« June 2004 | Main | August 2004 »

July 2004 Archives

July 6, 2004

I swear it's ABSA fever out there!

I had a graduation party this past weekend at the Kentucky Derby Museum that was much fun. A lot of my family came in on Friday (and promptly drank all the beer that I thought would last through the weekend). Darrell K. and Renzo M. (and his family) came in, too, which was awesome. More came in on Saturday morning (including Brandon M. and Kyle W. from ND).

Tracy had a baby shower on Saturday morning; I cleared the hell outta the house for that.

The party itself was pretty cool. The Museum is an interesting place (not that I got out of the banquet room at all ☺); lots of the guests got to wander around the museum and even go to some races. Lummy’s kids, in particular, got to see all kinds of horses and races, which I understand they enjoyed thoroughly.

I laughed out loud when Lummy gave me a ziplock full of pebbles (which I had to ceremoniously snatch from his hand) as a final symbol of graduating. It’s been a long-standing joke between Lummy-n-me (“When you have learned to snatch the pebbles from the master’s hand, it is time for you to leave.”). Indeed, my dissertation filename is “pebbles.pdf”.

My family, DK, and Renzo (Inc.) stuck around for the rest of the weekend. After much food, indecision, and 16 different plans, some of us went to Shrek 2 and the rest of us went to Spiderman 2. I enjoyed S2 (but then again, Spiderman is my favorite…); I give it 30 minutes. I’ll probably buy the DVD when it becomes available.

The new Stargate SG-1 season starts this Friday — woo hoo! It’s also going to spin off a new series, Stargate Atlantis. Should be interesting. I know that Suzanne C. will be recording all this stuff with their new Tivo DVR. Woo hoo! :-)

Speaking of TV shows — I’ve been impressed with the socially-aware show The Dead Zone. There have been a few shows recently that touched on geek-important issues. For example, there was a show about electronic voting and how it was deliberately fradulently manipulated to elect a slimeball. Last week’s show was called “Total Awareness,” and was about the government’s control and monitoring of everything and how it directly ends privacy. This is almost certainly a reference to the supposedly-killed US government project “Total Information Awareness” that received so much press several months ago.

Quite interesting.

July 18, 2004


So I ran across a new trick the other day. A slimy, disgusting trick, but it was new to me.

I co-own a server with a bunch of friends that it hosted out in Kansas somewhere. We all host our personal domains out there, a few web pages, and non-work related e-mail. Each of us take responsibility for different sub-systems on the server. I, for example, am responsible for the web server. To that end, I run a bunch of virtual servers in Apache, one for each web site. For each web site, I setup a “stats page” showing a bunch of interesting (and totally useless) stats for the site: how many hits, IP addresses of those who visit the site, by-hour breakdowns, etc. I used the freeware Webalizer for this stuff.

The other day, Kyle W., one of the other owners, sent me an e-mail asking why the hit count for his stats page alone was over 7000 for the first 2 weeks of July. Well that makes no sense whatsoever:

  1. Kyle runs a small web site and should probably have less than 7000 hits total for his entire site for the entire month
  2. Who on earth would look at the web stats page over 7000 times in 2 weeks?

So I went and had a look at the logs. It took me a few minutes to figure it out, but once I saw it, the pattern was obvious. Little known-fact: when you surf to a web page, your browser usually sends the page that you came from to the web server. That is, if you’re on page A, and you click on a link that takes you to page B, your web browser will automatically send A’s URL to B’s server. This is called the “HTTP referer” and it allows web site administrators to track your progress through their site, figure out what search engines have found their site, etc. This is not new — it has been in the web since the very beginning.

What I saw in the logs was that lots of random different IP addresses were hitting Kyle’s stats page every few seconds (each IP would hit Kyle’s page every 4-10 seconds) with a very specific refering URL — a porn site.

That’s right, a porn site.

So what was really happening was that lots of “zombied” machines (i.e., machines that have been taken over by a virus or a worm and used for nefarious things like this) were hitting Kyle’s page every few seconds with a referring site of a porn site. So they were convoluting the real intent behind the referring URL — they weren’t really listing the URL that they were coming from, they were simply always listing the porn site URL. Put another way, they were lying about the URL that they were coming from.

The reason why is a bit convoluted: by hitting the stats page, they were getting the referring page listed (and linked) on the stats page. That is, the stats page lists all referring URLs and how many times they were seen. This usually gives a web site administrator a good idea of where (and how often) people enter the site (e.g., from a particular search term in Google, etc.). So since our web stats page lists all referring URLs, by lying and insertting the referring URL of a porn site, they were getting us to [automatically] link to their porn site.

Additionally, Webalizer counts how many times a referring URL is seen and ranks them. So by hitting Kyle’s page with the porn referring URL 7000+ times, it was easily at the top of the referring URL stats — i.e., it was the most frequently seen referring URL.

Ok, well that’s all fine and good, but still — why go to all this trouble?

The answer lies in how search engines work. Search engines — like Google — rate the importance of a web site by how many other web sites link to it. So what was really happening here is that some porn site has figured out really creative ways to get other sites to link to it — they search out and find web stats pages. They then hit that site thousands of times and get their referring URL to show up (and make it highly ranked on that stats page). The thought is that Google (and others) will notice all these links and increase the importance of the porn site because it’s linked to by so many other sites.

Very, very slimy. I have decided to call this slime-vertising. It’s totally dishonest.

And I’m sure this tactic is a) not limited to this one porn site, and b) an entirely automated process. It was quite surprising how many machines were zombined into doing this (some of the “dozens” of machines that I mentioned above were actually in .mil!). Our stats pages have since moved into a password-protected area on the web site, so we won’t see this problem anymore, but to those of you who have publicly-viewable stats pages, beware! This could be happening to you.

Here’s another form of slime-vertising — one that has been around for quite a while: it’s not uncommon that I have to remove anonymous user postings to JeffJournal that simply contain a link to a porn site (undoubtedly put there by some automous bot who found my blog and noticed that they can put anonymous posts with web links in it).

July 19, 2004

Here I am eating a salad, which, by the way, you could cover in bar-b-q sauce and it would still taste like the ground.

Tiny list of updates today…

I’ve started using the OS X IM client Adium for MSN and Yahoo! IM (I still use iChat for AOL). It’s awesome!

I saw two movies recently:

- School of Rock. Mildly amusing — it had some funny lines. I give it 3 minutes.

- Paycheck. It was also “ok,” but not great. 6.75 minutes.

Got supa-swank wedding invitations from Jeremy and Katie. Too bad that we won’t be able to be there (it’s right smack in the middle of the baby watch time window), but it should be a good time. They didn’t wait quite as long as Tracy and I, but this is certainly a long time coming. ;-)

July 24, 2004

And that mom was worried because dad is hauling a yard sale up Killamanjaro, and she's thinking, "Wow! I married an idiot!"

Random list of updates today:

  • LAM/MPI version 7.1 has finally hit beta!. It’s about time. :-)
  • Stargate SG-1 and Stargate Atlantis are now two shows into the new season. Tracy and I are both enjoying them. Ok, yes, we’re geeks. We’ve known this for a long time.
  • More and more people are getting Mac’s. I think I mentioned in a previous entry that Darrell K. got a powerbook. Just the other day, Weikuan Y. got an ibook. Woo hoo!
  • I bought a subscription to Wired magazine the other day from a door-to-door salesman (some kid). I’m such a sucker.
  • Tracy is very much into the Tour de France. Go Lance go (like there’s any doubt).

I’ve switched to the native Mail.app client for OS X. This is a huge switch for me because I’ve been a die-hard pine user for many, many years. Pine is a very, very good mailer with one significant disadvantage: it can’t [yet] do offline e-mail (e.g., see the last known state of your inbox while you’re not connected to a network). The OS X Mail client can, and it has rockin’ search features — although pine’s search features also rock, Mail.app can search multiple folders at once, which pine cannot.

The straw that broke my back and caused me to switch was the realization that I am using my powerbook for 100% of my computer usage. So I always have Mail.app. More specifically, my Big Reasons for not switching away from pine were two fantastic features that pine supports and no one else does (although I don’t know why — they’re killer features): a) the ability to store your pine settings on the server, and b) the ability to store your addressbook on the server. Both of these are tremendously useful when you access your mail from a variety of different machines (like I used to do). However, now that I do everything on my powerbook, I don’t need this portability. So I switched to Mail.app.

It’s my first GUI mail client, well, ever. I was forced into using Outlook while I was at Ft. Huachuca, but I don’t really count that. It’s taking some getting used to — I’m not used to having to move a mouse to read mail and perform common mail actions; my fingers still type out the familiar-from-years-of-use pine keystrokes. But it’s going well. With Mail.app’s rockin’ search capabilities, I’m really re-thinking my use of folders on the server — I have ditched a lot of them, and may actually end up with very few folders. We’ll see how this plays out.

One thing that I really like about Mail.app is that now my IM clients (yes Adium too!), e-mail client, and calendaring now all share a common addressbook. Now if only I would get a bluetooth-enabled cell phone, it would be uniform there, too…

Brian tried a beta version of Tiger (the next version of OS X), and it had some really neat features (newer version of iChat, incredible searchability that Windows/Longhorn has been promising literally for years, etc.), but it was still too buggy. I’m sure it’ll stabalize up before it’s final release (IIRC, later this year?). I’ll definitely buy it when it comes out. :-)

About July 2004

This page contains all entries posted to JeffJournal in July 2004. They are listed from oldest to newest.

June 2004 is the previous archive.

August 2004 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.34