Press "Enter" to skip to content

Is This Any Way to Run a Web Site?

By now, both of the regular visitors to this site have doubtlessly discovered we didn’t publish a blog on Friday or yesterday, though neither of them have contacted me about it. Those who know me might be inclined to think the missing blogs are due to my laziness. How I wish that was so. How I wish I’d just said to myself, “To heck with the blog, I’m going to have a mint julep.” Instead, I’ve been done-in by Murphy’s Law.

My first clue that Murphy was going to strike came late Thursday afternoon, just as I was getting ready to close down the office for the evening. I was intending to go home, have a quick dinner and bang out “Friday FOSS Week in Review” and get it scheduled to publish here on Friday morning. As Google was having their big developers’ fest out west, and everybody in tech was continuing to sue everybody else in tech, this was going to be an easy column to write. But just as I was getting ready to turn off the office computer and take the trip home, I received an email with no message, just the subject line: “PLEASE REMOVE ME FROM YOUR MAILING LIST.”


I knew what this meant, and it wasn’t good.

In addition to being a hack writer here at FOSS Force, I’m a webmaster. During the first week in May, a client’s ecommerce site was hit by a spammer who’d figured a way to use the email feature “Recommend this Product to a Friend” to send thousands of spam emails. He hadn’t done anything else, like access the site’s database of customers, he just sent tons of spam, burning-up a considerable amount of bandwidth and generating bad PR towards the site, as the site’s email address was showing up in the “from” field.

The thing to do was disable the “recommend this product” feature. However, in the site’s back end I discovered that there was no way to do that. There was a way to make the feature only available to logged-on visitors, and there was a way to remove the link button from the site, but no way to completely disable the feature.

I tested the first option and it worked fine. If a visitor wasn’t logged-on, even if he typed the URL to the “recommend” feature he was taken to the site’s home page. The second option was less satisfying. If a logged-on visitor typed the URL, even though the link button was gone, he or she would be taken directly to the “recommend” page with it’s fully functional text boxes and input fields.

I wasn’t in the mood to hack so I took the easy way out, closed the feature to all but logged-on customers, ticked away the link button, and banned the IP address of the Russian offender from our server. I knew this would be a temporary solution at best, having had enough experience with spammers to know them to be a determined lot. Howevber, the site was due for a major upgrade around Labor Day, so if I could avoid doing any hacking until then, I’d be in the clear.

Which brings me back to Thursday night, and the email with no message, just a subject line reading: “PLEASE REMOVE ME FROM YOUR MAILING LIST.”

That email probably meant, of course, that our spammer was back in. Sure enough, when I logged-on to the site as admin I found a new customer had registered using a name that was a string of lower case letters that obviously wouldn’t translate into a name in any known language. I deleted him/her from the database to slow him down a little, closed down the office and headed home, figuring I’d work more on the problem there.

By the time I got home there was an email, “possible abuse of script,” from our hosting service. They had already banned the new offending IP address and strongly suggested that I fix the vulnerability pronto. Since I knew the suggestion implied “fix it or we’ll fix it for you by taking the site down,” I fired an email back telling them I was on top of it. So much for working on “Friday FOSS Week in Review.”

The ecommerce app I use on the site is open source, so I went straight to the help forums. In no time at all I found a thread dealing with the problem which included a solution that didn’t require too much hacking. I hacked a little, got the problem fixed, notified the host, and decided to drop Friday’s blog on FOSS Force. It was past my bedtime. I’d turn in something extra special good for Monday.

On Sunday I was going to spend a few hours working on another web site we’re putting up and then write Monday’s blog. Unfortunately, I hit a few snags trying to implement the design of the new site, so the entire day was taken-up working on that. I still figured this to be no problem. I’d just wait until I got to the office on Monday, put together that day’s blog and have it published by noon, just a few hours late. What could go wrong with that?

Murphy’s law, that’s what.

When I got in the office this morning (Monday), I fired-up our computer to discover our old CRT monitor has died. This isn’t entirely unexpected. The monitor is very old and has been showing signs for the last several weeks that it’s on it’s last legs. However, no monitor means no access to the web site which means no way to write or publish a blog (or do any of the other things I do that requires a computer or Internet access – which is almost everything I do).

So here I am on Monday afternoon. I sit with pen and notebook writing Tuesday’s blog the old fashioned way while listening to NPR’s “All Things Considered.” When I get to my part time job at a local university library tonight, I’ll put this through a rewrite and get it scheduled to publish on Tuesday morning.

When I get home tonight around midnight, I’ll grab the unused monitor that been sitting under a blanket on a shelf in my computer room and put it in my car’s trunk to bring in to work with me tomorrow. With a little luck, it’ll still work. It worked just fine when I took it out of service five or six years ago, but it’s been sitting on the shelf gathering dust since then, so who knows.

All I know for sure is I’ll be happy when this latest round of Murphy’s Law is over.

One Comment

  1. Storm Williams Storm Williams May 26, 2010

    You can still have the julep!

Comments are closed.

Latest FOSS News: