<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_02_04_1314221</id>
	<title>Image Searchers Snared By Malware</title>
	<author>samzenpus</author>
	<datestamp>1265296560000</datestamp>
	<htmltext>Slashdot frequent contributor <a href="mailto:bennett@peacefire.org">Bennett Haselton</a> writes
<i>"Sites that have been hacked by malware writers are now serving infected content only when the visitor views the site through a frame on Google Images.  This recent twist on a standard trick used by malware writers, makes it harder for webmasters and hosting companies to discover that their sites have been infected.  Automated tools that check websites for infections and training procedures for hosting company abuse-department staffers will have to be updated accordingly."</i> Read on for the rest of Bennett's thoughts.</htmltext>
<tokenext>Slashdot frequent contributor Bennett Haselton writes " Sites that have been hacked by malware writers are now serving infected content only when the visitor views the site through a frame on Google Images .
This recent twist on a standard trick used by malware writers , makes it harder for webmasters and hosting companies to discover that their sites have been infected .
Automated tools that check websites for infections and training procedures for hosting company abuse-department staffers will have to be updated accordingly .
" Read on for the rest of Bennett 's thoughts .</tokentext>
<sentencetext>Slashdot frequent contributor Bennett Haselton writes
"Sites that have been hacked by malware writers are now serving infected content only when the visitor views the site through a frame on Google Images.
This recent twist on a standard trick used by malware writers, makes it harder for webmasters and hosting companies to discover that their sites have been infected.
Automated tools that check websites for infections and training procedures for hosting company abuse-department staffers will have to be updated accordingly.
" Read on for the rest of Bennett's thoughts.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023040</id>
	<title>Re:orly?</title>
	<author>Anonymous</author>
	<datestamp>1265302560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>While I use Windows on the desktop to manage my linux servers like most admins,<nobr> <wbr></nobr>...</p></div><p>Huh.  Do most Linux admins really use Windows for management?  I have used Linux on my desktops and laptops ever since I was familiar enough with Linux to be a "Linux admin".  Am I really in the minority?</p></div>
	</htmltext>
<tokenext>While I use Windows on the desktop to manage my linux servers like most admins , ...Huh .
Do most Linux admins really use Windows for management ?
I have used Linux on my desktops and laptops ever since I was familiar enough with Linux to be a " Linux admin " .
Am I really in the minority ?</tokentext>
<sentencetext>While I use Windows on the desktop to manage my linux servers like most admins, ...Huh.
Do most Linux admins really use Windows for management?
I have used Linux on my desktops and laptops ever since I was familiar enough with Linux to be a "Linux admin".
Am I really in the minority?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023098</id>
	<title>gratuitous comma tag</title>
	<author>ojintoad</author>
	<datestamp>1265302860000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext>The gratuitous comma tag is incredibly appropriate.  It's important to remember that if we <a href="http://news.slashdot.org/story/10/02/01/0553259/Students-Failing-Because-of-Poor-Grammar" title="slashdot.org"> hope to keep the next generation of students adept at the English language</a> [slashdot.org] we might want to set a good example.<br> <br>
Since I've referenced poor grammar, there's a 99\% chance I made a spelling or grammar error in this post.</htmltext>
<tokenext>The gratuitous comma tag is incredibly appropriate .
It 's important to remember that if we hope to keep the next generation of students adept at the English language [ slashdot.org ] we might want to set a good example .
Since I 've referenced poor grammar , there 's a 99 \ % chance I made a spelling or grammar error in this post .</tokentext>
<sentencetext>The gratuitous comma tag is incredibly appropriate.
It's important to remember that if we  hope to keep the next generation of students adept at the English language [slashdot.org] we might want to set a good example.
Since I've referenced poor grammar, there's a 99\% chance I made a spelling or grammar error in this post.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023970</id>
	<title>Re:Should Be Shot</title>
	<author>Anonymous</author>
	<datestamp>1265307000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>While we're at it, can we add anybody who actually *buys* things from spam to that list? Given that 99\% of the malware out there is all about selling something (whether it's pr0n, fake watches or fake dick pills) that would greatly reduce the problem.</p></htmltext>
<tokenext>While we 're at it , can we add anybody who actually * buys * things from spam to that list ?
Given that 99 \ % of the malware out there is all about selling something ( whether it 's pr0n , fake watches or fake dick pills ) that would greatly reduce the problem .</tokentext>
<sentencetext>While we're at it, can we add anybody who actually *buys* things from spam to that list?
Given that 99\% of the malware out there is all about selling something (whether it's pr0n, fake watches or fake dick pills) that would greatly reduce the problem.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024952</id>
	<title>The only way to win is to not play</title>
	<author>Sloppy</author>
	<datestamp>1265311380000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>But the larger point is that as malware becomes more aggressive, it's not just going to become harder to keep your PC and websites uninfected. It's also going to become harder for site owners and for hosting company abuse departments to verify that a site has been hacked</p></div></blockquote><p>The very idea of "verifying that a site is not hacked" is ultimately just as flawed as running a virus scanner to verify that you don't have a virus installed.  Once a system is compromised, you can't trust it to help you find the problem.  Checking to see if it happens to be serving malware right now, isn't reliable since the malware gets to decide whether or not to act suspiciously, and making decisions based on referer and user-agent is really just the tip of the iceberg compared to what is possible.  What if it randomly decides to serve malware on 0.01\% of the requests?  You'll never be able to diagnose it that way, and in the unlikely event that you do happen to see something suspicious, you're going to start questioning <em>yourself</em> when it turns out to not be repeatable.</p><p>Don't install the malware in the first place.  I won't say that defending in depth beyond that point is totally useless, but it's pretty <em>close</em> to useless. Once you're infected: game over, you lost.</p></div>
	</htmltext>
<tokenext>But the larger point is that as malware becomes more aggressive , it 's not just going to become harder to keep your PC and websites uninfected .
It 's also going to become harder for site owners and for hosting company abuse departments to verify that a site has been hackedThe very idea of " verifying that a site is not hacked " is ultimately just as flawed as running a virus scanner to verify that you do n't have a virus installed .
Once a system is compromised , you ca n't trust it to help you find the problem .
Checking to see if it happens to be serving malware right now , is n't reliable since the malware gets to decide whether or not to act suspiciously , and making decisions based on referer and user-agent is really just the tip of the iceberg compared to what is possible .
What if it randomly decides to serve malware on 0.01 \ % of the requests ?
You 'll never be able to diagnose it that way , and in the unlikely event that you do happen to see something suspicious , you 're going to start questioning yourself when it turns out to not be repeatable.Do n't install the malware in the first place .
I wo n't say that defending in depth beyond that point is totally useless , but it 's pretty close to useless .
Once you 're infected : game over , you lost .</tokentext>
<sentencetext>But the larger point is that as malware becomes more aggressive, it's not just going to become harder to keep your PC and websites uninfected.
It's also going to become harder for site owners and for hosting company abuse departments to verify that a site has been hackedThe very idea of "verifying that a site is not hacked" is ultimately just as flawed as running a virus scanner to verify that you don't have a virus installed.
Once a system is compromised, you can't trust it to help you find the problem.
Checking to see if it happens to be serving malware right now, isn't reliable since the malware gets to decide whether or not to act suspiciously, and making decisions based on referer and user-agent is really just the tip of the iceberg compared to what is possible.
What if it randomly decides to serve malware on 0.01\% of the requests?
You'll never be able to diagnose it that way, and in the unlikely event that you do happen to see something suspicious, you're going to start questioning yourself when it turns out to not be repeatable.Don't install the malware in the first place.
I won't say that defending in depth beyond that point is totally useless, but it's pretty close to useless.
Once you're infected: game over, you lost.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023006</id>
	<title>Swimming against the current</title>
	<author>MonsterTrimble</author>
	<datestamp>1265302440000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>Shouldn't we be happy about this? I mean, they aren't even TRYING to attack a regular surfer, but only one who comes through google images. That means they are trying a pretty limiting technique which I presume is because that all other methods will not yield as good results.To me that means people are getting better at this anti-virus thing.</htmltext>
<tokenext>Should n't we be happy about this ?
I mean , they are n't even TRYING to attack a regular surfer , but only one who comes through google images .
That means they are trying a pretty limiting technique which I presume is because that all other methods will not yield as good results.To me that means people are getting better at this anti-virus thing .</tokentext>
<sentencetext>Shouldn't we be happy about this?
I mean, they aren't even TRYING to attack a regular surfer, but only one who comes through google images.
That means they are trying a pretty limiting technique which I presume is because that all other methods will not yield as good results.To me that means people are getting better at this anti-virus thing.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31028498</id>
	<title>Re:orly?</title>
	<author>nasch</author>
	<datestamp>1265285880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.</p></div><p>And how many were successful?  I think they're talking about the times a machine is compromised, not how many times it's attacked.</p></div>
	</htmltext>
<tokenext>That means only 10 \ % of the boxes were directly attacked and owned , yet my logs show overwhelming amount of tries to do just that.And how many were successful ?
I think they 're talking about the times a machine is compromised , not how many times it 's attacked .</tokentext>
<sentencetext>That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.And how many were successful?
I think they're talking about the times a machine is compromised, not how many times it's attacked.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025134</id>
	<title>Re:Should Be Shot</title>
	<author>sycodon</author>
	<datestamp>1265312220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm sure many of Madoff's investors would disagree.</p><p>While my original comment was somewhat tongue-in-cheek I think this game between the virus writers and anti-virus writers is far more serious than most people realize.</p><p>Having your identity stolen and your credit rating ruined can be a life changing event. Lawsuits and even jail time for <i>you</i> are possibilities.</p><p>These days, having you computer hacked into, damaged, or data deleted can the be the equivalent of someone breaking into your home and destroying things...photographs, letters, financial records, etc.</p><p>If you are a computer professional you should have your stuff backed up, but you can still lose hours and hours if you have to rebuild your computer after an attack in addition to whatever wasn't backed up at the time of the attack.</p><p>And of course some people have been prosecuted and found not guilty of child porn charges because they convinced a judge or jury that a virus downloaded the pictures. If this indeed happens, then Shirley, others are in jail for it. Not sure if I buy that, but it is what it is.</p><p>Sure, people should take precautions and such, but really, that's like saying if you don't want to get mugged, don't go out after dark. I think we need to start putting the "muggers" in jail.</p><p>So these guys are not just script kiddies trying to outdo each other. If a virus author is caught, they should serve a very long jail sentence and very large fines. Then, hopefully, someone named Tyrone will use them as his personal little playmate.</p></htmltext>
<tokenext>I 'm sure many of Madoff 's investors would disagree.While my original comment was somewhat tongue-in-cheek I think this game between the virus writers and anti-virus writers is far more serious than most people realize.Having your identity stolen and your credit rating ruined can be a life changing event .
Lawsuits and even jail time for you are possibilities.These days , having you computer hacked into , damaged , or data deleted can the be the equivalent of someone breaking into your home and destroying things...photographs , letters , financial records , etc.If you are a computer professional you should have your stuff backed up , but you can still lose hours and hours if you have to rebuild your computer after an attack in addition to whatever was n't backed up at the time of the attack.And of course some people have been prosecuted and found not guilty of child porn charges because they convinced a judge or jury that a virus downloaded the pictures .
If this indeed happens , then Shirley , others are in jail for it .
Not sure if I buy that , but it is what it is.Sure , people should take precautions and such , but really , that 's like saying if you do n't want to get mugged , do n't go out after dark .
I think we need to start putting the " muggers " in jail.So these guys are not just script kiddies trying to outdo each other .
If a virus author is caught , they should serve a very long jail sentence and very large fines .
Then , hopefully , someone named Tyrone will use them as his personal little playmate .</tokentext>
<sentencetext>I'm sure many of Madoff's investors would disagree.While my original comment was somewhat tongue-in-cheek I think this game between the virus writers and anti-virus writers is far more serious than most people realize.Having your identity stolen and your credit rating ruined can be a life changing event.
Lawsuits and even jail time for you are possibilities.These days, having you computer hacked into, damaged, or data deleted can the be the equivalent of someone breaking into your home and destroying things...photographs, letters, financial records, etc.If you are a computer professional you should have your stuff backed up, but you can still lose hours and hours if you have to rebuild your computer after an attack in addition to whatever wasn't backed up at the time of the attack.And of course some people have been prosecuted and found not guilty of child porn charges because they convinced a judge or jury that a virus downloaded the pictures.
If this indeed happens, then Shirley, others are in jail for it.
Not sure if I buy that, but it is what it is.Sure, people should take precautions and such, but really, that's like saying if you don't want to get mugged, don't go out after dark.
I think we need to start putting the "muggers" in jail.So these guys are not just script kiddies trying to outdo each other.
If a virus author is caught, they should serve a very long jail sentence and very large fines.
Then, hopefully, someone named Tyrone will use them as his personal little playmate.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023580</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023514</id>
	<title>Re:Wow</title>
	<author>Anonymous</author>
	<datestamp>1265304720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I sauw your'e for rent sign and were hoping to rent you're space. My javascript was recently evicting despite follow everything in lease<nobr> <wbr></nobr>,just because the host.... errr... I mean landlourde said him "didn't like the looks of it"<nobr> <wbr></nobr>.would you be want to lease for me your space<nobr> <wbr></nobr>.I am willing to offer double the rate that goes current and can has the money wire to directly you account within 24 hour's. Just send your account information to my adreses: anonymous-coward@javascript-exploits.screwed THank yOU for your helps in forward.</htmltext>
<tokenext>I sauw your'e for rent sign and were hoping to rent you 're space .
My javascript was recently evicting despite follow everything in lease ,just because the host.... errr... I mean landlourde said him " did n't like the looks of it " .would you be want to lease for me your space .I am willing to offer double the rate that goes current and can has the money wire to directly you account within 24 hour 's .
Just send your account information to my adreses : anonymous-coward @ javascript-exploits.screwed THank yOU for your helps in forward .</tokentext>
<sentencetext>I sauw your'e for rent sign and were hoping to rent you're space.
My javascript was recently evicting despite follow everything in lease ,just because the host.... errr... I mean landlourde said him "didn't like the looks of it" .would you be want to lease for me your space .I am willing to offer double the rate that goes current and can has the money wire to directly you account within 24 hour's.
Just send your account information to my adreses: anonymous-coward@javascript-exploits.screwed THank yOU for your helps in forward.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023132</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023766</id>
	<title>Re:Windoze an issue again?</title>
	<author>scorp1us</author>
	<datestamp>1265305920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Note that using a Linux VM on a Windows host is *not* the fix. Using a Windows VM on Linux is *not* a fix either. Your passwords can be gathered in either case*.</p><p>as WOPR said: "The only way to win is not it play [with windows.]"</p><p>* I am realizing there is a way to semi-secure things. If you use a proxy to provide passwords to sites, you never have to type a password in. The accounts could be gathered according to a database, and once you got prompted for a password, the proxy could present an on-screen keyboard for you to enter the password, saving it if you wish. However, do note that using the standard windows keyboard is not advantages because i still sends key events (which the loggers log). The proxy has to take clicks, translate to letters, then put them in the TCP/IP stream, never generating a key board event.</p></htmltext>
<tokenext>Note that using a Linux VM on a Windows host is * not * the fix .
Using a Windows VM on Linux is * not * a fix either .
Your passwords can be gathered in either case * .as WOPR said : " The only way to win is not it play [ with windows .
] " * I am realizing there is a way to semi-secure things .
If you use a proxy to provide passwords to sites , you never have to type a password in .
The accounts could be gathered according to a database , and once you got prompted for a password , the proxy could present an on-screen keyboard for you to enter the password , saving it if you wish .
However , do note that using the standard windows keyboard is not advantages because i still sends key events ( which the loggers log ) .
The proxy has to take clicks , translate to letters , then put them in the TCP/IP stream , never generating a key board event .</tokentext>
<sentencetext>Note that using a Linux VM on a Windows host is *not* the fix.
Using a Windows VM on Linux is *not* a fix either.
Your passwords can be gathered in either case*.as WOPR said: "The only way to win is not it play [with windows.
]"* I am realizing there is a way to semi-secure things.
If you use a proxy to provide passwords to sites, you never have to type a password in.
The accounts could be gathered according to a database, and once you got prompted for a password, the proxy could present an on-screen keyboard for you to enter the password, saving it if you wish.
However, do note that using the standard windows keyboard is not advantages because i still sends key events (which the loggers log).
The proxy has to take clicks, translate to letters, then put them in the TCP/IP stream, never generating a key board event.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022852</id>
	<title>Immunity ?</title>
	<author>Anonymous</author>
	<datestamp>1265301660000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>I visited one of these sites , because I'm a limited user,  the Malware  didn't install .<br>
&nbsp; So I question how much of this is because  consumers  foolishly run as owner.admin? or disable UAC<nobr> <wbr></nobr>.Then  those that run Linux or a Mac are likely to be immune and probably in that order. Linux machines being much more secure .</p></htmltext>
<tokenext>I visited one of these sites , because I 'm a limited user , the Malware did n't install .
  So I question how much of this is because consumers foolishly run as owner.admin ?
or disable UAC .Then those that run Linux or a Mac are likely to be immune and probably in that order .
Linux machines being much more secure .</tokentext>
<sentencetext>I visited one of these sites , because I'm a limited user,  the Malware  didn't install .
  So I question how much of this is because  consumers  foolishly run as owner.admin?
or disable UAC .Then  those that run Linux or a Mac are likely to be immune and probably in that order.
Linux machines being much more secure .</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025076</id>
	<title>Re:We got hit by this</title>
	<author>xandroid</author>
	<datestamp>1265311920000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>If your site is on a shared server, it may be the case that another user of the server got hacked (or is malicious in the first place) and was able to access your files. In this case, it's a very good idea to notify your host that your files have been messed with.</p><p>Something you may consider: make a backup of a known-good<nobr> <wbr></nobr>.htaccess, and set up a cronjob to `diff --brief` the two frequently and email you if they're not the same. I've done this with a list of all the PHP files in my account on a shared server:</p><p><tt>7 */4 * * * cd $HOME; find . -name *.php &gt;tmp.phpfiles.txt; if [[ -n "$(diff --brief tmp.phpfiles.txt phpfiles.txt)" ]]; then diff tmp.phpfiles.txt phpfiles.txt | mail -s "new PHP files" YOUR@EMAIL.ADDRESS; fi; rm tmp.phpfiles.txt</tt></p></htmltext>
<tokenext>If your site is on a shared server , it may be the case that another user of the server got hacked ( or is malicious in the first place ) and was able to access your files .
In this case , it 's a very good idea to notify your host that your files have been messed with.Something you may consider : make a backup of a known-good .htaccess , and set up a cronjob to ` diff --brief ` the two frequently and email you if they 're not the same .
I 've done this with a list of all the PHP files in my account on a shared server : 7 * /4 * * * cd $ HOME ; find .
-name * .php &gt; tmp.phpfiles.txt ; if [ [ -n " $ ( diff --brief tmp.phpfiles.txt phpfiles.txt ) " ] ] ; then diff tmp.phpfiles.txt phpfiles.txt | mail -s " new PHP files " YOUR @ EMAIL.ADDRESS ; fi ; rm tmp.phpfiles.txt</tokentext>
<sentencetext>If your site is on a shared server, it may be the case that another user of the server got hacked (or is malicious in the first place) and was able to access your files.
In this case, it's a very good idea to notify your host that your files have been messed with.Something you may consider: make a backup of a known-good .htaccess, and set up a cronjob to `diff --brief` the two frequently and email you if they're not the same.
I've done this with a list of all the PHP files in my account on a shared server:7 */4 * * * cd $HOME; find .
-name *.php &gt;tmp.phpfiles.txt; if [[ -n "$(diff --brief tmp.phpfiles.txt phpfiles.txt)" ]]; then diff tmp.phpfiles.txt phpfiles.txt | mail -s "new PHP files" YOUR@EMAIL.ADDRESS; fi; rm tmp.phpfiles.txt</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022992</id>
	<title>Another one</title>
	<author>The Redster!</author>
	<datestamp>1265302380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext>This is actually not a new trick. Guy I know once had his website serving up an evil redirect at random like half a year ago -- something like every 1 in 5-6 requests, and then still only with a Google referrer.  Even asked me to capture the header with the redirect because his hosting company wouldn't believe him(they eventually fixed it).</htmltext>
<tokenext>This is actually not a new trick .
Guy I know once had his website serving up an evil redirect at random like half a year ago -- something like every 1 in 5-6 requests , and then still only with a Google referrer .
Even asked me to capture the header with the redirect because his hosting company would n't believe him ( they eventually fixed it ) .</tokentext>
<sentencetext>This is actually not a new trick.
Guy I know once had his website serving up an evil redirect at random like half a year ago -- something like every 1 in 5-6 requests, and then still only with a Google referrer.
Even asked me to capture the header with the redirect because his hosting company wouldn't believe him(they eventually fixed it).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024788</id>
	<title>Re:We got hit by this</title>
	<author>mujadaddy</author>
	<datestamp>1265310600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Wow, very frightening.  You've already been modded Informative, but more people need to read and understand this.</htmltext>
<tokenext>Wow , very frightening .
You 've already been modded Informative , but more people need to read and understand this .</tokentext>
<sentencetext>Wow, very frightening.
You've already been modded Informative, but more people need to read and understand this.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31030804</id>
	<title>Re:Windoze an issue again?</title>
	<author>Anonymous</author>
	<datestamp>1265302740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I wish all of you tools would stop arguing over this stupid shizzle.<br>If you're not a complete retard, you can use Windows and avoid getting viruses/malware. Basic security precautions prevent problems. I use Windows (XP, Vista and 7), Linux (Ubuntu, OpenSuse, Fedora) and OSX (Tiger, Leopard, SnowLeopard) in my work. Windows works fine if you take basic security precautions. Linux is awesome and Mac OSX would be if you didn't have to sell your soul to the devil (in a figurative sense) to use it.<br>Deal with it. Use what you want and stop bitching.<br>Dumb people will f*** s*** up no matter what you do to protect them. For them, the "Nuke and Pave" method of tech support works just fine.<nobr> <wbr></nobr>:-D</p></htmltext>
<tokenext>I wish all of you tools would stop arguing over this stupid shizzle.If you 're not a complete retard , you can use Windows and avoid getting viruses/malware .
Basic security precautions prevent problems .
I use Windows ( XP , Vista and 7 ) , Linux ( Ubuntu , OpenSuse , Fedora ) and OSX ( Tiger , Leopard , SnowLeopard ) in my work .
Windows works fine if you take basic security precautions .
Linux is awesome and Mac OSX would be if you did n't have to sell your soul to the devil ( in a figurative sense ) to use it.Deal with it .
Use what you want and stop bitching.Dumb people will f * * * s * * * up no matter what you do to protect them .
For them , the " Nuke and Pave " method of tech support works just fine .
: -D</tokentext>
<sentencetext>I wish all of you tools would stop arguing over this stupid shizzle.If you're not a complete retard, you can use Windows and avoid getting viruses/malware.
Basic security precautions prevent problems.
I use Windows (XP, Vista and 7), Linux (Ubuntu, OpenSuse, Fedora) and OSX (Tiger, Leopard, SnowLeopard) in my work.
Windows works fine if you take basic security precautions.
Linux is awesome and Mac OSX would be if you didn't have to sell your soul to the devil (in a figurative sense) to use it.Deal with it.
Use what you want and stop bitching.Dumb people will f*** s*** up no matter what you do to protect them.
For them, the "Nuke and Pave" method of tech support works just fine.
:-D</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022918</id>
	<title>Spellings Nazis - Please read</title>
	<author>Itninja</author>
	<datestamp>1265301960000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>For all that are hypersensitive to misspellings. The term 'referer' <a href="http://en.wikipedia.org/wiki/HTTP\_referrer" title="wikipedia.org">is not</a> [wikipedia.org] a typo (at least, not in <i>this</i> article).</htmltext>
<tokenext>For all that are hypersensitive to misspellings .
The term 'referer ' is not [ wikipedia.org ] a typo ( at least , not in this article ) .</tokentext>
<sentencetext>For all that are hypersensitive to misspellings.
The term 'referer' is not [wikipedia.org] a typo (at least, not in this article).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023694</id>
	<title>Re:orly?</title>
	<author>Yaa 101</author>
	<datestamp>1265305560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why would you use a Windows desktop to manage Linux servers? I think that is totally ineffective.</p><p>But h&#233;, it's your setup and I won't be bothered with it.</p></htmltext>
<tokenext>Why would you use a Windows desktop to manage Linux servers ?
I think that is totally ineffective.But h   , it 's your setup and I wo n't be bothered with it .</tokentext>
<sentencetext>Why would you use a Windows desktop to manage Linux servers?
I think that is totally ineffective.But hé, it's your setup and I won't be bothered with it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022930</id>
	<title>Re:This hurts....</title>
	<author>Anonymous</author>
	<datestamp>1265302080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>No doubt... Me too... I guess this "method" of "safe" pic surfing isn't much of a secret, and thus been exploited.</p></htmltext>
<tokenext>No doubt... Me too... I guess this " method " of " safe " pic surfing is n't much of a secret , and thus been exploited .</tokentext>
<sentencetext>No doubt... Me too... I guess this "method" of "safe" pic surfing isn't much of a secret, and thus been exploited.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022848</id>
	<title>Why not buy mom antivirus?</title>
	<author>Anonymous</author>
	<datestamp>1265301600000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>The free antivirus packages are fine, there is no need to pay for one.</p></htmltext>
<tokenext>The free antivirus packages are fine , there is no need to pay for one .</tokentext>
<sentencetext>The free antivirus packages are fine, there is no need to pay for one.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31026928</id>
	<title>Re:We got hit by this</title>
	<author>Terrasque</author>
	<datestamp>1265277660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Hey, a fellow django'er<nobr> <wbr></nobr>:)</p><p>A bit off-topic, but do you load PHP in the same apache as you run your django project?<br>I've had some problems with that (shared libraries), plus I don't need php, so I usually turn it off.</p><p>As a side effect, it would help against such an attack too.</p></htmltext>
<tokenext>Hey , a fellow django'er : ) A bit off-topic , but do you load PHP in the same apache as you run your django project ? I 've had some problems with that ( shared libraries ) , plus I do n't need php , so I usually turn it off.As a side effect , it would help against such an attack too .</tokentext>
<sentencetext>Hey, a fellow django'er :)A bit off-topic, but do you load PHP in the same apache as you run your django project?I've had some problems with that (shared libraries), plus I don't need php, so I usually turn it off.As a side effect, it would help against such an attack too.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023788</id>
	<title>Re:This hurts....</title>
	<author>Anonymous</author>
	<datestamp>1265306100000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext>1:  Get a usenet account<br>
2:  Get a good binary usenet reader<br>
3:  ???<br>
4:  pro(n)fit!</htmltext>
<tokenext>1 : Get a usenet account 2 : Get a good binary usenet reader 3 : ? ? ?
4 : pro ( n ) fit !</tokentext>
<sentencetext>1:  Get a usenet account
2:  Get a good binary usenet reader
3:  ???
4:  pro(n)fit!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023900</id>
	<title>Re:orly?</title>
	<author>Anonymous</author>
	<datestamp>1265306700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>While I use Windows on the desktop to manage my linux servers like most admins, I find it hard to believe that 90\% of all break-ins were caused by an administrator's Windows box getting owned first, to capture their password/login info.  That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.  This would mean that 90\% of the pwned Linux servers are really the fault of Microsoft Windows, and just smacks of bogus accounting.</p></div><p>I am working as a technical support representative at one of the big players on the market. I confirm that 90\% of the compromised sites were attacked via stolen FTP login details. The rest of the hacks were as a result of poorly written php applications. So try to keep your PCs safe.</p></div>
	</htmltext>
<tokenext>While I use Windows on the desktop to manage my linux servers like most admins , I find it hard to believe that 90 \ % of all break-ins were caused by an administrator 's Windows box getting owned first , to capture their password/login info .
That means only 10 \ % of the boxes were directly attacked and owned , yet my logs show overwhelming amount of tries to do just that .
This would mean that 90 \ % of the pwned Linux servers are really the fault of Microsoft Windows , and just smacks of bogus accounting.I am working as a technical support representative at one of the big players on the market .
I confirm that 90 \ % of the compromised sites were attacked via stolen FTP login details .
The rest of the hacks were as a result of poorly written php applications .
So try to keep your PCs safe .</tokentext>
<sentencetext>While I use Windows on the desktop to manage my linux servers like most admins, I find it hard to believe that 90\% of all break-ins were caused by an administrator's Windows box getting owned first, to capture their password/login info.
That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.
This would mean that 90\% of the pwned Linux servers are really the fault of Microsoft Windows, and just smacks of bogus accounting.I am working as a technical support representative at one of the big players on the market.
I confirm that 90\% of the compromised sites were attacked via stolen FTP login details.
The rest of the hacks were as a result of poorly written php applications.
So try to keep your PCs safe.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31027318</id>
	<title>Re:orly?</title>
	<author>Anonymous</author>
	<datestamp>1265279340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The direct attacks are attempts to login to ssh using guessed passwords. To work there has to be a huge number of attempts, so it is not suprising he sees many of them. A spyware program requires very little communication and thus could be hundreds of times more effective with only a fraction of the visible traffic.</p><p>Still it would be difficult to tell a guessed password from one found by a spyware program, so I don't see how this 10\%/90\% ratio could be figured out.</p></htmltext>
<tokenext>The direct attacks are attempts to login to ssh using guessed passwords .
To work there has to be a huge number of attempts , so it is not suprising he sees many of them .
A spyware program requires very little communication and thus could be hundreds of times more effective with only a fraction of the visible traffic.Still it would be difficult to tell a guessed password from one found by a spyware program , so I do n't see how this 10 \ % /90 \ % ratio could be figured out .</tokentext>
<sentencetext>The direct attacks are attempts to login to ssh using guessed passwords.
To work there has to be a huge number of attempts, so it is not suprising he sees many of them.
A spyware program requires very little communication and thus could be hundreds of times more effective with only a fraction of the visible traffic.Still it would be difficult to tell a guessed password from one found by a spyware program, so I don't see how this 10\%/90\% ratio could be figured out.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023020</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850</id>
	<title>This hurts....</title>
	<author>Anonymous</author>
	<datestamp>1265301660000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext>Man, this is how I view my porn, and I use that method just to be safe!

What now<nobr> <wbr></nobr>:(</htmltext>
<tokenext>Man , this is how I view my porn , and I use that method just to be safe !
What now : (</tokentext>
<sentencetext>Man, this is how I view my porn, and I use that method just to be safe!
What now :(</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022662</id>
	<title>tl;dr</title>
	<author>Anonymous</author>
	<datestamp>1265300760000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Really?</p></htmltext>
<tokenext>Really ?</tokentext>
<sentencetext>Really?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31026806</id>
	<title>Greasemonkey solves this (for pic viewing)</title>
	<author>Anonymous</author>
	<datestamp>1265277180000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Firefox + Greasemonkey + "Google Image Search Direct Links"</p><p>That puts an extra link on each picture on the Google Image results. A link that just gives you the JPG and nothing else.</p></htmltext>
<tokenext>Firefox + Greasemonkey + " Google Image Search Direct Links " That puts an extra link on each picture on the Google Image results .
A link that just gives you the JPG and nothing else .</tokentext>
<sentencetext>Firefox + Greasemonkey + "Google Image Search Direct Links"That puts an extra link on each picture on the Google Image results.
A link that just gives you the JPG and nothing else.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022812</id>
	<title>spam the spammers</title>
	<author>Anonymous</author>
	<datestamp>1265301420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>mao\_reg@sina.com wants some free happy pills @ other wonderfull products since he likes to get email names off itunes somehow!</p><p>don't forget folks vote mao\_reg@sina.com for schmuck of the year and add him to anything you can.</p><p>mao\_reg@sina.com</p><p>
&nbsp; oh did I forget to say</p><p>mao\_reg@sina.com</p></htmltext>
<tokenext>mao \ _reg @ sina.com wants some free happy pills @ other wonderfull products since he likes to get email names off itunes somehow ! do n't forget folks vote mao \ _reg @ sina.com for schmuck of the year and add him to anything you can.mao \ _reg @ sina.com   oh did I forget to saymao \ _reg @ sina.com</tokentext>
<sentencetext>mao\_reg@sina.com wants some free happy pills @ other wonderfull products since he likes to get email names off itunes somehow!don't forget folks vote mao\_reg@sina.com for schmuck of the year and add him to anything you can.mao\_reg@sina.com
  oh did I forget to saymao\_reg@sina.com</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023866</id>
	<title>Nice detective work!</title>
	<author>HikingStick</author>
	<datestamp>1265306520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Kudos on the work you did to figure this one out! I appreciate the time you took to investigate this one.</htmltext>
<tokenext>Kudos on the work you did to figure this one out !
I appreciate the time you took to investigate this one .</tokentext>
<sentencetext>Kudos on the work you did to figure this one out!
I appreciate the time you took to investigate this one.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024784</id>
	<title>SlashSEO?</title>
	<author>Anonymous</author>
	<datestamp>1265310600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>tradingblox, tradingblox, tradingblox. Is SlashSEO the new successor to the Slashvertisment?</htmltext>
<tokenext>tradingblox , tradingblox , tradingblox .
Is SlashSEO the new successor to the Slashvertisment ?</tokentext>
<sentencetext>tradingblox, tradingblox, tradingblox.
Is SlashSEO the new successor to the Slashvertisment?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31037630</id>
	<title>Re:And this is why I'm buying a Mac</title>
	<author>Anonymous</author>
	<datestamp>1265400060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Secure the Windows box better, and you won't have nearly as much headache.</p><p>I went from a phone call a week from the family with a virus to a call every 3-6 months because the computer's running slow.<br>The issue?<br>The primary user has admin rights, the kids do NOT.<br>The primary user either manages to have her password leak every 3-6 months (likely shoulder-surfed), or stupidly lets the kids use her account. The kids are smart enough to know that they can change user privs on their account, which will give them admin rights again, and manage to infect the system.<br>They can't double 3 finger salute the login screen, type Administrator, and hit enter -- I changed the password for that account so hard, <strong>I</strong> can't remember it.<br>I have an additional login on the system, hidden from the login screen, so the only way there is with the doubled three finger salute, typing my user and password, and waiting for the login.</p><p>I install their antivirus (avast, not AVG), and have a calendar set up to remind me 3 weeks before the subscription's expiration to drop by and renew for them, since they appear to be too dumb to call me when the sub expires, or to renew it themselves after being shown how.<br>Most of my calls and visits as of late have been not related to that computer, as a result.<br>It's nice.</p></htmltext>
<tokenext>Secure the Windows box better , and you wo n't have nearly as much headache.I went from a phone call a week from the family with a virus to a call every 3-6 months because the computer 's running slow.The issue ? The primary user has admin rights , the kids do NOT.The primary user either manages to have her password leak every 3-6 months ( likely shoulder-surfed ) , or stupidly lets the kids use her account .
The kids are smart enough to know that they can change user privs on their account , which will give them admin rights again , and manage to infect the system.They ca n't double 3 finger salute the login screen , type Administrator , and hit enter -- I changed the password for that account so hard , I ca n't remember it.I have an additional login on the system , hidden from the login screen , so the only way there is with the doubled three finger salute , typing my user and password , and waiting for the login.I install their antivirus ( avast , not AVG ) , and have a calendar set up to remind me 3 weeks before the subscription 's expiration to drop by and renew for them , since they appear to be too dumb to call me when the sub expires , or to renew it themselves after being shown how.Most of my calls and visits as of late have been not related to that computer , as a result.It 's nice .</tokentext>
<sentencetext>Secure the Windows box better, and you won't have nearly as much headache.I went from a phone call a week from the family with a virus to a call every 3-6 months because the computer's running slow.The issue?The primary user has admin rights, the kids do NOT.The primary user either manages to have her password leak every 3-6 months (likely shoulder-surfed), or stupidly lets the kids use her account.
The kids are smart enough to know that they can change user privs on their account, which will give them admin rights again, and manage to infect the system.They can't double 3 finger salute the login screen, type Administrator, and hit enter -- I changed the password for that account so hard, I can't remember it.I have an additional login on the system, hidden from the login screen, so the only way there is with the doubled three finger salute, typing my user and password, and waiting for the login.I install their antivirus (avast, not AVG), and have a calendar set up to remind me 3 weeks before the subscription's expiration to drop by and renew for them, since they appear to be too dumb to call me when the sub expires, or to renew it themselves after being shown how.Most of my calls and visits as of late have been not related to that computer, as a result.It's nice.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31034156</id>
	<title>Re:We got hit by this</title>
	<author>CoffeePlease</author>
	<datestamp>1265383440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'll add your post to the end of my article (with credit!), very helpful. Thanks!</htmltext>
<tokenext>I 'll add your post to the end of my article ( with credit !
) , very helpful .
Thanks !</tokentext>
<sentencetext>I'll add your post to the end of my article (with credit!
), very helpful.
Thanks!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025076</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31048768</id>
	<title>Re:And this is why I'm buying a Mac</title>
	<author>Anonymous</author>
	<datestamp>1265459160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Assuming that the user is not an administrator, you can simply log in as another user, rename the infected user's profile folder in "Documents and Settings" and then log in as that user again.  After the (previously infected) user's profile is recreated, copy his documents and favorites from the old profile to the new one (you can delete the old profile folder after you feel confident that you're not missing any files).  Most home users are administrators, so this process doesn't really help, but in a corporate environment, it saves lots of time and effort!</p></htmltext>
<tokenext>Assuming that the user is not an administrator , you can simply log in as another user , rename the infected user 's profile folder in " Documents and Settings " and then log in as that user again .
After the ( previously infected ) user 's profile is recreated , copy his documents and favorites from the old profile to the new one ( you can delete the old profile folder after you feel confident that you 're not missing any files ) .
Most home users are administrators , so this process does n't really help , but in a corporate environment , it saves lots of time and effort !</tokentext>
<sentencetext>Assuming that the user is not an administrator, you can simply log in as another user, rename the infected user's profile folder in "Documents and Settings" and then log in as that user again.
After the (previously infected) user's profile is recreated, copy his documents and favorites from the old profile to the new one (you can delete the old profile folder after you feel confident that you're not missing any files).
Most home users are administrators, so this process doesn't really help, but in a corporate environment, it saves lots of time and effort!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31027416</id>
	<title>Change result to giant image</title>
	<author>vuo</author>
	<datestamp>1265280060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I never understood why Google wants to load the site as a frame, which is unimaginably distracting and often the image is difficult to find. Rather, if they took a screenshot into the cache and moved the cursor automatically to the image, then it'd be more convenient, more reliable and safer.</p></htmltext>
<tokenext>I never understood why Google wants to load the site as a frame , which is unimaginably distracting and often the image is difficult to find .
Rather , if they took a screenshot into the cache and moved the cursor automatically to the image , then it 'd be more convenient , more reliable and safer .</tokentext>
<sentencetext>I never understood why Google wants to load the site as a frame, which is unimaginably distracting and often the image is difficult to find.
Rather, if they took a screenshot into the cache and moved the cursor automatically to the image, then it'd be more convenient, more reliable and safer.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023246</id>
	<title>Re:Should Be Shot</title>
	<author>Mister Whirly</author>
	<datestamp>1265303460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yes, becasue over reacting and making the punishment much worse than the crime is ALWAYS a good idea.<br> <br>
 I also say execution for jaywalking, littering, and spitting in public.</htmltext>
<tokenext>Yes , becasue over reacting and making the punishment much worse than the crime is ALWAYS a good idea .
I also say execution for jaywalking , littering , and spitting in public .</tokentext>
<sentencetext>Yes, becasue over reacting and making the punishment much worse than the crime is ALWAYS a good idea.
I also say execution for jaywalking, littering, and spitting in public.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023874</id>
	<title>link redirects to US based hosters</title>
	<author>Anonymous</author>
	<datestamp>1265306520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>looking at the searchXX.in url mentioned the URL redirects according to its input<br>in each case they are hosted in USA</p><p><a href="http://www.robtex.com/dns/newbluepill.com.html#records" title="robtex.com" rel="nofollow">http://www.robtex.com/dns/newbluepill.com.html#records</a> [robtex.com]</p><p>why the FBI/CIA doesnt get involved i dunno, seems a simple job to catch em (just like the 419s) just follow the money and round them up</p></htmltext>
<tokenext>looking at the searchXX.in url mentioned the URL redirects according to its inputin each case they are hosted in USAhttp : //www.robtex.com/dns/newbluepill.com.html # records [ robtex.com ] why the FBI/CIA doesnt get involved i dunno , seems a simple job to catch em ( just like the 419s ) just follow the money and round them up</tokentext>
<sentencetext>looking at the searchXX.in url mentioned the URL redirects according to its inputin each case they are hosted in USAhttp://www.robtex.com/dns/newbluepill.com.html#records [robtex.com]why the FBI/CIA doesnt get involved i dunno, seems a simple job to catch em (just like the 419s) just follow the money and round them up</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024314</id>
	<title>Re:orly?</title>
	<author>Anonymous</author>
	<datestamp>1265308560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I am the exact opposite.  I use my Linux laptop to manage my Windows machines at work.</p><p>Cisco Anyconnect VPN to attach to our corporate network when needed.<br>VMVware View open client for access to our VM View structure of desktops/servers (which are mostly Windows)<br>Terminal Server Client for remote access to the Windows machines<br>Citrix Client for remote apps and access<br>SSH for administrating the Linux machines.<br>I'm sure I could configure Evolution to attach to our Exchange server but I can use the web interface or open up native Outlook on a desktop I'm connected to.</p><p>Yes, native tools might have an advantage but 95\% of my administration work is remote anyway so attaching remotely from my Linux machine or from another Windows machine is no different.</p></htmltext>
<tokenext>I am the exact opposite .
I use my Linux laptop to manage my Windows machines at work.Cisco Anyconnect VPN to attach to our corporate network when needed.VMVware View open client for access to our VM View structure of desktops/servers ( which are mostly Windows ) Terminal Server Client for remote access to the Windows machinesCitrix Client for remote apps and accessSSH for administrating the Linux machines.I 'm sure I could configure Evolution to attach to our Exchange server but I can use the web interface or open up native Outlook on a desktop I 'm connected to.Yes , native tools might have an advantage but 95 \ % of my administration work is remote anyway so attaching remotely from my Linux machine or from another Windows machine is no different .</tokentext>
<sentencetext>I am the exact opposite.
I use my Linux laptop to manage my Windows machines at work.Cisco Anyconnect VPN to attach to our corporate network when needed.VMVware View open client for access to our VM View structure of desktops/servers (which are mostly Windows)Terminal Server Client for remote access to the Windows machinesCitrix Client for remote apps and accessSSH for administrating the Linux machines.I'm sure I could configure Evolution to attach to our Exchange server but I can use the web interface or open up native Outlook on a desktop I'm connected to.Yes, native tools might have an advantage but 95\% of my administration work is remote anyway so attaching remotely from my Linux machine or from another Windows machine is no different.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023040</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</id>
	<title>orly?</title>
	<author>Anonymous</author>
	<datestamp>1265301540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>While I use Windows on the desktop to manage my linux servers like most admins, I find it hard to believe that 90\% of all break-ins were caused by an administrator's Windows box getting owned first, to capture their password/login info.  That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.  This would mean that 90\% of the pwned Linux servers are really the fault of Microsoft Windows, and just smacks of bogus accounting.</p></htmltext>
<tokenext>While I use Windows on the desktop to manage my linux servers like most admins , I find it hard to believe that 90 \ % of all break-ins were caused by an administrator 's Windows box getting owned first , to capture their password/login info .
That means only 10 \ % of the boxes were directly attacked and owned , yet my logs show overwhelming amount of tries to do just that .
This would mean that 90 \ % of the pwned Linux servers are really the fault of Microsoft Windows , and just smacks of bogus accounting .</tokentext>
<sentencetext>While I use Windows on the desktop to manage my linux servers like most admins, I find it hard to believe that 90\% of all break-ins were caused by an administrator's Windows box getting owned first, to capture their password/login info.
That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.
This would mean that 90\% of the pwned Linux servers are really the fault of Microsoft Windows, and just smacks of bogus accounting.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31034558</id>
	<title>Re:We got hit by this</title>
	<author>Anonymous</author>
	<datestamp>1265385780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><i>Something you may consider: make a backup of a known-good<nobr> <wbr></nobr>.htaccess, and set up a cronjob to `diff --brief` the two frequently and email you if they're not the same. I've done this with a list of all the PHP files in my account on a shared server:</i> <br>
<br>
Another alternative as a more general purpose solution is to install FSVS and version control the entire system.  (Excluding things that change frequently, like<nobr> <wbr></nobr>/home or<nobr> <wbr></nobr>/media and things like<nobr> <wbr></nobr>/tmp,<nobr> <wbr></nobr>/dev,<nobr> <wbr></nobr>/proc,<nobr> <wbr></nobr>/var/log and<nobr> <wbr></nobr>/sys.)  Most Linux servers will compress down to a few GB of installed files and config files when stored in the SVN back-end repository.  Setup a cronjob to snapshot the system daily to capture the new state of any files that have changed.<br>
<br>
It's a lot harder to corrupt a remote SVN repository, so it provides a decent tripwire and audit trail.  Most attackers won't know you're using FSVS as it's fairly niche.  You get to use all of the nice SVN tools to do analysis and review of the server changes.  It also gives you a quick way to keep track of changes that you specifically made to the server.<br>
<br>
# cd<nobr> <wbr></nobr>/etc/postfix<br>
(make changes to files)<br>
# fsvs ci -m "made such-and-such changes for reason XYZ"<br>
<br>
All Linux servers should be version controlled.  If not for security reasons then for your own sanity.  Being able to look back on 2-3 years worth of server config changes and see that you changed setting ABC on a particular date is very handy when troubleshooting.</htmltext>
<tokenext>Something you may consider : make a backup of a known-good .htaccess , and set up a cronjob to ` diff --brief ` the two frequently and email you if they 're not the same .
I 've done this with a list of all the PHP files in my account on a shared server : Another alternative as a more general purpose solution is to install FSVS and version control the entire system .
( Excluding things that change frequently , like /home or /media and things like /tmp , /dev , /proc , /var/log and /sys .
) Most Linux servers will compress down to a few GB of installed files and config files when stored in the SVN back-end repository .
Setup a cronjob to snapshot the system daily to capture the new state of any files that have changed .
It 's a lot harder to corrupt a remote SVN repository , so it provides a decent tripwire and audit trail .
Most attackers wo n't know you 're using FSVS as it 's fairly niche .
You get to use all of the nice SVN tools to do analysis and review of the server changes .
It also gives you a quick way to keep track of changes that you specifically made to the server .
# cd /etc/postfix ( make changes to files ) # fsvs ci -m " made such-and-such changes for reason XYZ " All Linux servers should be version controlled .
If not for security reasons then for your own sanity .
Being able to look back on 2-3 years worth of server config changes and see that you changed setting ABC on a particular date is very handy when troubleshooting .</tokentext>
<sentencetext>Something you may consider: make a backup of a known-good .htaccess, and set up a cronjob to `diff --brief` the two frequently and email you if they're not the same.
I've done this with a list of all the PHP files in my account on a shared server: 

Another alternative as a more general purpose solution is to install FSVS and version control the entire system.
(Excluding things that change frequently, like /home or /media and things like /tmp, /dev, /proc, /var/log and /sys.
)  Most Linux servers will compress down to a few GB of installed files and config files when stored in the SVN back-end repository.
Setup a cronjob to snapshot the system daily to capture the new state of any files that have changed.
It's a lot harder to corrupt a remote SVN repository, so it provides a decent tripwire and audit trail.
Most attackers won't know you're using FSVS as it's fairly niche.
You get to use all of the nice SVN tools to do analysis and review of the server changes.
It also gives you a quick way to keep track of changes that you specifically made to the server.
# cd /etc/postfix
(make changes to files)
# fsvs ci -m "made such-and-such changes for reason XYZ"

All Linux servers should be version controlled.
If not for security reasons then for your own sanity.
Being able to look back on 2-3 years worth of server config changes and see that you changed setting ABC on a particular date is very handy when troubleshooting.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025076</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023842</id>
	<title>Re:And this is why I'm buying a Mac</title>
	<author>Anonymous</author>
	<datestamp>1265306400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Suck less I guess.</p><p>I've been using Windows on my personal machine for years and haven't had a virus. Just because you install all those lovely security programs doesn't mean they can catch everything. Don't be stupid in your browsing habits and you greatly reduce your chance of getting infected.</p></htmltext>
<tokenext>Suck less I guess.I 've been using Windows on my personal machine for years and have n't had a virus .
Just because you install all those lovely security programs does n't mean they can catch everything .
Do n't be stupid in your browsing habits and you greatly reduce your chance of getting infected .</tokentext>
<sentencetext>Suck less I guess.I've been using Windows on my personal machine for years and haven't had a virus.
Just because you install all those lovely security programs doesn't mean they can catch everything.
Don't be stupid in your browsing habits and you greatly reduce your chance of getting infected.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023506</id>
	<title>Re:And this is why I'm buying a Mac</title>
	<author>NatasRevol</author>
	<datestamp>1265304660000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>I've always said...Windows is cheaper if your time is worth nothing.  Wipe &amp; reinstall is your wasted time.  That and fighting all those viruses/malware/spyware/etc.<br><br>Macs aren't perfect, but you spend a LOT less time trying to make &amp; keep your system secure.</htmltext>
<tokenext>I 've always said...Windows is cheaper if your time is worth nothing .
Wipe &amp; reinstall is your wasted time .
That and fighting all those viruses/malware/spyware/etc.Macs are n't perfect , but you spend a LOT less time trying to make &amp; keep your system secure .</tokentext>
<sentencetext>I've always said...Windows is cheaper if your time is worth nothing.
Wipe &amp; reinstall is your wasted time.
That and fighting all those viruses/malware/spyware/etc.Macs aren't perfect, but you spend a LOT less time trying to make &amp; keep your system secure.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31030744</id>
	<title>Re:orly?</title>
	<author>Anonymous</author>
	<datestamp>1265302140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That's what I do... Terminal session from a Win 7 machine.</p></htmltext>
<tokenext>That 's what I do... Terminal session from a Win 7 machine .</tokentext>
<sentencetext>That's what I do... Terminal session from a Win 7 machine.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023694</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950</id>
	<title>Windoze an issue again?</title>
	<author>Marcus Erroneous</author>
	<datestamp>1265302200000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>Okay, insert obligatory "One more reason not to use Windows" comment here, after all, this is Slashdork.<br>
&nbsp; &nbsp; &nbsp; Yup, Linux and OSX can get infected as well, but it's harder to do so. Especially if you approach it from the point of view that it can happen to you. If you just have to use a Windoze tool, do it via a VM of some sort, pick your fave brand of VM to do so. Some tools (native VMware VI management tools) are only available for Windoze, so I use a VM to run those tools. Other than that, there are options, even for those poor admins that are CLI challenged, for managing stuff without using Windows.<br>
&nbsp; &nbsp; &nbsp; If you just have to use Windoze because all us Linux g33ks are really l4m3rz and Windoze really is the sh1tz, then Obi Wan, use your mastery of that platform and show us that you're not just all hat and no cattle. Put in the extra time and effort to use your platform of choice without contributing to the delinquency of those less enlightened than you who think that your site is safe.</p></htmltext>
<tokenext>Okay , insert obligatory " One more reason not to use Windows " comment here , after all , this is Slashdork .
      Yup , Linux and OSX can get infected as well , but it 's harder to do so .
Especially if you approach it from the point of view that it can happen to you .
If you just have to use a Windoze tool , do it via a VM of some sort , pick your fave brand of VM to do so .
Some tools ( native VMware VI management tools ) are only available for Windoze , so I use a VM to run those tools .
Other than that , there are options , even for those poor admins that are CLI challenged , for managing stuff without using Windows .
      If you just have to use Windoze because all us Linux g33ks are really l4m3rz and Windoze really is the sh1tz , then Obi Wan , use your mastery of that platform and show us that you 're not just all hat and no cattle .
Put in the extra time and effort to use your platform of choice without contributing to the delinquency of those less enlightened than you who think that your site is safe .</tokentext>
<sentencetext>Okay, insert obligatory "One more reason not to use Windows" comment here, after all, this is Slashdork.
      Yup, Linux and OSX can get infected as well, but it's harder to do so.
Especially if you approach it from the point of view that it can happen to you.
If you just have to use a Windoze tool, do it via a VM of some sort, pick your fave brand of VM to do so.
Some tools (native VMware VI management tools) are only available for Windoze, so I use a VM to run those tools.
Other than that, there are options, even for those poor admins that are CLI challenged, for managing stuff without using Windows.
      If you just have to use Windoze because all us Linux g33ks are really l4m3rz and Windoze really is the sh1tz, then Obi Wan, use your mastery of that platform and show us that you're not just all hat and no cattle.
Put in the extra time and effort to use your platform of choice without contributing to the delinquency of those less enlightened than you who think that your site is safe.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023082</id>
	<title>Re:Microsoft should complain</title>
	<author>Anonymous</author>
	<datestamp>1265302740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>yahoo uses Bing?</p></htmltext>
<tokenext>yahoo uses Bing ?</tokentext>
<sentencetext>yahoo uses Bing?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022924</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022964</id>
	<title>Re:This hurts....</title>
	<author>Anonymous</author>
	<datestamp>1265302260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Well, i'm pretty sure NoScript still works.<br>Even if you don't use Firefox, you can still have a portable version sitting around with NoScript for the sake of browsing unsafe sites.</p></htmltext>
<tokenext>Well , i 'm pretty sure NoScript still works.Even if you do n't use Firefox , you can still have a portable version sitting around with NoScript for the sake of browsing unsafe sites .</tokentext>
<sentencetext>Well, i'm pretty sure NoScript still works.Even if you don't use Firefox, you can still have a portable version sitting around with NoScript for the sake of browsing unsafe sites.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022990</id>
	<title>Re:This hurts....</title>
	<author>Thanshin</author>
	<datestamp>1265302380000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Man, this is how I view my porn, and I use that method just to be safe! What now<nobr> <wbr></nobr>:(</p></div><p>A live disc?</p></div>
	</htmltext>
<tokenext>Man , this is how I view my porn , and I use that method just to be safe !
What now : ( A live disc ?</tokentext>
<sentencetext>Man, this is how I view my porn, and I use that method just to be safe!
What now :(A live disc?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31037156</id>
	<title>Re:Should Be Shot</title>
	<author>Anonymous</author>
	<datestamp>1265397780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I tend to think we should sometimes thank those magnificent bastards, for without their villainy, many of us would be without jobs.</p><p>I'd thank them for keeping it simple, though. My workload just spiked, and I need a break from it all.</p></htmltext>
<tokenext>I tend to think we should sometimes thank those magnificent bastards , for without their villainy , many of us would be without jobs.I 'd thank them for keeping it simple , though .
My workload just spiked , and I need a break from it all .</tokentext>
<sentencetext>I tend to think we should sometimes thank those magnificent bastards, for without their villainy, many of us would be without jobs.I'd thank them for keeping it simple, though.
My workload just spiked, and I need a break from it all.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024252</id>
	<title>Ya rly.</title>
	<author>RulerOf</author>
	<datestamp>1265308320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>This would mean that 90\% of the pwned Linux servers are really the fault of Microsoft Windows</p></div><p>You mean to say that such servers' pwned state is the result of improper security practices on the result of a Windows <i>user</i>.   [/pedant]<br> <br>In all likelihood, I don't see why this wouldn't be the case.  Unless these sites are running some type of publicly available CMS product, like Wordpress or Joomla, chances are good that these sites are uploaded via FTP.  There was a feature on Slashdot, it may have been Mr. Hassleton's writing, too, saying that certain types of trojans will scan your incoming and outgoing traffic, looking for FTP sessions and plucking out the credentials.  Such is particularly easy, too, because FTP authentication and traffic is completely unencrypted.<br> <br>Based on what I've read here and from how prolific the archaic security nightmare known as FTP is, I'd say it's quite plausible.</p></div>
	</htmltext>
<tokenext>This would mean that 90 \ % of the pwned Linux servers are really the fault of Microsoft WindowsYou mean to say that such servers ' pwned state is the result of improper security practices on the result of a Windows user .
[ /pedant ] In all likelihood , I do n't see why this would n't be the case .
Unless these sites are running some type of publicly available CMS product , like Wordpress or Joomla , chances are good that these sites are uploaded via FTP .
There was a feature on Slashdot , it may have been Mr. Hassleton 's writing , too , saying that certain types of trojans will scan your incoming and outgoing traffic , looking for FTP sessions and plucking out the credentials .
Such is particularly easy , too , because FTP authentication and traffic is completely unencrypted .
Based on what I 've read here and from how prolific the archaic security nightmare known as FTP is , I 'd say it 's quite plausible .</tokentext>
<sentencetext>This would mean that 90\% of the pwned Linux servers are really the fault of Microsoft WindowsYou mean to say that such servers' pwned state is the result of improper security practices on the result of a Windows user.
[/pedant] In all likelihood, I don't see why this wouldn't be the case.
Unless these sites are running some type of publicly available CMS product, like Wordpress or Joomla, chances are good that these sites are uploaded via FTP.
There was a feature on Slashdot, it may have been Mr. Hassleton's writing, too, saying that certain types of trojans will scan your incoming and outgoing traffic, looking for FTP sessions and plucking out the credentials.
Such is particularly easy, too, because FTP authentication and traffic is completely unencrypted.
Based on what I've read here and from how prolific the archaic security nightmare known as FTP is, I'd say it's quite plausible.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022980</id>
	<title>Re:orly?</title>
	<author>Anonymous</author>
	<datestamp>1265302320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.</p></div><p>Do you mean those ssh brute force attacks? As I have disabled password authentication, I don't count them as real attacks.</p></div>
	</htmltext>
<tokenext>That means only 10 \ % of the boxes were directly attacked and owned , yet my logs show overwhelming amount of tries to do just that.Do you mean those ssh brute force attacks ?
As I have disabled password authentication , I do n't count them as real attacks .</tokentext>
<sentencetext>That means only 10\% of the boxes were directly attacked and owned, yet my logs show overwhelming amount of tries to do just that.Do you mean those ssh brute force attacks?
As I have disabled password authentication, I don't count them as real attacks.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023020</id>
	<title>Re:orly?</title>
	<author>T Murphy</author>
	<datestamp>1265302500000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I don't know linux and the malware fight very well, but are those direct attacks intended to work on Windows machines, so that those 10\% are the only attacks that even work against a linux box?<br> <br>
As a slashdot reader who doesn't know much about linux, it often sounds like linux is this magical program that can't do wrong, so clarification for the under-informed would be helpful.</htmltext>
<tokenext>I do n't know linux and the malware fight very well , but are those direct attacks intended to work on Windows machines , so that those 10 \ % are the only attacks that even work against a linux box ?
As a slashdot reader who does n't know much about linux , it often sounds like linux is this magical program that ca n't do wrong , so clarification for the under-informed would be helpful .</tokentext>
<sentencetext>I don't know linux and the malware fight very well, but are those direct attacks intended to work on Windows machines, so that those 10\% are the only attacks that even work against a linux box?
As a slashdot reader who doesn't know much about linux, it often sounds like linux is this magical program that can't do wrong, so clarification for the under-informed would be helpful.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023132</id>
	<title>Wow</title>
	<author>uvsc\_wolverine</author>
	<datestamp>1265302980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yeah, this is pretty scummy.  But I've gotta admit, it's also pretty creative.</htmltext>
<tokenext>Yeah , this is pretty scummy .
But I 've got ta admit , it 's also pretty creative .</tokentext>
<sentencetext>Yeah, this is pretty scummy.
But I've gotta admit, it's also pretty creative.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31027162</id>
	<title>All this to say...</title>
	<author>hesaigo999ca</author>
	<datestamp>1265278680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>All this to say in a few rods, do not click on any link from google ads or link pages....always use the proper url.</p></htmltext>
<tokenext>All this to say in a few rods , do not click on any link from google ads or link pages....always use the proper url .</tokentext>
<sentencetext>All this to say in a few rods, do not click on any link from google ads or link pages....always use the proper url.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025902</id>
	<title>Re:We got hit by this</title>
	<author>UnmaskParasites</author>
	<datestamp>1265316720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Thanks for sharing this story.</p><p>Did you find and save that <b>7\_22-5.class.php</b> file? It would be interesting to see what exactly they tried to achieve.<br>You can post the code (if it's short and not outright malicious) here or contact me directly using this form<br><a href="http://www.unmaskparasites.com/contact/" title="unmaskparasites.com" rel="nofollow">http://www.unmaskparasites.com/contact/</a> [unmaskparasites.com]</p><p>Thanks,<br>Denis</p></htmltext>
<tokenext>Thanks for sharing this story.Did you find and save that 7 \ _22-5.class.php file ?
It would be interesting to see what exactly they tried to achieve.You can post the code ( if it 's short and not outright malicious ) here or contact me directly using this formhttp : //www.unmaskparasites.com/contact/ [ unmaskparasites.com ] Thanks,Denis</tokentext>
<sentencetext>Thanks for sharing this story.Did you find and save that 7\_22-5.class.php file?
It would be interesting to see what exactly they tried to achieve.You can post the code (if it's short and not outright malicious) here or contact me directly using this formhttp://www.unmaskparasites.com/contact/ [unmaskparasites.com]Thanks,Denis</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778</id>
	<title>Should Be Shot</title>
	<author>Anonymous</author>
	<datestamp>1265301300000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Malware and Virus authors should be lined up against a wall and shot. They are cancers and need to be irradiated.</p></htmltext>
<tokenext>Malware and Virus authors should be lined up against a wall and shot .
They are cancers and need to be irradiated .</tokentext>
<sentencetext>Malware and Virus authors should be lined up against a wall and shot.
They are cancers and need to be irradiated.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024512</id>
	<title>Re:Swimming against the current</title>
	<author>RulerOf</author>
	<datestamp>1265309340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It's not that hitting <i>all</i> surfers would yield fewer attack victims in a given amount of time, it's that hitting all of them means that the malicious code is more likely to get caught by an admin.  If the malicious code is only active for 24 hours but hits everyone, chances are low that such code will actually result in a successful attack.  However, if it can linger for longer periods of time, months or years, <i>and</i> simultaneously evade safe-browsing filters provided by MS/Google/Mozilla, that's likely going to be enough time for a stray IE6 user to wander into something he shouldn't (which is every URI beginning with "http://", so Slashdot tells me).</htmltext>
<tokenext>It 's not that hitting all surfers would yield fewer attack victims in a given amount of time , it 's that hitting all of them means that the malicious code is more likely to get caught by an admin .
If the malicious code is only active for 24 hours but hits everyone , chances are low that such code will actually result in a successful attack .
However , if it can linger for longer periods of time , months or years , and simultaneously evade safe-browsing filters provided by MS/Google/Mozilla , that 's likely going to be enough time for a stray IE6 user to wander into something he should n't ( which is every URI beginning with " http : // " , so Slashdot tells me ) .</tokentext>
<sentencetext>It's not that hitting all surfers would yield fewer attack victims in a given amount of time, it's that hitting all of them means that the malicious code is more likely to get caught by an admin.
If the malicious code is only active for 24 hours but hits everyone, chances are low that such code will actually result in a successful attack.
However, if it can linger for longer periods of time, months or years, and simultaneously evade safe-browsing filters provided by MS/Google/Mozilla, that's likely going to be enough time for a stray IE6 user to wander into something he shouldn't (which is every URI beginning with "http://", so Slashdot tells me).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023006</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31051714</id>
	<title>Yup, Linux and OSX can get infected as well</title>
	<author>Anonymous</author>
	<datestamp>1265547660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That's all we needed to hear, an admittance of truth on your part (per my subject-line above, which is a quote of your own words)...</p><p>Continuing that "trend" next below too:</p><div class="quote"><p><b>"but it's harder to do so"</b> - by Marcus Erroneous (11660) on Thursday February 04, @10:50AM (#31022950) Homepage</p></div><p>Oh, really?</p><p>Tell us: <b>Does javascript run on Linux &amp;/or OS X??</b></p><p>(If so, and it IS so - Then please, tell us this then: So, how is it any more difficult to infect those 2 *NIX based OS derivants then, than it is using javascript to do so in Windows???)</p><p>APK</p><p>P.S.=&gt; You guys who are part of the "Pro-*NIX" crew around here are totally unbelieveable @ times...</p><p>What I don't think you guys understand is that the main tool used to do these attacks on Windows also exists on *NIX variants too, and can be used against them also the same way it is on Windows by malicious coders! Personally, I think you ALL understand that well enough, but you often "conveniently omit" that fact is all, to spread more "FUD" propoganda around against Windows.</p><p>E.G.-&gt; I think if there EVER is a "this is the year of [insert *NIX variant here]", and when your (if ever, probably never) *NIX variant of choice becomes the most used OS there is for personal computing as Windows is now, well... then, I think that you're all in for a HUGE surprise (as Apple found out w/ MacOS X in fact - they began turning up maliciously coded exploits like worms etc. et al once they gained more market share - based largely on PURE B.S. on their commercials of "You're a PC, I'm a Mac") when you will find your "*NIX variant of choice" being assaulted in the SAME MANNER &amp; using the SAME TOOLS (javascript being the main 'culprit'), and mainly because your *NIX variant of choice would be the most used OS out there for personal computing.</p><p>(Which javascript is definitely used against Windows for malicious purposes, especially via webbrowsers, HTML scriptable email, &amp; Adobe<nobr> <wbr></nobr>.pdf + flash exploits combined with javascript malicious code - simply because Windows has the MAJORITY OF MARKETSHARE OUT THERE, @ 95\% OR BETTER - that said, why on earth do you think malware makers target Windows then???? Because it's the most used &amp; like any criminal, let's say a pickpocket????? They gather where the most others gather to take advantage of them, like most criminals do! Pickpockets are after your CA$H, just like webcriminals are, &amp; both do not gather to attack just 1 person, but entire crowds (from a single attack codebase - so they target the biggest crowd possible "from 1 shot" (1 codebase) is all - to max out their criminal enterprises' 'attack surface area'))... apk</p></div>
	</htmltext>
<tokenext>That 's all we needed to hear , an admittance of truth on your part ( per my subject-line above , which is a quote of your own words ) ...Continuing that " trend " next below too : " but it 's harder to do so " - by Marcus Erroneous ( 11660 ) on Thursday February 04 , @ 10 : 50AM ( # 31022950 ) HomepageOh , really ? Tell us : Does javascript run on Linux &amp;/or OS X ? ?
( If so , and it IS so - Then please , tell us this then : So , how is it any more difficult to infect those 2 * NIX based OS derivants then , than it is using javascript to do so in Windows ? ? ?
) APKP.S. = &gt; You guys who are part of the " Pro- * NIX " crew around here are totally unbelieveable @ times...What I do n't think you guys understand is that the main tool used to do these attacks on Windows also exists on * NIX variants too , and can be used against them also the same way it is on Windows by malicious coders !
Personally , I think you ALL understand that well enough , but you often " conveniently omit " that fact is all , to spread more " FUD " propoganda around against Windows.E.G.- &gt; I think if there EVER is a " this is the year of [ insert * NIX variant here ] " , and when your ( if ever , probably never ) * NIX variant of choice becomes the most used OS there is for personal computing as Windows is now , well... then , I think that you 're all in for a HUGE surprise ( as Apple found out w/ MacOS X in fact - they began turning up maliciously coded exploits like worms etc .
et al once they gained more market share - based largely on PURE B.S .
on their commercials of " You 're a PC , I 'm a Mac " ) when you will find your " * NIX variant of choice " being assaulted in the SAME MANNER &amp; using the SAME TOOLS ( javascript being the main 'culprit ' ) , and mainly because your * NIX variant of choice would be the most used OS out there for personal computing .
( Which javascript is definitely used against Windows for malicious purposes , especially via webbrowsers , HTML scriptable email , &amp; Adobe .pdf + flash exploits combined with javascript malicious code - simply because Windows has the MAJORITY OF MARKETSHARE OUT THERE , @ 95 \ % OR BETTER - that said , why on earth do you think malware makers target Windows then ? ? ? ?
Because it 's the most used &amp; like any criminal , let 's say a pickpocket ? ? ? ? ?
They gather where the most others gather to take advantage of them , like most criminals do !
Pickpockets are after your CA $ H , just like webcriminals are , &amp; both do not gather to attack just 1 person , but entire crowds ( from a single attack codebase - so they target the biggest crowd possible " from 1 shot " ( 1 codebase ) is all - to max out their criminal enterprises ' 'attack surface area ' ) ) ... apk</tokentext>
<sentencetext>That's all we needed to hear, an admittance of truth on your part (per my subject-line above, which is a quote of your own words)...Continuing that "trend" next below too:"but it's harder to do so" - by Marcus Erroneous (11660) on Thursday February 04, @10:50AM (#31022950) HomepageOh, really?Tell us: Does javascript run on Linux &amp;/or OS X??
(If so, and it IS so - Then please, tell us this then: So, how is it any more difficult to infect those 2 *NIX based OS derivants then, than it is using javascript to do so in Windows???
)APKP.S.=&gt; You guys who are part of the "Pro-*NIX" crew around here are totally unbelieveable @ times...What I don't think you guys understand is that the main tool used to do these attacks on Windows also exists on *NIX variants too, and can be used against them also the same way it is on Windows by malicious coders!
Personally, I think you ALL understand that well enough, but you often "conveniently omit" that fact is all, to spread more "FUD" propoganda around against Windows.E.G.-&gt; I think if there EVER is a "this is the year of [insert *NIX variant here]", and when your (if ever, probably never) *NIX variant of choice becomes the most used OS there is for personal computing as Windows is now, well... then, I think that you're all in for a HUGE surprise (as Apple found out w/ MacOS X in fact - they began turning up maliciously coded exploits like worms etc.
et al once they gained more market share - based largely on PURE B.S.
on their commercials of "You're a PC, I'm a Mac") when you will find your "*NIX variant of choice" being assaulted in the SAME MANNER &amp; using the SAME TOOLS (javascript being the main 'culprit'), and mainly because your *NIX variant of choice would be the most used OS out there for personal computing.
(Which javascript is definitely used against Windows for malicious purposes, especially via webbrowsers, HTML scriptable email, &amp; Adobe .pdf + flash exploits combined with javascript malicious code - simply because Windows has the MAJORITY OF MARKETSHARE OUT THERE, @ 95\% OR BETTER - that said, why on earth do you think malware makers target Windows then????
Because it's the most used &amp; like any criminal, let's say a pickpocket?????
They gather where the most others gather to take advantage of them, like most criminals do!
Pickpockets are after your CA$H, just like webcriminals are, &amp; both do not gather to attack just 1 person, but entire crowds (from a single attack codebase - so they target the biggest crowd possible "from 1 shot" (1 codebase) is all - to max out their criminal enterprises' 'attack surface area'))... apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700</id>
	<title>We got hit by this</title>
	<author>hedronist</author>
	<datestamp>1265305620000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>
We get so many 404s because of probes from random script kiddies that I tend to ignore that part of the daily log scan -- big mistake. (I have my own link checker so I know that all of the <i>real</i> URLs are correct and functioning.) It wasn't until the site owner said that we seemed to have dropped off the search results at Google that we knew something was wrong. I couldn't figure out why and spent quite a bit of time banging my head against random walls.
</p><p>
Although I had looked at the logs I was mostly looking for 500 errors. I finally started to focus on the 404s and little bells started going off when I saw a whole bunch of them for msnbot. And then I saw a whole bunch for googlebot. And then I noticed that they were all under our<nobr> <wbr></nobr>/media path. I immediately started checking all of the URLs that had 404ed and they all worked fine.
Google was also reporting that they were getting a 404 on our sitemap.xml. Shit! I tested it with their 'Test you URL' page and it worked, so I resubmitted it and<nobr> <wbr></nobr>... it 404ed! WTF? (I'm still not sure why this got snarled with sitemap.xml, but it was involved.)
</p><p>
I went and took a long, hot shower -- this is my place of refuge and deep thinking. The question was: what could cause all of these errors for the spider-bots, but not produce them for me or any normal human? I looked like a prune by the time it hit me: they weren't seeing the same pages/files I was. How could <i>that</i> happen? If this was a networking problem it would already be smelling like a firewall issue of some sort -- the unseen middleman.
</p><p>
I should mention here that this is a Django site, which means I'm pretty much all over the URLs coming in<nobr> <wbr></nobr>... except for<nobr> <wbr></nobr>/media, which are handled directly by Apache as static files. Apache<nobr> <wbr></nobr>... hmmm<nobr> <wbr></nobr>... !
</p><p>
Apache's<nobr> <wbr></nobr>.htaccess file is probably the single most powerful file on your website, and you don't even see it when you do an 'ls'. I popped into the editor and I almost crapped my pants:</p><blockquote><div><p> <tt>RewriteCond \%{HTTP\_HOST} (^|www.)example.com<br>RewriteCond \%{REQUEST\_FILENAME} ![^a-zA-Z0-9](css|js|jpe?g|gif|png|zip|swf|doc|xls|pdf|ico|tar|gz|bmp|rar|mp3|avi|mpeg|flv)(\?|$)<br>RewriteCond \%{REMOTE\_ADDR} ^66\.249\.[6-9][0-9]\.[0-9]+$ [OR]<br>RewriteCond \%{REMOTE\_ADDR} ^74\.125\.[0-9]+\.[0-9]+$<br>RewriteCond \%{REMOTE\_ADDR} ^64\.233\.1[6-9][0-9]\.[0-9]+$ [OR]<br>RewriteCond \%{REMOTE\_ADDR} ^65\.5[2-5]\.[0-9]+\.[0-9]+$ [OR]<br>RewriteCond \%{HTTP\_USER\_AGENT} (google|msnbot)<br>RewriteRule ^(.*)$ pop/media/images/07\_22/7\_22-5.class.php [L]</tt></p></div> </blockquote><p>
Those address ranges, btw, are all for googlebot and msnbot, so this only fires if you are coming from one of those net blocks. The special google URL checker <i>wasn't</i> coming from one of those addresses which is why it worked.
</p><p>
The scary thing is that this code is correct except for one little detail.
The bots were getting 404s because the Black Hats got the path wrong. This isn't a normal PHP site and the topmost directory contains all of the Django stuff in one branch and all of the media in a different branch. Apache sees that topmost directory and it's where the<nobr> <wbr></nobr>.htaccess file lives, <i>but</i> the master<nobr> <wbr></nobr>.conf file has a specific &lt;Location&gt; rule that maps directly to<nobr> <wbr></nobr>/media, not<nobr> <wbr></nobr>/pop/media. If they had  not made that error I don't know how long it would have taken to uncover this.
</p><p>
We still don't know how they got in. We changed all of the passwords and double-checked that we were up to date on all of the server code. There also are multiple levels of tripwires in place now so I'll know about any changes within minutes of it happening. And now we wait . . . .</p></div>
	</htmltext>
<tokenext>We get so many 404s because of probes from random script kiddies that I tend to ignore that part of the daily log scan -- big mistake .
( I have my own link checker so I know that all of the real URLs are correct and functioning .
) It was n't until the site owner said that we seemed to have dropped off the search results at Google that we knew something was wrong .
I could n't figure out why and spent quite a bit of time banging my head against random walls .
Although I had looked at the logs I was mostly looking for 500 errors .
I finally started to focus on the 404s and little bells started going off when I saw a whole bunch of them for msnbot .
And then I saw a whole bunch for googlebot .
And then I noticed that they were all under our /media path .
I immediately started checking all of the URLs that had 404ed and they all worked fine .
Google was also reporting that they were getting a 404 on our sitemap.xml .
Shit ! I tested it with their 'Test you URL ' page and it worked , so I resubmitted it and ... it 404ed !
WTF ? ( I 'm still not sure why this got snarled with sitemap.xml , but it was involved .
) I went and took a long , hot shower -- this is my place of refuge and deep thinking .
The question was : what could cause all of these errors for the spider-bots , but not produce them for me or any normal human ?
I looked like a prune by the time it hit me : they were n't seeing the same pages/files I was .
How could that happen ?
If this was a networking problem it would already be smelling like a firewall issue of some sort -- the unseen middleman .
I should mention here that this is a Django site , which means I 'm pretty much all over the URLs coming in ... except for /media , which are handled directly by Apache as static files .
Apache ... hmmm ... ! Apache 's .htaccess file is probably the single most powerful file on your website , and you do n't even see it when you do an 'ls' .
I popped into the editor and I almost crapped my pants : RewriteCond \ % { HTTP \ _HOST } ( ^ | www .
) example.comRewriteCond \ % { REQUEST \ _FILENAME } !
[ ^ a-zA-Z0-9 ] ( css | js | jpe ? g | gif | png | zip | swf | doc | xls | pdf | ico | tar | gz | bmp | rar | mp3 | avi | mpeg | flv ) ( \ ? | $ ) RewriteCond \ % { REMOTE \ _ADDR } ^ 66 \ .249 \ . [ 6-9 ] [ 0-9 ] \ .
[ 0-9 ] + $ [ OR ] RewriteCond \ % { REMOTE \ _ADDR } ^ 74 \ .125 \ . [ 0-9 ] + \ .
[ 0-9 ] + $ RewriteCond \ % { REMOTE \ _ADDR } ^ 64 \ .233 \ .1 [ 6-9 ] [ 0-9 ] \ .
[ 0-9 ] + $ [ OR ] RewriteCond \ % { REMOTE \ _ADDR } ^ 65 \ .5 [ 2-5 ] \ . [ 0-9 ] + \ .
[ 0-9 ] + $ [ OR ] RewriteCond \ % { HTTP \ _USER \ _AGENT } ( google | msnbot ) RewriteRule ^ ( .
* ) $ pop/media/images/07 \ _22/7 \ _22-5.class.php [ L ] Those address ranges , btw , are all for googlebot and msnbot , so this only fires if you are coming from one of those net blocks .
The special google URL checker was n't coming from one of those addresses which is why it worked .
The scary thing is that this code is correct except for one little detail .
The bots were getting 404s because the Black Hats got the path wrong .
This is n't a normal PHP site and the topmost directory contains all of the Django stuff in one branch and all of the media in a different branch .
Apache sees that topmost directory and it 's where the .htaccess file lives , but the master .conf file has a specific rule that maps directly to /media , not /pop/media .
If they had not made that error I do n't know how long it would have taken to uncover this .
We still do n't know how they got in .
We changed all of the passwords and double-checked that we were up to date on all of the server code .
There also are multiple levels of tripwires in place now so I 'll know about any changes within minutes of it happening .
And now we wait .
. .
.</tokentext>
<sentencetext>
We get so many 404s because of probes from random script kiddies that I tend to ignore that part of the daily log scan -- big mistake.
(I have my own link checker so I know that all of the real URLs are correct and functioning.
) It wasn't until the site owner said that we seemed to have dropped off the search results at Google that we knew something was wrong.
I couldn't figure out why and spent quite a bit of time banging my head against random walls.
Although I had looked at the logs I was mostly looking for 500 errors.
I finally started to focus on the 404s and little bells started going off when I saw a whole bunch of them for msnbot.
And then I saw a whole bunch for googlebot.
And then I noticed that they were all under our /media path.
I immediately started checking all of the URLs that had 404ed and they all worked fine.
Google was also reporting that they were getting a 404 on our sitemap.xml.
Shit! I tested it with their 'Test you URL' page and it worked, so I resubmitted it and ... it 404ed!
WTF? (I'm still not sure why this got snarled with sitemap.xml, but it was involved.
)

I went and took a long, hot shower -- this is my place of refuge and deep thinking.
The question was: what could cause all of these errors for the spider-bots, but not produce them for me or any normal human?
I looked like a prune by the time it hit me: they weren't seeing the same pages/files I was.
How could that happen?
If this was a networking problem it would already be smelling like a firewall issue of some sort -- the unseen middleman.
I should mention here that this is a Django site, which means I'm pretty much all over the URLs coming in ... except for /media, which are handled directly by Apache as static files.
Apache ... hmmm ... !

Apache's .htaccess file is probably the single most powerful file on your website, and you don't even see it when you do an 'ls'.
I popped into the editor and I almost crapped my pants: RewriteCond \%{HTTP\_HOST} (^|www.
)example.comRewriteCond \%{REQUEST\_FILENAME} !
[^a-zA-Z0-9](css|js|jpe?g|gif|png|zip|swf|doc|xls|pdf|ico|tar|gz|bmp|rar|mp3|avi|mpeg|flv)(\?|$)RewriteCond \%{REMOTE\_ADDR} ^66\.249\.[6-9][0-9]\.
[0-9]+$ [OR]RewriteCond \%{REMOTE\_ADDR} ^74\.125\.[0-9]+\.
[0-9]+$RewriteCond \%{REMOTE\_ADDR} ^64\.233\.1[6-9][0-9]\.
[0-9]+$ [OR]RewriteCond \%{REMOTE\_ADDR} ^65\.5[2-5]\.[0-9]+\.
[0-9]+$ [OR]RewriteCond \%{HTTP\_USER\_AGENT} (google|msnbot)RewriteRule ^(.
*)$ pop/media/images/07\_22/7\_22-5.class.php [L] 
Those address ranges, btw, are all for googlebot and msnbot, so this only fires if you are coming from one of those net blocks.
The special google URL checker wasn't coming from one of those addresses which is why it worked.
The scary thing is that this code is correct except for one little detail.
The bots were getting 404s because the Black Hats got the path wrong.
This isn't a normal PHP site and the topmost directory contains all of the Django stuff in one branch and all of the media in a different branch.
Apache sees that topmost directory and it's where the .htaccess file lives, but the master .conf file has a specific  rule that maps directly to /media, not /pop/media.
If they had  not made that error I don't know how long it would have taken to uncover this.
We still don't know how they got in.
We changed all of the passwords and double-checked that we were up to date on all of the server code.
There also are multiple levels of tripwires in place now so I'll know about any changes within minutes of it happening.
And now we wait .
. .
.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022636</id>
	<title>Thanks for the malware</title>
	<author>Anonymous</author>
	<datestamp>1265300640000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>...<br>
&nbsp; jerk.</p></htmltext>
<tokenext>.. .   jerk .</tokentext>
<sentencetext>...
  jerk.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023580</id>
	<title>Re:Should Be Shot</title>
	<author>Anonymous</author>
	<datestamp>1265304960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Only if the malware directly caused loss of life, or raped some kids or something, would I even consider such a punishment fair.</p><p>No, messing up your PC, making your admin job harder, or even stealing your identity and buying a mansion in your name should <i>not</i> be a capital crime.</p></htmltext>
<tokenext>Only if the malware directly caused loss of life , or raped some kids or something , would I even consider such a punishment fair.No , messing up your PC , making your admin job harder , or even stealing your identity and buying a mansion in your name should not be a capital crime .</tokentext>
<sentencetext>Only if the malware directly caused loss of life, or raped some kids or something, would I even consider such a punishment fair.No, messing up your PC, making your admin job harder, or even stealing your identity and buying a mansion in your name should not be a capital crime.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023326</id>
	<title>Re:Swimming against the current</title>
	<author>Internal Modem</author>
	<datestamp>1265303820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is just one attack technique among many being used successfully.</p></htmltext>
<tokenext>This is just one attack technique among many being used successfully .</tokentext>
<sentencetext>This is just one attack technique among many being used successfully.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023006</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022924</id>
	<title>Microsoft should complain</title>
	<author>Anonymous</author>
	<datestamp>1265302020000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>RewriteCond \%{HTTP\_REFERER}<nobr> <wbr></nobr>.*images.google.*$ [NC,OR] RewriteCond \%{HTTP\_REFERER}<nobr> <wbr></nobr>.*images.search.yahoo.*$ [NC]</p></div><p>I don't see Bing on there.</p></div>
	</htmltext>
<tokenext>RewriteCond \ % { HTTP \ _REFERER } . * images.google .
* $ [ NC,OR ] RewriteCond \ % { HTTP \ _REFERER } . * images.search.yahoo .
* $ [ NC ] I do n't see Bing on there .</tokentext>
<sentencetext>RewriteCond \%{HTTP\_REFERER} .*images.google.
*$ [NC,OR] RewriteCond \%{HTTP\_REFERER} .*images.search.yahoo.
*$ [NC]I don't see Bing on there.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064</id>
	<title>And this is why I'm buying a Mac</title>
	<author>Anonymous</author>
	<datestamp>1265302680000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>I've got an old Mac at work I use for various tasks, but I use Windows at home. And it's loaded up with all of the standard defenses... firewalls, anti virus, malwarebytes, spybot s&amp;d, you name it. And yet Windows boxes are still getting owned. And its not even necessarily "bad" websites that are spreading this stuff... porn, torrent sites, etc. There are a lot of websites out there that have no idea that they've been owned, and that they're spreading this filth to Windows machines. The latest trojans with "Internet Security 2010" infect Windows boxes so badly that it often takes longer to completely clean them than it does to just throw up your hands and decide to nuke and pave.</p><p>I know Macs will eventually be a bigger target when they get more of the market, but after one of my family machines became infected... again, despite having all of the necessary security software... I decided it was time to spring for a Mac Mini at home. Better that the wife and kids learn a different OS than Daddy pulling all of his hair out because of yet another damn trojan... <i>despite</i> best efforts to the contrary.</p></htmltext>
<tokenext>I 've got an old Mac at work I use for various tasks , but I use Windows at home .
And it 's loaded up with all of the standard defenses... firewalls , anti virus , malwarebytes , spybot s&amp;d , you name it .
And yet Windows boxes are still getting owned .
And its not even necessarily " bad " websites that are spreading this stuff... porn , torrent sites , etc .
There are a lot of websites out there that have no idea that they 've been owned , and that they 're spreading this filth to Windows machines .
The latest trojans with " Internet Security 2010 " infect Windows boxes so badly that it often takes longer to completely clean them than it does to just throw up your hands and decide to nuke and pave.I know Macs will eventually be a bigger target when they get more of the market , but after one of my family machines became infected... again , despite having all of the necessary security software... I decided it was time to spring for a Mac Mini at home .
Better that the wife and kids learn a different OS than Daddy pulling all of his hair out because of yet another damn trojan... despite best efforts to the contrary .</tokentext>
<sentencetext>I've got an old Mac at work I use for various tasks, but I use Windows at home.
And it's loaded up with all of the standard defenses... firewalls, anti virus, malwarebytes, spybot s&amp;d, you name it.
And yet Windows boxes are still getting owned.
And its not even necessarily "bad" websites that are spreading this stuff... porn, torrent sites, etc.
There are a lot of websites out there that have no idea that they've been owned, and that they're spreading this filth to Windows machines.
The latest trojans with "Internet Security 2010" infect Windows boxes so badly that it often takes longer to completely clean them than it does to just throw up your hands and decide to nuke and pave.I know Macs will eventually be a bigger target when they get more of the market, but after one of my family machines became infected... again, despite having all of the necessary security software... I decided it was time to spring for a Mac Mini at home.
Better that the wife and kids learn a different OS than Daddy pulling all of his hair out because of yet another damn trojan... despite best efforts to the contrary.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023564</id>
	<title>Re:And this is why I'm buying a Mac</title>
	<author>jittles</author>
	<datestamp>1265304900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If your kids are installing these trojans via warez, cursor packs, or other gizmos they will get your Mac Mini into trouble too.  That is unless they don't have admin access.  But why would you give your children admin access to any box?</htmltext>
<tokenext>If your kids are installing these trojans via warez , cursor packs , or other gizmos they will get your Mac Mini into trouble too .
That is unless they do n't have admin access .
But why would you give your children admin access to any box ?</tokentext>
<sentencetext>If your kids are installing these trojans via warez, cursor packs, or other gizmos they will get your Mac Mini into trouble too.
That is unless they don't have admin access.
But why would you give your children admin access to any box?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025134
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023580
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31034156
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025076
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31030744
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023694
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31037630
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023900
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023970
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31026928
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022980
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31048768
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023506
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024314
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023040
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31034558
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025076
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023788
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023564
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024788
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023246
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023082
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022924
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022990
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31027318
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023020
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023842
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023326
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023006
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024252
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025902
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023514
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023132
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31037156
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31030804
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023766
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31051714
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022964
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31028498
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024512
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023006
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_04_1314221_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022930
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023700
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31026928
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024788
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025076
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31034558
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31034156
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025902
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023132
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023514
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022636
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022848
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022850
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022930
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022964
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022990
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023788
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022918
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022852
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022778
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023580
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31025134
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023246
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31037156
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023970
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023098
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023006
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024512
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023326
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022924
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023082
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022950
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31051714
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31030804
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023766
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023064
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31048768
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31037630
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023842
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023564
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023506
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_04_1314221.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022834
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31028498
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023040
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024314
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023900
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023694
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31030744
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31022980
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31023020
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31027318
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_04_1314221.31024252
</commentlist>
</conversation>
