In my belief that I could actually take some free time to explore new learning I set about last Monday night to set up a website that ran on a single port. I have never done this so I needed Apache to rewrite or proxy to that port so the application could work. It really was just a test application so I could learn how to do such things with apache.

Granted I have never set up a proxy server and found the warning posted all over every resource I read on the subject. Invariably yesterday I made a change that turned my personal web server into an open proxy; although I only realized this today. Never said I knew it all, other that JavaScript .

This morning I found that the one and only large website I run on my personal server was running a little slow I set about looking into it. That’s when I found out that I was processing about 9 requests per second on my box through the proxy. That is unheard of for this little 512M rdram box I’ve had from ‘98.

Of course at first I freaked not wanting all this traffic that was coming through, only thinking about how it would affect my network not to mention any hack attempts against my server. I tried desperately to revert all my changes to what they were before. To no avail. Apache kept serving an open proxy even with the old settings.

Then I noticed a trend in the proxies. A lot of the proxies seemed to be gaming affiliate systems. At that point I was all over turning this noobish episode into a honeypot. Seeings how one of my main considerations in setting up an affiliate system was to prevent fraud this was invaluable information on how gamers use proxies to gain money. I had a perfect opportunity to learn their signatures, if not their IP’s.

From my little bitty server I saw Alexa, Yahoo! get gamed. I saw click counts get inflated to several other sites. Even a few test the animosity of my new honeypot. Using the open proxy I accidentally created I became the hacker against it and sought to see if I could protect an application against this sort of gaming.

One of the not so striking lessons was that the user-agent was a standard browser user-agent *cough*FireFox*cough*. Although two requests per second from the same IPA with the same GET info over the total of five minutes, tends to lead you to believe that this wasn’t a person but a script bot instead.

If I’ve learned anything from Zookoda it’s that spammer busting is difficult, but can be done. I’ve had several “honeypot” blogs set up for a while to bust sploggers and comment spammers and that has been effective. Proxy spammers are just the next step in where I need to go.

I know I’m not a sys admin, but I want to learn. I also know an opportunity to crack a spammers ass when I see it as well!

Tags: affiliate, noob, spam

Not that I was ever far from the computer mind you. In fact I’ve been sitting right here watching you hit my site, rather trying to see if you were a search engine. The past four months I have been coding every day and ngiht including weekends to deliver some projects.

Recently envieled at IZEAFest was the introduction to the Affiliate Program for SocialSpark. That was me. Four months ago it was kicked off; originally starting in Pylons. Roughly a week after starting it I had to break off and help out with the solutions center stuff for about a month. Working only in the evening/weekends on how to best build an affiliate program.

You’re sure to notice all the posts about CherryPy, that’s because the decision was made to go with that for the affiliate server since I didn’t need a true Python framework for tracking. I’m glad I did since CherryPy proved to much faster, and I was able to build a mini-framework out of it using Cheetah. Each controller is RESTFul, and the folder hierarchy is along the lines of Ruby on Rails.

It has been a long four months, even if some at work don’t appreciate it or even recognize it. However I am proud of my work and have lot’s of great things to present to you about my working with CherryPy 3.1.0.

The CherryPy script is a really simple deploy script and daemonizing CherryPy has so much more performance.

Using CherryPy under mod_python breaks the cherrypy dispatcher.

I know I spoke of similar things in other posts but I’ll get there.

Tags: cherrypy, Python