If your engineering company is involved in the building of mine works at a central Colorado molybdenum site, you will probably, sooner or later, get a request from a rather sheepish engineering manager that you update the company spam filter to white-list the terms "erection" and "Climax."

Filed under :: Job Jollies :: Spam
Link · Print · Edit · Comments (4) · Pings (0) · TR/G

Well, that little digression turned into a big time sink.

A few weeks back I converted my WIST quotations site into a static published site, rather than dynamic. That took a chunk of disk space, but the performance for calling up individual pages (and having them index) should save time.

So, today it I was in the mt-config.cgi file (to turn off the autosave function), when I realized it had been three weeks since I renamed my comment and trackback scripts. I've found that's a moderately helpful way of foiling certain spammers.

I was about to do that, when it suddenly occurred to me that, unlike before, not all of my individual entry pages in my various blogs were still dynamic. WIST's pages are static (actual HTML files generated at creation, vs. dynamic pages generated from the database on the fly). If I changed the names of the comment and trackback CGI files in the configuration, I would have to rebuild all my pages. Which, last time I did it, was a multi-hour task (that may have been in part because it was the first time I'd done it; I haven't timed it again lately).

Ugh.

So instead, I needed a way for the script names to be dynamic when a given page is called, but the rest of the page to be static the rest of the time. Here's what I did.

1. Create two new index templates, one for each script name. 

I figured I could use Server Side Includes (SSI) as the dynamic source of the CGI script names. You can create SSIs from MT without too much trouble (as the output file associated with a template), but to have them "built" with the value they need, so they need to be done as Index Templates (vs Template Modules), flagged to rebuild with each rebuild.

So I created a "dynamic comment script" index module that creates dynamic_comment_script.inc, and has as a single line:

<$MTCommentScript$>

That tag will return the of the comment script.  Then I did the same trackbacks.("<$MTTrackbackScript$>" etc.)

So now whenever a rebuild happens, those two .inc files will have the name of the script (e.g., "xyztrackback.cgi") in them. And when I change the name of the two scripts in my mt-config.cgi file, instead of rebuilding all the individual entries in WIST, I just have to do an index rebuild (which takes just a minute). And if I forget, it will still update the next time I add a new entry.

Note that SSI is not available on all hosts. It is on mine, though.

2. Change the comment form. 

Now to change the reference to the comment script. In the comment code, there's a form call that starts something like:

<form method="post" action="<$MTCGIPath$><$MTCommentScript$>"

That's the part that needs to be fixed. And, fortunately, it's simple.

<form method="post" action="<$MTCGIPath$><!--#include virtual="/dynamic_comment_script.inc"-->"

That's an SSI call there at the end. It's calling the contents of that .inc file I created in step 1, literally sucking it in at the time the page is loaded. Thus, the page is static (on file), but that particular piece gets pulled in dynamically. And recall that .inc file contains the name of the comment script, as most recently generated (even if that's after when the entry's static file was generated).

3. Change the Trackback text. 

I still have the default trackback address text at the bottom of the individual archive page, in case someone's doing a manual ping that isn't doing an auto-discover on the file. That line usually looks like:

TrackBack URL for this entry: <$MTEntryTrackbackLink$>

Instead, I do the same trick as above:

TrackBack URL for this entry: <$MTCGIPath$><!--#include virtual="/dynamic_trackback_script.inc"-->/<$MTEntryTrackbackID$>

MT has all sorts of tags for this sort of stuff, so it was easy enough to (by looking at what was actually generated) find the surrounding pieces and substitute in the SSI of the TB script in the middle.

4. Change the Trackback autodiscovery code. 

A lot of blogging software can autodiscover trackback addresses for a file through special RDF tags embedded in it. So MT has a simple tag to generate the RDF tags:

<$MTEntryTrackbackData$>

That actually creates a 14-line set of tags and info for the trackback discovery process. Unfortunately, part of that info is the location of the trackback script (so that the autodiscovering system can generate a trackback entry).

Fortunately, though long, the format of those tags is pretty straightforward and the content is reproducable. So in my Individual Archive template, in lieu of the one line above, I now have:

<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
        xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
        xmlns:dc="http://purl.org/dc/elements/1.1/">
<rdf:Description
   rdf:about="<$MTEntryLink$>"
   trackback:ping="<$MTCGIPath$><!--#include virtual="/dynamic_trackback_script.inc"-->/<$MTEntryTrackbackID$>"
   dc:title="<$MTEntryTitle$>"
   dc:identifier="<$MTEntryLink$>"
   dc:subject="<$MTEntryCategory$>"
   dc:description="<$MTEntryExcerpt$>"
   dc:creator="<$MTEntryAuthor$>"
   dc:date="<$MTEntryDate format="%Y-%m-%dT%H:%M:%S-07:00" />
</rdf:RDF>

All the stuff in the first block is literal info as generated currently by MT. The next stuff is all use of MT tags -- including, note, the SSI to get the current trackback script info into place.

The only thing I didn't bother to look up or figure out how to do is on the last line. The "-07:00" is the GMT time zone offset, in this case Mountain Time. I don't know if MT has a tag to do it, and I really didn't feel the need to look it up (since I don't plan to permanently move out of my time zone any time soon).

5. Kick back and relax. 

And that's it. With those steps, I now can change my comment and trackback script names, do a simple index rebuild on WIST (or even -- given that the trackback and comment traffic isn't all that heavy -- let it rebuild itself when I add more quotes each weekday), and the changed CGI script will be present in all of my entries without having to do a full rebuild.

Of course, you might say, I could simplify things by eliminating trackbacks -- but I'm stubborn about this, as I think the TB concept is delightful, and use it a lot for internal cross-references if nothing else. I hate to let the spammers "win" on that one. Ditto for comments -- the WIST site would not lose a lot by losing comments -- but I'd be irked and saddened. So, to me, it's worth the effort to have done this.

And to have shared the wealth with anyone else who's looking for something similar.

Filed under :: Blogging - Technical :: Spam
Link · Print · Edit · Comments (0) · Pings (0) · TR/G

1. A guide to the French.
2. Inauthentic Medieval Food.
3. Freakonomics book covers from around the world. I'm amused by the subtle differences, and by the huge ones.
4. Forty percent of spam comes from one source.
5. Modular Windows?
6. Dean Kamen's amazing water machine. I saw this on Colbert. Hopefully this won't be another Segway (as cool as the Segway remains).

Filed under :: Food & Drink :: Geopolitical Brouhaha :: Hi-Tech :: Media - Books :: Potpourri :: Spam
Link · Print · Edit · Comments (1) · Pings (0) · TR/G

I am very amused that I just got a spam for winning some sort of "cyber-lotto" -- ostensibly from a office in nearby Amsterdam. 

If the e-mail in the message matched the e-mail the message was sent from, I would be tempted to go look them up ...

Filed under :: Spam :: Travel
Link · Print · Edit · Comments (0) · Pings (0) · TR/G

Comments are tending to remain spam-free (thank you, TinyTuring). A few occasionally are popping up as added by real (evil) people at keyboards; these tend to be fairly obvious on all my blogs, and get deleted as soon as they're spotted. I'm hitting the Manage Comments section of my MT installation at least every few days, in case something comes up on one of my less-watched blogs (I don't always see the Comments e-mails).

Trackbacks continue to be the biggest problem, but are largely managed. Basically, trackbacks on all blogs except this one and BD's are moderated (the exceptions are because we both are more likely to spot stuff quickly), and both blogs have low thresholds for flagging stuff to be moderated (or junked) anyway. 

By the same token, some very crafty trackbacks have been showing up lately that aren't easily filtered -- titles and excerpts from "real" text, and links to domains that look relatively innocuous. These have the greatest likelihood of slipping through, but I've been monitoring both my e-mail notifications and the MT trackbacks screen pretty closely, as well as noting IP ranges for those innocuous domains (and, quel surprise, they often are part of the same bloc, which then gets IP-banned).

It does remain intensely frustrating -- like having a wall that invisible taggers keep spray painting -- but I refuse to let the bastards grind me down.

Filed under :: Blogging :: Spam
Link · Print · Edit · Comments (0) · Pings (0) · TR/G

Sometimes these guys don't even seem to be trying very hard:

From: Internal Revenue Service
Subject: Tax Notification

Internal Revenue Service (IRS)

United States Department of the Treasury

After the last annual calculations of your fiscal
activity we have determined that you are eligible
to receive a tax refund of $184.80.

Please submit the tax refund request and allow us
6-9 days in order to process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying
after the deadline.

To access the form for your tax refund, use the following personalized link:
http://[gobbledygook redacted]/www.irs.gov/  

Regards,
Internal Revenue Service

 

Document Reference: ([more gobbledygook])

Riiiiight. I'll just click right through, accept any downloads, tell you my SSN and bank account number (so you can "deposit my refund"), and then wonder what happened to my bank balance and why does my computer keep crashing ...

If the above doesn't look suspicious to you, you probably shouldn't be on the Internet.

Filed under :: Spam
Link · Print · Edit · Comments (0) · Pings (0) · TR/G

Is Spim (the Instant Messenger version of Spam) getting worse? Or has my Yahoo account gotten on some bulletin board somewhere as an easy mark?

I've been getting a ton (relatively speaking -- say 3-5 messages a day) of Spim lately -- always a "Howdy" and a link, most of which look fairly unsavory.

Annoying. I've set myself to Ignore anyone not on my Messenger list, but ... feh. Some people suck.

Filed under :: Spam
Link · Print · Edit · Comments (0) · Pings (0) · TR/G

I've been working with the Hosting Matters folks to get FastCGI up and running on the server I'm on. 

The biggest problem (from a spam perspective) that Movable Type has is that it's all script based, and everyone who hits a script spawns a new instance of it (as I vaguely understand), which, during heavy attacks, means a lot of serious overhead on the server.  Since 99% of the anti-spam measures in MT are script-based (fired off after someone invokes the comment or trackback script), that's a real problem.

MT supposedly works now with FastCGI.  Under that setup, a script, once fired off, stays in memory, and is reusable from there.  That would seriously reduce the impact of spam attacks.  Problem is, I haven't been able to get even a simple "Hello World" FCGI script to run.

I tried working this back last January and had no luck.  Hopefully I can get it running now.

I'm also seriously pondering making the move over to MT4 while I'm off here in Faerie (but not these couple of days I'm in the office).  It won't specifically address the spam issue, but I'd like to be on something approaching the latest-greatest.  My biggest question mark at this point is the fork between MT Open Source and MT4 proper.

UPDATE 1:  HM reports they've gotten one of the Hello World scripts running, huzzah, and I've verified it, huzzah.  That should mean, once I'm at a computer I can access the error log from (just to monitor) that I can try the general conversion to FCGI with my MT 3.34 installation.

UPDATE 2:  And the server is under "attack" again, meaning I can't do diddlysquat.  *sigh*

Filed under :: Blogging :: Spam
Link · Print · Edit · Comments (21) · Pings (0) · TR/G

Filed under :: My Computer :: Spam
Link · Print · Edit · Comments (0) · Pings (0) · TR/G

I've been working with the Hosting Matters folks to get FastCGI up and running on the server I'm on. 

The biggest problem (from a spam perspective) that Movable Type has is that it's all script based, and everyone who hits a script spawns a new instance of it (as I vaguely understand), which, during heavy attacks, means a lot of serious overhead on the server.  Since 99% of the anti-spam measures in MT are script-based (fired off after someone invokes the comment or trackback script), that's a real problem.

MT supposedly works now with FastCGI.  Under that setup, a script, once fired off, stays in memory, and is reusable from there.  That would seriously reduce the impact of spam attacks.  Problem is, I haven't been able to get even a simple "Hello World" FCGI script to run.

I tried working this back last January and had no luck.  Hopefully I can get it running now.

I'm also seriously pondering making the move over to MT4 while I'm off here in Faerie (but not these couple of days I'm in the office).  It won't specifically address the spam issue, but I'd like to be on something approaching the latest-greatest.  My biggest question mark at this point is the fork between MT Open Source and MT4 proper.

Filed under :: Blogging :: Spam
Link · Print · Edit · Comments (0) · Pings (0) · TR/G