No Mod Required

WordPress 2.3.3 is out.

Since it fixes a security issue there's no better time than now to upgrade…

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords.

Speaking of Wordpress, does anyone know why Akismet suddenly sucks? The past few days it's consistently been beaten by trackback spam touting the night vision exploits of a certain hotel heiress. It's the EXACT same URL, with the EXACT same text and formatting, but it keeps getting through. I've had a handful of false negatives over the years I've used it (a few a month) and all of a sudden I've seen dozens of identical examples in just the past week.

Is someone gaming the system?

I've had thousands of email correspondents over the years so on occasion a zombified machine or two used to send spam finds my domain in the compromised machine's address book and creates fake email addresses pointing back here. In those situations, I can get hundreds of "Undelivered mail return to sender" type messages whereever the spammer fails to find a proper address. Over the past couple of days I've been slammed with them (a hundred here, a hundred there) and in the past ten minutes I've gotten over 2000 and counting. They're filtered into the trash on my machine, but it's still crazy to see that big of a spam assault happen in something like real time.

FTC seeks broad powers to fight spam
I propose invading Nigeria. I'd vollunteer for that shit. Lemme get that Prince Mboto Ngalla III! I don't give a fuck what happened to his father the General or his 30 million dollars!

Fuck Spammers
"Antispam sentiment on Capitol Hill is growing, with a new proposal in the House of Representatives promising to slap the worst bulk e-mailers with prison terms and millions of dollars in fines."

The only problem is this- what about Spam that originates in Europe, Asia or the motherfucking annoying spam capital of the world AFRICA (which is home to Nigeria?) What the fuck does Joseph Hawthorne Mboto III, son of retired General Joseph Hawthorne Mboto II care about US Anti-spam measures? Maybe we'll use it as an excuse to invade? Sweet.

No Link. I just wanted to let any of my good friends in Nigeria, the Congo, Sierra Leone, South Africa, The Philippines, etc. who might be reading this know the following:

I'm simply not interested in helping smuggle millions of dollars out of your country. No interest whatsoever. So stop asking.

While I'm on the subject, think I would get in "real" trouble if I started going through the motions with these scammers and then flying down to Africa and immediately putting a bullet in the fucking head of every fuckhead scammer that showed up at the airport? I mean, just how far will bribery get me in Lagos? Pretty far I bet. Everyone should do that. We should flood Nigeria with drunk, pistol packing yahoos looking for their cut of thirty million dollars. We'll see how much longer the email flood continues after that…

In case you were wondering, I'm so sick of these emails I'm something like 37% serious.

In the real world, I think I'm going to set up a throwaway email address start flaming these guys. Should be fun.

NEMO Music Showcase and Conference has me on their mailing list for some unknown reason. I've attempted the regular "remove:" address, thinking that this apparently "for real" organization would give a shit about the people it sends email to and actually follow through on a remove request. Unfortunately, their remove system is about as trustworthy as a porn spammer and I continue to get email. POPFile, the Bayesian email filter that I use, correctly sorts their emails as spam, but that's not really the point. If they reply I'll be sure to post it here.

From: "Rob Larsen"
To:
Subject: stop emailing me.
Date: Thu, 27 Mar 2003 11:33:50 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1″
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High

I've done the remove thing in your mailings twice (including today) and I
still receive email from you folks. Normally I would just let my email
client sort your UCE as the spam it is and be done with it, but I'm annoyed
that a legitimate organization can't take a hint and leave me alone.

To the point: I don't care about your event. I never will. I have no idea
why you even decided it would be a good idea to include me on your mailing
list. I fear that my prior connection to the Weekly Dig left me on some open
broadcast list from which my email address was then harvested. Which is
pretty stupid because I NEVER WROTE ABOUT MUSIC (of course, it goes without
saying that grabbing addresses like that is super- lame.)

To sum up: STOP SENDING ME EMAIL ABOUT YOUR EVENT.

Thanks,

Rob Larsen
http://drunkenfist.com
==================>

"To recognize individual spam features you have to try to get into the mind of the spammer, and frankly I want to spend as little time inside the minds of spammers as possible."

Now if I can just throttle a dozen spammers and toss their bodies into a shallow grave, my life will be just that much more complete.Federal Trade Commission - The "Do Not Call" Registry

Wired News: Nigerian Net Scam, Version 3.0

Take a look at David Scott Anderson: An unapologetic resume spammer and then read Declan McCullagh's Politech post on the same subject. Reading both, I doubt that Mr. Anderson made his way to Declan's bio and also failed to notice the Politech list in his visit to Declan's site. This line "I have looked at your site, and AM NOT impressed, you are a sniveling little technophile who has the arrogance and sense of self importance the actually believe someone cares!" is all the evidence of that I need. Considering the heavy hitters that subscribe to Politech (yeah, like me, that's the ticket!) and the fact that Declan is a Senior Writer and Chief Political Correspondent for News.com I imagine that many, many people care. Amazing what can happen to people when they fire off an email without getting their facts straight.