Author Archives: Mark Fielden

bluetree christmas tree image

Fresh Air and Fun in Portishead in Christmas Week

Want Some Fresh Air and Family Fun Over Christmas?

bluetree christmas treeYou may know that BlueTree is the tech part of the Visit Portishead partnership.

This Christmas, Visit Portishead needs help with one project and wants to promote another. The first is a crucial community resource that everyone should know about, the second is a bit of fun for all the family, a free-to-enter competition, with lots of fresh air and great prizes.

So gather your families, get out around Portishead, and use up those Christmas calories!

Portishead Lions Public Access Defibrillator Project

You will have noticed some of the green defibrillators popping up around the town. They don’t just “pop up” of course. A lot of hard work goes on behind the scenes.

In fact,twenty-six devices, available 24/7, are now distributed in and around Portishead, most of them provided by the Portishead Lions project. A still-growing resource, they’re known as PADs, Public Access Defibrillators, and AEDs, Automated External Defibrillators.

Now, if you need one, you’re going to be in a hurry. The quickest way to find one is to dial 999 and the operator will direct you. However, if you’re familiar with their locations, you can start running in the right direction whilst dialling, and save valuable seconds.

There’s a new defibrillator map on Visit Portishead. They want to make sure the map is correct and complete, so they need people to test it. If you’re ever near one of them, please will you spare a minute to check the map is correct?

  • does it it take you to the correct place?
  • can you improve the directions?
  • can you take a more useful photo?

If you spot an error,  can suggest an improvement, please click the Feedback link, bottom right on the page, and report it.

Portishead Christmas Picture Quiz

It’s free to enter and will help you and your kids, not to mention the dog, Granny and Grandpa, burn off those Christmas calories. And you may win prizes!

Twenty photographs of things around the town, and a question or two about each one. The aim is to get residents, new and old, young and old, to explore places they haven’t been before. It runs until midnight on New Year’s Day, so there’s plenty of time.

Enjoy it at Visit Portishead, the information resource for residents and visitors. Just tap or click the banner at the top of the page.

Love to hear what you think!

General Data Protection Regulations (GDPR)

GDPR Ticklists to Help You if You Missed the May 25 Deadline

the word privacy in a sort of google fontWant to go straight to the ticklists?

Or straight to the sole trader bit?

I wonder how many businesses have deleted 75% of their hard-won contacts with “essential you opt back in” email campaigns? And they will lose them, because of this knee-jerk reaction to GDPR.

  1. everyone receives so many they’re ignoring them
  2. they’re probably not necessary
  3. they may be illegal under other regulations

You do need to act, but there’s no need to panic, even if you missed the deadline. This myth-busting piece in The Guardian may help put your mind at rest.

Like most of you guys, we’re a very small business, and this is our take on how it apples to us. This is what we’ve done, and what we’ll be doing in future. This post covers,

BlueTree GDPR Promise

We promise to treat all personal data with respect, and we’ll never knowingly share it with anyone else, nor use it for any purpose other than that for which it was collected.

GDPR Tasks to do Before May 25th

GDPR seems common sense, and we don’t have to change much anyway. Our compliance is based on this understanding:

  1. Make a list of all the places you hold personal data. We have one in a Word document.
  2. Be clear about what data you collect and why. For marketing, we hold email addresses, phone numbers and, for accounting, postal addresses.
  3. Write and Publish your Data Protection Strategy, optionally on your website. Here’s ours.
  4. Draw up plans to implement your strategy; you might not finish implementing them it before 25 May.

Before or After May 25th

  1. Only use personal data for the purpose you collected it and don’t share it with anyone else. We don’t.
  2. Hold personal data securely. We use networked, personal computers, with strong passwords. We store some in “the Cloud,” where it’s held securely by reliable, global corporations, namely Google, Dropbox and MailChimp. We don’t think we’re liable for breaches they may make, though we may need to contact people affected.
  3. Add people to your marketing list only if they opt-in; we use sign-up forms.
  4. Avoid collecting data from minors. We’ll do our best to identify them.
  5. Respond promptly to requests for copies of personal data you hold. We’ll do so for anyone who requests it on this form (it’s our usual contact form).
  6. Allow people to amend or delete their data. We’ll do this if they request it on the same form.
  7. Add an unsubscribe link in marketing emails and delete unsubscribed people. No need for us, MailChimp does this anyway.
  8. Tell the Information Commissioner, and people affected, if you get hacked. We can do this if it ever comes to our notice.

Simple GDPR for Sole Traders and Micro-Businesses

BBC Radio 4’s Money Programme (20 May) had some advice for sole traders and small organisations. You can download the podcast here. The bit about GDPR starts 21 minutes in. The example they used was a small allotment society, and the advice covers micro-businesses (like sole traders and partnerships) too. This is what we so.

  1. GDPR applies to business contacts, not to personal contacts, though if you do business with a friend or relative, that contact is affected.
  2. Existing contacts. There’s no need to stop mailing people already on our list:
    1. It’s fine keep personal data we have already, if we have a good reason to do so, e.g. they owe us money, or we do work for them sometimes. This is called a “legitimate interest”, apparently.
    2. It’s also fine to keep it if they gave us consent when we collected it; we won’t be asking anyone to opt in again unless we’re sure they didn’t consent.
    3. If we want to use personal data for anything other than why we collected it, we’ll ask for consent.
  3. New contacts, people whose data we want to store. We’ll ask their permission, tell them why, and that we’ll change or delete it if they ask you to.
  4. Security. We’re sure the paces we store it are secure. These include phones, computers and “cloud” storage; they’re protected with a PIN or password.
  5. Website. We collect personal data on our website with a sign-up or contact form; it’s encrypted, secured with an SSL certificate (HTTPS) – more on our blog here, and protected from web spiders with a reCAPTCHA,
  6. Updates. We promise to supply, change or delete their personal data if anyone asks.

You’re also supposed to have procedures in place, but sole traders and tiny businesses don’t do this formally, as a rule. Here at BlueTree, we have a list of places where we store personal data (MS Word document) and a short GDPR policy statement, published on our website.

Free GDPR Tick List Templates

We like tick-lists: lists of things to do, expressed as 1-liners. They’re terse task reminders, in sequence if that’s important. Print them out, tick off the jobs as you do them, then file the completed list as evidence of completion.

There are two GDPR template tick-lists in this document: start-up and on-going. Yours to use as they are, or modify, so long as you don’t blame us if anything goes wrong. Here’s your link.

Disclaimer and Where to Find GDPR Advice

We’re neither legal eagles, nor GDPR experts, and we’ve decided what to do after researching the subject. You’re welcome to copy what we do, but please don’t hold us responsible if anything bad happens.

By all means, copy our policy and put it on your website, but please don’t copy / paste it. We explain this here, help for new web page authors, “Golden Rule”.

If you search for “GDPR” using your favourite search engine, you’ll find masses of information. This is a problem: there’s too much, so how do you know which is correct?

We’ve found these pages both credible and informative.

  1. Information Commissioner’s advice on GDPR
  2. Federation of Small Business’s GDPR Preparation Checklist
  3. Myth-busting explainer article in The Guardian

Best of luck!

PS: If you think we got anything wrong, or have a question, please leave a comment here. It’ll help others reading this post as well as us.

how google chrome identifies a secure website

Encryption: Improve Your Search Position Step 2

Step 2 is About Encryption

digital encryption padlock on green screenThis time we’ll discuss website security, what it is, why it’s important, and what you need to do about it.

This is a long post, so I’ll summarise it.

The Internet is becoming more security conscious. Some web browsers now issue warnings when you visit a website that isn’t secure. The others will follow. Warnings put visitors off. If you don’t want to lose visitors to your site, you need to encrypt it.

The next post in this series will explain how we are encrypting all BlueTree CMS user sites.

Meanwhile, in this post:

But first, a story.

A Website Encryption Story

We just finished a new website for a client. Stuart was very happy with the design and content, but there was a problem. He checked it on his phone, only to be told that the site was not secure! His SSL certificate doesn’t match his website.

browser pop-up that shows when an SSL certificate is invalidNow, he doesn’t have an SSL certificate, neither does he need one – any more than anyone else, that is.

We traced the problem to his phone’s over-zealous software. Our servers host many websites, some of them encrypted. The phone software wrongly assumed that, because one of the sites has a security certificate, it must apply to his as well.

No website owner wants to see something like this when visitors go to their website. So we installed a correct, temporary certificate for him.

Why Encryption Matters

Clandestine forces are eroding the Internet ideals of free speech and openness. Internet freedom is under threat from wealthy individuals, corporations, hackers, even government agencies, with

  • fake news designed to mislead
  • trackers that collect personal details
  • algorithms that control the news we read
  • data collection to support identity theft and secret government snooping

Encryption is one way the good guys are fighting back. They’re persuading us to encrypt our websites. As one encouragement, search engines are starting to reward encrypted websites with better rankings.

Here are two more reasons:

  1. The GDPR Data Protection Regulation: if you collect any personal information on your website, it should be secured to reduce your risk of compromising it.
  2. My antivirus software, Webroot, puts a big green tick next to search results it deems safe. So do many others. You’ll notice that the search result below has HTTPS:// in front of our web address. This means the website connects securely with your browser. The “S” stands for “Secure”.search result with green checkmark showing it is safe to visit

Back to top.

Benefits for You

Here are four reasons to encrypt your website:

  1. Your visitors won’t be put off by dire warning messages, like Stuart was
  2. Visitors will see at a glance your how google chrome identifies a secure websitewebsite is safe, because their browsers will display a closed padlock in the address bar; this is Google’s Chrome browser making it obvious
  3. Hackers won’t be able to snoop on your visitors
  4. Google will rank your website higher, some say as much as 5%

Many internet users are not tech savvy, so may not notice. Don’t expect this to last, however. How long ago was it that nobody understood the cookie message you now see on every website?

firefox insecure login warningWorse, if you’re asking for feedback, or collecting an email address, they’ll certainly notice something like this.

Chances are they’ll move away and you’ll lose their input or a valuable lead.

Back to top

Secure Websites Are Encrypted

My browser talks to your website using text messages. They’re structured formally, but you can read them using Windows Notepad or Apple TextEdit. Anybody can read them, including hackers.

you accessing our website over the internet cloudThese messages run over the Internet, AKA The Cloud. On the way, they pass through many servers. Servers are computers and can be hacked, exposing your messages to hijack.

Encryption converts the messages into gibberish using a cypher, possibly the oldest form of secret writing. Julius Caesar used a simple “Shift Cypher” in his correpondence. With a shift cypher, you swap each letter of the alphabet for another. “A” becomes “F”, for example, “B” becomes “G”, “C” becomes “H”, and so on. Each letter is shifted six along in this example. So BLUETREE becomes VFOYMLYY.

It’s fairly easy to crack. “E” is the most commonly-used letter in the English language…

Digital encryption is much more sophisticated, as you can imagine. It’s so secure that the US Government has tried to ban it – for some reason :-).

Back to top

Digital Certificates

Your website needs a Digital Certificate to make encryption work. Issued by a trusted authority, the certificate must be installed on your web server. The certificate provider verifies your website is owned by your company, and the certificate is proof that all was OK.

Once the certificate is installed, “HTTPS” will appear before your domain name in the address bar of each visitor’s web browser, and all communication will be encrypted. The S after HTTP stands for “Secure”.

When you look at a secure site, your browser will examine the certificate and establish that,

  1. a trusted party issued it
  2. it’s current and valid
  3. it’s related to the site you’re looking at (this is where Stuart’s phone software went wrong in the story above)

When it’s happy, your browser and the server will swap encryption keys, and you’ll be able to see the web page content. The keys are discarded at the end of your session.

There’s a complete explanation here that’s nicely written and easy to understand.

Back to top

In Conclusion

Encryption matters. All websites will be encrypted eventually. Steal a march on your competitors by encrypting yours now.

The time is right. The world moves on, the Internet world faster than most.

  • Our certificate cost over £100 a year ago and you can now get one free
  • Anti-virus software and web brosers are starting to identify non-secure sites, which they call “unsafe”

As the software evolves, some make mistakes, as Stuart discovered. Recent developments mean we can avoid this happening to your website.

In a later post, we’ll explain what we’re going to do about it, and how our plans will affect you.

How to Delete Many Files Selectively

Or, How to Save Loads of Time – a salutatory tale of back-ups, restores, and being cross with oneself for not reading instructions on the website carefully.

caution: be sure to read the last sectionBe careful if you try this. Before trying this, read the last section, even if you skip through the rest.

Why I Need to Delete Many Files

When you make websites, you amass a lot of files and you need to take care of them.

I have a new security system where I back-up all my websites – and everything else for that matter. It’s a 1TB Seagate Backup Plus external drive. It has its own back-up software, which works fine. However, I thought it wise to test file restore before needing it in anger.

There is no instruction book, but there’s help on their website, and 4MB of PDF user manual. Naturally I read it all 🙂

To test the restore mechanism (you should always test your back-ups – too late to find it isn’t working when you’ve lost your hard disc!) I decided to restore one file. That must be easy enough! I followed my nose and restored all the files on my C: drive except the selected one! Not only that, but I’d selected the “don’t overwrite” option, apparently, so every existing file was joined by its twin!

In a few moments, my file system had doubled in size, almost filled my disk, slowed down my computer, and I’d made myself very cross into the bargain!

OK, so that was just plain stupid. It was my fault entirely – should have read the instructions more carefully. Having written many pages of website, CMS and software help over the years,

  1. I know how difficult it is to be both terse and definitive, and
  2. I’m very familiar with the support desk acronym, RTFM: Read The … Manual!

Oh dear, now I’m now the on the receiving end, in a mess, what should I do about it?

example in windows explorer showing some files with the (2) suffixDeleting Many Files, Method 1

Now, luckily, the duplicate files are easy to spot. Each has the same filename as its twin, with “ (2)” appended before the period. Like this, right.

That’s easy enough to fix. Each time I open Windows Explorer I plan to delete the duplicate files manually, selecting them all with Ctrl-click and pressing the Del key.

More Reasons to Delete the Files

After a week or so using method 1, I’m not making much headway. Having deleted loads of files, the free disc space hasn’t increased very much. I can’t begin to guess how long it’s going ro take me to delete them all.

Then I open a picture using Picasa. Immediately, it starts indexing all the duplicate images – there must be 1,000’s of them! How on Earth am I going to get rid of all those?

This quickly became tedious, as you can imagine! So I need another method.

results searching for .txt in windows explorerDeleting Many Files, Method 2

If Windows is indexing your files, you can search for them using Explorer. Here we’re looking for files with a .txt extension in my Dropbox. Type a search term into the search box, top right in the Explorer window.  “*” means “anything”, so “*.txt” will list all files with a .txt extension. Not only that, but Explorer will list all the files matching the search term in this folder and all its sub-folders.

To delete them, use the mouse or press Ctrl-A to select them all, then press the Del key to remove them.

search results showing some files I do not want to deleteBut I only want to delete those with “ (2)” at the end of the filename, so, sadly, this won’t work for me. If I type “ (2)” into the search box, Explorer lists all the relevant files from all the sub-directories, but Explorer’s idea of what’s relevant is not the same as mine.

It lists every file with a 2 in the file name. I want to keep some of these. If I do it in My Documents, this method will delete files I may want to keep. It works the same with other search phrases, such as (2) or “(2)”.

This is because parentheses mean something to Windows Search: “Find everything inside the brackets.” Hence it lists all files whose file names contain 2.

How to Find File Names That Contain “(2)”

It suddenly occurs to me that (why didn’t I think of this earlier?), had I been using Microsoft’s original operating system, MS-DOS, I could have identified the duplicate files easily using a wildcard search. A search for *(2).* finds all files whose file name ends “(2)” with any file extension.

Now, Windows Search is very powerful. You can read all about it here. It even has a command that allows you to use these old search queries. To use the old syntax, begin your query with, tilde, “~”.

windows explorer identifies the correct files

So, all I need do is to press Ctrl-A, select all these files, and Del, delete them and move them to the Recycle bin. I test this in my Dropbox folder, which I can easily reinstate if doesn’t work.

Let’s try it in My Documents! It works.

More Files to Delete

Now the duplicates have gone from My Documents and from my Dropbox folder.

The Seagate system’s default setting seems only to backup and restore data files and images, not system files, .exe’s, .dll’s and other program files. There are many data files and images in the system directories, so I still have a lot of duplicates. Let’s run it on C:\ as well, to get rid of all the duplicates everywhere.

Conclusion, After Deleting Many Files and Saving 100’s of Man-hours

Even with all the testing, this process only took half an hour or so. I now have no files with (2) appended to the file name. It would have taken months to do it the manual way.

It also looks as though Picasa has lost the duplicates too. I checked several picture folders and they have all gone. In fact, Picasa tells me it’s “compacting its files to save space”, so it’s definitely noticed something going on!

I’m really pleased with the result!

Be Very Cautious When Deleting Files This Way!

caution! use with careDeleting one wrong file can be disastrous. Losing several, ten, one hundred, one thousand, when you don’t intend to, can be life-changing for your business, your marriage, your relationships…

  1. Always test your method on a directory (with sub-directories) that don’t matter: I tested this on a test folder, with test sub-folders, before doing it for real, then on my Dropbox folder, which can be recreated easily;
  2. Always back up your file system before you try anything like this, so you can recover your start position in case you make a mistake;
    Get expert help from someone like Nortech Computers.


Portishead Picture Quiz Results

Child having fun with Portishead Christmas Picture QuizThanks to All Who Entered the Picture Quiz

Well, thanks to everyone who entered our quiz. It appears that, for every entry we received, there was at least one who started it but didn’t finish. From the feed-back we received (so far) everyone seemed to have had a good time.

Sorry, you can’t do the quiz again. We might decide to rerun it :o)

Picture Quiz Winners

We enjoyed meeting up with our two winners. They are, in a way, opposites.

First Prize PresentationThe first belongs to one of Portishead’s oldest families. With 29 points out of a possible 32, the winner was David Gale, retired auto engineer who has lived in Portishead since he was one week old. He knew some of the answers and solved those he didn’t by cycling around. “The trickiest one was the Seafarer’s Sculpture,” he said, “but once I worked out the most Easterly stone, I knew te answer. A school friend of mine had worked there, all those years ago!”

David’s was also the first entry received, making it an even more formidable achievement. Since there was no under-18’s winner, he chose the cash prize rather than the champagne.

Second prize winnersSecond prize, for scoring 27 points, goes to Paul Black, a new resident. This was a team effort from Paul, his partner Lynda French, and their Golden Retriever, Oscar. Paul moved to Portishead in 2005. He is a Homeopath and Bowen Therapist, who works in Portishead and Weston-super-Mare, and Lynda is an Acupuncturist. Visit Total Health Homeopathy to find out more.

Paul and Lynda are keen cyclists, run with the Portishead Running Club, and Paul is treasurer of the Portishead Yacht & Sailing Club. He said, “Oscar really enjoyed exploring different places in Portishead to find the answers. So did we!”

Lin Lawrence was one whose entry never made it. She emailed, “Loved the quiz. Lovely to know more about the place we live. Think I go around with my eyes closed. We are going to take it with us on a Devon weekend with the gang; it will make for an interesting evening.”

How We Calculated the Results

Since the “Judges’ decision is final,” we created a Master Result. You could have seen it here at one time, by clicking a link, but we’ve removed it in case we run the quiz again.

Next, we compared every entry with the master and scored it this way:

  • Wrong scored zero;
  • 100% correct answer, 2;
  • Satisfactory answer, 1.

In the case of a tie, we would add a bonus point for answers that go the extra mile.

Beware of Emails Containing Links

An Email from Facebook – Not!

Yesterday I received this spam email, “Here’s some activity you may have missed on Facebook.”

Example of a suspicious email which should be reported to Facebook


It looks quite Kosher, but I always check mails that want me to click on a link to a website. Just as well! It wasn’t going to send me to Facebook al all, but to somewhere else entirely. Actually is the web site of a holiday villa, but not the page in question. A hacker has hijacked their site, or their DNS.

This happened to a small business in Portishead earlier this year. Read about it here.

Don’t Click a Link

CHECK BEFORE YOU CLICK – even if you recognise the sender. It may be too late afterwards. Remember, the better-known the sender, the more likely they are to be imitated.

  1. Check the From address, in this case it’s, Facebook [agroinfo@pub….rect] agroinfo? Isn’t that enough on its own?
  2. In Outlook, hover on a link to see the targetHover on the link, DON’T CLICK, and check the target web page address. In Outlook, example right, it appears in a small window, but Thunderbird displays it in the status bar at the bottom.
  3. Is the link plausible? In this case, NO – it’s nothing like Facebook!
  4. Still not sure? Check all the links. If they all go to the same web page then get suspicious.

When in doubt, leave it out.

What to do next

If you’re happy, click that link.

If you’re not, mark it as Junk or delete it NOW. If it’s from someone famous, as this one is, search for what to do. In this case, I searched for facebook notify suspicious email. I found this page on the Facebook site, which asked me to forward the mail to

So that’s what I did.

Another Example

Another example arrived today, apparently from Fedex. Read our post here.

Portishead Christmas Picture Quiz

Santa's hat, picture, question mark: Portishead Christmas Picture QuizAbout the Quiz

Have some local fun, out and about on the Internet!
Maybe even win a prize!

Sixteen photographs, all taken in Portishead, sit on a web page. All you have to do, is wander round the town with a print-out, smart-phone or tablet, and answer a question about each picture.

The main thing is to explore parts of the town that you maybe haven’t seen before. The quiz runs for the whole of December, so there’s plenty of time.

Couch potatoes may be able to get some of the answers on the Internet, but not all of them … we hope!


The idea came to us when my wife and I were looking out to sea from Battery Point. We overheard someone say, “D’you know, I’ve lived in Portishead for over two years and I never knew this place existed!”

Perhaps there are long-time residents like us who have never walked around the Marina, too.

So, we thought it might be nice to encourage new residents to look around the old parts of town, and old Possett people to pluck up the courage and enter the new.

Hope you like it.

Don’t Demand a Username

Why do websites ask for a username when you set up an account? And why don’t website forms make it obvious what’s wrong?

I was prompted to write this post after becoming quite cross, trying to register a new account with a well-known shower manufacturer. I need a spare part to stop my shower dripping.

They wanted me to enter a username, so I entered one and completed all the other form fields with an *. Then I got this error message.

Example form requiring a usernameI read down as far as “Problems were found…” and didn’t spot the little message below. “My problem,” you might say. But why not show the problem in red? I wouldn’t have missed it then!

As it was, I completed the form several times, adding one more field at a time trying to find which * (obligatory field indicator) was missing. And typing the password – twice – each time.

Then I thought, I’m using the Chrome browser, with third-party cookies turned off. Switched to IE, where I keep cookies turned on, and tried again. Same result. Read here about why cookies are important.

Finally I spotted the real error and changed the username.

Guess what! My second username was rejected, and my third. Then I chose a username “bbbbbbbbbbbb” and completed the purchase.


Everyone else uses your email address. Just think of the time you’d have saved me – and probably loads of other people, too. ‘Nuff said!

SEO Progress Report

SEO Progress Report

Well, it’s the beginning of September and we’ve moved from nowhere (i.e. not on the first 10 pages for our chosen keywords), to page 2 in less than a month.

bluetree s e o position chartWe’ve used SERPS position 100 to indicate that our site didn’t show up in the first 10 pages.

Position 1 is at the bottom, so the lower the better on the chart.

Note: we’re talking about “organic search,” the main results listing, not pay-per-click advertising.

How We Made Progress

This is all we did, really, to make this progress:

  1. For the last three or four months, we’ve been building content on our new website, not exposed to Google.
  2. We removed some irrelevant pages on a micro-site we’ve been hosting for a client.
  3. On 12 August, 2012, we submitted our website to Google.

That’s all. We did no page optimisation, no extra link-building. Nothing.

Why the Progress?

We’re testing our theories.

We believe Google wants to deliver the most relevant page in response to every search query. That’s the page the user thinks most relevant, not the one that a search engine optimisation team thinks.

There’s all sorts of SEO advice out there on the web, but we think we should listen to Google. They tell us to,

  • Make sure our websites are clean and tidy;
  • Follow the SEO Guidelines;
  • Deliver useful information;
  • Create good in-bound links with appropriate anchor text;
  • Make sure our pages load quickly;
  • Make a popular site…

And so it goes on. We’d normally address the first two points first, but thought it would be worth changing the sequence, to see what happens.

Well, quite a lot happened. We wouldn’t normally expect to leap up the scoreboard as fast as that. It confirms our theory that content counts for an awful lot, but there’s still some way to go.

In Our Next Report

Next we’re going to look at page load speed. Again, we wouldn’t usually address load speed now, but Google seems to be pushing it.

Website Malware Attack

What Happens in a Malware Attack

On Monday, I was looking for a local business which I know, so I searched for what they do. Does anybody use Yell or any more? They didn’t appear in my search results. So, thinking this might turn out to be an SEO sales opportunity;-) I searched for it by business name, specifically.

Bing's malware warning panel.

Bing’s Malware Warning

Bing listed them this time, but when I clicked the link to open their website, this note appeared next to the search results. Bing would not take me straight to their website.

Google, similarly, listed them but with this immediate and scary warning, “This site may harm your computer.” One click fewer than Bing, you notice.

If you go straight to an infected website, your browser will warn you very clearly not to open it, too. If you decide to visit, be prepared to get rid of some spam!

This is all very upsetting for web user and site owner alike.

Why Malware Attacks Happen

Hackers, the source of malware, seek out weak targets. Everyone is vulnerable.

Think of your website like your house: how do you reduce the risk of burglary? You make your house less attractive to burglars than those around it. You buy a house in an area with a low crime rate. You fit decent locks and security lights. You fence the garden, install robust, lockable gates, and plant thorny bushes in vulnerable places. And then you take out insurance so that, should the worst happen, you can replace what you’ve lost.

All these points have website equivalents:

  • Chose a secure web host, one with a good reputation, big enough to afford the serious cost of real security, small enough not to be a target;
  • Understand, implement and check your client and server firewalls and anti-virus systems; keep them up to date;
  • Cover web server gateways with strong passwords and change them regularly;
  • Make sure somebody with sufficient authority “owns” your domain name and those ISP passwords;
  • Validate carefully all data entry fields, blog comments, and anywhere someone else can data enter into your website, as this is where many hacks come from;
  • Keep your operating system, web server and database software up-to-date with the latest versions to cope with new threats;
  • Take regular back-ups – and test them – so you can get back up and running fast if disaster strikes.

And keep constantly vigilant: add regular website audits into your Business Continuity Plan.

Further Reading on Malware

Here’s some more information about malware attacks.