Tag Archives: spam

🤣🤪

in my attempts to break free of #twit™ #turd™, i have created a reddit profile. i joined the r/incense subreddit, and almost immediately got banned for “spam”. the “spam” i am guilty of disseminating was the phrase “i’ve got resins for sale: pure frankincense, copal, and loban (seperately)… i’ve also got a big chunk of palo santo.” which i posted in response to ONE person.

it’s not “spam”. i didn’t advertise anything, i didn’t include links to my business, and i didn’t “mass mail” anybody: this was in response to ONE person.

nevertheless, the moderator that banned me was disinterested in discussing it, because “we both know what spam is”, and, as i am a “newbie” at reddit, i didn’t feel like arguing about it…

but… 😉

i was searching for other subreddits which may or may not be similar to r/incense, when i came across this post… in r/incense 🤣

someone else's reddit ad in a subreddit from which i was banned... 😉
someone else’s reddit ad in a subreddit from which i was banned… 😉

and it got 14 upvotes! 👍👍😉 this is, also, NOT spam (as it is on my own web site): a link to 999 Lord Krishna Puja Agarbatti, if anybody reading this is interested in purchasing some. 😉

why?????? 😕

when i woke up this morning, at approximately 8:30, i checked my email, and i had over identical 1,000 spam messages, in my spam folder, and more coming in as i watched… now, at 9:45, i have deleted approximately 1,000 MORE identical spam messages… and there are more coming in at this very moment…

ETA: as of 11:00, i have deleted at least 1,000 MORE identical spam messages… 🙄 if i don’t read it the first time, what could POSSIBLY make a person think that i’ll read it the 5,000th time?

WHY do people do this?

<sigh> 🙄

i suppose it’s similar to asking why people write scripts to delete all the data in unknown peoples’ cloud drives.

as winston churchill said, it doesn’t take all kinds, but there are all kinds. 🙄

YAAAAAA!!!! 😈

i got home from my circus class this afternoon, and discovered approximately 1000 IDENTICAL spam messages in my spam recepticle. over the course of the next half an hour or so, i deleted approximately 500 more IDENTICAL spam messages…

so i decided to do some research. what i came up with is that EVERY ONE of those spam messages had been sent from an IP address in the range of 37.32.0.0/16, in iran.

so i blocked it.

and NO MORE SPAM from that range of IP addresses. not a single one! 👍

THIS is why i do it! 😈

why i do it, part ∞

Re:[## 78615541 ##] ABUSE VIOLATION: Give your feedback, get a $75 8J+NqPCfjag

Zoho Campaigns has a zero tolerance policy towards spam, and we do everything we can to curtail it. Thank you for sharing the email header. We have taken punitive action against the user as per our terms of use.

i don’t get these notices often, because of various “spam policies” held by the offending parties, but, occasionally, i get solid validation that the spammer i reported has been flattened by the mallet.

it feels good.

why??? 🤷

why do people who use IPVanish still try to crack my web sites?

why do people who use IPVanish seem to think that i WOULDN’T have a 30-character passphrase and 2FA enabled on my web sites?

why do people who use IPVanish STILL try “Admin123” and other idiotically simple logins from easily tracable IP addresses (despite IPVanish)?? 😕😒

what i know

this morning, my wife got what appeared to be a “legitimate” email, but it was delivered to my spam box.

here’s what i know:

it purports to be from the “Colorado State University” department of “Veterinary Continuing Education”, with the URI “CSUvetCE dot com”.

it was delivered by way of an open relay in germany, using at least two other open relays in other, eastern european countries.

my wife CLAIMS that the “Colorado State University, Department of Veterinary Continuing Education” is a legitimate business for which several of her colleagues work.

there is an EXTREMELY good chance that, if someone from the “Colorado State University, Department of Veterinary Continuing Education” were to send my wife an email message, it would come through the mailservers at colorado state university, IN COLORADO, and NOT through several open relays in other countries.

it was addressed to my wife, using an email address for ME, which i haven’t used in at least 5 years.

when i visited the “manage my subscriptions” page at “CSUvetCE dot com”, it listed my wife’s name, only her last name was in the “first name” slot, and her first name was in the “last name” slot, followed by my email address, the physical address where she works, except that instead of being on mercer island, it was listed as being in “medina”, which is a suburb of bellevue, about ten miles away from the actual address location, on the mainland. and, it listed the zip code as being the one where we currently live, which is neither mercer island, nor medina.

the same “manage my subscriptions” page has her listed as the “chief executive officer” of “at home veterinary services”. she does NOT work for “at home veterinary services”, and she is NOT the “chief executive officer”.

when i tried to change the “STATUS” of her subscription from “subscribed” to “unsubscribed”, it didn’t work. i tried it multiple times, and every time the page reloaded, the status said “subscribed”.

so i checked… “CSU” is CHICAGO state university, and their URI is “CSU.EDU”. COLORADO state university’s URI is “colostate.edu”, and the ACTUAL “Colorado State University, Department of Veterinary Continuing Education” is at “cvmbs.colostate.edu”.

now, i don’t KNOW whether or not “CSUvetCE dot com” is a spammer scam or not, but i know that EVERYTHING i have found so far leads me to the conclusion that it is a spammer scam. 😒

also i don’t know why someone would go to SO! MUCH! TROUBLE! to put together a web site that tries its DAMNEDEST to look like a legitimate business, just to lure the relatively few people who are in the veterinary industry into submitting their information to a spam list.

but, as i said… EVERYTHING i have found so far leads me to the conclusion that it’s PRECISELY what they have done…

weird.

ETA: okay, this is getting weirder now… after a bit more poking around, i found an announcement on this page which appears to indicate that CSUvetCE dot com is, in fact, a legitimate page, and not a spammer scam… which, then, makes me wonder EVEN MORE about why the email was sent via open relays to an address that had OBVIOUSLY been scraped from who knows where… like… does the Colorado State University Department of Veterinary Continuing Education care THAT LITTLE about the ethics of the emails they’re sending out? do they even CARE?? 😒

ETA, part 2: i wrote to them, asking why they have a scraped address on a form that doesn’t work. their response said they couldn’t find that address on their mailing list. i wrote back with all the details, including a screen shot and a URI to the spot they said they couldn’t find. they haven’t responded… yet…

i’m back to thinking that this might be a spammer scam masquerading as a legitimate business, and the legitimate business doesn’t have the first clue what is going on. 😒

damn right they’re blocked! 🤬

i got the following notification from my anti-cracker service:

A user with IP addr 2001:41d0:305:1000::1250 has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username '[login]' to try to sign in.
The duration of the lockout is 2 months.
User IP: 2001:41d0:305:1000::1250
User hostname: hr914433990.reseller.mis.ovh.net
User location: France

i’ve been seeing these login attempts using “[login]” for some time now — and why, in the name of all that’s holy, would ANYONE use, or allow another person to use “[login]” as a username, is beyond my limited imagination, but that’s not the main reason this notification caught my eye…

it’s because of the user hostname, which is a reseller host at ovh.net 🙄

i’ve been dealing with spam and cracking attempts from OVH for AT LEAST ten years. unfortunately, it’s nothing new… but this is the first time they’ve tried to get around my blocks by using an IPv6 address.

and it wasn’t OVH directly, it was a reseller, but the fact is still plain that OVH STILL enables spammers and crackers to work with impunity from their networks.

FUCK OVH! 🤬😠👎👎‼

and add 2001:41d0::/32 to my block list! 🙄

Rule #3

Rule #3 states “Spammers are stooOOpid.”

if you need an example of rule #3, i have one for you:

the spammer sent mail from a computer called… get this…

UCEBOX.CO.ZA

😝😂🤣🤪🤦😠🤬

for those of you who still don’t “get” it, not only is the computer in south africa, home to all things shady and illegal, but “UCE” stands for “Unsolicited Commercial Email”… in other words, “spam”.

it’s as though they’re saying, “fuck yeah, we’re so gawd-damned proud of the illegal spam we send, that we’re going to name our computer after it, and nobody will care, even if they do notice!”

people should have to take an intelligence test before being allowed into the human race.

seriously.

spam update

i have now, officially, blocked IP address ranges in the following countries:

afghanistan
albania
angola
argentina
aruba
australia
austria
bangladesh
belarus
belgium
bhutan
bolivia
bosnia & herzegovina
brazil
british virgin islands
bulgaria
cambodia
canada
chile
china
colombia
congo
cote dโ€™ivoire
croatia
czech republic
denmark
ecuador
egypt
el salvador
estonia
finland
france
georgia
germany
ghana
greece
guatemala
honduras
hong kong
hungary
iceland
india
indonesia
iran
iraq
ireland
israel
italy
japan
jordan
kazakhstan
kenya
kyrgyzstan
latvia
lithuania
luxembourg
macao
malaysia
mexico
moldova
monaco
mongolia
morocco
myanmar
netherlands
new zealand
nigeria
norway
pakistan
panama
paraguay
peru
philippines
poland
romania
russia
serbia
seychelles
singapore
slovakia
south africa
south korea
spain
sweden
switzerland
taiwan
tajikistan
tanzania
thailand
Trinidad & tobago
turkey
UK
ukraine
uruguay
USA
uzbekistan
vietnam

the big winners are china, russia, and india, and the runners up are spain, uzbekistan and kazakhstan…

and the good ol’ united states of ‘merica makes an appearance, as well.

before i started blocking whole swaths of IP addresses, the CPU usage on my server was between 75% and 100%, pretty much always. since i started blocking IP address ranges, my CPU usage is between 2% and 5%… which means that my web sites respond more quickly.

a side benefit is that, often, the same IP address ranges that are used by spammers, are also used by crackers, skript-kiddies, and other miscreants, so by absolutely blocking them (using both the IP Blocker and the Global Email Filters) i kill two birds with one stone. 😉

the down side is that i’ve been catching a few false positives, which are messages from people within north america, but, through no fault of their own, sent their messages at EXACTLY the right time, so that the date in their message ID gets caught by the rule that’s supposed to catch IP addresses… 😖

but, honestly, there have been fewer than 10 false positives in the last 6 months (they tend to come in spurts: i’ve caught 3 today, but haven’t seen one for months), whereas, if left unfettered, i would have received, easily, 100 times that many spam messages PER DAY, so, in all, i’m almost ready to make my list available to anybody else who wants to cut down on the people who send you spam… 😉

new regex stuff!

logical operators! thanks ian! 😉

+ () [] - |

(stuff that remains the same)+(stuff that changes) – otherwise known as “capture groups”

[89] = 8 or 9

[0-4] = 0, 1, 2, 3, or 4

| = logical OR

so…

\D(85\.157\.47\.)+(12[89]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])\D

means “capture everything in 85.157.47.128/25”

which, up until now, has meant “make a separate rule for every IP address between 85.157.47.128 and 85.157.47.255” — 128 SEPARATE RULES, which takes A LONG time, and slows down processing speed.

this is a BIG step forward!

WOO!!! 😎👍

ETA 200205: even more WOO!!! because ian directed me to a RegEx Numeric Range Generator, which means that i don’t have to figure them all out myself! WOO!!! 😎👍

calm… i hope no storm…

the past three full days now, i have gotten SIGNIFICANTLY less spam than normal… like, normally i’ll get anywhere from two to six DOZEN spam messages a day, and, since saturday, i have gotten, maybe two dozen total

i’ve been blocking ranges of IP addresses in argentina and peru and china and india and denmark and kazakhstan and iran and lithuania and brazil and germany and LOTS of ranges for russia, and luxembourg and vietnam and turkey and indonesia and romania and the UK and georgia (the country, not the state in the united states), and nigeria and egypt and cambodia and myanmar (and that’s only up to the 45.0.0.0/8 range) like a mad fiend, for about two months prior to saturday… and all of those places are places from which i have never received email that was not spam…

literally, i’ve been blocking JUST ranges connected with the 1LfYcbCsssB2niF3VWRBTVZFExzsweyPGQ “bitcoin porn sextortion” scam since october 4th. 🤬

maybe i’ve finally caught up with the script. i’ve got 1,043 filter rules, and a fair portion of them are IP ranges…

but it feels weird… nobody has complained that they’re not getting important emails, and the false positives that have been coming through are usually either dealt with by changing “contains” to “matches regex”, or by deleting rules that i don’t need any longer… like the one for the .mp TLD, which was giving me false positives all the time because of mailchi.mp, which, while spammy, is not universally spammy, and, as far as i can tell, is the only NON-spammy use of the .mp TLD… but i decided that, instead of figuring out how to rule out legitimate use of a spammy TLD, i just started banning the countries that the spam was coming from…

but it feels weird… i’ve been on edge for a couple of days now, and i’m pretty sure it’s directly related to my relationship with the computer and the ‘net… 😒

but not entirely related… i had a pair of blue sunglasses that i got before i went to oregon to busk, a few months ago, and i lost them about a week ago. since then i’ve been losing a whole bunch of other things — keys, tools, credit cards, that sort of thing — and i’ve been finding them again, usually in the same day, sometimes within the same 15 minutes or so… but i haven’t been able to find my sunglasses, and it PISSES ME OFF because the reason i got them, primarily, was to help aleviate some of my depression, and they have worked ADMIRABLY for that purpose… and i remember thinking, if i put them… wherever it was that i put them… 😕 and left them there for too long, i would probably not remember where they were, the next time i looked for them… 😒

it’s possible that they’re somewhere around the house, but i’ve looked at least three times in every place i can think of, and quite a few that i couldn’t have thought of in a long time, and have nothing to show for it except a much cleaner house. they’re not in the car, as far as i can tell, nor are they in my tuba case, or my tuba bag.

moe is going away for a few days — travelling for stuff related to her book — starting friday, which means that i won’t be able to go busking. and then panto starts (shudder) saturday: two shows, and two shows on sunday, which means that i won’t even be here to take care of the pets for significant portions of both days… fortunately, i’m picking her up at the airport after sunday’s shows are over.

and, on the unicycle side of things, i think i am actually learning to ride the unicycle… i have been consistently riding, in a “more-or-less” controlled fashion, in a marginally straight line, without falling over, half to three-quarters of the way across the gym, for two weeks now. and, i just got “certified” to come in and use the gym for practicing unicycle on days that we’re not having class, so i actually have a place to practice.

/8 blocks

i now have three /8 blocks in my email filters.

25.0.0.0/8 in the UK, 53.0.0.0/8 in germany, and 133.0.0.0/8 in japan.

the “standard” email filters, built on “and/or” and “contains/does not contain”, break down when you’re dealing with 16.75 MILLION addresses.

they break down because you can’t just filter on 25. which appears in the middle and end of IP addresses, in message ID numbers, and, occaisionally, in the body of the message.

the result is A LOT of false positives: email which i can’t forward to the correct recipient, because it will get filtered AGAIN

which is quite annoying. 😒

so, with the help of my friend robert, i built a regular expression to handle it:

\D25\.\d{1,3}\.\d{1,3}\.\d{1,3}\D

finds non-digit character followed by “25.”, followed by three repititions of one to three digits, interspersed by periods, followed by another non-digit character.

technically, this regex could be adapted to accomodate any IP address, which means that, theoretically, i have a whole new, easier, and faster method of processing spam. 😈

the next step is to learn how to search for a specific range of digits… 😈

ETA 191127 i discovered that you can’t specify a range of digits with a regex. for that, you need a script, which is too much work. also, i determined that i DON’T need the white space character at the beginning and end of the regular expression, because, sometimes, the IP address is surrounded by parentheses, square brackets, or both.

ETA 191128 i changed it from white space character — \s — to non-digit character — \D — because some IP addresses are surrounded by parentheses or square brackets, but some are surrounded by white space characters. the only thing \D doesn’t capture is an empty string, so the IP address can’t be the first thing in the line of text.

and, even with the \D, this regex, modified to capture 27.16.0.0/12 in china, captures 2.2019.11.27.23.41.02, which is part of the message ID on a LEGITIMATE message. 😖😒😠🤬

this is why i’m rerouting these messages, rather than summarily deleting them, which is my inclination… summarily deleting what i think is spam has come back to bite me in the ass often enough that i don’t do it any longer. 😒

oy 😒

this morning i added a second /8 block to my email filters.

for those of you wondering what i’m talking about, a /8 block is the largest block of IP addresses allocated by the IANA.

16,777,216 individual IP addresses.

my first filtered /8 block was in japan. my second one was in germany.

and i STILL get spam from japan and from germany. 😒

it doesn’t seem like it was that long ago that spam was something in a monty python skit, and before that, it was a canned meat byproduct.

it’s not even UCE any longer, because most of it is devoted to scams of one kind or another. actual, commercial email is a tiny fraction of the volumes of script-generated spam, these days.

spam times 16,777,216²… which is a number so large my scientific calculator chokes on it… which is to say, it says 2.81474976711e+14 rather than giving me a number i can understand. 😒

knock wood…

for the first time in a VERY long time, i booted up my computer, checked my email, and did NOT have at least 10 “bitcoin-porn-scam-spam” messages in my spam folder…

in fact, i had NO “bitcoin-porn-scam-spam” messages in my spam folder… or anywhere else…

there was spam in my spam folder, but no “bitcoin-porn-scam-spam” messages.

maybe this is a good sign.

ETA: not as good a sign as i would have hoped, but on the plus side, i now have blocks on more of uzbekistan, kazakhstan, bangladesh, and south africa than i did before.

oh well… 🤷

spammers spamming spam! 🤬

just as a reminder, this has been posted at the Hybrid Elephant Contact Us form:

PLEASE NOTE: This contact form is solely for the use of Hybrid Elephant customers who need to get in contact with us. Every message that is sent with this form includes a unique IP address in the header, which identifies the computer from which the message was sent. If you use this form to spam us, all you will accomplish is to put your IP address on the list of IP addresses which are PERMANENTLY BANNED from accessing Hybrid Elephant for any reason. Please DO NOT USE THIS FORM to send us advertisements or solicitations. It WILL NOT WORK! You have been warned!

this morning, i got spam from my response form (big surprise).

the difference, this time, is that the following message was included at the end of the spam:

IMPORTANT NOTICE: This message has been posted via a Contact Us form on your site. Contact forms are publicly accessible and they can be used for posting messages by anyone. We don’t use, hold or archive your e-mail addresses.

yes, contact forms can be used by anyone, but, particularly when an anti-spam message like the one previously posted is present, a concientious user of internet won’t use it unless that person is also a “Hybrid Elephant customers who need to get in contact with us”.

the message that you sent me was definitely NOT because of a need to contact me about something having to do with my business. 😒

and the fact that you say you “don’t use, hold or archive your e-mail addresses” is a moot point, because you ALREADY HAVE used my email address, and the fact that you have already used it means that, very likely, it is stored somewhere on your system, and probably gets backed up with everything else on your computer, which, for all intents and purposes, is “using, holding and archiving”… 🤬

so, the IP address from which this spam was sent is 85.203.22.215, which is part of the 85.203.22.208/28 range, located in monaco.

as of now, 85.203.22.208/28 (16 individual IP addresses) is no longer able to access my domains for any reason whatsoever.

thanks, spammer.

the message also contained references to wexxluxurycars dot com, which also goes on my block list.

thanks, spammer.

the IP address to which that domain name corresponds is 198.46.134.35, which is located in new york. because of the fact that it’s in new york, that IP address goes on my email block list, with today’s date, so that, in case i get an inquiry regarding it at some future point, i can state, unequivocally, that it was added to the list on that date, in case the person inquiring wants me to remove it…

which i will do ONLY if they can convince me that they are no longer associated with spam.

thanks, spammer.

and, of course, nobody is going to be seriously affected by all of this falderal (except, possibly, me), because the message was, doubtlessly, sent by a script that scans for “Contact Us” forms, and dumps meaningless spam into them automatically, without any one person having to do anything other than launch the script, which is why i’ve taken to blocking CIDR ranges outside of north america with no further warning. if people are going to be that careless with their own security, it’s up to people like me to take their security seriously, for them.

thanks, spammer. 🤬

random reminder

great swaths of the internet from the following countries have been permanently banned from viewing my web sites and sending me email, due to ongoing, egregious spamming activity:

albania
angola
argentina
aruba
australia
bangladesh
belarus
belgium
bosnia
brazil
british virgin islands
bulgaria
canada
chile
china
colombia
congo
denmark
denmark
egypt
finland
france
germany
guatemala
herzegovina
hong kong
iceland
india
indonesia
ireland
israel
italy
japan
kenya
latvia
lithuania
macau
malasia
mexico
moldova
netherlands
nigeria
norway
pakistan
panama
philippines
poland
romania
russia
serbia
seychelles
singapore
slovakia
south africa
spain
sweden
switzerland
taiwan
thailand
turkey
UK
ukraine
uruguay
viet nam

and more than a few from the united states, for good measure. 😒

spam is bad. stop spam on internet.

tee…

i’ve recently taken to blocking great swaths of IP addresses in foreign countries, which only send me spam.

she has HUGE… tracts of land…

i have undertaken this policy because using a utility that automatically blocks IP addresses from foreign countries costs money (😒) and using a utility would only work on hybridelephant dot com, and nowhere else.

so, i learned about CIDR, learned how to identify host countries based on IP addresses, and learned how to block IP addresses based on CIDR numbers…

now, instead of blocking a single IP address — which is pointless, because spammers know that a single IP address only works until the spamees figure it out and block it, so they move on to the next one — i block entire swaths of IP addresses: the most common are the /24 range, which blocks 256 (28) IP addresses, and the /16 range, which blocks 65,536 (216) addresses.

and i can block spam from those IP addresses on ALL of my domains, not just hybridelephant dot com. 😉

which brings me to the point of this post: i recently blocked the third IN A SERIES of IP addresses from bangladesh: now i have 185.222.56.0/24, 185.222.57.0/24, AND 185.222.58.0/24 blocked.

which, technically, means that i could block 185.222.56.0/23 and 185.222.58.0/24 with the same effect, because 185.222.56.0/24 plus 185.222.57.0/24 equals 185.222.56.0/23

i love that i am able to do this.

i also love that i am able to understand this as much as i do… which is not very much, but enough that i have been successful in reducing the amount of spam i get by a SIGNIFICANT amount, and not affected my legitimate mail in the slightest degree. 😈

seriously…

i put a notice on hybrid elephant’s contact form, a few months ago:

PLEASE NOTE: This contact form is solely for the use of Hybrid Elephant customers who need to get in contact with us. Every message that is sent with this form includes a unique IP address in the header, which identifies the computer from which the message was sent. If you use this form to spam us, all you will accomplish is to put your IP address on the list of IP addresses which are PERMANENTLY BANNED from accessing Hybrid Elephant for any reason. Please DO NOT USE THIS FORM to send us advertisements or solicitations. It WILL NOT WORK! You have been warned!

this morning i received spam from the contact form, which said “my apologies for reaching out cold like this, just trying to see who I can help.”

if you’re really interested in helping, there’s a snail-mail address, AND a phone number posted on the same page as the contact form — which contains the warning mentioned previously. there’s absolutely no reason why you could not have called me on the phone, or written me a snail-mail message, instead of using our contact form SPECIFICALLY for something that i have warned you NOT to use it for.

not only that, but the header indicates that you’re one of those suckers who bought into the spam that has been going around recently, which says that you can send your spam through contact forms, because they’re already approved. i know this because your return address is to a server in scottsdale, arizona, but the message was sent through 105.235.192.0/21, which is located in nigeria. not only that, but the domain name you registered is hosted by microsoft, and registered at godaddy, both of which are known, notorious spam havens, despite what they may say in their advertisements… so your domain name also goes into my spam filter.

congratulations, spammer: you have successfully participated in BLOCKING yourself, your domain, and a /21 range (2,048 individual IP addresses) in nigeria. you will never again be able to access any of my domains, for any reason, any email that you send to me will go unread, and there is absolutely NO WAY i will ever use your “instagram marketing” service… primarily because i do not now, and never have had an instagram account, and i do not intend to open one in the future.

which you could have found out just as easily over the telephone, and you wouldn’t have blocked yourself. spam doesn’t work. give it up.

🤬

spam update

as of 190729, the following IP addresses, and top-level domains are BLOCKED from my web sites, for egregious spamming behaviour:

5.104.108.0/24 – germany
5.188.210.0/24 – russia
5.226.136.0/21 – UK
23.19.0.0/19 – russia
23.82.128.0/22 – VIRGINIA, USA
31.13.191.0/24 – sweden
37.120.135.0/24 – italy
37.120.159.0/24 – UK
45.12.176.0/22 – india
45.81.0.0/22 – UK
51.15.0.0/18 – france/belgium
51.38.157.0/26 – poland
51.89.30.128/26 – denmark
77.81.105.0/24 – romania
77.81.106.0/24 – romania
80.211.253.0/24 – aruba/italy
85.25.236.0/22 – germany
85.204.49.0/24 – romania
85.204.50.0/24 – romania
85.206.165.8/29 – lithuania/canada
85.254.72.0/24 – latvia
86.109.170.0/24 – spain
88.201.208.0/20 – russia
88.247.0.0/18 – turkey
88.247.64.0/20 – turkey
89.36.224.0/25 – romania
89.44.138.0/23 – romania
89.238.128.0/18 – UK
92.101.192.0/22 – russia
93.125.99.0/24 – belarus/canada
95.37.128.0/17 – russia
95.216.0.0/15 – finland
103.39.132.0/22 – india
103.62.92.0/22 – india
103.76.22.0/23 – indonesia
103.113.3.0/24 – indonesia
103.138.238.0/24 – india
104.245.144.0/22 – canada
105.174.0.0/15 – angola
109.93.128.0/17 – serbia
109.158.0.0/16 – UK
109.175.96.0/19 – bosnia and herzegovina
109.245.80.0/21 – serbia
118.107.180.0/24 – hong kong
133.0.0.0/8 – japan (this represents 16,777,216 individual IP addresses, the largest block allocated by the IANA 🤬)
134.90.149.176/29 – norway
139.99.0.0/17 – singapore
142.59.228.0/22 – canada
150.95.104.0/21 – vietnam
151.106.10.154/31 – china/france
151.106.12.240/28 – romania
157.157.87.0/24 – iceland
168.196.0.0/22 – argentina
176.9.0.0/16 – bulgaria
177.36.246.0/24 brazil
178.17.160.0/21 – moldova
178.17.168.0/21 – moldova
178.162.208.0/21 – germany
178.162.220.0/22 – germany
178.175.128.0/18 – moldova
181.214.60.0/22 – brazil
181.215.96.0/19 – brazil (london, columbia, chicago)
182.50.128.0/19 – singapore
182.52.0.0/15 – japan/thailand
182.56.0.0/14 – india
183.80.144.0/20 – vietnam
183.89.0.0/16 – thailand
185.9.147.0/24 – russia
185.93.3.0/24 – UK
185.94.189.128/27 – romania
185.103.110.0/24 – finland
185.125.32.0/22 – turkey
185.128.27.0/24 – italy
185.156.173.0/24 – france
185.206.224.0/24 – denmark
185.220.101.0/25 – germany
185.222.58.0/24 – bangladesh
185.230.127.0/24 – germany
185.234.0.0/22 – ireland/UK
188.209.52.0/24 – macau
193.56.28.0/24 – UK
193.201.224.0/22 – ukraine
195.181.166.0/24 – UK
199.249.230.0/24 – TEXAS, USA
200.40.96.0/24 – uruguay
201.138.46.0/24 – mexico
203.113.160.0/19 – vietnam

.bid – auctions
.br – brazil
.casa – “house”
.cf – central african republic
.club – groups, organizations, assemblies, communities, general
.cn – china
.date – online dating
.direct – general
.do – dominican republic
.download – technology
.es – spain
.faith – religion and churches
.fun
.gq – equatorial guinea
.hk – hong kong
.host – network companies
.icu – entrepreneurs and business owners
.life
.live
.loan – banks and lenders
.md – moldova
.moda – “fashion”
.mp – northern mariana islands (and anyone using mailchi.mp)
.ms – montserrat
.ooo
.online
.party – nightclubs and social gatherings
.pro – professions/professionals
.racing – racing
.review – public reviews
.ru – russia
.site
.space – as a creative space
.store – stores
.stream
.top
.trade – businesses
.webcam – web cam shows and video sharing
.website
.win – games, micro$oft windoesn’t
.world
.xyz
.za – south africa

if you recognise your IP address, or if you are one of the unfortunates whose web sites have one of the preceding TLDs, i’m sorry, but it had to be done… maybe if you contacted your ISP and complained, they might do something about it. 😒

spam

this kind of thing REALLY annoys me! 🤬

Hi! hybridelephant.com

We make available

Sending your message through the feedback form which can be found on the sites in the Communication section. Contact form are filled in by our software and the captcha is solved. The superiority of this method is that messages sent through feedback forms are whitelisted. This method increases the odds that your message will be read.

Our database contains more than 25 million sites around the world to which we can send your message.

The cost of one million messages 99 USD

FREE TEST mailing of 50,000 messages to any country of your choice.

i put this up on my contact form, but it doesn’t seem to have done any good… in fact, i think it may have encouraged them:

PLEASE NOTE: This contact form is solely for the use of Hybrid Elephant customers who need to get in contact with us. Every message that is sent with this form includes a unique IP address in the header, which identifies the computer from which the message was sent. If you use this form to spam us, all you will accomplish is to put your IP address on the list of IP addresses (789 as of 190601) which are PERMANENTLY BANNED from accessing Hybrid Elephant for any reason. Please DO NOT USE THIS FORM to send us advertisements or solicitations. It WILL NOT WORK! You have been warned!

HAHAHAHAHAHAHAHAHA!!! 🤪🤣

last year i switched away from my then-new host provider after a very short period of time because it turned out that they were a spam-haven.

before i switched, it got so bad that i set up a monitor at MXToolbox to check whether or not my IP address had been listed at any blacklists.

the host provider was incensed at this, and swore up and down that they had robust anti-spam policies that were enforced with an iron fist, but i switched away from them shortly afterwards, anyway.

today i got a notice from the monitor. apparently 69.162.87.36 is running an open relay and has a poor reputation

so much for “robust anti-spam policies enforced with an iron fist”. 🤣🤣🤣🤣🤣

anti-spam

the following is a list of the TLD names that i have blocked from sending email to any email address at Hybrid Elephant:

.bid
.br – Brazil
.cf – Central African Republic
.club
.cn – China
.date
.direct
.do – Dominican Republic
.download
.es – Spain
.faith
.fun
.gq – Equatorial Guinea
.hk – Hong Kong
.host
.icu
.live
.loan
.ooo
.online
.party
.pro
.racing
.review
.ru – Russia
.space
.store
.stream
.top
.trade
.webcam
.win
.world
.xyz
.za – South Africa

if you are from any of these TLDs, you might as well give up on the idea of sending email to me.

related post

eeeenteresting! 😉

i got this email message today. it’s not from somebody i know, which usually indicates that it is spam, but in this case, i was, initially, lead to a different conclusion. on the surface, the message looked like this:

I would like to buy your arts
Date: Friday 181116 09:02AM
From: Piper Dover <Marcel at thermaclick dot biz>
To: (my email address)
Good morning! I found your projects in the internet and I need to make a gift for my father.
If it is not hard for you please, help me with the order.
Write me back when you will be on your workplace, please..
Kind regards, I expect your reply, I will send all details that I am interested in.

this is… okay, the person doesn’t speak english too well, but they’re able to convey, which is the important part. but “found your projects in the internet” is a little troubling, because, as far as i know, these days, “my projects” are all on my domains — przxqgl.info, puggryduckling.com, hybridelephant.com and friendlyswastika.art — which, admittedly, are “in the internet” and would even probably be referred to as such by people who don’t understand “the internet”, but it’s still something that makes me wonder. another thing that caught my attention right away is that it is “From:” Piper Dover, whose email address is “Marcel at thermaclick dot biz”. i don’t know about you, but i don’t know ANY “real” person whose email address contains a name that is not their real name… which means that, either, this person’s name is not “piper”, or this person’s name is not “marcel”, and, very likely, both of them. NOT a good sign. “make a gift for my father” also makes me wonder, because the “gifts” that i have are not ones that i would think of as ones that i would give to my father, but it takes all kinds, and it’s possible that they were actually referring to my pipes, or bongs… or, maybe, they want me to make something in the style of something else that they’ve seen “in the internet”. also troubling are the “help me with the order” and “when you will be on your workplace” statements, as both of them are irrelevant.

but where the message started to get strange was when i looked at the headers…

yes, i ALWAYS look at the headers for “suspicious” emails, before i do anything else. don’t you? if not, WHY NOT?? 😕

… where i discovered that, if i had “replied” to this message, it would not have gone to “Marcel at thermaclick dot biz”, but, instead, would have gone to “isabellayehudit28 at gmail dot com”, because of a header called “Reply-To:” which nobody knows about these days, but has been a standard part of email for as long as email has been around… and who is “isabella yehudit 28”??? why is she getting in the way of my communicating with “piper” or “marcel” or whoever he is?

at this point, i reached the conclusion that it was, in fact, spam, and proceeded to report it as such. it turned out that the message was sent from the russian federation, thermaclick dot biz is blocked by URIBL, and the message is Base64-Encoded, all of which are STRONG indicators of spammy activity.

the point being that even experts can get confused sometimes, so don’t rely on what they say, but do the extra steps necessary to prove it for yourself. 👍

interesting

the past few weeks (maybe as much as a couple months) i have been getting anywhere from 4 to 24 “porn spam scam” emails per day — you know the ones, where the guy claims to be a “hacker” who has “taken over” your computer, is emailing you “from your own email address”, doesn’t speak english too well, and demands some random amount in bitcoin to prevent him from revealing your “pornographic indiscretions” to “everyone on your contact list” (😒) — and i have been reporting EVERY! SINGLE! ONE! to their upstream provider, and to the bitcoin abuse web site… but for the past couple of days, i have noticed that the constant stream has dropped off considerably: two days ago, i received two messages, yesterday i only received one, and, so far, today, i haven’t received any.

i also noticed that, a few days ago, i started seeing specific SpamAssassin rules that are targeted towards the porn-spam-scam racket (bitcoin address recognition and “from:” address spoofing are the two big ones), but considering the massive influx of porn-spam-scam messages over the past couple of months, i would have expected a much more gradual drop-off.

anti-spam, anti-fraud information

the past couple of months i have been getting an inordinate amount of spam that goes something like this:

Hello!
I’m a member of an international hacker group.

As you could probably have guessed, your account X was hacked, because I sent message you from it.

Now I have access to you accounts!
For example, your password for X is X

Within a period from July 17, 2018 to October 3, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we’ve gotten full damps of these data.

We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one…

Transfer $800 to our Bitcoin wallet: 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

I guarantee that after that, we’ll erase all your “data” ?

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

please note: THIS IS FAKE NEWS!

whoever it is that sent it DOES NOT have access to my, or anyone else’s email account, despite what they may want you to think.

how do i know this? i have received at least 10 messages which are almost exactly identical to this one, down to the inconsistent english, carriage returns, and even the supposedly unique bitcoin wallet ID. the only significant difference in all of these messages is in the headers, which most people never see.

i want to go through this message, statement by statement, and show you exactly WHY it is fake news, and you shouldn’t buy into their scam.

first,

I’m a member of an international hacker group.

no you are not a member of an international hacker group. if you were, you wouldn’t have to tell me so. you are, in fact, a skript-kiddie who thinks he can make money by using other peoples’ code to mess up my internet: you are a vandal and a criminal, and i WILL track you down and turn you in, because it’s easy-peasy. 😠

As you could probably have guessed, your account X was hacked, because I sent message you from it.

any real hacker can tell you that you don’t actually have to have access to the account that’s on the “FROM:” line in your email, in order to make it look like you have access to that account. the fact is, i can send email to anybody i like, put whatever email address i like on the “FROM:” line, and 98% of the time, it will go through to the recipient without any difficulty. this is because the “FROM:” line is one of the easiest parts of the email to spoof. i have sent email that looks like it was coming from Bill Gates, and, if you didn’t know that i was sending it, and you have no way of looking at the email headers, you would think it was Bill Gates, and not me.

but you would be wrong.

then:

Now I have access to you accounts!
For example, your password for X is X

this password (which i have “X”ed out) is an authentic password from me, but because i have kept a list of every password i used, and where i used it, i KNOW that it is AT LEAST five years old, and has been superceded many times by more potent passwords. nevertheless, i also KNOW EXACTLY where i used this password last, so the first thing on my list is to write to the administrators of that place, and let them know that they’ve experienced a security breach.

then, just to make sure, i CHANGE MY PASSWORD AGAIN!!! just because they don’t really know anything is no reason not to be cautious times five… 👍

once again:

Within a period from July 17, 2018 to October 3, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we’ve gotten full damps of these data.

surprise! i KNOW that this is fake news, because i KNOW that i have not visited adult web sites. EVER! this may be a little more difficult for some other people, but for me, it’s a no-brainer: you are much less likely to be infected with a virus if you don’t visit adult web sites. the “full damps” of these data are imaginary.

not only that, but starting on 10 july — which is before the alleged “infection” — i was not even near my computer, much less using it, for at least a week, and i haven’t even had any social media accounts or messengers since about a week later. FAIL!

and, just as an aside… what are “full damps” anyway? i would have called them “downloads”… i have never heard the word “damps” used to mean “downloads”… do these people even speak english???

if you actually do visit adult web sites, you may be taken aback by this claim, but keep in mind the first part of the message, where they claimed to have access to my email account: they were wrong then, so the probability is quite high that they are wrong now, as well.

We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

i admit that my tastes are quite weird, but the fact that you “saw and recorded” me doing those things is a lie: i don’t even have a webcam, or any kind of device that could record me doing stuff that i don’t even do in front of my computer anyway.

once again, if you have a webcam on your computer, it may be a good idea to cover it with a piece of tape when you’re not using it, but the fact is, people who write you out of the blue and claim to have access to your computer, are lying, more likely than not.

now we come to the real reason people send out spam like this:

Transfer $800 to our Bitcoin wallet: 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

yeah, bitcoin is really easy to hide your transactions and make them more anonymous, but if the person who is asking you to send them bitcoin for stuff that they have been lying about, then it is also harder for you to get your money back when you figure out that you have been lied to… which is why it’s always a good idea to make sure that the information you have been given is NOT a lie before you make your transaction.

in this case, they’re lying about the virus, the adult web site, the visual and audio recording, and the amount of data they claim to have collected, so i am confident that, if i were to look up their bitcoin wallet address, there’s a good chance that it, too, will have been shut down for fraudulent activity. yes, it is possible for that to happen, and in cases like this, it is fairly frequent.

ETA: i’m wrong about this one. the bitcoin wallet at 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w is active, showing 17 transactions (at this time) worth 1.95616527 BTC, or, $12,949.81 USD at this time… all the more reason to realise that THIS IS A SCAM!!! if you’re interested in reporting scam bitcoin wallets, you can do so here, as i have.

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

this “timer” is more impetus for you to act immediately, without checking any of the above mentioned information for inconsistencies. i know that it’s not true because i have received several messages like this, over the past two months, and nothing has ever happened to me, my “data” has not been mailed to my contacts (as will be seen in the next statement), simply because 1) they don’t have any of my contact information, and 2) they don’t have any data.

they’re just trying to scare me, and it’s not working.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

see? they’re threatening to send “all your messages and videos” — which they don’t have — “to all your contacts” — which they also don’t have — unless you send $800 to a bitcoin wallet which no longer exists.

by this time, you are EITHER freaking out and reading up on converting regular money to bitcoin, or you, like me, are laughing out loud, and wondering why other people are so stupid.

because, if you think about it, $800 is a fairly small amount of money to extort from someone who is willing to give it to you without doing their homework… so what is preventing them from saying your data has been erased, but, actually has been put into a separate category of data that can be used to extort more money from you, at a later time?

of course, if they don’t have any of that data (as in my case) i have nothing to worry about, but for people who might have data like that, who knows what they may do, even if everything else is a lie?

finally, a LEEEETLE TINY BIT of common sense, to finish things up:

You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself.

basically, if it’s on internet, it’s not a secret. if your computer is on internet, there’s a remote chance that something like this really may happen to you at some point, if you also keep your secrets on your computer. thus, the logical conclusion is that if you keep your secrets somewhere other than on your computer (or your tablet, or your cell phone), you won’t have any problems deleting the message when you get spam like this.

for those of you who may remember the screed i wrote about how to report spam: if you receive a message like this, that would be a good place to start. 😉

how to report spam

i use this spam policy, along with maintaining robust global email filters, running SpamAssassin, and blocking IP addresses that are used for abuse. the result of using these procedures has resulted in my having to get this far MAYBE as many as 10 times in a day, and some days i don’t have any spam at all. YOUR MILEAGE WILL VARY! and, remember… the more you do it NOW, the fewer spam messages everyone gets down the road!

this is written from the perspective of a person who uses an email client and a web browser. if you ONLY use a browser (if you use webmail), there may be extra, intermediary steps that are not written down here.

the first thing you need to know is how to extract headers from your email messages, which is different depending on how you get your email.

  1. once you’ve extracted the headers, go to this URI:

    https://www.iptrackeronline.com/email-header-analysis.php

    leave wherever you have extracted the headers — the “message source” — open, because you’re going to need to copy more of the message, later.

  2. for now, paste only the headers into the form, and click “Submit header for analysis”.

    the analysis is WAY more information than you need, but the information you DO need is right near the top: under the header “Email header analysis report” will be a table that contains “All valid IP Addresses found in the header”, and usually the top one (or, possibly, two) will have an asterisk (*) next to them, which is the “Probable originating IP address”.

  3. copy that address. if it’s two, copy the first one, do the next steps, and then come back and copy the second one and do the next steps for that number, as well.
  4. now, go to this URI:

    https://centralops.net/co/DomainDossier.aspx

    paste the IP address in the “domain or IP address” field, check the following three boxes:

    domain whois record
    network whois record
    DNS record

    and hit the “Go” button.

    then, i find that it’s easiest to use the “Edit” -> “Find In This Page” function of my browser, to search for every instance of the commercial at symbol – @ – which is used in email addresses.

  5. now, go back to the message source, where you extracted the headers (remember that?)

    select and copy the entire message, including the headers. now you can close the message source.

  6. select the message in your inbox, and choose “Forward”.
  7. this will open a new message, with the message you’re complaining about inside a forwarding header. select everything EXCEPT the forwarding header, and delete it. then paste the message source that you copied in where the other stuff used to be.
  8. then, go back to the web browser, and find every email address for the IP address you’re complaining about, and put them into the “To:” line of your new, forwarded message.

    SOMETIMES the information will tell you something like “Report abuse only to…” or something like that. you can do that, if you want to, but frequently the “abuse” address is disabled, and the other addresses aren’t, so i’ve found that it’s a good idea to send email to EVERY address, whether or not it says to.

    if your search at iptrackeronline.com came up with two “Probable originating IP addresses”, now is the time to go back to step 3), copy the second IP address, and continue from there.

    you’ll end up with a forwarded message that contains the raw, text-only message, which is addressed to at least two, and sometimes as many as 9 or 10 email addresses.

  9. if you’re REALLY hung up on privacy, at this point, you can search for YOUR email address using the “Edit” -> “Find” feature of your email client. if you do this, replace every instance of your email address with an X to make it obvious that you haven’t done anything except remove your address from the header. seriously, if you do this, and mess around with the headers too much, eventually someone will complain about it, and YOU’RE supposed to be the one who is complaining, here.

FINISHING TOUCHES:
i usually like to mark my new message “Urgent”, and i also like to get a “Return Receipt” (which is not available on all email clients). i also like to insert the words “ABUSE VIOLATION” in the subject line, prior to the original, forwarded header, so that they know that you’re complaining, and not just sending more spam.

if you (like me) run your email through SpamAssassin, or something like it, you may have a special header section that gives you reasons why this particular message is (or is not) spam. sometimes this will include things like URIBL_BLOCKED information, which gives you the URIs that are used in the message, which are blocked by various spam lists. if you get an identifiable URI, you can use the “Edit” -> “Replace…” feature in your email client to replace these URIs with human-readable, but machine-invisible equivalents, which will further attest to the fact that you’re complaining, and not just sending more spam.

——

it is important to remember that all of this information is time sensitive: if you don’t get around to reporting spam until two or three days later, it has considerably less effect than a report that is made as soon as the spam message is received. generally, if more than 12 hours has passed, i just trash the spam and continue with my life.

about half of the reports i send produce some kind of response. about half of the responses i get are automated, either telling me that the message has been received, or telling me that it has not been received for one reason or another. a few of them are, actually, human responses, usually saying that they’ve forwarded the message to their client (the spammer), or saying that there’s nothing they can do about it. this is where requesting a return receipt is helpful: if you get a return receipt, there’s a good chance that someone at least saw your message. even if the return receipt says “not read”, you know that it’s a good address, and that someone saw your complaint, even if they didn’t do anything about it.

step 9) is important if they say they have forwarded your message to the spammer, because if you have not replaced all of the instances of your email address with an X, then the spammer now has your email address, surprise! they can do whatever they like with it, which usually means sending you more spam. in extreme cases, they send a SHIT-TON of spam (like, 500,000 messages) or try to send you viruses or malware, so it’s really important to do ALL nine steps.

believe me, speaking from personal experience, cleaning up after a 500k message bomb is no fun. 😕

in the case of someone who says there’s nothing they can do about it, that’s the point where i go back to the IP address that i complained about originally, and put the /16 or /24 into my IP blocker (depending on how egregious the abuse has been).

also, i put commonly used words and phrases that typify abuse (things like “ALMIGHTY GOD” and “flight simulator” and “Pílula” and “电子邮“) into my global email filters, and update them with new information frequently.

occasionaly — VERY occasionaly — i get a response such as this one, which makes all of this rigamarole worth while.

also, why i only accept plaintext email (and why you should, as well)

spam spam spam spam spam spam spam spam spam spam MALLET!

i never get tired of this… 😎

[#RNZ-396-23469]: ABUSE VIOLATION: RE: PAYMENT INVOICE
From: Namecheap Legal & Abuse Team <[email protected]>
To: you know who
Date: 180520 12:37 am
Spam Status: Spamassassin
Hello,

Thank you for your report.

While the gaushmedical.us domain name is registered with Namecheap, it is hosted with another company. That is why we cannot check the logs for the domain and confirm if it is involved in sending unsolicited emails.

However, it seems the domain name is blacklisted by SURBL. Since we consider SURBL to be a trusted organization, we opened a case regarding the domain name. Please allow about 48 hours for our further investigation.

Thank you for letting us know about the issue.


[#RNZ-396-23469]: ABUSE VIOLATION: RE: PAYMENT INVOICE
From: Namecheap Legal & Abuse Team <[email protected]>
To: you know who
Date: 180521 08:19 pm
Spam Status: Spamassassin
Hello,

Please be informed that as a result of the investigation, the domain gaushmedical.us was suspended. It was null-routed and locked in our system, so the spamming activity should end once the propagation is over.

Thank you for letting us know about the issue.


whois gaushmedical.us
Domain Name: gaushmedical.us
Registry Domain ID: DC3FBD2D4DC1743DE92E082A91D15BEDE-NSR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2018-05-22T03:18:40Z
Creation Date: 2018-05-15T06:56:45Z
Registry Expiry Date: 2019-05-15T06:56:45Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C29C72D760FD14C7FAD8D886E1C016E55-NSR
Registrant Name: New Oru
Registrant Organization:
Registrant Street: Hertzstr. 4
Registrant Street:
Registrant Street:
Registrant City: Heidelberg
Registrant State/Province: Heidelberg
Registrant Postal Code: 69126
Registrant Country: DE
Registrant Phone: +49.8635999192
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Registry Admin ID: CBBCDFB2B18654CFC972C6274C0858A93-NSR
Admin Name: New Oru
Admin Organization:
Admin Street: Hertzstr. 4
Admin Street:
Admin Street:
Admin City: Heidelberg
Admin State/Province: Heidelberg
Admin Postal Code: 69126
Admin Country: DE
Admin Phone: +49.8635999192
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID: C3200FE79814B420EB1FA838AEBEF9060-NSR
Tech Name: New Oru
Tech Organization:
Tech Street: Hertzstr. 4
Tech Street:
Tech Street:
Tech City: Heidelberg
Tech State/Province: Heidelberg
Tech Postal Code: 69126
Tech Country: DE
Tech Phone: +49.8635999192
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: blockedduetospam.pleasecontactsupport.com
Name Server: dummysecondary.pleasecontactsupport.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-05-22T04:57:32Z <<<

😂

spam

as of today, these are the TLDs i have blocked from sending email to my server, because of spam:

  • .bid
  • .date
  • .faith
  • .fun
  • .live
  • .online
  • .party
  • .stream
  • .trade
  • .website
  • .win

if your web site is under any one of these TLDs, you’re not going to be able to communicate with me over email, so you might as well give up now. it’s not going to work.

ETA: 180520 add to the previous list:

  • .club
  • .top

… give it up, folks. ๐Ÿ˜

why i only accept plaintext email (and why you should, as well)

a couple days ago, a friend mentioned the fact that i only accept plaintext email, and asked if HTML email was against my religion. i said “yes”, and this is why i don’t accept rendered, HTML-formatted email. it is a story with a moral at the end, so pay attention.

today, i got an email that said it was from “DHL Customer Support <[email protected]>” and the subject line was “DHL Shipment Notification”…

keep in mind that the “From:” address is one of the easiest things about any email message to forge. among the other easy things to forge are the “Subject:” line, the “To:” line, and the body of the message, which is one of the reasons it’s not uncommon to get spam from “yourself”.

the spam i got contained the following message:

Notification for shipment event group “Delivery Exception” for &email&;
Dear Customer,

This is a notification that your package has experienced an exception, kindly follow the link to update your address: https://www.dhl.com/address_update

however, because of the fact that i only accept plaintext email, this is what i saw:

<p align=”LEFT”><span style=”font-size:12px;”><span style=”font-family:times new roman,times,serif;”>This is a notification that your package has experienced an exception, kindly follow the link to update your address:</span> <strong> </strong><font color=”#0000ee”><strong> <a href=”https://chicagoturfpros.com/wp-includes/css/dhl/[email protected]”><span style=”font-family:times new roman,times,serif;”>https://www.dhl.com/address_update</span></a></strong><span style=”font-family:times new roman,times,serif;”> </span></font></span></p>

for those who look carefully, particularly at the bigger sections of the text, you will discover that there’s a link — a href= — and the target of that link is chicagoturfpros.com…

BUT the apparent target of the link is actually dhl.com. this is compounded by the fact that SOMEONE has taken a lot of time and care to make it look like the dhl.com web site, even though it isn’t.

180513 badware
180513 badware

if i accepted rendered HTML-formatted email, i, very likely, would not have seen the fact that, instead of going to dhl.com, i was actually going to chicagoturfpros.com — WHICH IS EXACTLY WHAT THE SPAMMERS WANT TO HAPPEN!

because of the fact that the link also includes my email address, there is also the very strong probability that: 1) i would have clicked the “update address” button without noticing that i’m giving my personal information to “chicagoturfpros.com” or whoever is controlling their web site, and 2) even if i didn’t click the “update address” button, my email address is now a part of the web log for “chicagoturfpros.com” (or whoever is controlling their web site), which means that, even if they didn’t get my personal information, they have what is now a “valid” email address, with which they can, then, send me more spam.

because of the fact that i DO NOT ALLOW rendered, HTML-formatted email on my computer, they (whoever “they” is) don’t get ANY information from me.

which is precisely why you should NEVER allow your email client to render HTML-formatted email.

if you have a regular email client, not accepting rendered HTML-formatted email should be as simple as going to the settings and deselecting “Use HTML by default” or whatever your email client has (this is one of the differences in all email clients). if you use IMAP (web mail) you may or may not have that capability, so your mileage may vary. i very strongly recommend that you use an email client which is compatible with IMAP, and reply from that, even if you do use web mail. it makes things a hell of a lot easier, especially when you’re dealing with spam and identity theft.

i realise this is a lost cause, and that pretty much everyone sends, and receives HTML-formatted email by default, these days, but identity theft is still a MASSIVE problem, and it’s only being made worse by the default preponderance of HTML-formatted email. if you don’t want to have your identity stolen, ONLY ACCEPT PLAINTEXT EMAIL. it won’t guarantee that your identity won’t get stolen, but it will go a long way to make it a lot more difficult to do so.

this has been a public service announcement.

ETA: wordpress is concerned enough about my security that, yesterday, it sent me three notices concerning the fact that the link i provided above, which isn’t even a link, but just a text representation of what the link looks like, is a security risk, and offered to delete the page for me. THAT’S why i only accept plaintext mail. 👍

for further information, read In Apple Mail, Thereโ€™s No Protecting PGP-Encrypted Messages which gives a contemporary example of why HTML-formatted email is evil.

Rule 3

an example of Rule 3, spammers are stooOOpid…

at 3:24 pm, today, this happened:

180501 stupid crack attempt
180501 stupid crack attempt

at 3:26 pm, today, i blocked 88.99.0.0/16 from accessing my web site.

you may not fit the definition of a spammer, but you are definitely stooOOpid. is it possible that you are a machine? you have not done your owner a favour, you know.

meta spam

i got spam the other day.

big surprise…

i reported it to the upstream provider, as i usually do. one of the upstream addresses to which i sent a report was [email protected].

today i got a return receipt from that address. it said “Не прочтено” which means “not read”.

seriously, i wonder why a company as big as Rostieliekom would maintain an “abuse@” address and not have it respond to an abuse report. 😕

dear OVH

dear OVH,

i have been reporting, and blocking spam from your network for at least 5 years. i have at least 500 different addresses that you have used to hide behind, so that when the spam-reporting gets too extreme, you just start a new, incomprehensible email address… yes, i’m talking about [email protected] and [email protected] and 94nhgu6xjcnivuapga[email protected] and [email protected] and EVERY FUCKING thing in between…

through my moderate poking around, i have discovered that most of these addresses are for Florent Demuynck, Stephane LeSimple, Falco Schmutz, Grillion Alexis, Tarik Benammar, Edouard Vanbelle, Benjamin Ficheland, Laurent Allard, and others (some of whom may or may not still be employees of OVH), and/or their boss, Octave Klaba.

today, for the first time, i have actually blocked someone from OVH for trying to login to this blog… YES, MY BLOG has been probed by 158.69.223.8.

this is a warning: if i EVER catch you or any of your minions poking around my web again, i will block you so fast that it’ll make your head spin.

i’m on to you OVH. don’t push me, or you’ll feel my mallet! 😠

hey, check it out…

so i got another 2,500 spam messages starting this morning, but i FINALLY figured out where the settings are on my server that let me do things like filter spam that all has the same subject line, but different senders, and how to block all messages that have a sender from a certain IP-address-range, or from a certain country…

no help from my host provider, naturally… i’m seriously getting the impression that, despite the fact that they’re home office is in great britain, they hire people from india, russia or south america to do tech support, and english is NOT their primary language… and if i have more than one question per response, they only answer the last one, and totally ignore all of the others. it took me four days and a great deal of consternation to get them to delist my IP address from hotmail, which is something, if i were to do it myself, would take about half an hour. 😒

spam spammers spamming

i am digging my way out from under an inundation of spam messages which arrived between around 1:00 am and around 4:00 pm yesterday. all told there were around 10,000 messages, but they were arriving in 10 to 12 message batches, about 500 every five minutes or so, and only started to decrease around 3:30.

but, at the same time, i sent two LARTs to the spammer’s upstream provider, yesterday, and today i got confirmation(!) that they had disabled their Luser’s email capabilities. i realise that they may just be blowing me off, and the gap will very quickly be filled with another spammer, but it’s good to know that my mallet is still quick and strong… 😎

ketchup

i isolated 10 “good enough” tracks from the raw files, but none of them were more than 6 minutes, and i wanted at least one that was 10 minutes or more, so i’m going back to fort worden next tuesday to try it all again. i’ve also bought a recording device of my own, which should make things more interesting, if nothing else.

i woke up the other day and tried to log in to my email account and discovered that everything was offline, and when i went to the host provider to determine why, i discovered that my account had been suspended because they received a spam complaint about me… except that, when i looked at the complaint they received, i recognised it immediately as one that i had sent to an upstream provider a couple of days before, and what they had done was forward it to the upstream provider on the “From:” line, instead of reading the headers to determine that they were, in fact, the people responsible… and, because of the fact that i NEVER receive spam complaints, they arbitrarily suspended my accounts, instead of reading the headers to determine who was actually responsible. 😕 since then i have received about 10,000 spam messages, in 1000 message increments, from people whose php servers have been compromised such that, simply by reading the headers and knowing where to click, i can actually see the spammers online interface on the compromised server…

but I was the one whose account was suspended for spamming. if it weren’t for the fact that i’m still recovering from my bout of changing host servers every few months, a few years ago, i would seriously consider switching, but… in spite of everything, the host server i currently use has been better than any of the others that i have found, for the price.

by the way, here is the place to get your email headers analysed, and here is the place to get information about the IP numbers you’ll get from analysing your email headers. basically it’s the same thing that spamcop used to do. i suppose there’s a way to automate it so that i don’t have to go through all the steps to figure out who gets the LARTs, but i like getting my hands dirty, because i know it’s being done correctly this way. 😏

i have a gig next saturday with the fremont philharmonic at “dudefest” and another gig on sunday at the peace arch in blaine with the sousa band. i’m probably going to spend sunday night in bellingham… depending…

by the way…

just because i no longer have an address @spamcop.net DOES NOT indicate that i am any less than totally annoyed by spam messages that get sent my way.

an example could be found this morning, when i woke up, logged into my email client and discovered that i had over 1500 individual messages “From:” myself which were HTML formatted messages in brazilian portugese (indicating that, in reality, they were not “From:” myself), and, as i sat there and watched, another 500 messages appeared and were downloaded within the space of 5 minutes…

they all appear to have originated on cloudapp.net, which is owned by microsoft. it was set up on a “host” that is called zpx09.cloudapp.net, but it doesn’t have a whois or mx entry, which doesn’t surprise me a great deal, but what does surprise me is that there appears to be a script interface at http://zpx09.cloudapp.net/caminho-ranger-32.php which looks like this:

150722 spam script interface

great… now i can send my own spam. unfortunately, but not surprisingly, there is no indication to who the script belongs, but my guess is that if i write to microsoft, they will, eventually, take the script down and ban zpx09.cloudapp.net, if nothing else…

and while i was writing this, another 700 messages came in… time to block brazil, again. 😕

ETA: as of 6:00 pm there are 1500 more messages, for a grand total of over 3000 in a 12 hour period… and microsoft doesn’t even seem to care… ๐Ÿ˜

spam comment update

i adjusted the settings on my Limit Login Attempts plugin again, so that the first attempted login as “admin” (or anything other than the correct login name) results in a 720 minute (12 hour) block, and the second attempted login results in a 672 hour (28 day) block…

and STILL i have an estimated 5 attempted logins per day, and about half of them are blocked for 28 days… ๐Ÿ˜ฎ

and, not only that, but two IP addresses — both from baghdad — have been blocked a total of 18 times (one has been blocked 10 times, and one has been blocked 8 times) since i installed the plugin, about 6 months ago.

and, so far, nobody has guessed the correct login name. ๐Ÿ˜Ž although there have been some fairly obvious attempts, and some attempts — like “QhYQFvutnN” and “DouglasSevy” — that make me wonder what is really going on…

note

the only user other than “admin” that i have blocked since 141208 has been “QhYQFvutnN” which is really bizarre… i wonder what makes… you know, never mind. forget i said anything.

chuckle…

now that i am not so reliant on spamcop, i’ve bumped up my spam-fighting in some other ways that are proving to be rather interesting. the most recent item in this ongoing battle is that i have installed a plugin that limits login attempts for people whom i have not granted credentials to login. basically you get two attempts, and if your guesses are wrong, you are blocked from accessing the blog for an hour. at that point, you have two more tries, and if you fail those, you’re locked out for 2 days…

i figured that this wouldn’t be a problem for people who actually know the password, and it would be another major roadblock for people who think they can guess it (hint: don’t even bother).

i installed the plugin two days ago, and i’ve already gotten four five IP addresses that have been blocked for 2 days… it’s actually kind of amusing to watch — i get an email every time someone fails to login, so i get to watch as they try and fail and get blocked… ๐Ÿ‘ฟ

and, to be honest, i am not sure that 2 days is long enough… i think i’ll wait and see, but i’m thinking that 30 days is more like what i am trying to achieve here… ๐Ÿ‘ฟ

do not send email via spamcop.net to contact me any longer!

effective IMMEDIATELY, my email address is NO LONGER @spamcop.net…

there has apparently been a pretty extreme change of attitude at Cisco (the owner of spamcop), resulting in two things that are very bad, both for me, and for the internet at large. the first is that they are no longer providing email service @spamcop.net, and the second is that they are arbitrarily deleting “false-positives” — a message that appears to be spam, but actually is a legitimate message — without allowing me to check and forward those messages which are legitimate.

the result is that i am NO LONGER receiving email @spamcop.net they SAY that they will forward “legitimate” mail for one year, but they also say that they will delete any mail which appears to be spam, according to their “Cisco reputation system”, which i know to occasionally find false positives among people who occasionally email me… so i HIGHLY RECOMMEND that, from now on, if you want to contact me personally, you send mail to salamandir at hybridelephant dot com (ganesha at hybridelephant dot com is still good for business related issues),

it’s been more than 10 years… it’s the end of an era. ๐Ÿ™

spam WTF?!?

i’ve got a directory of addresses to report spam originating from certain domains. quite a few of these domains include an upstream domain (which, theoretically, is responsible for making sure the hosted domain doesn’t send spam) that is enom dot com.

just out of curiosity, i typed host enom.com into a terminal, and it gave me 98.124.253.221

then i typed dig -x 98.124.253.221 soa which told me that rightside.co is the SOA for that IP address. whois rightside.co gave me enom dot com, which uses nameservers provided by akam.net

rightside.co or The Rightside Group owns enom dot com, and a bunch of other registry-related web sites…

host akam.net returns nothing….

[email protected]:~$ host akam.net
[email protected]:~$

however, i have a sneaky way to get around things that return nothing in my terminal, and that is DomainTools dot com. they tell me that akam.com is owned by Akamai Technologies… the people who are responsible for serving between 15 and 30 percent of all web traffic…

so, to conclude, quite a number of the people behind the domains responsible for the spam i receive on a daily basis, ultimately, buy their server time from akamai technologies.

i’ve read that up to 80% of all internet traffic is spam, and it’s all coming from a company that serves between 15 and 30 percent of all web traffic…

how does that make ANY sense whatsoever?!? ๐Ÿ˜›

reminder

having facebook send me spam advertising your web page is NOT a way to get me to pay attention to you, except, probably, in the way that you don’t want, okay?

thanks. ๐Ÿ˜ก

dear 183.60.243.188

dear 183.60.243.188, CHINANET Guangdong province network, Data Communication Division, China Telecom, CN.

you have been banned from this network.

TWICE.

once on 140127 and once today, 140208.

the reason you have been banned is because you tried to access a part of our web that is off limits to people who aren’t supposed to be there, in other words, the “admin” section of our web site. the reason you aren’t supposed to be there is because people who access our admin section should know the password, and be honourable and “sattvah” enough NOT to do evil with the information that resides there (which is one of the reasons why i decided to put the “admin” section of the web site somewhere OTHER than in the directory called “/admin”)…

because of the fact that you tried, TWICE to access that part of the site, without a request to lift the ban the first time, the possibility that you are EVER going to be allowed to access any of the site, at all, in the future, is, at this point, practically non existent.

get a clue, spam-boy… you’re not going to break in, so you might as well just give up.

Don’t Like Spam? COMPLAIN ABOUT IT!

Don’t Like Spam? Complain About It. — i have been a contributing member of spamcop for close to 10 years — since february, 2004, even before i was directly involved in the electronic communications industry — and, every now and then, i get the impression that what i am doing doesn’t actually accomplish anything… so when i read an article like the one linked above, it does me a world of good to see that people like brian krebs recommends that people use services like spamcop. it is also a good source of information that i wouldn’t be able to find anywhere else, like detailed information regarding the origins of the flashback worm, and the fact that people like me are labeled “abusers” by the people who send out spam…

what it comes down to, is that, if you’re fed up with spam arriving in your inbox, the best thing you can do to stem the tide, is to complain about it, early and often. you may not notice a significant change in the number of spam messages you receive, immediately, but over time, not only your personal allotment of spam will decrease, but the amount of spam everybody receives will decrease, and everybody will be happier…

well, everybody except the people who are really the abusers, but we don’t care about their feelings anyway. ๐Ÿ˜Ž

skript-kiddie stupidity

i have been getting a lot of comment-spam recently, that is along the lines of this:

{
{I have|Iโ€™ve} been {surfing|browsing} online more than {three|3|2|4}
hours today, yet I never found any interesting article like yours.
{Itโ€™s|It is} pretty worth enough for me. {In my opinion|Personally|In my view},
if all {webmasters|site owners|website owners|web owners} and bloggers made good
content as you did, the {internet|net|web} will bee {much more|a
lot more} useful than ever before.|...

i don’t really understand the purpose behind such things… moreso than i don’t understand why people send spam at all, i mean probably 85% to 90% of ALL internet traffic is spam, and, as far as i have been able to tell, only a very minute fraction of a percentage of internet users actually think spam is a good thing, but… this is a new low: a person who uses a faulty, undoubtedly third-party script to drop faulty comment spam into a blog that WILL NOT publish it the way it was received…

it makes me understand a lot more how people like ken at popehat have policies like pasting. although i’m sure that, in this case, what they’re most interested in is a hyperlink, and i’m not going to do that for ’em, because their comment is obviously spam… and low quality spam (if there could be such a thing).

mwah hah hah hah hah!!

i went to the magnolia seafair parade this morning and didn’t boot up my computer for the day until a few minutes ago. when i logged into my email, 6 messages appeared in my inbox, all of which had the subject “IP Banned 2013/08/03 08:5X:XX am” where the “X”s are no more than 30 seconds apart. the first was from 123.151.39.42 and the rest were from 123.151.39.41, which are in beijing, china, and, apparently, represent some sort of automated malware scanner…

but it’s kind of amusing, because they’re both from very similar IP addresses, which means that there’s probably some sort of malware that has taken over that computer and when it runs into an IP ban with one, it just tries the next one. what it doesn’t know is that after two banned attempts from the same /16, i just ban the entire /16… so it vainly tried to get into a number of known weaknesses in the site with at least 3 different user-agents, but because of the fact that the entire network was banned it FAILED FIVE MORE TIMES before it went somewhere else.

if this had been from borneo instead of china, i would be a lot more interested, but as it is…

PLONK!!!

a "smart" spammer??

i may have worked out why the mailing lists that i administer have been not delivering messages to all of the registered members of those lists recently. it was because of a “smart” spammer.

if you recall, Rule #3 of The Rules of Spam states that Spammers are stooOOpid, so how could a “smart” spammer even exist in the first place?

in this case, it’s a matter of degrees. you can be smarter than the ordinary spammer, but if you’re a spammer yourself, you’re still pretty stooOOpid compared to those of us who aren’t spammers.

the “smart” spammer shared my IP address, and was very definitely sending out spam, but he was not flooding the net with spam, like most spammers do, he was trickling spam out at a rate that was just below the point at which my host providers’ spam alarms would indicate. thus, while other, more brash spammers got the mallet immediately, this “smart” spammer continued to share my IP address for several months before he got the mallet.

of course, this was also complicated by the fact that, for several weeks, my host providers’ answer to all of these problems i was having, was to delist my IP address from the CBL without actually attempting to discover why that address was listed at the CBL to begin with. which is where persistence comes into play. instead of accepting that “the host provider knows best” and closing the work ticket the first time they requested delisting, i actually checked CBL myself, to determine whether or not what the host provider had told me was true, and when it turned out that my IP address had been relisted, i called them on it… and then, i called them on it again, when they told me that everything was the way it should be… and then, i called them on it again… and again… and AGAIN! ๐Ÿ˜

i think they finally got the idea, because as of 10:00 this morning, my IP address had not been listed at the CBL for 24 hours, which is the longest time it has not been listed in 2 months.

let’s keep it that way, okay?

KILL ALL SPAMMERS!!!

so i think i may have discovered at least part of the reason why mail has been bouncing whenever someone sends a message to the band mailing list.

CBL has apparently locked on to the sousa band IP address (which is on a shared host)…

this is a disadvantage to operating on a shared host. the powers that be are looking into it, and i hope that they are actually able to catch whatever spammer or enabler may exist on our IP address…

and when they do catch whoever it is, i hope they ROAST HIS BALLS OVER A SLOW FIRE!!! ๐Ÿ˜ก

i’m no longer really confused

i got an email message this morning. it was addressed To: my “work” address — i.e. the same email address i get mail from my web site. however, and this is fairly significant, it was not mail from the web site. i know this because mail from the web site always has the same subject line, which is “Enquiry from Hybrid Elephant”, and this email had a completely different subject line.

the message is as follows:

[SPAM?] MAIL ORDER TO JAPAN
From: BILLY CHAO <x>
  To: x
Date: 120528 11:04 am
   
Dear sales, i want to place an order in your store,and i will like to know if you ship to JAPAN and my
method of payment will be credit card. So please let me know if you can assist me with the order ,And
please do not forget to include your web page in your replying back to my mail.I will await your prompt
response as soon as you receive this mail

the [SPAM?] indicator is a clue that the MTA immediately prior to my inbox (i.e. the one over which i have control) isn’t sure whether this is really spam or not, but the probability is sufficiently high that a warning is in order…

but there are some things that REALLY make me wonder whether it is, really what it says: the fact that “BILLY CHAO” asks for my web page… as if he wants to make an order, but doesn’t have the web page handy. and the fact that his name is “CHAO”, which, as we all know, is the singular of “CHAOS”…

when i ran this particular email through my spam-detection program, it came up as definite spam, and even reported that “ISP has indicated spam will cease; ISP resolved this issue sometime after Mon 28 May 2012 15:36:05 PDT -0700″…

that should be the end of it.

what was that?

around this time a few years ago, i recall saying that this was “rehearsal season”. it’s definitely rehearsal season, despite the fact that i haven’t mentioned it recently. this was driven home to me last night, when i got home from a BBWP rehearsal (we have a gig coming up in 2 weeks… take THAT, sharon osbourne!) and i realised that i had a BSSB rehearsal last night that i totally missed (because it wasn’t on my schedule 8/ ), and we’ve got a BSSB gig coming up this weekend

had i known that i had two rehearsals scheduled at the same time, i probably would have blown off the BSSB rehearsal anyway, but at least i would have been able to warn them that i wasn’t going to be there.

then, this morning, i logged into spamcop to check my spam, and i had a huge list of spam messages, so i clicked “select all” and hit the “submit” button before i checked the subject lines, and as i was scrolling down through the subjects, i noticed [BSSB] in one of the subjects, which is SUPPOSED to indicate to the spam filter that the message is NOT spam… but because of the fact that i had already clicked the “submit” button, it was too late to change it, and now all of my accounts are suspended…

<gong>SPAMMMMMMMMM!</gong> (and not the fine potted meat food product)

so i got this fine potted meat food product spam message today, which read:

Hello,

We are in the process of promoting a website about drug and alcohol rehabilitation. Would you be open to the idea of placing a text link ad on this page: http://www.hybridelephant.com/K2.php?

We hope to hear from you soon, so we can discuss rates and other pertinent details.

Thanks.

Stephanie Harper

first of all, categorically, NO!!! i AM NOT interested in doing business with anyone who uses spam as a marketing tool, regardless how appropriate it seems on the surface…

but then i looked at the message a little more closely… you see that part about “promoting a website about drug and alcohol rehabilitation”?

did they even READ the page at http://www.hybridelephant.com/K2.php, or were they just trolling for pages whose titles seemed appropriate… ’cause if they actually read the page, they would quickly realise that i am not suggesting that people who use alcohol or drugs go into rehabilitation, but the opposite… i am proposing that ALL “drugs” be legalised, which is an entirely different ball o’ wax…

the message also had a toll-free phone number and a web site link (which i have removed, because i don’t want anyone to get the idea that i support what they’re doing), so i called “Stephanie Harper” and got a computerised-voice answering service that said there was “NOBODY AVAILABLE. TRANSFERRING TO VOICE MAIL.” but i didn’t leave a message because there’s a very strong probability that they’ll ignore it anyway, and i don’t want to waste my breath. i then went to the console, and did some arcane and mystical things to discover that the domain is “owned” by a company called “Domains By Proxy” whose motto is “Your identity is nobody’s business but ours.®“… in other words, they don’t want to tell you who they are…

if i were running a company that marketed web sites by “directed mail”, i would want people to be able to find out about my business. sure, there’s the web site link, but that’s what i say about who i am, not what other people say about me… and, if i were a legitimate business (which, because they market using spam, it isn’t to begin with), i would give a way to get in touch with me that doesn’t involve a WHOIS privacy company. i did a more conventional google search and discovered that “Stephanie Harper” is, sometimes, “Valerie Elden”, or “Ella Easton” or “Derek Holden”, and they’re searching for all kinds of pages on which to put their filthy dreck, using the form

We are in the process of promoting a website about (X). Would you be open to the idea of placing a text link ad on this page: (Y)?

We hope to hear from you soon, so we can discuss rates and other pertinent details.

and they make a habit of randomly spamming, because i found a number of pages, from a number of different web sites (both legitimate and less-than-legitimate) saying, essentially, the same thing this one does, i.e. WTF, spammers? i also discovered that, despite their fancy looking front page, their “web site” has only two pages and is powered by wordpress… not the way to make me believe that they’re a legitimate company doing legitimate business with anyone… ๐Ÿ˜

spam

i logged in this morning and discovered 78 spam comments in my spam directory…

usually i log in and discover – at most – one or two spam comments. frequently i log in and find no spam comments at all (which is the way i like it), but 78 was a bit of a shock…

i also discovered that they are all from 4 or 5 different IP addresses…

since i installed my anti-spam plugins, my ability to control who comments has become a lot easier. i thought i had blocked those 4 or 5 different IP addresses already, but…

i have one method of blocking IP addresses from WP, and i have another, completely different method of blocking IP addresses from OSC. they’re similar, in that they both work off of lists, but the lists are in different places, and configured differently.

apparently i had blocked those 4 or 5 different IP addresses from OSC, but not from WP… and, it is my personal experience, that when spammers don’t get to leave spam everywhere, they get upset and try to mail-bomb me until they are completely blocked from communcation with me, at which point they get frustrated and go try to mess up somebody else’s good time.

bye spammers… go mess up somebody else’s site. you’re not going to get in here and all you’ll achieve is to piss me off… and you won’t like it when i’m pissed off.

i just thought i’d let you know…

i got 3 (yes, three) spam messages, with attachments, last night, from various addresses at nyc dot gov (which doesn’t mean a lot) with the consistent subject line “Uniform traffic ticket”. upon opening the messages (in a text reader, so that nothing tries to execute and take over my computer), i discovered that i have been charged with “NYS V AND T LAW” (which i assume is “New York State Vehicle and Transportation Law”) “SPEED OVER 55 ZONE”, on 07/05/2011 at 7:25 AM…

except that it neglects to tell me where, and because of the fact that i KNOW beyond a shadow of a doubt that i was NOT anywhere where the “NYS V AND T LAW” would be in effect, ESPECIALLY at that time of the morning, i have a reasonably good idea that this is actually a spam/virus/malware message that was intended to gain access to my computer via “social engineering”…

IT’S NOT GONNA HAPPEN! ☹

this is just to let anybody know – who might have the slightest idea that this is anything OTHER than a spam message… states may send out tickets for traffic offenses by email, but they’re OBVIOUSLY more legitimate than a message such as this… ๐Ÿ˜

this is why i don’t subscribe to things like this…

despite my interest in geneaology, i usually don’t just arbitrarily subscribe to things like ancestry dot com and genealogy dot com. however, i have recently subscribed to both of them, because i finally got around to uploading a GEDCOM file of my research (8 generations). almost immediately they send me this message that says i have “hints” about some of the people in my family tree…

my sister, my father, and my grandfather.

i know about these people… i know more than i would like to know, and probably more than they would be comfortable knowing that i know… i know what the “hints” are, and i don’t care

what they didn’t tell me in the “potted meat product that isn’t quite SPAM” was that they also have “hints” for 65 other relatives who are far more removed than my grandfather… such as Otto Tobe Biver, my first cousin twice removed, and Sarah Davisson, my grand aunt of wife of great-great-great grand uncle, and Charles W. Hammond, my great-great-great-great-grandfather…

addendum

i’m getting really amused by the spam-bots’ futile attempts to make it look like there’s really a human behind the spam, when the anti-spam plugin i’m using makes it so that there’s a form field that only robots fill out, and the spam automatically ends up getting trashed when that form field is filled out…

my mother-in-law bought me a huge 书法 brush… it’s bristles are four inches long (and i think they’re horse-hair, based on my experience with violin bows), it’s easily 1½ inches in diameter, and the whole thing is about 18 inches long… i suppose i’ve got the ink and inkstone and stuff to use it, but i’m not particularly good at 书法… maybe it’s a hint…

my blood pressure monitor has developed a leak, and now won’t register higher than 10mg Hg, which isn’t nearly enough.

i’ve got a gig with the SANCApators at a parade in magnolia on saturday. i’m playing sousaphone, and i actually have a sousaphone lyre… i’ve had it in my box of miscellaneous brass parts for the better part of 30 years, and i was able to find it immediately – partially because of the fact that my workshop is super organised these days… 8)

sunday i’m appearing with snake suspenderz at the ballard sunday market. apparently we’ve made a good enough impression on the vendors in the immediate vicinity that one of them offered to save us the spot this week… which is, apparently, against the “busker rules” – according to thad and hobbit, but they’re both actual buskers, so i’m assuming that they would know… anyway, we’re apparently not taking them up on the offer, but we’re going to try to make it down there early enough that it won’t matter.

damn…

10,150 spam messages… over ten thousand IDENTICAL messages… ๐Ÿ˜

what on earth motivates people to do that? it’s SO annoying, and all it does is result in the email address and IP address being blocked from further communication… why? does somebody pay them to do that? if not, then why? ๐Ÿ˜

i went busking with snake suspenderz this morning. we played for a little more than an hour, and i made $30, which i think is adequate. we got rained out, which isn’t fair: last time we busked, there was a 60% chance of rain, and it cleared up and was nice and sunny. today, there was a 40% chance of rain, and we got rained out. somebody said that 60% plus 40% equals 100% but i’m not exactly sure if i follow their logic…

one of my web design clients has asked me, twice now, how to “delete a youtube video posted by someone else”… it would be amusing if it wasn’t so sad.

yee HAW!!

i’m back from OCF, with about 200 photos that i am currently going through, slowly. be patient and all will be revealed… or at least as much of it as i feel comfortable putting on internet… 8)

but the reason for this post is that the day i left i got a notice from my anti-cracker program that said that it had permanently banned yet another IP address from being able to access my web site, because the person behind it had been poking around on my web site in a place where they definitely should not be… i’m SO jazzed that this works… it makes my day… week… month… ๐Ÿ˜€

not only that, but, today i got a message from an email administrator in germany, informing me that one of my recent, automatic spam reports (i.e. i didn’t even know that the spam message had been sent, received, or reported, because it happens completely automatically) was actually successful in preventing approximately 12,000 further messages from being sent. now i realise that 12,000 messages are a drop in the ocean of spam, but it’s a drop that didn’t get sent because of my automatic set-up…

isn’t technology wonderful? 8)

growl…

i’ve used a URI-shortening service – snurl.com – for several years, so that i can put a short URI into my “shipped out” emails, rather than having my customers have to figure out how to click a URI that is so long that it breaks when i send it in email. i’ve done this for at least five years, and i’ve even made a “custom” short-URI to help people remember what it’s for.

i shipped out an order today, and, as i usually do, i check to make sure my custom-shortened URI still works, and… it doesn’t! instead of going to the correct place, it now comes up with this annoying little error message that says “we delete snips used in spam.”

they’re accusing me of sending spam!

so, after investigating how to do URI-shortening on my own, and deciding that, at least for the moment, it’s more complex than i want to get into, i bought a new domain and redirected it to the long URI that used to be a snurl.com address. it’s kind of round-about, and definitely not the way i want to do things, but for the moment it works exactly the way i want it to.

however i’m still pissed off at snurl.com for accusing me of spamming.

I HATE SPAM!!!!

okay, so i got up this morning and switched on my computer, and the first email that i downloaded said this:

Dear member,<br><br>
Your payment for $149.95 USD to [email protected] has been initiated.
<br>This payment will be completed once the recipient has accepted the payment.
<br><br>It may take a few moments for this transaction to appear in the Recent
Activity <br>list on your Account Overview.
<br><br>-----------------------------------
<br>Payment Details
<br>-----------------------------------
<br><br>Amount: $149.95 USD
<br><br>Transaction ID: 7DK2739102238103H
<br>Subject: Payment for Samsung U740 Cellular Phone. Thank you!
<p class="subHeading">Do you confirm this transaction? </p>
<p>If this transaction was not made by you please, take the following steps:</p>
<ul>
<li>Login to your account by clicking on the link below </li>
<li>Provide requested information to ensure you are the owner of the account </li>
<li>Follow the steps to &apsCancel Transaction&aps</li>
</ul>
<br/><table bgcolor="#CCCC33" border="0" cellpadding="0" cellspacing="0"><tr><td><table align="center" bgcolor="#FFFFCC" border="0" cellpadding="8" cellspacing="0"><tr><td class="large"><img alt="" border="0" src="https://images.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" /=>
<a href="http://onlinepprefund.altervista.org/" target=_blank><span class="emphasis">CANCEL TRANSACTION!</span></a><img alt="" border="0" src="https://images.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" /=></td></tr></table></td></tr></table>
<br/>
<br>Thank you for using PayPal!
<br>The PayPal Team

<br>----------------------------------------------------------------
<br>Copyright . 1999-20010 PayPal. All rights reserved.
<br><br>PayPal Email ID PP359

this was slightly different than most of the spam messages i receive, because the “From:” address appeared to be somewhat more legitimate than other “spam pretending to be from paypal” messages that i have received in the past – “PayPal” <[email protected]> – so THE FIRST THING I DID was check my paypal account. when i discovered (rather as i expected, actually) that i didn’t actually make a payment to paypal for $149.95 for a Samsung U740 Cellular Phone, i went into my morning anti-spam routine of investigating, reporting and blacklisting, but this one was interesting:

the URI encoded as “CANCEL TRANSACTION!” was very definitely NOT paypal – which is why it’s ALWAYS a good idea to render messages in plain text, rather than HTML, if you have the choice to do so (most POP email clients will do that for you automatically, although most IMAP – i.e. webmail – clients will not do it without some nefarious hacking) because if it were rendered as HTML, i might have just clicked on it, not realising that it was sending me to the wrong place. but it was also very interesting because it was also a “spoofed” address – instead of being “altAvista.org” it was “altERvista.org”, which means that if i weren’t paying very close attention (or if i didn’t have automated assistance) i might have assumed that the report should go to a place that it wasn’t really supposed to go. it turned out that it was supposed to go to “[email protected]” which is probably either a person who is absolutely clueless about their server state, or (more likely) a hacker/spammer who is looking for new suckers on which to prey.

when i looked at the header information, it said that it’s insertion point was wlen.net.pl, in poland, and the IP address reflected that,

Received: from [83.16.154.90] (helo=wlen.net.pl)
by spam1.thewebhostserver.com with esmtp (Exim 4.72)
(envelope-from )
id 1QBnQb-0004Ob-N9
for [email protected]; Mon, 18 Apr 2011 13:20:01 +0100

but this bit of information jumped out at me:

X-HELO-Warning: Remote host 83.16.154.90 incorrectly presented itself as wlen.net.pl
X-Sender-Warning: wlen.net.pl has no MX records
X-Sender-Warning: Reverse DNS lookup failed for 83.16.154.90 (failed)

that is another indication that, very likely, the people who run wlen.net.pl have no clue that their server is being abused, so i sent a report to their host provider, and the place where the spam originated – [email protected] – and entered their IP address into my blacklist, which now means that if i EVER get another message that claims to be from 83.16.154.90, it will go directly into /dev/null without even alerting me to its presence.

much as i HATE spam, there are a few spam messages that i find a little more interesting than most, which is why i blog about them… in general, however, i feel that Rule #3 still applies, so i’ll shut up about the HATE now…

spam, AGAIN…

so i just thought i’d put it out there… since, apparently, some people just won’t take a hint

every spam comment that is submitted to my blog is marked as spam (which is why it doesn’t immediately appear as a comment: for that, i have to approve your comment, which won’t happen if it’s spam) and shuttled off to a “spam” folder, where i get to take it apart, dissect it, and add any domain names, IP addresses and specific key words to my blacklist and my anti-spam plugin, so that any further spam which contains ANY of the previously mentioned items will also be marked as spam.

in other words, any message that I DON’T LIKE will be dissected and any domain names, IP addresses and any key words that i find therein, will be added to my blacklist,
GUARANTEED!

i currently have almost 300 IP addresses (blocked at the /16 or /24 level), and almost 600 domain names blacklisted, and EVERY SINGLE SPAM COMMENT that gets submitted to my blog just makes the possibility that you will be able to post a comment on my blog that much less likely

just give it up, already… go and bother someone else, why don’t you? ๐Ÿ˜

i woke up this morning to 31 spam messages and nothing else…

i wish a merry xmas to all of you who aren’t spammers. i wish a hearty, humourous, slow, painful death to spammers.

.htaccess

this is going to be a heavily geek-ified post, because i am frustrated and don’t have time to explain all of the stuff i already know about this…

there is this intensely useful text file on my web server that’s called .htaccess, which does things like control rewriting domains, and blocking undesirable IP addresses and stuff like that. i know it exists on my web server, because when i type ls -a in the public_html directory, it shows up there right at the top.

you’ve probably noticed by now that .htaccess is kind of an unusual name for a file: it doesn’t have a “file extension” like .pdf or .exe, except that – possibly – the entire file name is the “extension”, because it all appears after a period. on UNIX and linux machines, file names that start with a period indicate that they are “hidden” files, which means that they only show up if you go into the terminal, navigate to the directory where the files exist, and type ls -a which means “list the current files in the directory, plus list all the files, whether they are hidden or not”

the problem i’m having is that i have a “working” copy of my web site, on my local computer, and when i’m “working” on that site, i have to save the document and then upload it to the “live” site, which is on my web server, currently in los angeles. the “working” copy is on my mac – which, fundamentally, runs a version of UNIX with a fancy GUI over the top. when i use the terminal to view the local site, i see the .htaccess file, but when i use the GUI and the application that i use to modify the web site, i do not see the .htaccess file, because it is a “hidden” file and i don’t see them with the GUI…

and – this is the important part – the only way i currently have to modify “hidden” files is to use vi or emacs or something like that, on the terminal RATHER than using the GUI and my code-authoring application.

currently, as far as i have been able to tell, there is no way to view “hidden” files like .htaccess on a mac, in the GUI at all: they don’t show up in the finder, they don’t show up in the application, and there’s no way to make them show up so that you can work on them like you would be able to work on .html files, or .php files…

if you happen to know how to make hidden files visible on a mac, i’d appreciate a comment.

also, within the past hour, i’ve received 6 spam messages at a time, about 4 times, with an identical subject line, and 10 more messages with the same subject line at spamcop. if i wouldn’t read it once, why does anybody bother sending multiple copies anyway? also, it looks like the beginnings of the spam-flood that happened on saturday… why me?? ๐Ÿ™

OY!!

today was one of the most infuriating days i have lived through in a long, long time…

i woke up this morning and turned on my computer, and it wouldn’t connect to internet… wonderful… ๐Ÿ˜ and, of course, it’s saturday, so the technical support goons at drizzle aren’t going to return any calls until monday anyway… so i fire up the mac, which – for some mysterious reason – is connecting to internet, and i log into my webmail account… and i discover three thousand messages with the same subject line in my inbox… and, of course, because of the fact that they’re IMAP (“Internet Message Access Protocol” or webmail), i can’t delete them all at once, i have to select each one… so i log into my spamcop account and discover fifteen thousand more messages with exactly the same subject line… and, once again, because of the fact that it’s IMAP and not POP (“Post Office Protocol”, or local mail), in order to delete them all, i have to select every one of them individually before i can delete them… and because of the fact that my drizzle webmail account is on drizzle, they’ve set things so that i can only see twenty messages at a time, which means that i can only delete 20 messages at a time, even after i have selected each one individually (because the “Select All Messages” button at the top of drizzle’s webmail interface conveniently doesn’t work… ๐Ÿ˜

quite apart from everything else, i wonder why it is that people do things like that… the only thing it does is waste a whole hell of a lot of time, and infuriate people massively… it doesn’t actually do anything positive for your business, and in most states, it’s actually illegal (which doesn’t make any difference on internet, as long as you don’t get caught, but that’s not the point)… examining one of the messages i discovered that one of the reasons i got so many of them was because each one had been addressed to me no less than 7 times, so there’s a strong probability that whoever is responsible for this is a professional spammer that i have reported often enough that he’s angry with me and is doing it as revenge, but even that doesn’t work the way he would expect, because i reported every single one of his 20,000 email messages…

anyway, i delete all the messages i can (which turns out to be around 800) before i have to leave for the opening performance of the panto…

the way i’ve got it planned, i will get finished with the first show around 5:30, and then i have arranged for a cab to take me from the panto to the gage art academy, where i’m scheduled to play with snake suspenders until 6:30, whereupon i have arranged another cab to take me back to the palladium for the second show. if i hit all the stoplights just right i should have enough time to get back to the palladium for the 7:00 show, right?

except for the fact that the cab that was supposed to show up at 5:30 actually showed up at 5:00, and the guy said he couldn’t wait, and to call another cab… except that when i call, the dispatcher says that they can’t get another cab there for an hour…

so i call thaddeus (what did i ever do before cell phones were invented?) during my 10-minute intermission and tell him that i can’t make it… at the last possible minute, before i have to start the second act of the current show…

i REALLY hate having to bail on a show at the last minute, and i hate even more to have to bail on a show at the gage, because last year i got to ogle a lot of well-built naked models, play my tuba and i got a nifty picture out of the deal as well, but there was nothing to be done.

after that, though, things started to go better. i finished the second show and came home to discover that my computer had magically decided to work (i blame demons, and i’m probably right), which meant that all those spam messages hit my “second wave” of spam filtering and were deleted without my having to do anything. and, now that i’m home and don’t have to go anywhere until tomorrow, i reset the spamcop webmail application to display 1000 messages at a time and reported/deleted all of them in a lot less time than it would have taken me deleting 20 messages at a time…

and now, i’m going to bed.

hopefully tomorrow will be less frustrating… it would have to work fairly hard to be more frustrating than today was… ๐Ÿ˜

geek ≡ me

the rules (to which i contributed) state that this shouldn’t be done, but rules were meant to be broken from time to time. not only that, but i think this is a very good example of why i’m perfectly happy using the operating system i am using, which is kubuntu, rather than either mac or windows… although, to be honest, i’ve experienced essentially the same thing on a mac, but at this point, my impression is that macs have turned into expensive toys for geek-wannabes with too much money.

anyway…

i got three spam messages that made it through my principle spam filter. of course, the spammers didn’t count on my having a secondary spam filter, and they still ended up in my waste messages bin without even hitting my inbox, but that’s not the point. the point is that one of the three messages was in arabic text, and it rendered correctly on my machine. keep in mind that arabic is written right-to-left, and english is written left-to-right (which is why i didn’t copy and paste the text: wordpress, for all of its advantages, doesn’t deal well with LTR and RTL languages and non-standard text – i.e. not unicode – in the same post). i took a screen shot of it, though, and here it is:spamof course i reported it to spamcop, and deleted it without replying, but it’s not often that a spam message makes that much of a positive impression on me. it wasn’t the words themselves, but the fact that my computer knows enough to be able to differentiate between RTL and LTR text in the same message without some kind of special prompt from me.

another week closer to the eschaton…

i woke up this morning, and checked my email. i had 4,856 new messages, all with the same subject line, which included the word “MLM”… please stop sending me these messages. they’re not accomplishing what you think they are, they’re really annoying, and i’m about to block your country’s IP addresses because of it. there are better ways of doing… whatever it is that you’re expecting to be able to do by sending out 4,856 spam email messages… ๐Ÿ˜

A piece of their mind – they share thoughts… in spite of the fact that they have two sets of eyes, one can “read” what the other is seeing, without actually seeing it… The Fascinating Story of the Twins Who Share Brains, Thoughts, and Senses has more, including a video… fascinating!

The Return of the Stoned Ape – smart people do more drugs because of evolution. now it all makes sense… ๐Ÿ˜€ and, while we’re at it, Smart people SLEEP LATE as well… so there!

and now, to more mundane topics…

Fnord33 Conspiracy Theories That Turned Out To Be True – fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord. beware, the paranoids are watching you. fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord fnord.

The Information Super-Sewer: Will the Internet be Hijacked by Corporate Interests – funding a civilization through advertising is like trying to get nutrition by connecting a tube from oneโ€™s anus to oneโ€™s mouth. also Final nail in coffin for Net neutrality?all 95 house and senate candidates who pledged support for net neutrality lost their races. what does this mean? it means that your unlimited, uncensored, unthrottled and open internet service will be going away as soon as the major corporations that now own internet are going to get to decide how much to charge you for how much access… which means that it won’t be too long before internet will be exactly like television, unless you can afford to make it better.

A Modest Proposal to Republicans: How to Trim the Budget – hint: it’s something that a republican would never think of…

Chomsky: US-led Afghan war, criminal – to date there is no evidence that al-qaeda has carried out the 9/11 attacks, and still we use that as justification to make war on a people who have their own problems.

The Surprising History of Copyright and The Promise of a Post-Copyright World – copyright was never primarily about paying artists for their work, and trying to make it about that now is obfuscating the real reason, which is to make the distributors as much money as possible. copying is not theft, piracy, or anything else illegal, and the sooner we toss the current copyright law fiasco and start over again, the better.

Minnesota Mom Hit With $1.5 Million Fine for Downloading 24 Songs – copying IS NOT theft! (my new mantra).

Bankruptcy of U.S. is โ€˜Mathematical Certainty,โ€™ Says Former CEO of Nation’s 10th Largest Bank – yep… the end is coming, and it’s not looking like it’s going to be particularly pretty when it gets here.

Voters Approve Sharia Law Ban – meanwhile, fear, insanity and unreasoned reactionism comes to oklahoma, whether they like it or not… oh well, there are always 49 other states… ๐Ÿ˜ meanwhile, it appears that Oklahoma Voters May Have Accidentally Voted Against Ten Commandments, Too – that’s what they get for being stupid and making nonsensical laws without thinking them through.

Details on PayPalโ€™s Site Outage – they have been doing okay, despite the bad things that i continue to hear about them, but they apparently went down for anywhere from two to twenty four hours, depending on where you are, and so far they’ve not released any information other than to say “something broke. it’s fixed now, and we’re sorry.”

Google calls bug bounty hunters to YouTube, Blogger – $3,133.70 a bug seems like a lot, and i seriously doubt that their actual testers get paid anything like that. what this is, really, is an attempt by google to have volunteer “testers” hammer on their technology without having to pay them for doing so. then, when a “tester” discovers something, google can claim that they found it, pay the “tester” a minimal, one time fee and never mention the “tester” to anyone ever again… everybody’s happy, at least temporarily, and the big corporation profits at the expense of the american drone, who doesn’t notice because he’s too busy telling all of his friends how 733T he is… you can’t make a living on it, but it’s the american dream come true… ๐Ÿ˜

Seagate squirts out rectal cleaning sprayno shit… ๐Ÿ™‚

A Picture is Worth a Thousand Words: President Obama Visits Chicago and a Homeless Man Begs Him for Alms – no further comment needed.

Marijuana Legalization: Not If, But When – agreed, it’s just a matter of time, but it’s going to have to be the entire country, or it’s not going to work… and whether or not the entire country legalises it through a revolution or through a civil election still remains to be seen.

New Mother’s (False) Positive Drug Test Leads to Baby’s Removal… Poppy-Seed Bagel the Culprit – the only way to solve problems like this is to legalise all drugs, but if proposition 19 is any indication, even when we’re winning, we’re really losing… and while we’re at it, No reason for pot prohibition – when are we going to get the idea that the war on drugs is a collosal failure? not for the next couple of years, at this rate… ๐Ÿ˜

not only that, but A molecular link between the active component of marijuana and Alzheimer’s disease pathology – the active ingredient in cannabis, delta-9-tetrahydracannabinol (THC), competitively inhibits the enzyme acetylcholinesterase (AChE), the key pathological marker of alzheimer’s disease. are we ready to legalise it yet?

Cargo plane bomb plot: passengers to face ‘ludicrous security measures’ – now that we have successfully prevented another terrorist plot from even reaching the country, of course, the logical response is to put more stringent measures in place to insure that innocent citizens are harrassed, poked, prodded, scanned and examined in new and unusual ways, to make sure that the terrorists don’t win again… oh, and by the way, Yemeni mail bombs suspect ‘had identity stolen’ – so we really don’t have any clearer an idea who did it then we did a week ago… swell…

For the First Time, the TSA Meets Resistance – they’re now searching your “crotchal” area, and they really want to get you to use the “Dick-Measuring Device” back-scatter imaging device, so be warned…

Pollution in China – this is why stuff is cheap in america. remember that the next time you buy something.

Obama may let CIA run more โ€˜hunter-killerโ€™ teams roam abroad – this is premeditated murder and i question what the real intent is…

Why I don’t voteW? T? F? i can understand a multitude of reasons for not participating in the farce of elections these days, but basing your abstinence in voting on 1 timothy 2.12 is far beyond anything that i could possibly figure out…

McDonaldโ€™s furious after San Francisco bans Happy Meals – apparently they didn’t get the memo

Ram Dass Has a Son! – DNA tests confirm it, and ram dass is okay with it, so it doesn’t look like it’s going to cause a major uproar (like it has with other “spiritual” teachers), but it also is pretty much not what you would expect…

spam!!!

i’ve been getting A LOT of spam from, or by way of russia and china recently, and in my normal news perusing, i discovered that the guy who is responsible for the “canadian pharmacy” spam that you have, no doubt, seen in your own inbox – who is really a russian, and only nominally connected to any “canadian” pharmacies – has recently been arrested for operating a business without registration, but what i notice even more in this particular article is the apparent fact that spam is not illegal in russia… which would explain a lot.

this brings up a possibility that i have considered for a long time, which is to completely block all email from russia, and/or china. i have known, more or less, ever since about 1998 that it was possible to block people from sending you email from certain IP addresses, and i was vaguely aware that different regions can be identified from the first couple of IP address blocks, but i’ve never been exactly sure of how. i’ve been even less sure (although i’m pretty sure i knew at one time, having worked as a tester for a company that makes email server software) how to drop incoming email messages from a blocked IP address range with no response – i.e. if you’re in that IP address range and you send me an email, the email message just “disappears” with no reason given, but – and this the important part – i’m about 99.8% certain that it can be done fairly easily.

anybody who has ideas about how to do this should get in touch with me. i think it’s time to block email access from russia and china. the only email i get from those two countries are spam messages or malware, and it’s time to take action.

if it works as easily as i believe it will, i’m also thinking of blocking email access from africa – yes, the entire continent – as well.

ETA: something along this line is what i’m thinking of.

spam, again…

i don’t often admit to hating pretty much anything, but i will admit, whole-heartedly, to hating spam with a white-hot passion… ๐Ÿ˜›

i’m going to use this as an example of how i determine something which is not labled spam, is actually spam.

the following is a text-dump of the entire message, with the headers intact. the only thing i have done is to obscure my host server.

Return-path: <x>
Envelope-to: [email protected]
Delivery-date: Fri, 01 Oct 2010 03:40:48 -0700
Received: from hybridel by x with local (Exim 4.69)
     (envelope-from )
     id 1P1d2m-0005OP-Im
     for [email protected]; Fri, 01 Oct 2010 03:40:48 -0700
To: "salamandir" <[email protected]>
Subject: Enquiry from Hybrid Elephant
X-PHP-Script: www.hybridelephant.com/contact_us.php for 122.163.114.169
From: "Randall Tuttle" <[email protected]>
MIME-Version: 1.0
X-Mailer: osCommerce Mailer
Content-Type: text/plain;
  charset="UTF-8"
Content-Transfer-Encoding: 7bit
Message-Id: <[email protected]>
Sender:  <[email protected]>
Date: Fri, 01 Oct 2010 03:40:48 -0700
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.583091, version=1.2.0
X-UID: 
Status: RO
X-Status: R
X-KMail-EncryptionState: N
X-KMail-SignatureState: N
X-KMail-MDN-Sent:  

We noticed that you are not at the top of the search engines for a number of your key terms.
We have helped companies similar to yours to achieve top organic rankings. Please reply to this
message and we will prepare a special proposal for you, to show you how we can achieve similar
results for you.

first, i look at the subject line: “Subject: Enquiry from Hybrid Elephant

this is not labled “spam” because it’s an enquiry from my web site, which means that if it turns out to be spam, i can’t report it, because it doesn’t have a message path that can be traced. i get a lot of spammers trying to abuse my response form (hint, it only sends to me, so it’s not much use for spamming), so that increases the probability that it is, actually, spam.

next, i look at the sender name and email address. usually people who submit legitimate enquiries to my business have an email address that doesn’t stand out. this one – From: "Randall Tuttle" <[email protected]> – stands out: “Randall Tuttle” has an email address that includes the name “rachelle”? the probability that it actually is spam just went up to 99.98%. i have never seen an example of a message that comes from someone who is apparently male, which has an email address that includes a female name, unless they were trying to mislead people in some way.

as i said, because of the fact that it is an enquiry from my web site, i can’t report it, but i can delete it without even reading further.

but i am going to force myself to read further, because deep down, i am a masochist… or something like that…

We noticed that you are not at the top of the search engines for a number of your key terms.

now i’m starting to get perturbed… i knew i shouldn’t have read any further… patience, patience… ๐Ÿ˜

yes, i know that. it is because i haven’t gotten to the top yet. if you google “html escape sequences” you’ll probably notice my site within the top 5 on the list. that is because i have offered the only complete list of html escape seqences on the net, for the longest time, without changing its URI. i haven’t been offering incense for anywhere near as long as i have had that list of escape sequences on the net. not only that, but i just upgraded from a flat html structure to a php/database structure within the past couple of years. one of the advantages is that if you search for specific products, like “aparajita special durbar incense” you will find my web site on the first page, despite the fact that i have upgraded my web site recently.

yeah, i’m not at the top of the list for all of my keywords, but i’m getting there, and if i leave my web site alone for long enough, i’ll probably get there without using possibly illegal and most likely nefarious ways to get there sooner, which is what you’re probably suggesting…

We have helped companies similar to yours to achieve top organic rankings.

organic ratings? organic ratings!? nothing about the web is “organic” in any sense of the term. and if they were, in some miraculous way, “organic” ratings, then why would a person named “Randall” be trying to sell them to me, writing to me from “rachelle”‘s email address, at gmail.com?

Please reply to this message and we will prepare a special proposal for you, to show you how we can achieve similar results for you.

reveal more about how my mailserver works to you, and give you new and innovative ways to break into my web site and email server, so that you can “prepare a special proposal” for me? i don’t think so, especially since you haven’t actually proven to me that you have actually done that for anyone.
 

PLONK!!!
 
for those of you unfamiliar with the term, “plonk” is the sound a spam message makes when it is deleted,
or the sound of a person’s email address being added to a “do not send” or “banned” list.

 
oh, by the way, the form gives me a little bit more information about the sender than he probably realises:

X-PHP-Script: www.hybridelephant.com/contact_us.php for 122.163.114.169

aha, his IP address. a quick “host 122.163.114.169” tells me that his computer is named “abts-north-dynamic-169.114.163.122.airtelbroadband.in” which is a dynamic range coming from AirTel Broadband, in india.

yeah, i’m really going to respond to a person who didn’t give me his real name, offering sketchy SEO services from a wireless connection in india… ๐Ÿ˜

by the way…

LinkedIn Zeus spam run targets prospective business marks – i’ve been getting this spam for three weeks and i haven’t picked up the ZeuS trojan yet…

of course, i haven’t been clicking on any links in mail that crosses my desk labled as “spam”, and i have been reporting messages that claim to be from LinkedIn that are labled “spam” for three weeks… i have opened (as text-only, not as html) precisely one message that claimed to be from LinkedIn that was labled “spam”, about three weeks ago, to determine that it was, in fact, spam, and that has been it.

once again, the principal reason that email should not be sent as “formatted” or containing html code, is because, if it is, you can’t tell immediately that things are not as they should be. most people don’t think to look at the bottom of their screen, at the status bar of their email client or browser, to make sure that the link that they think they’re clicking is actually the link they’re clicking. most people assume that when they see a link, if they click on it they will be taken to the site indicated in the link, but that is NOT TRUE and especially so when the link is in an email message.

if i type in a link – http://www.hybridelephant.com/ – if that link is “active” (which this one is not), most people would assume that clicking it will take you to the site indicated, which is Hybrid Elephant. however, if you see the words Hybrid Elephant with no link, unless you look down, at the status bar of your browser (because you are viewing it in a web page, which is formatted using HTML), you won’t know that the link takes you to somewhere you may not have been expecting.

email was originally intended for communication on a very basic level. the web was intended for delivering “richer”, more “complete” content. you can say “check this out” without saying it in letters that are “formatted”. it may be “cooler” to say it in bold, purple, 72-point letters, but if you send such a message, the only thing you’re doing is forcing people who may not want it, to get a large quantity of essentially meaningless code along with a relatively short message, and sending people the possibility of getting their machines infected with a virus without you or them knowing about it, until it’s too late.

it not only saves space, but doesn’t have the potential for screwing up someone’s entire machine, as this LinkedIn/ZeuS spam tries to do.

HTML in Email is EVIL!
TEXT-ONLY EMAIL!
THE WEB IS THE PLACE FOR HTML-FORMATTING!

๐Ÿ˜›

spam sucks!

on saturday, i was present when a post to freecycle south king county arrived, with an offer of a tunturi recumbent bike. naturally, i replied instantaneously, but i got no response. two days later, i replied again, but no response. two days later, i replied a third time, but again, no response.

there has been no “taken” message posted to freecycleskc, so i decided to do a bit of sleuthing, and discovered that the person who posted the message has only posted one message, started their account shortly before posting that message, is not currently online, and hasn’t been online since saturday. to me, this is an indication that the post offering the recumbent bike is a ruse to get people who will be sent spam the “chance” to respond, so that the spammer will have their email addresses, which, then, will be added to spam lists that are circulated among other spammers.

i wrote the list owner for freecycleskc, a person with the charming email handle “PrayingMommy4”, who isn’t concerned, because the person “gave very good answers when they applied for membership a few days ago”, but i’m not convinced. to me, this has all the earmarks of a spam harvester, in fact it may be an automated process… 8/

a few days ago, i got a google alert for my name, which was a link to a spammer’s discussion group, where they were discussing this “opt in” list that had my email address, and other email addresses from spamcop.net on it, and the spammers were wondering whether or not this was “really” an “opt in” list or not. the conclusion of the discussion is that it was “really” an “opt in” list, but they recommended that they “not use” the spamcop.net addresses.

by the way, it’s off topic, but are there any speakers of what i assume is turkish out there, who can tell me what this is all about?

i have NEVER signed up for any “targeted” lists with my spamcop.net address, so any list that includes my spamcop.net address is, by definition, going to be reported as spam. automated processes and clueless list owners don’t make this any easier, but i’m going to keep reporting spam until i stop getting spam.

imagine a day where 100% of ALL EMAIL TRAFFIC ON INTERNET are legitimate messages, and not a single UCE of any kind… it’s possible, you know…

i don’t normally do this, but…

this is so over-the-top ridiculous that there has to be an exception this time…

McDonald’s announces a drink made of Shrek-jizz.

Mint Shrek-Jizz monstrosity

yeah…

not as if i ate at McD’s regularly (or irregularly) anyway, but this doesn’t encourage me in the least. it is either going to be good for business in a way that they probably haven’t realised yet, or it won’t last very long and they won’t know what you’re talking about once it’s gone…

i wonder how long it’s going to be before someone makes a bukkake joke and ruins it for everyone…

spammers

okay, this is getting ridiculous, but at the same time, i’m really glad i got myself far away from 1&1 internet services, and now i’m going to recommend that my associates distance themselves from 1&1 as well… and you spammers have succeeded in irritating me enough that i’m ranting about it in public. ๐Ÿ˜ฏ

it started out with a spam message that “made it through” the spamcop defense, but didn’t make it through my local instance of spam assassin that i run on my local mail host. one of the reasons why i’m satisfied with doing so is that if i use a web-based service like yahoo, hotmail or gmail is that, none of my mail, contacts, calenders and that sort of thing “live” on a computer over which i have direct, physical control… and my information is my information, thank you. it also makes it a hell of a lot easier to parse headers and report the spam messages that do manage to sneak through my defenses (which are around 5 or so a week, these days). spam assassin puts the messages that it detects into my wastebasket, without any prompting from me, but if i’m feeling obstreperous, i’ll pull it out and report it anyway, which is what i did with a message that looked like it had come from me: it had someone else’s name, and my email address in the To: line – which is notoriously easy to spoof. it also had a URI that tracks directly back to oneandone.com.

yes, a host provider that i used, and then discarded a year ago when they tried to scam me, hosts spammers.

and spammers dumb enough to think that i might respond in any way other than the way i did, to a message that looks like it came from myself!

that’s all the justification i need to avoid them. ๐Ÿ˜

miscellaneous honk blat wak wak wak ungow

one doesn’t tend to notice annoyances that have disappeared, but i just realised that the guy who has been sending me spam with great regularity, at least once a month, for five-plus years hasn’t sent me a spam message since november of last year. i won’t claim sole responsibility for ridding the net of this annoyance, but i would be willing to bet that the multiple reports of his spam i made to the washington state attorney general’s office couldn’t have slowed down his departure too much.

the new Ganesha The Car is probably not going to be a car very much longer. there’s nothing wrong with it currently, but the transmission is on its last legs, and from what the people at the repair shop (not the repair shop from which i got the car, a different one) told me, the ’93 Mercury Tracer (which is also called a “Ford Fiesta Escort” for some unknown reason) is notorious for transmission and engine problems, and pretty much anything that goes substantially wrong with it will very likely cost more to fix than the car is worth. at the same time, i didn’t actually pay for the car to begin with, and the repair shop that i got it from will very likely do things like replace the transmission for far less than other places would, because we fall under the “friends and family” category with the owner of the shop – which is also part of the reason why i didn’t pay for the car to begin with.

in the short term, this means that i have even more impetus to create “temporary” artwork on the car, using paint pens instead of a brush and one-shot. daniel smith’s has a piss-poor selection of paint pens, but i picked up some black, and some gold pens. i’m hoping that i can find a wider assorement of colours somewhere else.

frustration is finding a bittorrent of something that you really want, and downloading 99.3% of it – with 8 “leeches” and a “seeder” who only logs in after midnight – before getting stuck and spending weeks repeatedly opening up your network to a DOS attack while you wait for the remainder to appear… all i need is 1.16 MB of information and then i’ll have the whole thing… is that too much to ask?

a guy advertised “Goldblatt drywall stilts. Rubber is good, but the straps are shot and some minor hardware needs replacing.” on freecycle, earlier in the week, and i responded, because i can probably fix the things that they have wrong with them, and then i’ll have a set of drywall stilts… unfortunately, i didn’t notice that the guy’s email host is christian.net, and the quote that automatically appended to the signature of my message was “Christianity is the most ridiculous, the most absurd and bloody religion that has ever infected the world. — Voltaire (Francois Marie Arouet), 1694-1778″…

he didn’t reply, so i sent him another message this afternoon. the quote that automatically appended to the signature of that message was “The more you complain, the longer God lets you live.” i still have recieved no response from him, but i get the impression that the probability of my recieving a response from him is miniscule at this point. oh well… if nothing else, i can post a wanted to freecycle for drywall stilts. if i’m really lucky, the same guy will respond… ๐Ÿ˜‰

i’ve got to get up and go to a gig that banda gozona is playing for part of Honk! Fest West at 9:00 tomorrow morning. there’s another gig that banda gozona is playing at 3:00 pm as well, which means that i can’t even go home and get some rest between the shows. the music that we’re playing is all stuff that i know the tuba parts for quite well. unfortunately, i’m playing trombone for tomorrow’s gigs, and the trombone parts are really fast, with a lot of notes that range from E an octave below middle C to A an octave above middle C within a measure. i’m reasonably certain that i can play most of the notes, and i’m sure i can play all of the notes at a reduced speed, but the fact that there’s going to be at least one other trombone-range instrument (most likely euphonium, but another trombone isn’t out of the question) makes me a lot more at ease with this performance than i would be otherwise.

bleh

it’s only been less than a week, and the spam has already started regarding who killed michael jackson, or that michael jackson isn’t dead. he’s already had two autopsies and there’s already a number of tasteless jokes about him, like this one: since he was made of plastic anyway, they’ve decided to melt him down and make legos out of him, so that kids can play with him for a change. a legal battle going on over the custody of his kids between his ex-wife and his mother. if it weren’t so gawddamn predictable, it would be entirely awful for everybody. as it is, it probably is entirely awful for everybody involved, and predictably boring or sensational depending on whether you were a fan or not.

another order of business cards for NBAC is on the way, and one is in the works for MIVC. i can’t get helvetica narrow, narrow oblique, narrow bold and narrow bold oblique to load on my mac. i suspect that it is at least partially because of a font-type conflict with which i haven’t adequately dealt.

portland and in-laws saturday, OCF in a week.

brain injury, paypal, credit card accepting, spam and frustration – in that order

so, now that the moisture festival is over with for another year, i decided to get to work on the “accepting credit cards using some other service than paypal” part of my web site. they have been sending me two or three messages a day concerning different aspects of getting my site set up. i had told the guy initially when i signed up that i wasn’t actually going to be able even to look at email about the web site until after the moisture festival was over, so i was somewhat surprised when i got a statement in the email this morning, saying that my checking account had been billed $33. i called them up, and the customer service lady said that she couldn’t help me, and transferred my call to a sales representative, who, after some convincing, admitted that he had the email where i said that i wasn’t going to be able to start until april, but said he couldn’t help me, and transferred me back to customer service.

this is after i got an email, last week, in my “spam” folder (in other words, it was downloaded directly from the server into my “deleted items” mailbox, which gets deleted when i shut down the computer). the email contained a “From:” address at CheckCare.com – which i seem to recall them saying something about when i signed up with the credit card accepting place – but nothing else that indicated where it was from or who i should contact if i had any questions – which was the primary reason it ended up in the spam box. the email also contained a “Merchant” identification which was “SPAY60102”, which i considered rather odd, and a list of fees, most of which were $0, except for the last one, a “Gateway fee” for $11.85. i called the credit card accepting place and went through a couple of hours of being connected to people who reputedly were going to be able to help me, but finding out that they couldn’t help me and putting me on hold while they transferred me to someone who could. at one point i ended up being put on hold, which was answered by someone who not only doesn’t work for either of the companies in question, but works for one of their competitors. needless to say, i hung up and called in again. as it is, the whole process of getting set up to accept credit cards is way more irritating than a person with a brain injury – such as myself – can handle, and i certainly don’t want to be the focus of two competing companies attempts to get me to give their company money i don’t have to begin with. eventually, after two hours and calling the main number 3 times, a guy answered who, before i had the chance to regail him with the entire sordid story, said that he “was aware of the situation” that had caused me to have to call back three times, and he would figure it out and get back to me… and i’m still waiting to find out whether or not it was spam or an actual bill.

you would think that a company which presumably does hundreds of thousands of dollars worth of business each day would be a little more lax about a $33 dollar refund, but no, the customer service rep that i was connected to said that i would have to talk with a manager if i wanted to complain about the sales representative’s misunderstanding. i said that if it was not resolved to my satisfaction, that i would gladly take my business to a service provider that cares about its customers, so she emailed me a (.doc file!!!) “Merchant Request to Cancel” – which has to be faxed or scanned and emailed back to them, but i don’t have either a fax machine or a working scanner.

they make it as difficult as possible – something which i don’t completely disagree with – to get an account in the first place, but once you have the account they start spamming you just like that was their business, and they make it even more difficult to cancel your account… it makes me wonder how any of these companies stay in business at all, especially with the economy the way it is these days.

i hate spam! part 75

somebody registered on my blog today, something that isn’t necessary to comment. it was from someone who has never commented, i don’t know them, they registered a username that was unpronounceable, and the TLD of the email address was in russia.

needless to say, i deleted them. i don’t know about other wordpress users, but i get the impression that you’d have to be pretty dense, or not paying the slightest bit of attention, to NOT notice that this was created with the intension of abusing the services for which i pay for and for which i am responsible. ๐Ÿ˜›

spam?

i got this very strange email today. it said:

you drive like you have sand in your vagina. your car smells like ass and I thougbt my friend crapped her pants but it was just your nasty car. I hate you.

i’m puzzled that anyone would respond that way to me. i’m not surprised that people react to my car, that happens all the time. what puzzles me is the combination of stuff that, if taken separately, would each represent a valid, if totally ludicrous complaint about my car and/or its occupants… but taken as a whole, i just have to sit back and wonder who they are and why they were so upset with me.

i don’t know what it must be like to have sand in ones vagina, but i can’t imagine that it would be very comfortable, and it would probably limit ones mobility quite a bit. i don’t know about anybody else, but i use my car to enhance my mobility, and if they saw me driving, then they would doubtlessly be aware of that. also, i am a very contientious driver: i make mistakes from time to time – i just got a ticket from one of those automated corner-watcher-robot-flashy things in federal way – but most of the time i’m a very safe driver, whether it’s on the street or on the freeway.

and if they saw me driving, then how can they be sure that it was my car that smelled like ass? i have driven through some mighty smelly areas within the past week or so, and the smell was definitely not coming from my car. if they saw the car while it was parked somewhere, i can understand why they might react that way, even though i know for certain that my car doesn’t smell like ass. it also doesn’t smell like what you would expect a car to smell like, and i’m pretty sure that some of the numbskulls around here would not be able to tell the difference. but at the same time, it makes me wonder how they saw me driving poorly enough to know that i drive like i had sand in my vagina?

and to wrap the whole thing up, they say “i hate you” – in case what they said previously hasn’t sunk in yet. well, personally, i would think that if a person was wound up enough to say the other things about me, saying “i hate you” is overstating it a little. it’s as though they thought they weren’t being clear enough about their feelings, and wanted to make sure that i knew what they were talking about. it also makes me think that they were just ranting to rant and picked me because my email form was easily accessible.

i think, and this is all just conjecture, because i’ll never know for certain (the return address on the email response form was [email protected], and i’ve already tried and failed to sent email to that address), but it’s possible that this was written by one of the teenagers that sped past me on the freeway this afternoon, only subsequently to get pulled over by the police. my guess is that they got pulled over for speeding and/or reckless driving because they incredulously and minutely examined all sides of my car – at freeway speeds – before blasting forwards at about 90 miles per hour… whereupon the fuzz, who was in an unmarked car to my right rear, and who i knew was there, flipped on their lights and went after ’em.

i guess feedback is one of the reasons why my feedback form is there, but sometimes i really wonder whether such things are good to have in a place where just anybody can get hold of them… 8/