Making a bridge between Skype and XMPP chats

Some people tried to avoid Skype (and Facebook, Gmail, etc.) long before Snowden’s leaks, but most never cared and still don’t. And when you are the only fool abandoning Skype, you don’t really have anyone online to communicate with. Even if it’s only for chit chat and sharing your 9gag links.

So how do you make the move less painful?

You create a bridge between Skype and XMPP!

Relay in action
Relay in action

I made a small Python script that sends messages between XMPP and Skype chats.

At the moment it uses Skype4py and python’s XMPP library to act as a client. It would be cooler if Jabber’s part would get integrated in the XMPP server itself, thus allowing to simulate Skype users as real XMPP users. But I probably won’t do it because it takes too much effort and it already works the way it is.

Yes, it leaks stuff to Skype, so this should only be used for more or less public chats.

After I clean up the code a bit, I’ll put it on Github.

P.S. And making these bridges actually encourage more users to migrate to your XMPP server.

Solving spam problems without using captcha

Some of you know that automated spam bots for the web can be pain in the ass.

And while there are many ways to deal with this problem, most of them complicate things for the regular user and are not hacky enough to satisfy me. 🙂 For example captchas, math problem solving, etc. mostly work fine but they also scare away some of the users. There are also some paid tools (Akismet?) that helps dealing with spam but it doesn’t work on all spam.

I will share information on how I stop almost all of the automated spam messages to my WordPress blog without complicating things for the user.

 

Knowing limitations of HTTP protocol libraries and “exploiting” them

I have been writing a lot of scripts that automate GET’ing and POST’ing things to the web. There are many libraries that help doing it and one of the most popular ones (if not the most popular) is Curl.

While Curl is great, it still lacks some features, like building a zero length multipart POST data file upload part. Basically it can’t simulate file upload field, that has no file selected for uploading. And since many spam bots use Curl and similar libraries, this can be used to identify real browser and a script.

Example usage in PHP:

Not just Curl

I haven’t used Curl for a year now because I switched to Perl’s LWP. And it has the same problem. I solved it by making my own function for building the multipart form data and it can simulate the behavior but it doesn’t happen by default.

And while in case of LWP it was rather simple, doing it in Curl (used in PHP) would probably require recompiling the Curl library and then recompiling the module for the programming language that is using that library.

 

Changing field names

Another trick I use is changing field names and adding additional ones that are meant to be left empty.

This method also seems to catch part of spam messages.

 

From the user point of view

User obviously doesn’t see those extra fields because they get hidden using CSS. The comment form looks like any other standard comment form.

 2013-04-12-125208_1440x900_scrot

Conclusion

I have been using these techniques for about a year now and haven’t had any spam problems since then. Also I have a huge log file with spam that was caught using these methods. This really does work. 🙂

Of course it won’t help in case of directly targeted spam but in that case captchas won’t help either.

And I understand that writing about this will probably contribute to fixing Curl and other libraries and eventually making this protection method useless. Well, at least they will finally fix those libraries! 😀

New version of Tespeed (Terminal network speed test)

Most advanced computer users know about speedtest.net that helps testing your internet bandwidth. While it is a great tool, it has only flash version available on their web site and there are Android and iOS apps for your mobile phones, but there were no tools available for Linux servers without GUI.

Back in 2009 I made a PHP script that tested network speed, wrote the results to text file and generated PNG graphs to be shown on web. It used speedtest.net partner servers and it got the data usage from ifconfig thus making it read the total bandwidth, not just what had been left for the php script itself. I set it up on my home router so I could prove my ISP that their internet is far form what they advertised.

I also uploaded it to Sourceforge and forgot about it’s existence for some time.

Years have passed and it has been downloaded almost 17 000 times, even though it doesn’t really work in every case and it wasn’t that easy to set up.

So I figured I should make a new version, written in Python (just to practice it), and so I did.

The new Tespeed is available at Github: https://github.com/Janhouse/tespeed

It is licensed under MIT license.

There are still some bugs and planned features left to sort out, but after testing it on multiple computers it is working fine.

 

Tespeed in automatic mode looking for best testing server and doing download and upload tests.

The new version finds closest servers and then picks the one with lowest latency.

 

Available server list top 25 (by distance)

 

You can also get a list of all available servers (and see the approximate distance to them) by using list-servers command.

 

Manually specified test server.

 

Please send me some feedback so I could make it better.

And go thank speedtest.net for this great service. 🙂

Jailkit, mini_sendmail and custom HELO

To be sure that a server stays safe in case when one site is compromised, I try to lock every single site in its own chroot jail. To make it a bit easier I use Jailkit.

Since you probably don’t want to set up sendmail for each chroot, you could use mini_sendmail. It will work as relay and will pass messages to actual sendmail.

The problem is that there is no way to specify a custom username or hostname and this could be quite important in some cases.

In order to solve this problem I did some quick and dirty modifications and here is the patch in case you need it:

Save it as some.patch. Move it inside mini_sendmail source directory and run:

You can specify username with -u and hostname (and HELO message) with -h parameter.

If you are going to use it with PHP, change sendmail_path in php.ini to something like this:

This should make php connect to sendmail running on 127.0.0.1 port 5555 and send example.com as HELO and noreply as username.

Patch was made for version 1.3.6.