spam

Bounty-hunting spammers

Dave Farquhar Spam , , ,

I missed posting a reference to the FTC bounty on spammers this week.

The FTC says a bounty is about the only thing that will work. In other news, the Pope is still Catholic.You can make spam illegal all you want, but the problem is tracking the people down. They’ve had years to practice concealing their origins. If you and I can’t track them down, then chances are law enforcement can’t track them down all that easily either.

Without inside information, you won’t track them down, at least not without going 1984 on everybody. And if there’s one thing that makes people scream louder than spam, it’s encroaching on their rights, whether those rights are perceived or real.

But the people with inside information don’t have much incentive to turn spammers in.

The question is where the funding comes from. Hopefully the fines levied against the lawbreakers will be enough to pay the whistleblowers. To me, it’s a very legitimate use of the money.

Of course, the direct marketing people are screaming and hollering that too much power is going to anti-spam groups. They would have less problem if they had taken a strong stand against spam in the first place.

I don’t think they’ll get much sympathy. At least I hope not. A few local business owners made headlines when they ignored Missouri’s Don’t-Call list and then were sued out of business. I didn’t have any sympathy for them. They knew the law was coming and what they had to do in order to comply. Besides, if I need my windshield fixed, do you think I’m going to wait for a telemarketer to call me in the middle of dinner?

Additionally, many of these spammers are breaking other laws as well. Since when is it legal to sell me Valium without a prescription? And if bigoea@yahoo.com is a licensed pharmacist, why is he resorting to spamming people at random to get customers? If you know of a pharmacy that’s hurting for business, I’d sure like to know about it because I’ll go there and so will everyone else I know who’s tired of waiting 30 minutes to get a prescription.

More than likely, the person hiding behind theat Yahoo address is either misrepresenting what he’s selling (fraud) or selling prescription drugs without a license (drug trafficking), and he may very well be guilty of breaking numerous other laws and needs to be put away anyway.

Tell me again why direct marketers haven’t done everything they possibly can to distance themselves from these people?

Giving the insider who turns the spammer in enough money to take a year (or five, depending on lifestyle) off work seems the best way to eliminate some of these lowlives who continue to clog our inboxes and our Internet connections.

VMWare is in Microsoft\’s sights

Dave Farquhar Servers and Networking , , , , ,

Microsoft has released its Virtual Server product, aimed at VMWare. Price is an aggressive $499.

I have mixed feelings about it.VMWare is expensive, with a list price of about 8 times as much. But I’m still not terribly impressed.

For one, with VMWware ESX Server, you get everything you need, including a host OS. With Microsoft Virtual Server, you have to provide Windows Server 2003. By the time you do that, Virtual Server is about half the price of VMWare.

I think you can make up the rest of that difference very quickly on TCO. VMWare’s professional server products run on a Linux base that requires about 256 MB of overhead. Ever seen Windows Server 2003 on 256 megs of RAM? The CPU overhead of the VMWare host is also very low. When you size a VMWare server, you can pretty much go on a 1:1 basis. Add up the CPU speed and memory of the servers you’re consolidating, buy a server that size, put VMWare on it, and then move your servers to it. They’ll perform as well, if not a little bit better since at peak times they can steal some resources from an idle server.

Knowing Microsoft, I’d want to give myself at least half gig of RAM and at least half a gigahertz of CPU time for system overhead, minimum. Twice that is probably more realistic.

Like it or not, Linux is a reality these days. Linux is an outstanding choice for a lot of infrastructure-type servers like DHCP, DNS, Web services, mail services, spam filtering, and others, even if you want to maintain a mixed Linux/Windows environment. While Linux will run on MS Virtual Server’s virtual hardware and it’s only a matter of time before adjustments are made to Linux to make it run even better, there’s no official support for it. So PHBs will be more comfortable running their Linux-based VMs under VMWare than under Virtual Server 2003. (There’s always User-Mode Linux for Linux virtual hosts, but that will certainly be an under-the-radar installation in a lot of shops.)

While there have been a number of vulnerabilities in VMWare’s Linux host this year, the number is still lower than Windows 2003. I’d rather take my virtual host server down once a quarter for patching than once a month.

I wouldn’t put either host OS on a public Internet address though. Either one needs to be protected behind a firewall, with its host IP address on a private network, to protect the host as much as possible. Remember, if the host is compromised, you stand to lose all of the servers on it.

The biggest place where Microsoft gives a price advantage is on the migration of existing servers. Microsoft’s migration tool is still in beta, but it’s free–at least for now. VMWare’s P2V Assistant costs a fortune. I was quoted $2,000 for the software and $8,000 for mandatory training, and that was to migrate 25 servers.

If your goal is to get those NT4 servers whose hardware is rapidly approaching the teenage years onto newer hardware with minimal disruption–every organization has those–then Virtual Server is a no-brainer. Buy a copy of Virtual Server and new, reliable server hardware, migrate those aging machines, and save a fortune on your maintenance contract.

I’m glad to see VMWare get some competition. I’ve found it to be a stable product once it’s set up, but the user interface leaves something to be desired. When I build or change a new virtual server, I find myself scratching my head whether certain options are under “Hardware” or under “Memory and Processors”. So it probably takes me twice as long to set up a virtual server as it ought to, but that’s still less time than it takes to spec and order a server, or, for that matter, to unbox a new physical server when it arrives.

On the other hand, I’ve seen what happens to Microsoft products once they feel like they have no real competition. Notice how quickly new, improved versions of Internet Explorer come out? And while Windows XP mostly works, when it fails, it usually fails spectacularly. And don’t even get me started on Office.

The pricing won’t stay the same either. While the price of hardware has come down, the price of Microsoft software hasn’t come down nearly as quickly, and in some cases has increased. That’s not because Microsoft is inherently ruthless or even evil (that’s another discussion), it’s because that’s what monopolies have to do to keep earnings at the level necessary to keep stockholders and the SEC happy. When you can’t grow your revenues by increasing your market share, you have to grow your revenues by raising prices. Watch Wal-Mart. Their behavior over the next couple of decades will closely monitor Microsoft’s. Since they have a bigger industry, they move more slowly. But that’s another discussion too.

The industry can’t afford to hand Microsoft another monopoly.

Some people will buy this product just because it’s from Microsoft. Others will buy it just because it’s cheaper. Since VMWare’s been around a good long while and is mature and stable and established as an industry standard, I hope that means it’ll stick around a while too, and come down in price.

But if you had told me 10 years ago that Novell Netware would have single-digit marketshare now, I wouldn’t have believed you. Then again, the market’s different in 2004 than it was in 1994.

I hope it’s different enough.

Outsource your home e-mail to keep viruses at bay

Dave Farquhar Viruses ,

I’m going to be spending most of Saturday patching servers at work, and Microsoft just kindly dropped four new patches I didn’t want in my Easter basket (so run Windows Update on your home PC if you haven’t recently), and that reminds me of something.

End users are notoriously bad about running Windows Update and updating their virus definitions, both of which really need to be done on a regular basis in these terrible times. Microsoft doesn’t seem to realize not everyone has broadband and this takes some time, but that’s the price of running Windows, I guess.

I have a suggestion for people who aren’t very technical.Those of you who are technical and provide help for friends and relatives, get your friends and relatives to quit using Outlook Express to read their ISP’s mail and move them to a webmail-based solution, such as Yahoo Mail. Yahoo’s spam filtering is pretty effective, and Yahoo keeps its virus definitions up to date. Since most viruses transmit through e-mail these days, this may provide adequate protection for most people. Yahoo limits the size of attachments you can send, so configure Outlook Express for sending large attachments using the ISP’s SMTP server, but change the return address to point at the Yahoo address. If the person is reluctant about changing e-mail addresses, call the ISP’s technical support line and see if the ISP will forward the account’s mail to the Yahoo account.

Those of you who aren’t technical, get someone to help you do this if it sounded like Swahili to you.

Hotmail works too, but when you register for Yahoo mail, you get access to Yahoo’s discussion groups too, and Yahoo has a discussion group/forum for just about everything imaginable. Way back in the dark ages before the Internet was in every household, the discussion groups were one of the major draws of online services like CompuServe, GEnie, and Delphi.

Google’s GMail will be better than Yahoo’s mail, allowing people to search on their inboxes, but it’s not ready for you and me yet. I still don’t understand the big to-do about Google targeting text sidebar advertising on your e-mail–they already do it when you search using their site. But that’s another discussion.

MyDoom/Novarg Gloom

Dave Farquhar Uncategorized, Viruses , , , , ,

Just in case anybody is curious, my employer’s virus scanners filtered roughly 3,000 copies of Novarg (a.k.a. My Doom) during working hours yesteray. If that’s not a record for us, it approaches it. I know we weren’t the only one.I’ve heard Novarg/MyDoom/My Doom called the fastest spreading virus yet. I don’t have statistics on prior viruses with me, but suffice it to say, its impact certainly felt similar to the big names from the past.

Although SCO would like people to believe it was written by a Linux zealot, I’m more inclined to believe it was created by organized crime. Maybe the creators hate SCO, or maybe the anti-SCO DDoS was just an added touch to throw investigators off.

LoveLetter was the first virus outbreak to really have much impact on my professional career, and I noticed something about it. Prior to LoveLetter, I never, ever got spam at work. Not once. After LoveLetter, I started getting lots of it. I don’t believe LoveLetter’s intent was to gather e-mail addresses for spammers, but I do believe that more than one spammer, probably independently, noticed that viruses were a very efficient way to gather a large number of e-mail addresses.

I got spam before LoveLetter, and I saw viruses before LoveLetter. But I started seeing a lot more of both very soon after LoveLetter.

I don’t buy any giant conspiracy to sell anti-virus software, nor do I buy any giant conspiracy against SCO. I do believe in bored people with nothing better to do than to write viruses, and I also believe in people who can profit off their side effects.

I’ve said it once and I’ll say it again. If you run Windows, you must run anti-virus software. You can download Grisoft AVG anti-virus software for free. Don’t open unexpected e-mail attachments, even from people you know. Even if it looks safe. Don’t send unexpected e-mail attachments either–you don’t want anyone to get the idea that’s normal. Quite frankly, in this day and age, there’s no reason to open any piece of e-mail that looks suspicious for any reason. I told someone yesterday that this is war. And I think that’s pretty accurate.

If you’re an intrepid pioneer, there’s something else you can do too, in order to be part of the solution. If you join the Linux revolution, you can pretty much consider that computer immune. Macintoshes are slightly less immune, but certainly much less vulnerable than Windows. Amiga… Well, I haven’t seen the words “Amiga” and “virus” in the same sentence since 1991 or 1992. But one thing is certain: a less homogenous field is less susceptible to things like this.

 

Status update

Dave Farquhar This weblog

I’d like to say I haven’t been posting because I’ve been busy migrating the website to new spamproof software. Actually I’ve been busy at work, and I’ve been holding back so Steve DeLassus won’t have ever-changing content to migrate.
Here’s what I can say: The new software is good. Very good. It’s faster than b2. When you post comments, you can title them. The search engine blows everything else I’ve seen out of the water. Not only is it fast, it also searches posts and comments separately, so when a thread veers off topic, it’ll still find it (and point you to the right place). You can limit your search to certain categories, and you can specify whether you want an exact phrase, all words, or any of the words. If you vaguely remember me saying something four years ago about optimizing config.sys in DOS, you’ll be able to find it pretty fast with this new stuff. A lot of blogs out there have tons of great information in them, but finding it can be difficult. I may not have quite as much great information, but what I do have will be easy to find, and I’m hoping that once you find something you like, finding more stuff like it will be easy as well.

Popularity is based solely and entirely on page reads. I think this is more scientific than the karma scores, and it may cause some old, forgotten stuff to be unearthed thanks to search engine traffic. We’ll see.

I’ll be able to close certain threads off to comments. I don’t know about anyone else, but I’m sick to death of the Mormon thread. My sanity needs that feature.

And finally, registration will be required to post comments. You create a user ID, you tell the system your e-mail address, and it e-mails you a password. I know this won’t be a universally popular decision. I see it as a necessary evil, to keep spambots away. It’ll also tend to discourage people who come here and snipe. The upside to that is the system doesn’t make e-mail addresses public. You can e-mail other users, but my system sends the mail, so you never see the person’s address. This may or may not be easy to disable, and I’m torn on whether it should or shouldn’t be.

Overall, I think it’s going to be a huge improvement over the status quo. The speed will be good, and the lack of spam will be good. And if I’m not having to deal with spam and abusive people, I’ll have more time to generate content–both from not having to go delete the stuff and chase people away and from a lower level of frustration. I think that’s a good thing.

It’s not quite ready yet. But I’m hoping to make the cutover sometime this weekend.

Using your logs to help track down spammers and trolls

Dave Farquhar net.culture , , , , , , ,

It seems like lately we’ve been talking more on this site about trolls and spam and other troublemakers than about anything else. I might as well document how I went about tracking down two recent incidents to see if they were related.
WordPress and b2 store the IP address the comment came from, as well as the comment and other information. The fastest way to get the IP address, assuming you haven’t already deleted the offensive comment(s), is to go straight to your SQL database.

mysql -p
[enter the root password] use b2database;
select * from b2comments where comment_post_id = 819;

Substitute the number of your post for 819, of course. The poster’s IP address is the sixth field.

If your blogging software records little other than the date and time of the message, you’ll have to rely on your Apache logs. On my server, the logs are at /var/log/apache, stored in files with names like access.log, access.log.1, and access.log.2.gz. They are archived weekly, with anything older than two weeks compressed using gzip.

All of b2’s comments are posted using a file called b2comments.post.php. So one command can turn up all the comments posted on my blog in the past week:

cat /var/log/apache/access.log | grep b2comments.post.php

You can narrow it down by piping it through grep a bit more. For instance, I knew the offending comment was posted on 10 November at 7:38 pm.

cat /var/log/apache/access.log | grep b2comments.post.php | grep 10/Nov/2003

Here’s one of my recent troublemakers:

24.26.166.154 – – [10/Nov/2003:19:38:28 -0600] “POST /b2comments.post.php HTTP/1.1” 302 5 “https://dfarq.homeip.net/index.php?p=819&c=1” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 Firebird/0.7”

This line reveals quite a bit: Besides his IP address, it also tells his operating system and web browser.

Armed with his IP address, you can hunt around and see what else your troublemaker’s been up to.

cat /var/log/apache/access.log | grep 24.26.166.154
zcat /var/log/apache.access.log.2.gz | grep 24.26.166.154

The earliest entry you can find for a particular IP address will tell where the person came from. In one recent case, the person started off with an MSN search looking for information about an exotic airplane. In another, it was a Google search looking for the words “Microsoft Works low memory.”

You can infer a few things from where a user originally came from and the operating system and web browser the person is using. Someone running the most recent Mozilla Firebird on Linux and searching with Google is likely a more sophisticated computer user than someone running a common version of Windows and the version of IE that was supplied with it and searching with MSN.

You can find out other things about individual IP addresses, aside from the clues in your logs. Visit ARIN to find out who owns the IP address. Most ARIN records include contact information, if you need to file a complaint.

Visit Geobytes.com IP Locator to map the IP address to a geographic region. I used the IP locator to determine that the guy looking for the airplane was in Brooklyn, and the Microsoft guy was in Minneapolis.

Also according to my Apache logs, the guy in Brooklyn was running IE 6 on Windows XP. The guy in Minneapolis was running Mozilla Firebird 0.7 on Linux. (Ironic, considering he was looking for Microsoft information.) It won’t hold up in a court of law, but the geographic distance and differing usage habits give at least some indication it’s two different people.

What to expect around here

Dave Farquhar General , , ,

I’m still not recovered, but I expect to be on my way. The doc put me on some prescription meds. Which reminds me: The mafia My health insurance company seems to have changed prescription providers YET AGAIN, and I missed my card in the mail. What is this, flavor-of-the-week?
It’s incredibly messed up when it’s easier to get your new license plates than it is to get a bottle of Amoxicillin.

So I’m torqued off right now.

As far as the recurring problems with spammy comments and trolls, I’m fed up with it. I appreciate the people like Dustin Cook and, yes, that arrogant French aristocrat, for telling the most recent one to shove off. But that’s not a permanent solution.

I’m looking at another piece of software that can be set to require commenters to be registered users–if you want to comment, you’ve got to give a username and password. I hate that. I really do. I don’t want people to have to go through the hassle. I don’t want people wondering what else will happen with their e-mail addresses, which I will require. (The answer is, nothing, because I hate spam more than I hate taxes, but the general public doesn’t know that.) Unfortunately, it seems to be the only way to reduce the trolls and stop the spam.

As far as Railroad Tycoon 3, due to my recent sickness I’ve only been able to play two short games. It’s not a radical departure from Railtycoon 2. The economics are a bit different (and far more realistic) and the graphics are a whole lot better, and overall the game is a lot more realistic now. I can safely say I recommend it. They set the requirements at 400 MHz, 128 MB of RAM, and a 16-meg AGP video card. I played on a 366 with 128 megs and a 16-meg Radeon 7000 video card. It was acceptable. You could probably get by with a 300 MHz machine with the same memory and video card, but there’ll be times when you’ll want more horsepower. 500-600 MHz would definitely be more comfortable.

Fighting spam two ways

Dave Farquhar Spam , ,

I read a statement in a very right-leaning publication not long ago that made me really mad. It made the statement that government regulation is never the solution to a problem, and the problem of spam should be dealt with through software, not legislation.
This is a statement from a very clueless knee-jerk conservative. Don’t get me wrong; I’m conservative too, but I have a brain and I’m going to use it, even when I’m not towing the party line. Software does absolutely nothing to solve the problem of spam taking up 50% of the SMTP traffic coming in through my employer’s T1 line. That problem probably isn’t big enough to cost anyone a job yet. But is spam costing some people their annual keep-up-with-inflation raises? I think it could be.

Missouri has an anti-spam law. I think that’s a very good thing. Spam that doesn’t have a subject line that begins with the four-letter string adv: is illegal in Missouri. Spam with adult content that doesn’t begin with the eight-character string adv:adlt is illegal in Missouri. There are a few other regulations as well. The punishment? A $5,000 fine per message, not to exceed $25,000 per day.

I hope that amount is high enough to fund a decent-sized army of spam hunters in Jefferson City.

So if you live in Missouri, or work in Missouri, or there’s a decent chance that your mail server is in Missouri, or you can get your mail server moved to Missouri, or can determine that your spam originated from Missouri (you must be really

The problem with spam is that it costs next to nothing to do it. But if a spammer gets five complaints a day from Missourians, that amounts to over $9 million a year. Even the Alan Ralskys of this world may have difficulty with that bill. Spam has made some people multi-millionaires, but it’s hard to imagine Ralsky being able to foot that bill.

There’s a precedent in Missouri. Missouri had a no-call list before the embattled federal no-call list came into existence. There was a body shop not far from me that was literally sued out of business due to this law. A couple of poor-little-small-business-being-picked-on-by-the-government stories predictably showed up in the local press, but I’m still trying to figure out why he was picked on. He broke the law and couldn’t afford the consequences.

And that’s what we need to do with spammers. I won’t shed a tear, but I might throw a party.

In the meantime while I wait for Jay Nixon to sue some spammers out of business, I need a technical solution. Mozilla provides a mail client with built-in Bayesian spam filtering. It works pretty well. But there are situations where you may be pretty much forced to use Outlook in an Exchange environment, or some other product that doesn’t have built-in spam filtering. For those situations there’s POPFile, and if you need POPFile to work with Outlook in Corporate Workgroup mode, there’s Outclass. They work pretty well once trained. I’ve been using Outclass and POPFile for a number of months, and since I get between 30-50 spam messages per day, intermixed with legit stuff (of which I get several hundred a day), it probably saves me an hour or two a day, even when it classifies stuff wrong. But the latest Outclass has whitelisting, which will help that. (For some reason earlier versions of Outclass always classified mail from my boss as spam. I whitelisted him after I upgraded.)

The ultimate solution is 50 different states with 50 incompatible sets of regulations (such as some states requiring the exact string “[adv]” and others requiring “adv:”), making it virtually impossible to comply and still make a profit. Those who do manage will be so small as to probably not be bothersome. I’m not so eager for the Feds to step in simply because then it would be easier to be universally legal.

Yes, I’m alive

Dave Farquhar General

I’ve been incredibly, incredibly busy. I’ve been working overtime, I’m still trying to work through my backlog of short consulting gigs, and I’ve been dealing with one of those with-friends-like-that-who-needs-enemies? problems, and, yes, a couple of sniper-type comments on the site this past month or so really torqued me off.
I really wish b2 or WordPress had a Slashdot-style comments system, where registration was required for comments, and users could vote up or down the karma of comments, so that snipers could be, basically, shouted down by the masses. I can insert some commentary from R. Collins Farquhar IV in some of those messages, but that requires energy too. Energy I just haven’t had recently.

I’ve got some spam-type stuff in the works, and I’ve been playing with a new MP3 jukebox system. If I don’t get it working, I’ll probably be back asking for help; if I do get it working, I’ll be back with a report.

Why is there a stigma about meeting people online?

Dave Farquhar net.culture , , , , ,

Steve DeLassus just made a funny observation to me. He said when he talks about me, sometimes people consider meeting and communicating with people online as somehow abnormal. And they tell him via e-mail.
My coworker, Murel, has told me several times that when he was my age, the last place he would want to say he met someone was in a bar. Without making any moral judgments, I would rate the likelihood of me meeting someone in a bar and finding the right stuff for a serious, long-term relationship as very low. There are numerous qualities and values on my must-have list that you’re just not very likely to find in that kind of environment. And most of the things on my can’t-stand list that are very easy to find there.

But what’s the stigma about meeting people online? Steve DeLassus and I met on a bulletin board back in 1989 or 1990. We both had Commodores and modems, and it was summertime and we had time on our hands. The closest thing we had to the Internet in our homes those days was CompuServe. People who didn’t want to pay for CompuServe dialed into BBSs instead. I have one other friend from that timeframe that I talk to at all, and that’s about once a year. But Steve’s been one of my best friends for a very long time.

I met Dan Bowman online. I fired off a rant to Jerry Pournelle about alternative operating systems, and–these were the days when one could post an e-mail address on a Web site without fear of having 250 spam messages in your inbox the next day–Dan replied to me. And we quickly found some common ground. Dan noticed that at the time I was working for a Lutheran organization, and his dad was Lutheran. The result was, once again, a lasting and very valuable friendship.

It’s true that online you can pretend to be othing that you’re not, but it’s hard. Eventually the truth comes out. Some people are fooled for a long time, but every relationship I’ve made online that later fell apart, whether it was of romantic nature or strictly friendship, had one thing in common: My initial impression of the person was slightly wrong.

Funny. When I think of relationships that started in the physical world that fell apart, the same thing is true.

Now, some people are better at talking and listening than they are at reading. As a journalist, I had to be able to look at available information and take educated guesses about what was missing. No, not so I could print those along with the facts, but so I could go and find the rest of the story. As a computer tech, I’m constantly faced with solving problems for which there is little information. I can tell a lot about a person by their writing style and by the questions they ask me. Talking on the phone and later meeting in person tells me some more, but for me, that’s the optimal order.

And it’s easier for me to open up in writing than it is to just talk. It’s easier for me to be real and transparent and honest with someone I barely know when I’m not watching their expression or hearing their voice. Once I’m comfortable with the person, we can talk, but it’s pretty obvious when I get into an uncomfortable situation, and my discomfort can tend to overshadow anything that I might say. Plus, in writing, it matters a lot less how long it takes me to find the right words to say what I’m thinking.

For someone who’s a better listener than reader, the optimal order may be different. That doesn’t make this new way of doing things any less valid.