Alden Bates' Weblog

I've been being hit recently by a spammer using urls of the form forex.somefreehostorother.com and using a botnet to avoid giving away their IP address. Fortunately the spammer's stupid script was thrown by a decoy comment form, thus no comments reached my weblog. The target URLs all redirect to this site which has probably fake details:

forex-broker-list dot com
Alexey Petrov (Petrov_Alex@mail.ru)
+7.5734503XXXX
Lenina st. 45
Sochi, 567843
RU

Forex is not Australian beer, BTW, but is short for "foreign exchange".

I suspect that this may be related to an event that occurred late last month when someone unleashed a spider on my site. The spider's user-agent (which had HTML in it. Urgh) included the text "Forex Trading Network Organization" and a link to netforex dot org, a site which currently consists of a front page with a non-functional search form and a broken link to a directory. IncrediBILL wrote about the netforex bot at the time of the spidering.

The All Black official bloke on TV3 news being quoted about the Fiat advert in Italy depicting a number of women performing a Haka. I couldn't find a text copy of the quote online, but the gist was that he didn't think the Haka should be being used for commercial purposes.

Rugby is, of course, one of New Zealand's largest industries. That sounds like a commercial purpose to me.

I have to say, Prime TV's billboards promoting the new series of Doctor Who:

They are things of beauty.

I was asked to share the .htaccess and Perl code I used to achieve my new hotlink protection method, so, first of all, from my .htaccess file for tetrap.com:

The first line sets the Perl script I'm using as my error 403 document, so whenever anyone gets an error 403, that script is executed and the output sent to their browser. The next line starts processing with mod_rewrite. Line 3 matches if the request is for a filename corresponding to an image file - if your images are named differently, yuo should change this line to suit. The next line will halt if there is no referrer present in their request, because many people have referrer reporting turned off. Line 5 halts if the referrer contains the text tetrap.com. Should all the tests succeed (The user is requesting an image, and the referrer is set to another site) they will get a 403 error and the script will execute.)

And now the perl script:

Here, the first clump of code fetches the path to the file that the user was trying to load. The rest of the code looks at the path to see if it is an image. If so, the script opens error403.gif and sends it to the user. If not, it opens error403.html (which is an error page) and sends that to the user. Note that, because the script is sending the file directly, any server-side includes or code will not be executed, so this would not be suitable for, say, a php script.

So that's basically it!

Not only is it TSV's 19th birthday this month, but according to my hosting history post it's also (roughly!) the 10th birthday of this web site. In net terms, that's positively ancient. I hate to think how many hours of time I've devoted to this beast...

Suddenly I feel very old. :)

Here, have a piece of Dalek cake:

With four episodes of series 2 left to go, here's how I rank the stories shown so far:

1. The Impossible Planet/The Satan Pit
2. The Idiot's Lantern
3. The Girl in the Fireplace
4. School Reunion
5. The Rise of the Cybermen/The Age of Steel
6. New Earth
7. Tooth and Claw

... although that list is somewhat deceptive since I'd rate New Earth 6/10 and Tooth and Claw only 1/10, so there should really be a big gap in there. The series seems to be improving as it goes on, but then three of the remaining four episodes are written by my least-favourite writer, so it may be downhill from here... Incidentally, can some one please let Mr Davies know that "story arc" does not mean "name checking something in every episode"?

I'm finding that the one thing that is really annoying me this series is David Tennant as the Doctor. More specifically, every time he goes into "AWWWWWWW, you HUMANS! You're BRILLIANT, you are. Giveus a hug!" mode, I want to hit him. But the rest of the time he's all right.

This comment spammer has been hitting my weblog the last couple of days. An attack involves him hitting the same post a dozen times or so and posting a handful of spam comments. The comments all look the same:

Hi, guys. Very nice site! I saw some interesting pages:

(ten links using [url= format)
(ten links using <a href= format)
(ten bare URLs)
Please look it! Thank.

The comments are all signed "Aariz (antohach@mail.ru)". Both the oncasinogame.com and cubacigar.org domains he uses are hosted in Dallas, Texas, and have the same whois information:

alex gudsf (scrimak@mail.ru)
tverskay street 43
rostov
RU

Only a google search for scrimak@mail.ru turned up anything other than spam, but the pages are all in Russian, which I can't read. Though one included an ICQ number which had little extra information other than the nickname "Scrim", and he's been posting on a Russian forum as "dimvols".

Results "1 - 100 of about 87"? You printed 100 right there! You know there's more than 87! WTF?

I had 4 hits on a page all from the same IP address with completely different user agents. Two of the referrers were of the form http://mail05.abv.bg/app/j/openmessage.jsp - visiting them just resulted in an error, so it's hard to see what use they'd be. The other two were Google searches for "freesmscenter" and for a phrase in Russian. Seems sorta odd to me, seeing as most stats software seems to represent hits from Google searches as just the search text itself. Presumably the spam was promoting the sites at the top of the results for those phrases, but it seems a very roundabout way of doing it...

I haven't been happy with previous methods I've been using for hotlink prevention, because usually they result in a broken graphic on the other site which, depending on the browser, may not be visible.

Method 1: If a user hits a graphic with a referrer from another site, they get a 403 error and an HTML error page. Drawback: this results in a broken image on the other page.

Method 2: If a user hits a graphic with a referrer from another site, they get an HTML page which includes the actual graphic in an <img> tag, and a "hosted by tetrap.com" message. Drawbacks: results in a broken image on the other page, and the hits are recorded as traffic in my server statistics.

So I decided to try a new method: If a user hits a graphic with a referrer from another site, they get a 100x100 black and white image which looks like this*:

That allows them to see instantly what the problem is instead of giving them a broken graphic with no indication as to why, and it still registers as a 403 error in my server statistics. I've achived this by using a Perl script for my error 403 page. It detects whether the user is trying to load a web page (in which case it gives them an HTMLerror page) or a graphic (in which case it gives them the graphic shown above. I think it's nifty. :)

* Except myspace.com users, who still get tubgirl. Bwahaha.