Chinese spammers abuse Jetpack plugin

All day long, Chinese spammers have taken advantage of an apparent flaw in Automattic’s (the makers of WordPress) Jetpack plugin. This morning, I noticed a slew of email bounces in my inbox, all with Chinese letters in them and a link to one of my blog posts. It turns out that the spammer has been clicking on the post’s “Share This” link and somehow entering their spam as the resulting email’s “From” address. Each email goes to a “qq.com” address, which is a Chinese mail provider.

The only way I could stop these emails was to turn off Sharing under Jetpack’s settings. Upgrading to the latest Jetpack (4.6) didn’t seem to help.

Apparently this has been an issue since 2014. I have no idea why this is the first time my site has become a victim nor why Automattic hasn’t figured out a suitable countermeasure yet.

Need Photos of Raleigh? Mark Turner Says Use His for Free, Please. – Raleigh Agenda

Raleigh Agenda wrote about my public domain photos of Raleigh today.

I first met Mark Turner on the corner of McDowell and Hargett streets for a mysterious “field trip,” as he had called it.

“C’mon, there’s something I want to show you,” he told me, motioning up the street toward DECO. He seemed eager to push past the handshakes and how-do-you-dos, so the adventure could begin. Inside the gift shop, he directed me toward a little basket filled with postcards.

“See that?” he asked, holding up a pack of cards that featured a colorful, sketch-like rendering of the Raleigh skyline. “These are based on the picture of Raleigh that I uploaded to Wikipedia. All the streets line up.”

Sure enough, the skyline sketch—captured from the Western Boulevard overpass, looking northeast in 2008—employed the same angle and details as the picture that accompanies the Raleigh, North Carolina Wikipedia entry. Even a red minivan was echoed on the postcard, eternally stuck in traffic. That’s Turner’s shot, free to anyone who wants to use it.

Source: Need Photos of Raleigh? Mark Turner Says Use His for Free, Please. – Raleigh Agenda

Georgetown Hospital blocks MT.Net, gives Facebook a pass

I’m connected to Georgetown University Hospital’s MedStarGuest network and trying to keep from being bored between tests. I was about to do some blogging this morning when I was greeted with a WebSense notification that my blog has been blocked:

No MT.Net for you!

No MT.Net for you!

What makes this particularly amusing is that Facebook is not blocked by the hospital’s WebSense nanny filter. It seems that MarkTurner.Net is considered “Social Networking” but Facebook, the granddaddy of all social networking sites, is not blocked for being “Social Networking.” What’s even more amusing is that other sites I host on the very same site using the very same software (like LigonPTA.com) are not blocked. Somehow I’ve earned inclusion onto WebSense’s no-no list.

This is yet another example of how idiotic these Internet nanny filters can be. Attention fellow IT people: there is no substitution for monitoring your own network. Don’t delegate your network monitoring to stupid products like WebSense.

And aren’t “guest” networks supposed to be safe for guests? Protect your important infrastructure with a secure network but your visitors shouldn’t need nanny filters.

Fortunately my VPN has not been blocked so that I could bring you this important message.

How I almost invented Wikipedia

Wikipedia Logo

Wikipedia Logo

I sold one of my domain names this month, reliablesources.com. I had that domain longer than I’ve had kids, registering it on 17 January 2000. Two months ago the domain became old enough to drive.

I remember just where I was when I decided to register the domain. I was in my entrepreneurial phase at the time, working with some extremely talented friends at NeTraverse and while I was on a business trip to Austin I dreamed up what I thought would be an innovative website.

I was a regular reader of the Slashdot (which was recently sold) nerd news website back then and was intrigued by its “karma” system of ranking posts. I wanted to apply this karma ranking to the people in the news, giving users the ability to rank what someone in the news says based on that person’s known credibility.

It was inspired by President Bill Clinton’s time in office. The Office of the President carries a lot of built-in credibility, for instance, so right away you’re going to listen to what the President says. But what if the President is caught lying (i.e., “I did not have sexual relations…”)? That should make one skeptical of whatever that President says, knocking down his or her karma score.
Continue reading

Script kiddie fail

Watch out, we've got a badass over here.

Watch out, we’ve got a badass over here.


Some bored kid out there has taken to brute force attacking my webserver in the early morning. I just noticed this referrer entry on the URL:

[Redacted IP] – – [19/Jan/2016:03:33:28 -0500] “POST /wp-login.php HTTP/1.1” 200 3416 “-” “–user-agent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0”

Catch that? Whatever script Dr. Evil is trying to run here sets the referrer value by using –user-agent= as an argument. Instead, our boy genius is passing…

–user-agent=”–user-agent …”

Brilliant. Simply brilliant.