How to setup Google Sites for your website’s Wiki page

I feel like a little boy yelling down the street to announce the arrival of the circus. “They’re here! They’re Here! They’re HERE!” Yes folks, the JotSpot WIKI technology that Google acquired back in October of 2006 is now a service available via Google Aps – a service entitled “Google Sites.”

A service that I as soon as it appeared on my aggregator, I added to HealYourChurchWebSite.com – taking screen shots and notes so you too can add Google Sites’ WIKI-like capabilities to your church and/or charity website.

I got it done in about 9 steps – if you only see the first three – click on the [Read the rest of this entry »] link to see the rest.

Step 1:
Get into your Google aps via mail, docs, calendar or what-have-you and click on the “Manage this Domain” hyperlink in the upper right hand corner of your screen.
Step 1 on installing Google Sites
Step 2
You’ll see a link on the upper left hand corner that reads “Add more services” … click on that link.
Step 2 on installing Google Sites
Step 3
That big old juicy button under the title “Sites beta” … you want to mush it good!
Step 3 on installing Google Sites
Continue reading
Posted in Uncategorized

5 Comments on Google, Tammy Faye, WIFI Security, Spiritual Abuse and Flashination

Here are 5 comments from visitors that I think are worth restating in a post as they each address larger issues facing many of us who design, develop, deploy and maintain church and/or charity websites. The format will be a brief on what the original article stated, and then snippets of what the commenter contributed; so in no particular order:

Submissive Volunteerism versus Spiritual Abuse

In this post, I associated my extensive studies of spiritual abuse with a number of the problems that face church website design and development that include, heavy-handed deacons, know-it-all pastors, and/or congregational curmudgeonry.

In a John 11:35 response, utoo73 offers the following in a 12 paragraph comment:

I am currently suffering through many of the same issues with my church.  As a board member, I stated from the beginning that my covenant was with the congregants of our church.  I have found that this was more than a little impossible mission given the construct of the church …

… Today, after 5 weeks of sheer hell in which I and other active members of volunteer committees were repeatedly told that we were “not coming from a spiritual place” by our ministers.  Where the President of the Board, even after being advised of these abuse and seemingly worked as a mole for the ministers, while assuring me they were working towards resolution, brought a small measure of vindication for myself and others who have held tightly to the spiritual truth that “all of us” are created by and within God …

… Unfortunately, for me, the cut may have been to deep for me to remain in my church.  I will see once I have helped my Board put into place safeguards to assure that situations such as have occurred over the past 5 weeks, NEVER devolve to the place where congregants must leave to find peace & safety from the very place where they should be receiving comfort.

5 things about Google Aps that concern me

One doesn’t need to read too many of my posts to realize that I’m all into the Web 2.0, disruptive technology that Google provides. That said, there is an old aphorism that warns “not everything that glitters is gold” – in this post, I point out  some of the potential risk that come along with the rewards of moving your church office to Google Aps.

Salgoud, a charter friend of Heal Your Church Website also provides a Luke 14:28 account worth considering:

My wife manages the church phone list for our small church (120 or so members). It’s just an Excel spreadsheet. She uploaded it to Google spreadsheets to give it a try and sent me an invite to edit it. Would make keeping it current a lot easier.

When I followed the link, it immediately let me see all the content. Every church member’s address, phone number, email addresses, kids names and birthdays. All of it. I wasn’t even logged into Google yet. I was shocked. I couldn’t edit it, but once I logged into Google I could.

I was never given any authentication info for logging into the document nor was I asked to verify that I was the person who was given access. How did Google know that I was authorized to edit it?

5 Simple Security Tips for the WiFi-ing Road Warrior

In preparation for my journey to the Hashemite Kingdom of Jordan, I wrote an article describing some of the precautions I was taking that might be useful to other traveling abroad on week-long mission trips.

Another good friend of HYCW, Mr.Ben of JediMoose, offers this sound, practical, low-tech means for making a Hebrews 8:10 like defense:

One of the most interesting pieces of advice I heard on password strength was that, these days, the majority of cracking attempts happen remotely, not locally, so you’re actually safer creating very strong passwords, and then writing them down and keeping them in a physically secure place.

Pastors and graphic artists listen up: your user isn’t you

This is the post where I basically tell pastors and graphic artists many times in many ways “you are not your user.” From what I gather of the “great cloud of witlessness” that’s still out there in terms of church web sites, I’d have to say they’ve got their fingers in their ears while singing “la-la-la, I can’t hear you …

One pro who apparently appreciated my ‘1 Corinthians 9:22 point, Matt at Cordata Ministries, made me laugh when he wrote:

I’m not sure whether to slap the back of the head for your attitude or slap your back for being so right. I build web sites and tools for a living, and as I read your posts I am torn between the two extremes.

While on the one hand, I want to say “Yes! I HATE when I see that. It cheapens the message and condescends to the viewer,” on the other I am half afraid that as I read through the rest of your site (oops, blog!) I am going to come across a web site I helped a well-meaning church put together.

5 lessons pastors can take from Tammy Faye Bakker Messner’s passing

In a post that drew ALOT of fire, criticism and personal hate-mail, I took the opportunity of Tammy Faye Bakker’s death as yet another example why the dysfunction of the evangelical church in the U.S. is fails the Body. A point recently quantified by the Pew Research’s recent publication of a survey entitled ‘The Religious Landscape of the United States

Contrary to some of the more … um … impassioned “love notes” I received, long time HYCW friend and frequent commenter, b2blog offers these words of encouragement in response to my ‘1 Timothy 4:1‘ message:

Great post Dean!!!!

As parents, we might have called this a ‘teachable moment’. One that pastors are letting slip by.

I don’t get Tammy, never did. Your post explained much about why she is important. Having the ability to discuss that ‘over the water cooler’ is important friendship evangelism, if we faithful are being prepared for it. Which, you are right, we aren’t. We’d rather hide from the fact that she represents our faith.

Once again, thanks to ALL who leave comments here (in love) – all but a few are fun and useful to read – and I appreciate hearing from y’all.

So don’t be shy!

Posted in Uncategorized

How to block a range of IPs from spamming your church website

Using a blog to manage a website’s content is a flexible and affordable solution more and more churches are employing to effectively present their message online. There is however one drawback – in that some of the open source blogging solutions used as content management on the cheap also tend to attract attention from nere-do-wells who attack the comment and content functions of application such as WordPress and MovableType with robotic floods of advertisements offering anything from enlarging various appendages to curing male baldness all while losing your life’s saving playing poker online.

What’s worse is that many of these attacks these days come from servers in countries where you have absolutely no legal, let alone social, recourse to stop said attacks. Take for example a recent slam of attacks on a new dedicated server I’ve been working on – all which failed due to recent preventative security endeavors – but all incoming from a block of related IP addresses from a server in China all of whose addresses had 218.25.161… in common.

And while these unwanted advances were successfully thwarted by various server hardening practices implementations – the best way to avoid trouble from said attacker is to just deny access to anything on the server by denying the range of IP addresses indicated in my security logs.

With that in mind, I thought I’d share two approaches to blocking a range of IP addresses. One solution at the firewall level – the path I prefer on dedicated servers, the other solution is blocking IP blocks via the .htaccess file, which are employed on sites hosted on a shared server.

Using APF firewall, I simply create an entry that defines the block – in this case:

218.25.161.0/24

In the .htaccess file:

<Limit GET HEAD POST>
order allow,deny
deny from 218.25.161
allow from all
</LIMIT>

Both implementations block IP addresses from 218.25.161.0 through 218.25.161.255. But what happens if I only want to block addresses from a smaller set of addresses? Like those coming from someone abusing their DSL services whose range of dynamically assigned IPs may only be a range of 216.12.201.150 through 216.12.201.200.

That becomes trickier as is requires both a knowledge of the ‘CIDR notation’ and the bit mapping that goes along with it. Which is why I recommend instead using this nifty little online tool from Mikero.com. An easy-to-use service which performs all the bit-blasting, while also “aligning” the range so it can be expressed in correct CIDR notation.

Or in laymen’s terms, I add the following generated range to my firewall:

216.12.201.128/25

Or where no such firewall access is available, the following line in my .htaccess file:

deny from 216.12.201.128/25

Below are some tools and links on the topic of how to block a range of IP addresses if you want to dig into it a bit further.

Online tools to calculate an IP address range (CIDR):

Online tools to check/verify your CIDR notation:

Tutorials on blocking IP addresses and CIDR subnet masks:

Pre-fabricated blacklists to block IP addresses of entire countries:

A bit more on .htaccess and mod_access:

Just remember to keep good backups of whatever files you’re working on – and try not to lock yourself out while experimenting with changes!

Posted in Uncategorized

How to secure your church’s dedicated Linux server

This post is dedicated to all of you running your church’s website in the choir robe closet, or who have been graced with a generous and geeky member who has taken advantage of one of those cheap, unmanaged dedicated server deals advertised at places like WebHostingTalk:

As the author plainly states, “This list is not comprehensive, nor does [he] take any responsibility for any harm that may come to your server if you use any of these commands.”

Emphasis mine, that said, I found this a very good “quick reference” for those of you thinking about running or leasing your own Linux/Apache server. Especially for those blissfully ignorant enough to think it can be done simply by installing ubuntu on an old machine some donated as a tax-write off.

Using Richy’s sobering tips, I went out and found how-to articles on each of these “dedicated Linux server for dummies” points – just so you could realize just how much work goes into “hardening Linux servers for dummies:”

Now if this hasn’t scared you out of running your own server in the basement of your church or charity (and I’m hoping it does), then may suggest, rather … I COMMAND YOU to go buy and then read “Hacking Linux Exposed” before you take the dive.

Seriously, consider the costs of trying to save money by running a box out of an unused closet or corner of your church. It may be more expensive in time and lost off data than you think. At least think of all the work that goes into hardening Linux web servers these days.

How ’bout some of you other pros out there? I’m sure I’ve missed something. Leave a comment, we’ll add to the list.

Posted in Uncategorized

Signs and blunders: legibility and the marquee on the church front lawn

Like Mark Pilgrim, I too live in Apex, NC; “the peak of good living.” I know this because that message is proudly and conspicuously displayed on both water towers. A lesson in good old fashioned marketing if ever there were one: make it large enough and simple enough so someone driving by can read it.

Too bad not every church here in ‘the land of only one recent industrial fire‘ has yet to market the URL for their church website in a similar fashion via the obligatory marquee/sign that adorns their front lawn.

Two cases in contrast – each taken at about the same distance one would see it approaching at the stated speed limit of their respective roads – both shown in the best daylight conditions possible:

Calvary Chapel Cary

Prince of Peace Episcopal Church

As one can quickly see, the “living art project” for Calvary Chapel Cary looks great from a design perspective … but isn’t nearly as easy to read and memorize at 40mph as more utilitarian offering by the Prince of Peace Episcopal Church.

Cleverly, the second church is using the simpler TPOP.org – an easy to render, see and remember url – as a redirect that’s more memorable when spoken “thePrinceOfPeace.org.”

Too bad the website for “TPOP” isn’t nearly as carefully crafted and informative as the offering from Calvary Chapel.

None-the-less, the point here is to get you to get you away from the computer for a few moments to consider how legible and memorable your hard copy URL is rendered.

Posted in Uncategorized

Groundhog Day: Punxsutawney Phil vs. Staten Island Chuck, you decide!

Well folks, it’ Groundhog day and the results are in. Now I don’t mean to start a controversy … ah who am I kidding … of course I am. Okay, true confessions aside, it appears we have conflicting GroundHog Day results from the field – just like some of your image lighting sources.

Press darling Punxsutawney Phil was reported seeing his shadow, indicating an extended winter season … whom according to the GroundHog Club at Gobbler’s Knob is 80% accurate since 1987.

A prediction contested by the lesser known Staten Island Chuck who is predicting an early spring having NOT seen his shadow … something worth noting when you consider that the Staten Island Zoo is reported to measure Chuck’s accuracy rate at 85 percent over the past 25 years!

Me, I’m a Chuck kinda guy because I have four good friends similarly named and have an NYC background. But of greater note is the fact that my spousal unit, born and bread near Aliquippa pa, PA, and degreed in Meteorology from that fine institute of higher learning (and college football) located in State College, PA also sides with Staten Island Chuck’s metrics!

So what about you? In about a minute or two, I’ll add a poll that also includes prognostications from the likes

What has this got to do with church web site design? Hmmm … well it’s a stretch but …

… Like SI Chuck, I’m not a big fan of shadows — for me on GIF or PNG like drawings. They seem to ‘kitsch them up‘ a bit for me. That said, if you insist on adding shadows to your image, make sure they’re consistent.

For example, note how the shadows from the font of this sample picture conflict with the lighting source of the image of a groundhog.

That is the shadows of the text indicate a lighting source from the top left … while the groundhog appears to be lit from the bottom left.

Don’t do this – be consistent.

Hmmm … all these tangends do make me wonder what the groundhogs in Jordan are saying … like it really matters in that climate.

Posted in Uncategorized