DELETE FROM mt_comments WHERE comment_blog_id=XX AND comment_author like "%poker%" DELETE FROM mt_comments WHERE comment_blog_id=XX AND comment_text like "%cialis%" DELETE FROM mt_comments WHERE comment_blog_id=XX AND comment_email like "%mail.ru%"

It's kind of fun watching them go wooshing down the drain in batches like that.

Apparently one of my commands was a little too aggressive (where I took all out above a certain ID and forgot to restrict it to the one blog), and I've munged all comments since September 2004! Oh well, that's why I have hourly database backups...

Back we go into the depths of the database, armed with a wrench and a grease gun to patch things up....

Update: Gulp. My backup scripts were dying over the last 2 months. Now they are fixed. But alas, my comments going back the last 8 months was flushed. Oh well. Not important, eh? How about adding some new comments?

These spammers are nymphomaniacs in the sense they just cannot seem to stop shoving their URL encrusted packages into any web form they can find on our sites. That is, they cannot help themselves to stick their unwanted, undesired, PPC (Porn-Pills Casino) into places on our site where we offer a place to provide feedback or to request information.

Since I have the feeling they read me here (hi there spammy! how ya doing?) the news is that these forms never post any content online. Y'all are wasting your spam time and effort. Why not bombard someone else, someone bigger.

It is pretty easy to smell the spam stench, often with some faked email variant of absinth542@xxxx.ru, but the places they are sticking their wang-doodle will never see the light of day, never will get one trillionth of a google rank.

Oi, but what hurts is that the browser detection on the submission reveals:

browser info : Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)

I am crushed, absinth542! How can a Mac user be a dirty low down, url shoving spammer? These are dark days indeed ;-)

So Mr/Ms. Absinthh542, please find a self-help group, and go through the 12-step-program to address your Spamnymphomania. How rich might your life be, and others, to use your skills for good, rather than spamming. Will you tell your grandkids how you shoved poker URLs into school web sites? Will that be what people will eulogize at your funeral? "Oh Absinth542 was a lovely human, who managed to get Phentermine Inc a top Google Rank for 2 months back in 2005."

What a legacy indeed.

Maricopa Center for Learning & Instruction
RE: Learning Objectives Xxxxxxx Xx or Xxx! Website page
http://www.mcli.dist.maricopa.edu/mlx/show/believe_it.html

Dear Mr. Levine:

On behalf of Ripley Entertainment Inc, I am writing to notify you of a trademark infringement discovered on your website.  The title of your Learning Objectives website page, “Xxxxxxx Xx or Xxx!” constitutes unauthorised use of our trademark and we, therefore, must insist that you remove it from your site immediately.

Our company is the owner of the world-famous trademarks, “Xxxxxxx Xx or Xxx!”, and “Ripley's Xxxxxxx Xx or Xxx!”.  These trademarks are registered in the U.S. and Canadian patent and trademark offices under registration numbers that can be provided upon request.

Ripleys vigorously pursues any and all cases of infringement on our registered trademarks in order to maintain the integrity of our licensing program and protect the image and public perception of our company.  We hope you will comply with our request without hesitation or objection and we ask that you acknowledge your infringement in writing to confirm that you have ceased using the “Xxxxxxx Xx or Xxx!” trademark in any form whatsoever on all MCLI websites and publications.   Your response is expected no later than April 4, 2005. 

So just in case you were curious, the former URL now posts a brief "content gone" notice.

Now the purpose of this was to share some video interviews with faculty on our system that Xxxxxxx Xx or Xxx! actually used or re-used learning object content from our Maricopa Learning eXchange. We thought that was remarkable and thought this would fall under the realm of parody. We were not using the scared expression to make money, to profit, and I am a bit puzzled how our little web site hurt the Ripley name or devalued it. I guess that Learning Objects are really unpopular! Go figure.

But the Ripley's folks sic-ed the lawyers on us (they must be scraping the bottom of the barrel now), so now we are proud to unveil... "Learning Objects: Real Life Stories!"

Anyhow, after checking our strategy with the Legal department here, removing the "infringed" expression satisfies the letter of their request.

I'm a bit puffed up over this notoriety. Xxxxxxx Xx or Xxx!

So it has been shut down for 5+ days. I am not much of a server admin, and being short staffed (my office is a tech staff of 1.. me, and I lost the part-time programmer who had done our server admin tasks) I've been under the thumb of our IT department. On my return to the office Tuesday, after restarting the server and taking back my root account, I contacted the head of our security department by a voicemail message, first thing in the morning.

Nothing happened.

I left an email message at noon to ask for some assistance and to find out when we could bring the server back.

Nothing happened.

I called again at 5, left another message.

This time he called back. He was very evasive on whether they could bring the server up, not knowing what was done to it, but then surprised me by saying he would talk to his director about moving the servers up to their area and taking over the admin chores. I was encouraged and told we would talk about it the next morning.

In the meantime, I proposed another solution-- we already have another server up there, and looking at the needs, I proposed consolidating what runs on 3 servers to one. I had most of the stuff I would need, including some dumps from the database prior to the hack attack. However, a few files (mostly the directory of wiki content files) I need to get from the hacked server, and I had no way to connect to it. I spent 2 hours trying to get the sever to recognize a USB Zip drive. No luck.

The next day came. I heard nothing. Another voicemail and email left, and one more to his Director.

By the time I finished up lunch today, I figure it was time for the next level of communication-- hunt them down in their offices. I found one of them, got a "Oh I forgot to send you an email". He actually came down, showed me how to mount my zip drive, and then this afternoon, over the course of a few more hours, I was able to rebuild the MovableType blogs form the database, reload the discussion board software and populate that from the database. As always MovableType presents a challenge for the requirement of the DBI / DBD per modules to use mySQL.

I have installed MT on 4 or 5 different servers, and the experience of installing perl modules amaze me as some sort of black magic alchemy. On this machine, cpan was not even a command line option- I had to download it and run from an obscure command line. Then, apparently I lacked a bunch of libraries and had to use cpan to install pieces of itself. I was able to get DBI to install cleanly within cpan (the first time that happened), but the DBD:mysql module install crapped out "cannot make, make failed blah blah", but like another recent server, I was able to get it installed outside of cpan via the 5 command line options.

I should be able by mmid day tomorrow to have everything back in place (in addition to all passwords being changed).

I have yet to hear back from the first person I spoke to in our IT department; 4 days later. They leave me little option to bark up the management chain, again.

But this is all just my whining of 3 days of productivity mostly lost to farting around with a server.

And why did this happen? Because someone out there on another continent (ahem, we do have some coordinates) felt like they were entitled to bust into our box. I have a very hard time understanding this behavior- sure it must be some sort of ego boost to crash the gates of a corporate server, to bust into the government, to sneak around the walls of Microsoft, but to pick on a .edu site that is operated on a technical shoestring by someone intent in building tools and content for sharing-- well there is nothing lower in phylogeny of net scum to describe this action, worse than blog spam roaches. It just reeks and discourages me. Maybe I should just retire and go into shoe sales.

No, there is absolutely no upside of being hacked, and I was fortunate-- no content was munged, deleted. But still, my time, energy, and optimism are scuffed up.

While doing the routines, I saved and recycled the MT activity log- woah, is there a lot of stuff the MT Blacklist plugin stops cold. In fact, it sure looks like the cause of some of our server outages a few weeks ago was repeated spam attempts.

Just looking at the activity on February 12, a spammer was knocking (unsuccessfully) at several blogs on my server 565 times in one day, with 230 repeated attempts in the span of one hour. In that span, no IP number was used more than 3 times.

They say persistence pays off, but I am not seeing or allowing any payoff. I have a whole raft of data to toss into my spam tracking tools. Time to call out the dogs.

flickr foto

The Home for the Conference Bag
available on my flickr

This League For Innovation "Innovations 2005" conference drew 2400+ folks to New York City.

The "League" (it always feels like there should be automatic trumpet calls when i say "The League", like it is the "League of Extraordinary Colleges") seems not to have changed its conference format since their first one I attended in the mid 1990s. To me the feeling of innovation is still lingering back a decade or more, like a high school jock at the 30th reunion still re-enacting the winning tocuhdown.

The conference program (only available on the web as a large PDF download) even has the same exact layout as every previous conference I've attended. Now the format of that is not a big deal, but the format of the conference is the same too. There are about 30 sessios per hour, so folks are spread thin, lofty keynotes, the obligatory exhibit hall , and lines of people queing up to read email.

The cheesy conference bag stuffed full of glossy brochures? Mine is on its way to the dump. Wasteful. The 3 pound conferenc program? Hopefully recycled into material to create park benches.

But mostly, the staleness is that still the lecture is the primary paradigmMark Millison who actually speaks like a person, not a teleprompter reader, and tells stories, reaches the audience. But Mark cannot be the whole show.

I attended a session yesterday where the presenters actually read the PowerPoint slides, not just the bullets, but even 2-3 paragraph quotes that were on the screen. I am sorry, but it seems less than optimum to travel 2000 miles to have someone read to you something you could absorb by reading offline in 1/4 the time.

Edward Tufte points out the information density of PowerPoint content is already rather low. To me, it drops off the table when someone reads it to me.

The 50 minute session slots (the school bell rings?) rarely leaves any time for sufficient dialogue, conversation, the meatier stuff. It gets shoved in the breaks and the hallway talk.

And still, too many presenters (IMHO) put way too much background and blah blah before the demo. Start with the demo.. Grab our attention. Engage us.

And the session evaulations, still done on paper, requiring some poor underpaid drones to type it in, and return months later to the presenter. We're nearly all carrying wireless devices and there are rows of PCs lined up with people who travel across country to read their email.... why not use 'em to collect data?

But maybe the web, where I get to choose, skim, skip, dig deeper on my own terms, has ruined my attention span.

And do not even get me going about the issue of the presentation rooms lacking Internet access for presentations (unless you desire to pay $700). I cannot believe it is not available considering broadband is in every guest room.

I'm ready to take a pass on future conferences that are built on the successful formulas of the 1970s. After all, we are not still wearing leisure suits and big bouffant hair-dos.

Yes, I am ..... well, you read the title.

Update: It gets worse- there is a vendor sponsored e-mail wire labeled as "as 24-hour email and wireless access". I asked if the wireless was open or if I needed a network access name.... Neither, I cannot use my wireless equipped laptop with their set up, it is only for the set of laptops they provide. So there are people lined up to use a wireless laptop. I am more perplexed and amused than... sleepy.

It's interesting, curious, and quirky when the PR factories roll new verbs off the assembly line- Moreover's FeedRSSDirect Ads offer this savory description:

Moreover Technologies, the premier provider of aggregated online current awareness information, today announced FeedDirect RSS Ads, the first self-service integrated RSS feed delivery and monetization service...

RSS feed publishers will now benefit from the ability to insert content-targeted, revenue-generating sponsored links within posts or as an individual post, providing publishers with unparalleled flexibility to monetize their content.

Ohhhhhhhh, "monetizing" the content sounds so sexy. Magical. Alchemy. Turning plain old content into cash.

I am not predicting gloom and doom, and will likely exercise my right not to read content that has been created in the pure goal of "monetization". It's bad enough that in this pursuit some web sites have web sites with 7% of weight (or 20% by volume) of content among the ads. But can you imagine wading through loud billboards when you are trying to digest information?

While I would never begrudge anyone to make a living off the web, is the "clown pants" visual impact of ads something you really want to wear?

And here I as hoping that Monet-ization was some sort of Impressionistic graphics design approach. Viva la difference.

I will not be starring in any of these soon.

Regular CDB readers will know we periodically bark and growl about bad online customer service, so here is chapter 22 in the novel.

Three times in a 30 day span our home telephone service wigged out and went dead. It is no longer a big deal since we average one cell phone per occupant. And Qwest was fairly good at dispatching a repair person in a timely manner.

The issue was that we are not home when the service person arrives, and although my adult step-son is very responsible at handling the service people, on the last two calls I made a simple request when I placed the order-- I wanted the repair person to call me on the phone to explain exactly what the problem was and how it was repaired. A "spirit of service" would be at a minimum to say just what the heck you did.

Despite making the request crystal clear on the last two calls, I never got a call back on the summary of the repair.

So I wandered off to the customer service area of the Qwest web site (5 clicks to get to an email form). I briefly and un-sarcastically explained what is written above, and asked why this simple request was not honored. Upon sending, the form's CGI script crashed my browser, so I suspected it had gone to the great missing sock bureau of the net, but actually I was surprised to get one of those automated bot replies, "We got your message and someone will get back to you in XX hours/days/years".

Yes, this is all trivial, but here was the clincher in the customer service response:

Dear Alan,

Thank you for notifying us about the unsatisfactory customer service experience that you recently encountered. Please accept our apologies for not meeting your expectations.

If you would like to talk to a manager please call 1-800-573-1311 for our repair department and ask for a manager. They will be able to process your complaint.

Thank you for choosing Qwest. Have a great day!

Sincerely,

Qwest Customer Care
Consumer Markets

So if I get this correctly-- I sit down and fully explain my complaint. Two days later, their response is to take more time to call someone and say the exact thing again. This is just plain stupid, and is no service to this customer. Why am I filling out a web form with my complain if I have to call it in?

I replied and let them I had no intent of wasting more time to tell them what I already told them, along with a reminder that their competitor, the local cable company, offers home telephone service (okay, sarcasm creeps in). I gave them my phone number, and said I expect them to contact me.

The latest response:

Dear Alan,

Thank you for your recent e-mail to Qwest in regards to having a manager from our Repair department call you. I apologize for the delay in responding to your e-mail and for any inconvenience you have experienced.

I have referred your request directly to our Repair Call Handling Center. A manager from our Repair department should be in contact with you soon.

"Soon" is one of those fuzzy lengths of time which is now getting near 2 weeks.

Bottom line-- listen up business folks-- if you tout your eCustomer Service than you getter deliver on it.

Grrrrrrrrrrrr.

This is according to an email feedback message that flew in today:

I find it interesting and quite disturbing that a community college student or employee is unable to spell basic English words. What does that tell you about the US education system? Just that it will never attain the international recognition that Canada enjoys in this field. You have numerous spelling errors on the listed web page. And, I'm not talking about long or complicated words. I'm talking about very basic words.

Oh geepers, I kant spel near goodly 'nuff fer you smart Canadiens up thar, I musta be am just plum full of dumb, American stooopidity. Yep.

Frankly I would take an interesting misspelled good concept or interesting thought any day over some comma queen's perfectly spelled prim, proper, and pompous arrogance.

So my reply:

Normally I thank people for their kind notifications of errors or typos on our web pages, so I almost said thank you-- for the errors are now corrected.

I find it interesting and quite disturbing when people get so bent out of shape over details that have no bearing or effect on the content in question. It almost seems that proper spelling is more important than ideas.

I find it even more nteresting and disturbingwhen people express a superior attitude by drawing ridiculous and illogical grand conclusion from small instances. Please enjoy your grandiose reputation and all the glory it entails, and I cannot wait to share your thoughtful and glorious words with my fellow Canadian colleagues. Heck, maybe they feel the same way.

Enough said, I got some hogs to wash and a string to fix on my banjo.

It took about 75 seconds in phpMyAdmin to clean out the spambacks, but I decided as a fun task to build my own web tool to do it even easier. Presenting the Spam Trackback Annihilator:

All I need to do is to fill in the easy to guess typical spam words, and select to wipe out from the Source, URL, Title, or Body fields (or all at once to lower the big boot). In one click I can kill thousands or roachies. You will not find this URL on our server, as I can run it locally from my OSX desktop. Next, I will set up a cron job to clean out the poker jokers once a day. Y'all are now wasting your time, not mine.

I'm also toying with whipping up a similar tool for MovableType blogs. That too would be a snap to zap bad trackbacks.

Both the material and spiritual worlds are full of opulence, beauty and knowledge, but the spiritual realm is more magnificent due to its being full of knowledge, bliss and eternity. The material creations are manifested for some time as perverted shadows of the spiritual kingdom.

followed disjointedly by one from "Mrs Alez <wyxlysqws@address.com>"

Heyyy it's me Brittany... husband left me home alone again

you can come and chat with me, i have an online profile...if you want, we can have a date and get to know each other much closer

Not being much of choice of paths in the wood, both are swept to the trash. But, with apologies to Robert Frost (second reference in two days, do poets get Trackbacks?)

Two spam diverged in my inbox, And sorry I could not filter both And be one busy worker, brief I stood And skimmed down one as fast as I could. To where it slid in the undergrowth,

Then took the other, as just as bizarre,
And having perhaps the spiritual claim,
Because it was cheesy and wanted reply,
Though as for that, the wondering why
Had deleted them about the same

I believe it is the "Phoenix, near Burbank".

It looks like they are not wasting any money on location shots, because I have yet to see a cactus, a desert rabbit, a creosote bush, a snake or any recognizable building structures or streets. The clincher was tonight's episode (playing in the background before the news comes on, I am not absorbed in this drivel) where the main character is frantically calling 911 on her cell phone "I am on the corner of Chaparral and Miller, please hurry!" an intersection rather close to my home, and I see nothing that is even close to how the scene looks. Those palm tree lined burbs are most definitely southern California.

Okay, it is not a documentary or reality, but hey, at least stick a saguaro cactus in the background!

There was now a consequence as the main page for our site was hijacked via the vulnerability I reported (see the blurb on this, we were definitely not alone).

So since the requests were not answered, I resorted to the trump card, firing off emails up the management chain to the almost top, and asking for help in closing a security hole that could affect numerous primary web sites.

I got a response in 6.5 minutes.

In theory, this is how our helpdesk works.

1. I go to a web site and fill submit a problem request form.


2. It gets routed electronically to someone who addresses the issue.


3. The helpdesk ticket is closed, I am notified by email, and merrily continue to perform my job.

In practice this is actually what happened this week. I got an email from a white hat hacker who informed me that a particular perl script we use on our site has a vulnerability, and that an update would take care of it. I got the update, but sadly found out that the script was in a directory that our IT department had installed it, and the directory permissions were set that prevented me from making any modifications. Permission issues seem to always happen. So here is what happened..

1. Monday, I go to the helpdesk web site, start filling out a form, before realizing that the form uses an arcane JavaScript windwo lookup in our LDAP to get my contact details when I enter an email address. Unfortunately, this only works in Internet Explorer on a PC, so my Mac browser crashes. Have they not heard of cookies?


2. Rolling across the room to a PC, I start over. I never understand why I have to provide a room number and browser version when I am reporting a web site issue, but I must comply with required fields. So now they know I use IE 4.x (not). The problem description text area input field is about the size of two matchbook covers, and backspacing does not work.


3. Since this is a security issue, I made sure to cc: the guy in charge of that area. Maybe it will light a fire.


4. I get an email notification that states my ticket has been created.


5. Four days pass and I almost forget about it. What can be the problem? Changing permissions on a unix server is a task that should take someone, oh, about 140 seconds at the most, and most of that is directory navigation.


6. So this is what I learned about our helpdesk. The form establishes an electronic paper trail, but to get it done, you have to track down the right people and harass, beg, bribe, whine. I start by calling and leaving un-returned messages, sending emails, and eventually bothering the poor director of the helpdesk who gets just as frustrated with the various technical departments.


7. That failing, I start walking the halls in the IT area, and prowl until I can find the right person. The challenge in this game is that they change either titles or names every few months.


8. With some luck, in a week or two, maybe more, I get an email letting me know the ticket is closed. Sometimes tat even means the issue was fixed.

And that is how help happens. Oh, if I were only root on the server, I would not only not bothering them, I'd not be griping here.

Sam - let's call our interviewee Sam, it's suitably anonymous - lives in a three-bedroom semi-detached house in London, drives a vintage Jaguar and runs his own company. But "it's not not all rock and roll and big money", says Sam. What isn't? Spamming websites and blogs with text to pump up the search engine rankings of sites pushing PPC (pills, porn and casinos), that's what.

For that's what Sam does, pretty much all day long. He - we'll use the male notation, it's easier - would do this anyway for fun, but it's more than fun; he says he can earn seven-figure sums doing this. Sam is a link spammer.

There is some interesting history that indicates the actions of spammers are pretty much following the moves of the big search sites, so when Google changes their PageRank algorithm, the spammers follow suit to find the next crack in the ship. Or, "All Your Blogs Are Spam-able"?

"You could be aiming at 20,000 or 100,000 blogs. Any sensible spammer will be looking to spam not for quality [of site] but quantity of links." When a new blog format appears, it can take less than ten minutes to work out how to comment spam it. Write a couple of hundred lines of terminal script, and the spam can begin.

People like "Sam" make their bucks out of getting their PPC (porn, pills, casino) sites in the Google top 10, the front page view, and apparently, it is a soft life. A few lines of code, a few mouse clicks, hiding behind proxies, and Bam! A shiny new red Jag. What are we all doing working?

Sam dismisses any effect on his soft life by Google's "nofollow" implementation. And what makes Sam's work a bit harder:

"The hardest form to spam is that which requires manual authentication such as captchas. Or those where you have to reply to an email, click on a link in it; though that can be automated too. Those where you have to register and click on links, they're hard as well. And if you change the folder names where things usually reside, that's a challenge, because you just gather lists of installations' folder names."

And Sams of the world are stepping up their aim on Trackback-- I noticed this morning when a blog site I set up in November for my visit to New Zealand woke up and sent 8 notices of links inserted for the holy trio (PPC). I realized I had set up the MovableType Blacklist plugin, but had forgotten to activate it (doh).

Bloggers can take a more active stand (see Six Apart Guide to Fighting Spam) starting with some basics like renaming the file names of the comment script - blog spammers look for the default names (it is a kiddie script task to build this just by harvesting google links to blogs), to more complex like the Blacklist plugins, adding graphic "captchas" (which I am still trying to sort out getting the right perl libraries installed), adding scripts/plugins to close old blog posts.

There is still a long way to go. Hmmmm, a blue Jaguar would like nice in my driveway...

Updates:
The first waves of Trackback spam is hitting the shores of Kairos, Tom Hoffman's Tuttle SVC, Jabber Architecture, 99 Shades of Grey, and more to come...

Also, while Googling up these victims, check out the new blog supporting a book called "Spam Kings":

The mounting onslaught of email pitches for porn, pills, and penis enlargement has some techno-pundits declaring that spam is on the verge of destroying the Internet. In Spam Kings, author and investigative journalist Brian McWilliams delivers a compelling account of the cat-and-mouse game played by spam entrepreneurs (including the notorious Davis Wolfgang Hawke, "Dr. Fatburn," and Scott Richter) in search of easy fortunes and the cyber-vigilantes who are trying to stop them.