New Spamming Tactics

Posted by in Enemy of the Spammers

Something caught one’s eye today, there was a new comment the seemed far too familiar. The chosen name for the commenter may have been a complete give away. However, one has seen people with legitimate comments use their website name as their alias. It did not take much effort to find where the comment’s body came from, they were one’s own words from a comment placed earlier on post–over a month ago. Differentiating between simple, and misguided plagiarism and spam required looking at, or in this case only the URI of, the site linked to as the commenter’s “website” (some World of Warcraft gold selling site).

This seems to be the “holy grail” of comment spam, producing “relevant” comments while linking to what ever site they are promoting. Spam Karma 2 even thought it was valid–SK2 is losing it’s effectiveness. While in this case the site was not relevant, the body of the comment was relevant to the discussion. It took plagiarism to accomplish it, but for people already breaking laws what’s another broken law (plagiarism is a form or copyright violation/theft).

To protect against this new breed of spam a few things could be done to resolve the issue. The first is, in the case of SK2, the comment author website URI needs to be checked against a distributed blacklist as all other URIs in the comment body are (SK2 probably already does this, but the site was not on the list yet). Secondly, comments should be checked for an “originality” percentage. Basically, this would compare it against other comments for the post, and then under the potential matches, find how close it is to them. This would prevent direct sentence, paragraph and comment plagiarism/lifting. Ultimately, making code behave as a human is the goal. If all else fails, improving the ability to find the person behind the spam so that justice may be brought to him (or her) would suffice.

-John Havlik

[end of transmission, stay tuned]

Updated:

WP Trainer Demo

Posted by in WordPress > Plugins

A super sneak peak of the features of WP Trainer, will be updated as development progresses.

[wpt-activity]

This data is from a GPX file, however the actual points were cached and loaded from the cache. There are still a few bugs with the way encoded polylines are rendered at the moment.

-John Havlik

[end of transmission, stay tuned]

Pitfalls of New IP Space

Posted by in General

With the almost complete allocation of previously available IP4 addresses, ICANN released IP address block from previously reserved ranges to private ISPs. Unfortunately for these ISPs and their customers (one in particular), in the past these IP blocks were heavily used by malicious individuals who spoofed their IP addresses. This resulted in many servers that simply refuse connections to the entire block. What block is this? It’s the 173.x.x.x block.

For a year now, Mediacom has assigned IPs under the 173.18.x.x block. Thanks to that, one’s IP address is in this range. There are sites one literally can not visit due to having a legitimate IP address in the 173.x.x.x range, instead one gets a nice “network timeout error”. In the past it was the Weblogs.us forums (now down for everyone as phpBB committed suicide), now it’s other sites. Sure one can use a webproxy, and have, but that is more trouble than it’s worth. It would be nice if these servers would at least keep current with their IP block blacklists. Even better, new blacklists not containing known to be good IP blocks because of their prior illegitimate use would be a welcomed change.

-John Havlik

[end of transmission, stay tuned]

Breadcrumb NavXT Updates

Posted by in WordPress > Plugins

Since there were no regressions from the 3.0.2 release to the 3.1.0 release, the next release will be 3.2.0. Expect this to ship at the end of the month, possibly into early April. For 3.2.o some things will be changing in the core. Some of these changes fix a regression between 2.x and 3.x in the handling of attachments to posts (the full taxonomy path will be shown in 3.2.0, the fix is already in the SVN trunk).

The bcn_breadcrumb_trail->display() function will be rewritten to work for either reverse or forward oriented breadcrumb trails. A supplemental function will be added that works similar to bcn_breadcrumb_trail->display(), but each breadcrumb is wrapped in <li> tags, this will make it easier for those who want that type of output. Some minor changes to the administrative interface will occur as well. Finally, some performance evaluation will occur durring this round to hopefully identify and correct any potential performance issues.

-John Havlik

[end of transmission, stay tuned]

Windows 7 and PunkBuster

Posted by in Anti-Consumerism

When you resort to tactics within the realm malice, are your actions still benevolent? Even Balance should consider this question while working on PunkBuster. While hackers/cheaters are an annoying, when the tools that keep them out operate maliciously the tool maker has gone too far. PunkBuster’s behavior is absolutely uncalled for.

There is absolutely no reason for a legitimate piece of software to download itself from a remote site and reinstall/restart every 15 seconds to 5 minutes. This is how PunkBuster works right now with its PnkBstrA.exe and PnkBstrB.exe services. PnkBstrA.exe will redownload, reinstall, and restart PnkBsterB.exe periodically while in a game “protected” by PunkBuster. If anything goes wrong PnkBstrA.exe will kick the user from a server and give a error in the 13xxxxxx range. PnkBstrB.exe is what actually looks for hackers/cheaters and kicks them. PunkBuster also looks for unknown APIs and will kick you if it finds any, this is the issue it has with Windows 7.

“Why are you playing games on a beta OS?” What’s the point of a beta OS? To test things, that’s the point of beta releases. By playing, or rather try to play, a game I’m testing Windows 7. Since I built a new (for me) computer that is running Windows 7 (64bit), there really is no going back to XP (I do not have Win XP 64bit edition). My gaming is limited to offline games, any Valve title, or Test Drive Unlimited. Basically, anything that doesn’t depend on the horribly broken PunkBuster.

The real shame is that Even Balance has not made any visible effort towards supporting Windows 7. The beta is very solid, a release candidate should be out soon, and at that time the Windows 7 “API” will be “locked” and Punk Buster should be able to be updated to work with Windows 7. If, upon public release of Windows 7, PunkBuster still does not work properly, I’d like to see a someone bring a class action lawsuit against Even Balance for negligence (yes, PunkBuster has angered me to that point).

-John Havlik

[end of transmission, stay tuned]