Tag Archives: robots

The Vicissitudes of Life, Photography and Weather

If vicissitude is a long word, do not worry. It means:

a change of circumstances or fortune, typically one that is unwelcome or unpleasant.

Here in California we are finally getting much-needed rain.  The drought has been more severe than when we moved here 25+ years ago. Showers and clouds are quite welcome in these parts, provided they do not block out the next great celestial event.

The next great shower is the Geminids on the night of December 13th into the morning of December 14th.  Fortunately that is a weekend, unfortunately the moon is in its last quarter so it will rise near midnight just as the shower generally becomes more intense.

Meteor in Pointy Land

How to Watch a Meteor Shower

There are many guides on what to do to SEE a meteor shower, but we can boil it down for you:

  1. Dress very warmly. A thermos of hot beverages is strongly recommended.
  2. Get in as dark a sky as possible away from sources of light pollution, streetlights, etc. Do not use a flashlight. Let your eyes dark adapt so they can see their best.
  3. Get a comfortable fully reclining chair and look STRAIGHT up.  You’ll see more meteors if you can see the entire sky. While the meteors will appear to come from the constellation Gemini they can appear anywhere in the sky.
  4. Bring a friend along and share the wonders of the heavenly fireworks with them. Besides, officially you didn’t see a meteor unless two people saw it or you got a photograph 🙂

The constellation Gemini – from which all the meteors of the shower appear to radiate rises at about 7:30 PM local time in the North East.  At that time, the Andromeda Galaxy will be almost straight above you for most people in mid-northern latitudes. By midnight, Gemini will be overhead. We recommend a Planisphere or an app if you want to identify the constellations, but to enjoy the shower you need nothing but your eyes.

Photographing a Meteor Shower

In prior articles have covered how to find a dark location and how to plan for and photograph a meteor shower.  And we even have a thorough article that explains why you probably DID NOT photograph a meteor.  We even have led expeditions to capture meteor showers in a dark location.  Unfortunately this year we have faced other vicissitudes.

You can safely skip the rest of this article if you wish…

Showers in LifeDownload link error – hopefully resolved now.

We have weathered several storms ourselves recently, and like you find ourselves wondering where all the time went.  Most recently we were reminded how difficult it can be to maintain a website and sell digital goods. An increasing number of customers complained that the digital goods they ordered could not be downloaded.  We discovered that Google was the problem! We had been using goo.gl to create short links instead of long, sometimes multi-line links for downloading content, but Google insists – for your safety – to check the contents of each of those links.  It would have been fine had this happened once or twice, but we noticed that Google US, Google Czechoslovakia, Google Japan, and Google Brazil (and others) all separately scanned the links, sometimes multiple times.  And then your virus scanner may also have downloaded and inspected the content before it would let YOU have it…  It was a lot of wasted bandwidth and irritation. We rejiggered our software to resolve the issue. Bottom line if you recently purchased content and got a “Too Many Download Attempts” message, we think it should now work if you try again. We apologize for any inconvenience.

Also, as you may know, running a website is not for the faint of heart. For example, we are seeing another increase in attacks from Chinese Comment Spam robots as well as attackers in the countries of Georgia and Germany.

On a personal matter, Steven – the primary contributor to this website – was the sole survivor of an entire team that was laid off at his day job. Steven was fettered with sole responsibility for a vast armada of servers and networks – which all fell on their knees when a 30 second power interruption wreaked havoc. He also found that there were problems with his own home network which he has been building to be able to conduct webinars again (and to thwart robocallers) … His home network is still not reliable enough, unfortunately!

Meanwhile, we are still working hard on our 2015 schedule of events.  Please bear with us.

~ Steven


Attack of the Chinese Comment Spam Robots

First, if you’re reading this through the feedburner you may have noticed in the past a little “Payday Loan” thing right below the title in past posts. Hopefully that is dead now.  I’ll explain what’s going on with that in a minute.  But if you see it above, please let me know!

I’m going to get a little geeky here, skip to the headlines if you want to get the big picture. You may have read my article on What’s in A Website?  It’s not all puppies and butterflies to set up and keep a website running. That was proved all the more last week.

Holy Smoking Internet

Below is a graph of the bandwidth (the number of megabytes of data) that was consumed by visitors to our little niche in cyberspace. I suspect that the “zeroes” here are due to throttling by GoDaddy, not actually spots where there was no traffic.  You see those spikes? Those are ROBOTS. It’s obvious the attacks began around 5/10, but didn’t reach a crescendo until 5/22 (as you can see on the next graph).

The attack begins.

But it’s about to get ugly:


Clever, but seriously demented people have written programs to run about on the web, find blogs to which they can add comments and then attempt to automatically add drivel so that they can hawk their worthless (and often scam) products. They also hope that by adding their links to more sites, their rank in search engines will go up. How else are you going to learn about Viagra and fancy watches? The comments are sometimes blatant:

soccer cleats for sale… quality. These cheap and quality nike air maxConcords are my favorite in life. You also give me good service, thank you. When I saw the nike air max Concords here, I know they are good and can be the best choice. My friend told me to buy nike air max …

Sometimes truly stupid:

replica watches… checked out demonstrate just about all invisible records within machine nonetheless absolutely no htaccess record. my spouse and i dont buy it. this is certainly insane, very much assist desired in this article. all i wish to accomplish will be be capa…

And sometimes sneaky:

Pretty nice post. I just stumbled upon your weblog and wished to say that I’ve really enjoyed browsing your blog posts. In any case I will be subscribing to your feed and I hope you write again soon!…

Huge banks of machines that have been zombified do this comment spamming on a massive scale. We had 545,611 “hits” in a 5 day period. Those hits consumed 15.96 Gigabytes of bandwidth. 372,000 of the hits out of 545,611 were robots!  Each was trying to comment on one of my old blog articles and collectively slurped up 11.6 Gbytes of bandwidth.  72% of all that traffic went to Chinese servers. Talk about trade imbalance! We didn’t know we were that popular abroad. There was also that guy in Poland who tried super hard to crack into our site through the login portal. He/it was turned away about 4,000 times in one day.

Unfortunately the extreme load caused GoDaddy, our hosting provider, to shut us down and hold us hostage.  It’s a good thing I know a little bit about networking… otherwise they probably would never have turned us back on. This all happened right when I launched the initiative to raise money for the Oklahoma Tornado victims. Talk about stress!  I felt like I was facing my own tornado – this one made in China. Fortunately the destruction was nothing like what my friends in Oklahoma endured.

This was the second time that the GoDaddy strategy was to punish the innocent. I won’t bother with all the details – I’ll just let you know that we’re folding up shop on GoDaddy and moving to HostGator real soon now. Hopefully it will be mostly transparent to you.


With the thousands of assaults on the one blog article, it was obvious that I had to fix it. The problem is that WordPress incurs quite a bit of overhead to serve a particular article – it has to find it in the database, format all the ancillary content and then spit out all the parts of the page. That overhead was crushing the server, so I had to eliminate it.

I first took a look at where all the hits were coming from – I needed to shed most of the traffic and I used .htaccess instructions to deny a large range of network addresses from  China.  If you’re in China on one of those subnets you still won’t  be able to read my pages. So there! Hah!

<Limit GET POST>
order allow,deny
# - Chop the balls off of an intruder from triolan.net
deny from
# - Cut the balls off of the Chinese Spam bots-
deny from 110.85.
deny from 110.86.
deny from 121.205.
deny from 117.26.
deny from 218.86.
deny from 27.153.
allow from all

Then I wrote a very simple page that only says “Go away jerk”. Nothing fancy there.

WordPress relies on .htaccess rules to help serve content on my blog. Here are two important .htaccess rules. What they mean is simply: if the “path” is actually a directory or a file, then serve that path – otherwise it will hand the work off to the scripts that do all the processing.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

Since the url that the robots were hitting was

All I really needed to do was to create a directory path:  2011/03/driven-to-abstraction and add an index.html file in there.  Wordpress is thus bypassed and all I need to do to restore access is to delete the folders.

However, I first played with redirecting the traffic by putting this in the .htaccess at the root of my website(s).

RedirectMatch 301 /2011/03/driven-to-abstraction(.*) http://theamusing.com/badrobo/jerk.html

I noticed that most of the robots that were generating the spam hits were following the redirects.  If they keep this up I’ll redirect them to in which case they’ll be asking themselves for content – and burning their own bandwidth!

RedirectMatch 301 /2011/03/driven-to-abstraction(.*)

I’ve also thought about pointing them at those damn loan sites that have been infecting many webs.

Payday Loan Hack

Now getting back to that “payday loan” garbage. The problem is that GoDaddy’s servers are not secure – they are vulnerable to attack, especially via “sneaky files” designed to commandeer some aspects of the BLOG and surreptitiously insert their own drivel. In this case, the insertion was only visible to those who either looked at the HTML code or happened to read from email. Why? Because only Google’s feedburner exposed the otherwise invisible spam. The sneaky code has infected THOUSANDS of websites. Don’t believe me? I found 700+ sites infected with a simple Google search.  All the ones I checked are hosted on GoDaddy!  And please note that the search I did – trying to find news of a cure only include sites that contain both the subversive ads AND the world malware.  Guess how many hits there are here: t0inpaydayloans.com xmlrpc Over 4,000!  And that hawked site is only one of THOUSANDS of similar sites.

Get your Geek On

I used a number of tools to hunt down the invasion. There is a WordPress plugin called “Exploit Scanner” which gave me so many false positives at first that I had to drop back and do some clean up. Most of the false positives were related to our store, WordPress E-Cart.  A great free site that helped me is Securi.net.  I could kiss them.  They even offer a reasonably priced plan where they will regularly scan your site and fix any problems. It was tempting except the geek in me wanted to find the source of the garbage.

Boy was it well hidden.  Doubly encrypted – it had to be because there is plenty of advice out on the network warning about the presence of code like this: base64_decode(

This attacker hid his code well. But not well enough!


We’ll be back on topic with the next article. Promise.