Solipsism Gradient

Posted by Rafael Fischmann:

Rainer Brockerhoff wrote:

Interestingly, this worm used Google as a tool to detect vulnerable websites. That specific search is now supposed to be blocked. Still, I tried some searches and found that I’m third from the top when searching for “viewtopic.php” – one of the search strings perhaps used by the worm – among about 7,910,000. Very strange.

It’s not that strange, Rainer… you have changed your phpBB settings to redirect to this weblog page whenever a user access your viewtopic.php page, something that doesn’t happen when you access viewtopic.php in a default phpBB installation. That’s why your weblog is on the top of Google’s list when you search for viewtopic.php.

About a month ago I noticed some strange stuff in my access logs here and saw what seemed to be a hacking attempt against my forum software. I immediately fixed the vulnerability by upgrading to the latest version, and kept watching. Hacking attempts continued afterwards, increasingly, although none were having any effect… a few days ago, they were up to a few hundred per day. Yesterday, they almost doubled my traffic…

…and today in the morning my site suddenly went offline. I learned a few hours later that a friend’s forum, hosted on the same server, had been hacked by what is now known as the Santy Worm, and used to launch an outgoing DDOS attack against other servers. Not funny; especially as the provider yanked the whole machine offline while they tried to find out what was going on and what to do.

Still, they responded correctly, if slowly, upgrading their software to a non-vulnerable version and blocking all outgoing connections from the server, which shouldn’t impact anyone as far as I can see. I may seize the occasion and later in the week implement some more changes here…

If you tried to access this site, or download something, during the few hours we were down, my apologies. Hopefully it won’t happen again soon.

Interestingly, this worm used Google as a tool to detect vulnerable websites. That specific search is now supposed to be blocked. Still, I tried some searches and found that I’m third from the top when searching for “viewtopic.php” – one of the search strings perhaps used by the worm – among about 7,910,000. Very strange.

Yesterday I received an e-mail from someone asking a question about Nudge. I replied on the same day, as I always try to do. My e-mail bounced with the following helpful message:

Hi. This is the qmail-send program at vega.planetarium.com.br.

I’m afraid I wasn’t able to deliver your message to the following addresses.

This is a permanent error; I’ve given up. Sorry it didn’t work out.

<somebody@rsandk.com>:

Connected to 24.196.135.162 but sender was rejected.

Remote host said: 550 5.7.1 mail from spam friendly countries with admins who overwhelmingly ignore or bounce complaints not welcome here

In the past, I’ve seen various concise wordings of the “550 5.7.1” message; usually something to the effect that my address was on some blacklist or another. A polite request to the provider’s postmaster address usually worked.

But from this one I gather that they’re now unconditionally rejecting all e-mails from Brazil. Isn’t that rather excessive…? Should I sue about restraint of trade, or whatever?

So if you’re a user of one of my products, and I don’t answer your e-mail, you may want to switch providers – or post here on the support boards. Sorry about that.

Now what could have caused this?

The peaks around August 5 are due to the release of XRay 1.1. The peak on August 23 seems to consist mostly of accesses from IP 63.227.76.25 (no hostname resolved) to this weblog.

Hm. Maybe it was a comment spam robot trying to figure out how to post here? I had to delete 3 or 4 spam comments on that date.

Wow, this must be some record: an entire week without posting…

Thing is, last Wednesday I had an emergency operation for an ailment that will remain mercifully unnamed here (hint: this stuff will be a sine-qua-non component of my diet henceforth). Anyway, being sick really sucks. The doctor who operated on me strongly urged me to cancel the Europe trip, which would begin exactly a week from that day. He followed up during my hospital stay with dire warnings about extreme pain and post-op complications.

As it turned out, most of the warnings were groundless – at least in my specific case. I needed no painkillers at all except during the operation itself, of course. I managed to cut my post-op hospital stay to 36 hours instead of the recommended 72 and everything is fine, under the circumstances. So, the trip is still on, and we’re leaving on the afternoon of May 19th. In all fairness to the doc, I talked to some acquaintances who have had similar operations in the past, and they all recounted daunting tales of week-long hospital stays, month-long convalescences, morphium drips and infections… it was as well that I hadn’t heard of that before the operation! 😉

To prevent a relapse, I’ve been looking at software to interrupt my tendency of doing extremely long sessions at the keyboard. So far I’m testing Dejal Software‘s Time Out! and it works quite well… I may write something like that myself, later on, to my exact requirements.

So here’s our proposed itinerary. We arrive at London (via São Paulo and Amsterdam) sometime on the afternoon of May 20th. We plan to find a quiet little hotel somewhere and take it easy, with some short trips around London, until our cruise ship leaves on May 25th from Dover. Ports of call will be:

May 26: Kiel (Germany)

May 27: Warnemünde (Germany)

May 29: Tallinn (Estonia)

May 30-31: St. Petersburg (Russia)

June 1: Helsinki (Finland)

June 2: Stockholm (Sweden)

June 3-4: Copenhagen (Denmark)

June 6: Dover (England).

No Oslo (Norway) unfortunately… well, one can’t have everything…

There will be Internet access on the ship, but prices are outrageous: US$0.40/minute and up! Bah. On the MacMania 2001 cruise to Alaska I paid US$100 for unlimited access, and found even that a little steep. Charging US$100 for a little over 3 hours can’t possibly be technically justified.

After that, our plan is to take advantage of our BritRail passes and go all the way to the northern tip of Scotland and back. We’ll take the return flight from London early on June 22nd and will be safe at home sometime on June 24th – schedules aren’t favorable, unfortunately.

Should you, gentle reader, be interested in a meeting somewhere along the way, e-mail me with details as soon as possible; I’ll check in periodically at an Internet café. Suggestions for side trips and places to stay in Northern England and Scotland are also very welcome.

More as it develops…

Trust John Walkenbach to spotlight the Eater of Meaning:

The Eater of Meaning is a tool for extracting the message from the medium. Format and presentation are unaffected, but words and letters are subjected to an elaborate nonsensification progress that eliminates semantics root and branch.

Here’s the result for this weblog, as produced by clicking on this link:

This is a serious time-sink… there are several variations (including fake Latin) but this one seems to be the most hilarious. Source code is available.

On Jan.24th 2004, the Macintosh celebrates its 20th anniversary. Added to the usual write-ups in the foreign press, Macmania magazine published a special anniversary issue (including several references to Yours Truly) and has an extensive timeline. They also have a write-up of the famous Brazilian Mac clone – the Unitron Mac512 – where I had a small participation. I plan to write more about this in a future Interesting Times column.

There’s also a similar article at the MacPress site, as well as a long interview with the aforementioned Y.T., whom they call “A Brazilian Mac Legend“. I swear it wasn’t my idea… 😳

My mother’s tickled pink about all this, of course…