Skip To Navigation

February 2006

Spam So Far

The usual story: I was bored. So I checked my logs, to see if anything interesting was happening. First thing I noticed was that the botnet that started attacking over Christmas had stopped a couple of weeks ago.

Still, I took the latest log file and wrote a quick script to throw it at a GeoIP database, and got: 86% USA, 6% Canada, 2% for each of UK/France/Netherlands/Spain, and 5% between 18 other countries. Total sample: 4209 hits.

I /could/ conclude that the countries with most bot infections have the most online idiots, though that's probably not fair. It's more likely that the operators of this particular botnet are American, and that the trojan spreads via email or IM. If the messages and/or websites it uses are English, that would partly explain the top 3 being USA/Canada/UK.

So then I took a week's worth of my spam log, most of which is open proxies. During this time I didn't get any legitimate comments, but I got 125 spam attempts. One got through. 42 were from Korea, 22 the USA, 6 Japan, 4 China. 34 different countries in all, from Algeria to (New) Zealand.

Open proxies are spread wider than the botnet above, and by their very nature, anyone can (ab)use them with little effort. The stats above seem to indicate that most Western countries have this bit of security sorted, something (language gap?) is keeping Koreans from fixing their servers.

And the final, annoyingly minor, annoyance: every one of the botnet hits used the standard IE6 user-agent string. So my stats for last month read 80%, which I know simply isn't true. For one, I'd be willing to bet that I personally make up about 20% of this site's hits. :|

My current spam code is flimsy, but for the most part it works. That's the problem with most of my code at the moment - it's ugly, spaghettified, and inefficent, but for the most part, it does the job. When it does go wrong, it's always less effort to hack a fix onto it than correct the real problem. Could be my fault for using PHP, but we'll save that one for another day...


Funeral. The word itself seems, well, depressing. I suppose it fits. Hmm. I seemed to know exactly what I wanted to write here before, but now I don't have a clue. So I'm just going to try to get to the point.

I want to keep blogging. But I don't want to be as depressing as I have been recently, so this will be my last post on Tunnie or my health for a bit.

Stuff I want to do, but might not get round to:

  • Post about HTML, RSS, and why most advocates piss me off.
  • Look at bug 307774. I don't really understand some of the code involved, but I want to fix it if I can. Or at least see it fixed. Or something.
  • Post about the state of the spam, geoIP adventures, and why my stats suck.
  • Listen to some Numbcast. Chucking what down? Heh.
  • Post about RdMise stuff: spam, OOP, and why the code's so ugly.
  • Put the front page back how it was. So if you're reading this now, you're probably coming via the feed, and if you're reading this tomorrow, you're not and by tomorrow I mean today and now means yesterday. Ow, my head hurts again.


I usually title posts. A bad pun, or other quip that's vaguely related to the post usually works. But right now I don't feel like it.

On Wednesday night, Michael Tunnicliffe killed himself. We don't know why.

I don't know how I feel. There's been bits of disbelief, shock, anger, sadness, and morbid curiosity, but I suppose right now it's mostly confusion. Looking for answers when the answers don't want to be found, and you probably wouldn't like them - I don't know whether that's profound or pathetic. But, for lack of a less clich├ęd way of saying this:

RIP. He liked <abbr> tags. :/



I am not this popular.

This is how I know the spam is getting ridiculous:

The traffic graph for this site shows a huge increase in hits in December and January.

I'm getting about the same traffic from spam scripts as I am from actual visitors and search spiders combined. That's annoying in itself, but what makes it even more stupid is that almost none of the spam comments get through any more - and the last one that did didn't even contain any links.

DRM, in pictures.

In the open-source VLC Media Player, the IT Crowd video fails miserably.

In Windows Media Player 8, it failed badly as well. And made me look at Davina McCall's face.

So I tried upgrading to ('choosing') 9.

And - it made me wait...

...for a codec error

So I 'unchose' WMP9...

...and chose a method that's actually going to work (searching for a torrent).

Laugh or cry?

The IT Crowd is a comedy series that started last week on Channel 4. I found it quite amusing, partially because it's full of geeky in-jokes. Roy and Moss - the standard nerds - have EFF stickers all over their office, including "Fair use has a posse" and "MP3 is not a crime".

So I go to the website this morning, where they're offering this Friday's episode early. I download it, getting past their IP address sniffing because I'm in the UK, and open it. It's a Windows Media Video, with DRM. Really. Is this irony, hypocrisy, or just stupidity?

I recently moved my ChatZilla stuff to It's now mostly in one place, and I think I got the redirects right.

I've linked to quite a lot of other ChatZilla information from the home page. Still to do: patches page, and more help info. Yes, this post is partly a trick to get search engines to index the new subdomain.

MRI, again

Another scan, no music this time. Just earplugs, which are what I really needed when they were playing U2 at me last time. Anyway, pretty boring in general. At one point I thought it sounded at bit like a foghorn crossed with a tardis, then I thought it must be the drugs talking, then I realized I wasn't on any drugs, and it was just me being weird.

Good morning.


I've been hanging around #web on Freenode for a while now. Part of the topic is this:

Don't use XHTML unless you understand it

I've used XHTML for a long time. / seems to reflexively come before > when I'm typing. But it's only for the latter part of that time that I felt I really understood it.

And it seems that now I understand it, I don't want to use it for my website any more. So I switched DTDs, removed some unnecessary tags, and nothing broke. I feel better for some reason.


Been hackhacking at assorted things recently, haven't got much to show for it yet, except mabye the ChatZilla Bugs page, which is shiny.

Injections started again today, then it's chemo again next week... you know, I can see why they call this a cycle. :|