Rob Gallagher
Domain renewal scams
Oct 28th
Some of my domains are coming up for renewal, right on cue the scam letters start arriving in the post. The scammers trawl whois information and send out demands for “renewal” to unsuspecting domain users. Send enough of them and somebody, somewhere will pay up.
They’re getting pretty sophisticated compared to the ones from previous years, an accounts department could be easily tricked into paying them.
DWM config
Oct 16th
Recently, I started using dwm as my main window manager. At less than 3000 lines of C, it’s somewhat more lightweight than others I’ve used in the past.
The automatic window placement and stacking is really handy, especially when you tend to have a lot of terminals open, it keeps things nice and organised. There is very little to configure, but I did modify the colourscheme a bit to make it darker. I also added some handy key bindings and a few wrapper scripts to allow the window manager to run in a loop so you can restart it without killing all your applications. My config.h and associated scripts are in subversion.
Lisbon lulz
Oct 1st
He wants your minimum wage.
So with the big vote tomorrow, it’s time to get away from the boring debates, talking heads, crazies/nutjobs and inject some humour.
- Anti-lisbon spoof posters.
- Spoof posters that made into the papers!.
- No poster generator.
- And last but not least, the spoofers guide to Lisbon. This is actually useful and a laugh and a half at the same time.
SpamAssassin DNS lookups over IPv6
Sep 15th
With the recent surge in AIB phishing mails, I thought it might be worth looking at our SpamAssassin setup to see if there was anything that could be done to filter them out.
AIB helpfully publish SPF records for the aib.ie domain, so the first port of call was SAs SPF lookups. Which I noticed weren’t happening, despite being enabled some time ago. Reloading SA resulting in the following log message in spamd.log:
Tue Aug 11 11:26:52 2009 [2221] warn: Error creating a DNS resolver
socket: at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 233.
Aw snap, SA can’t do any DNS lookups, at all. Which means all of the DNS-based tests will be silently skipped. Going back through the spamd.log, I noticed these messages first started occurring when we enabled IPv6 DNS resolvers a number of months ago. Hmm, perl is obviously missing something fundamental.
So, it turns out a perl library required to create IPv6 sockets wasn’t installed, IO::Socket::INET6. This is conveniently packaged in Ubuntu:
aptitude install libio-socket-inet6-perl
A quick reload of spamassassin and we can say goodbye to all those “URGENT NOTIFICATION”s about our AIB online banking accounts. Although, the spammers have now copped on and aren’t even bothering to send from aib.ie addresses anymore..
Updates to bind and the open resolver project
Jul 29th
If you haven’t done so already, now would be a good time to update bind9. A remote exploit is doing the rounds.
In related news, Team Cymru is running a scan for open DNS resolvers. It’s surprising the amount of DNS servers out there that are un-intentionally left wide open and, even worse, don’t implement split-horizon DNS. Looks like they’ve been busy probing ns.spoofedpacket.net:
22-Jun-2009 23:33:54.393 security: client 38.229.0.10#55251: query (cache) 'recursion-test.cymru.com/A/IN' denied
23-Jul-2009 23:34:08.350 security: client 38.229.0.10#45412: query (cache) 'recursion-test.cymru.com/A/IN' denied
