Taking the Fight to Internet Spammers

spamThe Internet is great for many things, but among its many downsides are spammers. Those are the people who get onto sites or send us email about fake designer handbags, fake prescription drugs, fake girlfriends and fake $100-an-hour jobs. I guess just enough people fall for these that spammers continue to send them to us, day after day, week after week, month after month, year after … well, you get the idea.

Anyone who has a website will tell you that keeping spammers out of your site is a never-ending problem. As the antispam controls get better, the spammers find new ways to get through the door.

If spammers put as much thought into something useful in life, we’d have a better society. But they don’t.

Spammers, phishers, “dark web” hackers = criminals.

A few months ago, I launched a photography discussion forum. It took just a few days until the first spammer arrived. I used some anti-spammer controls, and they worked. Or so I thought.

By the third month, I was seeing two spammers a day come in. They all are from the same place in China. But because they used different IP addresses, it was impossible to ban by IP address.

They were easy to spot. Random user names using all consonants and now vowels and email addresses that clearly were randomized by a bot – not a human being. That’s a spambot – a computer robot control that registers onto a site and then craps on your site.

This clearly required a better tool for the job.

After a week of reading up on the issue, I learned something.

The Captcha image that we all hate doesn’t work. Catcha was the primary way that a number of sites used to blocked spambots. It required people registering for a site to read a number that was superimposed on a background, almost making it unreadable. But the criminals got busy and figured out how to separate the numbers and letters from the background – something that most humans couldn’t do. Like I said, if criminals spent as much time putting their efforts toward good, the world would be a much better place. But again – they don’t.

What I learned is that you need to use as many tools as you can, so that if they get past one electrified fence, the second gets them and if that one doesn’t, then they get zapped by the third.

Here’s the rub. There are some controls that do such a good job that they keep out everyone, including your audience. You need to keep things easy for your users while making life as difficult as possible for spammers.

I’m not going to offer too many details, because like a magician, you don’t reveal the secrets of the trade.

Suffice to say that I’ve put a few new controls into place that seem to have done the trick.

If you visit my forum at http://photographytoday.net/forums/ and register, you’ll see my first line of defense.

For my first control, I am using a Q&A challenge. Some people ask a question, but what sites have learned is that a spambot will take that question and execute a Google search, get the answer and slip past your electronic sentry.

None of these will block a human spammers, because they aren’t intended to block humans. Luckily, human spammers are far outnumbered by spambots. And when the human spammer does make his criminal move, you simply squash him like a cockroach under your boot.

What I also know is that some day, this won’t be enough, and I’ll need to find another way to block the spambots. You have to stay on top of your game to keep one step ahead of the spammers. That’s just the reality of the Internet.

By the way, if you do visit my forum, feel free to browse and join a conversation. You are most welcome to do so. But only if you are not a spammer.

‘There Is Something Wrong With Your Windows Computer …’

Since August, we’ve been getting these highly annoying telephone calls from parts unknown, although the accent tells me it’s from India.

It first started with the gentleman telling me, “There is something wrong with your Dell computer.”

That would be fine for the small fact that I don’t own a Dell computer. There is an old one that was left in the house, and it gets turned on about twice a year. I don’t have the password to it, so there really is no reason for me to use it.

At one time, Dell sold the most computers in the U.S., so the chance of someone having a Dell in their home was quite high. That’s no longer the case.

Now, the scammer (let’s stop calling him a gentleman) informed me that “there is something wrong with your Windows computer.” This scammer then wanted me to log in to a particular site so he could “inspect” the computer.

A big red flag goes up. I am sure the intent is to drop a piece of malware on my computer in the background and then steal all of my passwords and personal information. For the uninformed, this is how people steal your information.

This went on for several weeks, before the calls tailed off around Christmas. Then they started up again in February.

I’ve decided that this is war, and there’s no reason to be pleasant. Despite me telling them directly, “Don’t call here again,” and hanging up, the scammer called back the next day.

At one point, it got testy. He told my wife, “Why are you lying to me?”

She yelled something memorable (no profanity) and slammed down the phone. Well, really just pushed the “End call” button. I miss the good old days of the big black telephone with the dial on the face. There was some satisfaction in ending an unpleasant call by slamming the phone down on its receiver.

The calls stopped. Or so I thought.

Last week, the scammer returned, and I stood by while my wife had a very entertaining discussion with him.

The short version: There is nothing wrong with my Windows computer, except for the Windows 8 Metro interface, but let’s not get into that here.

If someone calls you on the phone and tells you there is, they are up to no good. Hang up the phone.

I also had to incorporate Captcha to block the dreaded spambots, which were beginning to pepper my site with bogus spam-filled comments.

And Now, for Something Completely Different …

win7_winxp

I recently moved away from Windows XP, an operating system that I’ve used since 2003.

No problem, except I had bought a Hewlett-Packard PhotoSmart S20 scanner, which runs only on Windows XP or earlier.

What to do? Get another computer? No, the answer was to run Windows XP in a virtual machine on top of Windows 7 and Windows 8 (two different computers).

Windows 7 was simple, because Microsoft offers Windows Virtual PC. The one requirement is that you have to be running Windows 7 Professional. Microsoft has the setup files for Windows XP. The instructions are here.

The downside is that color depth is limited to 16-bt, and as a result there is dithering of images. What I had done was to scan in Windows XP and then copy the file to DropBox, where I retrieved it on the Windows 7 side.

Clearly, this was clunky. Let’s add another layer of complexity by tossing in Windows 8. The Start menu wasn’t the only thing that Microsoft eliminated. Microsoft did away with Windows XP virtual mode, which might seem like a negative, but isn’t. There are two options, and both are free:

  • Oracle VM Virtual Box
  • WMware Player

Neither will work correctly with the Windows Virtual PC file, because it requires authentication, and it won’t accept the software key that is included with the file. This means that you’ll need to find your Windows XP installation CD. It must be a bootable CD, and not merely a CD with the Windows XP installation files.

After extensive testing, I found that VMware Player worked best for me. Your results might differ.

After installing VMware Player, next came creating the virtual drive. What VMware Player (and other virtualization software) does is to set aside a portion of your hard drive for you to run other operating systems. You can also allocate the computer’s regular memory and video memory to the virtual computer.

When creating the virtual box, you decide which operating system you plan to run — anything from DOS and Windows 3.1 to Unix to the Mac OS X.

I found it best to use 512MB of RAM and give it 40GB of hard drive space. This worked fine for me, because I installed the VMware Player on a secondary 500GB hard drive. I allocated 32MB of video memory.

You must have the Windows XP installation disk. Insert it into the CD drive, and the installation process begins when you launch the VMware Player. Very simple. For installing DOS, you would use the diskettes and hope that they’re still readable.

I had the original release of Windows XP, which meant that I had to patch it with SP2 (SP1 is no longer available), SP3 and roughly 100 “critical” patches, which Microsoft calls “updates.” That in itself took an entire day.

The nice thing about the VMware Player is that you can easily have it recognize USB devices. It also provided 32-bit color and numerous video resolution options, starting with 800×600. It’s simple to switch between windowed and full screen, and in short it’s been a seamless experience.

Earlier, I installed the Oracle VM Virtual Box, but after upgrading to the most recent version, it could no longer “see” my attached USB scanner. And that was after suffering through the “day of Microsoft OS patches.” Ugh.

With VMware Player, I can easily mount any folder or drive on the Windows 8 computer, which makes it simple to scan photos and then save them to the mounted drive. You do this in the settings before you launch the VMware Player, and you can always add or remove drives and folders.

For me, it means that I can scan a photo and save it to the mounted folder, making it available in and out of the VMware Player.

The scanner runs exactly as expected. No complaints from me.

This clearly was the solution that I needed. And the fact that both were free is a nice little bonus.