That's right. Your blog or CMS can bite you.

This is just a reminder that you need to keep your blogging or CMS software up-to-date with the latest releases, patches, updates—whatever. Whatever you're running, keep it current.

The Register recently ran an article about Wordpress. Wordpress is a very popular blogging application. Someone hacked their website and infected source files with potentially malicious code. The hack was discovered very quickly, though the infected source files were available for download for a short while.

The hack allowed the malefactor to cause arbitrary PHP code to run on the server. Of course, once in someone's account the code can do damage or seek out information such as passwords, account information, social insurance numbers, and so on. By the way, Islandnet.com strongly discourages our customers from storing such information in their accounts, no matter how convenient it may be.

So, keep your software up-to-date. Subscribe to your software's newsletter if they have one. Visit the software publisher's help or technical forums as often as you can.

It should be added that someone hacking a website to add malicious code to an application source file is very rare. Keeping your blogging, CMS, or other software up-to-date is going to keep you out of trouble.

To read the story in The Register, click the link below:

http://www.theregister.co.uk/2007/03/05/wordpress_hack/

Sometimes instructions might as well be in a foreign language.

We try hard to ensure our instructions aren't as confusing as the example sentences above. However, it's sometimes easiest to understand by seeing some examples. Here are some examples showing what can be done using .htaccess files together with the islandnet.com web server.

Background

All of the examples below are done using the built-in functionality of Apache, the web server software used by Islandnet.com and many other web hosting companies. Islandnet has added or modified functionality to the off-the-shelf stuff offered by Apache software. An example of modified functionality is "Enhanced Authentication" near the end of this article.

Click here to view the Apache .htaccess tutorial documentation.

Error Documents

Specifying error documents is one of the most useful things you can do with your .htaccess file. When a user looks for a web page that isn't there, when they make a typo when looking for a page, or when you move files around your site, error documents and the .htaccess file are your friends.

The 404 Error - page not found

Click here to view a custom error document we've setup for this example. The example tries to load a nonexistent“index.html” page.

This is so easy to do. All you need to do is insert something like the following into your .htaccess file:

ErrorDocument 404 /404.html

Internet Explorer - a special case

If you're using Internet Explorer, you may be in for a surprise. The 404 document doesn't appear. Rather, the default Internet Explorer "The page cannot be found" page displays.

If you're using Firefox or another browser, the error document displays as it should.

Why is that?

In a sense Microsoft is saying “you call THAT an error page? Here's AN ERROR page.”

An Internet Explorer-compatible 404 Error Page

Some versions of Internet Explorer will display a 404 Error page only if the error page is larger than 512 bytes. So, you'll need to ensure your 404 Error document is larger.

If the previous error document in the link above failed to display in Internet Explorer, click here to view virtually the same document but with some extra text lines added so that the page is larger than 512 bytes.

The 403 “Forbidden” Error

Click here to see an example of a 403 error page you could have.

Oooh, the forbidden error—sounds naughty doesn't it? This frequently comes up if you try accessing a directory on our system and there is no "index," "main," or "homepage" file in the directory. There being no such default home page, browsers try to display a list of files in the directory. By default on Islandnet, that is not permitted. It's a security measure to ensure people can't go snooping for files to compromise.

Here's the line you'd need to have a 403 error page:

ErrorDocument 403 /403.html

Redirecting Site Visitors

This bit of code is sorta like the code you'd use to specify an error page. However, this code doesn't direct site visitors to an error page. It automatically directs visitors' browsers to another address.

Click here on this link to “http://examples.islandnet.com/redirection/oldpage.html” to get redirected to “http://examples.islandnet.com/redirected/newpage.html” instead.

Why would you want to do this? There are at least two very good reasons for doing this. First, if you've got some crucial information but you need to move it, using this bit of code ensures people can find it.

Second, if your site has been indexed by search engines there's a good chance they've indexed your old page. Putting this in place allows you to tell search engines that the information has been moved. What's even better is that you can tell search engines whether the change is permanent or temporary.

Here's the bit of code:

Redirect permanent /oldpage.html http://examples.islandnet.com.com/redirected/newpage.html

The above code tells search engines that the change is permanent.

You can also tell search engines that the change is temporary (redirect temp /oldpage.html http://examples.islandnet.com/redirected/newpage.html) or that they should "see other" (redirect seeother /oldpage.html http://examples.islandnet.com/redirected/newpage.html) or that the information is just plain gone (redirect gone /oldpage.html http://examples.islandnet.com/redirected/newpage.html).

You shouldn't have to worry about "seeother," since it is primarily used where information has been posted via a script and the output needs to be redirected to another URI.

Note: Where you specify “/oldpage.html”, this reference needs to be relative to the root of your domain's directory. So, where someone has specified “/oldpage.html” “oldpage.html” is assumed to be in the root directory of the domain.

Preventing Image Theft

Below is the Islandnet logo. To it's right is another logo--or at least there would be if there weren't the code below protecting it. Both images have a 3 pixel border specified for each so, even if you can't see the linked image, you can see the border. The logo on the left is actually stored in a directory along with this newsletter, as opposed to being a link like the logo on the right.

Click here to visit a page in the “examples.islandnet.com” domain that displays the same logo.

You can't actually prevent someone from thieving your images using this trick. However, you can prevent people from linking to your images in their web pages, thereby using the images and your bandwidth without your permission. People can always save your images to their computer and then use them as they wish.

The code you need to prevent linking to your images from another domain is as follows:

SetEnvIfNoCase Referer "^https?://(www\.)?example.com/" ok=1
SetEnvIfNoCase Referer "^$" ok=1
<FilesMatch "\.(gif|png|jpe?g)$">
order allow,deny
allow from env=ok
</FilesMatch>

The first line sets an Apache web server environment variable to “1” if the “referer” (technical term and not a spelling mistake) is from the specified directory, in this case “^https?://(www\.)?example.com/”. Question marks (?), indicate the preceding character is optional. The question mark before the bracketed group “(www\.)” means the entire group is optional. The backslash (\) in the bracketed group "escapes" the dot (.) after “www.” because the dot is a special character that Apache would otherwise interpret.

The second line also sets an Apache environment variable to “1”. However, this line does so if the domain is blank. Why? Because this covers relative references to files where the domain is not included in the web page link.

The third line tells Apache that this set of rules applies to files with the extensions “.gif,” “.png,” “.jpeg,” and “jpg.”

The fourth line tells Apache that you're limiting or allowing access to files.

The fifth line tells Apache that where the environment variable has been set to “1”, it should allow access to the file.

Note that the .htaccess file protecting the above logo image is located in the same directory as the image being protected. Of course, you can protect images domain-wide by placing the .htaccess file in the root directory of your domain. However. processing a .htaccess file adds a tiny bit of overhead to every file request. As a result, if you have many images you wish to protect, you might consider moving all of the images you wish to protect into their own directory. You can then place the .htaccess file in the directory with the protected images and minimize any overhead for the rest of your website.

Authentication (protecting files & directories)

“Classic” Authentication

Securing files and directories is an important task the .htaccess file can be used for. Happily, it's pretty easy to do. The following code protects a directory at “examples.islandnet.com”:

AuthType Basic
AuthName "Protected Directory"
AuthUserFile protected_directory/.htpasswords_n_stuff sha1
Require valid-user

Here's the password file that accompanies this .htaccess file:

guest:4310f12be8a11c4f3ef3a526c8a36038a22e6a0e

Click here to visit the directory. Use “guest” as the username and “l3t3v3ryb0dyin!” (let-everybody-in!) as the password.

Now, what does it all mean?

The first line of the .htaccess file tells Apache (the web server software) the type of authentication. Don't worry about what other kinds of authentication there are (digest), as they're not currently supported by us.

The second line is simply some explanatory text that appears in the dialogue box where you input the username and password. Maybe you could put “Top Secret Files,” “Members Only Access,” or “Enter at Your Peril.”

The third line points Apache at the password file. Note that the password file is in the "password_protected" directory. As a result, that's where we've told Apache to find the file. As you can see, the password file can be named anything you like. In this case, we've named it “.htpasswords_n_stuff”. We've put the “.ht” at the front of the file name because any file name starting with “.ht” can't be viewed.

The “sha1” at the end of the third line tells Apache that the passwords found in the “.htpasswords_n_stuff” file are SHA1 encrypted.

The fourth line just tells Apache that only a valid user can access the file. In this case, it's the valid user is “guest” using the password “l3t3v3ryb0dyin!”.

Enhanced Authentication

As easy as classic authentication can be, we've made it easier. You no longer have to keep a separate password file. If you've got just a few users, you can put their usernames & passwords into the .htaccess file. Here's an example where there's only one username / password combination:

AuthType Basic
AuthName "Enhanced Authentication Example Directory"
AuthUser guest 4310f12be8a11c4f3ef3a526c8a36038a22e6a0e sha1
Require valid-user

If you need to add more users to the list, simply repeat the “AuthUser” line below the first one with the username, password, and what type of password it is (“plain” for plain text, “base64”, “crypt”, “md5”, or “sha1”). Obviously, “plain” is the least secure. “sha1” is the most secure.

Click here to access a directory protected with the above code.

Lots More

There is lots more you can do with your .htaccess file. Click here to visit our help section on the .htaccess file.

If you're having trouble with your .htaccess file or another security issue, call (383-0096 or 1-800-331-3055) or e-mail us or post a question in our Helpdesk forums (you'll need to login first).

We're launching a staff help document wiki! That is, staff will be able to add, edit, & delete help documentation as required.

One of the suggestions made by customers during the survey we did last month and the month previous was that we improve our help documents. In some instances documents are a bit out-of-date or a bit thin, causing frustration and head scratching.

So, we're working on moving our existing documents into the wiki system, as well as adding documentation where appropriate. Where we find customers are scratching their heads too hard, we can easily add to the documentation since every staff member will have access to add, edit, or delete material.

Look for our new document system soon in a coming Helpdesk announcement.

Islandnet Picks

The Cute Project	Resources for Web Design	Kevin Kelly's Cool Tools: Lulu	Color Jack Sphere
You may recall that we featured a website called "cuteoverload.com". Well, we ran across another ”cute-oriented“ site that we couldn't resist. Floppy-eared baby bunnies, pink-nosed puppies, piano-playing kitties (yup!), and all sorts of “aw-w-w-w-w-w-inspiring” photos abide here. Visit now. You won't be disappointed!	When you first visit this website, your reaction may be the same as ours—Whoah, too much! Viewing this page is like sitting down in the Space Shuttle cockpit without any orientation: Dials, levers, buttons, lights, gauges, screens, switches, dongles, and other widgets and gadgets overwhelm the senses. Just take a breath and start to read through the long, lo-o-o-ong list of links to various web resources. It'll be worth the time it takes to get your bearings. There are lots of links to great resources. So, go ahead. Dive in!	Kevin Kelly blogs about cool tools. However, the link above is to one of his entries that we think is particularly cool. Kevin Kelly blogs about online publisher “Lulu.” We think Lulu is cool because you can create and publish your own commercial quality coffee table book, paperback novel, or other book in runs as small as one. Most people think the cost of self-publishing is expensive, particularly if you publish one only. The cost is very affordable, though. Even the commercial quality coffee table books can be published for as little as $50 or so. Heck, you could publish your family reunion photos in a high-quality glossy-stock coffee table book. Cool!	We've used this web tool to choose and play around with colour combinations. We think it's one of the cooler, easier tools to use. Just choose the method of matching your colours (neutral, analogous, clash, complimentary, et cetera) and use your mouse to move the colour chooser around the circular spectrum. You can even choose your colour spectrum and adjust for colour-blindness. Another “cool” rating from us.

Islandnet.com Hosted Sites

Train Harder	Modern Outpost	Cyber World with Scott James	Laurel Point Inn
Do you yearn for the endorphins produced from a good run, bike, or swim? Do you find a good workout is the perfect remedy for a stressful day at work? If you answered "yes" to either of the questions above, then this website may be the place for you. The site is all about training—harder—after all that's the name of the site. You'll find links to fitness blogs, training books, places to hike, walk, run, bike, or swim. Find out about hiking the West Coast Trail, walking Cape Scott Park, climbing Mount Olympus, mountain biking Fort Liard, trek the Westwood Lake “gutbuster.” We'll be there are lots of people who's heart skipped a beat at the term “gutbuster.” If your heart skipped a beat, go on, visit this Islandnet.com hosted website now.	Hey, use this website as a side dish to the one featured to the left. Train harder, then visit Modern Outpost for that trip to Nahani National Park or Mount Olympos. You'll find everything you need for camping, hiking, exploring, or busting a gut on your favourite challenge. This Islandnet.com hosted site is made for the tough slogging. They're motto is "Out here things have to be--a little tougher, a little smarter, a little more responsible. It sounds just like you doesn't it?	You can listen daily to the Q and Cyberworld with Scott James or you can visit this website. Or, you can visit the website and listen to current and archived versions of this long-running radio program. This program (and website) covers all sorts of interesting technology-related topics. So, if the first entry doesn't interest you, just move along to the next, and the next, and the next, and the next. There's lots to choose from. We're happy to say Scott James' site is hosted by Islandnet.com.	It's a fixture in Victoria's Inner Harbour. Being right on the water in the Inner Harbour, many of its rooms offer spectacular views of the water, the harbour, the downtown, and even the legislative buildings just a short walk to the east. “Spectacular” is one of the first words you'll see when you visit this Islandnet.com hosted website. Visit their website and have a look at their “webmercial” or check out their hotel rates, meeting rooms, promotions, or corporate services.

We Love Websites!

Websites are our business—hosting them and building them. If you need a website—blog, retail, business-to-business, personal, database-driven, or something else—Islandnet has plenty of website development and programming experience. Call or e-mail us if you'd like anything from graphics to nit-picky programming.

To those who've donated blood, we extend our heartfelt “thank you!” You can pat yourselves on the back, knowing you've each saved up to three lives.

Our blood drive sponsorship is pretty simple. Islandnet.com keeps a log for staff and customers at the Victoria Canadian Blood Services location. The log is called the “Life Link Book” and when customers or staff donate blood, they are encouraged to leave their username in the log. All donations trigger $5 in rewards (that can be applied toward an Islandnet account) for each customer. Every two to three months, Islandnet.com will retrieve names from the log and draw a username for free Internet time or other services. Duplicates in the log for any given period will count as separate entries, meaning the more often you give, the more likely you are to win.

In 2004, five people responded and gave blood. In 2005, 12 people responded and gave blood. In 2006, 37 people responded and gave blood. We're really happy to see the trend. But we'd like to see it increase even more dramatically.

To help boost blood donations, Islandnet is adding reward points for customers who get someone else to give blood at the same time. Just get the person you came with to donate blood and write their name in the "Life Link Book" and we'll give you an additional $2.50 in rewards, which can be applied to your Islandnet account. After all, many people go to Canadian Blood Services with someone else. Why not get them to give blood too?

Earn Islandnet rewards. Enjoy companionship while you do something wonderful. Earn more Islandnet rewards. Together, the two of you can save up to three lives. Give yourself a pat on the back.

Congratulations Lynn H!

Lynn H. of Sidney is our winner for last month for donating blood. Lynn won her hosting fee for a month, in addition to the $5 in rewards already applied to her account.

So, go ahead. Load hours of high definition recording of your family vacation onto your website and let the world know it's there. Upload your entire music repertoire and let everyone have a taste. Upload every high resolution animal, car, scenic, people, artsy, work-a-day, or extraordinary photo you have and let the world gobble it up.

We're ready.

First, we're not recommending phpBB or Gallery 2 as safe, secure, or suited to everyone's purposes. We haven't looked at the code closely. Either of these programs or individually the programs may or may not be suitable for your website.

With that said, both phpBB and Gallery 2 appear to be quite popular programs in their respective categories. Click here to visit the phpBB website. Click here to visit the Gallery 2 website.

If you plan to use both phpBB and Gallery 2 and integrate the two programs, the basic steps are as follows:

1. Install phpBB
2. Install Gallery 2
3. Apply the integration package

Of course, phpBB and Gallery 2 come with their own installation instructions. Follow the instructions that come with the programs you're installing. This article is meant as an outline of what you can expect, not installation instructions.

Installing phpBB

Version 2 of phpBB is the most recent stable release of the popular forum software. Version 3 is in beta testing as this article is being written.

We tried installing version 3 of phpBB and the forum appeared to work fine. However, when we tried installing and integrating it with Gallery 2, we had problems. We recommend staying with version 2.

Installing phpBB is pretty easy if you know the basics of getting files into your account. Having knowledge of changing permissions for files is also beneficial. Customers may recall that they can change permissions on files and directories using the Islandnet.com Helpdesk system's File Manager. If you're logged into Islandnet, you can visit the File Manager and view your account files by clicking here.

Creating Your Database

phpBB and most other forums are database driven. This means you'll have to create your own database on the Islandnet system. This isn't as hard as it sounds, though because phpBB creates all the tables you need. All you need to do is setup the database. And that's easy.

To setup your database, you can use the following Helpdesk page:

https://helpdesk.islandnet.com/accountman.cgi?tab=databases

If you don't already have any databases setup, you'll need to create a user first. Just select a username and a password and click "Update User List." Your user is created at this point.

After you've created a user, you can create your database. While on the same page, just give your database a name (if the database name is already in use by someone else, you'll need to choose another name) assign it the user you just created, and click "Update Database List."

That's it!

Getting the Files

You can get the files from the phpBB website. Look for the most recent stable release.

Also, if you're using Windows, look for the "zip" compressed file for download. If you get a "tar" or other compressed file and you're using Windows, you may have problems accessing the files.

Once you've got the files downloaded to your computer, unzip the file. Inside the resulting folder you'll see all of the phpBB files and directories.

Getting the Files to Your Account

You can use an FTP program, your desktop (Windows, Mac, or Linux Distro), or a web authoring program to get the files into your account. You'll probably want to install phpBB in its own directory. So, files should get transferred to the directory you want to contain phpBB. Of course, this will also be the directory people will access to visit your forum.

Making the Install

The only tricky bit here is you need to create an empty file called "config.php" in the directory where you've got your phpBB files. You also need to give it permissions of “666 or -rw-rw-rw-”. In the Helpdesk File manager, inputting these permissions is easy. Under the "Action" heading on the right hand side of the File Manager page is a small icon that looks like “RWX” with a pencil over it. Click on the icon and you'll be able to change permissions.

The install goes pretty smoothly. You'll need to know what MySQL server to connect to, as well as the username, password, and database name you created earlier.

You're taken through one simple step and then at the end you're asked to remove the "install" and "contrib" directories. phpBB won't function without removing those two directories.

Installing Gallery 2

Version 2.2.x is the most recent stable version of Gallery 2. However, we found that some changes from version 2.1 to 2.2 makes the software incompatible with the Islandnet system. Version 2.2 and higher simply will not install. If you read the Gallery 2 support forums, you will see that there are others who have been having problems with the newest release. So, we recommend using version 2.1.

Also, the help files that come with Gallery 2 can appear a bit intimidating at first glance. Some of the help documentation assumes you have shell access to your account and that you'll be doing everything using the command line, both for the files and directories you need and for the MySQL database.

No worries though. You can do the entire install without resorting to command lines at all. The File Manager, an FTP program, a browser, and the Islandnet Helpdesk are all you'll need.

Creating Your Database

You'll need to go through the same process as you did when the phpBB database was created. Only this time, you'll need to give your database a new name. You can create a new user to access the Gallery 2 database but that isn't necessary. You can have the same user access the Gallery 2 database.

As with phpBB, Gallery 2 creates all the tables for you.

Getting the Files

As with the phpBB files, if you're on a Windows system, look for the “zip” file containing the Gallery 2 files. Also, make sure you're getting the Gallery 2.1 files and not the most recent stable version.

Gallery 2 has hundreds of files and directories, many more than does phpBB. As a result, uncompressing the files will take longer.

Getting the Files to Your Account

Because Gallery 2 has so many files and directories, uploading them to your account can take quite some time. In fact, if you are on a dialup connection, forget about it.

As with phpBB, you'll want to dedicate a separate directory for Gallery. So, before transferring any files make sure you've got the directory setup.

Making the Install

As you may have guessed from Gallery's many files and directories, it's a more complicated program than phpBB. Installation too, is more complicated but not really difficult, since the installation process is pretty much automatic.

In its first step, Gallery 2 shows you a long string of letters and numbers and asks you to cut and paste them into a new file in the directory where you're installing Gallery. Once you've created the file with the text string in it, Gallery “authenticates” your installation and begins.

Gallery takes you through 10 steps. Each step of the way, Gallery will tell you whether there are any problems that need to be taken care of. Moreover, if there are any problems that need a remedy, Gallery doesn't seem to leave you without a solution. There are navigation buttons to allow you to do a step over or to backtrack.

Integrating phpBB and Gallery 2

This is the trickiest bit. Integrating phpBB and Gallery 2 requires that you copy files into the phpBB installation (not all that tricky) and modify some of the phpBB files (the tricky bit if you're not familiar with editing files). Plus, you'll need to create one table in the phpBB MySQL database.

Note of caution: Read the installation help files carefully. It's important to get everything just right or the integration may not work as expected or at all.

Getting the Files

You'll need to get the integration files from the Gallery 2 website. Make sure the integration files you're getting are for the version of phpBB and Gallery 2 that you've got installed. If you've got phpBB version 2 and Gallery 2.1, make sure the integration files are for those two program versions.

These files may be a bit more difficult to find on the site so click here to go there. You'll find a link to download the integration package there. Look for “phpBB 2.0x”. Before you're allowed to download the file, you'll need to register. Registration doesn't cost anything and doesn't take much time so no worries, right?

As is the case when looking for the phpBB and Gallery 2 files, if you're on a Windows system, go for the “zip” files. Once they're on your desktop, you can uncompress them to view the files and read installation instructions.

Copying the Files to Your phpBB Installation

The first step of installing the integration package is to copy files into your phpBB directory using your desktop or an FTP program. It's necessary to install various files into specific directories where your phpBB installation is. Just make sure you're copying the right files into the right directories and all will be fine.

Gallery asks you to create one new directory in your Gallery installation. Once the new directory in your Gallery installation is made, you're asked to copy one file there (in addition to the many you need to copy to the phpBB installation).

Creating a New MySQL Table in the phpBB Database

If you've never created a new table in MySQL, this can be intimidating. However, it's not as hard as it might seem. Islandnet offers the use of PHP MyAdmin, a browser-based database tool that allows you to manipulate your MySQL databases without knowing a stitch of command line MySQL.

If you've got a database created, you can access it by going to the following URL:

https://helpdesk.islandnet.com/sql/

You'll need to log in using the username and password you specified when you created the phpBB and Gallery username, password, and databases.

Once logged in, from the left-hand side of the page you can select the phpBB database to work on. To work on the phpBB database, you simply pick that database from the left hand menu dropdown box.

At the very bottom of the page, you'll see some text that says “Create new table on database Xxxxxx” where “Xxxxxx” is the name you gave your database. Gallery asks you to create a table called "phpbb_gallery2" so that's what you type in in the “Name” form box. The table needs six fields so that's what you type into the “Number of fields” box. Then you click on “Go.”

The next page will ask you for particulars of each table field. Don't panic, though. The instructions that come with Gallery are pretty clear. The instructions tell you what each field name needs to be, along with what type of data it will contain, how big the field is supposed to be, and whether it can be “null” or not. Once everything is specified, you can click on “Save” and you've got your additional phpBB database table.

Editing phpBB Files

If you're not familiar with working with files, this can appear daunting. There are quite a few files to alter and some of the files are quite large.

The help files that come with the integration package are fairly detailed and accurate. Where they specify the code to search for and where they give you code to paste into files, we saw only three or four occasions where the text they specified was not exactly what it was in the files we were changing. Any differences were minor enough that they didn't affect how the installation worked.

In all, it took us about 40 minutes to make the changes to the phpBB files.

File Manager

You can use the Helpdesk File Manager to access your files. However, there is a catch.

Because of the limitations of browsers, the File Manager cannot load files any larger than 30 kilobytes. Some of the files that need to be changed are larger than 30 kilobytes, meaning you can't edit them with the File Manager.

On the other hand, you can view the file source from the file manager by simply clicking on the file name. The file source code will load in another browser window. You can then right-click on the page showing the source code and select "select all" then copy the code to your clipboard. Once the source code is copied to your clipboard, you can paste the code into a text editing program where you can make the changes you need.

Text Editing Program

Do not use Notepad if you're a Windows user. Do not use Word or a word processor. Notepad is notorious for inserting DOS characters into files. Word and other word processors put all sorts of unneeded characters into text files.

Probably the easiest way to edit the phpBB files is to access the copies you have on your computer, which you used to upload into your Islandnet account. As you make changes to the files using your favourite text editor (but not Notepad), you can save them and upload them to the appropriate location in your phpBB install.

Configuring the Integration

Once the files are copied and edited, you'll need to log into your phpBB installation to configure Gallery from within the forum. With the changes made to the files, the administration page will have a link to configure the Gallery. You will need to “Configure Settings” and “Synchronize Users” before the integration will work.

Care should be taken when accessing the "Configure Settings" portion of the integration. We had problems with pages displaying blank when these settings were incorrect.

While configuring gallery settings, you're asked for the following information:

• URL path to the gallery2 directory
• URL path to gallery2.php
• Full file path to embed.php

Here are the settings that worked for us:

You will need to change the “y” & “youraccount” to match your account name. For example, if your account name is “freddiebloggs”, you'd replace the “y” with “f” and “youraccount” with “freddiebloggs.”

The End

That should be it. You should have a working copy of phpBB and Gallery working together.

We can help!

If you don't want to do this yourself or if you find things aren't working as they should, give us a call (383-0096 or 800-331-3055) or e-mail us.

A Postscript

phpBB has many people who support it with add-on programs that enhance security and functionality. If you install phpBB, our opinion is that security enhancements are mandatory, not optional.

“Why,” you ask? Because within a few hours of installing phpBB, a bot already registered itself as a user and posted a link to a no-so-family-friendly website.

So, look for “Mods” that prevent people from viewing membership info and from registering without first answering a simple (for a human but not a bot) question.

Well, don't!

Here are ten choices someone might try if they try to crack your password:

If the above ten passwords don't include one you use, consider the fact that hackers use &qlduo;brute force” for guessing passwords. That is, they create a program that simply tries various words or letter combinations until it comes across yours.

Consider this. Long passwords are much better than short ones. Passwords with capitals and lower case letters are much better than ones with lower case only. Passwords with capitals, lower case, and special characters (e.g. “# $ % ^ ( ) * ! ~ & = + and so on...)” are much better than ones with lower case and capitals only.

How much better you ask? Astoundingly much better is the answer.

In an article in One Man's Blog, the following table is posted:

For a more thorough look at password strengths and the time it takes to crack various combinations, visit Locktown.uk.co - The Home Computer Security Centre. They base their estimated time required to crack passwords a Pentium 100 computer. Yet, less secure passwords are either instantly crackable or can be cracked in a matter of minutes or seconds. Now, with “dual” and “quad core” CPUs and computer clock speeds commonly above 3 gigahertz and more, passwords are all-the-more vulnerable.

You get the picture. If you use a long password with capitals, lower case letters, and special characters, your password isn't going to be cracked using brute force.

For more information on keeping your passwords safe, read the entire article on One Man's Blog.

Part of this article was adapted from an blog post by John Pozadzides in his One Man's Blog. John Pozadzides' article was published under the Creative Commons Attribution 2.5 License. Consequently, this article is published under the Creative Commons Attribution 2.5 License.

Treat HTML Files as PHP Files

Do you want to give PHP a try but you've got tons of HTML files you don't want to rename? Well, we have an easy remedy. Create or edit your .htacess file so that html files are treated like PHP files.

Just insert the following line in your an .htaccess file in the root of your domain and the Apache server will treat HTML files like PHP files—presto-chango!

AddHandler application/x-httpd-php .html .htm

Pre-fill the Fields of your “mailto” links

If you've got a website with various pages, chances are there are mail links on them. Many times those links are on pages with specific topics. You might want to have a mail link so that site visitors can e-mail a link to the current page to their friends. In that case, you might want to have an e-mail link that looks something like the following:

<a href="mailto:?subject=Web%20Page%20You%20Might%20Enjoy&
body=I%20ran%20across%20this%20web%20page%20and%20thought
%20you%20might%20enjoy%20it.%0D%0A%0D%0AJust%20click%20on%20the
%20link%20below%20to%20go%20there%20now.%0D%0A%0D%0Ahttp://
example.com/interesting_page.html" title="Click here to
e-mail someone about this web page.">

Line breaks have been inserted in the above code to allow it to wrap on the page (and not extend too far to right).

Click here to see what comes up in your e-mail program when you click the link.

Notice that the subject line is filled in and there are three lines in the body. The “to” field is blank, as the site visitor has to fill it in in order to send the message to the recipient.

What are all those curious characters in the code? The question mark (“?”) simply tells the browser and your e-mail program that the text following is the first e-mail header. In this example, it's the e-mail subject. The ampersand (“&”) tells your browser and the e-mail program that a second e-mail header follows. In this case, it's the e-mail body.

All the “%20”s sprinkled throughout the code are spaces.

The “%0D%0A”s are line breaks.

Legal Stuff

The information displayed in this newsletter and any previous or subsequent newsletters is for information purposes only. Islandnet.com, AMT Solutions Group, Inc. and related companies are not responsible for any losses or damages resulting from the use of information in the newsletter. While the information contained in this newsletter is believed accurate, readers must verify information for themselves. Sites we link to do not necessarily represent the opinions or policies of AMT Solutions Group, Inc.