Don't belong. Dangerous, like you. Can't be controlled. Can't be trusted. Everyone could just go on without me and not have to worry. People could be what they wanted to be. Could be with the people they wanted. Live simple. No secrets.

River ,'Objects In Space'


Buffistas Building a Better Board ++

Do you have problems, concerns, or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.


Allyson - Jul 28, 2005 4:12:14 pm PDT #50 of 4671
Wait, is this real-world child support, where the money goes to buy food for the kids, or MRA fantasyland child support where the women just buy Ferraris and cocaine? -Jessica

Is there a mod around?


DXMachina - Jul 28, 2005 4:30:00 pm PDT #51 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

Done and done.


DXMachina - Jul 28, 2005 4:31:39 pm PDT #52 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

ita, the bot is back. There's more clean up to be done on the user list. This is getting tiresome.


tommyrot - Jul 28, 2005 4:36:42 pm PDT #53 of 4671
Sir, it's not an offence to let your cat eat your bacon. Okay? And we don't arrest cats, I'm very sorry.

Can you block its IP address?

(Nah, it's pro'lly not that simple, huh?)


DXMachina - Jul 28, 2005 5:14:17 pm PDT #54 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

What's happening is someone with an aol address (I think) is trying to register groups of five random letter user names using e-mail addresses of randomletters@buffistas.org. Since the e-mail addresses don't exist, the registration fails when the system tries to send the confirmation message. Also, their script isn't very good, because one of the attempted user names always looks like this:

xhsskxuw@buffistas.orgnContent-Type: multipart/mixed; boundary="===============0031847247=="nMIME-Version: 1.0nSubject: 2a1cdc5enTo: xhsskxuw@buffistas.orgnbcc: jrubin3546@aol.comnFrom: xhsskxuw@buffistas.orgnnThis is a multi-part message in MIME format.nn--===============0031847247==nContent-Type: text/plain; charset="us-ascii"nMIME-Version: 1.0nContent-Transfer-Encoding: 7bitnnlbzhztn--===============0031847247==--n

The bcc is why I think it's coming from an aol account, but the IP has changed with each batch.


DCJensen - Jul 28, 2005 5:29:23 pm PDT #55 of 4671
All is well that ends in pizza.

Could the AOL part be spoofed?


DXMachina - Jul 28, 2005 5:34:03 pm PDT #56 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

Possibly, but given that we only see it by accident, I doubt it. More likely they're just opening new aol accounts.


tommyrot - Jul 28, 2005 5:38:59 pm PDT #57 of 4671
Sir, it's not an offence to let your cat eat your bacon. Okay? And we don't arrest cats, I'm very sorry.

I'm confused. Wouldn't a human have to actually look at this site in order to figure out how to get a bot to sign up? Or are there bots clever enough to find sites on their own and try to figure out likely ways to sigh up & log in?


DXMachina - Jul 28, 2005 6:13:41 pm PDT #58 of 4671
You always do this. We get tipsy, and you take advantage of my love of the scientific method.

Beats me. We don't tell people about the confirmation e-mail until after they submit the registration.

I'm still trying to figure out what they hope to accomplish.


tommyrot - Jul 28, 2005 6:22:57 pm PDT #59 of 4671
Sir, it's not an offence to let your cat eat your bacon. Okay? And we don't arrest cats, I'm very sorry.

google jrubin3546@aol.com

see anything interesting?

eta:

especially [link]

I'm seeing an interesting new attack on my website where the attacker is hoping to exploit unchecked fields in a "web to email" form. The attack works by assuming a field used in an email header (such as the "From:" address or the "Subject:") is passed unchecked to the mail subsystem. Appending a newline character and a few more carefully crafted header lines with a BCC list and a spam message body might trick the underlying mail system into relaying spam for the attacker.

eta²: do I get a cookie?