Meddling

It would’ve worked, too, if it weren’t for those meddling kids!

There are 617 posts filed in Meddling (this is page 50 of 62).

Upping the spambot ante

This morning I was surprised to see that a spammer had apparently breached my WordPress anti-spambot gauntlet. What does this mean in English, you ask? A potential hacker actually succeeded in registering an account on MT.Net, from which he could potentially attack my website.

At first I thought a bot had solved my CAPTCHA challenge, but after looking at the log entries it does not appear that this was an automated attack. Some dumb schmuck actually typed in the code by hand. That’s what most visitors to my website do, but most people don’t do it using email and IP addresses associated with hackers.

I’ve since turned on SABRE’s RBL lookup tests. This will automatically check the incoming IP against a list of suspect addresses. If there’s a match, the rogue visitor get automatically booted before he even begins.

It’s not perfect security, but one part of many defenses needed to protect a website.

Avoiding airport security gridlock

So it seems that today another person in a major airport went someplace he wasn’t allowed and shut down the whole terminal for hours. Jules Paul Bouloute, who just returned from Haiti, walked through an alarmed security door and paralyzed JFK airport. This comes less than two weeks after Chinese student Haisong Jiang walked the wrong way through security and caused the evacuation of the Newark airport.

To me, it doesn’t matter whether these individuals have bad intent, whether they’re incompetent, or whether they just made a dumb mistake. The fact that someone can in five seconds cause six hours of misery and chaos to a terminal full of passengers shows how broken our air travel system truly is.
Continue reading

Google’s attacks from China resemble mine

In this morning’s paper was an article from the New York Times with more information on the cyberattack which led Google to reevaluate its business in China.

Among the revelations was this paragraph:

Peering inside that machine, company engineers actually saw evidence of the aftermath of the attacks, not only at Google, but also at at least 33 other companies, including Adobe Systems, Northrop Grumman and Juniper Networks, according to a government consultant who has spoken with the investigators.

Continue reading

509-362-9994

I got a Spanish-language call from 509-362-9994 today. Other sites claim it says the callee has won $500.

It was a nice reminder that one of my goals this year is to sue a telemarketer.

Tele Europe 2

A friend got a mysterious automated survey call from the phone number 678-253-6210. This supposedly is from an outfix known as Tele Europe 2. According to 800notes.com, many people have gotten hang-up calls from this company and are not happy. If you get a call from this company please let me know.

MSN can’t take no for an answer

Earlier this week I banned MSN’s msnbot from spidering my website. I did this with an entry in the robots.txt file:

User-Agent: msnbot
Disallow: /

I checked with MSN’s robots.txt verifier to make sure this would keep msnbot from spidering my site. The only problem is that I also blocked the MSN IP addresses. Thus msnbot couldn’t fetch robots.txt to tell it was no longer wanted.

So, I unblocked the IPs and allowed msnbot to grab the robots.txt file, which it did repeatedly (this is a small sample):
Continue reading

More MSN search bot shenanigans

Got more funny hits this morning from MSN’s search bot (emphasis mine):

65.55.104.132 – – [26/Oct/2009:10:20:24 -0400] “GET /2009/03/06/sailing-this-weekend/ HTTP/1.1” 200 4398 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SLCC1; .NET CLR 1.1.4325; .NET CLR 2.0.40607; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.2)”
65.55.104.132 – – [26/Oct/2009:10:20:25 -0400] “GET /wp-content/themes/mtdotnet/style.css HTTP/1.1” 200 10345 “http://www.markturner.net/2009/03/06/sailing-this-weekend/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SLCC1; .NET CLR 1.1.4325; .NET CLR 2.0.40607; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.2)”
65.55.104.132 – – [26/Oct/2009:10:20:25 -0400] “GET /wp-includes/js/comment-reply.js?ver=20090102 HTTP/1.1” 200 786 “http://www.markturner.net/2009/03/06/sailing-this-weekend/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SLCC1; .NET CLR 1.1.4325; .NET CLR 2.0.40607; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.2)”

The IP address 65.55.104.132 resolves to msnbot-65-55-104-132.search.msn.com.

I’m about ready to kick MSN off my sites permanently.

Update 10:41: Done. MSN is no longer welcome at my site. I’ve never banned a search engine before but this is inexcusable behavior and Microsoft should know better.

MSN now snooping anonymously

In a very strange occurrence, my website got visited from what appears to be an MSN spider that didn’t identify itself (fake user agent has been highlighted below):

65.55.231.117 – – [22/Oct/2009:10:02:07 -0400] “GET /robots.txt HTTP/1.1” 200 24 “-” “Mozilla/4.0”
65.55.231.117 – – [22/Oct/2009:10:02:07 -0400] “GET /wp-content/uploads/2009/10/oculan-screenshot-300×230.png HTTP/1.1” 200 120896 “-” “Mozilla/4.0”
65.55.210.80 – – [22/Oct/2009:10:02:20 -0400] “GET /page/2/?q=node%2F1699 HTTP/1.1” 200 29922 “-” “msnbot/1.1 (+http://search.msn.com/msnbot.htm)”
65.55.230.228 – – [22/Oct/2009:10:08:13 -0400] “GET /robots.txt HTTP/1.1” 200 24 “-” “Mozilla/4.0”
65.55.230.228 – – [22/Oct/2009:10:08:13 -0400] “GET /2009/10/15/big-names-in-sources-of-suspicious-traffic/ HTTP/1.1” 200 10502 “-” “Mozilla/4.0”

65.55.230.228 resolves to msnbot-65-55-230-228.search.msn.com. 65.55.231.117 is a Microsoft address but doesn’t have an entry in DNS.

Just to make sure someone wasn’t spoofing the MSN namespace, I checked the whois record for these host. Sure enough, they belong to Microsoft:
Continue reading