Note that the location of Clack changed. If you are using http://www.jethrotech.com/blogs/Clack/index.rdf or http://www.jethrotech.com/blogs/Clack/fullfeed.rdf, plese update your RSS reader's links to http://clack.jethrotech.com/index.rdf for the partial feed or http://clack.jethrotech.com/fullfeed.rdf for the full feed
I'm going to be relocating and working on Clack over the next few days. After the relocation, I will redirect the current URL (www.jethrotech.com/blogs/Clack/) to the new location and will post a note when that's complete.
Hang tight folks, it might be a bumpy ride!
Due to a spammer exploit being discovered in all Movable Type versions prior to 3.15, I have upgraded Clack to the latest version.
from MovableType.org
Version 3.15 fixes a vulnerability in the mail sending packages for all Movable Type versions which allows malicious users to send email through the application to any number of arbitrary users.All users should install this update.
If you already purchased Movable Type, or downloaded the free version, you’ll be able to download the new release for free from your Movable Type account.
For those users who don't want to do a full upgrade just yet, we are also making this fix available in the form of a plugin: zip (1K) or tar/gz (1K) archive. This plugin is compatible with all 3.x versions as well as v2.661 (and perhaps even older versions although they haven't been tested) and affords your installation the same exact protections as v3.15 provides.
After installing the newest version of Moveable Type and MT-Blacklist, I've turned comments back on. Note that it's possible that your comment may be moderated and may have to be approved by me before it's actually posted.
Well, due to the deluge of comment spam I've been fighting over the last few weeks, I broke down tonight and upgraded to MT 3.121. I think I've got everything important fixed and working, but there's still some missing stuff (like my book list on the right side).
I've turned ON comment approval, so if you make a comment, please know that I will have to approve it before it actually shows up on Clack.
If you notice any problems, please, let me know!
Due to the overwhelming number of comment spammers and the fact that I'm going to be away from my computer this weekend, I have disabled comments on Clack. Eventually, they will be re-enabled, but probably not until after I upgrade to a newer version of MT. Any attempt to read or post comments on an entry will result in a 404 error.
Update: I'm playing a sneaky game that I don't know will be effective against the comment spammers. For now, comments are turned back on.
Folks, I apologize for not posting over the last few days. My friend, Tropical Storm Frances, decided she would play games with my internet access, telephone, and TV cable services (all through Comcast). I've got some stuff saved up to post, so expect a small flurry of activity on Clack once Comcast gets me reconnected to the world
Alright, so it's been a week since I've posted anything. I spent last week in Pasadena, CA on work-related travel and most of those days were spent in almost constant meetings.
I pulled up the front page of clack today to trace down a comment, and low and behold, it was empty! Well, it wasn't empty, but there were no entries on it.
If you're running MT, the default behavior is to keep only the number of days' worth of posts on the front page that you specified when you set up your blog. Note this is number of actual days! This is not the number of days in the past that actually contain a post!
Here's how to "fix" that problem (from the help file of MT 2.661):
Number of days displayed The number of days displayed by default on your index templates. Note that you can override this behavior in your MTEntries tag; this is merely the default, used when you do not supply MTEntries with any attributes.For example, if you wish to display the last 15 entries that you have posted to your weblog, you could use the lastn attribute to MTEntries instead of relying on the default behavior:
< MTEntries lastn="15">
...
< /MTEntries>
Note that, if you choose 7 days, 7 days means the last 7 consecutive days, not necessarily the last 7 days on which you posted an entry. So if you have posted on just 3 of the last 7 days, only the posts from those 3 days will be listed on your main indexes.Note also that a ``day'' is defined as the time from 24 hours ago to now, where ``now'' is the time at which you are rebuilding your site. It does not mean from 12 AM to now on the current day. As an example, if you are including 1 day on your index and you posted an entry one day at 6 PM, that entry will show up on your index until the next day at 5:59 PM.
I've performed an upgrade on Clack from MT 2.64 to MT 2.661. If you see any problems, please contact me via a comment to one of the entries.
Things have been kinda crazy at work and at home lately, so I apologize for not blogging very much lately. Work doesn't show many signs of slowing down, though.
On the upside, I did my first successful test of the new MythTV machine last night. It'll be running on a 2.7GHz P4 with 512 MB of RAM and 80GB of hard drive space. Capture/playback card is a Hauppauge PVR-350. The distribution I used is something called KnoppMyth which is an all-in-one distribution based on Knoppix including all drivers and software needed to get MythTV up and running.
I'm primarily a SuSE Linux man, but all the documentation I read about MythTV basically said SuSE and MythTV are not for the faint of heart. Knoppix is a Debian based distribution, so, some things are different, but nothing too difficult.
I'm out in Pasadena, CA this week on business travel, so things around Clack may be a little slow. I'm going to try to keep up with my reading, posting and ranting, but the days tend to be long :-)
This entry on Richard's Computer Toaster gives some great links to Movable Type Templates.
I've added a few new sites to the BlogRoll over there on the right. The latest addition is "Trusting the Process or Confessions of a Patsy Cline fan"
I've been looking for some time for a grouping or aggregation of blogs of people in and around Atlanta. GeoURL is OK, but most of what it turns up are blogs hosted at deviantART, and aren't exactly what I'm looking for.
So, why am I mentioning this now?
Because Trusting is hosted on a site called atlblogs.com that provides free blogs to the Atlanta locals.
Will I move Clack to atlblogs? probably not. After all, I am a professional Geek, and I derive quite a bit of pleasure from the control I have over every aspect of Clack.
Am I excited that I can read other ATL blogs in one place? You bet your sweet bippy I am!
w_w_w.f*e,m/a_l/e/c/e/l/e/b/r/i/t/y/./n/e/t///n/o/n/n/u/d/e/
Kalsey Consulting Group has an article on why bloggers are wasting their time banning IP addresses...unfortunately, they don't offer a suggestion for solving the problem.
Many proposals for eliminating comment spam are focused on banning or throttling comments from the IP address of the spammer. This is fundamentally flawed because it assumes IP addresses are both unique and hard to come by.Banning an IP address can have severe consequences. Many ISPs (including AOL) and companies use a proxy server that makes it appear as if all users are coming from a single (or a handful) if IP addresses. By blocking an IP address, you might be preventing a substantial portion of AOL users from commenting. Depending on your point of view, eliminating AOL may not be a great loss; however the same thing would happen to millions of users behind other proxy servers.
The other problem is that IP addresses are very easy to get or fake for spammers who care about such things. There are hundreds of thousands of open proxies that will let anyone direct Web traffic through them. When I’m using an open proxy, my IP address is effectively masked. And I can use simple software to switch to a different open proxy (and thus a different IP address) every few minutes. So my spamming activity isn’t tied to a specific IP address.
[...]
hmph, the "city-in-france, hotel-heir".blog spot person has started a new one.
the following sites have been banned from clack:
"s_u_p_e_r_b_o_w_l-j_a_n_e_t-j_a_c_k_s_o_n.b_l_o_g_s_p_o_t.c_o_m"
"p_e_e_p_i_n_g.o_r_g"
the first links to the second where you can "buy" the video.
remember this entry on Jan 27 about referral spam?
Well, add another to the list:
w_w_w.c_l_a_r_k_0_4.c_o_m
from MT-Blacklist/Comment Spam Clearinghouse:
v1.63rc1 incorporates the MT 2.661 feature of comment throttling but also remains compatible with previous compatible versions of Movable Type. This means that you can upgrade MT-Blacklist even if you haven't upgraded to MT 2.661.Why is that important? Because I have made two badly needed additions to the de-spam functionality. Now, in addition to searching for blacklist matches and IP addresses, you can also search comments/trackbacks for an arbitrary text string or regular expression. This is useful not only for isolating hard-to-find spams or general comments you wish to delete without adding anything to the blacklist, but it is also great for testing out new regular expressions against your current comments or trackbacks for false positives.
Secondly, the de-spam search also includes a 'no filter' option so that you can display all of the last N comments or trackbacks regardless of matching. In light of the recent practice of crapflooding -- where there are not only no URLs or even words, but nothing but random strings included just simply to annoy the ever living crap out of MT users (why must people be assholes?) -- this functionality is essential and obviates the need to clean up via a MySQL interface (if you were even lucky enough to be running MySQL).
Update:Since a lot of people don't read the comments on blogs, Richard (Edifying Spectacle) gives us this link for additional reading:
BurningBird's Stepping Stones to a Safer Blog
You know the old saying “Everyday that passes causes me to add another name to the list of people that can kiss my ass?” Well, that’s kinda the way I feel about referal spam on Clack. More referring URLs banned:
w_w_w. v_a_n_i_l_l_a_i_c_e . n_e_t
w_w_w . v_i_s_i_t_c_e_l_e_b_r_i_t_i_e_s . c_o_m
the 1st one sells t-shirts according to a google search for the domain. I couldn’t access the domain, so I couldn’t verify. It is, however, interesting to note that the infamous blogspot.com referral spammer that I’ve talked about before links to the t-shirt place.
the 2nd one was referal spamming adverts for a certain hotel heiress’ porn tape....so....buh bye.
On a lighter note, on January 25, I received over 60 back-to-back comment spam attempts for a certain website that sells a magical pill to increase your “stamina.” They all came from IP address 62.213.67.122 which resolves to rusonyx.ru. A simple note to postmaster including the log files where MT-Blacklist denied the comment resulted in the following message:
Hello!Our user is notified, at repeated incidents, the contract
will be terminated with him.
So, reporting comment spams to the user’s ISP does bring about results sometimes. Thank you rusonyx.ru for your quick response in dealing with this situation!
so, now, I'm getting referral spammed by the RIAA and the CRIA? I certainly don't give a flying-mouse's ass if RIAA and CRIA scan every page on here, since there's no MP3's on Clack. But, I'm blocking referral spam from them. If they want to visit, go ahead. If they're sending referral URLs as they visit, to hell with them.
interesting to note that even though all referrals from p+a/r_i_s - h=i=l=t@o n - v i d e o . b l o g s_p o t . c o_m returns the spammer a 403 forbidden error, the spammer is continuing to try to use Clack to increase their search engine rankings.
It's also interesting to note that the same spammer has a new site (p a r(i s - h i l t o n - v i,d e o - t a p)e . b l o g s p o t . c o m) that is referral spamming as well. It's already been added to my .htaccess, how about yours?
Kalsey Consulting Group has a link to google's Usenet archive where spammers discuss the ins and outs of blog and guestbook spamming.
>It made more tha the AP wires as blog comment spam has risen through >the roof since I did those posts! It is working and I will keep fighting >google's artificially high page ranking of the blog companies they own! >ven if it means destroying blog and google credibility.Comment spam was already a major problem for Bloggers way before you
mentioned it here.Do you really believe you made so much of a difference to result in
news :-))It was obvious this would happen since the same occurred with
Guestbooks and anywhere else you can post a link for free.
The article being talked about is this one.
Further in the thread:
>You're becoming too ethical and >that is stopping you from doing better than you can.You assume too much, when it comes to making money I lower my ethics
considerably. What I don't have though is unlimited time and so I put
my time where I believe long term it will produce most rewards and
right now I don't see spamming blogs, guestbooks etc... giving long
term rewards.If your interested my time is currently going on site improvement to
increase traffic conversion, since with 5000 visitors a day I don't
need more traffic, I need more sales from this traffic.
OK, so it's fun for me to watch what search phrases are driving people to Clack. I don't know why; maybe it's the voyeuristic side of me. So, the exhibitionistic side of me wants to show these things to you, as well.
The top 11 search phrases for the first eight days of January, 2004 are (ordered by rank):
I find it interesting that five of the top 11 searches that hit Clack are looking for spongebob.
There were 28 visitors so far to Clack that were searching for some permutation of Clay Aiken ("clay aiken cats", "clay aiken triumph comic insult dog", "clay aiken address" (stalker, maybe?), "clack clay aiken", "clay aiken death" (that one worries me a little), etc.)
There's some funny ones in here too...
Now, I'm all for fetishes and I'm certainly not judging any of you. But, I'm also not claiming to understand it either. Remember this post about the Japanese site dedicated to recordings made of women farting? It's a much bigger fetish than I ever imagined!
Lots of people are hitting Clack searching for entries about spam, and even more are looking for pictures of Ewan McGregor's stuff. Several have hit Clack looking for "uranus", one hit while searching for "clack sex" (?!?!) and three have come to see me with a search phrase of "pooing" :-)
The following sites (the domains have been modified to keep them from being googlized) have been added to the block list due to referral spam:
www.dickgeph ardt2004. com
www.mp3 int. com
www.sharpton 2004. org
lin kz. com
www.dean for america. com
photos.star prose. com
pari s-hilt on-vi deo.blog spot. com
See this entry for more information on how to block them on your own blog.
Update: let me rephrase what I said above...HTTP referrals that are made to look like they are coming from the above sites have been blocked. HTTP Referrals made to look like they are coming from the above sites will generate a 403 Forbidden page.
well, banning the IP for the referral spammer's fake web site on blogspot.com didn't work. I'm not mentioning the name of the site here for the simple reason of I refuse to help increase this low-life scum's Google rankings. You can figure it out though, if you want to visit it (I can't understand why you'd want to do that, though)... hotel-chain-heir-video.domainmentionedabove.com
Anyway, back to the reason for this post. I think I've found a way to stop the referral spam....
An article over on spywareinfo.com gives a good explanation of what referral spam is, why they do it, and how to stop it.
Since I implemented DiveIntoMark's excellent htaccess rules for blocking spybots and unwanted robots, I added the following line to my .htaccess file:
RewriteCond %{HTTP_REFERER} ^http://referral.spammer.site.*$ [NC,OR]
replace referral.spammer.site with the correct domain.
Since DiveIntoMark's spybot blocker rewrite conditions already end with
RewriteRule .* - [F,L]
which tells apache to return a "Forbidden" page, that seems like a perfectly plausible and acceptable solution to me.
Now, we'll wait a few days and see if it works.
Here's the line in context:
RewriteCond %{HTTP_USER_AGENT} vayala [NC,OR] # dumb bot, doesn’t know how to follow links, generates lots of 404s
RewriteCond %{HTTP_REFERER} ^http://referral.spammer.site.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} zeus [NC]
RewriteRule .* - [F,L]
OK, those of you who visit my page through the web and not through an RSS aggregator will notice that I've reset the spam counter. From 11/25/2003 until 01/01/2004, I received over 2500 spam emails. Let's watch it through the year of 2004 and see if CAN-SPAM had any affect at all.
My money's on "NO, it solved nothing; actually, it made it worse."
Let me publicly express my gratitude to Richard over at Edifying Spectacle for some much needed directions on my robots.txt file and for pointing me to DiveIntoMark's excellent link on how to stop spambots, spybots, and unwanted robots from stealing ridiculous amounts of bandwidth.
robots.txt has been modified, and I'm investigating and studying the .htaccess mods that Mark suggests.
UPDATE: I'd also like to thank Mizzouguy for his sharing of his .htaccess files and offers for detailed explanations.
Thanks guys!
An update on my comment spammer, the latest round:
After reporting each abuse attempt on my blog to the comment spammer's ISP, I received the following email this morning from optusnet.com.au's support department:
Dear Jeff,Thank you for your email.
Can you please confirm your GMT offset, so we are able to trace the source of this incident?
Kind Regards,
OptusNet Abuse Team
abuse@optusnet.com.au
http://www.optusnet.com.au
Telephone: 1300 301 325
Fax: 1800 501 491
So, maybe, just maybe, we'll have one less comment spammer to worry about for a while.
Sent the following note to blogger.com's admins a couple of days ago complaining about the amount of "referral spamming" that's being done by one site hosted there. I'll not mention the name here in order to deprive them the satisfaction of having their site show up (but it has something to do with a particular hotel chain heir).
on hundreds of occasions during the past month, I have been referral spammed by [insert-name-here].blogspot.com. This is blatant abuse intended to only increase their search engine ratings. daypop has already banned the site due to their referral spamming. I have denied all requests from [insert-name-here].blogspot.com (resolves to [insert IP here]) to my blog.My blog (clack.jethrotech.com) does not show up on
[insert-name-here].blogspot.com so the referral traffic is bogus. I have
been having a conversation with other bloggers the past couple of days
that have faced the same issue from [insert-name-here].blogspot.com.Here's an entry from my apache log file:
Host: [insert-ip-here] Url: /blogs/Clack/ Http Code : 200
Date: Dec 28 15:44:50 Http Version: HTTP/1.0" Size in Bytes: 52375
Referer: http://[insert-name-here].blogspot.com/ Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0)Help stop this form of spam.
and, not surprisingly, I received the following reply this morning (which, by the way, addresses absolutely nothing in my original email to blogger support):
Hello,Thank you for your note. Blogger is a provider of content creation tools,
not a mediator of that content. We allow our users to create blogs, but we
don't make any claims about the content of these pages. In cases where a
contact email address is listed on the page, we recommend working directly
with the author to have this information removed or changed.-Blogger Support
once again, the same comment spammer attempts to strike, and I strike back:
Having previously reported this person to you and having received no response from the abuse department, I will continue to report this abuser of my personal property until a resoluation is reached.There were four more attempts at posting blatant advertising on my blog (see below). All IPs resolve back to optusnet.com.au.
Please help stop this form of internet abuse by disciplining this customer.
Jeff
2003.12.24 17:32:42 203.164.92.74 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}
2003.12.25 03:13:51 203.164.92.74 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}
2003.12.25 03:13:56 203.164.92.74 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}
2003.12.26 18:41:16 203.164.91.247 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}
I will report comment spam attempts to your ISP. I am committed, as are others to having your accounts shut down and watching your so-called "business" trickle into nothingness as you continue to abuse other people's private properties (namely, my email boxes and my blog).
There were two more attempts to post a comment on Clack yesterday spamvertising v1@gra (bringing the total to three by the same person). I sent the following email to the comment spammer's ISP this morning:
all times are GMT: 2003.12.21 08:14:37 203.164.91.94 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}2003.12.23 02:56:49 203.164.92.12 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}
2003.12.23 06:31:35 203.164.91.247 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}
all three IP addresses point back to your network:
Name: parax23-a094.dialup.optusnet.com.au
Address: 203.164.91.94Name: parax23-b012.dialup.optusnet.com.au
Address: 203.164.92.12Name: parax23-a247.dialup.optusnet.com.au
Address: 203.164.91.247while MT-blacklist is denying the comment spammer their attempt to post on my blog's comments, I am commited to reporting this blatant attempted abuse of my personal property.
Please deal with this abuser appropriately and give me the courtesy of a reply the problem has been dealt with.
Thank you
Jeff
well, it seems that mt-blacklist is doing its job. Clack got it's first comment spam attempt yesterday (my little baby is growing up...sniff). Here's the entry from the access log:
2003.12.21 08:14:37 203.164.91.94 MT-Blacklist comment denial on Clack: (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}
notice the word "denial".....(in my best evil laugh)....ha ha ha ha ha...
there will be no spamvertising on this blog!
over on the right side, down at the bottom, just between the Creative Commons license and the Powered By Moveable Type banners, you'll see my booklist.
I dug through the mt-plugins.org site and found the two plugins that were required to make it work. They are:
1) MTAmazon
2) BookQueue
NOTE! if you want to install these in your MT blog, follow the instructions very carefully! You may need to install XML::Simple if your hosting provider doesn't provide it (you did install MT with libraries, didn't you?). You'll also need an Amazon Developer ID.
After getting everything installed and working, you'll need to make modifications to your Main Index template. Sample modifications are included with the README for BookQueue.