centre{source}

We have a customer of ours who pays us both for e-mail/web hosting as well as our anti-spam/anti-virus relay service, Swirbo. Swirbo is a service that filters mail by having mail for a domain sent to it first, via MX records, and then relayed to its final destination.

Recently, this customer began reporting that she was unable to receive e-mail from certain people. Some investigation yielded this information from Swirbo, while attempting to deliver a legit e-mail message from someone on aol.com:

Recently we had one of our regular (every couple of months) Comcast Nightmares. These happen now and again, and by now our entire company is fairly used to the "Comcast is down -- go work from home or a coffee shop" routine. This time, however, I wanted to detail a bit of what we experienced, and talk about what it means for us. First, a rough timeline of our original problems:

We'd have a recent spat of complaints from our Swirbo customers regarding their inability to receive mail from certain Google apps -- i.e. if you invite someone to view a blog, or docs.google.com document. Today I got an example of the actual error they are getting:

Technical details of permanent failure:
TEMP_FAILURE: SMTP Error (state 13): 450 : Recipient
address rejected: Greylisted for 5 minutes

I just read a quick review of Firefox 2.0. I am not terribly impressed -- with Firefox itself, or the review for that matter:

The first thing that stands out in the new Firefox is the more modern, snappier look and feel. Everything is more shinny, more playful and more clickable.

Can anyone tell me what this means? This is followed by:

Tabbed browsing was a major browser innovation that Firefox popularized

Early this year, we posted the story of a spammer that left a comment spam on our site -- circumventing the spam protection (Wordverify) manually.

This week, their director of marketing contacted me asking to try to clear up the situation and convey their side of the story. I told him I wouldn't amend the original post (barring for any inaccuracy), but that he was welcome to e-mail me an explanation. In the interest of fairness, here it is:

Are the seemingly never-ending Instant-Messaging wars finally coming to a close?

Jabber/XMPP has gotten another big shot in the arm this week, with the announcement that Livejournal has launched a Jabber server for its users, complete with the friends-list pre-loaded as the Jabber roster. They will be incorporating s2s communication, along with lots of other features.

Opera 9.00 final is out, and they appear to have fixed the cookies bug. And there was much rejoicing.

Now I don't have to switch to Firefox after all.

We had a bit of a sticky situation here at the Centresource stomping grounds this past couple of weeks. We have a server with a multitude of environments served via our Apache webserver. It's a fairly simple setup: we have a virtualhost devoted to development environments for all of our software developers, and then a plethora of virtualhosts for the various web-based applications we use: some home-brewed, some OSS web applications we use for various business functions (CMS, CRM, Groupware, etc..).

The mystery started when sessions started mysteriously expiring prematurely on two of our most popular web applications: DekkoTime, and our internal CRM/groupware application. It started about two weeks ago, with no discernable changes to our configuration that could be responsible.

So to understand what was necessary to track down this problem, we have to explore a little bit about how PHP session data storage and expiration works:

So, the inspiration for writing this script was so that I could quickly and effortlessly visualize some of the stats from my webserver logs on the fly. The reason was that I have noticed a huge influx of comment-spam attempts on my personal blog, this blog, and the Nashville Metblog.

I have access to the logs on the first two, and it was obvious from casual inspection that each attempt was coming from a different IP and network: i.e., it is coming from a botnet. I suspected that the spam influx on all these hosts was from the same botnet, and it appears that I was right. Out of 3-400 unique IP addresses making the spam attempts on those first two sites, around 200 of them had hit both servers. And lest there was any doubt, compare these two graphs of the comment-spam attempts per hour:

I use command-line utilities to do data-mining on logs compulsively -- often in sick and twisted ways. There are many times in which I perform a tortuous serious of grep/perl/awk commands which wind up being fed to "sort | uniq -c | sort -nr" or something similar.

Those of you familiar with those commands already know that the result is a list of unique values added up and displayed with a total, e.g.:

   289 text1
   134 text2
   134 text3