Is Yahoo! under attack?

I could not get onto Yahoo! Messenger right this moment. Even Yahoo! Mail and Web Messenger wouldn’t load. With only a few Yahoo! services I make use of,[1] the only thing I could currently load is the homepage.

I was thinking about a localized network issue on my part since PLDT myDSL has had a lot of negative feedback from subscribers.[2] But my cousin from another city just got online on Gmail with Chat/Google Talk, and though he is on the same provider, I could confirm this isn’t an isolated issue. Unless of course the whole of PLDT’s network couldn’t resolve a connection to select Yahoo! servers.

So, I thought: Is Yahoo! under attack? It is, basically, on a distributed network of servers. So I could think that only the mail and messaging servers were targeted with DoS attacks. Could anybody confirm this?

Losing a heavily used communications tool is much of a hassle for someone like me especially at these times of night. And all those cyber crime in TV shows and news articles I’ve read just fuels my h4x0r imagination.

Ohhhkay. The moment I hit “Publish”, Messenger popped-out having just signed on again. That was weird, but the 2½-hour downtime is still something considering Yahoo! is a very large Internet corporation. So I still ask: Was Yahoo! attacked? Or should I consider changing my Internet Service Provider now? 😛

  1. ^ Those two mentioned above, Messenger and Mail.
  2. ^ Though I am still 95% positive about the service I am getting.

On Nofollow, Spam and Plugins

When the search engine giant Google announced that it would implement the rel="nofollow" directive on its crawlers, most people had hopes it would be the end of comment spam, most especially when search competitors Yahoo! and MSN expressed support for the microformat as well.

But, as the years passed even with WordPress immediately supporting the rel="nofollow" attribute since its inception, comment spam attacks on AjaLapus.com increased so suddenly. The most probable cause of the increase is when my homepage’s PageRank increased to 6 last 29th of January rendering it more visible on SERPs. From 50 spams a day to up to 200, the weight of these spammers causes my server precious bandwidth and processing, and me of my time when checking for false positives. These spammers could just be turning a blind eye on rel="nofollow" as spamming costs almost—if not absolutely—nothing to spread.

From the words of Ben Hammersley:

If the playing field is levelled by rel="nofollow", then everyone involved will be forced to try all the harder to get their links out there. The blogosphere will be hit all the harder because of the need to maximise the gains.

Besides, them spammers are not only aiming to be displayed on SERPs, they are trying to be clicked on by human visitors as well. And, even when 99% of the blogs out there use rel="nofollow", the remaining 689,000[1] blogs that doesn’t could be easily found by mere crawling of these spambots on any link they could find. Why bother to scan for the use of rel="nofollow" when you could just post away spam as easily? These spammers affiliate with porn, pill and casino advertisers that earn thousands of dollars of revenue from clicks and visits from real people, consequently receiving commission from them—providing the motivation for more spamming.

But, has this initiative from Google done its job? Many people do not think so. Aside from Ben, other people thought of it as utter failure.

As Dylan Tweney may put it:

Worse, nofollow has another, more pernicious effect, which is that it reduces the value of legitimate comments.

It would also reduce the motivation to comment on blogs thinking that there’s no way we could benefit from reacting on someone else’s blog entry since our links would be regarded as nonexistent. So much for Web 2.0 and Web interaction. I know I have experienced this a lot of times before, though it has somehow dissipated with these realizations.

Jeremy Zawodny has a better angle about this matter:

I’ve seen that first hand. The “psychology of linking” did change in a fairly obvious way after nofollow started.

….

Look. Linking is part of what makes the web work. If you’re actually concerned about every link you make being counted in some global database of site endorsements, you’re probably over-thinking just a bit.

Straight to the point. So what do I do now since WordPress has no way of deactivating the addition of rel="nofollow" on comment URIs except for hacking into the source code? I’ve looked through Andy Beard‘s Ultimate List of DoFollow Plugins and found two different plugins that suits my taste:

I currently use Kimmo’s DoFollow as it was the first one that got me interested. But, I think I need input from you guys: Which of the two do you think would be better to motivate commenters on my blog? The one in which they know their links would eventually be followable [DoFollow], or the other in which they’d have to accomplish a somehow obtrusive number of comments[2] on the whole site before their links would be followable [Link Love]?

If you’re thinking that I may be then vulnerable to spam comments gaining ranking from my site: I wouldn’t worry, since Akismet has done a good[3] job of screening spam for me. I think Dougal Campbell made me realize this.

And, I am planning to add another plugin that automatically closes comments on older entries that most spammers tend to target. I know there exists such plugins, I just can’t find them right know. Do you know any? How long should I make entries commentable? I have been receiving legitimate comments on older entries occasionally—a reason why I still haven’t decided about this kind of plugin yet. Maybe you could help me.

Oh, by the way, there also exists 11 reasons against nofollow from a German site dedicated against the use of rel="nofollow". And, more reasons from Loren Baker, which could be what you really need to understand that nofollow is not the answer.

Notes:

  1. ^ as Technorati currently tracks 68.9 million blogs
  2. ^ 10 comments as default—a somehow large number for a non-frequently updated Web log like this
  3. ^ not great, though—as there has been about 0.1% of false positives that occured

Ituloy Angsulong Spam

I’m sorry, I just have to rant about this.

Don’t get me wrong—I have nothing against Marc Macalua‘s Philippine SEO Contest dubbed Ituloy Angsulong, even though I really do not know the purpose of having a certain key-phrase pointing to your Web site where that phrase isn’t even about what you passionately blog. But the prize money is so good, I have even thought of joining the first contest (Isulong SEOPH), though I was ineligible for they do not accept the participation of those using old domain names.

From my understanding, the goal of the contest is to produce the top ranking page on the SERPs of Google, Yahoo! and MSN search engines with the term Ituloy Angsulong. Sounds easy, right? I thought about ways to win it for no reason at all [since I am not participating]. Then it came to me that with WordPress, one of the most used blogging platforms to date, automatically including rel="nofollow" on comment links, and the fact that I don’t participate in public forums makes it really hard [at least] for me to win it. Another thing is my hatred for spam that I most probably won’t comment with the key-phrase unless it is on topic.

Now, why would someone comment on one of my non-SEO related entries with the term Ituloy Angsulong linking to their contest entry URI? I guess it’s someone who’s so desperate to win. It seems to me that no one else hates spam more than I do. I’m thankful Akismet really knows spam—even if it is made by real people. Aren’t there rules about the contest not to spam anyone? Just a thought. I hope Marc Macalua could answer me with this. Please note that I check my Akismet spam list at least five times a day. Oh, I’m so glad it caught yours! Yes, I’m talking to you, Marhgil Macuha.

If you still can’t figure how Akismet knew what to block then you’re really a dumb ass. It’s spam—not the one I love to eat.

Was the Messenger Virus Controlled?

For those using Yahoo! Messenger like I do, you could have encountered a friend sending links to some cool pics (s)he would like to show you. I wouldn’t have blogged this as my friend Nicole already did. But, it seems that those at Yahoo! have already controlled the spread by blocking the links causing them to just show up as “http://” and not the whole URI to the infected Web site.

I happened to encounter those messages weeks before I knew it was a virus but I use Firefox, and when I went to the Web site, it didn’t infect me at all.

I just hope other messenger programs implement a block for those infectious messages as well in one way or another if it would not be like the system Yahoo! is already using. Besides, not only Yahoo! Messenger is vulnerable to this, but also AOL Instant Messenger and Windows Live Messenger. If you use these two other messaging services, please tell me if they’re also properly responding to these attacks. More info about the virus can be found at the Trend Micro Virus Encyclopedia entry for WORM_SOHANAD.I

Happy IMing to you all! 🙂

Update: The spammers apparently knew about what Yahoo! has been doing to block the URL to their malware site as I’ve just received another spam message from a contact with the address still intact. They now encode a portion of the domain to circumvent the filters of Yahoo! Messenger servers. For example, instead of thecoolpics.com which is blocked by server filters, they now send addresses as thec%6folpics.com with %6f being a URL-encoded version of the letter o.

Get free Norton Antivirus software.

Phishing Warning

I’ve just received two attempted attacks of phishing from two of my bloggermates in my Yahoo! Messenger contact list. I guess their accounts are being hacked the time I’ve received those messages, so I want to warn those of you who want to protect your accounts.

For those who do not know, phishing literally means fishing [for passwords], as the letter f is usually replaced by ph in 13375p34k. Another definition could be password harvesting or fishing

There are many methods of phishing attacks, usually through email that, most probably, directly goes to your spam directory [if you have any]. But ones through YM or any other IM accounts that really look like your friends are referring to you to go to are somehow really mind-controlling.

The method I’ve encountered used a spoof of the Yahoo! Photos Web site inside a Yahoo! Geocities Web page requiring you to sign in with your username and password in the attempt to trick you that your friends’ photos are posted post-login. Please take note that Yahoo! Geocities Web pages are user-controlled, meaning other people just made up that Web page.

The two URIs that was given to me was:

Apparently, those two sites that were IMed to me were already reported and were taken down. Some may still be out there, [or are currently being made] so please watch out still.

Note: Do NOT enter your login details there.

If you take a look at both the main frames’ source pages (the frames with the sign in page displayed), you will see that the form input will go to a mailform (http://www2.fiberbit.net/form/mailto.cgi) with the same email address input of smoke.beer@gmail.com. (Now, spam that bastard!) It just means that your login information will go to his GMail inbox.

The primary solutions for this is within you. You should basically:

  • Never trust login forms inside a frame of user-controlled Web page.
  • Try to login directly from the site, with secure (HTTPS) connection if possible. (e.g., Yahoo! Login, Google Accounts)
  • Never trust friends’ URI referrals unless you really know the site or have checked for security flaws/issues.

I know I haven’t fully discussed what could be done to prevent such intrusions to your accounts, you might even want to change your passwords regularly. Just remember to be aware of such possibilities when visiting untrusted Web sites. Or else, you may be giving them permission to hack you.

More about Phishing: