or, The Hitchhiker’s Guide to Fear and Loathing at a Public Library Reference Desk

Twitter Impersonator

   May 13th, 2010 Brian Herzog

Twitter Suspended logoA funny thing happened to me on Twitter - someone started impersonating me.

What? I'm not famous. I know there's more than one person with my name, so I wasn't too surprised to see another Brian Herzog start following me. But when I clicked into the profile to see read their tweets, it turned out that someone had duplicated my account. Their username was @syuhaedah, but were using my name, the same bio line and same location - the only difference was their website was a tinyurl (which I never clicked, but was able to preview).

It kind of freaked me out, so here are the steps I took:

  1. Click the "report as spam" link in the email from Twitter you get when someone starts following you
  2. Read their Privacy Violations and How to Report Spam pages
  3. Found Twitter's Impersonation Policy and opened a ticket to report it

Within a few hours I got a follow-up response from Twitter, and by the next day that account had been suspended. I feel bad bringing the hammer down like that, but it definitely felt like a spambot or other violation of both me and Twitter.

And how bizarre - I can see when someone sets up a fake Barack Obama or Conan O'Brien Twitter account, but me? So, be careful with both your own identity and that of your organizations.

I got lucky in that this account started following me, or else I may have never known about it. I guess I'll start to periodically use Twitter's Find People and Advanced Search (with operators) to check for this sort of thing.

Tags: , , , , , , ,

Email Scam Competency Testing

   May 6th, 2010 Brian Herzog

SPAM wallHere's something neat - and vital for library staff, both for those who directly provide computer help to patrons and for anyone else who uses a computer in their daily life:

A recent Slashdot post linked to a test to see how well people can identify spam, scam and phishing email messages (which can happen to anybody).

The test is provided by SonicWall, and would be a great for:

  • taking as a group during a staff meeting or training day
  • testing new employees to help protect your network and increase their tech competency
  • showing to students and computer literacy classes to teach them to evaluate websites and email messages

After you're finished, be sure to click the "why" links on the test results to see exactly what looks suspicious and what are the red flags - that is the most helpful part of the test.

Tags: , , , , , , , , , , , ,

Comment Spam

   August 18th, 2009 Brian Herzog

F on essayAfter reading Jessamyn's post about the spam and scams she gets through her website, I started actually reading the spam comments that come in here.

Most are caught by the filters and I just delete them. But reading them can be interesting, in a forensic sort of way. And some, like this one, were just downright entertaining:

It’s not so simply to bring a good written essay, essentially if you are concerned. I advise you to notice buy your essays and to be devoid from distrust that your work will be done by essays writers

Irony: it linked back to "quality essay dot com." I didn't visit the site, but the domain was registered through an ISP in California although the IP traced to The Netherlands.

Spam amazes me. If people didn't fall for it, spam might not be so prevalent. But you'd have to be pretty desperate to fall for an essay-writing scam with such poor grammar.

Tags: , ,

Graffiti: Art, Vandalism or Information?

   July 16th, 2009 Brian Herzog

graffiti removalThe recent article about graffiti at the University of Chicago Library has finally given me a chance to clear out links in my "to blog" folder.

So, graffiti - when does it cross the line? Graffiti commonly seen in academic libraries can be ugly, but it can also be part of the culture and community of the campus. It's a way for students to communicate with their peers - even those that come years later. That's unique, and interesting.

In the public library world, I more often see graffiti (a.k.a. "annotations") in books. On first blush, it's annoying, but is it really that bad? And in fact, is it a good thing?

These things are not too distant from Web 2.0 tools allowing comments and reviews, really. Same rules apply: leave your opinion for others, don't be offensive, can be removed at any time, etc. The marginalia of life can add a great deal of value to life (just ask a genealogist).

It might not all qualify as "art," and any open forum will attract spam, but that doesn't mean graffiti doesn't offer some unexpected value - it can bring a smile, answer a question, provide experience-based assistance, or just make a connection with an unknown predecessor.

I know this is a never-ending debate, so in the meantime, here are some graffiti- and anti-graffiti-related links I've been collecting:


Laser Graffiti

Combating Graffiti

Spam ("Inbox Graffiti")

via LISNews

Tags: , , , , , , , ,

Flickr Spam

   June 5th, 2008 Brian Herzog

Flickr Spam imageIf there's the least glimmer of money to be made, I suppose anything is susceptible to being corrupted. I recently got a spam comment on one of my flickr pictures.

I've heard of IM spam before, and get spam comments here all the time, but this is the first time I've seen it on flickr.

I deleted the comment (preserved in screencapture form) and won't link to the flickr user or his website. I wonder if this is automated or just someone commenting on any photo that mentioned "web designer" just to promote his business.

Oh well - just life on the internet, I suppose.

Tags: , , , ,

Trying CAPTCHA Word Verification

   October 25th, 2007 Brian Herzog
no spam CAPTCHA imageMy library's website has the standard "contact us" forms - one for general comments, one for purchase suggestions, one for reference questions, etc. Lately, we've seen an increase in spam comments coming through these forms, and I wanted to see if I could put a stop to it.

On the library's blog (and mine), I'd been using the "Challenge" plugin for WordPress, which requires someone to solve a simple math problem. This seemed to work pretty well, but 1) didn't look high tech, and 2) it only worked with WordPress.

For the forms on our html pages, I searched around the internet for an easy-to-install client-side CAPTCHA (read more) solution. What I found was a javascript solution called "jcap" provided by Archreality.

I didn't really see anything on the internet about this jcap thing, other than someone having trouble installing it. I installed it and got it to work, but unfortunately it didn't seem to cut down on spam at all. When I installed it on this blog's comment form, the number of spam comments actually increased. With the math challenge, I'd get maybe two or three a week. With this jcap, I'm up to maybe fifty a week.

Here's what it looks like:

To prove you're human, please enter the word seen below:

I'm going to leave it on for awhile longer, just to see what happens. I think I'll end up switching back to the math challenge, but I sure do like the way jcap looks. Oh, and another advantage of the math challenge is that I think it is ADA-compliant, in that it can be read by screen reading software - the CAPTCHA images (at least in this version) cannot.

If you want to try installing and testing yourself, here's the steps I used:

1. Download the zip file from http://www.archreality.com/jcap/jcap.zip

2. Unzip the file (two .js files and one image directory) to your webserver where ever you want them - just remember, because you'll need to reference this location later

3. Modify jcap.js

  • line 10: change the imgdir variable path (to the cimg/ directory) to reflect where it will be on your webserver (be sure to keep the trailing slash after the cimg)
    Note: I used absolute path (http://www.domain.com/cimg/) instead of a relative path (../cimg/) because this lets you put the captcha on various pages that may be on different levels within your directory structure
  • line 91: optional: you can edit the text that appears in the alert box here (follow standard javascript syntax so as not to break the script)

4. Modify your html page on which you are including the captcha word verification

  • Include in the <head></head> tags these two lines (be sure to modify the path to reflect where ever you put these files on your server:
    <script type="text/javascript" src="http://www.domain.com/md5.js"></script>
    <script type="text/javascript" src="http://www.domain.com/jcap.js"></script>
  • Include the attribute below to your <form> tag that processes your script:
    onsubmit="return jcap();"
    (for example, yours might read <form action="http://www.domain.com/cgi-bin/email_ref.cgi" method="post" onsubmit="return jcap();">)
  • Include the lines below within your form where you want the word verification to display:
    Enter the word seen below:
    <input type="text" name="uword" id="uword" value="" size="20">
    <input type="hidden" id="required" name="required" value="uword">
    <script language="javascript" type="text/javascript">cimg()</script>

    Note: I ended up changing the "uword" field name (be sure to also change the field name on lines 84 and 92 of the jcap.js file). My logic was that, since this was the only script out there I could find, spammers probably already know to look for a field named "uword." But even with using a different field name, spam still comes through

Optional Extra Error Checking
This has nothing to do with this particular script, but I added it just for error-checking convenience. This is totally optional. The line below can be added to your submit button tag to make sure people fill in all the right fields - you'll have to edit it to reflect the fields you want to make "required"
onClick="javascript:if(document.commentform.author.value == ''){alert('You must provide your Name to sumbit a comment.');document.commentform.author.focus();return false;}else if(document.commentform.comment.value == ''){alert('You must type some sort of comment to sumbit a comment.');document.commentform.comment.focus();return false;}"

Good luck. If anyone has a better solution, please share.

update: After a two month trial period, I found this method was letting a lot of spam comments through. It was pointed out to me that javascript, being client-side, is easy to defeat, and that I should modify this to run in the php code of my site. I did not do this, but instead went back to using the WordPress Challenege plugin, but a programmer I know did, and he said his php code works well and that this javascript version was a great place to start.

Tags: , , , , , , , ,