DEBRIS.COMgood for a laugh, or possibly an aneurysm

Prior to implementing the HTTP_REFERER blacklist described previously, I investigated the source of the faked HTTP requests. If they were all coming from the same place, I could simply block access from that address.

But the attacks are distributed: they come from many IP addresses on many networks. Here’s an example, showing the request count and source address for all hits to this site containing the work pokerin the past week:

nsa /var/log/httpd : cat debris_access_log | 
grep poker | awk '{print $1}' | sort | 
uniq -c | sort -rn | head
     91 65.165.84.11
     27 68.22.118.212
     20 12.172.137.13
     14 195.30.153.194
     13 38.223.231.8
     13 212.211.130.248
     12 203.199.92.158
     11 65.88.84.205
     10 168.11.16.22
      9 82.148.70.171

Just to confirm that the methodology above isn’t whacked, here are the faked REFERERs from the top IP address:

nsa /var/log/httpd : grep 65.165.84.11 debris_access_log | 
awk '{print $11}' | sort | uniq -c | sort -rn | head
      8 "http://www.nutzu.com/poker-hands.html"
      8 "http://www.nutzu.com/free-texas-hold-em.html"
      7 "http://www.nutzu.com/internet-poker.html"
      7 "http://www.nutzu.com/free-online-poker.html"
      6 "http://www.nutzu.com/world-series-of-poker.html"
      6 "http://www.nutzu.com/strip-poker.html"
      5 "http://www.nutzu.com/poker-tournament.html"
      4 "http://www.nutzu.com/texas-holdem-poker.html"
      4 "http://www.nutzu.com/rules-of-poker.html"
      4 "http://www.nutzu.com/poker-tables.html"

How could the referer spammers be operating from so many different networks? Here's my best guess: all those IP addresses represent Wintel machines that have been hijacked by viruses and trojan horses, and they're running distributed REFERER attacks without the knowledge of their owners. The machines are probably sending tons of spam email, too.

So when I previously said "this is all Google's fault," what I really meant is "this is all Microsoft's fault."

(In Microsoft's defense, they've only been working on making Windows more secure for two years... I'm sure they'll have some meaningful progress to report RSN.)

Tags:
posted to channel: Web
updated: 2005-02-19 07:30:28

Like most webmasters, I keep track of the websites that link to this one. In the jargon of my people this is called “referer logging,” which is short for “HTTP_REFERER logging,” which I include for the benefit of GoogleBot.

Starting a few months ago, my referer logs became worthless; they were filled with sites that couldn’t possibly be linking to mine: paris-hilton-video.blogspot.com, www.texas-holdem-poker-downloads-4u.info, viagra.hosting4u.gb.com. In other words, even though those sites did not contain links to debris.com, my logs looked as if hundreds of people per day were clicking through from there to here.

Why would anyone bother to fake clickthroughs? Because some websites automatically display the URLs other readers have clicked through from. The gambling and porn site owners are hoping debris.com will automatically display, and link to, their URLs.

It’s all Google’s fault. Google’s PageRank system counts inbound links as relevance votes: the more sites link to website X, the more relevant website X must be. So, if a million weblogs link to paris-hilton-viagra-holdem-poker.org, then paris-hilton-viagra-holdem-poker.org will show up high in Google’s search results for any search on related terms.

So, some unknown fuckwit, or collective of fuckwits, operates software that hammers on my site (and countless others, I’m sure), with the page requests faked to make it look as if readers are clicking through from various gambling and porn and pharmaceutical sites, in a lame attempt to raise their PageRank scores.

There are numerous problems with this strategy:

1. My site doesn’t display referers, so no benefit has ever been realized by the spammers.
2. 90% of the spamvertised URLs get shut down within a day anyway, e.g. last night’s variation, http://www.nutzu.com/internet-poker.html, so even if my site did automatically display referers, the referers would have been shut down before Google’s spiders would have counted the links as valuable PageRank votes.

The fact that the strategy is a failure doesn’t make it any less of a hassle for me. My ISP recently began charging me surplus-bandwidth fees, because all the sites I host are serving more data than I projected or paid for. Yet a measurable percentage of the bytes served by this site were not actually being seen by humans. I’m paying for the traffic generated by the referer-spammers’ software robots.

Preventing this abuse requires daily maintenance, because the spamvertised URLs change frequently. A few general keywords like poker, holdem, and viagra trap most new attacks; these are trapped hourly by a scheduled script that scans recent logs and updates the blacklist with matching domains. Every second or third day, I manually examine the logs in search of new attacks that don’t happen to match any of the keywords I’ve already defined.

So now when these robot scripts pound on my site, instead of serving up 15-20k of glorious debris.com content, the software engine that generates these pages returns a brief error message.

Frankly, the bandwidth savings are miniscule compared to the amount consumed by people abusing the MP3s and graphics. But they’re next in line.

Tags:
posted to channel: Colophon
updated: 2005-02-18 23:43:16

The good folks at WorkingForChange point out a new propaganda effort by the federal government, which is not only unethical but possibly illegal:

DISH Network has just announced that under the guise of public interest programming it is adding to its broadcast lineup a 24/7 channel produced by the U.S. Department of Defense that previously was aimed only at U.S. military personnel.

Under U.S. law, the federal government is banned from producing propaganda aimed at influencing the American people. Despite this ban, the television channel which is one hundred percent controlled by the Pentagon, will beam highly produced daily news programs promoting the interests of the Pentagon and paid for by U.S. tax payers into millions of American homes.

Let us not forget that the Pentagon insistently and consistently lied to the American people about the existence of weapons of mass destruction in Iraq. As a result of this “successful” military public relations campaign, we are now bogged down in a ferociously expensive and increasingly deadly occupation that fans the flames of terrorism in the Middle East.

If you think this is a bad idea, sign the petition.

Tags:
posted to channel: Politics
updated: 2005-02-16 05:47:03

The house is completely dark and silent. It’s midnight. I’m sneaking into the bedroom, anxious not to wake my wife or baby.

In the deep quiet, I can hear only my own breathing. I can see only the merest glow outlining the bedroom door, from a night light on the far side. I walk slowly, consciously relaxing with every step, growing more sleepy, gratefully counting down the half-dozen or so seconds until I’ll be in bed…

And then I plant a foot on some damn squeaky toy in the middle of the living room floor.

Tags:
posted to channel: Personal
updated: 2005-02-14 14:47:02

The anniversary of my solar electric installation was January 8. I expected a grand reconciliation statement from PG&E, but it never came. I was actually looking forward to my PG&E bill.

Turns out it came in December, and I paid it without even noticing. The bill amount was $6.53.

It’s not entirely accurate to say that my entire year’s worth of electricity cost me less than seven bucks. PG&E bills solar customers about $6 every month, regardless of usage; it’s a service charge of some sort. So I actually paid $63.31 in fees over the course of the year.

At each solar customers’ anniversary, folks who are “net consumers” — meaning, they drew more watts from the grid than they provided to the grid, over the year — get the sum of those monthly fees applied to whatever their power costs are.

“Net producers,” the folks who generated more power than they used over the past year, get nothing. That is, they pay the (approximately) $6 fee every month, but they don’t get it back. It’s PG&E’s way of saying “I love you,” or maybe it’s their way of saying “we’re sort of a monopoly; just deal with it.” (There is such a thing as a free lunch — it’s served at 245 Market Street, San Francisco.)

So, the best thing I can hope for, no matter how much power I generate, is to not have to write a check to PG&E every December. In 2004 I had to write a check for $6.53. That’s pretty great considering our shading problem and the arrival of our son, who does a lot of laundry for only being a couple weeks old.

Following is a chart of my running PG&E account balance from 2004. Negative numbers indicate a credit.

Date	Unbilled Charges
2004-01-20	12.28
2004-02-20	35.73
2004-03-23	46.10
2004-04-21	51.80
2004-05-20	38.82
2004-06-22	22.07
2004-07-22	-4.15
2004-08-21	-24.72
2004-09-22	-35.98
2004-10-21	-24.13
2004-11-20	-2.79
2004-12-20	6.53

I’d like to calculate the amount of money I saved — that is, the amount I didn’t have to pay for power in 2004. But I’d need an advanced degree in Obfuscational Accountancy to make sense of all the fees and legislated reductions and over-baseline penalties. The closest I can come without herniating my brain is to look at the previous year’s costs.

In 2003 I spent $890 for electricity. Rates have gone up more than once since then. Therefore I’d guess we saved $950-$1000 during the first year with our photovoltaic system.

Tags:
posted to channel: Solar Blog
updated: 2005-02-14 07:38:41