Feedback and Hints, November 2002.
If you have a question regarding any of the articles in this journal, or some comments please send them in. If there are any general questions about Unix or Database Administration, I will attempt to answer them.
SPAM Diaries for this month:
- A message from Nigeria ... Dublin?
- Spam Turkey Bastards
- SPAM Diaries ... Thanks for the idea!
- Now It's Begging Letters ...
- A Rather Sick Robot ...
- And Now A Word From The Mortgage Brothers ...
Hints for this month:
A message from Nigeria ... Dublin?
Just when I was about to close my spam file I got a letter from Nigeria ... That's Nigeria, Dublin. I have altered my e-mail address in this ... so the headers don't appear exactly as in the original. (I don't want to make it easy for SpamBots).
From ubajega@eircom.net Sun Oct 27 05:22:33 2002 Return-Path: <ubajega@eircom.net> Received: from mail01.svc.cra.dublin.eircom.net (mail01.svc.cra.dublin.eircom.net [159.134.118.17]) by mail.less.spam.com (8.11.6/8.11.6) with SMTP id g9QIMWs00732 for <gerry@less.spam.com>; Sun, 27 Oct 2002 05:22:32 +1100 (EST) (envelope-from ubajega@eircom.net) Message-Id: <200210261822.g9QIMWs00732@mail.less.spam.com> Received: (qmail 6882 messnum 120545 invoked from network[159.134.237.90/chester.eircom.net]); 26 Oct 2002 18:17:09 -0000 Received: from chester.eircom.net (HELO webmail.eircom.net) (159.134.237.90) by mail01.svc.cra.dublin.eircom.net (qp 6882) with SMTP; 26 Oct 2002 18:17:09 -0000 From: <ubajega@eircom.net> To: ubajega@eircom.net Subject: personal business Date: Sat, 26 Oct 2002 19:12:30 +0100 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-Originating-IP: 195.166.230.138 X-Mailer: Eircom Net CRC Webmail (http://www.eircom.net/) Organization: Eircom Net (http://www.eircom.net/) FROM:DR.UBA JEGA. SATELLITE TEL.874-762-918-985. SATELLITE FAX.874-762-918-986. ATTN:PRESIDENT/CEO. STRICTLY CONFIDENTIAL & URGENT BUSINESS PROPOSAL. RE:TRANSFER OF U$21,500.000{TWENTY ONE MILLION FIVE HUNDRED THOUSAND US DOLLARS ONLY. I AM A MEMBER OF THE FEDERAL GOVERNMENT OF NIGERIA NATIONAL PETROLEUM CORPORATION(NNPC) SOMETIME AGO, A CONTRACT WAS AWARDED TO A FOREIGN FIRM IN THE PTF BY MY COMMITTEE. THIS CONTRACT WAS OVER INVOICED TO THE TUNE OF US$21.5M US DOLLARS. THIS WAS DONE DELIBRATELY. THE OVER- INVOICING WAS A DEAL BY MY COMMITTEE TO BENEFIT FROM THE PROJECT. WE NOW WANT TO TRANSFER THIS MONEY WHICH IS IN A SUSPENSE ACCOUNT WITH PTF INTO ANY OVERSEA ACCOUNT WHICH WE EXPECT YOU TO PROVIDE FOR US. SHARE: 60% WILL BE FOR MY PARTNERS AND ME. 30% OF THE MONEY WILL BE YOURS FOR PROVIDING THE ACCOUNT WHERE WE SHALL REMIT THE MONEY. 10% HAS BEEN MAPPED OUT FROM THE TOTAL SUM TO COVER ANY EXPENSES THAT MAY BE INCURRED BY US DURING THE COURSE OF THIS TRANSFER, BOTH LOCAL AND INTERNATIONAL EXPENSES.CONTACT MUST BE VIA ABOVE FAX OR VIA EMAIL ADDRESS AS: uba_jega@mauimail.com IT MAY INTEREST YOU TO KNOW THAT SIMILAR TRANSACTION WAS CARRIED OUT WITH ONE MR. PATRICE MILLER, PRESIDENT OF CRANE INTERNATIONAL TRADING CORP. OF 153 EAST 57TH ST; 28TH FLOOR, NY10022, TELEPHONE: 212-3087788 AND TELEX:6731689. THE DEAL WAS CONCLUDED AND ALL COVERING DOCUMENTS WERE FOWARDED TO MR. MILLER TO AUTHENTICATE THE CLAIM. ONCE THE FUNDS WERE TRANSFERRED, MR. MILLER PRESENTED HIS BANK WITH ALL THE LEGAL DOCUMENTS AND REMITTED THE WHOLE FUNDS TO ANOTHER BANK ACCOUNT AND DISAPPEARED COMPLETELY. MY COLLEAGUES WERE SHATTERED, SINCE SUCH OPPORTUNITIES ARE NOT EASY TO COME BY. AT THIS JUNCTURE, I WOULD LIKE TO LET YOU KNOW THAT IF YOU ARE INTERESTED IN ASSISTING US IN THIS DEAL, WE WOULD REQUIRE THE FOLLOWING INFORMATION FROM YOU, WHICH WOULD ENABLE US MAKE FORMAL APPLICATION TO THE VARIOUS MINISTRIES\PARASTATAL FOR THE RELEASE AND ONWARD TRANSFER OF THE MONEY TO YOUR ACCOUNT. THE INFORMATION WE REQUIRE ARE: YOUR NAME, COMPANY`S NAME, ADDRESS , TELEFAX NUMBER. YOUR BANK NAME ,ADDRESS, TELEFAX NUMBER. YOUR BANK ACCOUNT NUMBER AND BENEFICIARY NAME. WE HAVE STRONG RELIABLE CONNECTIONS AT THE CENTRAL BANK OF NIGERIA AND OTHER GOVERNMENT PARASTATALS TO ASSIST US IN THE DEAL, AND WHEN IT IS FINALLY CONCLUDED WE SHALL USE SAME CONTACTS TO WITHDRAW ALL DOCUMENTS USED TO AVOID ANY TRACE TO YOU OR US. IT MIGHT ALSO INTEREST YOU TO KNOW THAT WE ARE ORDINARY CIVIL SERVANTS WHO DO NOT WANT TO MISS THIS OPPORTUNITY, SINCE WE WANT THIS MONEY TRANSFERRED BEFORE THE NEWLY DEMOCRATICALLY ELECTED GOVERNMENT STARTS PROBING THE ACTIVITIES OF ALL PREVIOUS MILITARY GOVERNMENTS.CONTACT SHOULD BE VIA FAX ABOVE ONLY. PLEASE CONTACT ME THROUGH MY ABOVE TEL\FAX NUMBER WHETHER OR NOT YOU ARE INTRESTED IN THIS DEAL. IF YOU ARE NOT IT WILL ENABLE ME SCOUT FOR ANOTHER FOREIGN PARTNER TO ASSIST US. BUT IF YOU ARE INTRESTED PLEASE SEND THE REQUIRED INFORMATION IMMEDIATELY SO THAT WE CAN SWING INTO ACTION, SINCE TIME IS NOT ON OUR PART. I WAIT IN ANTICIPATION OF YOUR FULLEST CO-COPERATION. YOURS FAITHFULLY, DR.UBA JEGA.This is an interesting case. To date, the owners of the netblock seem to have ignored my complaints, and yet the spammer's e-mail address appears genuine, as does the abuse address listed in the Netblock Owner's Details. I am surprised, because it is a medium-sized 16 bit netblock and most ISPs of this size react quickly. I will give it another couple of days, and I may consider nominating them for inclusion in an RTBL. This would be the first time I have actually nominated anyone, so I am curious as to the procedures.
If I failed to follow some prescribed procedure, it would be helpful if the owners responded to my complaints.
Update: 07-Nov-2002 Dr Uba Jega account has been terminated. On the information at hand it looks as though Eircom may have been flooded with complaints when the first spam batch went out. Still a standard "form" e-mail, that says something like we are "Investigating this etc", would be a good addition to Eircom's system ... Just a suggestion.
Spam Turkey Bastards
This one was sent by Dan Byrnes:
From: "Dan Byrnes" <danbyrnes@spam.bait.com> To: "Gerry Patterson" <gerry@less.spam.com> Subject: Spam turkey bastards Date: Wed, 23 Oct 2002 00:05:13 +1000 Gerry, Get a load of these spam turkey bastards! Cheers, Dan. ------------------- Forwarded By Dan Byrnes ------------------- Bulk-Email Promotion Service *** Monthly Special $99 - 1 Million Successful Emails *** We're not talking about flimsy emailing solutions available everywhere on the web either. We're talking about the best Bulk Email Service on earth. Featuring servers located offshore, multitudes of bandwidth, creative anti-spam filter bypasses, frequent IP rotation to prevent spam blacklisting, global remove system, database duplicate removal etc.. Want to give it a try? Fill out the form below and fax it back to 1-630-604-1030 or 1-443-659-0730. Don't have a fax machine? Call us at 1-905-974-1876; operators are standing by 24/7. Also, you can contact us via email at contactft@yahoo.com.sg (if this email address doesn't work, please contact us by phone) Upon receiving the form below, we'll set you up with an ftp site where you can upload your email list and html and/or text file to be transmitted. Once received, your email campaign will begin immediately and you will receive a log of all the successful email addresses. Note that you must upload 50% more email addresses than what is intended to go out because of anti-spam blocking, failed email addresses etc.. PLEASE TYPE ONLY, DO NOT WRITE OR PRINT. NAME:_________________________________________________________________ COMPANY NAME: ______________________________________________________ TEL#:__________________________________________________________________ EMAIL:_________________________________________________________________ SERVICE REQUIRED: Prices quoted below are in US funds. [] 1 Million Successfully sent Emails $99 [] 5 Million Successfully sent Emails $299 [] 10 Million Successfully sent Emails $499 PAYMENT INFO: [] PAYPAL EMAIL ADDRESS TO REQUEST PAYMENT:________________________________________ [] CREDIT CARD CARD #:______________________________________________EXP:________________ CARD TYPE: [] VISA [] MASTERCARD [] AMEX CVV2 CODE: ___ - ___ - ___ (LAST 3 digits on reverse of card next to signature) Billing Address: _____________________________________________________________ CITY/TOWN:________________ STATE:__________________ COUNTRY:__________________ Cardholder Signature:_________________________________________________________ I, the above signed, hereby authorize the charge(s) indicated in this form. Furthermore, I agree not to dispute these charges in future. Please note that FT International will appear on your monthly credit card statement. COMMENTS:No doubt about it. Dan Byrnes has a way with words. Well after all he is a wordsmith. This one inspired me to write another article on the topic of spam. And the title of the article? Spam Turkey Bastards. What else? And I must say if anyone qualifies for the title, these turkeys look like good candidates.
Many thanks Dan, for giving me an excellant title to a follow up article.
SPAM Diaries ... Thanks for the idea!
Date: Tue, 22 Oct 2002 03:18:35 -0400 From: Pat St-Arnaud, Montreal Quebec Subject: SPAM Diaries dear gerry, Brief note: Serendipity brought me to your SPAmventures... Thanks for sharing these with me - saved them as PDF. They made for good read and brought a smile to my lips at this very late hour (3:17AM, still working) :D Best ---- Patrice St-Arnaud Macintosh Support Manager, MTEQC <http://www.mteqc.com> eMarketing Specialist, Hellstone <http://www.hellstone.com> Associate Editor, Applelust <http://www.applelust.com> Industry Pundit, Editorial Hellraiser, and a lot more that does not pay.I'm glad Patrice enjoyed them. And I must say I'm grateful for the idea of calling them SPAM Diaries! I wish I'd thought of that sooner. Thanks Pat!
Now It's Begging Letters ...
Date: Mon, 21 Oct 2002 06:41:20 +1000 (EST) From: Brian Robson Subject: Nigeria Again Dear GP. Now it's begging letters... Brian ============================================== Return-Path: <temisanmene_ng1@indiatimes.com> Delivered-To: brianr@stop.spam.com Received: (qmail 26977 invoked from network); 21 Oct 2002 05:42:25 +1000 X-Filtered: qmail-filter $Revision: 1.6 $ $Date: 2001/02/13 23:41:19 $ Received: from unknown (HELO ok61368.com) (213.181.64.2) by nhj.stop.spam.com with SMTP; 21 Oct 2002 05:42:24 +1000 From: "Temisan Mene" <temisanmene_ng1@indiatimes.com> Reply-To: temisanmene_ng1@excite.com Date: Sun, 20 Oct 2002 20:43:53 -0700 Subject: X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Hello Sir/Madam, Doubtless your first reaction would be to regard this mail with utmost skeptimism, but I implore you to read it through before making your judgements. I was a young man with a dream, I wanted to be a writer but in Africa especially my country Nigeria dreams die quickly. While trying to build my career as a popular fiction writer, (I was on my way to completing my first book) I was writing a political column on the side for a local news magazine. My column was usually critical of the military government in power at that time, because I felt I had to do my part in the struggle for a better life for my people.Late in 1997 One of my write-ups was considered too sensitive and I was picked up by military intelligence under the guise of exposing state secrets to the general public. I was detained without trial for eight months and totured endlessly within this period. The toture led to the loss of motor skills in both my legs and partial loss of sight in the left eye. Needless to say. Life since my release after being granted a presidential pardon along with six hundred other detainees, has not been easy. I can no longer seek assistance from friends and family and I constanly wallow in a sea of self-pity. The frustration has made me reach within myself to look for a better life. I still can write and I intend to, although my almost complete manuscript was seized and destroyed by the military gooms. It kills me to have to ask a faceless person who might disbelieve my story for assistance but I have to make the chance that a helping hand might be somewhere outthere. I need food,pens,paper,a mini typewriter and so many other things too numerous to mention. It just takes a few people like you to believe me and help me out because what is little in your country translates into what can change my life here. It just takes the benevolence of your heart and the secure belief that and the secure belief that you are doing the right thing helping to rebuild a promising life. May the good lord shower you with his goodness and grace. May he give not all you desire but all you require. Thank you for reading this mail at all. I shall be praying to hear from you. Temisan MeneI don't like to seem to be making fun of those less fortunate than myself, still I wonder if any of you younger kiddies can spot the mistakes in Temisan's plea for assistance. Well your bright young minds can probably spot a few errors. Here are some of them:
- I would expect a professional writer to take a little more pride in spelling, grammer and punctuation. At the very least he could have run it through his spell-checker ... Perhaps he can't afford one. Fortunately he was able to afford a computer!
- He can't afford pen and paper, and yet he can afford an account in India. Amazing how affordable this new digital stuff is.
- The mini-typewriter will be a big help typing letters, but will be a bugger to connect with e-mail. Why not stick with his computer and buy a bubble-jet instead?
- This is not a mistake, just a suggestion: Someone who is so severely impoverished can save a real packet by using Open Source Software. Temisan should check this out. He could even get a free spell checker ...
This begging letter does not seem to be overtly criminal in intent. He is just asking for a hand-out. The only breach of protocol is that he probably used a Spambot and the letter itself is bullshit. If he sent me one of these and I never heard from him again, I wouldn't take action against him.
A Rather Sick Robot ...
On the 19th of October, I got a visit from a buggy robot whose agent string is "NG/1.0". He started in the /pgtsj/ directory
195.154.174.164 - - [19/Oct/2002:14:05:27 +1000] "GET /robots.txt HTTP/1.0" 200 74 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:28 +1000] "GET /pgtsj/=D HTTP/1.0" 404 300 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:30 +1000] "GET /pgtsj/=A HTTP/1.0" 404 300 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:32 +1000] "GET /pgtsj/tsj0204.html HTTP/1.0" 404 310 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:34 +1000] "GET /pgtsj/tsj0204a.html HTTP/1.0" 404 311 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:35 +1000] "GET /pgtsj/tsj0204b.html HTTP/1.0" 404 311 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:42 +1000] "GET /pgtsj/tsj0204c.html HTTP/1.0" 404 311 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:45 +1000] "GET /pgtsj/tsj0205.html HTTP/1.0" 404 310 "-" "NG/1.0" 195.154.174.164 - - [19/Oct/2002:14:05:48 +1000] "GET /pgtsj/tsj0205a.html HTTP/1.0" 404 311 "-" "NG/1.0" ... (etc, etc) ...Everything he tries to fetch has the first two characters missing from the filename portion of the URL embedded in the page. He worked his way mechanically through the entire directory getting a 404 for each one and then started on the /download/humour/ directory, making the same error. He quit at [19/Oct/2002:14:08:12 +1000].
I am not sure who "NG/1.0" is but I think he needs a little maintenance.
And Now A Word From The Mortgage Brothers ...
Here was the last message I receive from the Mortgage Brothers. I never managed to find out who these turkeys actually are:
From nyoung@money.colo.hosteurope.com Wed Oct 2 05:24:46 2002 Return-Path: <nyoung@money.colo.hosteurope.com> Received: from money.colo.hosteurope.com (money.colo.hosteurope.com [217.199.168.159]) by mail.blah.blah.com (8.11.6/8.11.6) with ESMTP id g91JOjs50947 for <gerry@blah.blah.com>; Wed, 2 Oct 2002 05:24:45 +1000 (EST) (envelope-from nyoung@money.colo.hosteurope.com) Received: (from nyoung@localhost) by money.colo.hosteurope.com (8.10.2/8.10.2) id g91Jp7U07031; Tue, 1 Oct 2002 20:51:07 +0100 Date: Tue, 1 Oct 2002 20:51:07 +0100 Message-Id: <200210011951.g91Jp7U07031@money.colo.hosteurope.com> To: <gerry@pauseandplay.com>www.moneyquest.co.uk, <gerry@petsplayground.com.au>www.moneyquest.co.uk, <gerry@blah.blah.com>www.moneyquest.co.uk, <gerry@provost.org>www.moneyquest.co.uk, <gerry@sanjuanweb.com>www.moneyquest.co.uk From: robin3@rock3.com (robin3@rock3.com) Subject: ALL MORTGAGE COSTS PAID BY BANK. 3% RATE FOR 30 YEARS FIXED... Below is the result of your feedback form. It was submitted by robin3@rock3.com (robin3@rock3.com) on Tuesday, October 1, 2002 at 20:51:06 --------------------------------------------------------------------------- q6: Here Is Detailed Information You Need To Read Before You Get A Mortgage Quote From Anyone. <A HREF="http://www.lendingmort.com">FREE INFORMATION</a> 4svqy ---------------------------------------------------------------------------For more details about the Mortgage Brothers and Spam in General see this month's feature article: Spam Turkey Bastards.
How do I get better performance from Cygwin?
The best way to improve your computer's performance, security (and freedom) is:
- Install another hard drive
- Install Linux (or BSD).
Or maybe just run fdisk and delete the Microsoft partition. Sorry, I couldn't resist that one. Seriously if you are complaining about the performance from Cygwin, bear in mind it is difficult to make a silk purse from a sow's ear. Overall considering the constraints, I think Cygwin is a marvellous product. If you suspect that Cygwin is slower than similar Microsoft native programs, try and verify this with some actual timing tests. Once you have done this and you know for sure that Cygwin has a performance problem, here are some tips regarding performance:
- Look for other processes that might be slowing things down. Use the Microsoft task manager rather than Cygwin's ps.
- Don't use Windows 95/98 for Cygwin. In fact, don't use Windows 95 for anything. It's a dog. I have found that Cygwin works best on Windows 2000.
- Don't use FAT. Cygwin's performance can become degraded on FAT file systems. Apart from that it can start doing very strange things. Cygwin has been optimised for NTFS.
How do I get Perl to do raw input?
As with just about everything in perl, there are probably hundreds of ways to do this. The method I use is to call stty. For example in Linux the following will get a single keypress:
#!/usr/bin/perl $SETRAW = "/bin/stty raw"; $SETCOOK = `/bin/stty -g`; $SETCOOK = "/bin/stty $SETCOOK"; sub prompt{ # print string $_[0], and look for one of the chars in $[1 .. $#_] return (-1) unless (@_ > 1); while (1){ print "$_[0] "; system "$SETRAW"; $x = getc(STDIN); system "$SETCOOK"; print "\n"; for $i(1 .. $#_){ return( -1) if (length( $_[$i]) > 1); return( $i) if ($x eq $_[$i]); } } } $reply = prompt (@ARGV); exit $reply;This entire script can be saved as a file called "prompt". It can be called from shell scripts. For example if you used the following:
!#/bin/bash prompt "Do you want to do this (y/n/q)?" y n q CHOICE=$? echo $CHOICEThe value in $CHOICE would be 1, 2 or 3, according to whether the key "y", "n" or "q" was pressed.
The most common use of this script is inside perl scripts. The variable $SETCOOK is important for restoring cooked mode. If you use this subroutine it is important to set cooked mode before exiting to the shell. Otherwise you will be left with a console in raw mode. A variation of this script is the following script which ignores case:
sub iprompt{ # print string $_[0], and look for one of the chars in $[1 .. $#_] return (-1) unless (@_ > 1); while (1){ print "$_[0] "; system "$SETRAW"; $x = getc(STDIN); system "$SETCOOK"; print "\n"; for $i(1 .. $#_){ return( $i) if ($x =~ /^$_[$i]$/i); } } }
Of course raw input and using IOCTL calls is notoriously non-portable. There are POSIX standards, but usually when you start using these types of tricks your code will not be portable. This also applies to perl If you were running the above scripts on BSD, you would need to replace the variable $SETRAW with the following:
$SETRAW = "stty cbreak </dev/tty >/dev/tty 2>&1";
Or you could do as I sometimes do, and insert this variable in a header file. I use /usr/local/include/local.ph