RSS

Especially for Spence, I’ve put up an RSS (0.91) feed for this site.

To keep track of all of the blogs I read on a regular basis, I use the “Open all Folder Items” feature in Opera. I have all of my regular reading in a single bookmark folder, and the “Open all…” feature allows me to open all of these, in separate tabs, with a single mouse click.

But then I have to read them all, which is taking longer and longer the more new blogs I read…

RSS is the obvious solution to all of this. In theory, you have an application that scans the RSS feeds for each blog, and then displays all of the new headlines, in an easily scannable way. Then, you can click on a link to go to any entry that looks interesting.

The only problem is that I haven’t found an RSS aggregator that I like. I’ve tried AmphetaDesk and Aggie, but they just don’t strike me right. I think that for the moment, I’m just going to continue with the Opera way, until my list gets really unwieldy, and then I’ll put the effort into writing my own transforms and stylesheets to produce Aggie/AmphetaDesk output I can live with.

But just because I don’t use an aggregator, doesn’t mean that other people don’t. I imagine that if you use RSS as your primary blogscanning tool, you probably get a bit annoyed whenever you come across a blog that you want to follow, but that doesn’t have an XML feed. Especially when they’re so easy to implement. And especially when Movable Type provides you with a default RSS template already…

Ulp. Excuse the laziness please, and thanks to Spence for the prod.

Movable Type 2.5

Woo! Movable Type 2.5 is out! Happy Birthday MT!

I’m going to take some time to get to grips with the new features before actually installing it on sunpig. “Getting to grips with it” will involve getting it up and running locally, on my happy new Linux box, under Apache. It’s all a big, exciting adventure.

Server hiccups

If you came by the sunpig web site in the last 24 hours or so, you may have noticed a things looking a little weird. The server we’re running on is in the process of being upgraded, and in the process it blew a gasket (or something like that). (There’s a longer explanation, but I can’t be bothered explaining it all right now, and frankly, you don’t care, do you? <sniff>) The nice tech folks at EZPublishing, responsive and friendly as always, are on the case, and the site should be back to normal now.

It’s possible that the site may move to a different physical machine to stop problems like this happening again. If that turns out to be the case, sunpig.com will probably end up with a different IP address. This new IP address will take some time to get propagated out through the DNS system, and so you may find you can’t get through to our web site at all for a day or two. If this happens, don’t worry. If you get really concerned, drop us an email or something. We’d like to hear from you.

No, really.

Last week this site got hits from over 300 distinct IP addresses. Some of those are search engines, and some can be put down to folks on dial-up connecting with a different IP address each time. But even if you discard 90% of that traffic, we still don’t have that many friends and relatives who know about this site. So who are you, and what are you doing here?

I meant that in a nice way, of course.

Spam update

Tech support at EZPublishing are the best. After a couple of emails back and forth to describe the situation with spammers abusing the sunpig.com domain, they have now put a redirect in place, so that anyone trying to use formmail.pl on our site will get an HTTP 404 error. (I couldn’t set up this redirect myself, because EZPublishing use some kind of virtual addressing to route every domain on this particular server to a single cgi-bin directory. My own .htaccess file gets processed after whatever redirection happens at the server level, and so putting a redirect in there was ineffective.)

Thanks guys.

I’ll be keeping a close eye on the server logs for a while, so see what happens. If you’re interested, you can have a wee peek at a snippet of the raw server log here. Note how each access to formmail.pl seems to come from a different IP address. And they all have the same (at the time non-existent) referer page: contact.htm.

Judging by this evidence, here are some guesses about what’s happening:

  • Somewhere, there is a single computer running a program.
  • This program systematically, or at random, builds up a list of available domains on the internet. Sunpig.com is just one of millions.
  • The program sends HTTP requests to these domains, probing likely locations for scripts, e.g. “/cgi-bin/formmail.pl”. The program will spoof its IP address so that the requests are more difficult to track back to the computer running it.
  • When they get an HTTP error code back (e.g. HTTP 404 – page not found, or HTTP 403 – forbidden), they know the mailer script isn’t available. On the other hand, if they get an HTTP 200 – OK return code, then they’ve hit pay dirt: the script exists on the domain, and they can get through to it.
  • (There may be a step here that parses the results page that comes back, but maybe not. The program could check the HTML that has been transmited back to see what the version of the mailer script is, and whether it allows external users to abuse it.)
  • The program gradually builds up a database of domains and the mailer scripts on them.
  • Through other nefarious means, the spammer has also built up a list of email addresses.
  • The spammer writes the message they want to send: “Free Viagra with every University Diploma bought–and hand-delivered to you by hot XXX Jennie3851 (check out my webcam!)”, and feeds this into the program.
  • The program then tries to send the message to as many email addresses as possible, via its list of available mailer scripts.
  • And here’s the kicker: when it sends the message via a domain (say, sunpig.com), it adapts the text of the message to say that if you want to unsubscribe from the list, please go to a page on the hi-jacked domain (say, http://www.sunpig.com/contact.htm).

And there you have it. The person receiving the spam sees a message in their inbox that has apparently come from someone at sunpig.com, telling them that if they want to unsubscribe, they should contact me. If they want to trace back the email, they will find that it genuinely did originate from sunpig.com.

The person who originated the message is hidden from the email trace. The only way to track them down is for the domain or server owner to track the spammers back through the HTTP logs. But the IP headers were spoofed, and the HTTP log doesn’t hold the full IP trace, so it’s harder for us to do that.

I could be wrong about all of this, of course. But it certaily seems to fit the evidence.

Movable Type client?

I need a better writing tool for Movable Type. Inserting the proper HTML tags into a paragraph really interrupts the flow of one’s thinking, and gets to be a pain in the ass after a while. The MT interface is great, but it’s geared towards writing HTML–not content. I could really do with a rich text editor that allows me to publish to MT. And I’m sure I’ve seen one of these puppies…if only I could remember where…

Alternatively, it shouldn’t be that difficult to knock one together myself. MT supports XML-RPC, so getting the rich text editing would be the hard part. The actual upload to the blog itself should be a caker.