The Musings of Chris Samuel

If you’re worried about spam and scams coming through the Internet Portal (thanks to Stephen Conroy for pointing that threat out) then get yourself a Kogan Portector! Here’s their advert for it on YouTube..

Of course you must be sure to read the disclaimer..

DISCLAIMER: The Kogan “Portector” Internet Filter is not a real product. This product is in no way affiliated with Communications Minister Stephen Conroy, The Australian Labor Party, or the Australian Government. Incorrect use may result in uncensored Internet content, freedom of speech, freedom of choice, freedom of thought, and protection of your civil liberties.

Phew, thanks Kogan for saving us!

I’ve just spent a bit of time fixing up a fairly simple bug that was preventing Rich Boakes’s “Worst Offenders” plugin¹ from working in current WordPress versions (basically it was assuming it had created a submenu somewhere it wasn’t) and merged my branch back into trunk to check the content of comments for a list of bad words. No release yet, this is just in trunk, but if you are feeling adventurous you can go into your WordPress’s wp-content/plugins directory and do:

svn co http://plugins.svn.wordpress.org/worst-offenders/trunk/ worst-offenders

Of course make sure you’ve nuked any earlier version of Worst Offenders first!

1. This plugin classifies your Akismet spam queue by various criteria to let you do bulk deletes for comments matching various criteria [back]

Update: removed the link to the SpamAssassin announcement as the link isn’t permanent!

In case you’ve not noticed – SpamAssassin had a nasty Y2K10 bug which had been fixed months ago but the fix never got pushed out into a release or updates.

Those of you using SpamAssassin to filter your mail may want to watch things a bit more closely than usual; it seems that current versions still include the rule known as FH_DATE_PAST_20XX, which adds 2-3 points to any message with a 2010 date in the headers. Surprisingly enough, such dates have suddenly become common, with the result that SpamAssassin may be generating more false positives than usual.

The fix is now included in the updates pushed out by sa-update, run it with -D to get debug output and check you’ve picked up 895075 or later. You’ll see it say:

[4096] dbg: dns: 5.2.3.updates.spamassassin.org => 895075, parsed as 895075

If you’re running Zimbra then you’ll need to fix this manually, in the VPAC install (5.0.x) I changed a line in /opt/zimbra/conf/spamassassin/72_active.cf from:

header FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]

to:

header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006]

The other alternative is to set the score of the rule to 0 in your local.cf file:

score FH_DATE_PAST_20XX 0.0

Then go hunting for legitimate email in your spam folder (I’m lucky enough that none got picked up).

Got a spam in my spamtrap today with the subject:

Privet & Confidential

I bet it’s a hedge fund..

This got caught by the spam filters:

To speed up the process, you are required to call us at our free toll free number (+61) 731-235-996 to verify your Commonwealth Maestro Card.

First time I’ve seen a phishing attack that uses (presumably VOIP) phone numbers (in this case allocated to GoTalk in Brisbane, they own 0731230000 to 0731239999 according to the search you can do here) rather than a web site (though I suspect it’s been around for a while).

US-CERT has a form for reporting security incidents – I wanted to report a .gov system that had been hacked and used as part of a phishing scam but cannot because it won’t accept my Australian phone number! Sigh..

The email to the technical contact in WHOIS will have to be sufficient then.

Bookmarking this useful information from Russell for future reference. I’ve just installed the RSS Footer plugin as recommended by the post that Russell links to.

Got to love the anti-spam Captcha on the sign up for the Quantum Random Bit Generator Service..

(Thanks Don)

I read on PLOA that Michael Carden briefly tried to open his blog for comments, only to find:

The WordPress UI balked at deleting 194,000 (okay, I ignored it for a while) comment spams. I had to dig in as admin and run a fun sql query on the database to delete all 47 meg of them.

I guess I’ve got a couple of suggestions for Michael to make his life a little easier should he decide to try again.

1. Akismet has an option to “Automatically discard spam comments older than a month“, that might help (though it’d be nice to be able to adjust the time).
2. Run, do not walk, to Rich Boakes most excellent Worst Offenders plugin. This will both group comments for deletion based on various criteria but also (if you have permission) add Apache “Deny From” rules for the offending IP addresses. It’s also worth bumping the number of IP addresses it can ban up, Donna’s blog is up to over 8,000 at the moment!
3. There are also tools like Bad Behaviour to try and catch bots before they get to you and if you are a member of Project Honeypot then there is the http:BL WordPress Plugin to check and block IP’s listed as baddies there.

Anyway, I hope that helps some people out.

Thanks to Jeremy for this one!

“Spamtrap” is an interactive installation piece that prints, shreds and blacklists spam email. [...] The paper is recycled after the spam email has been shredded.

“Spamtrap” – watch the video