I was working on updating the calendar on a website and had some issues with javascript injections. Code was added to the database — it was code that didn’t belong — and it affected the output seen on the website. I had to delete and re-enter the information. Now it’s my job to update and fix this issue.

A few years ago, Google banned a client website that had experienced a phishing attack, where the info displayed for search engines was NOT the same as that seen by the regular visitor.

PHP and similar programs used to create dynamic content on a website are vulnerable to attacks such as described above. There are ways to minimize or prevent issues, including the most important, which is to keep the software you’re using up to date. More often than not, minor updates are created to correct the issues that arise from attacks such as described here. The key is to minimize the risk and keep the site scripts up to date to block any program vulnerabilities.

What programs might be affected?

1. Word Press Blogs (one of the most popular blogging tool used by many) – newer versions allow you to update with just one click and it is automated. Does not require help from the developer!
2. PHP Easy Calendar – this program will email you when newer versions are available and it happens pretty often. This one isn’t automated and you will likely need assistance from a web developer or programmer.
3. Custom PHP Programs – there is a slight risk to custom scripts, but since they aren’t as common or used in high volume, they are less likely to be targeted.

If you are using scripts on your website, check with your developer to ensure they’re up to date (at least twice a year or so). It is a worthwhile investment and much easier than being banned and cleaning up from the consequences.

QUESTION: We received a billing notice from Domain Registry of America for xyzdomain.com. It claims that we will expire 8/20/10 and is asking for payment. I do not remember paying this previously, so I was wondering if you could help me determine the legitimacy of this invoice/notice. Looks scam-ish, but I wasn’t sure. Let me know what you think.

ANSWER: Beware any renewal notifications from Domain Registry of America or similar companies that create a solicitation piece that looks like a bill and indicates that your domain is going to expire. If you read the small print, it says that it’s not a bill, it’s a solicition.

Most registrars actually handle renewal notifications by email. If you receive a notification by mail, check with your web design team.

NOTE: If your payment for the domain and hosting was through Projects by Peggy, you will be billed by us.