Posted on

Comment spam from Volumedrive

Comment spammers aren’t the sharpest knives in the draw. If they did their research properly they’d realise that spamming here was a stupid as trying to burgle the police station (while it’s open). You’ll notice there’s no comment spam around here, but that isn’t to say they don’t try.

Anyway, there’s been a lot of activity lately from a spambot running at an “interesting” hosting company called Volumedrive. They rent out rack space, so it’s not going to be easy for them to know what their customers are doing, but they don’t seem inclined to shut any of them down for “unacceptable” use. For all I know they’ve got a lot of legitimate customers, but people do seem to like running comment spammers through their servers.

If you need to get rid of them, there is an easy way to block them completely if you’re running WordPress, even if you don’t have full access to the server and its firewall. The trick is to over-ride the clients Apache is prepared to talk to (default: the whole world) by putting a “Deny from” directive in the .htaccess file. WordPress normally creates a .htaccess file in its root directory; all you do is add:

Deny from bad.people.com

Here, “bad.people.com” is the server sending you the spam, but in reality they probably haven’t called themselves anything so convenient. The Apache documentation isn’t that explicit unless you read the whole lot, so it’s worth knowing you can actually list IP addresses (more than one per line) and even ranges of IP addresses (subnets).

For example:

Deny from 12.34.56.78
Deny from 12.34.56.89 22.33.44.55
Deny from 123.45.67.0/24

The last line blocks everything from 123.45.67.0 to 123.45.67.255. If you don’t know why, please read up on IP addresses and subnet masks (or ask below in a comment).

So when you get a a load of spammers from similar IP addresses, look up to see who the block belongs to using “whois”. Once you know you can block the whole lot. For example, if you’re being hit by the bot using Volumedrive on 173.208.67.154, run “whois 173.208.67.154”. This will return:

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

NetRange: 173.242.112.0 - 173.242.127.255
CIDR: 173.242.112.0/20
OriginAS: AS46664
NetName: VOLUMEDRIVE
NetHandle: NET-173-242-112-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
<snip>

If you don’t have whois on your comptuer (i.e. you’re using Windoze) there’s a web version at http://www.whois.net/.

In the above, the CIDR is the most interesting – it specifies the block of IP addresses routed to one organisation. I’m not going in to IP routing here and now, suffice to say that in this example it specifies the complete block of addresses belonging to volumedrive that we don’t want – at least until they clean up their act.

To avoid volumedrive’s spambots you need to add the following line to the end your .htaccess file:

Deny from 173.242.112.0/20

If this doesn’t work for you the the web server you’re using may have been configured in a strange way – talk to your ISP if they’re the approachable type.

I have contacted Volumedrive, but they declined to comment, or even reply; never mind curtail the activities of their users.

This isn’t a WordPress-only solution – .htaccess belongs to Apache and you can use it to block access to any web site.

Perhaps there’s some scope in sharing a list these comment spambots in an easy-to-use list. If anyone’s interested, email me. This is a Turing test :-)

Posted on

Why and how to hack a mobile phone

Anyone outraged that News of the Screws journalists have been “hacking” in to mobile ‘phones needs to get a grip on reality. They’re investigative tabloid journalists; what do you expect them to be doing?

To call it “hacking” is grossly overstating the case anyway – what they did required no technical knowledge other that that available in any playground in the country. All you need to do to retrieve people’s voice mail messages is dial their number, and when you get through to voice mail, enter the PIN. Most people leave the PIN as the system default.

You might argue that this is a gross breach of privacy and so forth. But it’s no more so than camping out on someone’s doorstep to see who goes in and out, following them, or tricking them into telling you something they wouldn’t if they knew your were a journalist.

New Labour was very keen to suppress the traditional liberties of the population in general and passed various dodgy laws to protect the lives of the guilty from prying journalists. In 2000, listening to other people’s voice mail was made a specific offence. “And quite right too!”. Wrong! It’s just another example of those in power making it difficult for us to check up on what they’re doing. We have (or had) a free press with a tradition of snooping on politicians, criminals and anyone else they wanted to using whatever means, as long as it was “In the public interest”.

Journalists are also out to sell papers, so the “public interest” defence is often strained to its limit, or broken. However, it should remain as a defence in a court of law and people should be able to argue their case there. It should be all about intent. But New Labour had other ideas.

People are uneasy about voice mail because it’s technological, so lets look at another example.

Suppose a journalist was camped outside someone’s house, noting down who came in and out. Another invasion of privacy, but right or wrong?

Well that depends – if it’s some innocent person then the journalist will probably end up throwing the notes away, so no harm done. If someone uses information collected in this way in the pursuance of a crime (e.g. Blackmail), that’s another matter, but journalists don’t do that.

Now supposing the journalist is investigating a suspected terrorist, and checking up to see who they’re associating with – or even a politician associating with a known crook. Clearly this information in the public interest.

It’s all about intent.

You could argue that investigations of this nature shouldn’t be carried out by private individuals but should be left to the security forces. That argument doesn’t bear scrutiny for more than a couple of seconds. The public needs the right to snoop as well as the government agents – anything else is known as a ‘police state’

As to the current difficulties – anyone who knows anything about the press will tell you that these and many other tricks are employed as a matter of course, although journalists won’t make a big noise about using them. It’s conceivable that an editor like Andy Coulson would neither know nor care exactly what his investigation teams were doing to come up with the information; you don’t ask. It’s also inconceivable that only the hacks on the News of the World had thought of it. Sources need protection.

It’s clearly a political stunt by old new Labour. Could they be upset that the press, including Mr Coulson’s old rag, turned against them? They used to be friends with the News of the World. At the time of the original scandal, it appears that the first politician to call Andy Coulson to commiserate with him about having to resign was none other than Gordon Brown. Apparently he went on to suggest that someone with his talent would soon find another job where he could make himself useful. (Source: Nick Clegg at today’s PMQs).

Posted on

In defence of TalkTalk

The ICO has just had a go at TalkTalk for snooping on their customers. Hmm. I wouldn’t be a TalkTalk customer if they paid me so I’m not bothered on that score. But I’m also not worried because I can’t see they’ve actually done anything wrong in this instance.

What they’re accused of is harvesting the URLs of web sites visited by their punters. Reality check: networks log traffic anyway. It’s necessary for maintenance and optimisation. All managed networks do it, all the time. The system the ICO is making a fuss about simply collects the URLs and then sends a malware scanner to the site to check for dodgy stuff so it can blacklist the URL in future.

You can’t scan the whole web for malware; it’d take too long by a spectacular margin. Scanning the relatively small subset of URLs your customers are actually accessing is as good a way of directing your effort as any.

So why’s the ICO making the headlines? Just to show they’re on the ball, I suppose. And TalkTalk makes an easy target. This is probably the first time ever I’ve defended them on any issue.

Posted on

DVLA tax disc renewal problems

Like most New-Labour government computer systems, the DVLA is broken. I don’t just mean it’s propensity for making mistakes – I mean it’s systemically flawed.

It goes something like this…

You buy a car in March and keep it for, say, four years (i.e. until it requires an MOT). The Tax Disc will expire at the end of February, as does the MOT and insurance. You’re expected to buy a new tax disc in advance – it should let you buy one from the 5th day of the month it’s due to expire. But it won’t – it says your MOT and insurance are about to expire (which is true, they’re bound to). So you get your MOT a couple of weeks early (wasting a couple of weeks of MOT time) and persuade your insurance company to insure you for eleven months instead of one year, or some such fiddle, to get the renewal dates out of alignment.

Why should you be forced into this performance? Life’s too short to argue, but any fool can see the system is flawed.

Couple this with the fact that they can’t organise a computer system properly and you have big problems – as I do now. The DVLA computer reckons my car isn’t insured. My insurer (of fifteen years) says it was renewed as usual at the start of the month, and can’t understand why the DVLA is having problems registering it.

You can call Swansea on 0300-7906802 if you actually need to speak to a person, although they’re not keen on giving this out, preferring the premium rate automated system numbers. I did this and was advised that I couldn’t drive my car now that the tax had expired, and that the government computer system responsible for the error wasn’t their responsibility. I could, if I wished, drive to the nearest post office issuing manual tax discs and they might be able to help – apparently they can now take faxed documentation but I bet they don’t know that! Anyway, how am I supposed to drive to the nearest Post Office if I don’t have a car.

To cap it all, they said they wouldn’t actually fine me for not renewing or declaring the vehicle off-road for 14 days. That’s big of them!

I asked about who to appeal to concerning DVLA problems and got the email address for their customer services department. I don’t I’ll get much satisfaction. My MP shall be hearing about this, although he’s not morally responsible for New Labour computer systems.

I think it’s time something was done about the DVLA, and would be interested in hearing about people having similar problems.