Code your own textual navigation menu in Publisher

If you opt to not use the Publisher Navigation Bar Wizard for your web publications site menu then you are most likely planning to create a text box and type the name of the page in the text box and hyperlink the text and then repeat this process as needed.

Nothing wrong with that, but, it will result in Publisher generating a lot of html code in the html file it generates. A lot more code than if you just did the code yourself. Trust me.

With an HTML code fragment and some copy/paste skill it’s not at all hard to do and will even provide you some added flexibillity. By just doing a copy/paste of the code snippet below it will probably be faster as well.

Insert a code fragment on the page and place it where you want your menu and size the fragment to about the size you think the menu will take. In the fragment dialog paste the following code snippet:

<a href=””>Home</a> |
<a href=””>Lifestyles</a> |
<a href=””>Everyday Ideas</a> |
<a href=””>Relationships</a> |
<a href=””>Holidays</a> |
<a href=””>Fitness</a> |
<a href=””>So It Goes</a>

If you have more pages just copy/paste on another line, have less pages then delete a line. The pipe symbol is used as a visual break between menu items. It is not required but is recommended.

Obviously replace the domain name and page file name with your own after you paste this code snippet. And replace the link text, the link text is the text between the “>” and the “</a>”.

This example code snippet results in a horizontal menu for use across the top of a web page or the bottom.

To modify it for a vertical menu, typically placed on the left of a page, simply replace each pipe symbol with the code for a line break – <br>

Once you have your menu code fragment completed then you copy paste the fragment on your following web pages.

If you wanted the link to open in a separate browser window you can add the target attribute to the link. It would then look as such:

<a target=”_blank” href=””>Home</a> |

Using Tool Tips in Publisher Web Publications

Tool Tips – a Yellow box with descriptive text that displays when the cursor hovers over a hyperlink – are supported in the Internet Explorer browser. It is not natively supported in a Publisher web publication.

The actual Tool Tip is from the Title attribute of the link (href) tag. To use this in Publisher you have to code your own link with the HTML fragment dialog. Refer to my article “code your own textual menu” for help on coding your own link.

To use the ‘title’, the code looks like this:

<a title=”Find Daily Events” href=””>Holidays Page</a>

The text between the quotes in the title attribute is the text that will display in the tool tip in the output html file. You will modify that text accordingly as will you modify the page URL and link text.

Using a SWF file (Flash) in Publisher

The method to implement use of a Shockwave/Flash file in a Publisher web publication is the same as implementing any custom HTML and/or scripting to the page.

That being the use of a Publisher HTML Code Fragment object. The HTML Code Fragment object is located on the Publisher “Insert” menu. Once you select it on the menu you draw the object on the publication page just like you do a text box object. You should draw the object to the approximate size that the html will render in the browser for best results.

Once you add the fragment object to the page you insert the code snippet. You can either type the code directly in the fragment dialog box or you can paste code text into the dialog by using CTRL + V (paste command).

Code snippets cannot contain the <html> tag, nor the <body> tag.

To code a .swf file into the html requires the use of the <object> tag. Your flash design program should be able to output for you the code snippet you require. Then you can paste that code snippet into the fragment.

If you have to write the code yourself it should look similiar to the following example:

<object classid=”clsid:A27CDA3E-AE4D-13cf-97B8-4475535455500″ codebase=”,0,29,0″ width=”520″ height=”85″ hspace=”0″ vspace=”0″ align=”top”><param name=”movie” value=”/media.swf”><param name=”quality” value=”high”><param name=”wmode” value=”transparent”><embed src=”/media.swf” width=”520″ height=”85″ hspace=”0″ vspace=”0″ align=”top” quality=”high” pluginspage=”” type=”application/x-shockwave-flash”></embed></object>

You have to upload the swf file to the web server and know the files URL, either relative or absolute. Then make sure the URL matches the file path in your object tag code. In the above example the file is “media.swf” and the path is a relative URL. You may prefer to use an absolute URL (i.e.

When the web publication is published to the server the swf file will load. If it fails then verify the object tag code snippet accuracy and verify the file path/URL.

Redirect a page to another URL

When a web page is visited by the client browser it can redirect the visitor to another URL. A common use of this is when a site’s address has changed, a page can be left on the old address that redirects site visitors to the new address. When using a redirect it is recommended practice to include a brief notice on the page that informs the visitor they are going to be redirected.

Redirects are done using the meta tag, the syntax is –


Publisher does not provide support for using a redirect nor does it support accessing the HEAD section of a page (the location of the meta-tag) since it’s not an HTML editor. To add this tag to a Publisher made web page you will need to open the html file created by Publisher and type in the line as shown, inserting it into the head section. You open the html file in any HTML editor or any text editor, Notepad is perfect.

If your redirect page is to contain just the redirect it would be easier to just code the web page in your text editor rather then go thru Publisher. Any change you make directly to an html file that was created thru Publisher will be lost when you have Publisher rewrite the web when saving the Publisher web publication as a web site again. IT’S MY RECOMMENDATION THAT YOU DO NOT PERFORM SUCH MANUAL EDITS OF THE HTML CODE.

To use the above example you replace the sample URL with the one you desire. The number in CONTENT means seconds, as in the page will display for 5 seconds before redirecting. This is useful if you want to have a notice on the page telling the reader that they are going to be sent to another page. This number can be a number of your choice. Set it to zero for an instant and typically unseen redirect.

Keep in mind your site visitor may not appreciate an unseen redirect, it can seem sneaky.

This meta tag must be in the HEAD section of the html with other META type tags, for example:

<TITLE>My Web Page Title </TITLE>

As mentioned earlier, if you just need a page that does nothing more then a redirect then simply code the full html code of the web page rather then use Publisher. Simply open Notepad and copy/paste the code snippet above into the file and save the file with an htm extension.

Hyperlinks that open a new browser window

Launching a link in a new browser window is done by using the target attribute of the the link code. Publisher does not have any support for this. Meaning there is no way to code a target when making a hyperlink within Publisher.

The only way to use the target attribute is to code the hyperlink yourself and include it.

Use the Insert menu, HTML Code Fragment dialog to write and insert your own html code snippet.

The syntax is shown in the following examples. Insert and place html code fragments on the page in the location desired.

Simply copy/paste an example into the code fragment dialog. Then modify the link text to display what you want.

To open a new browser window for each and every target link:

<a target=”_blank” href=””>Link Text</a>

To re-use the same new browser window for each target link:

<a target=”_display” href=””>Link Text</a>

If you prefer to use an image in place of text as the hyperlink display then simply replace the link text with the image tag.

The image tag looks like this:

<IMG SRC=””/>


Replace underlined hyperlinks in your Publisher web with non underlined hyperlinks

Publisher does not support setting a hyperlink with out the standard hyperlink underlining.

However it only takes a small snippet of CSS code to accomplish this on a web page.

You can drop an HTML code fragment (Insert menu) anywhere on the page and in the code fragment dialog just paste the following code:


That’s it. I recommend sticking the code fragment up in the top right corner of the page and size it really small so it’s unobtrusive. It’s placement and size is not relevant to the layout of the web page.

In the publisher web publication the hyperlinked text will still display the underlining. The html file you get once you save as a web site will not display the underlining (assuming you copied the code correctly).

Oh but what if you want the underlining to return when the mouse cursor hovers over the link (known as mouse over).

That’s easy, simply add this line into the CSS style…

a:hover {text-decoration: underline;}

You can also use this if you want the link to change colors on the mouse over:

a:hover {color: #ffffff;}

This example sets it to white. Use a color picker utility to locate the code for your desired color.

This CSS code is specific to the page it is on so it effects all links on the page, and it must be inserted on each individual page where you desire this over-ride of the hyperlink appearance.

10-Minute Homepage Tune-Up by Dan Thies

Is your site’s home page search engine friendly? Think so, eh? The vast majority of websites, even those belonging to Fortune 500 companies, are far from optimized.

I use a simple four-step process to find the most common errors. Using this to do a quick tune-up on your homepage takes about 10 minutes, and it will pay off for years to come.

Step One: Identify Your Keywords

The first step, and often an overlooked one, is deciding which keywords and phrases you’re targeting with your home page. What you want to identify are the 4-7 top keywords or phrases that you will use on your homepage.

Step Two: Keyword Placement Review

Once you know which keywords you’re targeting, pick the most important 1 or 2 keywords or phrases, and make sure they’re loaded into the right places on the page.

– TITLE tag: keyword phrase/more keywords if possible

The optimal title tag starts with a keyword or keyword phrase, followed by a vertical bar (should be above the Enter key), then as many more keywords as you can work in. Limit your page titles to 5-8 words if you can. Make sure your page title still makes sense to someone who reads it, because search engines will display the title in your site’s listing.

– META Description & Keywords

Your top keyword or phrase should appear as early as possible in these tags – “Welcome to…” is not the right way to do it! Your Description still has to make sense, since many search engines will display it in your site’s listing.

– H1 or H2 Heading

The first text on your page should include your top 1 or 2 keywords or phrases wrapped inside of an H1 tag. In addition, I like to work my other keywords into H2 headings (2-3 of them) farther down the page.

– First Paragraph and Body Text

The first paragraph of text should include your top 1 or 2 keywords, as early as possible, preferable within the first few words. Additional keywords can be worked into the rest of the text, under the H2 heading where they appear.

– Hyperlinks

For best results, all of your top keywords should appear in hyperlinks on your home page, leading to internal pages on your site. If you use images for your navigation links, use the ALT property of those images to contain the appropriate keywords for that link.

– Closing Text & Site Map

If it makes sense to have your top 1-2 keywords appear again at the bottom of the page, use them again here, but don’t make nonsense out of your homepage over it. If you have a site map, put a text link to it at the bottom of your page.

– Page Size:

Your home page should be as small as possible. Move any Javascript or CSS you’re using into external files, and do what you can to move your important keyword content toward the top of the file. Using layers instead of tables for layout makes the latter task a lot easier.

Step Three: Check Your Links

It should go without saying, but you should check every link on your homepage to make sure it’s working and active.

Step Four: Validate Your HTML

Finally, run your homepage through an HTML validator. Invalid HTML can make it impossible for the search engines to read your page correctly. Here’s a link to an online validator you can use for free:

There you have it – ten minutes to a higher ranking homepage! I wish you success…

Dan Thies is the author of “Search Engine Fast Start,” a concise, step-by-step guide to search engine positioning for the beginner to intermediate level webmaster – available now at For the free weekly “Search Engine Optimization 2001” newsletter, send a blank email to

Defenses Against Hackers by Roy Troxel

We’re not talking about script-kiddies here. You know, the fourteen-year-old kids who can slip little programs into you server that leave obscene messages on your web site?

We’re talking about dedicated criminals, mean-spirited ex-employees, organized crime – these guys are going after the big enchilada. They want to take down defense systems, banks, brokerages, and corporations. These are the kind of guys that hacked Amazon and Microsoft.

They’re also the kind of characters that divert electronic funds transfers.

Or maybe they work on a smaller scale. Maybe they just go after small business. If they go after enough of them, then they make money. One thing they all have in common is patience.

In this article, I’ll try to explain briefly ( a few sentences) how various hacking methods work so that you can learn to recognize them. For the more technically-minded, I’ve included several web references that contain more detailed explanations. Please remember that the methods you use to locate hacking attempts on your system are similar or, in some cases, identical to the methods used by the hackers themselves. But that’s how you catch the crooks sometimes: determine what their methods are, and then proceed logically as they would, step-by-step.

Sources of Information:

So how do you defend yourself against such attacks as Denial of Service, spoofing, sniffing, and password theft. This article is intended as a guideline to several methods of protecting your servers. There are other more detailed sources, such as “Counter Hack”, an excellent manual on hacker defense strategies by Ed Skoudis, as well as the following websites:

I’ve tried to limit the site references to “safe” ones. There are numerous sites on the ‘net, set up by and for hackers. Professional security experts often visit these sites to download hacker software. Don’t do this unless you have taken a number of precautions. Many of these sites will record the IP addresses of all visitors, and these aren’t the kind of people who should have that kind of information! If you’re interested in investigating these sites, or even downloading their software to become familiar with hacking methods, set up a separate “lab” network and use a different ISP than you use for your professional network.

Let’s now discuss the number one defense against hackers:

Plug up Those Ports!
We all know what ports are, right? Those spaces in computer programs set aside for input and output of data. The operating systems Windows NT and 2000, for example, each have 65,535 ports. They are used by Windows to perform numerous tasks, most of them invisible to the user. Some of the ports however, are visible to the user, and are called “well-known” ports. For example, the default port for the HTTP protocol is 80. For example, if you’re running MS Internet Information Server as your web server (or, for that matter, Apache), then you will probably use port 80 for the input and output of data to your site.

Now, there’s nothing that says some hacker couldn’t use that same port for input and output of data, only in the hacker’s case, the data could be a virus or a Trojan Horse. (We’ll discuss the ways that this can be done later.) One defense against someone entering your server through port 80 is to run your web site from a port that is not “well-known”, like, say, port 5555. If you do this however you will have to notify your visitors to enter your site through that port. So the URL would look something like this:

Now suppose you aren’t running a site on your server; i.e., you’re just using it for a gateway. In that case, there’s no need to have either port 80 or the HTTP service running at all! So, just shut it off. The same goes for FTP, Telnet or any other service that you don’t really use.

Protect Passwords, Logs and Accounting Files

If hackers can reach the files and folders containing your users’ passwords they can be copied (by FTP or Telnet, for example) to the hacker’s PC and then decoded. A similar situation exists with accounting files in which file permissions are set (give name of file in UNIX and Windows), and logs which record the files that users access or services that the server runs. All of these tidbits are pieces of a puzzle to the hacker, enabling him to build a total picture of your network.

This defense here consists of initiating a strong password policy for your users and making sure, via memo or email, that users are aware of the dangers of password cracking and should follow the policy to the closest letter. The more sensitive the information the users work with, the more stringent the policy should be.

Hide the password database:

This is located in the \SYSTEM32\CONFIG directory of the Windows 2000 server. In UNIX or Linux it is in /etc/groups or /etc/passwd.

Conduct your own password – cracking tests with software like L0phtCrack. This can be purchased at the following site:

Other authentication methods, like voice recognition or security cards, can be used for highly confidential information. Or you can store your password files and logs on write-once CD-ROMs.
Make your important files difficult to find, using the .htaccess directory. (UNIX machines do not see files or directories preceded by a dot.) (Hiding files works both way, of course. Both the attackers and the attacked can hide files. If you think that hackers have left hidden files on your servers, use file-integrity checking software to locate hidden files.)

Windows’ checks and balances:

Like the US legal system, Windows NT/2000 security is based on a system of checks and balances. NTFS file properties, user properties and account properties can override each other, if not set properly. This can create confusion in the mind of the systems administrator: “Why am I denied access to this file, when I know it’s part of the Administrator group?”
Well, it’s because the file properties themselves are set to “Access Denied”, and that overrides everything else. “But how did THAT happen??” Well, someone hacked into your system and changed the permissions!

Conclusion: Permissions for Users and Permissions for Processes must both be monitored.

Beware of Denial of Service (DoS) attacks!

Denial of Service attacks have become very popular with hackers during the past few years. They’re relatively easy to perform, for one thing. The most basic kind of attack consists of repeatedly pinging a server’s IP address, until the server stops under the burden of having to reply to so many requests.

A more sophisticated form of this attack includes the creation of “zombies.” These are servers or workstations that have had special communications software installed on them, by stealth. The software enables the hacker to communicate with machine and order it to begin executing pings to a specific server.

Let’s suppose that the hacker has created a team of zombies by installing his communications software on eight servers, located on the internet. He now has eight servers at his command, and when he executes his order to each server to begin pinging, say, a server or servers on a large corporate network, you can bet that they will come down very swiftly! And, because the attacker has used servers randomly located on the ‘net, it will be difficult to find the perpetrator of this attack.

There are several lines of defense against DoS attacks, but they can be expensive. You can purchase wider bandwidth from your ISP. This can extend the length of time it takes for your server to crash during an attack. Or, you can sign up with multiple ISPs and create redundant paths to them from your server(s).

The second line of defense is simply to have a rapid incident response set up with your ISP. This way, you can notify your ISP immediately when any server slowdown or other intrusion is detected.

Copyright 2002 (c) Roy Troxel, All rights Reserved. Roy is webmaster of Cyber-Routes, an online newsletter for Internet professionals, specializing in issues about web design and web security. You can also receive Cyber-Routes weekly by email by subscribing from our home page at

Defenses Against Hackers – Part 2 by Roy Troxel

This is the second general article on hacking techniques which all webmasters and sys admin’s should recognize. Let’s look at a few more “classics”:

The Trojan Horse

The name of this technique comes from a Greek legend describing a covert operation in which an army of Greeks delivered the gift of a giant wooden horse to the citizens of Troy. The Trojans hauled the huge monument to a position inside their city walls. When night came, however, a platoon of soldiers exited from the wooden horse and went about their way plundering and slaughtering throughout the city.

Modern-day hackers perform similar ploys to get their insidious code for viruses and other hacking tools into the confines of your firewalls and servers. One method that works frequently is to have a user download an executable file that has been disguised as an update patch, new game, or animated graphic. When the user installs the program, he is also installing the hacker’s software. The hacker’s code is embedded in the program’s executable code.

Back Door Man

Very often, Trojan horses are used to install back door software. This software works on the same principle as popular communication software, like PCAnywhere. The basic code permits the user to take control of the monitor, keyboard and mouse services. The most popular of these underground programs is Back Orifice, which is free to download if you go to their site, as many hackers do. (If you’re interested in investigating these sites, or even downloading their software to become familiar with hacking methods, set up a separate “lab” network and use a different ISP than you use for your professional network.)

So how do you stop this action?

For one thing, back door programs can be detected by anti-virus software, so be sure to update your anti-virus on a regular basis.

Don’t download unknown programs from unknown vendors or from email messages.

Configure your browser not to allow Active-X programs to download. It’s very easy to add hacking modules to Active-X code.

If you’re a systems administrator, educate your users about the above methods for back door protection.

Attacking Web Sites and Web Applications

Web sites, especially those containing applications shared by several users on an intranet, or web sites with forms to fill out, or other data to be entered, can be vulnerable to hacking. If a visitor can enter the requested information, he can also learn how your web site collects data. Sometimes the web page information that appears in the URL bar (the information after the “?”) can reveal things about your software or server.

The solution? Don’t trust raw user input. Filter user input data. Numerical user input data should be only numbers, for example. All other characters should be filtered out.

Some General Defenses:

All of the hacking software mentioned above is extremely noisy, sending millions of packets to and from your server. This activity can be detected by IDS (Intrusion Detection System) software; at which point, the systems administrator can be warned by an email, pager or some other means. The IDS has a database of attacks signatures, which it matches with the packets it is receiving.

Never telnet to your firewall, routers, etc. This makes it easy for attackers to intercept your password.

Use switches instead of hubs to control flow of packets.

Use the latest patches provided by your OS vendor.

Copyright 2002 (c) Roy Troxel, All rights Reserved. Roy is webmaster of Cyber-Routes, an online newsletter for Internet professionals, specializing in issues about web design and web security.You can also receive Cyber-Routes weekly by email by subscribing from our home page at

How to Avoid Sloppy Web Site Copy by Herman Drost

If your web site visitor can’t find the information on your web site, within 10 seconds or less, you will lose them. Two of the largest factors that contribute to this, are the lack of clear purpose and poor layout of your web pages.

Let’s look at how you can resolve each of these issues.

Lack of clear purpose – the first page of your web site must have a clear title and description, which immediately states what your site is about. (if you need help to determine the purpose of web site, read: “How To Build A Web Site That Sells”:

You must include a clear benefit of your product or service in your description. For example if you are a web design company, your title may be “How to Build a Web Site That Sells”. Your description may be something like: “Let us save you precious time and hassles, by designing a professional web site that WILL sell your product or service”.

In this example, you have stated the clear purpose of your website (designing professional web sites that sell) and given your readers a clear benefit (saving time and hassles). The rest of your web page, should support the title and description of your web site. Continue to emphasize the benefits of your product to your visitors. You should conclude your copy with a call to action eg “click here to order”.

Layout of Your Copy – you may spend a lot of time and money, to attract visitors to your web site, but if you have a poorly designed web page, then visitors will become frustrated and leave.

1. Alignment – There are 3 kinds of alignment for your web page – left side, right side and centered. Choose one, then use it on the entire page or even throughout your other web pages.

Don’t try to mix alignments, because this will make your web page look unprofessional. One such example, is to align all the text on your page to the left. This will create a strong edge and make it easier for your visitors to navigate and read. Avoid bumping up your text to the navigation bar or graphics. Create an equal amount of space between all the elements on your page. If they are bunched up, it will create a cluttered appearance.

2. How To Use White Space – Visitors do not appreciate useless clutter and masses of content on Web Pages. Most users prefer a page with well distributed content resulting in less clutter.

Users quickly scan pages and the more that they must scan through, the more information they will miss. This does not mean you should not provide a lot of information. Just do not provide it all on one page. Each page should contain approximately 50 per cent less text than a printed version of the same information. If you have a lot of copy on your web site, try to have only 4-6 sentences per paragraph. Split the page up into different topics, with the subject title close to the accompanying text.

3. Repetition – each page of your web site should look like it belongs to the same web site, the same company and same concept. For example, navigation buttons, colors, style, illustrations, format, layout can all be part of the repetition that unifies the entire site.

4. Contrast – this is what draws you into the page and pulls you in. Pages that just have all text and no graphics, or vice versa and have no contrast can be very boring (unless it is an article or book). If elements on your page, such as type, rules, graphics, color, texture, are not the same, make them very different. Be aware of what you want the visitor to focus on. What will be the first thing that a person will be attracted to when that person first enters your site? If your site is not well organized, it will be difficult for your visitor to find what he is looking for.

5. Graphics – graphics should be used to illustrate the benefit of your product (this is why there is the popular saying, “a picture is worth a thousand words”). You should use them to enhance the experience of your visitor. If it does not have a clear purpose to be there (other than just to have a pretty picture on your site), don’t use it.

6. Spelling and Grammar – bad spelling and grammar can destroy the professional effect of your web site. Don’t just use the spell checker for correcting your copy. Read through it yourself several times or get a friend who is a proficient proof reader to check your work, before you launch your site for the world to see.

With a clear purpose and layout to your web pages, your visitors will easily find the information they are seeking, rather than your competitors. Doing this, will help to increase sales from your web site.

Herman Drost is a Certified Internet Webmaster (CIW) owner and author of Free Consultation for Site Design Hosting from $30/year Subscribe to the “Marketing Tips” newsletter for more original articles. mailto: