terriko: (Pi)
I maintain a couple of blogs outside of this one, and the most popular one I'm involved with gets a lot of spam. There seemed to be a particular uptick about a month back, and I went to look into it.

What I discovered is that quite a lot of our spam (around 80%) was coming from one company called IPTelligent LLC. There's no easy way for me to tell if they are a legit company who simply have the worst IT staff in the history of IT staffs and all of their machines are compromised, or if they are, in fact, evil jerks who are repeatedly attempting to pollute the internet with really terrible spam. Given a short websearch, it seems pretty likely that IPTelligent is intentionally evil. I suppose one could argue that the level of incompetence displayed by someone who not only runs that many compromised machines but also serves up malware consistently is a form of evil even if it wasn't intentional. Whatever.

Either way, they are responsible for a rather large percentage of the spam we were receiving, and not responsible for any legit visits that we could see.

Since this particular blog uses Wordpress, solving the problem was pretty simple. Wordpress has built in lists for blocking comments, but they simply send to the moderation queue, as does popular plugin Akismet. Since we were seeing hundreds of messages per day from IPTelligent, I needed something that banned them more completely so our moderators wouldn't even see the messages and have to scan through them. Thankfully, there are lots of plugins for this. I settled on one called wp-ban that seems to be working well for my needs.

Once that's installed, the settings are under Settings->Ban. At the top of my list, I now have

# IPTelligent owns these ips, and they seem to be a spam company
96.47.225.*
173.44.37.*
96.47.224.*


Which covers the majority of the IP that were hitting us with spam. A glance at a more specific list of IPTelligent IPs suggests that those lines are good enough right now, although it's possible that they'll buy more IP blocks eventually. (We also have a longer list of other ips that appear to be compromised and were causing problems, but they look more like temporary compromises than intentional, long-term malice so I'm not listing those IPs here).

Of course, it would be better if someone took the company to court for this. I am not a lawyer, but it seems to me that the Computer Fraud and Abuse Act must cover at least some portion of their activities. I mean, the things they charged Aaron Swartz with under that act seem less sketchy than what IPTelligent is doing. But court cases take time and money, and banning them right now is pretty easy, so I figured I'd share the short-term solution in case it's useful to anyone who'd like to get a little less spam right away. (We are indeed getting ~80% less spam since the bans went into place.)

For the record, here's the company info as I get from the whois database right now:

OrgName:        IPTelligent LLC
OrgId:          IPTEL-1
Address:        2115 NW 22nd Street
Address:        #C110
City:           Miami
StateProv:      FL
PostalCode:     33142
Country:        US
RegDate:        2009-03-31
Updated:        2012-07-16
Ref:            http://whois.arin.net/rest/org/IPTEL-1

ReferralServer: rwhois://rwhois.iptelligent.com:4321

OrgNOCHandle: NOC3572-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-888-638-5893
OrgNOCEmail:  sysop@iptelligent.com
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC3572-ARIN
terriko: Evil Soup (evil soup)
Spotted this on Fandom secrets while taking a break:


The text reads: "My family moved to Canada and are in the process of getting a citizenship. Secret: I cried the day we left not because I'm going to miss the US but because I knew how much more expensive shipping is to Canada which means buying fandmo stuff would be even more expensive for me. Bye bye free shipping :( I also hate the coldness but that doesn't really matter."

I find this strangely amusing. I think the next time someone asks me what I like about the US, I'm just going to say "free shipping" ;)

(I have spent so much money on Amazon, it's not even funny... Mind, that's only half about the free shipping and half about the fact that shopping here isn't great. But in case it's not clear, my favourite thing about the US is still my research group!)
terriko: (Default)
Lots of people have gotten in touch with me over the past few days, but for those of you who might want to know what's up but not want to overwhelm me with more questions, here's some answers:

1. John made it in on Sunday night (after more excitement with his flights than we'd hoped, but he made it in only an hour late), so I am not alone in the house. (And, in fact, the house is rarely empty as he's working from there.)

2. We have had some repairs done to the windows including the one used to gain entry to the house. The landlords have been really great about it all and have a long list of further upgrades that will be done once the immediate stuff is out of the way, including motion-sensor activated outdoor floodlights, padlocks for the exterior gates, etc.

3. We've got an appointment for an assessment with an alarm company next week so we'll see what additional measures they recommend.

4. John has updated his insurance to ensure that it covers all of my stuff in the case of a break-in where theft is the goal.

5. For those concerned, no, I'm not going to run out and buy a gun no matter what the police recommended. Given my complete lack of expertise with firearms, I fully understand that having one in the house would likely make me less safe at this stage. That said, knowledge is power, so I am going to learn to operate a firearm even if I ultimately decide not to go that route.

6. I still want a dog, though. ;) (And yes, this is a big, long-term decision, so John and I will have to figure that out together. But my vote's still for a dog.)

7. I am really, honestly, fine. As I've said elsewhere, this would have been a lot more scary if I had ever been seriously scared during the encounter, but the guy was really more odd than threatening. I reserve the right to change my mind about this (I've been told by several people that it's fairly normal to be much more disturbed after the fact) but for now everything's well in hand.
terriko: (Default)
Short version: A guy broke into my house while I was there. He wasn't very threatening, but he attempted to hug/grope me and only left my home once he could hear that I was on the line with 911 dispatch. I'm fine and am staying with friends for tonight now that the police are done at my house. John is flying in tomorrow anyhow, so he can help me deal with stuff then.

Long version below (and I can't figure out how to put in a cut on the beta create entries page which I'm using... ugh). It is rambly as, you know, it's been one heck of a weird night.

Read more... )

On the bright side, my brother tells me his friend got mugged at gunpoint his first night after moving to NYC, so at least it took me longer to get to my harsh introduction to the severe sketchiness of the USA.

Profile

terriko: (Default)
terriko

September 2017

S M T W T F S
     12
3456 78 9
1011 121314 1516
17181920212223
24252627282930

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 24th, 2017 12:14 pm
Powered by Dreamwidth Studios