Most readers are probably familiar with the fact that companies or organizations sometimes post “bounties” for open source products, or features, that they would like to see developed. Implement the thing to their satisfaction, you get the bounty – and the community gets the code. Sweet. A while back I started gathering references to these things, thinking I’d start a site that listed them, made connections between coders and sponsors, etc.
As I hinted in my report several days ago about this server suffering a DOS attack, I’ve taken some measures to prevent a repeat occurrence. One of them was to install the mod_evasive Apache module, which was suggested by a number of people. (There’s also mod_security. It’s way more complex than I need right now, but would be worth looking at for a busier server.) Initially I was skeptical, since mod_evasive doesn’t seem to be a very actively maintained project.
If you tried to reach this blog or anything else on this server this afternoon, you may not have had much luck. A computer in Korea was hammering my server so hard (aka Denial of Service attack) that my hosting provider temporarily disabled Apache so that my instance didn’t bog down the whole VPS. I was busy at work when this happened and am not sure exactly how long it was out, but this was one of the most severe outages I’ve had in the last three and a half years.
One of my neglected side projects, purportal.com, features a “Scammy spam library” where I share the text of scam emails I’ve been collecting. Today it reached the 1000-specimen milestone, so I wrote a little script to count word frequencies. The raw list reads like some of the less coherent messages itself: account email our please ebay me paypal information bank any address through contact security am money funds us million…
Bruce Schneier has an enjoyable article up on Wired News that describes what he learned analyzing some password data from a recent MySpace phishing attack. In it, he lists the top 20 most common passwords in his sample of 34,000: password1, abc123, myspace1, password, blink182, qwerty1, fuckyou, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey. Best quote from the article: “I don’t know what the deal is with monkeys.