How to Scare a Blogger

Spotted at The American Street:

Weirdness

It looks like http://www.discourse.net has been hijacked. I wonder if Michael knows.

Now, I doubt that Kevin is playing a prank here, so presumably he's really seen something. But I have no idea what it is, my site looks normal from here, and thus I have no idea what the problem might be (cache poisoning somewhere? a 302 exploit? ) or what I can do about it.

Update: Kevin amended his post, and we exchanged emails. For the reason described in the comments, the problem is solved (Kevin seemed to have inherited a spammer's IP number, which I had redirected).

This entry was posted in Discourse.net. Bookmark the permalink.

9 Responses to How to Scare a Blogger

  1. Ben Hyde says:

    looks just fine from here.

  2. Ed Bott says:

    I saw that too, and immediately checked. The site came up just as it should have. My money’s on cache poisoning at Kevin’s end.

  3. reader says:

    What I see is a small picture of a person in yellow asian garb standing in front of the Eiffel Tower, in the left upper corner, near where the top post starts; it only lasts for a couple of seconds when you get to the site. I use ie and verizon, dunno if that tells you anything.

  4. reader says:

    Oops, it’s a pict from a post, couple of posts down. Sorry.

  5. michael says:

    Ok. Thanks to email from Kevin I know more about what happened: he got redirected to digicrime, a website with which I have a connection.

    I have a list of banned IP numbers used repeatedly by spammers. Currently these get redirected to digicrime. Kevin must have acquired a number formerly used by a spammer.

    Which means I should probably send the redirect somewhere else, which explains what’s up. Maybe it’s time to create errors.discourse.net or something….

  6. hey, who changed Discourse.net from a beastiality porn site to some boring old law professor’s musings? I want my man-dog sex site back!

    🙂

  7. michael says:

    Here are the numbers currently on my list:

    61.11.26.142 (India)
    61.218.101.215 (Taiwan)
    62.0.13.2 (Israel)
    62.193.231.241 (France)
    62.193.231.242 (France)
    62.194.128.227 (Netherlands)
    66.237.84.20 (XO Communications, Provo [Utah, USA?])
    148.244.150.58 (Mexico)
    168.12.253.66 (U. Georgia )
    193.251.137.13 (Central African Republic — claims to be from the US “Ambassy”)
    200.35.81.254 (Venezuela)
    200.67.149.183 (Mexico)
    200.77.204.248 (Mexico)
    201.224.75.198 (Panama)
    201.241.59.17 (Chile)
    202.29.136.140 (Thailand)
    203.172.255.253 (Thailand – ministry of education – a school or university, maybe?)
    205.150.199.114 (Travelnet communications, inc.)
    207.248.240.118 (Mexico)
    207.248.240.119 (Mexico)
    211.50.220.12 (S. Korea)
    211.126.196.172 (Japan)
    211.184.42.62 (S. Korea)
    211.185.59.122 (S. Korea)
    212.141.90.195 (Italy)
    213.37.79.254 (Spain)
    221.200.154.51 (China)
    222.151.61.194 (Japan)

    I’ve removed the following in case they were causing Kevin’s problem:

    67.166.37.63 (Comcast)
    67.171.208.255 (Comcast)
    68.89.20.132 (SBC Internet Services – Southwest)
    69.151.110.55 (SBC again)

    But I’ll have to put them back on if it starts again.

    Yes, I know this is a stupid way to proceed, but the site is getting hammered by spam every night, and not only does it take time to kill, but my hosting contract is high bandwidth but quite a low share of processing time at any given moment. So the processing required by mt-blacklist to block all this stuff pretty much locks up the site which makes it slow to load and makes comments crash. And rebuilding the site to erase the spam keeps failing if I try to do it during an ongoing attack.

    Yes, I should upgrade or change to wordpress. In my copious spare time, of course.

  8. You can probably add the SBC IPs back, as the others did the trick.

  9. CyberLudd says:

    Might I respectfully suggest that Avatar Froomkin seek new lodgings in orientation island?
    http://secondlife.com/

Leave a Reply

Your email address will not be published. Required fields are marked *