Wiki SPAM!!!

I was quite surprised to find my server had been somewhat "compromised" so to speak. I was always focused on fighting spam in email, but overlooked other vulnerabilities.

Occasionally I would happen to notice strange wiki entry references in the logs. I never put two and two together until today. I saw where Google had a number of spam appearances attributed to my domain. So I scoured the logs more thoroughly and found the wiki server had been set up to allow "unauthenticated" posts. Amazing, and even more so that this is a default!?! I couldn't believe it.

The "unauthenticated user" had created a "Publications" entry back in 2008. Again, WTF?!? (And that isn't a reference to the CIA's "WikiLeaks Task Force" either...) There were, for the most part, some what appeared to be legitimate posts. A lot of the entries had photos that added to the story. There were over 20 pages, each with many posts, going back to 2008. They were posted with somewhat frequent regularity. The latest was posted last night at 02:00 or so.

A quick Google search really didn't reveal a canned, step by step fix. I did see reference to how this configuration is a spam magnet. How true...

I decided to dive in to the configuration and see if I could figure it out. I don't know if this will work, but since my address has been a regular target, only a day or two will tell if I have been successful.

In the end, I created a group that has permissions to make / edit a wiki post (and I hope this rolls to the blog entries, too.) Essentially, since this is a small server, it isn't difficult to manage. On a larger scale, an automated config should be created. In essence, I just added users to a group that allows wiki posts. The next step was to configure the wiki server to only accept posts from that group of users. (It was here in Server Admin that I finally noticed the "Wiki Allows Posts by Everybody".

Sheesh! For folks like me, I would sure appreciate the default to explicitly reject posts by everyone and require specific permissions. It make me wonder just how many other compromised installations may be scattered around the Internet. Even more interesting, it make me think of some of the Google links I have followed... Some of the posts buried in my wiki / blog server looked suspiciously similar in content and style to ones I have visited.

Sure the idea is to drive traffic to your server... But this is NOT the right method!


New Snow Leopard Server at TheCzechs.Net

I upgraded the hardware hosting TheCzechs.Net blog, web, etc., to a new Mac Mini Server running Snow Leopard Server 10.6.1. This is a big upgrade for this little personal site.

Seems to really work well, but the migration from a PowerPC (G5) platform to the Intel box was certainly not painless. Not only were there big OS changes from 10.5.8 to Snow Leopard, there was a platform change as well.

I had to rebuid several binaries to account for the platform change. But the biggest hurdle seemed to be Apache, PHP, and MySQL. It took me all day (and many hours more) to figure it out. I wore out Google, and pulled a few clumps of hair, but it seems to be working.

Will keep a close eye the next few days to see if all is well with the configs, etc.

Make sure to check out Jim's New World for the latest updates.


Jim's New World

I don't think I have abandoned this place, but found a "new world". Just another place for more rambling in the internet.

Check out the new blog, Jim's New World, based on WordPress and hosted on my server here.



Really want to get this working, but having no luck... :((

Installed the app just fine, but can't seem to get the code on the website installed. Don't find any guides for OS X Server blogs. If I knew just an ounce of what I was doing, I'm sure it wouldn't be difficult.

Just have to keep poking around Google, and see if there is a Woopra "forum" of sorts. I'm absolutely certain there has got to be a way to enter the code.


Ok, five months is far too long...

I "finally" looked and found I hadn't updated this since January. Sheesh!

What is the purpose if you aren't going to say anything? But I guess that is me. Not much to say. :P

Wow, looking back, a few things have happened. Some notable (the trip to Fairbanks and the World Ice Art Championship (way back in March) and the advent of spring (and the sunny weather, clear blue sky days I remember from April and May of years past.)

I'm sure there were a hundred simple things that could have been mentioned, but were overlooked in their simplicity. A hundred things worth mention, but lost to history now.

Ok, maybe I will do better. Maybe...


Over the Rainbow...

Somewhere... over the rainbow.

Tori Amos Somewhere Over The Rainbow (Live)

Somewhere over the rainbow
Way up high
There's a land that I heard of
Once in a lullaby

Somewhere over the rainbow
Skies are blue
And the dream that you dare to dream
Really does come true

One day I wish upon a star
Wake up where the clouds are far behind me
Where troubles melt like lemon drops
Way upon the chimney tops
That's where you'll find me

Somewhere over the rainbow
Blue birds fly
Birds fly over the rainbow
Why, oh why can't I?

Where troubles melt like lemon drops
Way upon the chimney tops
That's where you'll find me

Somewhere over the rainbow
Blue birds fly
Birds fly over the rainbow
Why, oh why can't I?

Over the Rainbow


Still cold...

While in the new year it has been sunny (at least for the 4 hours of daylight) and clear, the temperature has only ventured once above zero, and then only in the single digits. I think the "minus" sign on the digital thermometer must be "stuck".

Right now, it's -7F / -22C outside. Haven't gone out today, but hoping to see the full moon once it gets a bit more dark. The sun set about a half and hour ago, but it's still like dusk. Saw the moon the past couple of mornings on the way to work, and while not quite full, sure was BIG as it was low on the horizon. Hopefully get to see the largest full moon in 2009.


Goodbye 2008, Hello 2009

Another year is winding down. Another year older. Time to reflect, time to look ahead. Time to break out all the "old" songs and while away the hours.

I wonder... Probably so much happened this past year, but what stands out...? Hmmmmm.....?

Most notable, the surprise visit home for the holidays. :D It was "recent" but that doesn't make it the reason to stand out. That was a wonderful time... I will never forget standing at the door, and wondering if anyone was home. I will never forget the look on my Dad's face, when he finally answered the door.

Then there are the material things. :P After almost 30 years, I finally got a Rolex. Well, not just one, but two. :)) Guess I was making up for lost time...

I had a great vacation, only back in September, and went back home. We were on the go for the whole 2.5 weeks! Did a lot, saw so much. But again, had a great time with my parents.

The summer here, well, I don't know if you can call it a "summer"... Cool and wet. Only a couple of days above 70F / 21C. The old timers say this is what summer is all about; I don't want to agree (we'll see what 2009 brings.) But even the spring, always my best time of the year, only had a couple of sunny days.

I truly can't think of things, that were significant to "me". Sure there was a historic election, and so many things around the world. But in my own little world, these few gems are what matter, in some fashion.

Ok... Without saying.... "Happy New Year" to all. :)

Auld Lang Syne

Same Old Lang SyneAuld Lang Syne


Home for the holidays

It started out with a spur of the moment purchase of an airplane ticket.  Travel, while stalled and delayed all over the country, went smooth, swift, and flawless.  The surprise when I knocked on the door and Dad opened it...  (thinking I was the mailman delivering a package from Alaska...)

It's been great, being with family for the holidays...  :)

Christmas Tree 2008 

Stockings hung on the mantle

1 comment

Getting close to the season...

A year, maybe two ago, I learned of a song.  I didn't know who, and couldn't find lyrics.  But I loved the song, and 'transcribed' the lyrics.  I searched high and low, but could not find the song.

It's 2008, and fast approaching Christmas again.  Tonight, I decided to try and explore Google and put their servers through their paces.  Amazing...!  I found it!  Yes!  Truthfully it didn't take long, and once I was on the trail, it didn't take much at all.

This was a song from a Danish 'bubblegum' group called Toy-Box.  

Here again is "So Merry Christmas Everyone"

Download file "So Merry Christmas Everyone.mp3"


by Toy-Box


It is time for being joyful
It is time to be a friend
It is time to think of those who never
Knew what Christmas meant

It is time for being thankful
Appreciating what we have
It is time for reaching out 
To those without a mom and dad

So Merry Christmas everyone
Now it's time to love someone
May joy and peace be every place
For all the human race

Like a perfect harmony
In a Christmas melody
Every heart will beat as one
So Merry Christmas

Maybe it's a pure illusion
Maybe we can make it true
If we reach out for the children
They can have a Christmas too

So Merry Christmas everyone
Now it's time to love someone
May joy and peace be every place
For all the human race

Like a perfect harmony
In a Christmas melody
Every heart will beat as one
So Merry Christmas

Hearts are like the desert sand
Always waiting for the rain
Let your hope and love be like a shower
Let it wash away the pain
So to every soul and every heart
A Merry Christmas Day

Christmas time is a time when every body and soul come together
Being around the world and seeing so many places
But the best part thing of it all is coming home for Christmas
So from all of us to all of you: A Merry Christmas

So Merry Christmas everyone
Now it's time to love someone
May joy and peace be every place
For all the human race

Like a perfect harmony
In a Christmas melody
Every heart will beat as one
So Merry Christmas


Bigfoot still stinks...

I don't know why, but I have yet to dump the StinkFoot. Maybe it's because I paid $9.95 for the quarter for the "premium" spam protection and want to attempt to break even. But at the rate the daily received spam increases, it's a losing proposition.

So, I need to start researching how to contact (or even if you can contact) the StinkFoot people to cancel my account. It's gone far past being a joke or a curiosity. The gee-whiz-bang charts I was creating over the years to track good versus junk mail is to cumbersome, and adds no value, to this situation.

Hopefully the next report will indicate I've driven a stake through the heart of the Bigfoot and moved on to bigger and better pursuits.



Bigfoot's got the Stink Foot

I found a "review" site when I did a Google search for "Bigfoot mail spam review". I've had problems for years, and guess I am not the only one. Bigfoot has, finally(!), outlived it's usefulness. I posted the original review on the site. I wanted to get the word out further... (Plus I edited some typos and grammar mistakes...)


Bigfoot's got the Stink Foot

I stumbled upon this site after many, many months of issues with Bigfoot. I thought, "hey, maybe it's not just me..." Sure enough, many other reviews here mirror my experience and sentiment.

I've subscribed to Bigfoot premium for many years. I had decent service at first, that has deteriorated over the years. For more than a year now, I've continued to pay the premium subscription fees (it auto-renews) and then start complaining.

My biggest issue is the almost 10:1 spam to "good" email ratio. I've continued to tune, check settings, attempting to filter and blacklist, all to seeming no avail. I've complained in the past, and over almost two years ago started charting the spam that gets through, versus the ones that are trapped. The statistics are amazing!

I resorted to using SpamAssassin and SpamSieve to filter the "junk" that gets through Bigfoot's filters. I started distributing Bigfoot mail to Gmail and Hotmail. Gmail catches 100% (with no false positives in several months of use). Even my Hotmail account, which collects it's own goodly portion of spam itself, and has caught the spam that is forwarded from Bigfoot. If those guys can do it with such success, why can't Bigfoot make even a half-hearted attempt at improving their filtering, using just free open source tools?!?!

Makes me think one of Bigfoot's side businesses is the "processing" of spam, and selling addresses to the spammers...

I guess with this review, I have *finally* talked myself in to canceling the account and ending the drain of money to support this service.

Appreciate some of the suggestions of others I have seen here, such as, etc.

Good luck, from a long since satisfied Bigfoot customer. RIP...


Having a great time!

Wow!  Almost forgot about this spot.  :P

Having a great time visiting the folks in Ohio.  The weather has been great, and we've seen and done so much already.

Another clear, blue sky day.  Temps in the low 70's.  Amazing!

Getting ready to go to the Rogers Sale.  A huge outdoor market, with just about everything.  Should be a great day to stroll around and search for bargains.


Someone asked me...

About Sarah Palin, and since I am from Alaska… what I thought about her as the Vice President.

Here was my reply…

Well, frankly, I haven’t made up my mind. I like her, as the Governor. She is a “real person” but has the where-with-all to do the job. Looks aren’t everything…

It is interesting to see the skew from the media in the L48. Sometimes it hits, but more often, it isn’t the same as what you see here. Their perspective on her stance, compared to what we have seen here isn’t always correct.

Ok, is she qualified…? I haven’t made up my mind quite yet.

I look at other “governors” who “made it” big time. For better or worse, Spiro Agnew; a VP from MD. Look at Bill Clinton… Huh, he made it all the way to President, and he was “just” a governor.

We fool ourselves if we think any one person in those positions control all or make all the decisions. Yes, they are held responsible, and hopefully have input in the words that come out of their mouth. But I would hope they have learned advisors. Those folks, just like the speech writers, are really in tune. It’s for the “person in charge” to sift through all that input and make something of it.

Anyway, back to the question. My take…

Truthfully, I think she can do it. I don’t always agree with her stance on some subjects. She’s done us “right”, with the “extra” dividend we are getting. Or, with her push to suspend the gasoline tax ($0.08/gal) for a year. Our gas is way out of line with the L48. Oil has dropped over 27% from it’s high. Our (in AK) gasoline has dropped only 4%. With the tax break, 6%. That is criminal. (And I work in the BP building, related to the O&G industry…)

So, can she do it? Yes, I really do think she can. She does bring a fresh perspective. Does she know all, of course not, far from it. But I really do think she can bring the outsider, the hockey mom, to the table and make a change.

In any event, as I have told my parents… we are in for a historic election no matter which way it is decided. I am glad to be here for that… :)

So, what do you think?


Getting ready and counting down...

The day is fast approaching. Been making plans and getting little things ready. But this is the last weekend, and the week ahead will be busy.

Have been getting things together for the trip. Today will be laundry and I need to cut the grass. It will probably still be pretty shaggy by the time I get back. At least the weather is trying to cooperate today; the sun is peeking in and out from behind dark clouds. It rained last night, so hopefully the grass will have a chance to dry a bit before I get out there.

Still need to "configure" my camera bag. I've thought about what lenses I will bring, but think I will leave the 300mm f/2.8 at home. It would fit, but I don't have an easy way to pack a tripod, and you can't handhold that one. If my monopod will fit in the luggage, I might reconsider, so will have to try it out.

Lots to do... I probably should start making a list.


Close in... saving the day.

Well. maybe  this isn't so secret after all...



Planning the trip...

Ok, so I leave in a couple of weeks.  This is like a big adventure, but I'm not going into the wilderness.  No, I'm going home to visit my family and see the old sights.

But in this day and age, I live, eat, breathe, and even sleep with technology.  I am a slave to it.  

So I started looking at batteries, solar chargers, and all sorts of things to "survive" away from home for two weeks.  :))

I have a "new" camera case from Craigslist.  Brand new, and made for carry-on.  It's the ThinkTankPhoto (is that all one word???) Airport Acceleration bag.  I got a screamin' deal from the guy, who's wife got it in a promotion at the camera store here in town where she works.  This way, I will travel much like I did when coming to Alaska on a vacation way back in the early 90's; travel with "real" camera gear, not just the good ol' point-and-shoot.

I still have to partition the bag, and figure out what I am going to take with me.  The Nikon D300, and not the D2H.  (Sorry, trusty Mr. D2H.)  Of course the 18-200mm zoom, the 12-24mm zoom, 80-200mm f/2.8, and the 10mm f/2.8 fisheye.  The dilemma is the 300mm f/2.8.  Sure it will fit fine in the bag, but there is the challenge of a mono-pod or the Gitzo.  I don't think I want to (comfortably) haul one or the other of those.  I would only need it with the 300, and how often would I really use it.  I'll take the 1.4x teleconverter, and maybe even the TC-201. Ok, thinking out loud, maybe I am talking myself out of dragging the 300 along.

Then there is the laptop situation.  Of course, I'm a Mac guy.  I still have my 12" PowerBook, which is great to travel.  But I really use this 15" MacbookPro these days; actually everyday.  I have Windows (XP and Vista), as well as Ubuntu Linux on an external Firewire drive, that I can access via VMware.  

The question is, do I drag along my "work" Dell D420?  I can access my email via the web client, or through XP and Outlook 2007 on the VMware install.  I can back up all my document files to a portable drive.  But the big thing is the email archive (personal folders) on my Dell.  What if someone needed a file I had already archived? And, to clean up my server mailbox, I archive almost everything beyond a few weeks.  Ok, I am talking myself into dragging the 3.5 pound Dell along.  :((

Batteries (for everything), compact flash, SD, adapters, chargers, portable drives, and lions and tigers and bears, oh my!

Good thing I don't leave tomorrow.  Oh, wait, I have to pack some clothes, too.  


Woopra and such...

Just rediscovered Woopra.  Thanks to the Geekbrief (and related items) podcast, I saw where there is a new beta.  Sure, this "thing" is kind of a hidden blog, my hidden thoughts, but also added a new WordPress blog.

Who knows...  Just intrigued by the technology.



i just looked, since I knew it had to be getting close.  They drew for the Denali Road Lottery 2008, and no, I didn't make it, again.  The dates this year are September 12, 13, 14, and 15.

I checked down the list and actually didn't see any names I recognized, or should say, people I know.

Oh well, next year the deadline for entries is moved back a month to June.  I guess they are giving folks more time to make travel and lodging arrangements.  That's probably a good thing, especially for folks that have to travel from the L48.  Even lodging can be tricky, since most places close that weekend because the primary tourist season is over the day before.

Anyway, there's always next year.  :P

Download file "091208rlschedule.pdf"  Download file "091308rlschedule.pdf"
Download file "091408rlschedule.pdf"  Download file "091508rlschedule.pdf"


A touch of summer... finally!

When most days have been like this..
It certainly is nice to have a day like this...
Flags in the sun
Yes, that is *real* Anchorage, Alaska blue sky up there.