March 20, 2007

Firefox 2.0.0.3 Security Release Issued on March 20, 2007

Mozilla.org has released a security and compatibility upgrade of the flagship Firefox browser; version 2.0.0.3, on March 20, 2007.

The one security enhancement is in response to the MFSA 2007-11: FTP PASV port-scanning flaw. The compatibility improvement is regarding various web compatibility "regressions."

Downloading Firefox 2
Mozilla provides Firefox 2 for Windows, Linux, and Mac OS X in a variety of languages. You can get the latest version of Firefox 2 here.

Installing Firefox 2
Please note that installing Firefox 2 will overwrite your existing installation of Firefox. You won't lose any of your bookmarks or browsing history, but some of your extensions and other add-ons might not work until updates for them are made available.

Removing Firefox 2
You can remove Firefox 2 through the Control Panel in the Start Menu on Windows, by removing the Firefox application on OS X, or by removing the firefox folder on Linux.

Removing Firefox 2 won't remove your bookmarks, web browsing history, extensions or other add-ons. This data is stored in your Firefox Profile folder.

Your personal bookmarks, history, extensions, preferences and cookies are stored in your Fifefox Profile, located in the following places for various operating systems:

Windows Vista: Users\\AppData\Roaming\Mozilla\Firefox
Windows 2000, XP: Documents and Settings\\Application Data\Mozilla\Firefox
Windows NT: WINNT\Profiles\\Application Data\Mozilla\Firefox
Windows 98, ME: Windows\Application Data\Mozilla\Firefox
Mac OS X: ~/Library/Application Support/Firefox
Linux and Unix systems: ~/.mozilla/firefox

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

March Madness Sale on Domains at Dotster

March Madness Domain Sale at Dotster

Yee Haw! Domain Registrar - Dotster, Inc. has just announced a March Madness sale on new and transfered Domain registrations, from now until April 1, 2007. Dotster is allowing unlimited numbers of registrations and transfers at the low low rate of only $7.00 each, when you use coupon code MADNESS during checkout. The regular price for new domain registrations at Dotster is $14.95, per year, so you will save a whopping 53% off new registrations. Domain transfers are regularly $8.95, so you will save 22%, plus gain one extra year on the expiration date, per domain transferred.

If you want to have a web presence you will need to have a domain registered with a recognized Registrar. Dotster is a leading ICANN-accredited registrar capable of registering your .com, .net, .org, .cc, .tv, .ws, .info, and .biz top level domain (TLD) names.

If you would like to learn more about Dotster's services, read my Dotster information page. I have been a happy Dotster customer for 7 years and won't even consider another registrar. Most of my Webmaster clients are also registered at Dotster. Dotster also offers fast and affordable custom web design.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

March 17, 2007

How I fixed my Dell Latitude's mouse wandering problem

I am the happy owner of a used Dell Latitude C610 laptop computer. It hums away on Windows XP Professional, with 512 MB of RAM and a smallish - 20 GB hard drive. The Latitude battery still delivers over 5 hours uptime at full charge. The monitor screen is crisp and bright and I only paid $250 for it in a computer store. My only gripe has been with the mouse pointer wandering on it's own, at random times, for no apparent reason, sometimes completely out of sight.

I did a little online research on Google and found several forums where other Latitude users were complaining about the same wandering / drifting mouse pointer problems as I had (past tense). I read about some pretty drastic solutions some people have used to stop the drifting pointers, including opening up the case and cutting wires. That sounded like a way-too-drastic way to cure the problem. Other suggestions I saw involved opening the case, lifting the keyboard, then inserting an anti-static hardware bag over a metal clip, which supposedly was rubbing against the touch pad's bottom side.

Then in the midst of all this madness I found one voice of sanity from a user who simply downloaded the newest touch pad drivers for his Dell laptop. I followed up that link to the Synaptics website, where they offer generic drivers for their touch pad devices, but also provided links to each manufacturer who uses their touch pads. Dell was listed, so I went to the Dell support site, followed links and options to get to all available downloads for my Latitude C610, scrolled through the long list and finally found an update for the Dell-Synaptic Touch pad. Bingo!

After downloading and installing the new touch pad driver I rebooted (required). When I logged back into Windows I found a new icon in the SysTray, for the Synaptics Touch pad. I opened the new Mouse/Touch-Pad Pointer Properties and went through all of the new options. One option is to disable the Joystick pointer that looks like a pencil eraser, in the midst of the keyboard, or to change it's sensitivity. I opted to make it less sensitive rather than disabling it, and voila, my drifting pointer problem was gone! No cutting of wires, or inserting of bags under the chassis. A simple software download and a few minutes of configuring the awesome new pointer options and all was well with my mouse pointer, on my Dell Latitude. Plus, I took advantage of other new options in the software and enabled horizontal and vertical scroll zones and tap to click on the touch pad.

If you own a Dell laptop and your pointer is drifting all over the place, visit the Dell support website, or the Synaptics website and download the newest driver for your touch pad and operating system.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

March 15, 2007

Spybot S&D Definitions Updated on March 14, 2007

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. All of the programs listed with a + sign are additions, or updated detections, and are dangerous to your computer, and/or personal security. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

Updates - now published every Wednesday

2007-03-14

Adware
++ WhenU.DAEMONTools.SearchBar

Dialer
++ ClickYesToEnter

Keylogger
++ KeyExplorer

Malware
++ GraceCasino
++ PPCHook
+ ScanSpyware
+ Smitfraud-C.
+ SpywareBot
++ Win32.Agent.pz
++ Win32.Renos

PUPS
++ CasinoRoyal.PT

Trojan
++ Ardamax.GWKeygen
++ Banker.FAT
++ Cactus.D (3)
+ FakeBill
++ Nurech (2)
++ Nurech.TServer
++ ServU.H (3)
++ Win32.Agent.bca
++ Win32.Agent.mu
+ Win32.BHO.gen
+ Win32.Rbot
++ Win32.Virtumonde.ha
+ Windows AdTools
++ Wootbot.gen
++ Zlob.AdultAccess
++ Zlob.DNSChanger
++ Zlob.ImageActiveXObject
++ Zlob.PrivateVideo
+ Zlob.SiteTicket
+ Zlob.VideoAccessActiveXObject

Total: 367531 fingerprints in 63233 rules for 2745 products.

English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates. You can download the latest version of Spybot S&D plus definition and tool updates here for inclusion later on.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

Viruses, spyware, adware, keyloggers, browser/search hijackers and rootkits all have one thing in common; they require administrator privileges to install themselves into the operating system, or to write to the Local_Machine branch of the Windows Registry. By running with reduced privileges, as a Limited or Power User you are protected against virtually all malware threats that need to install to function. Furthermore, if you run with reduced user privileges your choice of updates will be more limited that if you apply them from an administrator level account. You would do this by first applying the updates as a Limited or Power User, then Switch Users, or log onto an Administrator account and re-apply the updates and immunizations. I have posted more information about running with reduced user privileges, here and here.

For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

March 14, 2007

Ad-Aware SE Definitions Updated on March 13, 2007

Anti Spyware/Adware program Ad-Aware, by Lavasoft has had it's definition file updated. Users of the free version should check for and install the new definitions manually.

Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge, or is available for as a paid subscription, with automatic updates.

Current Definition File:
SE1R159 13.03.2007

New definitions:
====================
Win32.Backdoor.Wisdoor +3
Win32.BadJoke.FakeDel

Updated definitions:
====================
Adware.Agent
Backdoor.Prorat.16 +5
BlazingTools Perfect Keylogger +6
FakeAlert +6
Hide Windows
IROffer
Malware.Hacktool
SpyDawn +2
Tracking Cookies +76
WhenU.SaveNow
Win32.Backdoor.Agent +10
Win32.Backdoor.Bifrose
Win32.Backdoor.IRCBot +12
Win32.Backdoor.IRCZapchast +6
Win32.Backdoor.PcClient +5
Win32.Backdoor.Rbot +16
Win32.Backdoor.SDBot
Win32.Backdoor.VB
Win32.Dialer.Trojan
Win32.Generic.PWS +4
Win32.Spybot.worm +4
Win32.Trojan.Agent +4
Win32.Trojan.Downloader +3
Win32.Trojan.Kolweb
Win32.Trojan.Pakes
Win32.Trojan.Qhost +4
Win32.Trojan.Small +6
Win32.Trojan.Spy +2
Win32.TrojanClicker
Win32.TrojanDownloader.Agent +3
Win32.TrojanDownloader.Banload +11
Win32.TrojanDownloader.Delf +2
Win32.TrojanDownloader.Small +12
Win32.TrojanDownloader.Tibs +2
Win32.TrojanDownloader.VB
Win32.TrojanDropper +2
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Small
Win32.Trojan-PSW.Lineage +2
Win32.TrojanPWS.Lmir +3
Win32.TrojanPWS.OnlineGames +2
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.WOW +16
Win32.TrojanSpy.Banker +18
Win32.TrojanSpy.Goldun +6
Win32.Worm.Agobot.E +2
Win32.Worm.Warezov +2
Win32.Worm.Viking
Win32.Worm.Zhelatin +37
WinAntispyware +4
Virtumonde +12

MD5 checksum is 5079a899e3cd1b7fab08329a72faffab
and
MD5 checksum is:65d72ce6da9b77462adc88c43904eccd

You can use Webupdate to install the new reference file, or download
it manually from: http://download.lavasoft.com/public/defs.zip

Download the current version of Ad-Aware here: http://www.download.com/3405-8022-5153545.html

Watch my blog for news about a new version of Ad-Aware, "2007," now in beta 2 stage of development.

See all security program update notices in this catagory

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

March 9, 2007

Spybot S&D Definitions Updated on March 7, 2007

World reknowned anti-spyware program - Spybot Search and Destroy - was updated with new spyware definition files. If you use this program be sure to run manual updates as soon as possible.

If you see a program listed in these detections by name you should assume that is is malware. All of the programs listed with a + sign are additions, or updated detections, and are dangerous to your computer, and/or personal security. Update your Spybot Search and Destroy definitions, then scan for and fix any malware that is detected.

After updating your Spybot S&D definitions, if they include new Immunization definitions you need to click on the Immunize button, then, if the status line tells you that additional immunizations are possible, click on the Immunize link, near the top of the program. It has a green + sign in version 1.4. If you don't do this the new immunizations against hostile ActiveX programs will not be applied.

Updates - now published every Wednesday

2007-03-7

Dialer
++ EngergyFactor0190

Keylogger
++ ActivityKeylogger
+ ActMon-Pro
++ Actual Keylogger
++ FamilyKeyloggerProDemo
+ Perfect Keylogger

Malware
+ Forbot
+ Smitfraud-C. (3)
++ SpyDawn
++ Win32.Delf.cc
++ Win32.Hupigon.edt

PUPS (Potentially Unwanted Programs)
+ CyberDefender

Spyware
+ 007 Spy Software
++ Marketscore.RelevantKnowledge (3)

Trojan
++ Absolutee.Launcher
++ Colorado.ClipboardAdmin
++ CtyBank.Sound
+ Dropper.Mondo
+ Fake.IKEA-Bill
+ FakeWGA
++ HPT.RSV
++ KBui32.SMTP (5)
++ NetSky.Q (2)
++ Realsearch.Forte
+ Sallity.Badcro
++ SearchNineX
+ Smitfraud-C.EbayBill
++ Win32.Delf.zq
+ Win32.Rbot
++ Win32.VB.po
++ Win32.Zhelatin.ah (2)
+ Zlob.SiteTicket
+ Zlob.VideoAccessActiveXObject
+ Zlob.VideoKeyCodec

Worm
++ NetSky.R

Total: 365619 fingerprints in 62368 rules for 2733 products.

English Language Company Links:
Spybot Search and Destroy English Home Page
Spybot Search and Destroy (Multi-Lingual Landing Page. Choose your language).
Spybot Search and Destroy Download page - Program and definition updates. You can download the latest version of Spybot S&D plus definition and tool updates here for inclusion later on.
Full tutorial about using and setting up Spybot Search and Destroy
Spybot Search and Destroy Update History

See all security program update notices in this catagory

Viruses, spyware, adware, keyloggers, browser/search hijackers and rootkits all have one thing in common; they require administrator privileges to install themselves into the operating system, or to write to the Local_Machine branch of the Windows Registry. By running with reduced privileges, as a Limited or Power User you are protected against virtually all malware threats that need to install to function. Furthermore, if you run with reduced user privileges your choice of updates will be more limited that if you apply them from an administrator level account. You would do this by first applying the updates as a Limited or Power User, then Switch Users, or log onto an Administrator account and re-apply the updates and immunizations. I have posted more information about running with reduced user privileges, here and here.

For those of you who have not yet used Spybot Search and Destroy, if you were wondering if it "plays nice" with other anti spyware programs, it most certainly does! I have used Spybot S&D since it's inception, along with various other free and commercial security programs, and it has never caused any problems on my, or my customers' computers.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

March 8, 2007

About the QuickTime Alternative Player-Plug-in

Over the past few months there have been a slew of vulnerabilities reported and patched in the Apple QuickTime Player-Plug-in application. QuickTime ships with Apple iTunes when people install that application onto their computers, and millions of other folks install QuickTime to play .mov videos and mp3 files in their browsers. That means that tens or hundreds of millions of computers have QuickTime installed, and knowing the way a lot of people (don't) think about security updates, a large percentage of them are outdated and vulnerable versions of the application. In my previous blog post I revealed six new extremely critical vulnerabilities in Apple's QuickTime Player-Plug-in, revealed in early March, 2007. If you are thinking there has to be a better way to play mp3, .mov and other QuickTime file formats, without leaving your computer open to takeover from exploits against the Apple QuickTime Player, read on.


QuickTime Alternative will allow you to play QuickTime files (.mov, .qt, .3gp and other extensions) without having to install the official QuickTime Player. It also supports QuickTime content that is embedded in webpages. If you browse with Firefox and load a page that has embedded .mp3 or .wav music you have probably seen a yellow notice bar appear telling you that you need to install a missing plug-in to play content on that page. It usually refers to an embedded sound file that normally plays automatically in Internet Explorer and the recommended Firefox plug-in is almost always Apple QuickTime. The QuickTime Alternative satisfies that missing plug-in problem and will automatically playback embedded audio files, after you configure it to do so.

I have been using a free alternative to the QuickTime Player-Plug-in for several years, through various updates. It plays all of the file formats that the official player handles, when configured to play them, more securely than the Apple version. The free QuickTime Alternative player is available from free-codecs.com, on this page. Click on the Download link then look through the list of files for the most recent version, for your operating system. At the time I wrote this the newest version was 1.78, released on March 7, 2007. The alternative player is updated to remain compatible with the file types handled by QuickTime, and is not vulnerable to the same exploits as the official player is. The underlying application behind the QuickTime Alternative is called Media Player Classic, which is updated every time the alternative QuickTime player is updated.

If you decide to install substitute the alternative player you must configure it to handle the file types you want it associated with, as the default player. Details for doing this are in my extended comments.

Also available for free download is a Real Media Alternative Player. Real Alternative will allow you to play RealMedia files without having to install RealPlayer/RealOne Player.

If you are going to replace the Apple QuickTime Player you must first uninstall it, reboot, then install the alternative player, and configure it. This is where a lot of people get confused and complain that they installed it but still get that missing plug-in notice in Firefox. Ya gotta configure it to associate it with your chosen file types, Pilgrim. Note that uninstalling the old version and installing the new version both require Administrator privileges, since files are written to the system and local machine branch of the Registry.

When you are installing the alternative QuickTime Player it will usually offer to open the configuration utility, but a lot of people miss this step and click on Finish instead. No problem, just go to Control Panel and open the QuickTime Applet, with the large blue "Q" icon. QuickTime Preferences will open. Go through the various tabs to verify that it has located the correct audio devices, and will playback content in browsers, select your streaming speed, or leave it on automatic, choose whether you want Instant On and a System Tray icon, then make you way to the File Types tab.

Under File Types you must select the file formats you want your player to handle by default. This is where mistakes can be made that make it look like a failed installation. Here are my selections (yours can vary), for the associated formats for the QuickTime Alternative:

First, click on the "Use Defaults" button. This associates the typical QuickTime file types, but not .mp3 or .mp3 playlists. Under the File Types group click on the check-box for "MP3 - MPEG layer III movies and streams" and place a checkmark in it. Click Apply. Decide if you want to be notified if other applications modify these associations (check box), then click OK, to exit the configuration window. See note below.

UPDATE:
After upgrading to the QuickTime Alternative 1.78 and configuring it to play mp3 files in Firefox, I discovered that it reports itself as the same version as the official QuickTime Player, 7.1.5, and worse, that it plays mp3 files by opening them in a blank browser window, forwarded from the page you were visiting, just like the Apple QuickTime player does. Right clicking on the player shows it to be Adobe QuickTime 7.1.5. I don't know what is going on with that, but I chose to re-associate MP3 files in Firefox with Windows Media Player, or Media Player Classic, both of which open the player as a pop up application. Previous versions would create the player on the page where the link or embedded sound file was, and not replace the page with a new one, or require a pop up player. I'll post more information when I see changes in this behavior.

If you are using Firefox and install the QuickTime Alternative Player, and do not want MP3s to open in a different page, do not check the box for MP3 in the File Types configuration options. Instead, let your default MP3 player handle MP3s. If you already made that selection, open your Firefox options, Content tab, and modify the program that plays MP3 files.

Close and re-open your browser(s) and visit a website that has embedded audio and it should now begin to play or load in the QuickTime alternative player, without an complaints that you need a missing dad-gum plug-in from Apple.

One thing I discovered when upgrading from a previous installation of free codecs and Media Player Classic is that you must first uninstall all old Codec packs, Media Player Classic, Quicktime or Real alternative players, via Control Panel > Add/Remove Programs, then reboot, then reinstall the new versions of the above. Failure to do this will certainly lead to a broken installation and crashes of the QuickTime configuration utility. If you see a codec pack listed from free-codecs it probably contained Media Player Classic, and possibly the QT alternative. If you don't uninstall the old codec pack you will have a broken installation of the QT or Real alternative player. You can get the newest codec paks from http://www.free-codecs.com/Codec_Packs.htm

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

6 New Vulnerabilities found in Apple QuickTime plug-in

Secunia is reporting six new critical vulnerabilites discovered recently in Apple QuickTime plug-ins for Windows and Mac computers, which can be exploited by malicious persons or websites to take over a computer.

Secunia Advisory: SA24359
Release Date: 2007-03-06
Last Update: 2007-03-08
Software: Apple QuickTime 7.x

These vulnerabilities are rated a highly critical and can lead to remote system access and take-over if exploited on an unpatched version of QuickTime, on a Windows or Mac computer. Note that just one of these six vulnerabilities does not affect Mac OS X.

Details:
1) An integer overflow error exists in the handling of 3GP video files, on computers running Windows Vista/XP/2000. NOTE: This does not affect QuickTime on Mac OS X.
Impact: Viewing a maliciously-crafted 3GP file may lead to an application crash or arbitrary code execution

The rest of the vulnerabilities affect computers running Mac OS X v10.3.9 and later or Windows Vista/XP/2000.

2) A boundary error in the handling of MIDI files can be exploited to cause a heap-based buffer overflow.

3) A boundary error in the handling of QuickTime movie files can be exploited to cause a heap-based buffer overflow.

4) An integer overflow exists in the processing of UDTA atom size values in movie files, which can be exploited to corrupt heap memory.

5) A boundary error in the handling of PICT files can be exploited to cause a heap-based buffer overflow.

6) A boundary error in the handling of QTIF files can be exploited to cause a stack-based buffer overflow.

7) An integer overflow exists in the handling of QTIF files.

8) An input validation error exists in the processing of QTIF files. This can be exploited to cause a heap corruption via a specially crafted QTIF file with the "Color Table ID" field set to "0".

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: http://secunia.com/software_inspector/

Solution:
Apple has issued a patched version of QuickTime. Update to version 7.1.5.

Windows QuickTime Update:
http://www.apple.com/quicktime/download/win.html

Mac OS X QuickTime Update:
http://www.apple.com/quicktime/download/mac.html

Source: http://secunia.com/advisories/24359/

As is the case with most of the vulnerabilities reported on my blog, or by other security websites, these takeovers can only occur when the user is running a Windows computer with Administrator privileges. The damage that can be done to your computer by this exploit is directly related to the level of your privileges to modify the operating system. Those people who surf the 'net with reduced user privileges will be less impacted, if at all, compared to Computer Administrators.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

March 7, 2007

Russian and Ukrainian Blog Spammers are STUPID!

< Begin Rant >
If you publish a blog (Weblog) using MovableType, I'm certain that you have learned that if you accept comments, or trackbacks, that you are going to attract blog spam (splog). I used to allow comments and trackbacks on my blog until I found that all of the comments and trackbacks were 100% spam, with links to sleazy websites. Being the curious, suspicious spam/scam hunter type person that I am, I began studying my raw access logs to see where this crap was coming from. I wasn't surprised when I discovered that most of the blog spam I was getting aimed at my blog was coming from a few IP addresses in the Ukraine and Russia. Normally I would consider Russians and Ukrainians to be educated, intelligent folks, but now I have to wonder if I was mistaken in that line of thought.

The reason I make such a harsh statement is because I have not allowed comments or trackbacks to be posted for a long time now (Turn Off Comments and Trackbacks), and when I did allow them I always moderated them and deleted spam comments; they were never posted. In an effort to curtail the continuing attempts to post spam to my blog I have even removed the files used to post comments and trackbacks to my MovableType blog. Still, every day, for hours at a time, idiots in Russia and the Ukraine keep trying to spam to my blog, despite the fact that I clearly state that no comments or trackbacks are accepted, and the files that are required for them are gone. Everytime these idiots Post a comment or trackback my server gives them a 403 Forbidden response, but they don't seem to care, or notice, or are too uneducated to understand that Access Denied means that their request failed to go through! So, growing tired of even giving them the courtesy of a 403 response I am now redirecting all of these bullshit attempts to Post comments or trackbacks right back to the sender's own browser or web appliance; to 127.0.0.1. That should result in a Page Cannot Be Displayed or Server Cannot Be Located message on the program the idiots are using to try to spam me.

The blog spammers are even resorting to using hijacked proxies, on computers in other countries, but they all get the same message, since I block all such exploits in my .htaccess file. I wasn't born yesterday. I know how to block IP addresses, proxies and unwanted behavior or exploits on my server. I also know how to track the source to their ISP and report them for spamming.

If you run MovableType blogs on an Apache Server, and are interested in seeing in my solution to the problem of blocking blog spammers, read my extended comments.

If other Webmasters are having the same problem with the Ukrainian and Russian blog spammers, maybe you would benefit from simply adding a Mod_Rewrite rule to your .htaccess files (Apache Web Servers), to rewrite all attempts to Post to (path to)/comments.cgi and (path to)/tb.cgi to 127.0.0.1 . Below is a code sample you can modify to meet your own installation of MovableType. Be sure you first turn off comments and trackbacks and delete any that are already posted to your blog. Also, place a notice at the top of each template page to let people know you don't accept comments or trackbacks.

The following requires permission to run Mod_Rewrite directives and overrides on your website. Each directive must be on one continuous line, starting with RewriteCond or RewriteRule. The first three lines of code must be somewhere in .htaccess, before any rewrite directives.



Options +FollowSymLinks
RewriteEngine On
RewriteBase /

RewriteCond %{THE_REQUEST} ^POST\ /cgi-bin/mt/mt-comments\.cgi\ HTTP/1\.[01]$
RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC]
RewriteRule ^(.*)$ http://127.0.0.1 [R=302,L]

RewriteCond %{THE_REQUEST} ^POST\ /cgi-bin/mt/mt-tb\.cgi/[0-9]{1,3}\ HTTP/1\.[01]$
RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC]
RewriteRule ^(.*)$ http://127.0.0.1 [R=302,L]




You may have to modify the path to the comments and trackback files, if your MovableType installation has been customized away from default names. If you are using a PHP blog you will have to learn the file names used to Post comments and trackbacks, then replace my file names with the correct ones for your blog software. Once the majority of blog owners learn to redirect blog spam back to the idiots posting it, the flow will begin to subside, as they will have nothing to gain from their activities.

Also, I don't publish my access logs at all, and never have. Despite this fact I see plenty of attempts to spam my access logs with Referrer Spam, in the form of links to spamvertized websites for drugs, porn, insurance quotes and other bullshit. Log spammers gain nothing if you stop making your website access logs public. Take them out of your web-root, or turn off stats publication, and keep your logs private. Eventually the log spam will stop when nobody publishes their stats online, as nobody will see the websites being advertised in the "Referer" fields (that is how Apache web server directives spell the word 'referrer').

Another thing I do, when any one IP address tries to harass my server with too much crap, is to have my web host block them in the perimeter firewall. This sends all of their requests to a blackhole and keeps them out of my logs altogether. They don't even get an ACK from the router feeding the box.

< End Rant >

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.


CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter


Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.


MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.





Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^