Archive for the ‘About’ Category

Summer interlude

Friday, September 6th, 2013

The shop sulks empty during the summer travel and swimming season. A little wood butchering happens from time to time, and when I come back to write about it, I find the blog a mess. Hmmmm, I wonder if the NSA has a mailing list that can let me know when this happens?

hackedA hacker, with IP addresses in Brooklyn, and no ethics, infiltrated the blog (and a few other WordPress sites I keep for my own use) with malware.  These guys seek out all sorts of security weaknesses to squeeze into blogs and do their nastiness. I usually keep my blogs locked down pretty tight, and I ~~~think~~~ this guy slipped in through a very tiny weakness in (of all things) that really thorough security plug-in I use. What irony! They’ve closed that hole and life goes on.

These hacks are not new to me. I’ve removed several in the past. While removing them, I nose around a bit to see how they work. All hacks find their way in (into WordPress blogs, at any rate) through various methods. Sometimes, sheer carelessness of using a common administrator ID, “admin,” and a easily broken password is enough. Other times, they need to work harder. This guy had to work pretty hard.

Once in, they start with a simple script (PHP module) that drags in all the rest of the stuff they need. That stuff is almost always a variety of PHP files with names that look right at home within a WordPress installation (options.php, templates.php, etc.) The stuff is also scattered among various directories so it isn’t easily obvious, and to thwart easy removal.

This particular infection has the goal of delivering what I call “malware bombs.” If you have ever suffered one of these, you know what I mean. They infect hapless users, display a very authentic looking “you’re infected” anti-virus screen, and then proceed to lock up everything you attempt until you buy their cure for (usually) about $75. The “cure” clears the problem, erases the evidence, and you’re on your way again, poorer by $75 … and no more secure than before, ripe for yet another picking.

How does that bomb get to the hapless user? The other part of the blog infection is one that places about 1000 redirects to “advertising” pages on the blog. Each of those is to big brand names in all sorts of industries, fashion, autos, real estate, financing, etc. Each of those advertising pages will load a “malware bomb” appropriate to the end victim’s PC.

The last part of how it works is “volume.” The hacker infects as many blogs as possible, sometimes thousands. Immediately after each blog is infected, a simple transaction notifies search engines that there’s new material (those advertising pages) to index. The same sort of  redirects on thousands of blogs serve to reinforce the search engine ranking and the likelihood that they will serve those results. Once indexed, hapless users trip across the loaded pages and “Ka-Bam!”

Cleanup on my end consists of completely erasing EVERYTHING, installing fresh new software (clean and virus checked), and refreshing the content by restoring a pre-infection backup of the database, and reloading all the other content related (clean and virus checked) files. If my time is worth 13 cents an hour, this part of the mess cost about $0.91.  :)

Yes, I spent far too long analyzing logs, peering into the methods, and cleaning up the mess. One of the most interesting things I found in the logs was the hacker worked from two IP addresses in Brooklyn and checked at least twice a day to see if his (assumption) handiwork was still in place. Interestingly, the checking was done from an iPhone, and any nasty detail work by a Windows PC. After all was removed, he still came back, this day checking every half hour for a few hours until he had enough 404s to drive him away.

I wish I could have sent more than 404s! I offered logs to my service provider, as evidence if they wanted to pursue him. Sadly, all they care about is getting the #### off their servers.

Next…. what I really intended to write about, a nice little box with a carved lid.

Boycotting Blogger Comments – CAPTCHAs

Thursday, February 16th, 2012

I’ve had enough!!!

My interests take me to a lot of blogs, many of them hosted at Blogger. A LOT of them are yours. From time to time, I comment on the fine work you folks do.

No more!

Read THIS to find out why.


My rant about CAPTCHAs has been answered. This morning, Blogger enabled automatic spam detection. They have finally dome something that should have been done years ago, taken on the spam prevention burden themselves rather than passing it on to their customers. Details on my CAPTCHAs Must Die blog.

So, dear woodworking friends: Those of you who use Blogger can now make things easier for your followers. Go into Settings, and then to the Comments tab, and just say NO to the “Word Verification” option.

Comment Spam – Policy and Practices

Saturday, October 30th, 2010

I love it!!!

Akismet is a collaborative spam filter available for WordPress blogs. The “collaborative” aspect comes from collecting information about what Al, John, Carly, Janice, and every other Akismet user thinks is spam, and using those marking to filter the stuff from infecting other blogs. I love it! It works very very very well. Catches lots of stuff and flushes it before I need to bother. Akismet silently prevents 100-250 spam comments per day for my blog. It actually holds them in a queue for inspection, but I find it so accurate that I never inspect. I just delete the remnants occasionally.

[Hey, all you Blogger users…. Take note and lobby Blogger to implement real spam filtering instead of those damned CAPTCHAs. CAPTCHAs serve mostly to move the burden away from the provider and to the users, and are a total barrier for many people with disabilities. And don’t argue with me, like one idiot did, that it doesn’t matter because people with disabilities shouldn’t do woodworking.]

However, the best spam filters aren’t very successful for certain targeted marketing that’s based on keywords. Here’s a recent example. It was a comment on my post about Woodworking Appliances. Some robot scanned a bunch of blogs for the word “appliance” and added the following comment, with a link, of course, to their product.

Hi , thanks for the posting. Nice. There are many ways to get rid of hair issues, but first know that bad hair is usually the result of unclean hair and scalp, it is also due to the use of excessive hair product, which usually grab on to your hair making it heavy and dry. Chemical hair products also clog hair pores killing the health of your hair.


There are similar comments that most likely were not done by a robot, but by a person taking the time to search out relevant posts. Had one just like that a couple of days ago on the post talking about other woodworking choices. A small boat builder (sounds friendly enough) posted a message and a link to his single page web site that exists only for selling small boat building lessons.


For that stuff, I use a second WordPress filter called WP-SpamFree. I have mine setup to email me a copy of every comment (which I allow to be posted without moderation). Within that email are three tools: Trash It, Spam It, and Blacklist the sender. Each of them is a one-click tool. Poof!

My policy

If you come here solely to advertise, your comment will get the Spam It treatment, and your IP address will be blacklisted. It takes me less effort to do those two actions than it does you to post the comment in the first place.

About Bob Easton

Sunday, May 4th, 2008

bobRetired, grandpa, house-husband, cranky, computer geek, galoot, neanderthal, wooden boat fan, boat builder, fine scale modeler, artist.

After 40 years in the Information Technology industry, I’ve retired and have turned to more leisurely pastimes. My other blog Access-Matters reflects my most recent professional work, enabling web technologies for People With Disabilities. While I’m still very much interested in that field, I’ll be content to sit on the sidelines and watch for now. There’s lots to watch, such as will Target win or lose the lawsuit brought by blind people who have difficulty shopping the Target web site? Will technology continue to evolve quickly enough to make things like the Target lawsuit frivolous and irrelevant? Will the hoards of web developers ever learn anything about accessibility?

When the weather in my boat shop is warm enough, I’ll be building small, human or wind powered boats. When the shop is too cold, I build fine scale models of small boats. Other times, I travel with my best friend and spouse of over four decades. Occasionally, I sit and draw.

Oh, by the way, galoot and neanderthal are endearing terms for woodworkers who prefer using hand tools, especially restored antiques, instead of electrified high powered spinning knives and blades.