Month: July 2005

Ok, after this morning’s DDoS, I started rummaging around for ways to limit the amount of hurt that my server would handle. And I found the limit function in iptables.

/sbin/iptables -A INPUT -p tcp -d 10.125.1.250 \
      --dport 80 -m limit --limit 6/m --limit-burst 10 -i eth0 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s 10.125.1.250 \
      --sport 80 -m limit --limit 6/m --limit-burst 10 -o eth0 -j ACCEPT

This should help get some of the requests under control.
Also, I discovered this interesting application called tc. Going to see how I can integrate this with some iptables rules.

Technorati: iptables

This morning, my server was the victim of a sustained DDoS lasting approximately 45 minutes. The entire flow of traffic came from the usual group of trackback and comment spam morons.
Now, the good news: b2evolution came through the event with flying colours. The antispam feature built into the product prevented ANY attempts by these morons at inserting comments and trackbacks from being successful.
I have added one more layer filtering to handle these morons. Since they use such a limited number of keywords in their REFERER fields, I just wrote a mod_rewrite rule to send them off to my infamous TCP Port 9080.

RewriteCond %{HTTP_REFERER} .*(pharmacy|poker|casino|blackjack|cialis|viagra| \
     porn|nude|girls|drugs|sex|animal|holdem| \
     stud|hydrocodone|vicodin|slut|anal|xanax|video| \
     oxycontin|russia|-online|online-).*
RewriteRule ^.*$ http://www.newestindustry.org:9080/ [R,L,NS]

This should deal with 90% of the morons. If I missed any keywords, drop me a comment.

Technorati: iptables, mod_rewrite, comment spam, trackback spam, DDoS

I recently switched all of my phone services back to Verizon. Today, I got a phone call from my former provider, MCI.
I have never experienced telephone slamming before, but “Tiffany Johnson” from MCI exposed me to the seedy side of the telephone market. I know why MCI is slamming departing customers: they need to get their customer count up before the acquisition by Verizon is completed.
I have frozen my telephone provider. And MCI goes on my blacklist.

Technorati: telephone slamming, MCI, Verizon

After 229 years, the United States is fixated on:

1. Paris Hilton
2. Britney Spears
3. George Bush
4. The Supreme Court
5. The Ten Commandments

Is this where the United States does a Pat O’Brien, and admits it drank and snorted too much the night before?

Technorati: United States, Paris Hilton, Britney Spears, Supreme Court, Ten Commandments, Pat O’Brien

"Firefox?" The Rabbi stops and thinks for a minute, rubbing his beard. "Ah yes! The one that blocks all the schmutz."

Read more here. Via David Parmet.

Technorati: Firefox

I think that I am protected from the PHP XML-RPC vulnerability discovered by Secunia. However, the team at b2evolution have made only a cursory attempt to explain what is happening.
I have updated the xmlrpc.php file on my serv to the latest CVS version and also updated the PHP XML-RPC library in PEAR.
Looking forward to a clearer posting on why b2evolution is NOT vulnerable to this type of attack.

Technorati: b2evolution, XML RPC, PHP, Secunia

I guess that Tim (Dead Hockey Player) Horton’s Doughnuts is making an incursion into the US market. This out to be interesting. Last time something like this happened, Washington was burned.
Actually, I know that other Canadian retailers (most notably Canadian Tire) have tried to move south, only to be beaten back at the border. My suggestion to THD is to emphasize the higher quality food, and downplay the founder’s tragic demise.
More on Tim Horton.
Via Mutually Inclusive PR

Happy Proclamation of the Bourgeois Revolutionary Manifesto Day
Go blow something up! 🙂

California
My friends all call you home
And if you take away another
I’ll be that much more alone
— California, Northwest Passage

Technorati: Stan Rogers,

As I discussed in this post, iTunes 4.9 was starting to cause some serious bandwidth issues for podcasters.
Geek News Central reports that iTunes appears to be be pulling some podcasts from a centralized cache server. [here]
This post also states that Apple has not told anyone that this is the case, let alone informing podcasters about the infrastructure they have put in place to distribute this cached content.
Once again, Apple has wandered into the Web 2.0 arena with pre-Internet marketing ideas. I guess eventually they will learn.
UPDATE: I forgot to mention that the source of the GNC story was the Dailysonic, which has an extensive technical write-up on what they found. [here]

Technorati: Apple, podcasting, iTunes