I maintain a couple of blogs outside of this one, and the most popular one I'm involved with gets a lot of spam. There seemed to be a particular uptick about a month back, and I went to look into it.

What I discovered is that quite a lot of our spam (around 80%) was coming from one company called IPTelligent LLC. There's no easy way for me to tell if they are a legit company who simply have the worst IT staff in the history of IT staffs and all of their machines are compromised, or if they are, in fact, evil jerks who are repeatedly attempting to pollute the internet with really terrible spam. Given a short websearch, it seems pretty likely that IPTelligent is intentionally evil. I suppose one could argue that the level of incompetence displayed by someone who not only runs that many compromised machines but also serves up malware consistently is a form of evil even if it wasn't intentional. Whatever.

Either way, they are responsible for a rather large percentage of the spam we were receiving, and not responsible for any legit visits that we could see.

Since this particular blog uses Wordpress, solving the problem was pretty simple. Wordpress has built in lists for blocking comments, but they simply send to the moderation queue, as does popular plugin Akismet. Since we were seeing hundreds of messages per day from IPTelligent, I needed something that banned them more completely so our moderators wouldn't even see the messages and have to scan through them. Thankfully, there are lots of plugins for this. I settled on one called wp-ban that seems to be working well for my needs.

Once that's installed, the settings are under Settings->Ban. At the top of my list, I now have

# IPTelligent owns these ips, and they seem to be a spam company
96.47.225.*
173.44.37.*
96.47.224.*

Which covers the majority of the IP that were hitting us with spam. A glance at a more specific list of IPTelligent IPs suggests that those lines are good enough right now, although it's possible that they'll buy more IP blocks eventually. (We also have a longer list of other ips that appear to be compromised and were causing problems, but they look more like temporary compromises than intentional, long-term malice so I'm not listing those IPs here).

Of course, it would be better if someone took the company to court for this. I am not a lawyer, but it seems to me that the Computer Fraud and Abuse Act must cover at least some portion of their activities. I mean, the things they charged Aaron Swartz with under that act seem less sketchy than what IPTelligent is doing. But court cases take time and money, and banning them right now is pretty easy, so I figured I'd share the short-term solution in case it's useful to anyone who'd like to get a little less spam right away. (We are indeed getting ~80% less spam since the bans went into place.)

For the record, here's the company info as I get from the whois database right now:

OrgName:        IPTelligent LLC
OrgId:          IPTEL-1
Address:        2115 NW 22nd Street
Address:        #C110
City:           Miami
StateProv:      FL
PostalCode:     33142
Country:        US
RegDate:        2009-03-31
Updated:        2012-07-16
Ref:            http://whois.arin.net/rest/org/IPTEL-1

ReferralServer: rwhois://rwhois.iptelligent.com:4321

OrgNOCHandle: NOC3572-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-888-638-5893
OrgNOCEmail:  sysop@iptelligent.com
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC3572-ARIN

Not sure this will be ever useful to anyone else, but just in case it hits me again later or when I'm helping someone else set up mailman on mac osx 10.7...

When I tried to run python bootstrap.py I got an error that looked like this:

AttributeError: 'module' object has no attribute '__getstate__'

The solution, as implied here is to fix my setuptools which is somehow wrong. On my mac, that meant clearing:

/Library/Python/2.7/site-packages/

Simple, easy, except that I have about a billion copies of python installed so finding the right one took some work. To figure out what to remove, I did the following:

(a) Ran the version of python I was actually trying to use to get a command line shell
(b) loaded setuptools (e.g.: import setuptools)
(c) Checked where it actually was (e.g.: print setuptools.__file__)
(d) Removed stuff from that directory (I could have just removed setuptools, but since I was trying to set up a fresh environment anyhow, I actually emptied the entire directory and let mailman reload)

I've been using John's old video card for a while since he put it in my computer while I was away, but it's so loud that I can hear it even when wearing headphones, and now that it's getting warmer in ABQ I'm noticing that gaming for an hour or more makes me uncomfortably hot. (And shush all of you who have a quip about gamer girls and hotness on the tip of your tongues; I mean temperature.)

So here's the deal. I want a video card that won't trigger a migraine aura in my high altitude desert home. I'm pretty sure they don't check for that in hardware reviews. Here's a more useful checklist:

1. Must be able to play some modern games. I'm mostly playing Diablo III lately, and I also use the machine for Photoshop. (Yeay academic discounts!)
2. Doesn't need to be Linux compatible (this is for my windows-only gaming box)
3. Needs to be as quiet as possible given #1.
4. Cool as possible, given #1.
5. Budget preferably < $200 but gaming in comfort is worth more to me if I'm sure it will help.

It used to be that you'd have to be prepared to replace the fan to get #3, but I'm hoping things have gotten better and I'll be able to just buy something off the shelf. I hate reading hardware reviews (unless it's cameras for some reason), so I'm hoping to narrow things down faster... Does anyone have suggestions?

Bank being sued for teaching customers bad security habits

Really short version: Turns out, it's a terrible idea to teach your customers bad habits.

Longer verison: And by bad habits, we mean the digital equivalent of saying, "of course our agents hang out in dark alleys. You should totally go there and give your wallet to strangers if they ask."

A couple of my friends have gotten hit with stuff that's hijacking their accounts as a way to send spam to Facebook. The latest one sent something about www,ArticleBooks,cn which looks like a standard scam (although if I were you, I wouldn't load that -- I'm just putting it here in case someone searches for it).

As a web security researcher, I'd like to offer some advice. The safest advice would probably be either "don't use any Facebook apps" or "don't use Facebook" but we all know you're not going to do that just because someone sent spam in your name.

So here's a few more reasonable tips that might keep you and your friends spam-free:

1. The problem probably won't be caught by your virus scanner. Do a scan -- it won't hurt -- but if it comes up negative don't assume you're safe.

2. My personal bet is that the Facebook stuff is caused by a rogue app. Uninstall ALL applications you are not using to be more safe. This may be a legitimate application which was hijacked, so you're safest uninstalling as much as possible.

3. Do NOT install any applications used by friends who have sent spam messages. Especially if you get a message like "$infected_friend has send you a gift!" or something: these are common ways for Facebook "viruses" to spread.

4. Consider installing an ad-blocker. Advertisements could also have been used to hijack your Facebook. I highly recommend you use AdBlock Plus on Mozilla Firefox, as some other ad blocking software is sketchy.

5. They may not have stolen your password, but it can't hurt to change your password after you have uninstalled all your apps.

6. If you were hit on twitter, or even Facebook, it could also be some site you visited that hijacked your browser. Check your history and try to warn others if you figure out which site it was!