Category: Life

New article at ThompsonWatch; the website I started up to track the danger to common sense that is Jack Thompson.

I also updated other facets of the site.

I just watched Tae Guk Gi… One of the few movies that ever made me cry. If you like Saving Private Ryan; only with a story – hell if you like any movie; you owe it to yourself to watch this. Rating: 9.8/10. This coming from a guy that gives movies on average 4/10.

The basic premise is that two brothers are unwillingly enlisted to fight in the Korean war. The movie follows their journey; and the decisions the older brother endures to make his younger sibling return home.

The cinematography is excellent; as are the special effects. And the plot… well… was enough to make me cry :p

The spam all links to the domain of:
http://t-e-x-a-s-poker.com

The site itself contains nothing on the outset – just baseless text. So who is texaspoker? Well that’s the fun bit. The WHOIS points to a registrar of “gandi.net”. Gandi.net has this to say on the domain:

domain: T-E-X-A-S-POKER.COM
owner-address: Djibuty Convega
owner-address: company
owner-address: 2003
owner-address: St John’s, English Harbour
owner-address: Antigua and Barbuda
owner-phone: +188.4306129
owner-fax: +188.4306129
owner-e-mail: brooksjohnson2004@yahoo.com
admin-c: DC1330-GANDI
tech-c: AR41-GANDI
bill-c: DC1330-GANDI
nserver: ns7.gandi.net 217.70.177.44
nserver: custom2.gandi.net 217.70.179.35
reg_created: 2005-07-07 10:44:32
expires: 2006-07-07 10:44:32
created: 2005-07-07 16:44:33
changed: 2005-08-12 09:39:33

person: Djibuty Convega
nic-hdl: DC1330-GANDI
address: company
address: 2003
address: St John’s, English Harbour
address: Antigua and Barbuda
phone: +188.4306129
fax: +188.4306129
e-mail: beth.ruble@gmail.com
lastupdated: 2005-07-07 16:46:33

person: GANDI Auto Register 4.1
nic-hdl: AR41-GANDI
address: GANDI
address: 38 rue Notre-Dame de Nazareth
address: F-75003
address: Paris
address: France
phone: N/A
e-mail: support@gandi.net

But will gandi.net do anything of this spamer? Well, not even worth a try according to its clause.

by doing a whois on any domain name found in the email, you see that the domain name is handled by Gandi: Gandi is an ICANN accredited Registrar, and as such registers domain names on behalf of its customer. Gandi provides no webhosting nor email accounts to its customer, only the registration of the domain name. The use of the domain name is only up to the person owning it, and/or its contacts (see whois to find the owner and the contacts of the domain name). We can not deactivate and even less delete a domain name just because it is used in a spam: we can not and do not want to act as a judge.

There are many other gems on the registrar’s site, such as tidbits which says that if you get Spam from them, its a demonstration that their mail relays works and its a good thing. Right.

Okay, lets revise how alog of spam harvesting gets done. Spam spiders crawl through the net, looking for a combination of “something@something.something”. Whether they crawl newsgroups; blogs; eBay; etc. – it all relies on the same principle of searching for the “*@*.*” string [* being wildcards].

So who is the genius that thought up that writing “person [at] ISP [dot] com” would be an effective antispam technique? Now that nearly everyone uses that, spambots simply have to add a new search pattern: “* [at] * [dot] *”. Suddenly, all these people that believed they were protected from penis-enhancing pill dealers and Nigerian scammers find themselves vulnerable again.

Just google the following for an example of what I mean:
http://www.google.com/searc…le+Search

I guess I’m being a little too hard. After all, if this idea hadn’t spread, it would of still been an efficient antispam technique. But I’m not so forgiving of the people who adopt this technique today, after everyone and their dog are using it.

This is not a good way to protect your inbox.

What do I suggest? Use variants of this overused original, or use different techniques altogether: obfuscated text with javascript; replace ASCII text with an equivalent unicode character; insert 0px wide gif in the middle of the text; make the email address an image with the text written on it [or even part]; use invisible characters in the middle of the address; etc…

This morning, I awoke to find that a spammer had sent no less than 10 spam-comments to my blog. These were created by 2 attacking IP addresses. Interestingly enough, alot of the attacker IPs have HTTP websites and FTP servers running.

The attacker IPs:
68.83.28.204 – pcp01453785pcs.blurdg01.pa.comcast.net
66.219.161.190 – jcarrell-ws-13.direct.neobright.net

The websites those resolve to:
http://downpour.mine.nu/
http://burrotech.net/ [Doesn’t resolve directly]

Are these people aware of what they’re doing? Hard to tell. The sites that these IP resolves to look pretty innate, hardly the work of some evil spammer. Both attack systems run different distros of Linux (one is CentOS, the other is Mandrake Linux); and both run Apache. Maybe this attack is being launched from a common infected PHP page. Or maybe both systems got compromised due to poor knowledge of linux security management. This second option is possible as these are both IPs appear to be those of home-servers, not professional solutions.

Suggestions? I’m going to try to email these blokes ASAP.

Update: I’ve succesfully contacted the second bloke. He apologised, and said he would fix the problem. I have been unsuccesful with the first person however – I can’t find his email anywhere. However, I did leave some comments at his blog, which should automatically send an email to his account.

Update: The second bloke has stopped, but I’m now at the 20th comment submitted by the %#@$#@ first person. It just won’t stop. I’ve been forced to blacklist a particular word that is common throughout all his posts. Anyone posting that word in a comment automatically has their comment deleted; and that said I’m pretty sure normal comments will never use this word, even when referring to spam. Contact me if you wish to know what it is.