When you move IP, move all the IPs

I recently moved the server hosting this site and my photoblog to a new Linode. About time too as the old one was full of cruft built up over a decade of upgrades. It had finally reached the point where I had trouble finding new dpkg files for software that wasn’t as ancient as my installation. Updates would stop in the next year or two as well, which was a huge problem.

When I did move, I pointed the DNS at my new server and all seemed fine. That is, until I saw an email from Google on Friday saying a new user had been added to the search console for www.inphotos.org!

I don’t use the www hostname on any of my sites, and didn’t actually have a search console property set up on that site. I don’t remember now if I had to create one, but when I eventually logged into it, I found an “Ian Trader” already in there. He was a validated user, too.

He had been allocated the IP address of my old server. He saw that www.inphotos.org still pointed at it and asked Google to validate his ownership by uploading a HTML file to his server.

A screenshot from the Google search console showing the ownership verification details of the attacker who created a validated account on www.inphotos.org
A screenshot of my browser showing the validation file the attacker used to gain access to the search console for www.inphotos.org

Yikes! Quick as I could, I checked the DNS and found that yes, www.inphotos.org was still pointing at my old IP address! Damn.

Fixing it was fairly easy, I thought. I removed that user, and removed the www hostname.

However, Ian had one more trick up his sleeve. He had put a sitemap on www.inphotos.org, and it led to 129,864 fake links that Google could not index.

Screenshot of the "page indexing problems" chart from Google Search Console showing 129,984 problematic pages since last Wednesday.

It looks like he was setting up a malware server with the names of books on each page:

/c/pdf/upload?PUB=new_apostolic_church_hymn_collection_songs&blackhole=017
/c/pub/go?EPUB=hawker_battery_charging_instruction_manual&daily=034
/c/pub/list?BOOK=a_shade_of_vampire_7_a_break_of_day&dua=047
/c/pub/list?EPUB=ib_vietnamese_past_paper_2013&monument=094
/c/pub/list?PDF=lowepro_user_manual&codevember=001
/c/pub/list?PDF=suzuki_swift_owners_manual_2009&bubbley=087
/c/pub/upload?PUB=caravaggio_ediz_illustrata&particles=015
/c/pub/upload?PUB=mi5_and_me_a_coronet_among_the_spooks&sassy=021
/c/pub/url?BOOK=radiation_detection_and_measurement_solutions_manual&delapan=081
/c/pub/visit?EBOOK=mercruiser_hp_engine_manual&daily=009
/d/book/data?PUB=gossie_and_gertie_gossie_friends&particle=016
/d/book/file?DOC=engine_repair_manual_for_f550&dribbble=005

I fixed those with some simple mod_rewrite rules, so visiting those URLs should take you back to the homepage. Google is validating my fix now. Besides, that fake sitemap is gone, so I expect Google to forget about them soon, I hope.

So, when you’re moving websites around, make sure you update all the DNS records for your sites. I may not have noticed for a good while if he had set up the redirect scripts on his server correctly and didn’t go into the search console.

A Mastodon account is an email to spammers

This morning I received a spam email where the spammer accidentally CCed everyone, instead of BCCing them. They also seemed to have spammed many people named Donncha, so hopefully none of them reply-all asking to unsubscribe.

It’s not the first time, but they included an “email address” that isn’t an email address. They used my @donncha@mastodon.ie Mastodon account. They also included my Gmail address, which is how I received the email.

A screenshot showing the text: donncha.o donncha.o donncha.o donncha@ donncha@ donncha@ donncha@ donncha@ donncha@ donncha@ donncha@ donncha@ donncha@ donncha@ donnchagi donnchah‹ donncham

I started receiving email to this blog’s @donncha@odd.blog address and to photoblog’s @donncha@inphotos.org address too, but I’ve blocked them already.

Screenshot from Fastmail showing an email alias is disabled.

If you publish the address of your self-hosted Mastodon account, you might want to make sure you don’t have an email address there too, or you’ll start to get unwelcome emails.

BTW – you should pay for your email, especially if you have self-hosted domains. Fastmail is great. Here’s the post I wrote about Fastmail when I switched over last year.

View at Home 0.1

View at Home is a simple Tampermonkey script to make interacting with Mastodon (and probably other Fediverse services) easier. When you open a Mastodon post, it’s not possible to comment or favourite it unless it’s on your own home instance. The usual way of dealing with this is by copying the link into the search box of your own instance and clicking the resulting link.

The search box from the Mastodon web client.

This script will add a “View at home” button to the top left of the page when you look at a Mastodon site. By clicking on this button, it will search for that page on your own Mastodon instance and then redirect you home so you can comment or favourite it.

A button with the text "View at Home".

When you install it, it will give you dire warnings about the extra capabilities it requires. These are needed to make the search on your home instance, and to save the hostname of your home instance in Local Storage in your browser. Please read through the code to be sure you trust what it is doing, as the permissions are wide-ranging.

The first time you run it, the script will ask for your home Mastodon instance. Enter the hostname, without the protocol in this box, and it will be saved to the browser Local Storage. If you get it wrong, click the “Reset Config” button, and it will show you the same popup.

ChatGPT4 was used to help write this script, with edits and prompts by me when it wasn’t exactly what I wanted.

This is a first release. If you find any bugs or have suggestions, please create a GitHub issue in the View at Home repository, comment on this post, or contact me on Mastodon.

F***ing Kidney Stones

The pain I’ve felt in the last few days because of a tiny little stone inside in my body is worse than anything I’ve ever experienced. Absolutely excruciating and uncomfortable. It’s weird drinking lots of water only for my mouth to be dry moments later.

I’m feeling ok right now, at this moment, but I doubt that it’s over yet. I’ve been to the doctor and following his advice. Yet again, feeling so lucky to be married to a wonderful woman who takes such good care of sick ol’ me.

Blarney is Frozen

Schools are back this morning, but temperatures are staying around 2ºC (feels like -3ºC) which would be manageable except it rained around 4am this morning. Local roads are lethal, with vehicles already skidding and crashing.

A double-decker bus skidded on black ice at one end of the village and blocked the road completely.

Twenty minutes later, two delivery trucks jackknifed after coming down the hill coming from the opposite side of the village.

I live on a hill, and watched cars come down it very, very slowly. Thankfully, no incidents there yet.

Pictures come from the Blarney Blog on Facebook.

Extra bits:

Damien Boylan was on RTÉ Radio 1 talking about the freeze with Claire Byrne.

Barry Hoare is internet famous for capturing a video of the bus crashing just outside his garage. Part of his wall was demolished by the bus!

PS. I forgot to say, happy birthday Matt!

TIL about Star Trek Continues

Star Trek Continues Episode 1

The fan mad web series, Star Trek Continues, published their first episode in 2013 according to Wikipedia. Somehow, I think I have never heard of it, despite loving Star Trek. Better late than never, and I enjoyed the first episode this morning. It’s all available on YouTube.

The series continues on where the original series ended, with the 5-year mission of the Enterprise being wrapped up in the last 2 episodes. I recognised the computer voice in episode 1, and I see from Wikipedia that other guest stars make an appearance too. Definitely worth a watch if you’re a Star Trek fan. 🙂

Play C64 Games Online

The Great Gianna Sisters title screen

If you’re in the mood for some retro gaming, head on over to this site, where you can play lots of old Commodore 64 games in your browser! Unfortunately, Firefox caused the audio to stutter, but the games play fine in Edge. I tested Flimbo’s Quest and The Great Gianna Sisters, and they were perfect. I somehow made it to level 5 in the latter game rather quickly. I normally use all my lives in level 2!

There is a huge C64 games archive at archive.org, and there are loads of demos there too! Give Arkanoid 2 a spin while you’re over there. It’s even trained, and you can play with infinite lives! The keyboard controls are the two shift keys and space to fire. 🙂

An interview with Richard Dean Anderson

I didn’t think Richard Dean Anderson (MacGyver, Stargate SG-1) gave interviews any more. I knew he had some serious health issues, but he’s looking good in this interview. The interviewer is such a fanboy. I suspect anyone who grew up in the 80s on MacGyver would be the same!

Here’s a screen cap from the video because, of course, the video will disappear.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.

  • uBlock Origin is a free, open source, ad blocker for your browser.
  • Use pi-hole if you have a spare Raspberry Pi on your network.
  • Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.