spambots were pwned

Today my blog “suffered” a flood from spambots trying to post ads…but unluckilly to them…NO posts were “allowed” in due to the new patches. There were 81 unique attempts to post a comment.

Better luck next time boys!

Today my best friends’ gf got her university degree…We are going out tonight to celebrate…I wonder when I’ll get mine…I hope I’ll have mine by Feb 2006 or sooner. We shall see! For the time being I have to study for my exams starting on December 1st. Wish me luck…

being forgetfull…

Yesterday I updated php to one of my machines to enable freetype and GD support. On that system I also had IMP webmail. I had forgotten the exact flags I used when I compiled the older php version I had at that machine, so the webmail did not work with the new version. After some googling for the error msgs I got, I found out I needed to add –with-imap and –with-imap-ssl flags to the configure script. I run the script but it couldn’t find the imap libs…I was sure I had them someplace…but where ? I found out where my imap sources were and recompiled imap. Then added some dirs after the flags

–with-imap=/koko/lala/imap-2002e
–with-imap-ssl=/koko/lala/ssl

And recompiled php…restarted apache and expected the webmail to work. Nope…it didn’t.
I opened up the servers.php file of the imp configuration, read the comments once more and changed the server type. It needed a /novalidate option because my certificate was self-signed. I wonder why it worked earlier….who knows….

btw, the latest php 4.3.9 seems a LOT faster in many scripts, nice 🙂

and again?

ohhhhhhhhh yes…the damn spambots found a way to bypass all measures agorf had taken. So it was time for the gd library to come in handy.

I found a patch for wordpress that creates a random text string on one image and someone has to copy that text to a text field to “validate” his comment.
The url to the patch is here: http://www.gudlyf.com/index.php?p=376
Then I had to install libjpeg, freetype,gd and recompile the latest php to use all that…DAMN these spambots!

Let’s see how long it will take until the spambots find ways to figure out text out of images…I am not sure if I really want this to happen or not …If it happens it will be a great improvement for AI in general…but all that authentication measures based on images will go down the drain….

Btw I’ve learned today that gentoo is not a “random” word for a distro…but rather a “penguin race”…You can find some info here:
http://www.siec.k12.in.us/~west/proj/penguins/gentoo.html
http://www.antarcticconnection.com/antarctic/wildlife/penguins/gentoo.shtml

New spam attack

And again another spam attack in my blog comments! It seems I am really famous! This time the ads were about medicines and diets and crap like that. Agorf re-patched my blog to stop this attacking pattern too.

The spam comments looked like this:

#

Name: buy phentermine online | Email: byob@y1049o.com | URI: http://phentermine.one-phentermine.com | IP: 148.244.150.58

1049 phentermine.one-phentermine.com
adipex.one-phentermine.com
tramadol.one-phentermine.com
ambien.one-phentermine.com
cialis.one-phentermine.com
viagra.one-phentermine.com
diet-pills.one-phentermine.com

Posted Nov 23, 4:46 AM | Edit Comment | Delete Comment — Edit Post “Infosystem 2004” | View Post

There’s a number inside the email of the “poster” and the beggining of the comment:
email: byob@y1049o.com
body: 1049 phentermine.one-phentermine.com

Let’s see who’s next!

another patch made by agorf

For the ones that are not aware of the refer 2.1, I will quote a text from the website:

What is it?

Refer is a web application that tracks incoming referrers (visitors who followed a link found elsewhere) to your website.

Check on the demo link: Demo

Agorf has patched it a bit because I wanted on the who list to be able to lookup ips from the ripe database. He added a field to the database and changed the phps to enable the RIPE queries.

Get the patch from here: refer ripe patch by agorf

Blog comments update

The official php coder of this blog has made a change in the way comments are being posted. agorf has added a checkbox that you HAVE to uncheck in order for your comments to be posted. Else your comment get’s ignored.

No more comment moderation! I hope we won’t get outsmarted by the spambots…at least for a while!

Cheers and thnx to agorf!

PAT-NEEDS-YOUR-HELP + blog comment notes

I guess that most of you reading my blog are already aware of Patrick Volkerding’s health problem that he chose to make public. (public announcement). I am not an MD but I think that he’s a bit overreacting here. He went to 2-3 MDs and noone told him exactly what he had…and he googled and found it ? Is this the way we will get medical treatment in the future ? Google our symptoms ? I wonder why a man like Patrick can’t get proper medical diagnosis, either the US medical system is a TOTAL wrack or Patrick chooses to go to the wrong ppl at the wrong time to examine him.

Anyway…I hope he really gets well because he is a very important part of the linux community. Slackware is more than a simple distribution…it’s more like a symbol for linux and without Patrick this “symbol” will get lost…

A friend of mine in his blog (out.of.sync) says that he is against blog comments in general and user comments could be posted on their own blogs. Well I disagree with this for 2 basic reasons. First of all not all ppl that are able to express an opinion on something they see written on a blog, have a blog of their own. Whether they should or not is a very long discussion and am I not willing to start it here. Secondly comments make the blog alive. Someone can corrent you on something you have written. Trackbacking is not always that usefull, and I wouldn’t really like visiting blog search engines every day to see whether someone has posted a note about my ideas and posts.
Comment spamming is a serious problem for blogs…I’ve had 2 attacks so far (but only one showed up on the blog because when the second attack hit my blog comments were already under moderation). I wonder if it is possible to have a hack for wordpress that will only allow someone to post a comment when he writes on a text field some numbers that are created randomly on a image (using gd probably). Another quicker solution would be to force ppl that want to write comments, to write some predefined text to another field under the current ones. I think that the spambots on the net are not able to scan for extra fields in blog forms apart from the predefined ones in them. Any php coders around ? 🙂

blog update

Last night I updated (by mistake) my blog. I overwritten wordpress ver 1.2 with wordpress version 1.2.1. Unfortunately most (if not all) “hacks” that agorf had made from time to time were lost. I used a patch that agorf had made and restored 2-3 hacks though. I’ll see what’s missing cause I can’t remember right now and tell him to do them again 🙂 (and create a new patch file this time, hehe).

Trying to play an Internet Game

Yesterday me and a friend were pretty bored and we want to play an online game. We installed warcraft3 and were anxious to start….but..nooooo we couldn’t.
We r both sitting at our homes behind dsl lines (and of course behind nat) and we couldn’t play because there was no internet game option inside the game…apart an option to play on battle.net. I thought that there should be another way to do it. I started googling and found out that I had to setup my own battle.net server called bnetd. (During this time I was uploading the latest patch I had for warcraft (ver 1.12) so that my friend would have the same version with me. ) But bnetd was no longer available because blizzard sued the creators.
What now ? keep searching. I came up with another battle.net replacement called pvpgn. Latest stable ver was 1.6.6. I downloaded, read the configs, downloaded a loader for the warcraft3 client it needs and started it. Server was up but I couldn’t connect my warcraft to it. After some googling I came up with the Battlenet Gateway Editor. I changed my battle.net server settings and now I could log in to my battle.net server and create a new account. But still I could not play…That’s the part where one goes crazy…
Googling and googling I found out that there’s another, newer, official patch (ver 1.17). I started downloading…it was “just” 35Mb…After it was finished…I applied it…but then I needed a no-cd crack. After some swearing and googling I’ve found that too. So now I had warcraft3 ver1.17, a no-cd patch for it and a loader to be able to connect to pvpgn. Still I could connect to server and create an account but I could not login and play.
Googling and searching inside forums I found out that there’s a newer pvpgn version (1.7.3). I got that version and it’s supporting files and fired up the server once again. FINALLY I could create an account and log in to the server.
Then I had to explain all these to my friend. I’ve spent more than 2 hours searching google and downloading various software just because I did not know the name of the battle.net server (pvpgn) and because I had bumped to a semi-official mirror with older version of the files I needed.

(Then we had to configure our NAT rules for the dsl modems in order to be able to connect to each other)

How hard can it be to have some fun ? AND I DON’T WANT TO STICK WITH NETRIS for the rest of my life!

Usefull links:
PvPGN
PvPGN Files to Download
ver 1.17 crack and loader

Project Ronja

A couple of days ago while visiting some wireless forums I came across this link: http://ronja.twibright.com/. Quote from the website

What is Ronja?

Ronja (Reasonable Optical Near Joint Access) is an Free Technology (like Free Software) project of optical point-to-point data link. The design is released under the GNU General Public License: you get all the necessary documentation and construction guides free. The construction costs are minimal; it’s probably the cheapest wireless system ever. The operation is reliable and immune to interference.

So someone can create cheap point-to-point links just with optical technology. The materials needed (not the tools) cost less than 100E to create a receiver and a transmitter. What’s really shocking is the speed of these links..10Mbit Full Duplex with simple led lamps. It might be possible to change the led and the circuit to gain in distance and/or in speed. And that’s what me and some friends from the university will try to do. Unfortunately I have no idea to help with electronics…so my only contribution in the beggining will be ideas and money.

I hope we finish this sometime because it’s both interesting as a project and usefull. Wireless noise inside cities is steadily raising…it wouldn’t be bad to replace some backbone links with a couple of these…if they work as expected. And why shouldn’t they….a lot of ppl use them alredy.

Check this: http://images.twibright.com/tns/7a3.html

News and Updates

Today I am going to become one of the most hated people in the University. My supervisors told me that I have to block the free downloads from and to the dormitories. The traffic from and to the dormitories the last months is growing really fast and that annoys a lot of people (it’s almost 35% of the university traffic), that’s why they will only be allowed to have access to remote web servers(http,https) and ftp servers. There’s even a chance that they will use a transparent squid proxy for all these. I think that such drastic solutions will create more problems than solve. It would be wiser if people were warned before these actions so they would auto-regulate themselves.
Anyway…we will see.

I have the links from the GrNET-Tech and IPv6 meeting presentations…
GrNET-Tech Presentations
IPv6 Presentations

I have no more “tech-news” due to the classes I have everyday that take up all my time. I don’t have the time to “create” anything new…I hope I find some …soon.