Category Archives: Hosting

Blocking Malicious Bots

Over the past few months, we’ve watched as customer sites at Birdhouse Hosting seemed to hit their monthly bandwidth allotments sooner and sooner. At a certain point, it became obvious that this could not be explained by upticks in popularity – upon closer study of awstats logs, it became apparent that a great deal of that traffic was coming from malicious bots.

And the traffic was not just attempts to post spam into weblog comment forms either – this was traffic on images, random pages, RSS feeds, PDFs, everything.

A few days ago, a new suite of ModSecurity rule management tools landed in cPanel (cPanel is the hosting platform I use to run Birdhouse). I went looking for mod_sec rules intended to curb bad bot traffic, and seem to have hit the jackpot with a rule that consults the spamhaus Malicious Bot RBL. And because it’s installed globally, it protects all of my customer sites simultaneously. Here’s the rule I used (all on one line of course):

SecRule REMOTE_ADDR "@rbl sbl-xbl.spamhaus.org" "phase:1,id:'981138',t:none,pass,nolog,auditlog,msg:'RBL Match for SPAM Source',tag:'AUTOMATION/MALICIOUS',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.automation_score=+%{tx.warning_anomaly_score},setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var},setvar:ip.spammer=1,expirevar:ip.spammer=86400,setvar:ip.previous_rbl_check=1,expirevar:ip.previous_rbl_check=86400,skipAfter:END_RBL_CHECK"

Over the past 24 hours it’s blocked  over 150,000 requests by bad bots to all of my customer sites. Absolutely incredible.

I’d  like to thank the fine folks  at spamhaus for doing what they do, and for helping to make the internet a better place – for free!

The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet’s spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam and malware gangs worldwide, and to lobby governments for effective anti-spam legislation.

 

Servint vs. AWS

Note: This is an honest personal endorsement. I was not paid or offered any incentives for this post.

circuit I’ve been running Birdhouse Hosting for more than a decade now, and most of that time I’ve been hosting my services on a dedicated VPS at Servint.

I absolutely love the reliability and support I get through Servint, but every so often wonder whether I could reduce expenses by moving to Amazon Web Services, which lets you “pay as you go.” But every time I scratch the surface and try to do a real apples-to-apples comparison, I come to the same conclusion: Birdhouse is already in excellent hands, and I would not actually save money by moving, all things considered.
Continue reading

Barracuda’s RBL Stops Spam Cold

barracudaI’ve run a small web and mail hosting business on the side for around a decade. The hosting platform I use (cPanel) comes with spamassassin and support for a couple of real-time blacklists (zen.spamhaus.org and bl.spamcop.net) built in. On top of that, I’ve compiled in Razor, DCC, and ClamAV.

But with spam control settings set to their highest levels, I’ve struggled over the years to keep fall-through spam from reaching the mailboxes of my power users – the spammers  just move too fast,  are too crafty. Spams that look the same from day to day actually have quite different signatures, and manage to evade my arsenal of tools. It’s been incredibly frustrating.

A few months ago, I came up with a set of techniques to let desktop mail clients train the server-side Bayes database about what’s spam and what’s ham. That worked well for a couple of months, but eventually the Bayes dbs became polluted with false hits (probably a result of users incorrectly marking / not marking messages). Is it even possible to operate as an organization smaller than Google and still guarantee low spam levels for users?

Real-time blacklists (RBLs) tap the hive mind – the collective judgement of thousands of human users spread around the world, marking ham and spam every minute of every day. When all of those judgements are collected into a single, continuously evolving database that any host can tap into, it should be possible to create an almost perfect blockade. We know that Akismet has made their RBL work amazingly for weblog comment spam (as I write this, Akismet claims to have blocked 54 million comment spam today alone).

RBLs always seemed like the smartest way to go, but spamhaus and spamcop sure weren’t getting the job done. Doing research in the cPanel forums a few days ago, I discovered that Barracuda Networks, who make a series of firewall appliances for enterprises, maintain their own RBL and provide free access to it for organizations like mine.

Decided to give it a whirl and was blown away. Within 24 hours, the amount of un-tagged spam getting through to my users had dropped to a trickle. I haven’t found an anti-spam tool this effective since… ever. It took almost no effort to set up, and will require almost no effort to maintain in the future. Super stoked.

To the great engineers at Barracuda: The internet thanks you.

Update: A couple of months later, I no longer feel quite so positive about Barracuda. Yes, it’s definitely a help, but not the silver bullet I called it above.  I do keep Barracuda running, but overall, spam numbers are worse than ever, and there’s tons slipping through that neither SpamAssassin nor Barracuda are catching.

 

Spam Training on cPanel for Desktop Mail Clients

This is primarily a guide for administrators of cPanel hosting systems, though tech-savvy cPanel users with shell access will be able to use this technique as well.

Users of webmail systems like GMail, Yahoo, etc. are accustomed to having a “Mark as Spam” button in the interface. Clicking the button tells the server that the selected message is spam, to prevent similar messages from showing up in the inbox again. So how can administrators of standard cPanel-based hosting systems provide similar functionality?
Continue reading

Grounded Theory

Birdhouse Hosting is proud to welcome Grounded Theory Review:

The Grounded Theory Review is an interdisciplinary, online academic journal for the advancement of classic grounded theory and scholarship. The Grounded Theory Review adheres to the highest standards of peer review and engages established and emerging scholars from anywhere in the world. While centered in social sciences and the health disciplines, the Grounded Theory Review is open and welcoming to contributions from any academic field.

Bucketlist now has .5 million user-posted goals

Big landmark last night – Bucketlist crossed the .5 million user-posted goals threshold, and still going strong!

Thanks to our 26k users and all of the time they’ve put into posting their excellent lists. I love seeing users inspire and be inspired.

I’m proud of the site, but it really needs TLC and features development, while I have little free time to give it. Perhaps we’ll see some big changes this summer.

Embedded Link

Bucketlist » 10,000 things to do before you die

Log and catalog all the stuff you want to accomplish before you expire. Read stories and watch videos by people who checked items off their own bucketlists.


Craigwork

Birdhouse Hosting is super-proud to announce the launch of craigwork.com, exhibiting the work of Bay Area artist/sculptor/spacemaker Craig Hansen. Craig does absolutely mind-blowing work with cardboard, pencil, fabric, Kapla blocks, and other materials. Think you’ve made cool cardboard rockets with your kid? Check this one. His pencil drawings of objects found near a river are absolutely jaw-dropping (yes, they really are pencil drawings). If you’ve taken your kids to the Lawrence Hall of Science in Berkeley, you’ve probably experienced some of the educational space designs he helped imagine and construct.

 

Hansen was one of the lead designers for the “Forces That Shape the Bay” exhibit at Lawrence Hall of Science. If you’ve got kids and live in the Bay Area, you’ve almost certainly experienced the earthquake fault  simulator and river-blocking paddle system on display there.

Craig has also built some of the  tallest unglued Kapla Block constructions you’ve probably ever seen (the construction/demolition video is great).

I’ve worked closely with Craig over the past few months working out the web presentation for his work. The design is an example of “design by subtraction” – we started with an artist’s theme for WordPress and slowly removed elements we didn’t need until only the bare minimum remained. We hit a lot of roadblocks along the way, but I’m really proud of how the site turned out.

Geek note: WordPress doesn’t allow for icons representing categories and subcats, but I did find the excellent Category Icons plugin to get the job done. Unfortunately, a bug in the plugin causes the numeral “1” to be spit out after each icon. I tried many times, but could not get a response out of the developer, even after offering to pay for support. Didn’t have time to rewrite the plugin myself. In the end, I papered over the problem with a bit of jQuery that searches for the numeral “1” in a div and renders it white. Against a white background, the bug appears to vanish.

jQuery("div:contains('1')").css( "color","white" );

Feels a bit dirty, but also devilishly satisfying.

Lorne Matalon

Birdhouse Hosting is thrilled to welcome Lorne Matalon, a journalist covering all things Latin America for many distinguished publications:

Lorne Matalon has reported from Mexico and Latin America for “The World”–co-produced by the BBC World Service, WGBH, Boston and Public Radio Int’l–since November 2007. Based in Mexico City for nearly three years, he now divides his time between Boston, Mexico and other and Latin American nations, most recently Guatemala and Panama.

Lorne’s site is a collection/portfolio showcasing a vast archive of amazing journalism over the years, and I’m pleased to have been able to work with him on it over the past few months.

genderindex.org

Birdhouse Hosting is pleased to welcome genderindex.org, which is actually two related sites running on two related platforms. genderindex.org runs on Drupal, while my.genderindex.org runs on Django.

The Social Institutions and Gender Index (SIGI) is a new composite measure of gender discrimination based on social institutions. It measures gender inequality in five areas: Family Code, Physical Integrity, Son Preference, Civil Liberties and Ownership Rights in 102 non-OECD countries.