Category: Life

Okay, lets revise how alog of spam harvesting gets done. Spam spiders crawl through the net, looking for a combination of “something@something.something”. Whether they crawl newsgroups; blogs; eBay; etc. – it all relies on the same principle of searching for the “*@*.*” string [* being wildcards].

So who is the genius that thought up that writing “person [at] ISP [dot] com” would be an effective antispam technique? Now that nearly everyone uses that, spambots simply have to add a new search pattern: “* [at] * [dot] *”. Suddenly, all these people that believed they were protected from penis-enhancing pill dealers and Nigerian scammers find themselves vulnerable again.

Just google the following for an example of what I mean:
http://www.google.com/searc…le+Search

I guess I’m being a little too hard. After all, if this idea hadn’t spread, it would of still been an efficient antispam technique. But I’m not so forgiving of the people who adopt this technique today, after everyone and their dog are using it.

This is not a good way to protect your inbox.

What do I suggest? Use variants of this overused original, or use different techniques altogether: obfuscated text with javascript; replace ASCII text with an equivalent unicode character; insert 0px wide gif in the middle of the text; make the email address an image with the text written on it [or even part]; use invisible characters in the middle of the address; etc…

This morning, I awoke to find that a spammer had sent no less than 10 spam-comments to my blog. These were created by 2 attacking IP addresses. Interestingly enough, alot of the attacker IPs have HTTP websites and FTP servers running.

The attacker IPs:
68.83.28.204 – pcp01453785pcs.blurdg01.pa.comcast.net
66.219.161.190 – jcarrell-ws-13.direct.neobright.net

The websites those resolve to:
http://downpour.mine.nu/
http://burrotech.net/ [Doesn’t resolve directly]

Are these people aware of what they’re doing? Hard to tell. The sites that these IP resolves to look pretty innate, hardly the work of some evil spammer. Both attack systems run different distros of Linux (one is CentOS, the other is Mandrake Linux); and both run Apache. Maybe this attack is being launched from a common infected PHP page. Or maybe both systems got compromised due to poor knowledge of linux security management. This second option is possible as these are both IPs appear to be those of home-servers, not professional solutions.

Suggestions? I’m going to try to email these blokes ASAP.

Update: I’ve succesfully contacted the second bloke. He apologised, and said he would fix the problem. I have been unsuccesful with the first person however – I can’t find his email anywhere. However, I did leave some comments at his blog, which should automatically send an email to his account.

Update: The second bloke has stopped, but I’m now at the 20th comment submitted by the %#@$#@ first person. It just won’t stop. I’ve been forced to blacklist a particular word that is common throughout all his posts. Anyone posting that word in a comment automatically has their comment deleted; and that said I’m pretty sure normal comments will never use this word, even when referring to spam. Contact me if you wish to know what it is.

Got the following in my mail today (yes, as one big image as well):

It seems like someone was able to create subdirectories on an open-source software site, to be used as a phishing haven. Upon clicking the link in the above picture (via an imagemap), a person is brought onto a clone of the Paypal site. I “logged in” with a non-existing email and password. I was then asked to fill in everything from my credit card info, to my banking information, address, and even my SIN number.

This is the second such Paypal-based phishing email I’ve received in as many months. Both were reported to Paypal.

Update: Paypal [the real one] wrote me back to inform that indeed what I received was a fraud, and blah blah blah…

GAHHH #$%#$%$# !!!!!

It’s been like this for days. At times, some sites absolutely refuse to resolve. You’re surfing, and suddenly… nothing. All the 5 sites you were simultaneously trying to load all give you DNS errors.

Then in games… BF2… Your connection suddenly drops after minutes of play. You go to go online to see if its a regular problem, but DNS errors on accessing Google.

The router (Linksys Wireless B) bears some of the blame. Resetting it fixes the problem… sometimes. But this is driving me NUTS!

Can you tell when I’m not working? I have a pretty irregular schedule, but judging by the graph below you might have a glimpse of which days I had off. It shows when I post entries here on this blog. The graph was made using OpenOffice.