William Hill Hacked?

Hmm. Well that’s interesting. I’ve just received a junk e-mail to an e-mail address set up specifically for use on the William Hill website some months back.

So does that mean someone’s hacked their customer database or is it just a bizarre coincidence that someone has managed to combine their site name with one of my domain names? Hmm…

Spam Statistics 2008

Here are my numbers for 2008 (2007 stats. in square brackets) broken into two parts:

First half of 2008 (up to 30 June 2008):

227659 e-mails received (plus the GMail ones).

211699 spams filtered by MailWasher Pro.

93% spam.

Second half of 2008 (up to 30 December 2008):

62,319 e-mails received (plus the GMail ones).

41,672 spams filtered by MailWasher Pro.

66% spam.


289,978 e-mails received (plus the GMail ones) [356,032 so minus 19%] .

253,371 spams filtered by MailWasher Pro [319,499 - minus 21%].

87% spam then.


The headline figures look good, but that split is what’s important. Basically in June 2008 with my spam stats. looking like heading for another record, I decided to kill my “catch-all” e-mail set-ups and painstakingly create all legitmate mailboxes and aliases. And with that, the spam stats. have come down dramatically.

E-mail is Ruining My Life!

So runs the headline on the BBC News website today about how e-mail is becoming information overload.

On the BBC’s breakfast news show this morning, they even had voxpops from people saying how they received so many junk e-mails. I bet.

I love this bit too from the BBC News article:

“If I’m out for the day I will receive around 80 e-mails.
Bigjeeze, Bournemouth, UK”

They should be so lucky! My stats for last year showed I received on average 875 definite spam messages every day out of an average 975 e-mails each and every day of the year!

Best Spam Ever!

An absolute corker this morning, with the subject “Her Majesty, Queen Elizabeth II”:

Her Majesty, Queen Elizabeth II
Queen of England
Buckingham Palace
London SW1A 1AA, England.

ATTN: Winner

Your Ticket number: 56475600545/012 with Serial number 5368/05 drew
the Lucky number: 86.

On behalf of the Queen of England, we are pleased to notify you
that your email has won in the Annual Christmas free Internet Lotto
Sweepstakes and as a result you have been granted the lump sum payout of
£500,000 GBP which is equivalent to $917,956.00 USD.

To file for your prize, please fill and submit the claims processing
form to:

Mr. Perkins Oliver
Email: perkinsoliver@yahoo.co.uk
Telephone: +44 702 402 4689
Fax: +44 707 502 4610
1 Full Names:
2 Address:
3 Age:
4 Sex:
5 Marital Status:
6 Occupation:
7 Phone numbers:
8 Country:
9 Email:

We advice you to contact your claims officer as detailed above
immediately to avoid Claims deadline.

Mrs. Sarah Wilfred for
Her Majesty, Queen Elizabeth II
Queen of England.

So Betty’s running a sweepstakes now, is she? Excellent. And handy to tell me where she’s Queen as well, just in case I’m not sure. And she’s making 50p per minute on accepting any incoming calls and faxes! Anyone would think this might be a scam 🙂

Bennetts: Bike Insurance and Spam Providers

A while back, I obtained a quote from Bennetts for insurance for my ZRX. As it’s modified, I then went through the modifications with them (cosmetic, safety and performance) by telephone and they refused to offer me cover, so I went elsewhere for less with all the modifications covered. Result!

Still, Bennetts are a bit like herpes: once you’ve been there, you keep being reminded of the fact. In their case, it’s because they’ve sold the Bennetts-specific e-mail address to anyone and everyone, it would appear. Perhaps it’s their very carefully worded “privacy” policy:

“BISL Limited, part of the BGL group of companies, which also trades as Dial Direct and Budget and other carefully selected companies may use your information to keep you informed by post, telephone, e-mail or other means of products and services which may be of interest to you. They may also contact you to conduct market research.”

“Carefully selected”? My arse! The selection process must go like this:

Spammer: “Can we buy your e-mail database?”
Bennetts: “Yes.”

So that’s another company on the blacklist.

The Trouble with e-mail…

I have registered hundreds of domain names over the years. And going back to the glory days before Spam was a significant problem, I’ve always been used to having “catch-all” e-mail addresses and with that in mind, using onlineresource@domainname e-mail addresses with no worries: registering at websites with theirname@mydomain e-mail addresses knowing that e-mails sent to those addresses would find their way to me.

If I started to receive Spam to one of these addresses, it was easy enough to set up that e-mail address as a null mailbox so that any Spam would get nuked.

But the Spammers then decided to start using anynumbersandletters@mydomain e-mail addresses to Spam or unscrupulous(!) list sellers would simply make them up and add them to their x million e-mail address lists. So the Spam would increase.

And then they decided to forge the From: addresses using their made up e-mail addresses so not only do you receive the Spam, but you also receive all the bounce messages too.

Which is why I came back yesterday evening to find 7400+ bounce messages waiting for me, the majority of which were sent to one old domain name. So I then had to use Google Desktop Search to find all the e-mail addresses I’d used with that domain name and do the opposite of what I’d always done: kill the catch-all setting and set up new individual addresses.

All because of some bunch of lowlife scum…

JavaScripted e-mail Links in WordPress Pages

You may want to include an e-mail link in your WordPress Blog’s “About” page or elsewhere, but no doubt you don’t want this harvested and you’ve found you can’t simply add the JavaScript to the post or page as it gets nuked.

So how about a workaround?

Firstly, you need to create an external Javascript file with this code (amended for your own needs, obviously):

function obfuscate() {
var ppclink = "Click here to e-mail us";
var ppcname = "nospamthanks";
var ppchost = "yourdomainnamegoeshere";
document.write("<a href=" + "mail" + "to:" + ppcname + "@" + ppchost + ">" + ppclink + "")

NB: the “@” sign is represented in the code as “& # 64 ;” with no spaces.

Save it as something like emailobfuscator.js and upload it to your server.

Then in the post or the page you want to include it in, add the following code:

<script type="text/javascript"
src="/scripts/emailobfuscator.js" mce_src="/scripts/emailobfuscator.js">
<script type="text/javascript">

You will almost certainly want to uncheck the “Use visual editor when writing” checkbox in your User options before this will work.

And the finished result should look like this:

Stopping the Leechers

I was looking at the traffic for some of my sites the other day and spotted a lot of bandwidth (relatively) being used by one particular site. Now that site only really serves up a script to convert RSS feeds to JavaScript files so that I can them embed news items from selected sources into some client sites.

So I looked at the web stats. for that site and discovered that nearly all the traffic was coming from a site in China. I followed a couple of the referring links and found that the pages were basically just generating page after page of potential search terms with embedded news feeds presumably to serve ads. on those pages.

That does beg the question that if they are intelligent to code those pages or that system, why aren’t they intelligent enough to simply add the scripts to their own site and serve them from there?

Now my site is hosted on a regular Linux box running Apache Web Server, so it was a fairly straightforward task to simply block all traffic from that domain name using an .htaccess file with this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain\.com [NC]
RewriteRule .* - [F]

So the next day when I checked the stats., there were many thousands of Failed Referrer entries where the code was no longer being leeched by them. Job done!

But it did then appear that my site had some particular attraction to them because they then started running the scripts on a different domain! Now, my first thought was to simply amend the .htaccess file to read as follows:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?anotherbadone\.com [NC]
RewriteRule .* - [F]

But I realised I could end up playing cat and mouse with them for life, so instead I have now set the .htaccess file to only allow specific referring domains access to the scripts by using this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?gooddomain\.co\.uk [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?anothergoodone\.com [NC]
RewriteRule .* - [F]

By adding the “!”, the expression now says “if the referrer is not gooddomain, then…”. The only difficulty for me then is making sure there are matching entries for all the legitimate referrers (trickier as one of the sites has multiple domain names).

We’ll see how we get on with this.

[edited to add]

And lo and behold! The blocking is working well, especially as the Leecher in question, hosted by NetEase.com, Inc., has now started doing it with a third domain name.

The Trouble with YouTube (Redux)

I have received a reply to my support query about marking comments as spam from YouTube:

“Thanks for your email. The “Mark as Spam” feature is there to help us recognize messages which are spam. If you see any comments which are spam, please click on “Mark as Spam” and the comment will be removed from the site. This helps us keep the site clean and spam free.”

Now, maybe it’s just me, but when I upload videos I allow comments but only if they’re approved by me, i.e. I get a notification of a comment, go to the video and approve or delete them or indeed mark them as Spam. In my case, the reply that “the comment will be removed” doesn’t appear to be correct. When I mark a comment as Spam, it shows as being marked that way, but as soon as I reload the video page or log out and log in again, the comment is still there awaiting approval and has to be manually deleted.

So what’s the point in marking the message as Spam, especially as they’re almost exclusively from “fire and forget” YouTube accounts? All it does is make more work for me.

Another Domain Name Renewal Scam

I’ve recently received some e-mails sent to the Admin. contact for some of our .com domain names from “Domain Renewal” (reminder@domainrenewalonline.com) stating that:

“It is time to renew your domain name  {domainname.com}

Your domain name {domainnname.com} will expire within 90 days.

You may renew your domain automatically with Domain Renewal. Click on the link in this e-mail to renew the domain for another year. You should renew your domain as soon as possible in order for it to continue to be registered in your name.

Click here if you wish to renew your domain

As soon as we have received your payment, you will receive a confirmation that your domain  has been renewed…”

It’s not until further down the e-mail that you read – if you get that far through the last, large paragraph – that “you may also request your Internet Service Provider to renew the domain for you” which is the first point at which you might twig they are unconnected to your ISP or actual domain registrar.

If you do venture onto their web site, it’s been cleverly designed to feature logos from major technology firms like Oracle, Cisco Systems, IBM and Microsoft for no apparent reason (other than to presumably make you think you’re dealing with a reputable firm in the Internet sector).

Prices? Well how does $59.95 for one year grab you?