I’ve been thinking about this one for over a couple of weeks.  Should I share what happened to my daughter’s blog or should I bury it and pretend it didn’t happen?  If I actually blog about then maybe it will happen again.  On the other hand, it may not.  In the meantime, I think what happened to my daughter’s blog re-opens the conversation about digital citizenship and when to start creating one’s own digital footprint.

Right before the Apple Leadership Summit, my husband called me from school and asked me if I had seen Maddie’s blog that day.  This is a tame snippet of what I saw when I went to Maddie’s blog:

Context:  Maddie is five and over the past year she has taken a strong interest in what we put on her blog.  We talk about it at night just like we talk about what she did at school that day.  She constantly says, “Mommy, let’s put the picture on my blog” or “Don’t put that on my blog!”  She heads to school on Monday mornings and can’t wait to share what she did over the weekend with her classmates and with her teacher.  How does she share?  She goes to the computer and opens up her own blog.  She’s five.  This is her reality.

Maddie’s blog was hijacked by the Ghost of Iraqi Hackers – whoever they are.  To this day, I have no idea how they hacked into her blog – it’s beyond everything tech that I know.  I just know that I couldn’t log in to her blog and immediately went to my Twitter PLN and asked what to do.  My wonderful PLN told me to call bluehost, which I did and they were able to restore Maddie’s blog right away.  They are worth every single penny by the way!!!!!

Maddie’s blog means a lot to her and when this happened, it felt like a huge invasion of privacy.  I am convinced though now more than ever that this is just another learning experience.  I consider it my responsibility to teach Maddie about digital responsibility.  What’s okay to talk about – what is not okay to talk about…. what do you do when something bad happends to you online?  We are raising and teaching our children in a new world and we can’t protect them from its dangers by avoiding digital responsibility.  This experience is one more feather in the hat for a lesson learned, but we will not hide and will continue to promote the goodness that can come from behaving responsibly online.

And that is my opinion.

———-

By the way:  this is what bluehost sent me to make sure that this doesn’t happen again!  But of course!!

1. Set register_globals to OFF
2. Turn off Display Error/Warning Messages. set error_display to ZERO
3. Never run unescaped queries
4. Validate all user inputs. Items on Forms, in URLS and so on
5. Move Config and files containing Passwords to mysql to a Secure directory outside of the public_html folder
6. Access Control, U don’t want ya user to have access to Admin function or Clean up scripts
7. htaccess is your friend use it to deny people (we also have a easy deny manager too in the cpanel)
8. PHP can parse any valid script, whether it is called foo.php, very_long_name.php.php.php, or even willeymtard.bat. Using the default extension of “.php” means that before your hackers start you have already told them you are using PHP. As mentioned, you can use any filename for your scripts – if you are using PHP for every script on your server, consider using the “.html” extension for your scripts and making PHP parse HTML files you can change your file extension by adding this line to the htaccess or turn it on via the add type handler in the cpanel (AddType application/x-httpd-php .php)
9. To protect against SQL injection attacks Sometimes hackers will try to screw up you database by inserting SQL code into your form input fields. They can for example, insert code that could delete all the data in your database!

To protect against this, you need to use this PHP function:
mysql_real_escape_string()
This function escapes (makes safe) any special characters in a string (programmers call text a ‘string’) for MySQL.
Example:
$name = $_REQUEST['name'];
$safe_name = mysql_real_escape_string($name);
Now you know the variable $safe_name, is safe to use with your SQL code.

10. Keep the PHP code to yourself. If anyone can see it they can expliot vulnerabilities. You should take care to store your PHP files and the necessary passwords to access your MySQL databases in protected files or folders. The easy way to do this is to put the database access passwords in a file with a .inc.php extension (such as config.inc.php), and then place this file in a directory which is above the server’s document root (and thus not accessible to surfers of your site), and refer to the file in your PHP code with a require_once command. By doing things this way, your PHP code can read the included file easily but hackers will find it almost impossible to hack your site.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

There are nearly 400 students in my middle school and I’ve gone and created a student blog for every single one of them.  Some of the students blogged last year for the first time and, overall, they did a great job.  As I was browsing some of the work they put up on their blogs, I realized that there was a strong need for students to be educated about Online Profiles.  Thanks to some of Jeff Utecht’s and Julie Lindsay’s work, I’ve been able to pull together some of the best of the best messages you can send out to kids.  I didn’t preach – I just told them a story and I told it the way it is…

I started the 40 minute introductory presentation off with a simple question – who has a Facebook or MySpace account?  I was amazed that I had a few 6th graders that claimed they have had their Facebook account for three years which meant that they have been leaving their internet stamp since they were 9 years old.  We talked a lot about the Connected Web and I showed them the difference between a young blog and a blog that had been around for awhile using this Websites as Graphs applet.  The visual helped students begin to see that they truly cannot control where information goes via the web.

I asked the two questions of the students:  

1. What do you want people to know?  
2. What do you not want people to know?

 This framed our conversation around recent articles where people landed jobs because of who and what they knew through their online social network.  But we also talked about some of the negatives of an online profile.  The question came up:  Can teachers find out what we have our Facebook page?  I cited at least two instances where this is exactly what happened.  

Most students will set up their blogs next week and I want them thinking about the true meaning of Digital Citizenship and I want them to be fastidious about Creating their Online Profile.  They can’t control it, but they can form it and create it.  Digital Literacy is part of creating their online profile.  I asked my group of Third Culture Kids from each grade level if they know of Joe Biden.  Most did, but most did not know that he was accused of plagiarizing a speech in 1987 and that little piece of news was still following him today over 20 years later.  This was yet another reason students should form, shape and create their online profile today.  

I presented to the three grade levels at three different assemblies and I had them engaged the entire time…. they are thinking about it because all this week, students stop me in the halls and during lunch to talk about what is okay to put on the web and what is not okay.  Their awareness level has risen.  What a great start for the school year!  

My presentation is below in pdf because it’s a Keynote.  The movies didn’t come through as a pdf so they are linked here:  

1. Disney Copyright Law

2. Plagiarism: Don’t Do It

3. Cyberbulling – Ad Council

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.