Spam update

Tech support at EZPublishing are the best. After a couple of emails back and forth to describe the situation with spammers abusing the sunpig.com domain, they have now put a redirect in place, so that anyone trying to use formmail.pl on our site will get an HTTP 404 error. (I couldn’t set up this redirect myself, because EZPublishing use some kind of virtual addressing to route every domain on this particular server to a single cgi-bin directory. My own .htaccess file gets processed after whatever redirection happens at the server level, and so putting a redirect in there was ineffective.)

Thanks guys.

I’ll be keeping a close eye on the server logs for a while, so see what happens. If you’re interested, you can have a wee peek at a snippet of the raw server log here. Note how each access to formmail.pl seems to come from a different IP address. And they all have the same (at the time non-existent) referer page: contact.htm.

Judging by this evidence, here are some guesses about what’s happening:

  • Somewhere, there is a single computer running a program.
  • This program systematically, or at random, builds up a list of available domains on the internet. Sunpig.com is just one of millions.
  • The program sends HTTP requests to these domains, probing likely locations for scripts, e.g. “/cgi-bin/formmail.pl”. The program will spoof its IP address so that the requests are more difficult to track back to the computer running it.
  • When they get an HTTP error code back (e.g. HTTP 404 – page not found, or HTTP 403 – forbidden), they know the mailer script isn’t available. On the other hand, if they get an HTTP 200 – OK return code, then they’ve hit pay dirt: the script exists on the domain, and they can get through to it.
  • (There may be a step here that parses the results page that comes back, but maybe not. The program could check the HTML that has been transmited back to see what the version of the mailer script is, and whether it allows external users to abuse it.)
  • The program gradually builds up a database of domains and the mailer scripts on them.
  • Through other nefarious means, the spammer has also built up a list of email addresses.
  • The spammer writes the message they want to send: “Free Viagra with every University Diploma bought–and hand-delivered to you by hot XXX Jennie3851 (check out my webcam!)”, and feeds this into the program.
  • The program then tries to send the message to as many email addresses as possible, via its list of available mailer scripts.
  • And here’s the kicker: when it sends the message via a domain (say, sunpig.com), it adapts the text of the message to say that if you want to unsubscribe from the list, please go to a page on the hi-jacked domain (say, http://www.sunpig.com/contact.htm).

And there you have it. The person receiving the spam sees a message in their inbox that has apparently come from someone at sunpig.com, telling them that if they want to unsubscribe, they should contact me. If they want to trace back the email, they will find that it genuinely did originate from sunpig.com.

The person who originated the message is hidden from the email trace. The only way to track them down is for the domain or server owner to track the spammers back through the HTTP logs. But the IP headers were spoofed, and the HTTP log doesn’t hold the full IP trace, so it’s harder for us to do that.

I could be wrong about all of this, of course. But it certaily seems to fit the evidence.

Spammers alert

Shit–something weird is happening, and I don’t think it’s very pleasant.

I’ve just been looking through our server logs for sunpig, and I’ve found that over the last two weeks, we’ve had over 800 hits on the page “formmail.pl”. This is a script used for sending email when you submit a form on a page. For example, if you fill in a “contact us” form on a site, formmail can be used to email the message you’ve written, without you having to use your mail program. It is installed by default with EZPublishing accounts.

But we don’t use formmail at all, so where the hell are those 800 hits coming from?? Unfortunately, I don’t have access to the raw server logs–only the digested reports. The reports say that some of the hits are being referred through from a page called “contact.htm” on our site (which doesn’t exist), and some are coming from the site www.ademack.com, which, given the content on that site, seems equally strange.

And then there’s that email addressed to a non-existent user on sunpig.com from someone asking to be manually removed from a mailing list because the “delete” link doesn’t work. Oh really?

Shit. Some arsehole has got latched onto sunpig.com having the formmail script installed, and is using it to spam people from our domain.

I’ve tried using .htaccess to re-route all requests for the formmail script, but that doesn’t seem to be working. (I think this is probably because the script doesn’t actually reside on our web space–our host is using some behind-the-scenes magic to make all requests from domains on this server route to a single source.)

I’ve passed the issue on to EZPublishing’s tech support now. They’re good, and I hope they can get this sorted quickly. (Don’t let me down now, guys!) I have no plans to use formmail here, so I’m quite happy if they just block access to it altogether.

If you happen to have come here because of a spam email you received from the sunpig.com domain, please accept my apologies. I hate these people as much as you do.

Update:

Judging by the patterns of access, the emails probably mention the page “www.sunpig.com/contact.htm” as the place to go if you want to be unsubscribed from whatever ficticious mailing list these ugly little gnomes claim to have got your email addy. Because this page used not to exist, if you went there you would get our severely minimalist “404 Not Found” error page. I’ve now put up a page there describing briefly what has happened.

And it also appears that I do have access to my server logs after all. It looks like I’ve got some tracing to do. Fortunately, the excellent Anders Jacobsen has just written an article on how to track down spammers. He just caught one of his own, you see.

Robert J. Sawyer interview at SF Site

From A Conversation with Robert J. Sawyer — Part 1, here is Robert J. Sawyer on trilogies:

“I still think trilogies are usually bad artistically for SF — although not as bad as never-ending series. […] I’ve seen far too many great authors be trapped into writing series. I’d much rather see what else Lois McMaster Bujold has up her sleeve besides Miles, or that Anne McCaffrey has besides Pern, or Orson Scott Card is thinking about other than Ender, but the economics of the industry are that publishers will offer authors more — at least double, and sometimes much more than that — for a new book in a successful series rather than a stand-alone, even if that stand-alone would be artistically and intellectually more satisfying.”

Okay, why do publishers pay more for a book in a successful series? Because they know that people are more likely to buy a book in a series. Why are people more likely to buy a new book in a series? Because they love their favourite characters, and enjoy reading about them.

Series characters are like old friends. Reading the latest Vorkosigan novel is like going down to the pub for a drink with your pal from University who is just back from an exotic holiday. A stand-alone novel is more like going out clubbing on a Friday night, and hoping to score with that cutie in the purple hot pants. You can have great fun doing both. (And in both cases there is the possibility that you’ll end up in an alley behind the pub or club chundering in the gutter. But maybe that’s taking the metaphor too far. Maybe.)

I disagree with Sawyer’s assertion that series are “artistically” bad for SF. In fact, I think that SF needs more ongoing series. Series give an author the opportunity to develop characters over multiple books. Provided that each story stands on its own (for the casual reader), someone who has been following the series will take away more from the book, precisely because they can make connections between events and peripheral figures in the characters’ pasts (and futures).

If you look at the crime genre, series novels dominate the bookshelves. In fact, I doubt if a crime publisher will give you a second glance unless you convince them that you have the next novel already half written.

One of my favourite series characters is Elvis Cole, hero of most of Robert Crais’ books. In the last Elvis Cole novel, LA Requiem, Cole and his partner Joe Pike come under repeated personal physical and emotional assault, from almost every possible angle. I cried at the end of that book. Twice. On a bus. In the Edinburgh rush hour. The story was one of the most painful and moving I have read recently. But would it have been quite so powerful if I hadn’t built up the love for those characters over the space of six or seven prior books? I don’t think that it would.

Yet, on the other hand, if you have a series, you can be 99% sure that the hero is going to survive. They may come away with a few more scars, but you don’t kill off a character. Not only will your publisher demand your head on a plate for killing the golden-egged goose, but you’ll also probably have to cope with homicidal fans who want to break your legs and keep you locked in a little room until you write the character back to life. (Or was that a Stephen King book?)

So in a series, Death may be on the line, but you can be fairly sure He’s wielding a toy plastic scythe.

It’s a balancing act. On the one hand, a series gives an author the freedom to explore a character in much greater depth than in a single book. But not all authors take that opportunity, and it can be too easily abused by the certainty of survival. On the other hand, the stand-alone book gives you the excitement of really not knowing how it’s going to end. But then, how often–really–do things turn out horribly nasty for the hero?

It’s like the old school mate and the Friday night hottie. Some days you want the friend, some days the frisson. On balance, though, I think I prefer my friends from the series. Which is why I want more of them.

Or maybe I’m just getting too old for hot pants.

SF update

As if to prove me wrong about the deficiencies of their web site, the ConJosé front page now has a link to the 2002 Hugo winners. And I also found a weblog written by one of the conrunners: Cheryl Morgan. The blog is a subsection of Emerald City, Cheryl’s (primarily reviews-oriented) webzine. Excellent site –definitely one to bookmark.

Also on an SFnal note, Spider Robinson’s story Melancholy Elephants is now available for free on the Baen web site.

The Baen web site just keeps getting better. I know of no other publisher that makes its catalogue so easily available. This site is really a masterpiece of simplicity and functionality. And it’s ideologically sound, too! They run the Baen Free Library, which is a place where you can download free, complete books. There are no strings attached. The idea is that easily available free samples of an author’s work are likely to make you want to read more by that person. So you’ll go out and buy their books. And according to the statistics they’ve gathered, it works.

And if this wasn’t enough, they run also run a service called “Webscriptions”, which is allows you to cheaply read electronic versions of new novels before from Baen’s catalogue before they hit the shop shelves. And the fact that it’s been running since September 1999–and they haven’t withdrawn it–means that it’s working out for them. The key, of course, is keeping it all nice and simple.

Adventures in North Berwick

Alex and I had a big and wonderful adventure today. We took the train to North Berwick and went down to the beach. This isn’t the first time he’s been on a beach, but I think it might be the first time he’s been free to walk around on his own.

He was fascinated by the water’s edge: how it raced away from him, then came rushing back. All that splashy water! A couple of times, it flooded over his shoes and wet his socks. He was none too sure about this, and each time it happened he took my hand and led me further up the beach, where he investigated sea shells and sand.

We also played on the grass nearby, and had sausage rolls for lunch. Alex, oblivious to the idea of traffic, insisted on toddling over to the heavy chain railing that ran between the grass and the road, and swinging it back and forth. Then he wanted to drop our beach ball over the top of the chain, and crawl underneath to get it back. At least he seems to have developed the sense that we don’t want him to play in the road: he didn’t step any further out than was necessary to grab the ball and give it back to me.

The weather was wonderful until about 2 o’clock, when it started to cloud over and get a bit chilly. We took the 15:20 train back, and wandered up the High Street and the Bridges before catching a bus home. Finally, we stopped off at the playpark. Alex had another half hour of running from swings to slide to bouncy animals, before getting tired and pulling himself up onto one of the benches. And falling off it.

No wonder that he started throwing cushions down to the floor, and nesting on them at about 7! Bath, jimjams, teeth, and a story. He was asleep by quarter to eight. And while he lay in my arms in the rocking chair, I drifted off for about five minutes, too.

Mmmmmm! I love Wednesdays!