about (AccessKey: a) earthchant (AccessKey: e) youth (AccessKey: y) contact (AccessKey: c) journal


an explanation and an apology: i'm really not a Viagra salesman

about two weeks ago i started getting really odd messages in my inbox. i knew something was going on but i couldn’t figure it out, and i contacted the company i was using as a mail provider and webhost.

 kkwpkwfg@parahuman.org
 Content-Type: multipart/mixed;
 boundary=“===============1593671021==”
 MIME-Version: 1.0
 Subject: 210a7d94
 To: kkwpkwfg@parahuman.org
 bcc: lIlIIlIl00lOI1II@aol.com
 From: kkwpkwfg@parahuman.org

 This is a multi-part message in MIME format.

 —===============1593671021==
 Content-Type: text/plain; charset=“us-ascii”
 MIME-Version: 1.0
 Content-Transfer-Encoding: 7bit

 xbkq
 —===============1593671021==—

after several days of getting pretty much nowhere with my the tech support at my webhost, Dixie Systems, my hosting service was abruptly cut off ~ no more email, no more website, no warning, nothing.

it turned out that an attacker had used a malicious bot and had taken over the letterbox ~ the form-to-mail text box on my contact page for anyone to quickly send me a message without switching to webmail or a mail program ~ and it sent a few thousand spam messages with it. Dixie had shut off my service because my website had become a kind of digital zombie called a "spam gateway," but unfortunately i had no way of knowing this because Dixie didn’t call or send me an email (well, if they did send an email there was no way i could retrieve it, since they shut off my service).

long story short, i don’t use Dixie anymore and i’ve also started moving my clients off of their servers.

i apologize if you tried to email me or visit the site during the switch and couldn’t, but even more, i sincerely apologize if you received any junk mail from this domain. i looked into this type of attack and learned that this is yet another battle ground in the arms race between spammers and everyone else.

i traced the attacker’s IP address, 203.199.196.53, to an ISP in India, contacted their customer and technical support (no reply yet) and blocked that entire IP range from connecting to this site. i did that by adding the following block of text to my website’s main .htaccess file:

order allow,deny
deny from 203.199.196.
allow from all

so the letterbox is back again, but i’m using a different script now instead of AnyMail. i really wish that i had heeded the warning of AnyMail’s creators, which says that it shouldn’t be considered secure. with this in mind, i’m doing what i can to spread the word about AnyMail, starting with getting together tomorrow with one of my friends (who has a website promoting his music) and help him find a replacement for AnyMail.

strangely enough, the malicious bots that the spammers are using are breaking the judicious rule, "never return to the the scene of the crime," which in this case means that the address for the AnyMail version of the letterbox is continuing to get traffic even though there was nothing there. in response to this, i quickly put a working script in its place that logs the bot’s IP address so i can contact the customer and technical support at the ISP that the spammer is using.

for good measure, i added the fake letterbox script to my robots.txt file so that any unscrupulous bot will be sure to find it. don’t go to it yourself, though ~ i’ll assume you’re a bot and contact your ISP with details of your visit!


0 Comments  |  leave a comment  |  email this entry

end of article (tailpiece)


about this entry

this journal entry, an explanation and an apology: i'm really not a Viagra salesman, was written on 05 October 2005. you can email this entry to yourself or a friend, or leave a comment to be shared below.

about the journal

does the world really need another weblog? i believe it does, and i explain some of my reasons why in the first entry, introducing the journal.
listed below are a handful of entries that have been read the most often. they offer a good sample of what the journal is about.
who's behind your website? 09 November 2005
why i don't do Gmail (for now) 06 April 2005
an alveary of holophrastic words 21 October 2005
la mira di Mira (the sight of Mira) 18 July 2005
10 things to do 15 July 2005

previous entries

switching to Opera and back again: the essential Firefox extensions and add-ons 20 September 2005
typographical mysteries: the tailpiece symbol 12 September 2005
an open letter to Michael Robertson: my negative experience with SIPphone 29 August 2005
Google behaving badly in the press 12 August 2005
la mira di Mira (the sight of Mira) 18 July 2005
10 things to do 15 July 2005
wait, is this blogging? 13 July 2005
changing Mac OS X's default keyboard layout in the login window 13 July 2005
more on Gmail and your privacy 24 June 2005
switching to Dvorak and relearning to type 22 June 2005

subscriptions

if you use instant messaging, you can sign up to automatically receive an IM when new journal entries become available. this service, provided by immedi.at, supports AIM/ICQ, MSN, Yahoo and Jabber.
subscriptions are also available as "feeds" in both Atom and RSS (Rich Site Summary) formats. if you use a subscription service or an "aggregator" (a news reader on your computer), you can easily add parahuman to your subscription list by selecting the icon of your service or aggregator at the Syndication Subscription Service.
as far as i'm concerned, RSS could stand for Rather Sophisticated Stuff. if you're wondering what "feeds" or "aggregators" or what any of these other terms mean, both FeedBurner and the BBC News have good explanations that i recommend reading.

monthly archives

 2005/03   2005/04   2005/06   2005/07   2005/08   2005/09   2005/10   2005/11   2006/06   2006/08 



Creative Commonsall text and music at parahuman is free to share under the Creative Commons License, some rights reserved.