Don’t Attack Iraq

The Media Workers Against War web site currently features a link to the “Fax Your MP” web site (http://www.faxyourmp.com/). If you enter your postcode on this web site, it will look up who your MP is. You can then type a message to the MP, which the folks who run the web site will then fax to the MP in question. (I assume they’ve got this automated, instead of having to do all the faxes manually.)

You can use the service to get in touch with your MP about all kinds of issues, but right now it makes sense to use it to make your views known about a war on Iraq. It’s a quick and easy way to remind your MP that they are supposed to represent their constituents in parliament, and not their party’s whip.

Yeah, right.

In a capitalist world, monopolies are considered bad because they destroy (the illusion of) consumer choice. Oligopolies are just as bad: a shared monopoly is no improvement for customers. Likewise, in a democratic world, a monopoly on policial choice is bad for citizens’ rights. And a two-party system is just a shared monopoly on political power.

If you typically support Party A and despise Party B, what do you do when Party A starts acting unreasonably? Go to the opposition? Even temporarily, just to get the message across? Great–that leaves you with Party B in power afterwards. A two-party system is almost as bad as having no choice at all.

What incentive do MPs have to actually listen to their constituents, and put forward their views in parliament? The thought of being removed from their seat at the next election? Well, if they’re high enough up in party hierarchy, then the party will just parachute them into a safe seat the next time one comes available.

For a politician who wants to keep their job, it may therefore be a better strategy to climb the party hierarchy, and keep on the good side of their leaders, than to do what they were supposedly elected to do: represent the people who voted for them.

Which is why we in Britain are currently in the situation that well over 50% of the population do not want to attack Iraq, yet our Prime Minister is spouting the rhetoric of full-on war like it’s some inevitability.

It’s also why someone like George Bush can become President of the United States.

What’s the answer? I don’t know. What can be done in practical terms? Right now, we have to get the message across to our so-called leaders that they will face massive revolt if we step up hostilities against Iraq. (I say step up, because preliminary action has been underway for some time now.)

In Britain, the Prime Minister is not elected by the public. The public elects the MPs, and then the governing party elects the PM. By the same token, the PM can be removed by the governing party as well. Does the will exist within the Labour Party to do this if Tony Blair takes Britain into a war? (Also, if the country is at war, is the cabinet even obliged to allow a vote of no confidence?)

When I first saw the “Fax Your MP” thing on MWAW, I thought I would do that. But now I think I want to actually write out a letter to my MP (Nigel Griffiths) and properly hand sign it. Will Mr Griffiths pay more attention to a letter than to a fax? Probably not. But it feels more appropriate, somehow.

Will this all make a difference? Again, I don’t know. But it’s pretty clear that in this oligarchic excuse for a democracy going to the polls once every four or five years is just not enough any more.

I know I put it in a safe place…

Just heard on the news that the US Secret Service have escorted Dick Cheney from the Washington DC to a “safe location” in preparation for the anniversary of September 11th.

You know how, when you need to find your passport after not using it for a while and can’t find it, you do know that you must have left it in a safe place?

Bush: So where’s Dick?

Secret Service Agent 1: You mean he’s not here?

Bush: You guys took him away last week.

Secret Service Agent 1: Oh, that’s right. Damn. Where did we put him?

Secret Service Agent 2: I don’t remember, either. But I know we put him in a safe place somewhere…

Here’s hoping!

Opera 7–but not yet

From someone in the know (i.e., within Opera software):

“[My] concept of “soon” is obviously different from
many of yours, that seem define it in “before or after lunch”. In the
perspective of the project’s lifetime it is almost done by now, in the
perspective of something we would want to release it’s really not ready yet.

“You would not want the Opera 7 of today, you would not want the Opera 7 of
next week, and we would not want thousands of reports on bugs that are about
to be fixed anyway”

(From the newsgroup Opera.beta via Google.)

Spam update

Tech support at EZPublishing are the best. After a couple of emails back and forth to describe the situation with spammers abusing the sunpig.com domain, they have now put a redirect in place, so that anyone trying to use formmail.pl on our site will get an HTTP 404 error. (I couldn’t set up this redirect myself, because EZPublishing use some kind of virtual addressing to route every domain on this particular server to a single cgi-bin directory. My own .htaccess file gets processed after whatever redirection happens at the server level, and so putting a redirect in there was ineffective.)

Thanks guys.

I’ll be keeping a close eye on the server logs for a while, so see what happens. If you’re interested, you can have a wee peek at a snippet of the raw server log here. Note how each access to formmail.pl seems to come from a different IP address. And they all have the same (at the time non-existent) referer page: contact.htm.

Judging by this evidence, here are some guesses about what’s happening:

  • Somewhere, there is a single computer running a program.
  • This program systematically, or at random, builds up a list of available domains on the internet. Sunpig.com is just one of millions.
  • The program sends HTTP requests to these domains, probing likely locations for scripts, e.g. “/cgi-bin/formmail.pl”. The program will spoof its IP address so that the requests are more difficult to track back to the computer running it.
  • When they get an HTTP error code back (e.g. HTTP 404 – page not found, or HTTP 403 – forbidden), they know the mailer script isn’t available. On the other hand, if they get an HTTP 200 – OK return code, then they’ve hit pay dirt: the script exists on the domain, and they can get through to it.
  • (There may be a step here that parses the results page that comes back, but maybe not. The program could check the HTML that has been transmited back to see what the version of the mailer script is, and whether it allows external users to abuse it.)
  • The program gradually builds up a database of domains and the mailer scripts on them.
  • Through other nefarious means, the spammer has also built up a list of email addresses.
  • The spammer writes the message they want to send: “Free Viagra with every University Diploma bought–and hand-delivered to you by hot XXX Jennie3851 (check out my webcam!)”, and feeds this into the program.
  • The program then tries to send the message to as many email addresses as possible, via its list of available mailer scripts.
  • And here’s the kicker: when it sends the message via a domain (say, sunpig.com), it adapts the text of the message to say that if you want to unsubscribe from the list, please go to a page on the hi-jacked domain (say, http://www.sunpig.com/contact.htm).

And there you have it. The person receiving the spam sees a message in their inbox that has apparently come from someone at sunpig.com, telling them that if they want to unsubscribe, they should contact me. If they want to trace back the email, they will find that it genuinely did originate from sunpig.com.

The person who originated the message is hidden from the email trace. The only way to track them down is for the domain or server owner to track the spammers back through the HTTP logs. But the IP headers were spoofed, and the HTTP log doesn’t hold the full IP trace, so it’s harder for us to do that.

I could be wrong about all of this, of course. But it certaily seems to fit the evidence.

Spammers alert

Shit–something weird is happening, and I don’t think it’s very pleasant.

I’ve just been looking through our server logs for sunpig, and I’ve found that over the last two weeks, we’ve had over 800 hits on the page “formmail.pl”. This is a script used for sending email when you submit a form on a page. For example, if you fill in a “contact us” form on a site, formmail can be used to email the message you’ve written, without you having to use your mail program. It is installed by default with EZPublishing accounts.

But we don’t use formmail at all, so where the hell are those 800 hits coming from?? Unfortunately, I don’t have access to the raw server logs–only the digested reports. The reports say that some of the hits are being referred through from a page called “contact.htm” on our site (which doesn’t exist), and some are coming from the site www.ademack.com, which, given the content on that site, seems equally strange.

And then there’s that email addressed to a non-existent user on sunpig.com from someone asking to be manually removed from a mailing list because the “delete” link doesn’t work. Oh really?

Shit. Some arsehole has got latched onto sunpig.com having the formmail script installed, and is using it to spam people from our domain.

I’ve tried using .htaccess to re-route all requests for the formmail script, but that doesn’t seem to be working. (I think this is probably because the script doesn’t actually reside on our web space–our host is using some behind-the-scenes magic to make all requests from domains on this server route to a single source.)

I’ve passed the issue on to EZPublishing’s tech support now. They’re good, and I hope they can get this sorted quickly. (Don’t let me down now, guys!) I have no plans to use formmail here, so I’m quite happy if they just block access to it altogether.

If you happen to have come here because of a spam email you received from the sunpig.com domain, please accept my apologies. I hate these people as much as you do.

Update:

Judging by the patterns of access, the emails probably mention the page “www.sunpig.com/contact.htm” as the place to go if you want to be unsubscribed from whatever ficticious mailing list these ugly little gnomes claim to have got your email addy. Because this page used not to exist, if you went there you would get our severely minimalist “404 Not Found” error page. I’ve now put up a page there describing briefly what has happened.

And it also appears that I do have access to my server logs after all. It looks like I’ve got some tracing to do. Fortunately, the excellent Anders Jacobsen has just written an article on how to track down spammers. He just caught one of his own, you see.