I am an old Unix dude, I have installed more different versions of Unix than most people – Everything from Sco Xenix/286 thru to Centos5.2 and I don’t usually have much problems – but as time wears on, my brainDisk is starting to squeal and it’s not as fast at random access as it used to be so I was really happy when I rented a server with Cpanel/WHM installed on it.
For those who don’t know, Cpanel is the web-based interface to everything you will never learn on a Unix server – plus, the WHM super system allows you to carve off a chunk and sell it or give it away to your pals, reasonably confident that they won’t/can’t screw it up.
Add in virtual web/mail/log server management and lots of useful pre-installed tools and you have a system where you rarely have to get your hands dirty under the #hood.

Well, I love Cpanel now and I have grown to rely on it (curses!) so when it comes to creating my own server, so I can save money on a dedicated one I find I need it to get things done (and my old stuff transferred.

The problem with CP is that it costs $$money. between $30 and $48/month. and. I. just. don’t. want. to. pay. that. any. more….. so….

Piracy is out – mainly because you need to register the license with CP and also because that’s bad!:’(

Perhaps I could install it, setup my system the way I want and then after a month or so, hand it back??

well, no apparently – most people (Including themselves) seem to be of the opinion that to uninstall CP, you should really re-install Linux…. kind of defeats my object here!

so…. alternatives, anyone?

There are a few – some other commercial (pay $$ for) such as DirectAdmin and some Public Domain ones (Web-CP, WebMin/VirtualMin). So I started evaluating these free Cpanel Alternatives ….

1. WebMin/VirtualMin

Looks like it will do the job – only one of the alts that I’ve heard of and actually used before. Installs easily enough and looks nice – has a fine range of functionality but what lets it down is it’s non-simplicity. Cpanel’s approach is to show you a bunch of things that you may want to do and asks sensible questions (with usually relevant tooltips close by) so help you accomplish your requirements.  WebMin takes the ‘I’ll help you to write the configuration files correctly’ approach – you really have to know what you’re doing and in a lot of cases, the input fields are just blank with no clue as to what to put there.

WebMin Configuring Backup Example Screenshot

This probably highlights the major difference between CPanel/WHM and the rest of the Server Admin systems out there – CP/WHM does some pretty radical things to your server when you install it and this is why it’s so hard to uninstall. The other systems kind of leave things as they are and just act as configuration helpers. As an example, see the two screenshots of the ‘backup’ functions.

Cpanel Domain Owner Backup Page

2. Web-CP

Much, much, harder to install and harder to find the installation instructions too. but seems pretty good so far.

I had problems with the PHP startup scripts being written with DOS line endings which confused the life out of me for a while until I found it.  Still not able to start the system up but suspect it’s something to do with the line that reads:

$args = trim(next($HTTP_SERVER_VARS["argv"]));

# Shouldn’t that just be ARGV for shell scripts?)

… I’ll continue and let you know how I get on.

It’s my third iteration on the same basic principle: take a carefully filtered and enhanced archive of 150,000 email messages and then sort, categorize and analyze them, then put them in a defanged, indexable/searchable list format so that people can browse them.

The first was a program I wrote in perl back in 2004, it was a POP sucker that connected to the mailbox, attempted to extract message parts and rewrite them as a html page. While successful, I was never happy at my efforts to disentangle nested messages and alternate body parts – this meant that a lot of emails showed up with lots of Base64 and other garbage. (eg. ScamDB_S_74.php)

The next try I had was to use a mail archive indexer program called ‘Hypermail‘. This was mostly successful at splitting messages into component parts but was still not quite flexible enough for my needs and the indexes were way too long. (eg. HYPMAIL/date.php)

So this spring, I am trying a whole new system that I rewrote in PHP, my code of choice for the decade. I am still mailbox based, mainly so that I can prune spam that has sneaked through my filters, but that may change soon.

This is how the Scamdex Engine works:

1. Scam Emails arrive in the honeypot mailbox.
2. Using Thunderbird with various Add-ons, I partially manually sort the scam emails into a holding mailstore and throw away the junk.
3. A program runs nightly which:
   1. Analyses emails in the holding mailstore into one of 5 categories (419/AFF, Auctions, Jobs, Phishing, Lottery).
   2. Adds some extra Headers to the email.
   3. Moves it to the correct mailbox archive location.
   4. Runs MHONARC to create the indexed archive and html-ized emails.
   5. post-processes the MHonarc-ized pages to add a php index include file, update the (MySQL) database and  distribute the keywords  and scoring to  META and the nice little  graph widget.
   6. 
   7. err… that’s it!
      

It’s not pretty or fast but it works, and I can understand it. It’s easy to fix and add to. It’s annoying having to run the process every night from scratch but until I work out how to use the MHONARC system to add/delete emails from the archive, it’s all I can do. Any suggestions about how I can do this better, let me hear them!

(send to scamblog(a)o7e.net)

Well to start with, I wanted to PHP-ize everything. SO I started looking at the Apache/PHP config and as usual, without backups or testing or anything, I dived in and threw the big red switch. Everything seemed to go ok but then the trouble started!
All my websites broke. any ‘.html’ web pages that had embedded php in them broke really badly, whole directories of files became ‘not found’ and it kept asking me what I wanted to do with files of type httpd-php5 and so on….

ANyway, lots of hacking later and it seems to be working. I had to force all the ‘.html’ files to become ‘.php’ files, but a little bit of .htaccess rewriting allows for previous search engine results to continue to work. had to upgrade wordpress and do a lot of tweaking for the file ownerships and permissions to even allow people to see them.

and then…

and then I noticed I had a visitor. Not just any visitor – he had guessed the ‘admin’ password (and I thought it was SOOOO clever) and had made himself root and installed some shitty little spam engine. Got rid of that and locked down sshd access to impose limits on number of failed logins per IP but he got back in and this time installed a Mech Chat server.

He”l probably get back in – linux security isn’t my best skill – but at least he didnt trash anything and it forced me to tidy up a bit.

Sees like he was one of our dear Romanian friends, but that might just have been ip cloaking…

Next phase is to make the scam emails look a bit nicer. I am trying out mhonarc – more flexible than hypermail and much better de-miming than my sad pathetic efforts. Check back to see how I’m doing.

Scamdex got a mention on BBC Radio 4s new IT programme!
The first episode, Staying secure in internet banking, discussed the increase in the number of customers banking online and the inevitable increase in the number of internet banking scams.

The presenter, Rajesh Mirchandani (pictured) discusses the problem with representatives from the UK banking trade body APACS and IT writer Rupert Goodwins and the measures banks and consumers need to take to minimise the risks.

Listen to the whole show here.

As you may have guessed, my design skills are not my best feature. Since I launched Scamdex in 2004, the logo I designed using the excellent (and simple) ‘Banner Maker Pro‘ product has remained. I recently bought a copy of Xara3D (v5) and got to work. Here’s what I came up with: – Not bad eh?

I got a bit silly and tried out some of the animated functions but they made me feel dizzy after a while:

Anyway, here’s the deal: if someone with design skills can make me a decent logo/template design (no shockwave please!), I’ll give out a major reward.

1. Top prize is a website hosted by me. you provide the domain name. (really!)
2. Second prize is a signed photo of my cat, William of Orangevale.
3. Third prize is a stack of 1640 interlocking pavers, used, red color – you haul.
4. Forth prize is this mug of tea (with refill).

See – really exciting prizes and all completely bone-a-fido.

Send your lovely submissions to webmaster_of_scamdex(a)Scamdex.com.

A Forum has been created that you really, really shouldnt post on. That’s because it’s a so-called ‘honeypot’ forum. It’s designed to attract those bots and individuals who pepper legitimate forums (fora?) withe simple spam, often of the most eggregiously scammy, scummy and nasty. The owner of o7E.net is compiling a database of all the postings and will use it to maintain lists of those who should be shunned, whether by email address, ip address, spamvertized website or anything else

Remember – if you dont want to be ostracized by decent society, DONT POST on www.o7E.net