Month: September 2002

Posted on

I know I put it in a safe place…

Just heard on the news that the US Secret Service have escorted Dick Cheney from the Washington DC to a “safe location” in preparation for the anniversary of September 11th.

You know how, when you need to find your passport after not using it for a while and can’t find it, you do know that you must have left it in a safe place?

Bush: So where’s Dick?

Secret Service Agent 1: You mean he’s not here?

Bush: You guys took him away last week.

Secret Service Agent 1: Oh, that’s right. Damn. Where did we put him?

Secret Service Agent 2: I don’t remember, either. But I know we put him in a safe place somewhere…

Here’s hoping!

Posted on

Opera 7–but not yet

From someone in the know (i.e., within Opera software):

“[My] concept of “soon” is obviously different from
many of yours, that seem define it in “before or after lunch”. In the
perspective of the project’s lifetime it is almost done by now, in the
perspective of something we would want to release it’s really not ready yet.

“You would not want the Opera 7 of today, you would not want the Opera 7 of
next week, and we would not want thousands of reports on bugs that are about
to be fixed anyway”

(From the newsgroup Opera.beta via Google.)

Posted on

Spam update

Tech support at EZPublishing are the best. After a couple of emails back and forth to describe the situation with spammers abusing the sunpig.com domain, they have now put a redirect in place, so that anyone trying to use formmail.pl on our site will get an HTTP 404 error. (I couldn’t set up this redirect myself, because EZPublishing use some kind of virtual addressing to route every domain on this particular server to a single cgi-bin directory. My own .htaccess file gets processed after whatever redirection happens at the server level, and so putting a redirect in there was ineffective.)

Thanks guys.

I’ll be keeping a close eye on the server logs for a while, so see what happens. If you’re interested, you can have a wee peek at a snippet of the raw server log here. Note how each access to formmail.pl seems to come from a different IP address. And they all have the same (at the time non-existent) referer page: contact.htm.

Judging by this evidence, here are some guesses about what’s happening:

  • Somewhere, there is a single computer running a program.
  • This program systematically, or at random, builds up a list of available domains on the internet. Sunpig.com is just one of millions.
  • The program sends HTTP requests to these domains, probing likely locations for scripts, e.g. “/cgi-bin/formmail.pl”. The program will spoof its IP address so that the requests are more difficult to track back to the computer running it.
  • When they get an HTTP error code back (e.g. HTTP 404 – page not found, or HTTP 403 – forbidden), they know the mailer script isn’t available. On the other hand, if they get an HTTP 200 – OK return code, then they’ve hit pay dirt: the script exists on the domain, and they can get through to it.
  • (There may be a step here that parses the results page that comes back, but maybe not. The program could check the HTML that has been transmited back to see what the version of the mailer script is, and whether it allows external users to abuse it.)
  • The program gradually builds up a database of domains and the mailer scripts on them.
  • Through other nefarious means, the spammer has also built up a list of email addresses.
  • The spammer writes the message they want to send: “Free Viagra with every University Diploma bought–and hand-delivered to you by hot XXX Jennie3851 (check out my webcam!)”, and feeds this into the program.
  • The program then tries to send the message to as many email addresses as possible, via its list of available mailer scripts.
  • And here’s the kicker: when it sends the message via a domain (say, sunpig.com), it adapts the text of the message to say that if you want to unsubscribe from the list, please go to a page on the hi-jacked domain (say, http://www.sunpig.com/contact.htm).

And there you have it. The person receiving the spam sees a message in their inbox that has apparently come from someone at sunpig.com, telling them that if they want to unsubscribe, they should contact me. If they want to trace back the email, they will find that it genuinely did originate from sunpig.com.

The person who originated the message is hidden from the email trace. The only way to track them down is for the domain or server owner to track the spammers back through the HTTP logs. But the IP headers were spoofed, and the HTTP log doesn’t hold the full IP trace, so it’s harder for us to do that.

I could be wrong about all of this, of course. But it certaily seems to fit the evidence.

Posted on

Spammers alert

Shit–something weird is happening, and I don’t think it’s very pleasant.

I’ve just been looking through our server logs for sunpig, and I’ve found that over the last two weeks, we’ve had over 800 hits on the page “formmail.pl”. This is a script used for sending email when you submit a form on a page. For example, if you fill in a “contact us” form on a site, formmail can be used to email the message you’ve written, without you having to use your mail program. It is installed by default with EZPublishing accounts.

But we don’t use formmail at all, so where the hell are those 800 hits coming from?? Unfortunately, I don’t have access to the raw server logs–only the digested reports. The reports say that some of the hits are being referred through from a page called “contact.htm” on our site (which doesn’t exist), and some are coming from the site www.ademack.com, which, given the content on that site, seems equally strange.

And then there’s that email addressed to a non-existent user on sunpig.com from someone asking to be manually removed from a mailing list because the “delete” link doesn’t work. Oh really?

Shit. Some arsehole has got latched onto sunpig.com having the formmail script installed, and is using it to spam people from our domain.

I’ve tried using .htaccess to re-route all requests for the formmail script, but that doesn’t seem to be working. (I think this is probably because the script doesn’t actually reside on our web space–our host is using some behind-the-scenes magic to make all requests from domains on this server route to a single source.)

I’ve passed the issue on to EZPublishing’s tech support now. They’re good, and I hope they can get this sorted quickly. (Don’t let me down now, guys!) I have no plans to use formmail here, so I’m quite happy if they just block access to it altogether.

If you happen to have come here because of a spam email you received from the sunpig.com domain, please accept my apologies. I hate these people as much as you do.

Update:

Judging by the patterns of access, the emails probably mention the page “www.sunpig.com/contact.htm” as the place to go if you want to be unsubscribed from whatever ficticious mailing list these ugly little gnomes claim to have got your email addy. Because this page used not to exist, if you went there you would get our severely minimalist “404 Not Found” error page. I’ve now put up a page there describing briefly what has happened.

And it also appears that I do have access to my server logs after all. It looks like I’ve got some tracing to do. Fortunately, the excellent Anders Jacobsen has just written an article on how to track down spammers. He just caught one of his own, you see.

Posted on

Robert J. Sawyer interview at SF Site

From A Conversation with Robert J. Sawyer — Part 1, here is Robert J. Sawyer on trilogies:

“I still think trilogies are usually bad artistically for SF — although not as bad as never-ending series. […] I’ve seen far too many great authors be trapped into writing series. I’d much rather see what else Lois McMaster Bujold has up her sleeve besides Miles, or that Anne McCaffrey has besides Pern, or Orson Scott Card is thinking about other than Ender, but the economics of the industry are that publishers will offer authors more — at least double, and sometimes much more than that — for a new book in a successful series rather than a stand-alone, even if that stand-alone would be artistically and intellectually more satisfying.”

Okay, why do publishers pay more for a book in a successful series? Because they know that people are more likely to buy a book in a series. Why are people more likely to buy a new book in a series? Because they love their favourite characters, and enjoy reading about them.

Series characters are like old friends. Reading the latest Vorkosigan novel is like going down to the pub for a drink with your pal from University who is just back from an exotic holiday. A stand-alone novel is more like going out clubbing on a Friday night, and hoping to score with that cutie in the purple hot pants. You can have great fun doing both. (And in both cases there is the possibility that you’ll end up in an alley behind the pub or club chundering in the gutter. But maybe that’s taking the metaphor too far. Maybe.)

I disagree with Sawyer’s assertion that series are “artistically” bad for SF. In fact, I think that SF needs more ongoing series. Series give an author the opportunity to develop characters over multiple books. Provided that each story stands on its own (for the casual reader), someone who has been following the series will take away more from the book, precisely because they can make connections between events and peripheral figures in the characters’ pasts (and futures).

If you look at the crime genre, series novels dominate the bookshelves. In fact, I doubt if a crime publisher will give you a second glance unless you convince them that you have the next novel already half written.

One of my favourite series characters is Elvis Cole, hero of most of Robert Crais’ books. In the last Elvis Cole novel, LA Requiem, Cole and his partner Joe Pike come under repeated personal physical and emotional assault, from almost every possible angle. I cried at the end of that book. Twice. On a bus. In the Edinburgh rush hour. The story was one of the most painful and moving I have read recently. But would it have been quite so powerful if I hadn’t built up the love for those characters over the space of six or seven prior books? I don’t think that it would.

Yet, on the other hand, if you have a series, you can be 99% sure that the hero is going to survive. They may come away with a few more scars, but you don’t kill off a character. Not only will your publisher demand your head on a plate for killing the golden-egged goose, but you’ll also probably have to cope with homicidal fans who want to break your legs and keep you locked in a little room until you write the character back to life. (Or was that a Stephen King book?)

So in a series, Death may be on the line, but you can be fairly sure He’s wielding a toy plastic scythe.

It’s a balancing act. On the one hand, a series gives an author the freedom to explore a character in much greater depth than in a single book. But not all authors take that opportunity, and it can be too easily abused by the certainty of survival. On the other hand, the stand-alone book gives you the excitement of really not knowing how it’s going to end. But then, how often–really–do things turn out horribly nasty for the hero?

It’s like the old school mate and the Friday night hottie. Some days you want the friend, some days the frisson. On balance, though, I think I prefer my friends from the series. Which is why I want more of them.

Or maybe I’m just getting too old for hot pants.