IAmAWitch Code-Of-Isis Pagan WebCrafting

Pagan GeoIP country exclusion methods

Fri, 02 Nov 2007 17:41:40 -0400

I have long had trouble from spammers from various parts of the world and determined that I would find a way to counter their activities. Well, experience being what it is, I found that security solutions often come in the form of multiple techniques, layered together in swatches to form barriers to most Internet pests.

The first of these techniques I will discuss today falls into the realm of using the I.P. address of a visitor to determine their rough geographic coordinates. The Internet, as it exists today, uses the IPV4 address space to map out regions of the planet into zones of internet address blocks that are allocated to regions and countries. If one looks to the page at http://www.iana.org/assignments/ipv4-address-space, one can use the major octet (The starting number of a IP address) to get the roughest of ideas of where someone hails from.

Now, as a Pagan web site, I know my audience is mostly located in Western countries. Not *all* of the time, but most of the time. So, knowing from my logs who the worst offenders are in terms of systems abuse and such, usually the Chinese, Russian and South American countries as well as pretty much all of Indonesia, I can reasonably decide to block only on the major octet. Now this is the most primitive of screening methods, but if your requirements are met by screening out this way, then your .htaccess file can by modified to have "deny from 218" for example, which takes out an entire block of addresses from Asia. I don't use such a base technique in my own sites, although, I have on occasion had pests hitting my site via combined attacks such that I did use entire swatches of address space to battle back and then eventually narrowed in on offenders and used reporting of abusers to get it stopped. So, such knowledge has it's purposes.

GeoIP is a term finding broad use as site owners discover they can create their own Internet borders. There are companies like http://www.maxmind.com that provide monthly (and free) updates of country codes to test a visitor against the list of IP addresses allocated by country. This is a valuable and effective tool for sending folks on when they visit your site and are not wanted as guests of your web. You can even use the tool to send folks to regional pages if your web so directs and thus, create seemingly local content for folks a world away. It all depends on what you do when you detect where an IP address hails from.

For example, the MaxMind database can return cities or country information. I use the two letter country code to determine where the IP came from and then use that in simple decision statements to send the person on or redirect them as needed.

In my own case, my handling is purely by country. I watch my logs and also Internet news and security sites to determine who is causing the most pain out there and then ban entire countries. There are those who would call me a brute for being so crass as to block based on borders and cultural differences, but I would counter that this is no different than my placing an experienced bouncer at the door of my club to keep undesirables out. Being that it is *my* establishment, I can make pretty much any rules I want so long as these are reasonable and defensible in a court of law if it should come to that.

This said, I will state I have a ready and distinct distaste for all of China, Vietnam, Russian, Romanian and Indonesian IP addresses and thus block these worst of offenders who, most often, are running scams and internet bandwidth schemes and whose countries do nothing to stop the criminal activities based out of their countries. I this recommend as a starting base of exclusions that you use the U.S. government watch lists of countries who are ruled as threats and also to keep a close eye on news of countries (like Nigeria) whose Internet presences are an excuse for crime rather than a legitimate tool for communications, commerce and trade. You'll soon come up with your own ban list based on your site needs and such.

What do you do when you ban a country? In many cases, they can be redirected to an information page, or sent on to a new destination. In my own case, I send them on to a 403 page and that ends that. They get no further and yet, I log them and can filter my reports to see who is doing what.

In conclusion, Internet screening of users by country is becoming standard faire. It should be used wisely and carefully. If one integrates the code properly into their site, they will notice a steep drop in attempted hacking incidents and can focus more resources on other aspects of their web site. It really works and with a little effort, you too can use this tool in your bag of Internet tricks!

Learning to fight the enemies of your site....

Fri, 05 Oct 2007 01:47:30 -0400

You know, I'm a pretty even-tempered guy. But when a bunch of Russian thugs attack my site with their constant barrage of spambots and then ultimately, send out solicitations on the chat panels to our users to send their email addresses in to the spammer so he'll stop spamming you, then that does it for me.

I took some actions that put the offending spammer, along with an entire continent out of reach of the IAmAWitch.Com domains.

While I won't go into the specifics of my own actions with regard to site security, I can state that with enough research and care attending to your logs, you can protect your website with a layered security approach that while not perfect, sure will discourage many a spammer or hacker from attacking your site. The thing here to realize is that these folks can spend a lot of time learning to overcome your defenses, but if you take appropriate steps and keep up with the latest techniques and countermeasures, yours could be the site that is free of problems and rich in remaining bandwidth.

Here are some best practices to use on your Pagan site when it comes to locking it down and protecting it (in relative order of importance):

Backup your site and download the back to your PC or removable hard drive/media.
Use the security tools your provider often will be providing to you as part of your package.
Learn how your portal software works and customize it to be "non-standard" with user registrations.
Don't depend on Captcha or other automated systems alone. Queue up new user requests and make your prospective users answer questions that force them to interact with you.
If using PHP for your site software, use Bad-Behavior to stop the bulk of spambots from hitting your site.
If form spammers are trying to hit your back-end code, then lock it down with security checks to see where the referrer is coming from and only allow your own domain to submit forms to the back-end handler.
Use client-side JavaScript to validate forms and do rudimentary security before the submission ever takes place.
Add software to scan for SQL injection attacks in the appropriate places of your site architecture.
Keep your site updated with security patches and regularly scan your site logs for trends.
Use your .htaccess file to block the worst offenders and set rules that scan for harmful strings or combinations of strings.
Don't waste time responding to attackers provocations via email. Instead, learn what they have to teach you and then defeat them quietly and without fanfare.
Decide who your audience is and use geo-IP software and custom techniques to block entire portions of the IPV4 address space. If the hacker (or a country known for hacking activity) cannot reach the site, they cannot hack it.
Finally, install listings of bad email addresses for the spammer's systems to find. You can also install honey pots to track and participate with other site owners in large groups to fight back and wrest control of your bandwidth and security back to your side of the fence.

This takes work. If you aren't sure how to do some of this, then find someone who can set up the more important elements and then take the time to learn what it takes to really secure your site. You'll be the better for it! Feel free to comment!

AJ

Supporting both Hemispheres

Fri, 05 Oct 2007 00:15:55 -0400

It often escapes most people that there are two hemispheres to this world and that if one is in Winter, the other is in Summer. Six months later, the inverse is true.

Thus, if your Pagan site is truly adhering to the notions of this world-wide view of things, then you can spend a bit of time devoting some resources to creating a Northern Hemisphere and Southern Hemisphere seasons script for your site.

I'm going to take the example of our Seasons block here on this web and we'll go ahead and convert it over the coming week into a dual hemisphere tool, with both Northern and Southern hemispheres being represented equally. Our Australian and other related Western-oriented Pagan visitors ought to find this to be of use indeed! I'll go ahead and zip up the code and place it into our downloads section for easy use by you for your site!

Stay tuned as we add to this article day-by-day!

AJ

Forum and basic updates/changes to come

Sat, 22 Sep 2007 17:19:12 -0400

We've enabled the forums to start encouraging the use of this site as a primary forum and discussion area to swap stories, techniques and ideas related to website design, security and operating methods/philosophies.

In relation to this change, we opened back up the user registration system, but will be sure to investigate each user and force them to respond to us with real email responses that prove the user is real and not a spam-bot or spammer who is out to evade our checking mechanisms.

So with this in mind, we begin our little adventure with this web site - Welcome aboard! -- AJ

Code of Isis is back on the air

Thu, 13 Sep 2007 00:08:18 -0400

We have re-enabled CodeOfIsis as a working web site. Note that new user registrations are no longer permitted. If you wish to get a user account, you will need to email AJ directly. This is done by contacting him via the "register' link at the www.iamawitch.com site and then letting him know you want a CodeOfIsis account... We deleted useless submissions from some fly-by-night loan company and it just adds fuel to the fire that proves that allowing unrestricted account creation leads to abuses from idiots... We'll detail more on this in future articles... We will be modifying this site extensively in the near future, but for now, it's just good to be back!

Defeating the insurance referrer spammers

Sat, 20 Jan 2007 12:43:00 -0500

One of the challenges of running a web site is to pay particular attention to the log entries affecting your computer. In my own case on the IAmAWitch.Com sites, we use a variety of packages to intercept bad entries and to deal with them. Since most webmasters use php and mysql, this article will discuss a countermeasure for a particular type of pest called a "referrer spammer". If you look in your web server logs (or if you use, as I do, the Bad Behavior module) you might see an entry like: Entry details IP Address: 80.241.43.218 [ Search | Unblock IP address ] Date: 2007-01-20 12:37:14 Reason: Prohibited header 'X-Aaaaaaaaaa' or 'X-Aaaaaaaaaaaa' present GET /staticpages/index.php HTTP/1.1 Accept: */* Accept-Language: en-us Connection: Keep-Alive Host: www.yourweb.com Referer: http://zzzinsurance Ua-Cpu: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M) X-Aaaaaaaaaa: 300000 X-Aaaaaaaaaaaa: 1 Note the X-Aaaaaaaaaa content. This is telling. Also, look at the Referer and note the insurance url. This is a common tactic now in use by spammers based out of Eastern Europe. In no way should you visit the URL because it is guaranteed that your computer will be infected with a trojans, viruses and worms. I have removed the original URL and placed a non-working version into the entry to prevent any possible accidents. How to get rid of these pests? For most users, packages exist to allow you to ban IP addresses that come in posting the spammed referrer addresses. More sophisticated users might continually edit their .htaccess master files to prevent potential visitors from continuing to visit. But these methods, nice as they are, do not provide the means to really deny access to your site without a lot of work and research (I will grant that HTACCESS has the ability to do wonderful tests but it does get tiring to edit that file constantly. So, my focus shifted to my blogging software. Where could I plant tests to just send these problem bots packing? I opted to keep the other methods (.htaccess and Bad Behavior), but there had to be another way to deny access. Most applications possess the ability to focus traffic through a single routine (a dispatcher or choke point of sorts) and through which you can plant a test to wrest control back from the spammer. Most programmers on the web know about environment variables. With web pages come a standard set of environment variables that can be tested against. The one of greatest importance in our case is the HTTP_REFERER variable. It is actually a trivial thing to perform a string test against a particular value in this string. In our case, testing for the value "insurance" will screen out a particular class of user. An example of this is shown below: // Test for the common insurance scam in referrer if (stripos($_SERVER['HTTP_REFERER'],"insurance") != 0 ) header( 'Location: http://www.yoursite.com/somepage.html' ) ; This code states: If the http_referer variable contains the value "insurance" in either upper or lower-case (the stripos function), then redirect the user to a page of your choice. Creative users can manage all sorts of devious tricks to nullify the spammer. As the spammer creates more and different referer types, you can evolve the code as needed to redirect them accordingly. Sophisticated programmers might use regular expressions to handle a wider range of conditions, but these simple conditional models do much to counter the current threat and at low cost in overhead and time to develop. So, explore the best place to plant this sort of test. You can develop yours in PHP, Perl or even Coldfusion, depending on your chosen architecture, but the test will work everywhere as long as you alter it accordingly and with your needs. For those interested in using .htaccess screening methods, take a look at the article at http://en.wikipedia.org/wiki/Referer_spam for examples on how to use regular expressions to counter word based referers as an additional or alternate method of preventing access to your site by spambots. Good Luck in your spam-hunting and killing adventures! AJ

Caring for your web site

Sat, 13 Jan 2007 01:03:38 -0500

I'm guilty of it myself... Not taking care of I site I built! In this case, it was to leave to take care of family in a medical emergency, and dropping the care of my site for a number of months. And that is how a site dies... So what can be done to protect your pagan web when, as life so often throws at us, intrudes and prevents you from taking full care of your web? To start, if your site is pretty easy to care for, you can pass control to a friend. There are plus and negative sides to this action, because you had *better* know that person. Handing the FTP and password keys to that friend is no small act of trust. And when you do depend on that person to do the right thing, it really becomes critical to at least have *some* involvement in the site while you attend to needed business. So here is a list of recommended actions for handing off a site to be "babysitted" by your proxy webmaster: 1. Train that person in person, as to how to care for the site. If possible, make sure their passwords work, that they are clear on your policies, and that they understand that they cannot pass control over to someone else without your clearance. 2. Monitor the site on a weekly basis to check how things are going... You'll be glad you did. 3. Call your temporary webmaster to be sure they are doing well, and to deal with any emergencies or problems as they come up... A regular call does not take that much time. 4. Have a definite date in mind so that the handoff is not open ended, and that everyone knows you'll be back by, in order to reassume control of the web. These are simple things to consider and will keep your site humming along while you are away from it. Comments invited as always! AJ

Comment Spam and the never-ending battle for your site

Sat, 13 Jan 2007 01:01:52 -0500

NOTE: On January 20'th, this site was upgraded as a direct response to the comment spammer attacks that caused serious damage to the site. Comment spam will now be much more difficult for a spammer to attempt to perpetrate on this web. For more details, please feel free to visit our new forums section. What is comment spam? It is the posting, usually through help from a dedicated program, of links to sites of dubious quality and content through the use of form or CGI based variable inputs to a receiver program (in our case, the comment posting portion of the site). Comment spam depends on the site administrator to not take actions to prevent the spam in the first place. In the case of our abuse, the spammer used an injection program to place hundreds of spam messages on the site and to cause our upgrade and add-on technology to defeat his efforts to fail on first try. It turns out that the answer to all of this was to download the entire database and manually snip out all of the comments and then re-upload the database back to the site. On doing this, we we re able to bring the site back to full functionality. In addition, we enabled a spam filtering utility that blocks out the messages by keyword lists, ip address, and other methods. We also changed the site to force registration and to also manually approve new accounts to the site so as to scrutinize each new site applicant. We may relax these policies later when we have more experience with the spam prevention software, but for now, we'll be patrollling the site with more than an eye on the who/what/why of things. Other News We will be switching the look/feel of the site to a new header and new template set due to the upgrade. Please excuse any problems or gross errors noted during this switchover. Post any noted errors in the forums area for us - Thanks! Original Story from 1/18/06: Because of comment spam, I have defaulted no comments (for now) for all articles on this site until we can add the comment spam filters that will prevent addition of comments to our site. A number of other measures have already taken place that will ensure, for the time being, that no comment spam will be seen on this site. I will turn this into a story showing how to detect and prevent comment spammers from taking over your site. Additionally, I will be approving all new user accounts manually. No auto-registrations will be permitted until this problem is handled. No email addresses coming from Yahoo, Juno, 3fn, or any other overly common spam site will be permitted for now.

Adding a seasonal script to your site

Sat, 13 Jan 2007 00:59:29 -0500

One of the more requested scripts that I've received letters about is how to determine the start of each of the seasons and how to display that on your site. To this end, I discovered precious few resources to draw on, except for one lucky find at the following website: http://www.merlyn.demon.co.uk/js-date0.htm#Sea This site contained a number of core pieces of JavaScript logic that were immediately adaptable to our purposes of: 1. Adding an image display on the basis of the season. 2. Adding some simple text display formatting. You can view our script in action on the left side of every page, since I've turned it into a block to display the season in the northern hemisphere. Southern hemisphere readers are advised by the site that I pulled the function from to do as follows: "Southerners :- xor with 2, or add 6 months" From the looks of it, you would need to change the "SN =" line accordingly. I may take a stab at altering that line later and add a complete southern script. If one of you can make it work on your own, then please paste a corrected line for the Southern hemisphere as a comment to this article. This said, we display the following scrap of code to give you a chance at displaying the function in your own site. You will need to find some images to use to display your version of spring, summer, fall and winter. Note that you can change the URL as needed if need arises due to your particular situation. The Script: <script type="text/javascript"> // </script>

Adding a lunar phase script to your web site

Sun, 07 Jan 2007 18:33:24 -0500

If you are as big of a fan of the moon as I am, then you have probably scoured the web high and low for great scripts to compute lunar phases.

I have a large collection of scripts of my own, acquired over years of my travels across the web. The best scripts are the ones you can share with people and we have a script to share with you that you can adapt for text-only lunar displays on your web for your visitors to use.

This first script is quite simple to integrate into your site, simple to modify, which we will be doing in later articles (mainly to add graphics) and will bring people to your site again and again. So, let's get to the meat of the issue:

Step 1

Click to view the script and ready your web design tool (Dreamweaver, Arachnophilia, Notepad, etc) to cut and paste the code into your own page for viewing on your local PC.

Step 2

Save the page and then surf to it. You should be seeing the output match that of our page.

Step 3

Modification of the script is basically confined to text manipulation and display needs. Your web may use tables, CSS, or both to effect your best output. Modify the outputs to meet you needs. Be sure to compare output of your script to our original so you are sure that you are getting good results.

Other modifications

We intend to add graphics to lesson two for this script. You can easily do the same with a little study and some creative acquisition of lunar images. We'll be providing a complete script with all the trimmings in February, but for now, this script will give you good results and provides the basis of a working scaffold for those of you who care to take the basic model to your own heights.

Send me examples of your modifications and ideas... We'll be glad to cover them and share them with others!