Website

warning: Creating default object from empty value in /var/www/legroom_v3/htdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

No, This Site Is Not Malicious

Sorry to even have to post this, but apparently my site has been classified as "malicious" by certain parties. It all seems to have originated from this particular malware list:
http://www.malwareurl.com/listing.php?domain=legroom.net

The reason? Someone apparently doesn't like my download script for Universal Extractor. Seriously. This is the "malicious" URL:
http://www.legroom.net/scripts/download.php?file=uniextract16

Any guesses as to what that does? It lets you download Universal Extractor 1.6. Oh, the horror! I use the download script rather than link directly because I need to move the location of the actual installer file from time to time due to bandwidth concerns or other issues. By using the download script to serve up the file, I can easily point it to a new location at any given, implement load balancing if needed, etc., without anyone having to worry about dead links (well, except for people who insist on hotlinking directly to the file against my wishes, but I don't have much sympathy for them).

Apparently someone didn't like my script and reported it. I guess. I haven't been able to get any more information about the issue. I guess I can kind of, sort of, maybe understand the concern about a download script like this, as I guess it could, possible, maybe be hijacked in some way to serve up malicious content, but that's not what happened here. My script is written such a way that it'd be impractical to try to use it for malicious means (I won't say impossible because, quite frankly, anything is possible on the internet); it'll serve up the specified file from a specified URL on a specified remote server and nothing else. If anyone tried to fiddle with it by adding fake filenames, etc., it'll just return an "invalid file" error message.

So someone must've thought the script seemed somehow suspicious, but couldn't bother to do even the simplest of tests to verify it before reporting it to a malware site, and the malware site, of course, listed it without question. And even better, I just discovered that numerous other sites have lowered legroom.net's reputation as well because of this listing, because, naturally, none of them could be bothered to verify the claim either.

And finally, the icing on the cake is that this was originally listed on malwareurl.com on 12/15/2009. That's right, eight months ago. In eight months of being reported, listed, copied and listed, copied again, etc., not once was I ever notified of the dangerous, horrible malicious content on my website. It wasn't until today that a visitor noticed the problem and sent me an e-mail to give me a heads up (coincidentally, two people contacted me today - my heartfelt thanks to both of you). So, it took eight months to find out about a non-existent problem that denied access to or drove away who knows how many people from my website. Fantastic.

Some choice words are coming to mind right now, but I'll refrain because this is a (mostly) family-friendly site.

I get the need for these kinds of sites (I use a few myself for e-mail blacklists), and I can appreciate that many of them are volunteer efforts with limited time and resources. Nevertheless, I think it's reasonable to expect the site operators to:
1. attempt to verify reported content
2. notify the administrative or technical contact of the domain when the site is blacklisted

These steps are not difficult: a simple click wouldn't verified that my script was innocuous, and the notification process could be automated by simply querying whois and sending a standard form letter. If either of those had been done, this issue could've been resolved quickly and easily. Instead, I find out eight months later and I'm pissed. This is not the best way to build support for, or trust in, community-driven security projects.

OK, I'm finished my rant now. On a more positive note, I'd like to thank the operator at malwaredomains.com for a very quick and amicable response to my inquiry about removing the inappropriate listing. Hopefully I can get the source of the problem, malwareurl.com, to correct the problem soon as well.

Spam Problems (actually, anti-spam problems)

I've been having issues with my spam module since upgrading to Drupal 6 a while back. It changed behavior very significantly, and in my opinion for the worse. Part of the problem I've been having with it is that content detected as spam is not always reliably reported as such. Sometimes it just disappears, literally. Submitters have the option to submit feedback on posts falsely classified as spam, and I may see that (if I remember to look in a completely different location than the rest of the posts I review), but even when I do see the feedback, the original post itself seems to be purged from the database.

I've noticed this problem before, but I didn't realize how bad it was. I have over a dozen feedback messages I just noticed for false positives, and I cannot approve the original posts because they no longer exist. Beyond that, there's no telling how many posts without feedback were falsely rejected.

The one good(?) thing is that this only seems to affect anonymous comments (which are heavily moderated anyway). If you want to post any comments to my website or forum, please register an account first - this should make sure your post gets through, and even if it is falsely reported as spam I should at least be able to review and approve it.

To everyone else that's been affected by this - my apologies. I do still have the content of the posts you submitted feedback on (as opposed to the original posts that I can simply approve as "not spam"), so I'll try to manually post them to the appropriate locations as myself and respond where appropriate. Please check back over the next day to see if your post made it.

I'm also going to investigate alternative anti-spam options to try to prevent this issue in the future. I'll write a new post about any changes.

Update:  Whew, ended up adding adding quite a few new forum posts and comments. Again, if you've posted a comment that was (falsely) flagged as spam and wondered why it never showed up, please check to see if your post is available now. I apologize once again for the screw up. Hopefully I can find a better spam solution soon.

Firefox Tips and Tricks Page Updated

I've updated my Firefox Tips and Tricks page. This was the first major update since Firefox 2.x, so there have been quite a few changes and updates. I also added a new section for custom styles, mostly for fixing Firefox UI quirks.

Hope you find this helpful.

Universal Extractor 1.6.1 Released

After a nearly two year hiatus, I finally got around to updating Universal Extractor. This release focuses heavily on bug fixes, reliability improvements, and component updates, so the "new features" list is rather short. It is, however, an important update and I recommend all Universal Extractor users upgrade when they get the chance. It also includes several new and updated translations. Please check out the changelog for all the details.

For more information:
Universal Extractor home page and downloads
Universal Extractor ChangeLog
Universal Extractor feedback and support

New Navigation Feature: News Categories

This is something I've been meaning to add to the site for quite a long time. In the Navigation menu on the left side of the screen, you'll find a new News Categories link. Click on that and you'll see a list of all terms used to categories posts on this site. Click on any term and you'll see a list of all posts in that category. This provides and easy way to, for example, see posts relating to all of my software projects or tips and tricks.

It's also possible to grab RSS feeds for specific categories. For example, if you're only interested in posts about software updates, browse to the Software category, then select the RSS feed icon provided through that page.

Please report any problems in the comments. Thanks.

LegRoom E-Mail Access Temporarily Unavailable

Beginning at about midnight on Friday night / Saturday morning (11/14), I'm taking down the LegRoom.net e-mail server for some maintenance and upgrades. In the process I'm going to be copying mail to a new location, so I don't want any new mail coming in during that process as it may get dropped.

Once the upgrade is complete and the new configuration is properly tested, I'll bring the mail server back up. This should be done by Saturday afternoon. I'll post an update here once it's complete.

Update 11/14 04:00: E-mail is back up.

Major Website Upgrade

I just (mostly) finished a major upgrade of the LegRoom.net website backend (Drupal, for those who are curious). Although the site should look and feel the same, I had to make some pretty substantial changes to complete the upgrade. As a result, some parts of the site may not look the same, some functionality may be different or missing, etc. Please notify me ASAP if you find any problems. Some examples:

  • Glitches or general ugliness in the web site layout (I had to upgrade the theme as well, which has had only very limited testing)
  • Broken links
  • Missing components/pages (eg., webmail, dailystrips, etc.)
  • Permissions problems / Access Denied errors on certain pages (again, webmail, dailystrips, etc.)
  • Problems with dailystrips - this is the first (and so far only) personal module that I've converted. I think everything's working properly, but please let me know if you find any issues so I can address them as I port the other modules
    • As an added bonus, I also updated the definition for Penny Arcade, so that should now (finally) be working again

The following issues are currently known:

  • bookmarks, metasearch, ssh, sysinfo, and wishlist modules are missing - these all need to be upgraded, and the SSH and sysinfo modules probably won't make a return at all
  • Web site glitches and general ugliness - I know that there are a number of issues with the theme as things stand currently. It'll take me a while to find and work out all the kinks again. However, please still report any issues you find, as it may be something I haven't noticed.