X-Geek

Extreme geekiness

There are 700 posts filed in X-Geek (this is page 46 of 70).

MSN now snooping anonymously

In a very strange occurrence, my website got visited from what appears to be an MSN spider that didn’t identify itself (fake user agent has been highlighted below):

65.55.231.117 – – [22/Oct/2009:10:02:07 -0400] “GET /robots.txt HTTP/1.1” 200 24 “-” “Mozilla/4.0”
65.55.231.117 – – [22/Oct/2009:10:02:07 -0400] “GET /wp-content/uploads/2009/10/oculan-screenshot-300×230.png HTTP/1.1” 200 120896 “-” “Mozilla/4.0”
65.55.210.80 – – [22/Oct/2009:10:02:20 -0400] “GET /page/2/?q=node%2F1699 HTTP/1.1” 200 29922 “-” “msnbot/1.1 (+http://search.msn.com/msnbot.htm)”
65.55.230.228 – – [22/Oct/2009:10:08:13 -0400] “GET /robots.txt HTTP/1.1” 200 24 “-” “Mozilla/4.0”
65.55.230.228 – – [22/Oct/2009:10:08:13 -0400] “GET /2009/10/15/big-names-in-sources-of-suspicious-traffic/ HTTP/1.1” 200 10502 “-” “Mozilla/4.0”

65.55.230.228 resolves to msnbot-65-55-230-228.search.msn.com. 65.55.231.117 is a Microsoft address but doesn’t have an entry in DNS.

Just to make sure someone wasn’t spoofing the MSN namespace, I checked the whois record for these host. Sure enough, they belong to Microsoft:
Continue reading

IBM’s computer archives

IBM-5520

As a kid I remember my dad taking us to his office at IBM on an occasional weekend. While he’d fetch something from his office we’d all look around at the technology around us. The darkened offices were full of mysterious, silent computer displays and massive copiers. In those days before the IBM PC these strange, exciting boxes always fascinated me.

I recently stumbled again upon IBM’s Computer Exhibits Archives, where IBM’s earlier computers still live on, if only as webpages. It was fun checking out the hardware I remember as a kid.

N&O still not web-savvy

So the News and Observer recently revamped their website yet again and I think I preferred the previous version. Seemed much cleaner to me, and also seemed to load faster.

One thing bit the N&O the last time they upgraded and they didn’t seem to learn the lesson because they made the same mistake again. They didn’t maintain links to their stories, a big webmaster no no! Any favorable ranking Google gave their stories just got shot all to hell because the web team failed to provide forwarding links from their old stories to the versions on their new site. Dumb, dumb, dumb.

And the newspaper industry wonders why it can’t seem to succeed on the Internet.

LCROSS go bye bye

NASA’s LCROSS mission to the moon comes to a crashing halt around 7:35 AM ET this morning. You can watch it crash into the lunar pole on NASA TV.

Update 08:00: LCROSS is no more. I couldn’t see much of anything significant when it crashed. Also, I find it funny that NASA applauds this kind of moon landing: a crash! Hey, this is one NASA mission even I could be in charge of!

Netflix’s plan to take over the world

200px-Netflix_Logo.svg

This month Wired magazine spills the beans on how Netflix plans to take over the world – or at least make your cable company irrelevant:

Today, nearly 3 million users access Netflix’s instant streaming service, watching an estimated 5 million movies and TV shows every week on their PCs or living room sets. They get it through Roku’s player, which was successfully launched in May 2008 …. They get it through their Xbox 360s—Microsoft added Netflix to its Xbox Live service last fall. They get it through LG and Samsung Blu-ray players. They get it through their TiVos and new flatscreen TVs. By the end of 2009, nearly 10 million Netflix-equipped gadgets will be hanging on walls and sitting in entertainment centers. And Hastings says this is just the beginning: “It’s possible that within a few years, nearly all Internet-connected consumer electronics devices will include Netflix.”

You know your Time Warner stock? I’d suggest you short-sell it, pronto. Netflix isn’t through with changing the media game – permanently!

R.I.P Heinous

I just found out by way of my friend Tanner that an old TriLUG friend died in a fall this month. Her name was Leah Kubik but we knew her by her IRC nickname of Heinous.

I’d only met her a few times in person but she was one of the few female Linux geeks I knew and had a quiet, sarcastic sense of humor. She moved from Raleigh to Toronto many years ago and I lost touch with her. Sad to hear of her untimely death at the age of 29.

MT.Net mystery solved

I think I solved the mystery I was seeing on MT.Net, so now I can tell you what happened.

I’m using the SABRE WordPress plugin to block bot users from wreaking havoc on the MT.Net blogosphere. Earlier this week, a supposed bot passed the SABRE math test, so I decided to crank up the CAPTCHA feature of SABRE to further weed out bots. (Now, I don’t know if it actually was a bot that registered or simply some bored Russian, but I wanted to see what the CAPTCHA did anyway.)
Continue reading

Spam bot figures out SABRE math test

It was bound to happen eventually. This morning a spam bot figured out the math test check that my SABRE plugin was using to filter human website visitors from spam bots. This happened on one of my less-frequented blogs, which actually helped me discover it as that particular blog doesn’t get many registrations.

Looks like now I’ll have to graduate my blog universe to the full-blown CAPTCHA tests if I want to keep the Russian spammers from crashing the MT.Net party.

American Express’s mail servers are broken

Like a lot of American Express customers, Kelly and I receive email notifications from the company. Most of the time, these emails arrive with no trouble. Occasionally, though, they mysteriously fail.

We run our own mailserver, so I checked the log files to find out what might be happening. I found Postfix logging this message (and highlighted the important part):

Aug 17 01:23:45 maestro postfix/smtpd[22090]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 sppim501.ipc.us.aexp.com: Helo command rejected: Host not found; from=sppim504@welcome.aexp.com to=blahblah@blah.edu proto=ESMTP helo=sppim501.ipc.us.aexp.com

You see, I’ve configured Postfix to reject incoming email from servers that do not properly identify themselves. It’s been my experience that 99.9% of the time an email arrives from a server that doesn’t identify itself, the email is spam. American Express’s servers are part of the few legitimate servers which do not properly identify themselves as required by the email RFC. The host sppim501.ipc.us.aexp.com does not exist in DNS and therefore email from this server gets flagged as suspicious.

I’m hoping American Express gets its servers fixed but in the meantime I’ll have to create my own hostnames to keep their emails from bouncing.

Turning the tables on hackers

Every dark cloud has a silver lining, and the recent hacker attacks on MT.Net are no exception. Once I had safely reassembled the website and taken measures against active attacks, I realized what risk hackers run when they attempt remote code execution attacks like the one they ran on my site: they expose the location of their hacker code!

After repelling a couple of attacks per day, I got wise and began to contact the owners of the websites used to attack my site, politely letting them know their servers had been compromised. After doing this for five or so websites, the hacker attacks against my site all but dried up! Perhaps I hit a nerve?

It’s still usually not worth the trouble to track hackers back to their original IP addresses (or at least, not worth the trouble for anyone lacking search warrant power), but taking away a few of a hacker’s precious hideouts sends a message that messing with me comes at a cost.