I’ve mentioned in previous posts about the comment spam that I’ve been getting lately, and it hasn’t really stopped much. (I’m still planning on upgrading to the latest b2evo, but I just finished moving house, so my internet connectivity is limited at best…)

But anyway, one piece of spam I got was so funny that I decided to keep it. Here is, copied here:

Your blog sure generates alot of comments.

What I do not understand (still new at blogging) is why almost all comments have nothing to do with the posts!

Do all these people just need to vent?

Well that's my two cents!

Have a great day!

It’s got to be the funniest piece of comment spam I’ve ever seen! I wonder what other pieces of amusing spam people get?

Sorry, I do plan to get some more technical stuff up soon, I’ve just been really busy with the move and all.

I’ve recently been hit by a bit of comment spam (I’m hoping to upgrade to the latest version of b2evolution, which has a few more anti-spam options, in the near future) but one thing that’s surprised me is how clever the spammers are getting.

At it’s most basic level, b2evolution’s anti-spam measures work via a blacklist of URLs (or at least keywords within URLs). Every now and then I update my list of blacklisted words that you’re not allowed to link to because they’re spammers.

Now, if someone spams my comments, it’s got an option to automatically blacklist the comment and the default keyword is last two components of the domain name (so if you link to http://www.somespamsite.com/blah, then the default keyword to blacklist is “somespamsite.com”).

But these new spammers are finding badly-written redirect scripts in order to redirect you to their spam site, but so that b2evolution would blacklist some innocent site by default. For example, click on the link below:

http://www.plymouth.edu/library/redirect.php?http://www.codeka.com/blogs

It looks like a Plymouth State University website (and it is!) but they have a “redirect” script which just blindly redirects people to whatever is specified in the query string.

It’s really annoying because I have to be very careful now when I go to blacklist a URL. Not so much because I’m worried about blacklisting valid sites, but because the spammer can send me 50 comments, with 50 different redirect scripts and the “auto-delete” feature won’t delete the 49 others.

P.S. I don’t want to pick on Plymouth State University here, they were just one of the many sites that the spammers have been using to create fake redirected links.

I hate looking for houses. My girlfriend and I are looking for a place to rent at the moment, and I’m sure that property managers/investors look at our application form and think to themselves “I don’t want a young, unmarried couple living in my apartment.”

Sheesh! I waste practically my whole weekend (not to mention a few lunch-hours) every week only to be rejected by so many places. Come on, people, you’re not offering the Hilton here!

Mind you, I’m sure if I owned a place, I’d be just as picky about my tenets as well. Especially when it’s not really a buyer’s (or renter’s) market like it is now.

I did a little more digging into the SMTP sink issue I was having the other day. It seems that inetinfo.exe doesn’t load the .NET framework into itself right away, but instead the issue is that it calls my managed event sinks via .NET COM interop.

You see, when Interop loads an assembly, it loads it using the newest version of the .NET framework that is available. So once I installed .NET 2.0 onto the machine, the COM interop code was loading my managed sinks into that version and causing me all those troubles.

Now, you can define which version of the .NET framework you explicitly want loaded in the app.config file, like so:

<?xml version="1.0"?>
<configuration>
    <startup>
        <supportedRuntime version="v1.1.4322" />
        <supportedRuntime version="v1.0.3705" />
        <requiredRuntime version="v1.1.4322" />
    </startup>
</configuration>

Anyway, by the time I found it, it was too late for me… I’d already re-written my serialization to use our version-independent code. At least I can slowly update things to .NET 2.0 without any other problems, now though!

Be very careful when you decide to start updating your code to .NET 2.0. One thing I found out (the hard way!) is that there is apparently some .NET code loaded into the inetinfo.exe process, which causes inetinfo.exe to load version 2.0 of the framework.

This was a problem because we also had some SMTP sink, implemented in .NET 1.1 that we wanted to load. Now, it actually works OK - .NET 1.1 assemblies can generally work with version 2.0 of the framework... except when you want to serialize thing with the binary serializer – you won’t be able to deserialize them with a .NET 1.1-only binary.

The problem for us was that we had some transport sinks install in the SMTP server, where we serialized incoming messages, put them on an MSMQ queue, and then tried to read them off the queue in a .NET 1.1 service. It gave us the very informative error message when it tried to deserialize:

System.ArgumentOutOfRangeException: Ticks must be between
     DateTime.MinValue.Ticks and DateTime.MaxValue.Ticks.
Parameter name: ticks
   at System.DateTime..ctor(Int64 ticks)
   at System.Runtime...__BinaryParser.ReadDateTime()
   at System.Runtime...__BinaryParser.ReadValue(...)
   at System.Runtime...__BinaryParser.ReadMemberPrimitiveUnTyped()
   at System.Runtime...__BinaryParser.Run()
   at System.Runtime...ObjectReader.Deserialize(...)
   at System.Runtime...BinaryFormatter.Deserialize(...)
   at System.Runtime...BinaryFormatter.Deserialize(...)
   at (our method here)

Isn’t it completely obvious what the problem is there? I didn’t think so either. Note also that I haven’t actually compiled anything with .NET 2.0, I’m just running my transport sinks on a machine which has .NET 2.0 installed.

Now, apparently you can get a fix from Microsoft (instructions here) but in order to get the patch, you need to contact PSS and open a support ticket! Why don’t they release the patch to the public?

Luckily for us, our infrastructure has a version-independent serialization mechanism that isn’t tied to the .NET framework version. So I have to modify all our MSMQ-related code to use that instead of the binary serializer.