Peacebringers

Something has been severely getting on my nerves lately, and it has hit the point where I just need to rant, and MAYBE someone out there agrees with me. Many websites, mainly the websites with good web programmers, check for incorrectly formatted, fake email addresses, and do so incorrectly. Addresses like PR4tcHE{T,teRry-NO}^T@spam-me.com, are not legit… though emaillist-manager+subscribe@somemail.com is totally legitimate. Another example: jaraeth+pbspam@gmail.com, is totally legitimate, yet so many providers DENY me to sign up for service using such an email address. Why would I? I use it to detect spam.

(continue reading…)

http://www.nytimes.com/2009/09/04/technology/companies/04oracle.html?_r=1 … You’re kidding right? Let’s just give up MySQL and then cause the Open Source Community to have to make a spinoff of it in order to keep it alive and out from under the large thumb of Oracle.

I don’t like this. My hope is that the EU blocks this merger.

Recently I figured I’d peek at phpBB’s site, and fell on to their recently posted topic regarding their plans for the next version of phpBB, 3.0.6. Considering all the new things they’ll be adding, I’m surprised this release isn’t going to be version 3.1.0. The next version will support load balanced high availability systems, new caching mechanisms, or no cache at all. Additionally they’ll be adding in a new captcha code module to allow a better variety of captcha types. Their article is an interesting read, and if you use phpBB and wish it had some options that compare at least slightly to vBulletin, this is a step in that direction in my opinion.

http://www.phpbb.com/blog/2009/06/10/phpbb-306-plans/

Peace.

So one of a few webhosts I use decided to disable PHP’s readfile() function. Now I have a reason to dislike them. Why do people assume readfile() is a security benefit when disabled? Let’s just disable half of PHP’s core functions, you know… the ones used to manipulate files, send/receive data across the web like xml-rpc (which would kill blogs like this one), etc. While XML-RPC has always been a subject of heated discussion as some people, (even myself in the past) believe “RPC” to be exactly like native Linux RPC. Education … please?

So I was faced with a disabled readfile() which Gallery uses to display random remote images from it’s array of images stored in your personal gallery. Overall, it’s touchy on Gallery’s past history of security flaws, but they’ve released updates and fixes as they’re made aware. And still, readfile() gets the rap, and gets disabled.

How to overcome it? It was easy, but involved more lines of code without readfile(). Here’s how:
(continue reading…)

The fact that people make money off of, and don’t find it offensive that they take part in the spamming of forums really annoys me. The fact that 90% of these spammers are from Russia, Asia, Africa, and other various countries is also highly annoying. I run a few websites which use phpBB3 for their forum software, and I consistently find them spammed. Setting the forum software to block requests from these countries is too time consuming, and I find it easier to just block them server side with an .htaccess file and a line stating something along the lines of “Deny from 94.0.0.0/8″ and then add another 50 IP ranges in CIDR format, some /8, /16 and some /23 or /24. No matter how up to date the software, spammers notoriously attack the system in question until they’ve been perma-banned with a null route, or hard coded smack in the face permanently denying them access.

I don’t like blocking entire ranges, as it punishes a few good visitors for the deeds of the rotten apples that also use that persons ISP. Sometimes, smaller countries only have one, or a handful of Telecom companies… block the Telecom, block the entire country. It sucks, but until those people find some way to retaliate and make those ISP’s take a stand on spam, I will keep having to block nearly every country except the UK/GB, Canada & the U.S.

Peace.