Category: Computer Stuff

Relevant comment spam?

Two hours and 15 minutes after my posting last night, there was a comment waiting in my moderation queue from someone purporting to be a user at Yahoo. The comment read, almost verbatim:

Hey,

Do you know you can get an American idol coin which will feature 2 finalists on 2 sides? Well, I got mine from [redacted]

C ya

I decided not to approve the comment, but I was impressed at the relevancy. So I did a little more digging.

I ignored the purported email address as being trivially spoofed; instead, I did a WHOIS lookup on the IP address from which the comment had come. It was in the 59.95.x.x range, so I had to go to the APNIC Whois database, which told me that that entire subnet was run by an outfit named Sancharnet, whose homepage describes them as “Sancharnet is a country wide Internet Access Network of Bharat Sanchar Nigam Limited, India. It offers Dedicated and Dialup (PSTN & ISDN) Internet Access Services across all the major cities in India”.

I then checked my logs (well, actually, the SiteMeter summary) and found that my only recent connection from 59.95 came though this referral:

http://www.technorati.com/search/american%20Idol?start=80

and that the user had visited several pages and been on the site for about 4 minutes.

This is, of course, an example of the globalization of services. Whoever sells the coins being flogged (“Abundant Marketing”, in Boynton Beach, Florida, according to the WHOIS database for the URL they were trying to promote) appears to employ people in India to do frequent Technorati searches for relevant terms and then post spam comments. I say that it’s likely to be humans at work rather than bots because of the location, and because the HashCash plugin requires JavaScript and most bots don’t support that.

I must admit to being tempted to go ahead and let the comment post because it was, in fact, relevant — but, of course, I didn’t. Wonder if they’ll try commenting to this posting? It does, after all, have the magic “American Idol” phrase in it!

Firefox cookie lesson

I ran into a problem caused by a internal site setting invalid cookies (ones with “@” as part of the cookie name) and tried to fix it by using the Firefox cookie manager to delete the offending cookie. This might have been OK, except that I’d also set Firefox to not allow a site for which I’d removed cookies to set cookies in the future.

And so removing the one errant cookie blocked all ibm.com sites from setting cookies — this had some unfortunate side effects (such as making it impossible to log into several internal sites). I couldn’t find any way to reverse this, either — not even running Firefox in safe mode helped.

So I resorted to rummaging through my profile directory and looking at any file which was human-readable. The last file I checked (of course!) was hostperm.1; that file had a line in it setting the “cookie” property of ibm.com to “2”. I deleted the line and my problems went away.

I will probably keep the Firefox setting to prohibit a site who’s cookies I’ve deleted from setting cookies in the future, but this posting will help me remember what to do if it causes me problems, too.