I’ve had enough

I’ve decided I’ve had enough of blbl.org. Last night my server that runs it (along with all of my other stuff) had some kind of hardware fault, and I realised that I didn’t really want to pay for this machine just for blbl.org to rag it until the disks fall out and the assorted important bits melt. My father always used to say there’s nothing worse than having your important bits melt.

Actually he didn’t, but if I was to ask him about this theoretical event his response would definitely be on the negative side.

What it comes down to is this: blbl.org sucks quite a bit of power out of my server in both memory use and CPU time. (The bandwidth is probably negligible, but the worry of some blog spammer getting his knickers in a twist and performing some kind of DDoS is always at the back of my mind.) It hammers the disk (the main database tables contain 18 million and 6 million rows respectively, and that’s not taking into account the tables used to accumulate the data people submit) and generally slows everything down. I’m getting fed up of having to field questions like “why is your gallery down?” because of it.

On top of all of that, I seem to end up spending more time than I’d like looking after the whole (admitedly shaky) set up. If blbl.org was represented on paper, it would be a Heath Robinson machine. Frankly SpamKarma2 does a pretty damn good job of trapping spam by itself, WordPress has anti-spam stuff in it and there are plenty of other plugins which do a decent job too.

Looking at the stats from rbldnsd(8), I was fielding about 400 queries every five minutes (i.e. just over one per second) for the IP blacklist, and I was getting about a 10% hit rate. I guess that’s not so bad, but I’ve no idea how much of the comments posted on all blogs ever (or all blogs that might use blbl.org) is spam. If it’s 10%, then I guess I was doing ok, but I suspect that it’s probably more than that. Based on the flood of submissions (which often ran to 200/sec), I’d say it’s not that effective anyway.

The stats for the URL blacklist are worse - roughly 100 queries every five minutes and less than four hits in the same period.

So, I’ve shut it off. blbl.org is now firewalled off to save my webserver from even having to attempt to serve requests. In about a week, the scripts that generate the blacklist data for rbldnsd will decide nothing should be listed any more. I’ll leave that running for now because otherwise it will have an impact on people’s blogs. 200+ submissions a second tells me I could potentially screw up a lot of blogs :) I certainly won’t be doing anything like returning a positive hit for all queries and saying “well you should have noticed that blbl.org was shutting down!”

In due time, I’ll shut down rbldnsd too, but that’ll be a while yet. If you’re using the SpamKarma2 plugin for WordPress, or any other RBL lookup plugin on any blog software at all, please remove blbl.org from the lookup list (bl.blbl.org and uri-bl.blbl.org).

I would say it’s been fun, but I’m not sure that applies :) It’s certainly been interesting from many perspectives. I’ve had to figure out how to run an RBL, write scripts (and rewrite) them to handle large volumes of submissions, process large quantities of data, and so on. I never even got round to writing a proper website for it (not that you can look now, since I’ve blocked it). I hope that in the time it’s been running I’ve helped stop at least a little bit of spam, and stuck two fingers up at the people who go around filling people’s blogs with unnecessary “comments” about poker, transexuals, lesbians and bestiality. There are plenty of people who write their own blogs about that. Actually, I think that’s called myspace or something :fry:

In the time it’s been running, especially since I posted last about the detrimental effect blbl.org was having on my server (and thus all my other sites), I’ve had a couple of offers from people for more hosting. I’ve decided not to take them up in the end (although I am very grateful) because leaving this project is as much about my personal time as anything else. When I had more free time (like when I was a student) I happily created many complex projects for myself, but nowadays I want to keep things simpler because I’m so busy.

If anyone wants to take over blbl.org (in its entirely - management and hosting) then I’d be more than happy to hand the reigns over to a suitable person (or people).

I think this is officially my longest blog post ever, so I’d better stop here before I ruin my average.

More Phone Spam

Wow, my previous post about phone spam has attracted quite a few comments, including this one from a guy who works for the company in question! At least that company is aware of how much they’re annoying people, not that I suspect it’ll ever stop them from doing it to more people.

Yesterday on my new(ish) Vodafone phone I got a call from 02920368705 with the usual spiel about they’re calling “about your Vodafone contract” and could they save me money/cut me a deal/please god give us some money. At least the guy who made the call was up for a laugh because when I told him I liked spending money he offered me a plan that was £1,000 per month with one free minute and one free SMS. After persuading him that I didn’t want that either and would he please remove me from his list, he went.

According to results from Google, this number belongs to Communications Direct which is a different company to the last one I had time.

Why not do a Google Search for them and click their sponsored link? I’m sure they can afford it. :10bux:

BMW Spam Update

BMW replied to my email about the spammer who posted on my forums, but they said:

We have not been aware of the web site http://bmw-portl and-oregon.flgju.info/index.html. However, this domain is not accessible and therefore, we cannot undertake any further actions.

Sorry, but the site still works for me, although it’s a bit slow. I’ve emailed them a screenshot showing it.

Uh oh

I can’t help but worry about blbl.org after reading stories like this:

http://b.oooom.net/261

Exchange Offline Address Books

If your Exchange Offline Address Book isn’t generating and you get error 9335 in the Event log (”OALGen encountered error 8004010f while clearing the offline address list public folders under …”), try this:

http://b.oooom.net/1xo

blbl.org kills my stuff

Unfortunately, blbl.org (my BLog Blocking List) is generating a lot of load on my poor colo’d machine, and is causing general slowness and at times outright failures of my other websites.

Also unfortunately for blbl.org, I like my other websites being up more than I like blbl.org being up, so this means one of several things:

• I shut it down
• I move it to another machine that can handle it
• I change it so it generates less load

(more…)

Phone spam

Posting to add myself to the people complaining about cold calling by 08004584727 trying to find out about your contract and ask you to upgrade it. They claimed to be “phoning on behalf of Orange.”

Configuring exim to reject senders

Today I received two copies of the same mail: “re: Achieving your goals…….”, size 1.3Mb.

Wait, 1.3Mb?

[-- Attachment #2: clip_image001.jpg --] [-- Type: image/jpeg, Encoding: base64, Size: 523K --] [-- Attachment #3: clip_image004.jpg --] [-- Type: image/jpeg, Encoding: base64, Size: 752K --]

(MIME part #1 was multipart/alternative, so they at least got that right.)

This ended up in my inbox because my spam filters don’t check messages over a certain size, to prevent killing my server. I thought that was a reasonable choice after all, which spammers would be dumb enough to spam with enormous attachments?

Apparently, New Era Publications UK is. (I hope a spammer scrapes this page and gets that address.)

I decided to teach Exim to reject senders with a a particular message, rather than just a generic “unwanted sender” message. I wanted to put addresses in a file that Exim could lsearch and the data of the key would be the given reason.

The Exim FAQ suggests a way of doing this (actually it suggests a way of indexing on pairs of sender=>recipient), but the example is broken.

Just in case anyone else finds it handy, here’s a snippet for the RCPT ACL in Exim which rejects senders with a custom message.

deny condition = ${if eq {${lookup{$sender_address}lsearch{/usr/local/etc/exim/badsenders}}}{} \ {no}{yes}} message = ${lookup{$sender_address}lsearch{/usr/local/etc/exim/badsenders}}

Pop that in your configure file, and create /usr/local/etc/exim/badsenders (leave it empty if you don’t have anything to go in it yet, but it MUST exist). Make sure the exim process can read it. Populate it with data like this: nepuk@newerapublications.com : Sending oversized spam example@jamesoff.net : This address never receives mail

You must put a reason else the condition won’t trigger. HUP exim to make it notice the updated configuration, but you don’t need to do that every time you add a new address to badsenders.

SK2 RBL Plugin Update

See http://www.grooblehonk.co.uk/sk2/rbl-plugin/ for details.

• Don’t look up same host more than once per post
• Fixed URIs not getting looked up properly

The downloadable file has been updated.

RBL Plugin available for SK2

If you want to try out the new improved RBL plugin for Spam Karma 2, have a look here. It works fine for me so I’d like some feed back from other people now :)