TFBW

I don’t receive all that many phone calls on my land-line telephone. Most people who know me now call me on my mobile phone. Consequently, the percentage of telemarketing calls I receive on the land-line keeps rising. I screen all my calls through my answering machine, and in the vast majority of cases there is no message left: the caller has hung up before the outgoing message is even finished. I’m seriously considering termination of the service: I’m not paying a monthly fee just to provide a service to telemarketers, dammit.

My mobile phone, on the other hand, has been relatively free of junk calls. Up until yesterday, I’ve only had one telemarketing incident: someone trying to sell mobile phone service. He phoned during the day, but I was asleep thanks to having a very late night previously. I played along, and rambled somewhat unthinkingly at him for a while (not hard — he woke me up), and he eventually accused me of wasting his time, and hung up on me. Score!

The second incident came yesterday, and I think it’s a bad sign of things to come, which is why I mention it here. This call was not an in-person telemarketing call, but a pre-recorded one. The inconsiderate pests just phoned me up and played their ad at me — a completely mechanical process. The reason it was targeted at my mobile was clear enough: it was an ad for one of those atrocious “premium rate” scams services; specifically, WizQuiz Pty Ltd (ACN 127 627 089). Their quiz strikes me as a bit of a rip off: they send you a “trivia question” via premium SMS ($6.60, ka-ching), which you can answer ($0.25, ka-ching), and if you get it wrong, they’ll let you know through another premium SMS ($6.60, ka-ching), and so on. If you get it right, then you’re competing against everyone else who got it right for whatever prize they’re offering — probably an iPod or something small like that. That’s potentially a lot of ka-ching for very little outlay on their part. I listened to their entire ad in silence, hoping that it would increase their running costs more than simply hanging up would, but with potential income like that, it’s no wonder they can afford to rack up some expenses.

Personally, I wish I could opt out of “premium rate” anything with all phone companies, but it seems like they get a slice of the action, so it’s not in their own immediate interest to let you opt out. Fortunately, there is something that can be done about telemarketing, and it’s about time I did it myself. As of 31 May, 2007, telemarketers in Australia (or operating on behalf of Australian businesses) are bound by the “Do Not Call Register”. I’m pretty sure the existence of this register isn’t widely known — after all, it’s not like the telemarketers are going to mention it. Whatever the case, I’m now going to add both my phone numbers to this register, and see if I can’t claim back my communications services from these nuisances.

In the long run, however, it wouldn’t surprise me if we need to add “white list” functionality to phones, such that my phone only rings if the caller is in my personal phonebook. All others get diverted to voicemail or something. Actually, I’d be happy to take telemarketing calls — I just want it to be on the receiving end of one of those “premium rate” numbers. Go ahead: market at me — $6.60 per minute, including tax.

Apparently I picked a ripe moment to start hosting a forum. Forum spam has been a problem for quite a while, but it seems to have hit a new pitch this month. Perhaps the automated spamming tools with imaginative names like “Forum Poster” have hit the mainstream. These generate a maximum amount of damage (in the euphemistic name of “search engine optimisation”) with a minimum amount of user interaction.

Fortunately I’ve managed to fend off the spam for now. After one or two attempts with limited success, I’ve found an approach which neutralises the bot-generated spam without noticably impacting normal operation. I’m using phpBB, but this technique isn’t specific to that software.

The technique involves adding one line of Javascript to the main template for the forum, and a couple of lines of Apache “.htaccess” configuration (or equivalent). The one line of Javascript sets a session cookie. It doesn’t really matter what the cookie is called or what value it holds: make something up. The Javascript code looks like the following.

document.cookie = 'foo=bar;PATH=/';

In this particular case, a cookie named ‘foo’ obtains the value ‘bar’. Next, create or modify the “.htaccess” file for the forum (assuming that it’s served by Apache) to deny POST operations except where this cookie is present. The configuration might look like the following.

SetEnvIf Request_Method "^POST$" posting
SetEnvIf Cookie "foo=bar" javascript
Order Deny,Allow
Deny from env=posting
Allow from env=javascript


If a client attempts to POST anything to the server (as it would in leaving a message or creating a user account), it will receive a “403 Access Denied” response unless the appropriate cookie is set. This should filter out anything that lacks Javascript support, including the forum posting spamware (at this point in time). If the technique becomes widespread, the arms race will progress, and the spamware authors will adjust accordingly. Such is life. It’s an excellent measure to take right at the moment, however.

While I’m on the subject of forum spam, I’d like to blow a big raspberry in the direction of “TOT Corporation” in Thailand for the netblock 203.113.13.0/24, and “Telefonica de Espana” in Spain for the netblock 80.58.205.0/24. Several addresses in these ranges are, at this time, using (or proxying) forum spamming software which is blocked by my filter. Given that they hit my forum on the order of ten times a day, I hate to think how much crap they generate on a global scale. A quick Google search for “203.113.13.” shows it to be a notorious source of Wiki and guestbook spam as well.

Food for misanthropy.

Further updates on this subject can be found in a dedicated thread in the forum itself. There you can see what abuse has occurred since inventing this technique, and what additional measures have been necessary. Also, you can comment there. Guest posting is enabled.