PGTS PGTS Pty. Ltd.   ACN: 007 008 568               Mobile Version Coming Soon

point Site Navigation







Valid HTML 4.01!






   Stop Spam! Stop Viruses!
   Secure And Reliable Ubuntu Desktop!

   Ubuntu

   If you own a netbook/laptop~
   Download Ubuntu Netbook!





Feedback and Hints, November 2002.

If you have a question regarding any of the articles in this journal, or some comments please send them in. If there are any general questions about Unix or Database Administration, I will attempt to answer them.

SPAM Diaries for this month:

Hints for this month:


A message from Nigeria ... Dublin?

Just when I was about to close my spam file I got a letter from Nigeria ... That's Nigeria, Dublin. I have altered my e-mail address in this ... so the headers don't appear exactly as in the original. (I don't want to make it easy for SpamBots).

	From ubajega@eircom.net Sun Oct 27 05:22:33 2002
	Return-Path: <ubajega@eircom.net>
	Received: from mail01.svc.cra.dublin.eircom.net (mail01.svc.cra.dublin.eircom.net [159.134.118.17])
		by mail.less.spam.com (8.11.6/8.11.6) with SMTP id g9QIMWs00732
		for <gerry@less.spam.com>; Sun, 27 Oct 2002 05:22:32 +1100 (EST)
		(envelope-from ubajega@eircom.net)
	Message-Id: <200210261822.g9QIMWs00732@mail.less.spam.com>
	Received: (qmail 6882 messnum 120545 invoked from network[159.134.237.90/chester.eircom.net]); 26 Oct 2002 18:17:09 -0000
	Received: from chester.eircom.net (HELO webmail.eircom.net) (159.134.237.90)
	  by mail01.svc.cra.dublin.eircom.net (qp 6882) with SMTP; 26 Oct 2002 18:17:09 -0000
	From: <ubajega@eircom.net>
	To: ubajega@eircom.net
	Subject: personal business
	Date: Sat, 26 Oct 2002 19:12:30 +0100
	Mime-Version: 1.0
	Content-Type: text/plain; charset=us-ascii
	Content-Transfer-Encoding: 8bit
	X-Originating-IP: 195.166.230.138
	X-Mailer: Eircom Net CRC Webmail (http://www.eircom.net/)
	Organization: Eircom Net (http://www.eircom.net/)

	FROM:DR.UBA JEGA.
	SATELLITE TEL.874-762-918-985.
	SATELLITE FAX.874-762-918-986.

	ATTN:PRESIDENT/CEO.

	STRICTLY CONFIDENTIAL & URGENT BUSINESS PROPOSAL.

	RE:TRANSFER OF U$21,500.000{TWENTY ONE MILLION FIVE
	HUNDRED THOUSAND US DOLLARS ONLY.

	I AM A MEMBER OF THE FEDERAL GOVERNMENT OF NIGERIA
	NATIONAL PETROLEUM CORPORATION(NNPC) SOMETIME AGO, A
	CONTRACT WAS AWARDED TO A FOREIGN FIRM IN THE PTF BY
	MY COMMITTEE. THIS CONTRACT WAS OVER INVOICED TO THE
	TUNE OF US$21.5M US DOLLARS. THIS WAS DONE
	DELIBRATELY. THE OVER- INVOICING WAS A DEAL BY MY
	COMMITTEE TO BENEFIT FROM THE PROJECT. WE NOW WANT TO
	TRANSFER THIS MONEY WHICH IS IN A SUSPENSE ACCOUNT
	WITH PTF INTO ANY OVERSEA ACCOUNT WHICH WE EXPECT YOU
	TO PROVIDE FOR US.

	SHARE:

	60% WILL BE FOR MY PARTNERS AND ME.
	30% OF THE MONEY WILL BE YOURS FOR PROVIDING THE
	ACCOUNT WHERE WE SHALL REMIT THE MONEY.
	10%  HAS BEEN MAPPED OUT FROM THE TOTAL  SUM TO COVER
	ANY EXPENSES THAT MAY BE INCURRED BY US DURING THE
	COURSE  OF THIS TRANSFER, BOTH LOCAL AND INTERNATIONAL
	EXPENSES.CONTACT MUST BE VIA ABOVE FAX OR VIA EMAIL ADDRESS AS: uba_jega@mauimail.com
	IT MAY INTEREST YOU TO KNOW THAT SIMILAR TRANSACTION
	WAS CARRIED OUT WITH ONE MR. PATRICE MILLER, PRESIDENT
	OF CRANE INTERNATIONAL TRADING CORP. OF 153 EAST 57TH
	ST; 28TH FLOOR, NY10022, TELEPHONE: 212-3087788 AND
	TELEX:6731689. THE DEAL WAS CONCLUDED AND ALL COVERING
	DOCUMENTS WERE FOWARDED TO MR. MILLER TO AUTHENTICATE
	THE CLAIM. ONCE THE FUNDS WERE TRANSFERRED, MR. MILLER
	PRESENTED HIS BANK WITH ALL THE LEGAL DOCUMENTS AND
	REMITTED THE WHOLE FUNDS TO ANOTHER BANK  ACCOUNT AND
	DISAPPEARED  COMPLETELY. MY COLLEAGUES WERE SHATTERED,
	SINCE SUCH OPPORTUNITIES ARE NOT EASY TO COME BY.
	AT THIS JUNCTURE, I WOULD LIKE TO LET YOU KNOW THAT
	IF YOU ARE INTERESTED IN ASSISTING US IN THIS DEAL, WE
	WOULD REQUIRE THE FOLLOWING INFORMATION FROM YOU,
	WHICH WOULD ENABLE US MAKE FORMAL APPLICATION TO THE
	VARIOUS MINISTRIES\PARASTATAL FOR THE RELEASE AND
	ONWARD TRANSFER OF THE MONEY  TO YOUR ACCOUNT. THE
	INFORMATION WE REQUIRE ARE:

	YOUR  NAME, COMPANY`S NAME, ADDRESS , TELEFAX NUMBER.
	YOUR BANK NAME ,ADDRESS, TELEFAX NUMBER.
	YOUR BANK ACCOUNT NUMBER AND BENEFICIARY NAME.

	WE HAVE STRONG RELIABLE CONNECTIONS AT THE CENTRAL
	BANK OF NIGERIA AND OTHER GOVERNMENT PARASTATALS TO
	ASSIST US IN THE DEAL, AND WHEN IT IS FINALLY
	CONCLUDED WE SHALL USE SAME CONTACTS TO WITHDRAW ALL
	DOCUMENTS USED TO AVOID ANY TRACE TO YOU OR US.
	IT MIGHT ALSO INTEREST YOU TO KNOW THAT WE ARE
	ORDINARY CIVIL SERVANTS WHO DO NOT WANT TO MISS THIS
	OPPORTUNITY, SINCE WE WANT THIS MONEY TRANSFERRED
	BEFORE THE NEWLY DEMOCRATICALLY ELECTED GOVERNMENT
	STARTS PROBING THE ACTIVITIES OF ALL PREVIOUS MILITARY
	GOVERNMENTS.CONTACT SHOULD BE VIA FAX ABOVE ONLY.
	PLEASE CONTACT ME THROUGH MY ABOVE TEL\FAX NUMBER
	WHETHER OR NOT YOU ARE INTRESTED IN THIS DEAL. IF YOU
	ARE NOT IT WILL ENABLE ME SCOUT FOR ANOTHER FOREIGN
	PARTNER TO ASSIST US. BUT IF YOU ARE INTRESTED PLEASE
	SEND THE REQUIRED INFORMATION IMMEDIATELY SO THAT WE
	CAN SWING INTO ACTION, SINCE TIME IS NOT ON OUR PART.
	I WAIT IN ANTICIPATION OF YOUR FULLEST CO-COPERATION.
	YOURS FAITHFULLY,

	DR.UBA JEGA.
This is an interesting case. To date, the owners of the netblock seem to have ignored my complaints, and yet the spammer's e-mail address appears genuine, as does the abuse address listed in the Netblock Owner's Details. I am surprised, because it is a medium-sized 16 bit netblock and most ISPs of this size react quickly. I will give it another couple of days, and I may consider nominating them for inclusion in an RTBL. This would be the first time I have actually nominated anyone, so I am curious as to the procedures.

If I failed to follow some prescribed procedure, it would be helpful if the owners responded to my complaints.

Update: 07-Nov-2002 Dr Uba Jega account has been terminated. On the information at hand it looks as though Eircom may have been flooded with complaints when the first spam batch went out. Still a standard "form" e-mail, that says something like we are "Investigating this etc", would be a good addition to Eircom's system ... Just a suggestion.

Spam Turkey Bastards

Back To Top

This one was sent by Dan Byrnes:

	From: "Dan Byrnes" <danbyrnes@spam.bait.com>
	To: "Gerry Patterson" <gerry@less.spam.com>
	Subject: Spam turkey bastards
	Date: Wed, 23 Oct 2002 00:05:13 +1000

	Gerry, Get a load of these spam turkey bastards! Cheers, Dan.

	------------------- Forwarded By Dan Byrnes -------------------

	Bulk-Email Promotion Service

	*** Monthly Special $99 - 1 Million Successful Emails ***

	We're not talking about flimsy emailing solutions available everywhere on
	the web either. We're talking about the best Bulk Email Service on earth.
	Featuring servers located offshore, multitudes of bandwidth, creative
	anti-spam filter bypasses, frequent IP rotation to prevent spam
	blacklisting, global remove system, database duplicate removal etc..

	Want to give it a try? Fill out the form below and fax it back to
	1-630-604-1030 or 1-443-659-0730.

	Don't have a fax machine? Call us at 1-905-974-1876; operators are standing
	by 24/7. Also, you can contact us via email at contactft@yahoo.com.sg (if
	this email address doesn't work, please contact us by phone)

	Upon receiving the form below, we'll set you up with an ftp site where you can
	upload your email list and html and/or text file to be transmitted. Once
	received, your email campaign will begin immediately and you will receive a
	log of all the successful email addresses. Note that you must upload 50%
	more email addresses than what is intended to go out because of anti-spam
	blocking, failed email addresses etc..

	PLEASE TYPE ONLY, DO NOT WRITE OR PRINT.

	NAME:_________________________________________________________________

	COMPANY NAME: ______________________________________________________

	TEL#:__________________________________________________________________

	EMAIL:_________________________________________________________________

	SERVICE REQUIRED:
	Prices quoted below are in US funds.

	[] 1 Million Successfully sent Emails $99
	[] 5 Million Successfully sent Emails $299
	[] 10 Million Successfully sent Emails $499

	PAYMENT INFO:

	[] PAYPAL

	EMAIL ADDRESS TO REQUEST PAYMENT:________________________________________

	[] CREDIT CARD

	CARD #:______________________________________________EXP:________________

	CARD TYPE: [] VISA  [] MASTERCARD  [] AMEX

	CVV2 CODE: ___ - ___ - ___ (LAST 3 digits on reverse of card next to
	signature)

	Billing Address:
	_____________________________________________________________

	CITY/TOWN:________________ STATE:__________________
	COUNTRY:__________________

	Cardholder
	Signature:_________________________________________________________

	      I, the above signed, hereby authorize the charge(s) indicated in this
	      form. Furthermore, I agree not to dispute these charges in future.

	Please note that FT International will appear on your monthly credit card
	statement.


	COMMENTS:
No doubt about it. Dan Byrnes has a way with words. Well after all he is a wordsmith. This one inspired me to write another article on the topic of spam. And the title of the article? Spam Turkey Bastards. What else? And I must say if anyone qualifies for the title, these turkeys look like good candidates.

Many thanks Dan, for giving me an excellant title to a follow up article.

SPAM Diaries ... Thanks for the idea!

Back To Top

	Date: Tue, 22 Oct 2002 03:18:35 -0400
	From: Pat St-Arnaud, Montreal Quebec
	Subject: SPAM Diaries

	dear gerry,

	Brief note: Serendipity brought me to your SPAmventures... Thanks for
	sharing these with me - saved them as PDF. They made for good read
	and brought a smile to my lips at this very late hour (3:17AM, still
	working) :D

	Best
	----

	Patrice St-Arnaud
	Macintosh Support Manager, MTEQC	<http://www.mteqc.com>
	eMarketing Specialist, Hellstone	<http://www.hellstone.com>
	Associate Editor, Applelust		<http://www.applelust.com>

	Industry Pundit, Editorial Hellraiser, and a lot more that does not pay.
I'm glad Patrice enjoyed them. And I must say I'm grateful for the idea of calling them SPAM Diaries! I wish I'd thought of that sooner. Thanks Pat!

Now It's Begging Letters ...

Back To Top

	Date: Mon, 21 Oct 2002 06:41:20 +1000 (EST)
	From: Brian Robson
	Subject: Nigeria Again

	Dear GP.

	Now it's begging letters...

	Brian
	==============================================

	Return-Path: <temisanmene_ng1@indiatimes.com>
	Delivered-To: brianr@stop.spam.com
	Received: (qmail 26977 invoked from network); 21 Oct 2002 05:42:25 +1000
	X-Filtered: qmail-filter $Revision: 1.6 $ $Date: 2001/02/13 23:41:19 $
	Received: from unknown (HELO ok61368.com) (213.181.64.2)
	  by nhj.stop.spam.com with SMTP; 21 Oct 2002 05:42:24 +1000
	From: "Temisan Mene" <temisanmene_ng1@indiatimes.com>
	Reply-To: temisanmene_ng1@excite.com
	Date: Sun, 20 Oct 2002 20:43:53 -0700
	Subject:
	X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM
	MIME-Version: 1.0
	Content-Type: text/plain; charset="us-ascii"


	Hello Sir/Madam,
	Doubtless your first reaction would be to regard this mail with
	utmost skeptimism, but I implore you to read it through before making
	your judgements.
	I was a young man with a dream, I wanted to be a writer but in
	Africa especially my country Nigeria dreams die quickly. While trying
	to build my career as a popular fiction writer, (I was on my way to completing
	my first book) I was writing a political column on the side for a local
	news magazine. My column was usually critical of the military government
	in power at that time, because I felt I had to do my part in the struggle
	for a better life for my people.Late in 1997 One of my write-ups was
	considered too sensitive and I was picked up by military intelligence
	under the guise of exposing state secrets to the general public. I was
	detained without trial for eight months and totured endlessly within
	this period.
	The toture led to the loss of motor skills in both my legs and partial
	loss of sight in the left eye. Needless to say. Life since my release
	after being granted a presidential pardon along with six hundred other
	detainees, has not been easy. I can no longer seek assistance from
	friends and family and I constanly wallow in a sea of self-pity. The
	frustration has made me reach within myself to look for a better life.
	I still can write and I intend to, although my almost complete manuscript
	was seized and destroyed by the military gooms. It kills me to have to
	ask a faceless person who might disbelieve my story for assistance but
	I have to make the chance that a helping hand might be somewhere outthere.
	I need food,pens,paper,a mini typewriter and so many other things too
	numerous to mention. It just takes a few people like you to believe me
	and help me out because what is little in your country translates into
	what can change my life here. It just takes the benevolence of your
	heart and the secure belief that and the secure belief that you are doing
	the right thing helping to rebuild a promising life.
	May the good lord shower you with his goodness and grace. May he give
	not all you desire but all you require. Thank you for reading this mail
	at all.
	I shall be praying to hear from you.
	Temisan Mene
I don't like to seem to be making fun of those less fortunate than myself, still I wonder if any of you younger kiddies can spot the mistakes in Temisan's plea for assistance. Well your bright young minds can probably spot a few errors. Here are some of them:
  1. I would expect a professional writer to take a little more pride in spelling, grammer and punctuation. At the very least he could have run it through his spell-checker ... Perhaps he can't afford one. Fortunately he was able to afford a computer!
  2. He can't afford pen and paper, and yet he can afford an account in India. Amazing how affordable this new digital stuff is.
  3. The mini-typewriter will be a big help typing letters, but will be a bugger to connect with e-mail. Why not stick with his computer and buy a bubble-jet instead?
  4. This is not a mistake, just a suggestion: Someone who is so severely impoverished can save a real packet by using Open Source Software. Temisan should check this out. He could even get a free spell checker ...
This does put a unique spin on the Nigerian Scam. Actually I don't think this technically qualifies as spam. In fact, even the blatantly criminal Nigerian Scam is a scam not spam. I hate to be pedantic, but apart from the fact that they have mined their e-mails with SpamBots and, of course, that they are criminals who are attempting fraud, Nigerian scammers otherwise observe the protocols of netiquette.

This begging letter does not seem to be overtly criminal in intent. He is just asking for a hand-out. The only breach of protocol is that he probably used a Spambot and the letter itself is bullshit. If he sent me one of these and I never heard from him again, I wouldn't take action against him.

A Rather Sick Robot ...

Back To Top

On the 19th of October, I got a visit from a buggy robot whose agent string is "NG/1.0". He started in the /pgtsj/ directory

195.154.174.164 - - [19/Oct/2002:14:05:27 +1000] "GET /robots.txt HTTP/1.0" 200 74 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:28 +1000] "GET /pgtsj/=D HTTP/1.0" 404 300 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:30 +1000] "GET /pgtsj/=A HTTP/1.0" 404 300 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:32 +1000] "GET /pgtsj/tsj0204.html HTTP/1.0" 404 310 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:34 +1000] "GET /pgtsj/tsj0204a.html HTTP/1.0" 404 311 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:35 +1000] "GET /pgtsj/tsj0204b.html HTTP/1.0" 404 311 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:42 +1000] "GET /pgtsj/tsj0204c.html HTTP/1.0" 404 311 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:45 +1000] "GET /pgtsj/tsj0205.html HTTP/1.0" 404 310 "-" "NG/1.0"
195.154.174.164 - - [19/Oct/2002:14:05:48 +1000] "GET /pgtsj/tsj0205a.html HTTP/1.0" 404 311 "-" "NG/1.0"
...
(etc, etc)
...
Everything he tries to fetch has the first two characters missing from the filename portion of the URL embedded in the page. He worked his way mechanically through the entire directory getting a 404 for each one and then started on the /download/humour/ directory, making the same error. He quit at [19/Oct/2002:14:08:12 +1000].

I am not sure who "NG/1.0" is but I think he needs a little maintenance.

And Now A Word From The Mortgage Brothers ...

Back To Top

Here was the last message I receive from the Mortgage Brothers. I never managed to find out who these turkeys actually are:

	From nyoung@money.colo.hosteurope.com Wed Oct  2 05:24:46 2002
	Return-Path: <nyoung@money.colo.hosteurope.com>
	Received: from money.colo.hosteurope.com (money.colo.hosteurope.com [217.199.168.159])
		by mail.blah.blah.com (8.11.6/8.11.6) with ESMTP id g91JOjs50947
		for <gerry@blah.blah.com>; Wed, 2 Oct 2002 05:24:45 +1000 (EST)
		(envelope-from nyoung@money.colo.hosteurope.com)
	Received: (from nyoung@localhost)
		by money.colo.hosteurope.com (8.10.2/8.10.2) id g91Jp7U07031;
		Tue, 1 Oct 2002 20:51:07 +0100
	Date: Tue, 1 Oct 2002 20:51:07 +0100
	Message-Id: <200210011951.g91Jp7U07031@money.colo.hosteurope.com>
	To: <gerry@pauseandplay.com>www.moneyquest.co.uk,
	   <gerry@petsplayground.com.au>www.moneyquest.co.uk,
	   <gerry@blah.blah.com>www.moneyquest.co.uk,
	   <gerry@provost.org>www.moneyquest.co.uk,
	   <gerry@sanjuanweb.com>www.moneyquest.co.uk
	From: robin3@rock3.com (robin3@rock3.com)
	Subject: ALL MORTGAGE COSTS PAID BY BANK. 3% RATE FOR 30 YEARS FIXED...

	Below is the result of your feedback form.  It was submitted by
	robin3@rock3.com (robin3@rock3.com) on Tuesday, October 1, 2002 at 20:51:06
	---------------------------------------------------------------------------

	q6:

	Here Is Detailed Information You Need To Read Before You Get A Mortgage Quote From Anyone.

	<A HREF="http://www.lendingmort.com">FREE INFORMATION</a>






	4svqy

	---------------------------------------------------------------------------
For more details about the Mortgage Brothers and Spam in General see this month's feature article: Spam Turkey Bastards.

How do I get better performance from Cygwin?

Back To Top

The best way to improve your computer's performance, security (and freedom) is:

  1. Install another hard drive
  2. Install Linux (or BSD).

Or maybe just run fdisk and delete the Microsoft partition. Sorry, I couldn't resist that one. Seriously if you are complaining about the performance from Cygwin, bear in mind it is difficult to make a silk purse from a sow's ear. Overall considering the constraints, I think Cygwin is a marvellous product. If you suspect that Cygwin is slower than similar Microsoft native programs, try and verify this with some actual timing tests. Once you have done this and you know for sure that Cygwin has a performance problem, here are some tips regarding performance:


How do I get Perl to do raw input?

Back To Top

As with just about everything in perl, there are probably hundreds of ways to do this. The method I use is to call stty. For example in Linux the following will get a single keypress:

	#!/usr/bin/perl
	$SETRAW = "/bin/stty raw";
	$SETCOOK = `/bin/stty -g`;
	$SETCOOK = "/bin/stty $SETCOOK";
	sub prompt{
	# print string $_[0], and look for one of the chars in $[1 .. $#_]
		return (-1) unless (@_ > 1);
		while (1){
			print "$_[0] ";
			system "$SETRAW";
			$x = getc(STDIN);
			system "$SETCOOK";
			print "\n";
			for $i(1 .. $#_){
				return( -1) if (length( $_[$i]) > 1);
				return( $i) if ($x eq $_[$i]);
			}
		}
	}

	$reply = prompt (@ARGV);
	exit $reply;

This entire script can be saved as a file called "prompt". It can be called from shell scripts. For example if you used the following:
	!#/bin/bash
	prompt "Do you want to do this (y/n/q)?" y n q
	CHOICE=$?
	echo $CHOICE
The value in $CHOICE would be 1, 2 or 3, according to whether the key "y", "n" or "q" was pressed.

The most common use of this script is inside perl scripts. The variable $SETCOOK is important for restoring cooked mode. If you use this subroutine it is important to set cooked mode before exiting to the shell. Otherwise you will be left with a console in raw mode. A variation of this script is the following script which ignores case:

	sub iprompt{
	# print string $_[0], and look for one of the chars in $[1 .. $#_]
		return (-1) unless (@_ > 1);
		while (1){
			print "$_[0] ";
			system "$SETRAW";
			$x = getc(STDIN);
			system "$SETCOOK";
			print "\n";
			for $i(1 .. $#_){
				return( $i) if ($x =~ /^$_[$i]$/i);
			}
		}
	}

Of course raw input and using IOCTL calls is notoriously non-portable. There are POSIX standards, but usually when you start using these types of tricks your code will not be portable. This also applies to perl If you were running the above scripts on BSD, you would need to replace the variable $SETRAW with the following:

	$SETRAW = "stty cbreak </dev/tty >/dev/tty 2>&1";

Or you could do as I sometimes do, and insert this variable in a header file. I use /usr/local/include/local.ph

Back To Top