Posts Tagged ‘spam’

Fedora 16 with SELinux running WordPress with Akismet

June 17, 2013

So you have WordPress and Akismet to get rid of spam. But for some reason Akismet is not working:

WordPress with Akismet failing

You can test if you have a valid key and connectivity from the command line with either wget:

wget --post-data 'key=YOURKEYGOESHERE&blog=http://example.org'\
http://rest.akismet.com/1.1/verify-key

or using curl:

curl -d 'key=YOURKEYGOESHERE' -d 'blog=http://example.org' \
http://rest.akismet.com/1.1/verify-keyd

If it works you should receieve a file called “verify-key” containing the word “valid”

If that doesn’t work then you have problems outside the scope of this article.

But if you can retrieve the key than chances are your SELinux configuration is limiting what the httpd server can do.

Luckily the fix is simple: allow httpd to make outgoing connections:

setsebool -P httpd_can_network_connect on

But wait a minute you say. Now my httpd server can connect to anything, attackers can use it to attack other systems potentially (especially if you allow CGI scripts and arbitrary WordPress plugins or themes which can contain PHP code).

So we need to limit what systems the httpd server can connect to. The good news here is that IPTables supports this.

In the case of Akissmet you’d want to add something like this to your /etc/sysconfig/iptables file:

-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m owner --uid-owner apache -m tcp -p tcp --dport 80 \
--dest 66.135.58.61 -j ACCEPT
-A OUTPUT -m owner --uid-owner apache -m tcp -p tcp --dport 80 \
--dest 66.135.58.62 -j ACCEPT 
-A OUTPUT -m owner --uid-owner apache -m tcp -p tcp --dport 80 \
--dest 72.223.69.89 -j ACCEPT
-A OUTPUT -m owner --uid-owner apache -m tcp -p tcp --dport 80 \
--dest 72.223.69.88 -j ACCEPT
-A OUTPUT -m owner --uid-owner apache -j REJECT

This should allow only existing inbound connections (e.g. web clients) and outgoing connections to Akismet (you may want to add any other services you use of course).

Is Microsoft spamming anyone else about robots.txt blocking Bing?

June 5, 2013

So Microsoft spammed me about my robots.txt again:

from: Jyoti Bhagavatula (HCL America Inc) <[email protected]>

to: “[email protected]” <[email protected]>
date: Wed, Jun 5, 2013 at 11:11 AM

subject: Robots.txt blocking Bing crawler: http://www.seifried.org/robots.txt

Hello,

I am contacting you on behalf of the Bing Search engine (http://www.bing.com/) in regards to your robots.txt file:

http://www.seifried.org/robots.txt

Our customers have alerted us that your website was partially absent from our results and we have discovered that you are blocking our crawler, named BingBot, via a disallow directive in your robots.txt file:

User-agent: msnbot

Disallow: /

User-agent: bingbot

Disallow: /

We would be pleased if you could edit your robots.txt file to allow our crawler to fetch and index your content properly, which will in turn increase traffic to your site via our search results, by including the following section:

User-agent: Bingbot

Disallow: 

I find this pretty annoying, they don’t take the time to even look at my website and see that the contact email is pretty obviously [email protected], instead they spam my DNS WHOIS email contact. Secondly, I’ve already told them several times I don’t want to let them index my site, first via robots.txt, and secondly in email replies to the spam they send me.

Is anyone else getting this emails?

New techniques in spam from the Harvard Business Review (HBR)

March 1, 2013

No this isn’t about an article in the Harvard Business Review (HBR), this is actually about spam from the Harvard Business Review. A long time ago I signed up for a year since I got one of those “get the magazine for $19.95 a year” offers and figured why not. I then cancelled at the end since I didn’t find the magazine terribly interesting or forward looking (it seems to mostly reflect an entrenched view of business/law that while useful for existing managers is not terribly education, unlike say the Economist which I still read).

So what’s this new spam technique from the Harvard Business Review? Well they sent me an email, informing me that I had not completed an order at their online store and that my shopping cart still had items in it. This is a pretty clever social engineering technique, they’re prompting you and leading you to believe that you had meant to renew your Harvard Business Review subscription and obviously got distracted or something so you might want to finish the process and send them some money. Except I hadn’t been shopping on their web site (my subscription lapsed a few years ago).

Harvard-Business-Review-Spam-Email

So I went to unsubscribe (who knows, they might actually stop emailing me), but that part of the process was also engineered to make it difficult, first step: make the person enter their email address rather then filling the form (and they know the email address, I mean they just spammed me):

Harvard-Business-Review-Spam-Email-Unsubscribe

But then the piece de resistance:

Harvard-Business-Review-Spam-Email-Unsubscribe-10-Days

Up to 10 days to remove you from a mailing list. What. The. Fuck? So yeah, the moral of the story is use the “spam” button in your mail client and deep six all the crap Harvard Business Review is going to try sending you.