There Is No Cat

Hollering into the void since 2002

Tuesday, June 20, 2006

Spammers 1, Ralph 1

The good news: changing the names of the fields in my comment forms appears to have stopped the comment spammers cold, at least for now. Yay me. I'll have to keep monitoring things closely to see if that continues to be the case, which I would interpret as meaning that the spammer's program is parsing for common strings and adjusting accordingly, or if the spam returns at some point, which I would interpret as meaning that they visit sites, configure their control program to use the field names currently in use, and order the zombies under their control to attack using those field names. If it's the former, then I can leave the names as is; if it's the latter, maybe I'll come up with a way to automagically change the names every week or every month or at some other appropriate interval. In the meantime, I've added a new feature to my commenting system that cuts down the chewing up of my bandwidth by redirecting hits that attempt to use the old field names to POST something to a page to http://localhost/....

The bad news: shutting down some of the e-mail addresses receiving the most abuse didn't reduce CPU usage enough. My hosting company shut down my procmail script because it was consuming too many resources. So I've had to abandon the spam filter I've been using for the past ten years, Spambouncer by Catherine Hampton. I started using it when Catherine and I were both hosted by Best Internet, long since swallowed up by Verio, which was then eaten by Japanese legacy monopoly telecom company NTT. My current hosting provider, Pair.com, offer Spam Assassin by default. I haven't been happy with it when I've tried it in the past, but I guess I'll have to use it now. One interesting thing they do is greylisting, in which the SMTP server refuses to accept the first attempt to send certain e-mails. Legitimate e-mail will retry, and at that point, the mail will be accepted (at which point Spam Assassin takes over). Most spammers' MTAs don't bother to resend. Hence, a reduction in spam. So far, I'm not all that impressed; spam that my previous solution would have certainly caught is getting through, although not at a rate that normal people would find all that bad (I don't know how my mom or my wife can stand to deal with the amount of spam they get....) I've done some configuration to make sure my important mailing lists and such get through with no problem, but I'm still getting used to the system. I haven't been able to figure out how to get Spam Assassin to give me the kind of logging that I used to get from Spambouncer so that I can judge how well a job Spam Assassin is doing. Maybe once I get enough spam to train Spam Assassin's Bayesian filtering, it will work better.

As I mentioned before, if you have problems with comments (or in sending me e-mail), try contacting me through my web form.

Posted at 9:57 PM
Link to this entry || No comments (yet) || Trackbacks (0)

Monday, June 19, 2006

Taking a dump on the commons

At the moment, my comment spam filters here on There Is No Cat seem to be catching 100% of the attempts. Over the past two days, that's about 230 attempts per day that aren't making it through my system. But the current system is one that requires constant vigilance, and I'm getting tired of it. I'm trying to figure out how this particular spammer's system works; I suspect that maybe it looks for certain parameters in comment fields. So I've replaced the name and id parameters of fields that users can enter to values that are unlikely to be easily associated with a particular type of field; that is to say, the e-mail field is no longer called "email", and so on. If this spammer is parsing my comment field based on common values for the name parameter, it should no longer work, and I can relax for a little while (at least until they catch up).

If you find you have a problem submitting a comment, please contact me with my e-mail form; I've tried to test the system, but I may have broken something.

In the meantime, I'll be exploring ways to improve my e-mail spam filters. My hosting provider contacted me this weekend with the bad news that my brandi.org domain was attacked with so many spams on Saturday that at one point, there were more than 100 copies of procmail running, dragging down the performance for the server not just for me but for the other uses as well. That's not good. I use procmail to do my spam filtering. Unfortunately, I've taken advantage of the fact that pretty much everything other than a few otherwise-defined addresses shows up in my mailbox to give out a different e-mail address to every web site that asks for one; that way, when spam starts showing up in my mailbox, I can see who it's addressed to and, if possible, shut down that address. It's bad enough when an address I left on a blog at some point is discovered, but it's kind of scary to realize that, for example, the address I used for the brokerage that holds one of my 401(k) accounts (and which I have never ever ever posted online anywhere) has been snarfed by spammers too. If I have to shut down everything except the main, defined addresses, this tactic isn't going to work any more.

I have to deal with this sort of thing offline, too. Local teenagers love to use our wooded lot as their personal dumping ground. I regularly have to clean up their messes of beer cans and empty liquor bottles (and boy, do I wish New Jersey had a bottle law so I could at least make some money getting deposits back on these presents). Today I had the lovely gift of God-only-knows-what in a black garbage bag; I didn't look too close, but in the 90 degree heat, the stench was awful as I dragged it from the end of the property to our garbage can.

If it comes down to it, I'll have to bite the bullet and shut down the e-mail addresses and comments here on the blog (and maybe the entire blog altogether). I've already shut down trackbacks a few weeks ago. This is the sort of thing that drove me away from Usenet in the mid-90s, the increasingly aggressive tactics of spammers. I have a pretty low tolerance for this crap. At some point, it's just not worth the effort to stay a step ahead of them.

Posted at 12:26 AM
Link to this entry || 3 comments || Trackbacks (0)

Tuesday, June 6, 2006

The word "gullible" isn't in the dictionary

David Weinberger links to McDonald's Interactive, which claims to be an interactive division of McDonald's that is breaking away from their corporate father because of a corporate computer simulation that showed that the company's current course contributes to global warming and catastrophe.

I'ma suspish.

So I looked up the McDonald's Interactive web site in whois. The administrative contact is shown as Marc Cohen, address 1 Kroc Drive, Oak Brook, Illinois. Sounds legitimate. "Cohen's" e-mail address, however, is given as info@mcvideogame.com, and the technical contacts are at Aruba.it. Why would McDonald's host something in Italy?

Looking up mcvideogame.com in whois shows similar technical contact information, but the administrative contact is one Luca Nasi in Milano, Italy. Visiting the mcvideogame.com site reveals a take on corporate icon Ronald McDonald that a corporation like McDonald's would never countenance with such a valuable trademark. The Press section of that site gives the rest of the story away with links to stories about "La Molleindustria, developers of 'political games against the dictatorship of entertainment,'" as one of the stories puts it.

Clever. Deceptive, but clever.

Posted at 1:02 PM
Link to this entry || 4 comments || Trackbacks (0)

This site is copyright © 2002-2024, Ralph Brandi. (E-mail address removed due to virus proliferation.)

What do you mean there is no cat?

"You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat."

- Albert Einstein, explaining radio


There used to be a cat

[ photo of Mischief, a black and white cat ]

Mischief, 1988 - December 20, 2003

[ photo of Sylvester, a black and white cat ]

Sylvester (the Dorito Fiend), who died at Thanksgiving, 2000.


Stylesheets


This site is powered by Missouri. Show me!

Valid XHTML 1.0!

Valid CSS!

XML RSS feed

Read Me via Atom

new host

Me!

Home Page
Resume
Married
Photographs
Flickr Photostream
Instagram Archive
Twitter Archive

last.fm

There Is No Cat is a photo Ralph Brandi joint.


Archives

Search



Family Blogs

Geneablogy
Jersey Girl Dance
Awakening
DullBlog
Mime Is Money

Blogs I Read

2020 Hindsight
AccordionGuy
Adactio
Allied
Apartment Therapy
Assorted Nonsense
Backup Brain
Burningbird
Chocolate and Vodka
Creative Tech Writer
Critical Distance
Daily Kos
Dan Misener likes the radio
Daring Fireball
Design Your Life
design*sponge
Doc Searls
Edith Frost
Elegant Hack
Emergency Weblog
Empty Bottle
Five Acres with a View
Flashes of Panic
Future of Radio
Groundhog Day
Hello Mary Lu
iheni
Inessential
Interllectual
Jeffrey Zeldman Presents
Jersey Beat
John Gushue ... Dot Dot Dot
john peel every day
JOHO The Blog
Kathryn Cramer
Kimberly Blessing
La Emisora de la Revolucion
Lacunae
Loobylu
mamamusings
Medley
mr. nice guy
MyDD
Orcinus
oz: the blog of glenda sims
Pinkie Style
Pinkie Style Photos
Pop Culture Junk Mail
Seaweed Chronicles
Shortwave Music
Slipstream
Talking Points Memo
The Unheard Word
Tom Sundstrom - trsc.com
Typographica
Unadorned
Vantan.org
WFMU's Beware of the Blog