffic to let through the clean traffic, but 13k packets per second DDOS attacks are still getting through which is knocking out the server connections every time we bring the main shared server IPs back up. We have 3 engineers from our side and 4 from NTT all working on finding a resolution asap. Im afraid that all we can say.

Wednesday 9.25am

Affected websites have now been restored, but the admins are still working on overall performance so please expect the service to continue to improve throughout the day.

Latest update from Robert on the front line this morning at 8.30am:
We are totally on top of it now, found the signature of the attack and blocking is still ongoing. We had to restrict packet sizes through our core switches to stop them in the end but this is meaning that some sites still aren't loading before timing out. Shouldn't be much longer im told whilst we remove these rules. 36+ hours straight, we are all definitely feeling it now...
Thursday 6.10pm

The server has continued to suffer problems due to the ongoing attacks and some clients' sites are unfortunately almost completely inaccessible. Here's the latest from Robert, the system administrator.
We have had to block another IP on the shared server which came under attack this morning. As we started to remove the scraping rules to allow things like FTP and let the network be accessible for more locations it hit us again, this time with a different signature.
As a result of the ongoing problems, we've accelerated the migration of domains away from the server, which was due to happen progressively at a relatively sedate pace over the next four weeks. Watch this space for further updates if you haven't already heard from me in person.

Saturday November 29th 1.35pm

It's been a heck of a week and there has been a great deal of disruption to various services at different times, but as a result of migrating websites away from HELM, along with the ongoing efforts of the system administrators, the vast majority of services have now been restored. But the attack has not stopped and so work to mitigate its effects is continuing. Again, contact me directly if you have any questions and in the meantime keep watching this space.

Friday 21 November 2014

It's Been a Pleasure to Serve

What a lovely surprise to receive this thoughtful gift hamper from specialist travel company Sherpa Expeditions this morning.

We've been helping to look after Sherpa's interests on the web for more than a decade but when the worldwide walking holiday company was snapped up by the World Expeditions Travel Group back in 2012 it was only a matter of time before the site was migrated to the company's central web development team in Australia.

All the very best wishes for the future to everyone at Sherpa Expeditions. It has been a pleasure.

FYI The new Sherpa website went live this month and to mark the occasion, Sherpa currently has a special offer cutting 10% off all 2015 Active Holidays so book now.

 

 

PS. We are delighted to still be supporting our long-term and highly valued client Sherpa Van, which provided accommodation and baggage transport services for walkers on the Coast to Coast walk, the Cotswold Way, Pennine Way, Dales Way, Cleveland Way and many more.

Sunday 20 July 2014

Is the EU Cookie Law Still a Thing?

Is the EU Cookie Law Still a Thing? Believe it or not, yes it is

Believe it or not, yes it is.

And in case you're still thinking "my site is okay, because I don't use cookies", be aware that Google Analytics cookies are covered by the EU Cookie law and so legally, since they are not essential for the functionality of your site, you have a responsibility to tell people that you are using them and give visitors the option to leave your site before a cookie is issued.

I'm not aware of anyone having been prosecuted for contraventions of the cookie law, as yet, but of course that doesn't mean it will never happen.

As you can imagine, the likely recipients of prosecution would probably be companies who are deliberately using cookies in a dishonest way in order to gather information about users that those users would not have volunteered.

One can only assume that the likely course of action in the case of an average website - ie. one that uses cookies in a harmless but non-compliant way - would be a warning to the website owners that they must become compliant immediately or face prosecution.

But of course, a contravention is a contravention and I imagine the authorities have to take it seriously when any complaint is levelled against a company that is not compliant.

Quick and easy options to make the whole thing go away include the free Cookie Control code or Google's own Cookie Choices code. Either can probably be configured and set up on your site in under half an hour.

Tuesday 15 July 2014

Getting rid of Wordpress spam comments

Getting rid of Wordpress spam comments

To get rid of comments, go to the Comments page here: yourdomain.com/wp-admin/edit-comments.php

And for each bit of spam, check the box next to it down the left-hand side.

Getting rid of Wordpress spam comments

Then select Mark as Spam from the Bulk Actions menu.

Then just continue with the next page of Comments and repeat.

The recognised way to stop comment spam is to use Akismet, which is one of only two plugins that comes pre-installed with Wordpress. However, while effective, that requires an annual subscription.

Recently, I've found considerable success using a plug-in called Anti-Spam for Wordpress, which is free. It's relatively low-tech and in due course, if it becomes popular enough, spammers will undoubtedly start to find a way around it,but for now it seems to be working very well on 100% of the sites on which I've tested it.


Monday 14 July 2014

Summer Holiday Closures

inframes.com ltd summer holiday closures
Friday July 18th Closed
Friday August 15th Closed
Monday August 18th Closed
Friday August 22nd Closed
Monday August 25th Closed (Bank Holiday)
Tuesday August 26th Closed
Monday September 1st Closed
Tuesday September 2nd Closed
Wednesday September 3rd Closed

Email will be monitored as usual throughout the holidays for web hosting tech support queries.

Thursday 19 June 2014

How to Generate the API Key, API Secret, Access Token and Access Token Secret for Twitter OAuth


If you want to create a customised Twitter feed for your website, rather than using the copy-and-paste code from the Twitter Widgets pages - you need to get the required authorisation codes from Twitter.

We need four things:
  1. ·         API key
  2. ·         API secret
  3. ·         Access token
  4. ·         Access token secret
Each is a long string of numbers and letters something like this: lhAZTN7pg0AyElFtyVT1vONgI9rdEoAliEOv09KPbs1Sv

Here's how you get them:
  1. Go to https://dev.twitter.com/apps/new
  2. Give your new "Application" a name and description (anything you like - it's not important, but it might be something like "My feed for Wordpress widget") and enter your website address. You can leave the callback URL empty.
  3. Accept the terms and click the "Create" button.
  4. Click on the "API keys" tab
  5. Here you will find the API key and the API secret. Carefully copy (Ctrl+C) and paste (Ctrl+V) them into a safe place so you can send them in an email to your website developer.
  6.  Scroll down and click the "Create my access token" button
  7. You'll see a message telling you may need to refresh the page, so go ahead and do so
  8. When you scroll down to the bottom of the page again, you'll find your Access token and Access token secret.
  9. Again, copy and paste them into a safe place
  10. Send them to your website developer to work some magic

Tuesday 25 February 2014

Two Clicks Back and One Forward for BBC Radio Player

The BBC Radio Player Drama Category - simply too many clicks to find the programme you want

For some time now I have refused to accept the prompts to use the "new look" BBC radio player website interface and I was disappointed to discover recently that the old one had been retired and I'm no longer given the choice.

Too Many Clicks

Suffice to say, the new version just isn't as good, because it makes every listening choice harder to find.

Organising large amounts of information is very difficult and on any given day the BBC have many programmes you can listen to. But what's galling is that this information used to be organised so well. It was intuitive and easy. The focus of the new design is to make programmes more accessible to mobile devices, but it has sacrificed much of its intuitive ease in the cause of progress.

What is the Book of the Week?

For example, looking at the array of available Radio Drama programmes on the site right now, they include "Drama on 3", "Classic Serial", "Book at Bedtime" and "Book of the Week".

Fair enough, but what exactly are they? What is the Book of the Week? I have to click it to find out.

As for the Book at Bedtime, I click on it and go to a new page to find out that the earliest available episode is Part 11 of 20. If I knew that episode 1 had expired already, I needn't have bothered clicking on it.

With the old system, the names of the books being read and the plays being performed were available in the Drama listings, not just the generic umbrella series title. Moreover, the page told me which episode was the latest and there was a little link labeled "5 more" or "3 more" which I could click on to expand without leaving the page.

Another example right now is Casino Royale.
  • Seeing the title, I think to myself: "Sounds good" and so I click on it (count: 1 click)
  • which takes me to episode 5. But I want to listen to episode 1. So I click on the Episodes tab (count: 2 clicks).
  • Then I have to scroll all the way down to the bottom of the page to find episode 1, because episode 10 is at the top. I've got two hours left to listen to episode 1. So I click on episode 1 (count: 3 clicks).
  • That has a graphic saying "Listen Now", so I click that (count: 4 clicks).
With the old system, those four clicks would have been reduced to two or, at most, three.

It was entirely superior to this new system, which requires me to click back and forth between pages to find what I want to listen to.

That's not all. The Casino Royale episode 1 page doesn't have a link to episode 2. So I have to go back to the Episodes tab to click on the episode 2 link. Another two clicks where once there used to be one.

Worse is to come. 

  1. I click on Charles Chilton - Journey Into Space (count: 1 click).
  2. The current programme is episode 4, but I want to hear it from the beginning. I click on the Episodes tab (count: 2 clicks).
  3. There are three different series available. I have to click back to find out which series is currently being broadcast (count: 3 clicks).
  4. Having ascertained that it's a series called "Operation Luna" I go back to the list (count: 4 clicks)
  5. and click on the right series (count: 5 clicks).
  6. On this page for some reason there's not a list of episodes, but there's a carousel in which episode 4 is displayed by default. So now I have to click to get to episode 3 (count: 6 clicks),
  7. then episode 2 (count: 7 clicks),
  8. then finally episode 1 (count: 8 clicks).

Another example of system failure is Ben Moor - Undone. I clicked on that to find out more only to be told "This programme is not currently available on BBC iPlayer Radio". Why is it in the list, then?

The formula is simple. More clicks = a worse user experience.

I realise the old version of the radio player system is never going to return but I strongly advise the BBC to reinstate some of the useful functionality that interconnected radio programmes in a meaningful way.

On the upside, I'm really pleased to see that song titles and artist names are now displayed in real time when I listen to music radio, rather than having to wait till the following day to see a full tracklisting. That is a big improvement that doesn't impact on me finding what I want and it's a delight.