You are here



Sony rootkit


If you play a Sony music CD on your Windows computer, it installs a rootkit on your system, which introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. I guess this whole DRM thing is getting way out of control.

Upgraded spam module


I have upgraded Drupal's spam module from version 2.0.3 to version 2.0.10. The sum of the upgrades allows me now to expire spam comments automatically, which finally ends the almost daily task of emptying the spam queue.

The work of Jeremy Andrews on this piece of software is impressive : new versions are delivired almost weekly, and sane feature requests get implemented at a very high rate.

Spam module


It seems that my previous spam measurements were quite good, but also that the spammers have stepped up to the next level : comment spam. I already had to delete 7 spam comments last week, so I've decided to install Drupal's spam module. It contains a trainable Bayesian filter, manually entered custom filters, counting the number of URLs, and detection of content posted from open email relays.

The Bayesian filter does statistical analysis on spam content, learning from spam and non-spam that it sees to determine the liklihood that new content is or is not spam. Seems a bit like the spam filters included in Thunderbird.

Referrer spam


Since a few months, my logfiles get filled with referrer spam : when you click a hyperlink on one web site, your browser passes to the next site the address of the page where you clicked the link. This is logged by the server hosting the next web site.

The referer information can be faked very easily. Some unscrupulous web site owners will arrange to have several computers access a particular web site with a referer that lists their own web site address. There are a number of ways to accomplish this (see below), but the result is that the web server logs of the targeted site will contain hundreds or possibly thousands of entries with the fake referer information. This is known as "referer spamming". Most referer spam infects blog comments, but in my case, only my logfiles are filled.

There are several solutions to this problem, mostly involving the RewriteCond directive of the Apache webserver, but I choose the solution from Kuroshin, where a BadReferrer is being created based on the spam URL. however, states that the .htaccess based solutions are part of an unwinnable race, as it takes hundreds of rules to keep up with the randomly selected spam URLs. We'll see if my .htaccess file can keep up...



The radio news yesterday reported that over 50% of all Belgian personal computer are infected with some form of spyware. I wonder if they mean 50% of all PCs running Windows, or 50% of the total amount of PC's, in which case the amount of infected Windows machines is even higher. Anyway, the figures are frightening.

Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs : Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware.


Subscribe to RSS - Bugs