Email scams again

Security, Spam/Scam

People keep reporting emails that say something like:

Dear network user,
Your account has violated a quota and will be turned off.
To avoid this, email your login name and password to
somebody@somewhere.com.

Signed, wou.edu administrator

To us geek types, this is obviously a scam. I just keep getting reminded that other people don’t instantly spot this for what it is, even when it tells them to send their info to a non-WOU address. It can be even harder to spot when the From: address on the email is something like admin@wou.edu, or the message tells you to go to a link that looks like it’s on our website but actually goes elsewhere.

So really what we need are some general rules of thumb. The first and most obvious is never, ever, ever, EVER put your password into an email message. Never. And did I mention never? Of course this means we UCS folks should never ask someone for their password except in person — we really don’t even want to get users in the habit of saying their password over the phone.

Another rule of thumb would be never trust emails from generic addresses. When we send messages out, they’ll have a specific name on them, not just “admin@wou.edu” or some such.

If we agree on this among ourselves and communicate it to users, hopefully that’ll help everybody.

User creation process improvements

Accounts, Programming, Systems

A few weeks ago, when Brian was on vacation, some of the rest of us had a communication breakdown about creating new user accounts, and several new employees had to wait entirely too long before they could log on. This was at least partially my fault.

Brian is going to be gone again next week, but this time we won’t have these problems because we’ve improved the process. First of all, we found out why most of the notifications were misrouted and fixed that. Also, I’ve added some more automation to the faculty/staff account creation system, so there’s less work to do. I can’t really talk about the details because that would mean giving out too many specifics about our servers, but several steps that formerly had to be done by hand now happen by themselves. The weird part was how easy it was to do, once we took another look at the process; once upon a time it had to be complicated, but thanks to various changes we’ve made in the last few years, a bunch of stuff was no longer needed.

Anyway it’s way the heck late at night and I need to get out of here. At least the prettymail stuff is working , um, pretty well. (Yeah, this is my 2AM sense of humor.)

Frustration

Programming

OK, it’s a quarter to two, I’ve been here since noon (you can criticize my schedule when you start working fourteen-hour days) All week I’ve been wracking my brains over one single annoying bug in the new prettymail system. Three messages out of 100 come across completely blank, for no apparent reason whatsoever. Their source code looks exactly as it should — even though these are annoying MS-Word copied emails with hundreds of lines of insane proprietary CSS code, I’m pretty sure of that. I’ve read pages and pages of documentation, I know all about how to build multilevel MIME-type email messages in five different encodings, I’ve gone so far as to manually change the source code in every way I can think of, and pipe the message through the mail system over and over and over again.

But they don’t show up. Completely blank. No matter what I do. It blows my mind. I’ve tried everything I can think of.

This kind of thing is just part of being a programmer. Something will stop you cold in your tracks and you have to beat your head on the wall until you find that one letter that’s supposed to be capitalized but isn’t, or that one variable that got replaced by a local value when you weren’t looking, or whatever.

The problem is, I really need to get this done because people are waiting on me. Other projects are waiting on me. I can’t afford to take this long on something like this. One thing I do know, though; it’s 2 AM now. I’m sure not going to solve it right now. Time to have a weekend and try some more next week.

Freakin’ Spammers!

Spam/Scam

We just had another one of those mass email scams that claimed it came from wou.edu and told people to reply with their usernames and passwords.

At least three people fell for it and their accounts got hijacked and used to send tons of spam until we shut them down. What a mess.

Maybe someday people will learn to think before following instructions they see in some random email. Not likely… but it’s more likely than all these [vile cursewording] spammers and scammers deciding to work for a living instead of exploiting people.

Pretty email

Programming

You may or may not remember that for a while we converted the all faculty/staff email list to a system of multiple categorized list that people could opt out of. The mechanism basically grabbed email out of the allfacstaff@wou.edu inbox, turned it into plain text, wiped out attachments and replaced them with links to copies of those same files on the website, and put the messages into a database where certain people could approve and categorize them. Another process then searched for approved emails and sent them to the lists belonging to the right categories.

This system turned out not to work well enough, especially the part where it converted everything to plain text. Email messages can have all kinds of cruft in them, including buckets of formatting codes from MS Word, weirdly encoded characters from odd email systems, forwarded messages with attachments, messages forwarded AS attachments, etc. So we had too many messages coming through the system all messed up, and we had to switch back to the old way of doing things.

Since then I’ve been working on a better system and it’s finally coming together. Instead of converting to plain text, I’m converting to the standard multipart/alternative format that contains an HTML body to be used in HTML-capable email systems like the WOU webmail, and also a plaintext body for email programs that can’t display HTML (or where people don’t like HTML and have turned it off.)

It’s a pain because I still need to parse an unknown number of attachments, forwarded messages, etc. The attachments have to be removed and copied to the webserver so we don’t have to cram each one through the mailserver a thousand times. I need to replace image links within the email with links to the website copies, and remove various kinds of custom formatting… blah, I’m tired. More later.

Testing video embedding

Uncategorized

I want to see if I can embed a youtube video in a blog post. And not just any video… it shows one of the greatest Rube Goldberg contraptions ever designed. The video has been making the rounds lately so you may have seen it already, but check it out!

Well, it looks like the size isn’t exactly compatible with the standard Movable Type layout even if you have a wide screen. Such is life. I’ll need to fix that whenever I get around to making a custom template for this blog, though.

Time flies…

Blogging, General

And yet again it’s been a few months since I last posted. In my defense, these have been crazy months, including the mailserver upgrade, the mess with the all-faculty-staff email lists, frantically trying to get caught up on all the other stuff I had to lets slide because of the big things, then I went on vacation, then I came back and had to get caught up from that, then I was out sick a few days…

Sheesh. The thing is, none of this stuff should be a barrier to updating my blog. I think my problem is that I feel like I have to write something long and involved, not to mention at least a bit witty. Really all that’s needed are quick updates.

So let’s see if, this time, I can do better. I’ve been working on those posts about “how does the Web work anyway” that I mentioned, but they’re pretty dense, so it might be a while before I put them up. Meanwhile I’ll concentrate on shorter posts and try to catch up on my entry count.