Category: Admin

On Sunday I noted that my blog was under attack from determined, but clueless, blogspam scriptkiddies. But that isn’t the only attack I’m seeing, and the second version is rather more disturbing – and puzzling.

What seems to have happened (or be happening) is that someone (or more likely a script) has looked up my name and phone number in several on-line directories, generated a plausible but invalid email address from my name (something like geoff53246@yahoo.com – not clear how variable this is), and then fired off email messages to various companies, apparently from this address, expressing interest in their products or services and asking the recipient to call my phone number. So far we’ve received 30 or 40 phone calls from various companies “responding to your inquiry”. The companies include the usual spam suspects – mortgage brokers, part-time MBA schools, etc. Most of these messages wind up on our answering machine, but from the few that we’ve picked up we’ve been able to piece together the above pattern. In some cases the name is correct; in others, it’s reversed. This is consistent with the entries for my phone number in various directories.

So what’s going on? It’s hard to know what to make of it.

• I haven’t read about this elsewhere, so perhaps it’s directed against me personally, or against some group of which I’m a member. (Atheist bloggers? Subaru drivers? Mac users? Model airliner collectors?) On the other hand, the variations in my name suggest a dumb directory look-up. Is there some [twisted] rational purpose, or is this simply a random act of antisocial behaviour?

• Like millions of others, we signed up for the national Do Not Call registry. This legislation was bitterly opposed by many telemarketers. Obviously those companies that are calling us interpret the forged emails as establishing “an existing business relationship”, so the “Do Not Call” rule no longer applies. This could be an attempt by someone to discredit the registry by flooding the world with “existing business relationships”. Or it could be driven by a single telemarketer who wants to subvert the rules so that they can make cold calls, but is disguising what they’re doing by ensuring that other companies also receive messages.

• For a company that relies upon email referrals, this could be a devastating diversion of resources, a kind of DDOS. Perhaps this is an attack on one company (disguised among the crowd), for malicious or blackmail purposes.

• This could also be an attack on Yahoo. By generating a huge volume of annoying, expensive messages apparently from Yahoo addresses, the perpetrators might expect that spam filters would be trained to reject all messages from Yahoo.

If you’ve experienced anything like this, or have another explanation, I’d love to hear from you. Normally I’d ask you to add a comment to this blog piece, but due to the other spam problem, comments are presently disabled. Perhaps you could send email to my Gmail account – firstname.lastname@gmail.com. (You can work it out.) Since this kind of attack is almost certainly illegal, I shall also be contacting the appropriate authorities – probably the Massachusetts Attorney General. Thanks.

This blog has been under blogspam attack for the last couple of days, and I haven’t been able to fix it. It seems from searching around that I’m not the only vicim (which is good). Curiously the attacks seem to be purely disruptive: the comments being injected don’t include commercial messages, or p0rn, or URLs to be pagerank-promoted. All the same, the cost/load/admin effort involved is significant.

More worrying is the fact that I haven’t been able to stop it. I downloaded a couple of bulk update scripts, but they wouldn’t work on my MT configuration. And as I tried a few fixes, I found that some existing mechanisms weren’t working quite right. It looks as if my setup is just sufficiently non-standard to cause some things to break, and I don’t have time to debug the Perl.

So here’s what I’m going to do. First, I’m going to have to crudely disable comments completely for a while. Sorry about that. Second, I’m going to follow the crowd, and migrate from MovableType to WordPress. According to Steve, mine is the only blog on grommit that’s still using MT, and there’s safety in numbers. This change will almost certainly break any deep links into my site. I’ll make sure that the top-level and RSS work OK. (Perhaps I should leave the existing configuration in read-only mode… but that would be confusing. We’ll see.) One benefit will be that I can update my template to something that is a little fresher and which works better on mobile devices.

Anyway, hang in there. Normal service will be resumed as soon as we’ve worked out what “normal” is.

I just realized that as part of the upgrade of grommit to Solaris 10, my usage statistics were no longer being updated. (I use Webalizer; you can see the report that it generates here.) I logged in to grommit, and saw at once that my cron job wasn’t running. This was actually a good thing, since the Webalizer binaries were all compiled for Linux!

The natural thing would have been to grab the source and rebuild Webalizer, but when I arrived at the download page I noticed that there was a prebuilt distribution for Solaris 2.8 on x86. The Solaris engineers work hard to maintain 100% binary compatibility, and Brad writes really clean code, so it should just work, right?

And it did. Kudos all round.

My regular readers (yeah, right) may have noticed that geoffarnold.com has been up and down over the last few days. There have been a series of odd problems, most have which have resulted in Steve spending too much time with grommit when he ought to have been sleeping. The most bizarre issue was that the system was occasionally inaccessible from within SWAN, Sun’s intranet; the only way we could see that it was alive and well was with tools such as Netcraft and DNSreport.

I wonder how long it’ll take the aggregators to find me again. (PlanetSun seems to have lost track of me completely, which is intensely frustrating!)

This is the first entry I’ve posted since Steve completed(?) the transfer of grommit.com to the new system: a Sun V20Z LX50 running Solaris 10. Thanks, Steve – I know you learned more than you ever expected to during the process!
(Composed on my Treo 650 while shopping at L.L.Bean in Freeport, Maine.)

We’re experiencing some technical difficulties on grommit, the system that hosts geoffarnold.com. Steve and I are scratching our heads; he’s taken the drastic step of rebooting grommit once so far, but problems are recurring in classic Heisenbug style. Browsing should be OK, but comment posting is likely to be iffy….

(Of course it remains to be seen if this post will make it through… but then if it didn’t, how would you know?)

We just finished uploading Merry’s website. Just one page, for now; we put the effort into the CSS, the visuals, and the content. It will grow….

Observations on the Hblogger app. As you can see, Hblogger doesn’t really understand MT very well. It uses the first five words of the text as the subject – or maybe that’s MT compensating. I can’t set the category, which sucks. Image upload is only via FTP, which is disabled on grommit. Sigh….
[Posted with hblogger 2.0 http://www.normsoft.com/hblogger/]

This is a test blog entry using hblogger on my Treo 650.
[Posted with hblogger 2.0 http://www.normsoft.com/hblogger/]

In general, ecto is much more WP-like than MarsEdit. It has convenient toolbar options for colouring text, building lists, and so forth. As in MarsEdit, the option to manage multiple blogs just clutters things up for the 90% of us who find that running one blog is hard enough work.

ecto has no support for images at all: you have to do it all by hand.

I take that back: there is an Import from iPhoto feature that works (that’s Al Stewart in concert in Boston), but this ignores the third party image link issue.

As usual, I want features from each of them.