Stupid Ebay Phishing scam

August 10th, 2004

You know, my first thought when recieving this sad example of an Ebay phishing scam wasn’t “Oh wow, someone is trying to rip me off!”, instead it was “oh how terribly stupid this non-obfuscated tripod based URL looks”.

From MS1699account@ebay.com Tue Aug 10 04:13:10 2004
Return-path: my mailserver
Envelope-to: my email
Delivery-date: Tue, 10 Aug 2004 04:09:46 -0400
Received: from my mailserver with local-bsmtp (Exim 4.34)
id 1BuRhQ-0000Dg-45
for my email; Tue, 10 Aug 2004 04:09:44 -0400
Received: from [145.250.210.4] (helo=ns01.uhbs.ch)
by my mailserver with esmtp (Exim 4.34)
id 1BuRhP-0000DZ-BJ
for my email; Tue, 10 Aug 2004 04:09:35 -0400
Received: from SRWEBW201 (srwebw201.uhbs.ch [145.250.210.11]) by ns01.uhbs.ch with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0)
id NNKG38CC; Tue, 10 Aug 2004 09:54:55 +0200
X-Mailer: DevMailer v1.5 (c) 2000
Date: Tue, 10 Aug 2004 10:04:03 +0200
From: MS1699account@ebay.com
To: my email
Subject: Ebay Account Updates! DB0ZZL
Mime-Version: 1.0
Content-Type: text/plain; charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable

Below is the result of your feedback form. It was submitted by
(MS1699account@ebay.com) on Tuesday, August 10, 2004 at 10:04:01
—————————————————————————
:
Dear Ebay Member,
We at Ebay are sorry to inform you that we are having problems with the
billing information of your account. We would appreciate it if you would
visit our website
http:r.aol.comcgiredir-complex?url=3Dhttp://ebaybilling.tripod.com/index=
.htm
and fill out the proper information that we are needing to keep you as an
Ebay member.
If you think you have received this email as an error, please visit our
website
http:r.aol.comcgiredir-complex?url=3Dhttp://ebaybilling.tripod.com/index=
.htm
and fill out the neccesary information. That way we can make
sure that everything is up to date! Again here is the link to
our website. Ebay Billing Center

Joe Watson
Ebay Billing Center
Rep ID. 32A
Thank you for your business.
The Ebay Staff. X9N9WD
W6FIOK
—————————————————————————

I’m not a regular Ebay user, but I did report this to the Ebay folks at spoof@ebay.com. Surprisingly enough, Ebay has a simple tutorial on how to spot spoof emails. I was impressed.

BAH

August 9th, 2004

Yes, I know the blog looks like crap. I was in the middle of changing the tagged ul and li markup to div, however, I just discovered to my chagrin that wordpress apparently generates archive and category links with li tags.

I have to look up and see if this behavior is mentioned in the support documentation. bah.

UPDATE: I “routed around” the elements having automatically generated li tags by adding “list-style-type: none;” to my CSS. Ugh.

MySQL phpMyAdmin madness

August 7th, 2004

Yesterday I entered into a tarpit of corrupted configuration files and such. What appears to have happened was that my Cpanel install was upgraded and there are some functions on Cpanel which refer back to my .htaccess. At the time, it appeared that my .htaccess file was horribly corrupted, in particular one rewrite rule which affected my wordpress install and upon some editing, voila — I broke links to my older posts. In essence, I still had my front page, but none of the links to my archived posts or comments worked.

Since I had been itching to fix my Wordpress install (some of the files were from my original .72 install), I figured that this would be a good time as any to back up the database and to reinstall Wordpress from scratch. So, that is what I did. There was even a HOWTO on backing up your database using phpMyAdmin on the WordPress FAQ, and I followed those instructions.

The backup went fine, except initially I had some problems opening up the resulting backup file called localhost-sql copy1.zip. If I was to do it again, I would definitely export my database not only in SQL, but also .CSV and .XML, just to be sure. Anyway, I was able to open the resulting .SQL file as text, and all was good. I also inadvertently exported my previous movable type database too, but hey.

By the time I went to bed last night, I had the data but I was banging my head trying to figure out how to restore it within the new database, since I was getting SQL error messages telling me that the database was already created. I knew that, but what was going on?

This morning I found this article on Dev Shed about backing up and restoring MySQL databases complete with explicit instructions and screenshots. It was helpful to see the screenshots, but I was still seeing stupid error messages.

It was only after a few more unfruitful tries of restoring my database did I figure out where my problem was. It appears that my export of the database inserted an unneeded SQL command into the header of the export file.

#
# Database : `my_database`
#
CREATE DATABASE `my_database`;
USE my_database;

And yes, I did realize that the “CREATE DATABASE” statement was incorrect since my database already existed, but I was initially thinking that I needed an INSERT or UPDATE command. I attempted those, no dice.

As best as I figure it, if you are merely trying to upload data into an empty database using the phpMyAdmin SQL tab > “Location of the textfile” option, the SQL statement at the top of your exported text file is redundant and should be omitted.

Traveling Logistics

August 5th, 2004

I recently returned from a birthday trip to South Florida. I have to say that I had a great time and surprisingly enough, I do believe it was hotter in Pennsylvania while I was gone than in South Florida.

Since my last trip down there, Southwest Airlines started service between Philly and Ft. Lauderdale and all I have to say is that they just won over a life long customer. I *heart* Southwest Airlines. Thank you for coming to Philly Southwest Airlines. Not only did both of my flights arrive early, but the employees actually made flying pleasurable. (Yes, I do like cheery flight attendants and ground crew who get on the PA system and wish you a good flight.) And I think the best part was when I arrived home at PHL on Tuesday night, my bag made it to baggage claim faster than the time it took me to walk from the gate to baggage claim. How about that for service?

I only wish my car rental experience was as good. It wasn’t the company, which was Hertz (20% discount for AAA members), it was the car. I have two words of advice. Do not rent a “sporty” KIA. Do not rent a sporty KIA when you will be driving in South Florida during the rainy season and you hear the local weather people mention “urban flooding”. South Florida roads apparently do not have good drainage. I learned that the hard way.

Business blogging moving mainstream

July 30th, 2004

From CNN

IBM sees blogs as a way to revolutionize employee communication, one executive said on the sidelines at the July 23 conference, which attracted about 300 attendees.

“It’s about decreasing social space between employees, and increasing the amount of knowledge shared between people,” said James Spohrer, director of IBM’s Almaden Research Center.

An example of an employee blog, he said, might contain elements of a resume, some of an individual’s educational background and work experience, along with information on product development strategies colleagues and customers can view on a round-the-clock basis.

Company interaction

The sharing of such information between company employees and customers promises to speed feedback on efforts to produce new products and improve business processes, Spohrer said.

Appreciate your Sysadmin!

July 29th, 2004

As noted by Mike McBride, tomorrow, July 30th is System Administrator Appreciation Day.

Bribe Treat your sys admins well, preferably with toys and baked goods. ;-)

Exposing P2P file sharing dangers

July 28th, 2004

Slashdot had a really intriguing posting this afternoon about a blog called See What You Share. The blog purportedly is exposing files made available to “share” with *anyone* on the popular file sharing networks via unchecked and unsecured P2P file sharing applications.

The problem here isn’t merely that one person’s private information might be shared (which is bad enough), but these P2P file sharing applications were found on computers belonging to the US Military and other critical organizations. If you take a quick look at the blog, you’ll see examples of US Military unit rosters, phone numbers for a Washington State rescue squad, and pictures of a dubious nature.

The author of the blog, under the pseudonym of Greg Wallace has stated that he tried contacting local authorities but nothing was done about it.

A few questions that immediately come to mind are…

1) If you are going to go with the arguement that it is not possible for the US Military, etc. to monitor each and every PC under it’s control, can’t we ask why isn’t the US Military blocking these P2P apps on the network level? The ports that these programs use are well known.

2) Do you think Greg Wallace will be charged for hacking for finding and publishing these files?

I dunno. This will be an interesting story to watch as it gets legs.

Bots configured badly

July 28th, 2004

While I was checking my Web site logs last night I noticed another strange “guest” username entry. So armed with my monthly Apache logs and the grep command, I found the offender and it is indeed a badly configured bot.

168.75.177.103
- guest
[25/Jul/2004:05:41:07 -0400]
“GET / HTTP/1.1″ 200 28287
“-”
“Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)”

Searching for the 168.75.177.103 IP address on Google shows that this bot or crawler or whatever it is, has gotten around.

Utlities like this make me giggle

July 27th, 2004

Some of you may think I’m just a tad bit weird, but I squealed with delight this morning upon finding this About You page at DNSStuff.com.

For my non-technical readers, visiting the About You page runs a simple script which reveals your IP address, your Web browser information, your Web proxy information, TCP/IP header info, and your DNS servers*. Pretty neat.

*I’m wondering if the DNS info would only appear if you are referred to that particular page via another Web page rather than just merely typing in the URL in the browser.

Now for something a little different

July 25th, 2004

A slideshow featuring the grounds and of some of the flowers currently in bloom at Longwood Gardens. (Quicktime: longwood-july.mov).

worldKit WordPress blogs

July 24th, 2004

OOOHHHH, just saw this in my referers…a geolocation page for WordPress powered blogs. Similar to the earlier GeoURL.

Fireworks & Fountains

July 24th, 2004

Last night my Mom, my Daughter and I braved the threat of rain and visited Longwood Gardens for their Fireworks & Fountains show. We arrived a few minutes before the show started, parked in the back of the parking lot (which really wasn’t that far) and made our way to the staging area. To our surprise, even with the threat of rain, there were easily a few thousand people waiting for the fireworks to begin, mostly couples on dates and families. Even though we arrived with a few minutes to spare, we easily found a spot to sit on the grass (thank goodness for my waterproof space blanket).

Suffice it to say, the fireworks & fountains were spectacular (Quicktime movie: longwood.mov) and did I mention it would be a great place for a date?