Finally starting to get some services moved over to the new server. Hopefully publishing this on the blog will work too!!

ok... it looks like slurp is obeying the robots.txt file now... but it looks like it took about 7 hours to take effect.

Man. Yahoo's bot... slurp... is killing me. Their bots have been pounding my site for weeks, sucking down lots of bandwidth.

I decided to make a robots.txt and try to disallow crawling on some of the more byte intense portions of the site. But, after just watching my log for a few minutes, I could see yahoo slurp get the new robots.txt, and completely ignore it! Dangit!

That is annoying. Apparently, I'm not alone. Cmon yahoo... get your stuff together.

I've been getting quite a few follow-ups to my reports of the Earthlink DNS poisoning. I got a couple of emails from technicians working the issues, both of which found the blog not from my reports to the abuse departments, but from this blog. Kudos to google for making the world's data searchable!

I also got a comment from another user who is still having issues. His comment is here.

Looks like Earthlink has it fixed now. I wonder if they will let people know they were hacked and should scan their computers. That would be the responsible thing to do.

Ok, since I haven't gotten any responses from the Earthlink security folks, I decided to call the phone number listed via the WHOIS lookup on earthlink's DNS IP. I get the operator who tells me that "The Abuse Department is a voicemail line only, and it is broken right now." Wow.

She passes me to tech support. An Indian lady answers the phone and starts telling me what websites I can go to. I explained to her that I am trying to do her a favor and tell them about a hack that could be affecting thousands of their customers, and was not interested in looking up other websites and doing more work for them.

She had no idea what I was talking about. All she said was thanks for reporting it, and started trying to talk to me about why people do things like this. My god. Earthlink appears to be doing things all wrong.

Who knows what else is being spoofed from their DNS... banks... email login pages... and geez, google-analytics!!! I mean, think about how many websites use that service!

Looks like the Earthlink DNS servers I am on got hacked. I noticed any site I went to, including mine, that uses Google Analytics was giving me a message to install some bogus Active-X control that claimed to be from Microsoft.

Looking into it further, it looks like the DNS for "www.google-analytics.com" is resolving to some bogus Chinese domain, which is serving up a severely hacked version of the urchin javascript file that the real service normally serves. This effectively allows the code to run on every Earthlink customers machine if they visit any site that uses the Google Analytics service.

My primary Earthlink nameserver is "207.217.126.81". Doing a dig on the DNS entry reports back a bogus IP:

ANSWER SECTION:rn www.google-analytics.com. 282 IN CNAME www-google-analytics.l.google.com.rn www-google-analytics.l.google.com. 222600 IN A 74.86.119.87

That IP address is bogus. A dig -x on it reports:

; <<>> DiG 9.2.4 <<>> -x 74.86.119.87
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1476
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;87.119.86.74.in-addr.arpa. IN PTR

;; ANSWER SECTION:
87.119.86.74.in-addr.arpa. 80872 IN PTR nuo.cn.

Nice... "nuo.cn". I sent an email to the Earthlink abuse team and also to Google security. Hopefully it gets fixed.

I needed a personal blog.

Many times I write scripts or programs at home, or at work, that I want to share with people. Sometimes I have experiences with different software packages, linux utilities, etc. that are too technical to post on the family website. This blog will give me a place to write about that stuff.

Today is also the first day of my new diet, so this blog will also give me a place to record progress, successes, and failures with my diet. Knowing that people might be reading it will give me a bit more motivation to keep my willpower up :)

So, there are rss and atom feeds of the blog if you would like to subscribe. Comments are welcome!