Well, they’ve just all been stolen – during my sleep like a proper robbery – by the FBI, who effectively took them away when they decided to shut down MegaUpload. Although I did have a backup of my most important files, I didn’t have a backup of most of the files, which were rather there for storage or archiving. They claim they did that to fight copyright infringement, well at least copying isn’t stealing. But taking away the files is. The FBI robbed my files, should I call the police? … or maybe I should call al-Qaeda?

Anyway, for you visitors, it means that at the moment, all the files I link to on Megaupload are sadly unavailable. For a few of them, a FileSonic mirror is available. I’ll try to upload some of the others there, too. But I don’t really have the time to browse all the site looking for every missing file, so in case you need specific files, drop a comment and I’ll give them priority for the re-up, if I have a backup of them.

Update (2012-01-23)

Well, this seemed to have scared the hell out of other hosts. FileSonic, the alternate mirror where I put some of the files, also SILENTLY (as usual when they do a crappy move) disabled file-sharing (since they delete uploaded files after 30 days with no downloads I really wonder what kind of a business model they can have now…). Good thing I hadn’t moved more files to them…
Since it seems that most file hosts are (or will be) chickening out too (which I guess is understandable since they get treated worse than terrorists), I’m left with the only option to host the files on this very server. This means that there won’t be big files anymore (bye bye Pioneer One…), and also probably I won’t keep an archive of old versions apart from a few exceptions.

Update (2012-01-28)

Looks like legal action is indeed on its way, see Joint complaint of those affected by the closure of Megaupload service. Of course, Megaupload’s Terms of Service said something along the line “we reserve the right to delete your hosted files at any time”, but it didn’t reserve the right for a third party such as the FBI to do so.

First I found the standard way of banning an IP in WordPress: it’s in Settings => Discussion, then scroll to Comment Blacklist, where you can enter banned IP, but also banned words, URLs, etc. The problem with that is that according to the description, the comment isn’t refused, it’s just placed in the spam queue. Which doesn’t solve my problem at all, all comments already fall into the moderation queue anyway…

I could try to find a specific banning plugin, but I don’t want to have too many plugins, particularly if it’s only to block one single moron. So, I’m left with the server-ban solution. I first thought about banning the IP with iptables, but that’s a bit too drastic IMO. I finally thought I could just ban it with .htaccess. Easy to do, light on the server, the perfect solution. You just need to add the following in the WordPress .htaccess file (check out the doc if you need more details):
Order allow,deny
Allow from all
deny from 193.105.210.41
There’s just a little trick to prevent WordPress from overwriting your changes: do NOT place them inside the WordPress block, ie place them before # BEGIN WordPress or after # END WordPress.

That’s all, the spammer is banned now, and they won’t even flood your spam comments queue anymore… until they get a new IP, of course, but then you’ll have new data to submit to your favorite blacklist

Edit a week later: looks like the guy got a new IP pretty quickly after that .htaccess ban. He started spamming from IP 91.212.226.143 just the day after, and after a week he hit us again from that new IP… on more line in my .htaccess lol.

Update (2011-12-29): That bloody spammer keeps coming with different IPs, always successfully bypassing the SFS plugin while being reported hundreds of times at SFS… Since his IPs are from the same range, I searched a bit more and I just stumbled upon this 5 year old thread about banning IPs by wildcard.

First, the “what you need” checklist:

• 2 computers, among which one easily reachable i.e. not behind some corporate firewall or some misconfigured router (you know, port-forwarding and such)
• on one computer (the server, the one easily reachable), OpenSSH ; on the other, PuTTY. Note that I won’t cover the funky details about how to set up OpenSSH on Windows. I’ll just be using the quick’n easy way: the OpenSSH that comes already installed with Ubuntu Server, managed from Webmin…

Now 3 fairly simple steps:

Configuring OpenSSH

Not much work to do there. The only thing you need is to allow backward port forwarding, which is for obvious security reasons disabled by default. So simply add something like:
# For symmetrical tunnel
GatewayPorts clientspecified
to sshd_config (full path for me was /etc/ssh/sshd_config). For more details you might want to check out the manual about OpenSSH SSH daemon (SSHd) configuration there.

Just don’t forget to apply the changes (push “Apply changes” if in Webmin, or just restart the daemon.

Configure PuTTY

That’s always the most boring part. I never manage to find the configuration items I’m looking for easily…

In the Session section, indicate you host name (for instance IP or domain name pointing to your server), the port where the SSH server listens, and pick a name for your session.

In the Connection/Proxy section, you may need to configure your enterprise proxy in the case where you have to use, for instance, a corporate HTTP proxy. It’s not the case anymore for me so I’ll skip this part which I can’t test anyway at the moment. There is however one thing you should configure on this configuration tab: set “Do DNS name lookup at proxy end” to Yes. NOT to “auto” (default), otherwise the tunnel will leak information about the sites you visit… through DNS lookups, obviously. Also, I don’t know how other browsers behave, but on Firefox you also need to go to about:config and set network.proxy.socks_remote_dns to true.

In the Connection/SSH section, there are some potentially interesting settings: you may want to check “don’t start a shell or command at all” in order to avoid accidentally typing commands if you don’t need to, and you may also want to enable compression if your corporate network is slow or congested (compressing data might also be a good excuse for using an SSH tunnel ).

Finally, and this is where the symmetrical magic happens, it’s time to go to the Connection/SSH/Tunnels section. Here we’ll check “remote ports do the same (SSH-2 only)” (“local ports accept connections from other hosts” is not required), then you have to add items to the list of forwarded ports. It’s actually quite simple, for instance for a standard outbound tunnel you configure the source port, pick the “dynamic” radio button and press “Add” (this will be equivalent to launching PuTTY with an option such as “-D [source port]“. Now for the symmetrical part, or to be more accurate, for the reverse tunneling part, you fill the source port too, but also you enter the destination, typically it will be localhost:[port number], and then you check the “remote” radio button and hit “Add”. To make sure you get it right (actually, to make sure I get it right when I read that again in a year or two ^^), here’s a picture of what you should get:

And that should pretty much cover it. Don’t forget to save this session! (go back to the Session screen, pick a name if you hadn’t already done so and hit save)

Launching PuTTY with the session

Simply make a shortcut or batch file containing something like:
C:\Path\to\putty.exe -load “[the name of your session]”
Then enter your login credential for the OpenSSH server and voilà, your SYMMETRICAL SSH tunnel is operational.

References

Actually, apart from the man page about SSHd, all those references have been quite useless apart from the fact that they motivated me to keep digging. Most of those are rather poor guides IMO, at least in the way they deal with reverse tunneling. I still list them here because I don’t have the heart to close all these tabs forever without saving the URLs first (and no, I don’t want to favorite them).

• sshd_config(5): OpenSSH SSH daemon config file – Linux man page
• BYU Computer Science Department – SSH Tunnels
• Reverse SSH Tunneling on HowtoForge
• SSH Tunnelling (Port Forwarding) — RZG
• Chapter 3: Using PuTTY
• IBM – SSH Tunneling With PuTTY (look at that URL… if it’s not gone in a few years, that will be some miracle for sure…)
• Using PuTTY to tunnel to multiple machines on your remote network on Info4Admins.com
• Red Hat Magazine – SSH Port Forwarding

Want to install a specific piece of software?

Think portable. More and more software is available in a portable version. Notably, PortableApps.com has an ever growing collection of them (and they’re most if not all free as in free speech). With some portable software and in some environments, you’ll want to rename setup files to some other name not containing the word “setup” (yes, there are some administrators who think they can prevent you from installing stuff by blocking executables named “setup” or “install”). Some software isn’t distributed in a portable version but can still be made portable: for instance R can’t be found as a portable package, but if you install it at home and copy/paste the folder where you installed it, you’ll have a perfectly working R for your USB stick… or for work.

Need this cool Visio/[insert any commercial software there], but it costs money and needs a long request that may never succeed anyway?

Think Open Source Alternatives. For instance Osalt.com is a directory of commercial and open source software, which for every piece of commercial software lists the commercial counterparts. For instance you’ll find that Microsoft Visio can be replaced by Dia, StarUML or even… OpenOffice Draw. And the great thing is, most of these exist as portable apps (see previous chapter).

Want to keep your privacy when browsing around the internet?

This part is a bit more complicated. First you need a proxy with an encrypted connection. For this you can set up OpenSSH at home on Windows or on Linux, or for a faster connection on a dedicated server. Anyway we won’t detail this part (for instance on Ubuntu server you should have everything already properly set up right after installation) and we’ll assume you managed to get this proxy with SSH support. Now we’ll see how to connect to it, from Windows:

1. Get PuTTY
2. Launch it using a command like putty -D 9990 -P 22 150.127.5.5 where 150.127.5.5 is the IP of your proxy (it can also be a domain name resolving to this IP) and 22 is the port on which OpenSSH is listening on your proxy. You should create a batch file with this command to make it faster for the next times.
3. Now configure your browser (e.g. Firefox portable edition) to connect through socks proxy 127.0.0.1:9990
4. If using Firefox, in about:config configure network.proxy.socks_remote_dns to true (the default, false, means that any domain name you query will be sent unencrypted over your company’s network…)
5. Everything should be set up and working now, but you may want to check your IP to be sure you’re going through your proxy.

We’ll see in a later post how to configure PuTTY in the case where your company forces you to go through an HTTP proxy. For the moment, that will be all, folks.

… but, remember

You’ll still be vulnerable to key or screen loggers, and also your network admin will be able to see that you’re surfing through SSH, even though he won’t see what’s inside it. So stay reasonable!

=> First summary: I got an ad e-mail saying I’d get 100€ of free advertising without anything to pay (the e-mail clearly stated that the 5€ activation fee could be deducted from the 100€ offered), in reality I got 110€ of advertising credits but paid them 10€

Here goes the campaign, not too hard to set up (the “easy” mode is what made me waste a lot of time at the beginning, and now that I switched to the “Standard Edition” – ie the edition not for retards – I have a nice undismissable sticky polluting my Account Snapshop page – see screenshot), and running smooth at start: over 50,000 views within the first 12 hours.

Something that struck me, though, is the very high default CPC: if you use the noob-mode campaign set up, it’s around 0.69€ (which, as of today, is pretty close to 1$). But even though I lowered it to 0.10€, the ads displayed fast… at first…

I also chose some keywords to display the ads on some relevant Google Search result pages. Wiki4Games being a video game wiki, I notably chose “video game wiki” and “video games wiki” as keywords. Our current position to these keywords is around 4-5 (see screenshot), over more than 22 millions other results.

Adwords gently complained that my max CPC bid was a bit too low which would result in a bad placement and fewer impressions, still I got over 75,000 during the first day, then 50,000, then a bit less, and then it fell to almost nothing – less than 900 today (with no impression on Google Search, only impressions on the Adsense network). And the worst part is, Adwords claim my keywords are irrelevant. More precisely, they became irrelevant: during the first days, my keywords were rated 7/10 (one of them was even 10/10). Since 2 days, they are rated 2/10, that’s right, my website is in the top 5 over 22,000,000 results for this keyword yet the keyword is irrelevant!

So is Google irrelevant or am I too cheap for them? I guess I’ll have to increase my CPC bids and see if my relevance increases too… I’ll then see if Google violates the very web neutrality they made so much ado about, or if Adwords just sucks at keywords…

PS: and I forgot to mention, my second ad (pointing to a page about Dune) has been pending for review for 5 days, and counting…

Update on July 31: Dune ad still pending review! (a month and a half after submission!)
Update on Aug 29: The Dune ad was finally approved, at some unknown point in August