Jeff Duntemann's Contrapositive Diary Rotating Header Image

spam

The Domain Name Ambush

Apr 5th, 2018
by Jeff Duntemann.
7 comments

Yeah, I know: I been away a long time. Why is complex, but house issues, health, and a surprisingly difficult WIP (not to mention a Caribbean cruise) all conspired to eat March. I’ll have more to say about the health issues once there’s more to say about them. The house is coming along well, and although I’m not in truth feeling a whole lot better (hint: it’s an oxygen issue) some time is at least opening up, hence today’s big story.

I’m working quietly with a number of people on a joint project that I can’t talk about right now. However, I promised the group that I would contribute a domain for it. The project is not new, and my promise was made literally years ago. At the time, I looked at what we all considered the perfect domain–and someone else already owned it. No biggie; it happens all the time. The project itself has been on again and off again, but it seems to have gained a little momentum in recent weeks. Yesterday, almost three years later, I checked for that perfect domain…and it was available. So I grabbed it. I registered it precisely the same way I registered the last couple of domains I registered.

Now, apres domain, le deluge.

I’ve gotten at least thirty emails soliciting site design, logos, PHP programming, shopping carts, artwork, SEO, and other Web folderol. I’ve gotten nine calls to my mobile, same thing. And a text message.

This has never happened before, and I’ve been registering domains since 1995. I’m not sure what’s changed. However, I noticed after only a little inspection that most (and possibly all) of the solicitations are from India. (As with most spam, a lot of them are cagey about where they actually are.) Every single person who left voicemail sounded Indian, and several were quite honest about their locations.

So what’s going on here? Has the same thing happened to any of you? My first guess is that some sort of scraper service is offering lists of recent domain name registrants to Indian Web shops. Maybe the Indians have made Web dev a big priority in the three or four years since I last registered a domain. I don’t know. In truth, I don’t care that much, except perhaps for the calls to my mobile. That’s supposed to be illegal, but if they’re in India, it would be hard to sue them for breaking a US law.

As I said, the spam doesn’t bother me, and I don’t generally answer calls from numbers I don’t recognize. I suspect that after a few days, they’ll move on to more recent registrations and get out of my hair. We’ll see.

Now I have to get back to that Odd Lots I’ve owed you guys since February. Tomorrow fersure.

Spam Supposedly from Facebook Friends

Nov 21st, 2012
by Jeff Duntemann.
4 comments

As mysteries go this was small change, but I stumbled across its solution earlier today: spam nominally from Facebook friends. I’ve been getting a recognizable species of link spam every day or two for a couple of months now. The From: field always contains the name of someone I know. The From: email address, however, is unknown to me and does not belong to the person named. The Subject: field is short and nondescript, like “Hello”. The body of message is brief and follows this form:

super http://spammityspam.spam/goosebrow/53zappovat/

11/21/2012 10:33:27 AM

The From: email address is always a gobbledegook address from a big email service like Hotmail or AOL. There may be two or three words before the link, but no more than that. The link destination is different every time. I don’t know, don’t care, and don’t intend to find out what’s at the other end of the links.

I first assumed that someone I knew had gotten his or her address book hijacked by a trojan, which has long been a common practice when a machine is hacked. The interesting thing was that many of the people didn’t know one another at all. (I asked a few of them.) My next thought was that my own address book had been hijacked, except that two other people (out of eight or nine spams that I had tucked away to examine) were folks for whom I did not have and never had an email address. It took awhile for me to realize that the only common element was their presence in my Facebook friends list.

Bingo.

I sniffed around and found a nice description of the problem on CNET. In short, there was a Facebook vulnerability that allowed a scraper to lift the names (but not the email addresses, nor any private information) from my facebook friends list. Facebook has fixed the vulnerability, or claims to have fixed it. Facebook being Facebook, however, I’m sure there are plenty of others down there in the morass.

Given that over half of the posts in a recent sample of my friends feed today were idiotic or hate-filled images (many images consisting solely of words, which is idiocy cubed, and sometimes words too small to read, which is idiocy to the seventeenth power) I wonder sometimes why I bother.

Akismet

Dec 9th, 2010
by Jeff Duntemann.
10 comments

I didn’t get much comment spam the first year or so that the main Contra instance was on WordPress. (The LiveJournal instance is a mirror.) I moderate all comments from new commenters, and now that the daily comment spam rate has crept from three or four up past thirty or forty, I figured it was time to do something.

So yesterday morning I installed Akismet, a server-side comment-spam detection plug-in for WordPress that applies a Bayesian signature scheme to incoming comments, and bins the ones it considers spam. Installing it was effortless, and for personal blogs like mine it’s free. (For commercial entities the Akismet service is $60/year.) So far, in about thirty hours it’s identified 80 spammy comments, which remain in the bin so you can scan for false positives if you want. Everything Akismet has fingered so far has proven to be spam. However, I’ve gotten no genuine comments on my WordPress instance since installing it. If you posted (or tried and failed to post) a comment on my WordPress instance today or yesterday, let me know. If nothing is in fact interfering with legitimate comments, this thing is a godsend, and if I sound a little nervous, it’s only that it feels maybe a little too good to be true!

[UPDATE 12/10:] Well, four comments successfully posted, and nothing spammed that shouldn’t be (or not spammed that should have been) suggests that Akismet is a win and I should stop worrying.

Odd Lots

Sep 21st, 2010
by Jeff Duntemann.
3 comments
  • So far, two people have written to request that I post photos of my rash. Ummm, no. You’d barf. And most of us take far too many trips to Three Mile Island already these days, Web discussion being what it is.
  • And no, I’m not getting better. In fact, I may still be getting worse. But I do think it’s time to dump what’s in the Odd Lots file:
  • While I wait patiently for more sunspots (and thus better ionospheric conditions for long skip) scientists tell me that I may have to do without them for awhile. (This from a link in a post with more graphs and links at WUWT.) The last time I had a really good antenna during a really good solar maximum was 1980.
  • Intel is doing with its CPUs what IBM did with its mainframe processors in the 1960s: Disabling CPU features (in IBM’s case, it may have been as simple as inserting NOPs into the microcode) and then offering to turn them back on for a fee. (In this case, $50.) This is one of those things that sounds good on paper, but may not work well, and will certainly not make them any friends. (Odds on how long it takes the hardware hacker community to provide a crack?)
  • PVC pipe fittings are wonderful big-boy tinkertoys, and come in any color you want as long as it’s black or white. If you want to broaden your spectrum a little, here’s how to permanently stain white PVC pipe any color you want.
  • The battle between portrait mode and landscape mode in the online magazine world may come down to simple economics: It costs more to lay out (or somehow code up) a digital file that reads well both ways. Between the lines, however, I sense an attempt to twist Apple’s arm to cut their 33% cut of subscription revenue. Obnoxious question arises: How are iPad-targeted mags different from ambitious ad-supported bloggish Web-article sites like Wired, Slate, or Io9?
  • While driving to our HMO’s Urgent Care facility the other day, I counted three MMDs (Medical Marijuana Dispensaries) on the eight-mile trip. Which means that Colorado Springs has a marijuana store every 2.7 miles. I guess we’re not so conservative here after all.
  • One of the MMDs had a big banner across the storefront reading, “ICE CREAM!” Somehow I don’t think it’s French Vanilla.
  • Pertinent to both of the above: The kettle is trying hard to prevent legalization of…the pot.
  • It’s not the fat. It really is the fructose. (Thanks to David Stafford for the link.)
  • Last Tuesday night we spent a little dusk-and-evening time at Cottonwood Hot Springs in Buena Vista, Colorado, and I highly recommend it. Not as slick as Mt. Princeton Hot Springs, but for looking up at the stars while immersed in hot water, you can’t beat it. (They keep lighting around the springs pools to an absolute minimum. Walk carefully if you value your toes.)
  • Do you still smoke? If cancer doesn’t scare you enough, consider what it will do to your looks.
  • I moderate comments on Contra pretty harshly, but I have to say, a recent spam comment from an IP in Vietnam is a testament to something. Maybe automated translation: “The content on this publish is really a single of the top material that I’ve ever occur across. I love your article, I’ll appear back to verify for new posts.” Heh. No, you won’t.

Classmates: Hacked, or Poor Proctoring?

Jul 31st, 2010
by Jeff Duntemann.
1 comment

Quick update: Either Classmates.com was hacked, or nobody over there is paying the least attention to user activity. Textual obscenities and dirty pitchers abound; those with strong stomachs may see it for the time being here.

I’m divided as to whether I should alert them to it. There are 17,000 Lane alumni in the system online, and I can’t imagine that at least one of them hasn’t complained about it yet. (Lane is a big school, and has been around for a very long time.)

I’m definitely watching it, and am still interested in reports from people (especially from other schools) who have gotten forged emails from Classmates lately, containing obscenities or not.

Was Classmates.com Hacked?

Jul 31st, 2010
by Jeff Duntemann.
1 comment

Something very weird is going on here: I’ve gotten a scattering of emails in the last 18 hours from Classmates.com. Nothing new in that, except that these are obviously fakes, albeit very convincing fakes. The subject line for the first is:

“You are invited to the Naked Fest with Lane Technical High School.”

The From: field contains a multi-word obscenity that I won’t even try to repeat. (You know what dash characters look like.) The body of the message is pure Classmates, but in the Received: field in the headers is a bogus domain and an IP that doesn’t match classmates.com:

Received: from mta10.prod.iad1.cmates.com (va-in-svc-lb1-mip.iad1.cmates.com [10.12.208.10])

It’s not malware, came in with no attachments, and contains no scripting whatsoever.

One of my friends from Lane got the identical messages about the same time that I did. So: Did anyone else get anything like this? Or is it just the two of us who are being scammed? I don’t see anything about this online, which suggests that somebody is having some fun with him and me and not with Classmates.com as a whole.

Do let me know. Thanks!