Skip to content

Vonage Abusing Your Friends

25 June 2007, 8:43 am

Vonage, the VoIP service, has a feature where their users can refer their friends to the service. If you sign up from one of those referrals, you get a free month of service; and your friend gets two free months. In March 2006, I asked one of my friends to refer me so I could look at the service plans. I decided to go with the Gizmo Project VoIP service. Of course, now I will never look at using Vonage again. I really need to explore Asterisk.

Last Friday, June 22nd, I got another Vonage referral from my friend, 15 months after he referred me! Vonage is apparently going back through their records and re-asking people to join up. This is an abuse of the trust that I (and my friend) had with them. And I believe my friend will be flabbergasted as well that Vonage would spam in his name. Whenever a refer-a-friend occurs, the email address doesn’t need to be stored. There was a unique hash in the referral URL, that’s all they need to store. By maintaining a database of email addresses, Vonage was creating a valuable database that I’m sure any marketer would love to (ab)use. So why keep the addresses?

Vonage needs to modify their Privacy Policy. Specifically, they need to make it a firm policy that any email addresses or other information given to them by a customer for a referral will only be used once. And that information will be deleted from Vonage’s records after a set amount of time (30 days?). Vonage needs to make it clear that they care and respect people’s privacy.

On a side note, their privacy policy says they will honor email opt-outs within 30 days. CAN-SPAM says they need to do that within 10 days.

More about this at:

Filed under Spam, Technology.
Comments Off on Vonage Abusing Your Friends

jeaig.org example at work

20 June 2007, 7:16 am

John Graham-Cumming’s new jeaig (jgc’s email address image generator) service seems to work just fine. The background of the image changes every time it loads. It would be great to be able to pass foreground and background color definitions so that the image could fit into a specific web site’s design. Or maybe some options could be defined when setting up the original image.

There is obviously a time stamp involved in where the background of the image is generated. I had several commands on a page, but the image returned was always the same. So here are a couple of static examples. Note the @ and . are sometimes obscured as well.



The first 11 characters of the returned image filename are always the same: UmFuZG9tSVa. And the length of the returned hash varies. An interesting project.

Filed under Spam.
Comments Off on jeaig.org example at work

Finding a database of spammer’s postal mail addresses?

18 June 2007, 7:16 am

Since the highly effective CAN-SPAM law requires spammers to put a physical location in their spam, I was wondering if anyone has collected the addresses. It would be highly effective in SpamAssassin rules, as well as to look for trends in where the spammers are located.

For example, since March 31, 2007, I’ve received 55 messages with an address of “Customer Service 560- A F ST #438 Grants Pass, OR 97528”

I’m also tracking the “This advertisement is presented” spammer, who appears to be using private mail boxes all over the country, under many different company names.

Filed under Spam.
1 Comment

Leaking Email Addresses from YourMusic.com

5 June 2007, 5:11 pm

YourMusic.com is an online music service of BMG Direct, Inc. You set up a list of cd’s you’d like to purchase, then you are shipped one CD a month for a steady price (currently at $6.99). I registered with them on Wednesday, November 2, 2005 at 3:40:31pm EST. And I used a unique email address that I generate for any web site I need to register at. I received no email to that address at all, except the one message from YourMusic.com when I first opened the account. After reading their web site materials, I decided to not buy music from them.

On Monday night this week, June 4, 2007, at 11:34pm, I received a spam mail that was sent to the address I used only at YourMusic.com. An email asking if YourMusic is violating their privacy policy, or if they have a rogue employee stealing customer info was not helpfully replied to. They seem to not understand that they have a problem.

The spam came from hot-daily-perks.net. If you go to their web site, you get apparently an IIS error page. If you go to any other URL on the site, you get a kind of 404 error. Their spam had a 146 character (all hex characters) URL in it. I scrambled their hex code to experiment. I suspect if I clicked the ad I would start to get a lot of spam at that address.

The message itself was a HTML monstrosity. It was made up of a 4×4 html table, with each cell containing an image loaded from http://www.bemywoo.com. The image when built was also an ad for BeMyWoo.

The Whois information is where things get a little interesting. The whois for hot-daily-perks.net did not lead anywhere else, except to the Moniker.com registrar.

But the whois for BeMYWoo.com leads to both cliqventures.com and loorebox.com. Their whois info was not too interesting, leading into a circle. Hmm, by looking at their whois info, it appears that the registration info for BeMyWoo, CliqVenture, and Loorebox is invalid, there isn’t a suite listed like there is on the web site.

$ host loorebox.com
loorebox.com has address 69.50.210.58
loorebox.com mail is handled by 0 loorebox.com.

$ host bemywoo.com
bemywoo.com has address 69.50.210.58
bemywoo.com mail is handled by 0 bemywoo.com.

$ host cliqventures.com
cliqventures.com has address 69.50.210.58
cliqventures.com mail is handled by 0 cliqventures.com.

$ host hot-daily-perks.net
hot-daily-perks.net has address 209.51.190.123
hot-daily-perks.net mail is handled by 10 hot-daily-perks.net.

So it appears that the hot-daily-perks.net site hired CliqVenture to be their spammer. hot-daily-perks.net is hosted with Hurricane Electric. CliqVenture is hosted by Atjeu Hosting (atjeu.com). I will be emailing a spam abuse complaint to Atjeu shortly.

Filed under Spam.
3 Comments

Whois limit of three queries per day?

5 June 2007, 1:30 pm

I’m researching some spammers that have been hitting my mail server pretty heavily since March. I’ve got a list of several hundred domains, so I’ve been doing some basic research on them. I’ve used google, the host command to get their IP address, then I grabbed a few at random to check their Whois info. After the third whois lookup (using the whois built into OS X) I got this note: “my.home.ip.address has reached its 24 hour query limit.” All three of the domains I looked up were registered through Name.com. But I don’t see anything on their site mentioning a whois lookup limit.

Now the funny thing, future lookups seem to be working just fine. Hmmm, very strange.

Filed under Spam.
Comments Off on Whois limit of three queries per day?

Using Apache to Block Image Leeches

15 May 2007, 7:46 am

Pronet Advertising advises you to “Protect Your Site’s Content” and they give a plug to a $200 tool that helps those poor souls using IIS as their web server. If you’re running the open source apache web server, here’s a free solution I worked out after many MySpace users starting embedding funny photos from PlanetMike.com into their web pages:

  1. Create an image to send to people that attempt to leech your images. you could be rude or mean, but I simply put up an ad for my own web site. Keep it as small as you can, since it may be used a lot. My photo is at http://www.planetmike.com/images/no-hot/linking.jpg.
  2. Ideally, put this into a directory block in your httpd settings file. Or you can put it into your .htaccess file. 
    RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !^/images/no-hot/linking\.jpg$
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?planetmike.com/ [NC]
RewriteRule \.(jpe?g)$ /images/no-hot/linking.jpg [L]
RewriteEngine off

    Line 2 is the image you want people to see (your ad or nasty note).

    Line 3 allows normal images to be sent to people who don’t send a referrer.

    Change line 4 to be your domain name. This domain will be allowed.

    Line 5 changes what image is sent on image requests. If a jpg is requested send the replacement image.

  3. Restart your web server and test.

That’s all there is to it. Definitely let me know if you have problem with this.

Filed under Web-design.
Comments Off on Using Apache to Block Image Leeches

Vistaprint sucks

24 April 2007, 12:09 pm

I ordered business cards a few weeks ago from VistaPrint.com. I used a unique email address like I always do. I opted out of allowing them to share my info. I also (like anywhere I give my address, phone number, credit card number) opted out of any sharing. For now I also allowed Vistaprint to email me special deals.

Well, between placing the order on March 29, 2007, and today. I’ve received 16 email offers for various things. That’s a ton, but not a problem. I signed up for them.

But just now I received a telemarketing call from Web Site Pros. Luckily the sales lady mentioned they got my info from Vistaprint. I asked her to put me on their do not call list. (Hey – they violated the DNC! I had no prior relationship with them.)

I then checked my account preferences at Vistaprint. The only option there is for email opt out. I called Customer Service, spoke with Martin. I explained my frustration that they sold my phone number, and said I had opted out. He said, no you only opted out of email sharing. There is no option on the web site to opt-out (or opt-in) of phone and address sharing. I have closed my account with Vistaprint. Martin said he closed the account, but I can still access it from the web site.

Here are the relevant sections of their privacy policy:

If you check the applicable box on registration or in updating your account, VistaPrint may also share personally identifiable information about you such as your name, telephone number, e-mail address, and/or mailing address with carefully selected third-party organizations such as retailers or direct marketers to enable those organizations to inform you about products or services that might be of interest to you. If you do not wish to have your information shared with these organizations, simply do not check the applicable box on the registration form or on the “Account Update” page on our website.

The only boxes on the Account Update” deal with email.

We will not share your personally identifiable information, such as your e-mail address or name, with unaffiliated organizations for them to use to inform you about their or other companies’ products and services unless you consent to this sharing on registration or in updating your account preferences. You may opt in by checking the appropriate box during registration or, following registration, by logging into “My Account,” selecting “Account Update,” and checking the applicable box.

I never opted in to allowing them to share my info, so they have violated their policy. Shady dealings, violations of their own privacy policy, and having a third party break the DNC. That’s enough. I encourage you to not use Vistaprint, I do not believe that they can be trusted.

Vistaprint sucks.

Filed under Advertising, Spam.
71 Comments

Web Designers, Tech Gurus, It’s ALA Survey-time

24 April 2007, 10:30 am

A List Apart is conducting a survey of web professionals. It took me less than 5 minutes to fill it out.

Filed under Web-design.
Comments Off on Web Designers, Tech Gurus, It’s ALA Survey-time

Top Ten Thoughts on Beginning Podcasting

15 April 2007, 7:27 pm

Lorelle asked “What Blogs Make the Best Podcast Blogs?”

I have two podcasts: ShowBizRadio.net (theatre information for the Washington DC area) and ChristmasMusic247.com. Key things I’ve learned:

  1. Pick a publishing schedule and then keep it.
  2. Bandwidth usage can increase exponentially. For some reason China loves my ShowBiz podcast. I hit 32GB of downloads in March. Disk storage space increases linearly.
  3. iTunes directory is a great way to get exposure. It’s by far the most used directory for my podcasts.
  4. Audacity is open source audio recording and editing software, works very well.
  5. Get a Mac.
  6. Transcripts work well when starting out, to help seed your content into search engines. We use Transcriva from Bartas Technology. Transcripts are a pain in the rear once you start publishing new podcasts more regularly, but your audience will grow to expect the transcript.
  7. It will take longer than you think to get a huge following.
  8. Before publicizing your podcast, have at least three complete episodes recorded and in the podcast feed. Be aware that this also sets the listeners expectations of what to expect in the future. But 3 episodes gives you enough info to decide if you really want to make a commitment into the future.
  9. If you are doing discussion only, you don’t need a high encoded bit rate. 40Kbps is fine for discussion. Including music would probably need a higher bitrate, which directly converts into larger files, hence a larger storage and bandwidth bill.
  10. Listen to some of the existing podcasts in your field (your competition). Note what you like and don’t like about what is already being done.

Bonus tip: Audio or video demands more time of your subscribers than does text. See above note about transcripts.

There’s a lot more, but that’s definitely enough to get started.

(Off topic to Lorelle: I think the Bookmap was comment spam, via a human instead of an infected Windows system.)

Filed under Buy-a-Mac, Technology, Web-design.
1 Comment

Blocking WordPress Comment Spam

2 April 2007, 10:33 am

Back in January I tried renaming the wp-comments-post.php file to avoid comment spammers. That worked for about 10 hours, then they started using the new file name. So I switched back to the default filename. Like I said back then “So unless you change the comment post filename regularly, it doesn’t do much good.”

Well, duh, how about if I change the filename regularly? Over the last week I’ve been experimenting on a couple of my blogs. I manually changed the filename about once a day. The new filename got picked up and used, although there were still a lot of hits to wp-comments-post.php. Any ip address that attempts to “POST” to a non-existent wp-comments-post.php file should be firewalled.

I started wondering about the possibility of (1) changing the filename for every request; and (2) preventing spammers from storing that filename. So I’ve come up with the code to change the filename on every request. Here’s how I am currently doing it. Each request makes a call to the user’s ip address.php (e.g. 1.2.3.4.php):

1. Rename your wp-comments-post.php file to something random-ish. This new filename will never be visible to the public. This is called security by obscurity. 

mv wp-comments-post.php roses-are-red.php

2. Create a new directory, accessible under your blog directory. You can call it anything you like. 

mkdir kittens

3. Change to that directory 

cd kittens

4. Create a .htaccess file 

vi .htaccess

Put these two lines into it:

RewriteEngine on
RewriteRule ^.*$ /roses-are-red.php

The filename at the end of line 2 should be the same filename you used in step 1 above. What these commands do is any request to any filename in the kittens directory, will actually be calling the renamed wp-comments-post.php file.

5. Edit your template’s comments.php file. This will be in (your blog directory)/wp-content/themes/(theme name). Look for the line that sets up the form to the comment submission page. In the default Kubrick style, this is on line 72. Comment that line out by adding <!−− before it and −−> after it:

<!--<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">-->

You comment this out so that if the spammers’ spiders are looking for the post page, they’ll find it, and not the “real” post page. Then add these lines after the commented line:

<form action="<?php
$ip = $_SERVER['REMOTE_ADDR'];
echo get_option('siteurl'); echo "/responses/".$ip; echo ".php"; ?>" method="post" id="commentform">

And now if a comment spammer spiders my site and later tries to send spam through the comment submission page, all I have to do is check to see if the IP address matches the filename. If they don’t match, someone is storing the comment submission page URL and trying to spam through it.

So for example, this line was in my log file this morning:

192.107.152.61 - - [02/Apr/2007:07:00:16 -0400] "POST /kittens/72.36.205.226.php HTTP/1.1"
   302 - "http://www.example.com/2007/04/01/exampleurl/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows
   NT 5.0; H010818; InfoPath.1)"

Note the request came from 192.107.152.61, but the comment was submitted to 72.36.205.226.php. So when I grep through the log for the ip address “72.36.205.226” I find this line:

72.36.205.226 - - [02/Apr/2007:06:52:22 -0400] "GET /2007/04/01/exampleurl/ HTTP/1.0" 200
   16942 "-" "topicblogs/0.9"

Googling topicblogs shows lots of references that topicblogs may be a spammer. Well, there’s the proof.

The commands in step 5 above could very easily be tweaked to include whatever information you want to store. I started out by creating an MD5 hash, but decided I would start out easy and work up to a more complicated tracking system.

I also tried to create this as a WordPress plugin, but it looks like there isn’t a system call for the filename of the wp-comments-post.php file.

If a user is using some kind of a proxy to surf the web, it is possible that they may be caught by this. Their original request would generate an ip-address.php submission page, but in the few minutes it would take to enter their comment, their proxy system may change their IP address. So their comment would come from a different IP address.

Filed under Spam, Web-design.
9 Comments
« Older Entries
Newer Entries »