The referer spam page I posted on August 9th was the first time I’d worked with this site’s template in a very long time. It might be the last time too. These pages were originally built with DreamWeaver, which I no longer use. Resulting from that, the code is a disaster. Sure it works and mostly validates, but maintenance is difficult and the whole thing is lacking in technical elegance. For the time being, I will probably be posting new pages in a stripped down basic semantic structure.
Joe Maller.com
I posted my referer-spam solution for dealing with hits from porn sites. In the past 6 days my server has rejected over 13,000 requests.
It’s only a matter of time before TrackBack gets exploited too, that’s going to be ugly…
The last 24 hours have seen a massive onslaught of referer porn spam. Unlike last time, the current attack’s IP addresses are all coming from all over the world (yes, it’s still coming…). Either someone is spoofing IPs, some spyware-worm installed in Windows MSIE (all hits are identifying as flavors of Windows IE) or this is among the first exploits of the newest Microsoft security hole. I’m betting on distributed spyware.
Most of the IP addresses are from outside the US, so legal action or billing for exploited bandwidth aren’t really a practical options (as if I have the time). A few even came out of Saudi Arabia, where someone could probably get into a great deal of serious trouble/bodily harm for aiding the spread pornography, however unwittingly.
At first I tried doing what I did before, and went so far as to add an IP blacklist of spamming IPs to my referer log scripts. That worked for about 15 minutes, then different machines started hitting the server. This was also when I became convinced that this was a distributed spamstorm, and most likely individual computers were being exploited without their users’ knowledge. There was only a small set of URLS which were being repeated, so I switched to banning requests based on the contents of the referer string.
The banned sites were added to my root .htaccess like this:
RewriteCond %{HTTP_REFERER} ^http://www\.porn-site-hostname1.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://www\.porn-site-hostname2.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://www\.porn-site-hostname3.*$
RewriteRule ^.* - [F,L]
I’m not posting the actual names because I don’t want to get banned in schools, but several of the sites use the word ‘mature’ in the URL. If anyone is having a similar problem, send me a note and I’ll email you my actual htaccess lines.
Anyway, I came up with a slightly goofy warning page for the slim possibility that an actual people was at their computer when this was happening. Here’s the warning page a person would see if their referer was in spoofed from the spam set. That created a nasty loop which was bogging the server. I switched to forbidding (403) access instead.
Dealing with this crap makes me feel dirty.
Update August 6: I found the source of the spam, and it’s not a distributed attack, not in the usual sense anyway. I’m looking into various ‘black-hat’ exploits to stop this, I’ll post details and results when I figure something out.
Over the past few days several friends have mentioned their shock and outrage over what one called ‘the stupidest thing he’d ever heard of,’ regarding DARPA’s now cancelled FutureMAP (Futures Markets Applied to Predictions).
After wading through endless big-media ‘me-too’ stories, there are a few points about the concept of ‘Idea Futures’ which are worth considering. Idea Futures Theory is not new and apparently has a surprising record of accuracy. Considering that connecting disparate intelligence data is still a problem at the Pentagon, it should be a good thing that they’re looking towards unconventional data models.
“Senator Byron Dorgan, Democrat of North Dakota, asked what would happen if another country set up a betting parlor where people wagered on the assassination of an American political figure. I am sure he is right that there would be public outrage. But let’s turn the question around: If such a market were put in place, should the Secret Service monitor it? If there were an assassination attempt, should the authorities look for suspicious prior trading activity? And the most important question of all: If the market indicated that the probability of an assassination attempt had gone up, should the target take extra care? If you were a potential target, wouldn’t you want the best possible forecasts of possible attempts on your life? I would.”
Hal R. Varian writing for the International Herald Tribune/New York Times, Aug 1, 2003: Pentagon’s futures-market idea deserved a better response
“Economists believe financial markets do a pretty good job of aggregating information in part because they offer strong incentives to those who make good predictions.”
Hal R. Varian reprinted from the New York Times, May 7, 2003: A Market Approach to Politics
“This is just an alternative institution that tries to aggregate intelligence information… It’s a research project and it might not work, but there is a lot of history and data showing how effective markets are at predicting events.”
Ronald Baily quoting Idea Markets creator Robin Hanson in Reason, July 30, 2003:
Betting On Terror
Why futures markets in terror and assassinations are a good idea
“In declaring that anyone may make their voice heard in intelligence analysis if they are willing to put their money where their mouth is, Poindexter and the Pentagon would have gambled that their futures market will attract enough great minds thinking alike that patterns will emerge that are recognizable even at a view from the top.”
Greg Linsday writing for Black Table, July 30, 2003: That Whole Pentagon Futures Thing Ain’t Such A Bad Idea
“Our policy-makers and media rely too much on the “expert” advice of a self-interested insider’s club of pundits and big-shot academics. These pundits are rewarded too much for telling good stories, and for supporting each other, rather than for being “right”. Instead, let us create betting markets on most controversial questions, and treat the current market odds as our best expert consensus”
Robin Hanson, creator of Idea Futures and Prediction Markets
What’s most unfortunate about this program ending is that it closes the door on the potential for thousands of arm-chair policy analysts to contribute to national and world security. While this would be the market where one most wants to be proven wrong, those who do accurately predict negative events should have their predictions taken more seriously. To posit this proposal as the AP reported ‘allowed traders to profit by correctly predicting assassinations and terrorist strikes’, just completely misses the point and reflects sloppy or non-existant research. This could have helped guide more conventional intelligence towards unexpected or underestimated targets while self-managing an enormous amount of data.
Several of the above articles mentioned TradeSports.com (site is currently flooded), which introduced the idea of Poindexter’s resignation the day before it was announced.
TradeSports is also pointing towards no WMD in Iraq by September, Howard Dean overtaking John Kerry for the Democratic nomination and Bush decisively winning about 40-42 states in 2004. I guess we’ll see.
“Remember back in late 2002 or early 2003 when all the hot web designers were pushing table-less designs that only used CSS and they came up with all these crazy workarounds to do simple things like a three-column layouts, and all the hip sites started to look the same, you know, floating CSS boxes all over the place, and then Microsoft said they were canceling Internet Explorer for Mac, and that there wouldn’t be anymore stand-alone browsers for Windows and that they may never fully support all those web-standards and that PNGs would never work, ever, and then everyone started to realize that all the old web tricks using tables for layout still worked, and worked everywhere, and were faster to build and easier to maintain and the only real web standards were whatever worked in Explorer?”
“Yeah.”
“That was crazy.”
me: the Rabbi and Priest were going back and forth like ontological ping pong
me: it was fun
me: did I use ‘ontological’ correctly?
Bruce: Yea, it sounded convincing to me.
me: well technically, ontological means “The branch of metaphysics that deals with the nature of being.“
me: so theological would have possibly been more specific
me: although I like the way ontological feels in the mouth
me: ew
My family moved to Irvine when I was seven or eight years old, probably 1979. We were the first to live in the house my parents still live in, I remember walking through it with my mother and younger brother before it was finished, no carpeting or railings, just bare concrete where the piano would one day sit. It was sometime around Easter, we ate chocolate bunnies.
With two kids, my parents were sort of the old timers among the young parents moving into Peppermill Run. On one side our neighbors were newly married and in my memory younger than I probably realized. He still had a lot of the high school jock in him, drove a 280Z sports car with personalized plates and could throw a football farther than I’d ever seen one thrown. With a perfect spiral. After a few years they had a daughter and a son. I remember when each one came home for the first time.
Across the street a field was graded out for houses which would be built a few years later. This was a natural gathering place for neighborhood kids. The gradings which would one day define property lines and backyard fences made perfect jumps for boys on dirt bikes. Sometimes we’d fly kites, other times we would ask for a ride on the elektroroller scooter that the coolest kid in town used to own. Mostly the kids would torture one another, pick fights and generally make each other’s lives miserable. Though I can readily call up the humiliation, pain and anger, those days still seem like magic.
When the houses finally went in across the street, more people with kids moved in. Or, more specifically, people moved in and had kids. My youngest brother was born around then, and there was quite a handful of young children who would all play together. Directly across the street, a couple moved in who seemed to have a ton of money. He had art on the walls, real art, not prints or art-fair paintings. Two huge drawings of skyscrapers in his stairwall were by Richard Bunkall, whom I studied painting with at Art Center. A few years ago Richard died of complications from ALS.
Their next door neighbors had a boy and a girl. Their father, a young and apparently heathly man in his 40s died of a heart attack. I never knew what to say to them. Shortly after, the well-off art collector didn’t come home. His wife and two kids moved a few years later. The year was somewhere around 1985.
The people two doors down are the reason I started writing this. Similar to our other neighbors, they were young and newly married. As either a side business or a hobby or both, he used to die-cast tiny model-train people at a workbench in their garage. They had two sons.
This past weekend, Al, their youngest son, died. He was 18. Al and his father were camping in the desert on an exceptionally hot day and had car trouble. On the way to find help he collapsed from the heat. His father found his body.
In my mind those kids are still kids. Almost a decade and a half has passed, the trees are taller, the plants filled in and most of the children have left home. I’ve never seen them as adults and can barely remember some of their names. I only knew them as babies.
« Previous Page — Next Page »
