Spamhuntress

Hi guys.

There’s a problem with the webserver this site is on. I don’t know exactly what happened, because they didn’t tell me. My website is intact, but it looks like they haven’t put in mod_rewrite yet, which my website relies on to produce pretty URLs.

I don’t know how long it’ll be before mod_rewrite gets put in. But until that happens, only the first page will work. You can find my e-mail address if you go to the “About Me” link further down the right pane.

I’m sure most of you geeks have been through a number of periods when you should throw away some old stuff to get room for new, right? Old computers, old whatever.

I won’t even mention the name of a friend who just recently threw out a computer (no, not a PERSONAL computer) the size of a small refrigerator. You know who you are…

Anyway, it dawned on me that sometimes you could throw out too much.

When I throw out an old computer I’ve used, I normally store the harddrive, even if I copy out the contents. The old harddrives are too small to be used in a new computer, and it’s extra backup if it still works. It’s easy to remove harddrives even from laptops. Just something to keep in mind. Don’t forget to remove the password off the users on winxp installations before taking out the harddrive, otherwise you’ll need some extra help when accessing the files.

I have one computer that I don’t see myself throwing out any time soon. It isn’t in use all that often. But it’s the only notebook I have that weighs in at about 3 pounds. By now it’s ancient - windows 98 first edition! But even first edition can be made to work with even a wifi card, as long as you know what you’re doing (it’s a rather complicated install, it isn’t supposed to work). And while travelling that thing is incredibly handy, if I should need more than what an Ipod touch offers of functionality (granted, if you have a server with desktop software where you can log on via safari, you could theoretically get away with ONLY using the touch!).

But the old notebook came in handy today. I have a fairly new scanner, but after trying it out, it just isn’t up to the standards of the old one. So I thought I’d hook that one up again. But wait, that’s from the era of windows 98. I don’t want to install that on windows xp - although it’s usually fine, you should think twice before installing very old programs and drivers. I’ve still kept an overspecced windows 98 computer (256 MB RAM is plenty for win98), just in case. Now I’m glad I did.

Trouble is, the scanner software was asking for the windows 98 CD. I don’t have it here. But the notebook had that software installed once. It’s got the file.

Second hurdle. Getting it out of that computer. I can upload it on the net, or I can use a usb thumbdrive. Guess what, windows 98 needs a driver, and most new usb thumbdrives don’t have drivers for windows 98. So if you keep a windows 98 machine, keep an old thumbdrive as well… There’s one still for sale here in Norway that still has a win98 driver. Sandisk cruzer micro 512 MB.

Is there anything else we should definitely keep, and for what reason? Depending on individual circumstances, of course.

Update - old software: I was thinking about writing about accounting and how it’s often on old software that requires old hardware. I decided against writing about it, because the last case I’d heard of was late nineties. But I heard of another case just recently. A devotee of OS2 had to ditch that operating system when nobody would support it anyway - and the accounting files are all left on the old system. The only way he knew of to keep them accessible was to keep one of the old computers.

Another wake up call was when I was setting up a new computer recently (I do that often, I always have more than one active computer), and thought I’d look for a new version of a specialty software I use frequently. After I’d installed it, I realized it had changed beyond usefulness. I’m sure I have an old copy somewhere, but managed to find one floating somewhere on the net.

Some of us have software that we absolutely need, and you can’t always be sure it’ll stay available. Always keep a copy locally, and keep in mind what kind of operating system it requires - you may one day find a newer version of windows breaks it beyond repair. New hardware may one day be incompatible with old operating systems. The list goes on. The best thing is to upgrade software along with hardware, of course.

As I was working on the new computer, I realized incrementally all the stuff I’d forgotten to remove from the old computer. It’s still intact, but I’m afraid the harddrive might be failing soon, so I’ll need to keep my options open as long as possible.

I guess what I’m saying is, plan ahead when upgrading!

Today I received yet one more 419 spams. I’ve noticed for a while that they seem to get through my spam filters. After the post I wrote yesterday about stolen passwords, I opened it and looked at the headers. Sure enough:

SquirrelMail authenticated user millerb1
I think this is one reason they’re using stolen passwords. In one case the spammer sent 171 mails with a lot of bcc’s from a server that doesn’t normally send spam. If they keep using fresh servers that way, they’re likely to get the spam through spam filters, unless the filters manage to filter based on the wording.

I’ve seen countless examples lately of mail sent from legitimate accounts via Squirrelmail. Do a search for “authenticated user” on news.admin.net-abuse.sightings and sort by date. You’ll see it’s become quite common.

I don’t know exactly what’s happening here, but I assume spammers have stolen passwords for legitimate accounts somehow.

I know of one case where the spammer changed the password of the account a while after the spamrun was complete.

If your established password stops working, do some due diligence after you get a new one issued.

The spammy mails were still in the Sent box in one account!

I just noticed a new subscriber on my Youtube profile. So I checked it out, because I didn’t know the nick. I guess most that don’t have several hundred subscribers would do that, right?

This chick, that has a very sexy sounding nick, had 4,691 channel views and no videos. She joined February 22. So something’s up, right?

Right.

There’s a URL there. The only thing of interest on her profile. And this text:

yo ive got some pics on my profile at the link below
The link goes to xxfacebook.com, registered February 12, which is owned by

NA
Leah (support4242@yahoo.com)
+1.6502015463
Fax: +1.6502015466
3725 Blackburn st.
Dallas, P 75219
US

Sounds fake, right? Doesn’t even look like the e-mail address is legit. The phone number is apparently a cell phone number from California (Sprint PCS).
IP is: 209.200.16.122 (on webair)
But it just does a few 302 redirects, and ends up with an affiliate link to a classifieds site. Guess what kind..

When I search for the domain the spammer used, I find loads of profiles on Youtube, all with similar sounding names. This spammer has been very busy!

Most of the domains on the IP number are old (registered 2006)and don’t have many hits in search engines. But one has been used for similar looking spam on Myspace: matchmetonight.com. Check out the profile it’s used on: profile.myspace.com/35499848

It’s entered in the “Who I’d Like To Meet” field, and made invisible. The URL enters a loop of 302 redirects and goes nowhere.

provingsciencewrong.com is interesting. It’s a blog largely consisting of videos from Lonelygirl15. I’m sure you guys remember that whole thing, right? In other words: Stolen content, and unapologetically so.

webcamdaily.com is youtube and hi5 spam, but is also an old domain. webcamtag.com is used for hi5 spam. webcamwild.com is for myspace and regular forum spam.

All the old domains have whois protection, but I’m guessing there are lots of newer domains that don’t. The spammer probably figured out it’s too expensive, and fake info works just as well.

I came across this Youtube problem a few days ago. Videos embedded in a Norwegian online newspaper didn’t work. Although the preview photo was still there, when I clicked on the video to start it, I got the message:

We’re sorry, this video is no longer available

But when I clicked on “menu”, I got the URL for the Youtube page for that video, and when I went there, the video worked.

And today, the embedded video works again - in that same online page!

A video I found today on a Myspace profile didn’t work, yet when I found the link on the Youtube page for pages linking to the video, I found that it DID work when embedded - on Facebook!

This problem has been reported at least since late December. And some have correctly noted that there are Youtube users who elect to not allow embedding of their videos, or if the video is set to private. But none of these videos had those settings enabled.

So something’s wrong over at Youtube. And since I haven’t found any explanation for it, I’m opening up the floor for suggestions, speculation and maybe downright solving this?

I got an e-mail from the guy behind the Litigatin blog, who posted about e360insight’s lawsuit against Comcast.

One of the key points in the lawsuit is that e360insight believe Comcast is using denial of service against their servers.

As I was reading the blog post I thought, wait a minute! e360insight is initiating those connections, not Comcast! And that point was also brought up by the (so far) sole commenter on that post.

So how can they get past that THEY are initiating those connections. Inquiring minds want to know…

My father and I was talking today about something he’d found on the internet that somewhat worried him. He’s getting older, and some day he might wind up in a retirement facility. He was worried about certain sleeping pills causing falls.

And then my mind took a turn: How about my father in a retirement facility, without an internet connection? My father usually starts a conversation with me these days complaining about the computer… How this and that site is slow, and the computer is (from his point of view) behaving irrationally. I’ve learned to tune out - he never shuts down firefox before shutting down the computer, yet always THINKS he’s done it correctly.

Anyway, I have friends who are over 80 years old, and their computer and internet connection is their pride and joy. It enables them to keep in touch with family and strangers alike. How about when/if they end up in a retirement facility? They’ll go stir crazy without access to the internet! I sure hope those who plan these facilities plan ahead!

Today many 60 year olds are on the internet. But today’s 30 year olds are almost ALL on the internet.

Apparently, the spammers haven’t stopped looking for holes to exploit on myspace. I kept getting e-mails about “Tom” wanting to be my friend, but never saw a friend request waiting for me, so I wondered what that was about. I pondered that the name was pretty close to the Tom we all know - the one who’s everybody’s first friend.

Then I refreshed my home page, and saw there was another friend request just after I’d gotten through the list of existing ones - yep, it was Tom again.

And it was a porn spammer. I moved the mouse pointer over the profile, to see if there were any surprises, and found that the “about me” blurb was hyperlinked. Normally, any hyperlinks these days go to msplinks.com. Myspace substitutes any links going to outside sites, so that they can turn off links if they find they go to places they don’t like. But here was one place that seemed to have gotten past their substitution filters. So I checked it out. Here’s what they’d done:

I guess the real Tom needs to update his filters!

And it also shows you shouldn’t trust myspace even now that they’re fighting spam a lot better. I was able to mark that friend request as spam right away - kudos to Myspace for that!

The website was registered to

Galam, Ali adamfaraz@gmail.com
4415 St. Michaels Court
Sugar Land, Texas 77479
United States
(512) 772-4659

That’s a real address, BTW, but the phone number is a land line from Bastrop, Texas, and it’s WAY too far from Sugar Land to be the same exchange. Bastrop is closer to Austin, and Sugar Land is closer to Austin.

There’s no Ali Galam in Texas (that I can find), and no Adam Faraz.

The website is hosted at The Planet (DNS servers from Hostgator), and does a 301 redirect to an affiliate site with whois pointing to Jamaica.

Update: Looks like the spammers have discovered this hole en mass. I just noticed stalkertrack is back.

I got a spam tonight that had a URL that led to Google. That piqued my curiosity, so I checked it out and figured out why it worked.

The spam was of the Canadian pharmacy variety. Just the usual stuff. So I tried recreating the URL, pointing to one of my sites.

Their URL was a variant on this:

http://google.com///search?hl=en&q=ann+elisabeth&btnI=5437

But it does work even without the ID at the end. So what’s the point? In my tests I couldn’t see the referrer when I used a similar URL, so it can’t be for referrers, unless they have tools that retain more info than regular referrer logs.

&btnI= at the end means this is the “I feel lucky” option Google uses. Which means if a site feels safe their site will be returned as the lucky site, then this sort of spam works.