A bot started following me

Introduction

Twitter is a nice place, that differs from any other social network. What people says there have a more impact on the trust than most of other places (like Facebook). People take serious what other says and even more if the number of followers of that account is a pretty big number.

Any Twitter user is tempted to follow people who have lot of followers. There is a little more of trust on big followers accounts than those who have a few. This concept happens here, on other networks, and even in real life. Of course it’s different among people, but the average Twitter user behave this way.
When you start using it, you tend to see how many people is following you, so you might convince yourself to keep using it. This is why I started to watch the profiles of almost every new follower and at some point it gave me a surprise. One of my followers was a user whose profile have tons of Twits like this:

I like this song <youtube-link>

Not only a couple but hundreds of them! That was the first time I saw a boot on Twitter. I reported the user as Spam, blocked it and moved on. This experience has repeated in something like once a month. It was OK, nothing new, just keep blocking and moving on.

But then I saw a different one. The latest Twit of this account was like a giant “I’m Spaming” poster but the rest were like a lot of human phrases that were cleverly repeated. Before doing the normal report, I saw a disturbing Twit. It was a phishing attack.
That phishing account give me a lot of anger. Because it was going (and certainly had been) read by real people which could be fooled by a damn bot! It was the straw that broke the camel.

A normal report and blocked account wasn’t going to help anybody. The account may get closed but others would appear instead and keep fooling people. So this is where my research begun.

Research

I started to search for patrons. Why this accounts was opened and what was the work-flow used here? It was pretty clear about the phishing account but not the only-spam accounts.

Found more Spam accounts were not so difficult. The number of Retweets were too much for the poor content that the Twits were giving. A click on “RETWEETS” was enough to found a horde of Spam accounts. There were two kinds of accounts:

  • Worms, the one with content (Twits with phrases and Spam links) and
  • Birds, the one who only follow the prior one and do never Twit nor Retweet

I decided to call one type “Worms” and other “Birds” just to make easy on the next paragraphs to mention them, so continuing.

Worms

Worms are used to Twit phrases and Retweet Twits that contains the link to the final Spam site.

Another characteristic is that all of them have an avatar (I’ll talk about it later) and some of them a bio (information that user enter to describe them).

This personalized accounts is also used to follow real people accounts. Some of this real people accounts are from stupid people who actually pay to gain followers.

Most of Worms have an underscore ‘_’ randomly generated as their Twitter ID and a real name selected from a word dictionary as the actual name. e.g. Elisha @_sharply_ or Jennie @L3_lucky_

Birds

Birds, in the other hand, are used just to gain credibility to the Worms accounts, so when a real user see those tweets are more confident to click on them.

This accounts have only two necessary properties for every Twitter account to exist, the default avatar that any new Twitter account have (fingerprint with a random color) and a fake name randomly generated.

I’ll leave the Birds behind and talk only about Worms next.

Avatars

No, not the movie, the default picture of a Twitter account.

Every Twitter profile has a picture so everyone can differentiate from others and be recognized. Spam accounts are not the exception and use real people pictures. That is sad but it happens 100% of cases on Twitter. Photos who are proved to be “nice”, like beautiful girls that some dude will just “click on it”, are the most used (yeah, ugh!).

I made a kinda extensive search using the “Search by image” Google tool. Searching the avatars from the Spam accounts, I got useful results. It showed the avatars were commonly repeated among Spam accounts on Twitter. But it also bring useful information about the source of the picture. Most of this pictures were coming from the following sites:

  • weheartit.com
  • tumblr.com
  • pinterest.com

NOTE: it is in reverse alphabetical order to annoy a bit :D

I’m not mentioning (not even implicitly) that this sites are only nice Spam tools nor qualifying their Spam and privacy policies. But they definitely are nice Spam tools.

Spam tools

Why are the previously mentioned sites nice Spam tools? Well, they give an interesting attribute to pictures, something which can be used to qualify them. In fact, they have “scores”. When more people like the picture, the more scores it has. Scores are called different among the sites. For instance, weheartit call them “hearts”, tumlr “likes” and pinterest “pins”.

It’s very important to note that the three sites provide useful search tools. A quick search for “beauty girls” in any of this sites will bring several pictures of girls that most of the people may consider beauty. Without mentioning the set of filters that you may apply (popularity, categories and more).

That is why they are indeed nice Spam tools. The above sites enable a machine to get the “best pictures“ (the one with more favorites, likes or whatever name do they use).

Evidence

Spam accounts have alerting similar numbers:

  • Between 100 and 300 Twits and
  • A ratio of 4 to 5 followers approx. per account following. e.g. 6000 following; 7500 followers

It is easy to see note them when you see the number of followers that they have in a short period of time:
A Twitter account started following 140 persons in a day

As you can see on the previous image, no human can start following 150 persons in a day.

Here is an example for how ridiculously can an account increase it numbers in a matter of seconds wasting money on Facebook:
Number of Likes increased in one day to 80.000 people

This is the website given on a link from a Twitter Spam account:
diet-news.us is a shity spam site

The following picture shows a Spam account being used to promote site content:
Do not believe on LIKES numbers

Do you want to know the actual Twitter account? There you go: https://twitter.com/_sharply_

Here is another Spam account and its Avatar source links:

You can check the Avatar in the Twitter account is exactly the same picture found in the others site. Horrible.

I feel deeply sad about the real persons behind the pictures, who are actually the most affected. You can help them, and please do so, by reporting the fake Twitter accounts. Maybe you can also help by reporting violation of content on the image hosting sites but I’m not sure about that.

Hope

From the beginning of my research, a bunch of Twitter Spam accounts has been closed.

Here is a list: (by the time I am writing this they are disabled)

And for that, I want to thank Twitter users who press a Report button that have extraordinary consequences and Twitter personal who take quick actions! We have hope to make Internet a better place :-)

Lesson

For everybody:

Please, think twice before publishing photos of yourself with a public online scope! If so, you should be aware that there is awful people who could use it for advertising of all types.

A way to prevent this is limiting the audience to only your very known contacts. If the site that you’re using do not allow this, you may consider stop using it.

For Twitter users:

DO NOT PAY FOR FOLLOWERS! If you do so, you are not only damaging your reputation but also ruining the whole ecosystem. If you think that a number in the “FOLLOWERS” box is the key, you’re doing it wrong. Interactions with real people is the key and there is no way you can buy them. At least at the moment no bot can interact with humans like humans do.

For Web developers:

Please, do not be the next weheartit or pinterest. Provide useful and easy-to-use tools to users protecting their privacy and reducing bots efficiency. If users are your company value, at least pretend that you care about them!

Disclaimer

I’m a Twitter user and I will keep using it by the time. Someone could ask to me “Why the heck didn’t you explicitly mentioned paid followers? and my answer is that, in order to do it, I would need my finger to point specific users and I will be hated. Maybe I will do at some point if I stop using the service, find a good reason or you find me angry again :)

Connect a VM into a local network

A Virtual Machine (VM) can be connected into the local network as another machine connected to the router. To do it, I will mention the steps for VirtualBox but the same can be achieved for other products.

Go to Settings -> Network and enable a new and single Network Adapter, attached to “Bridged Adapter” in the interface eth0

In Networking Settings of the VM, enable the network adapter “Bridged Adapter” as eth0

Now make sure that the VM is using DHCP. Take a look at the file /etc/network/interface and it should have the eth0 interface as autostart and DHCP configured.

auto eth0 iface eth0 inet dhcp

The next time you boot the machine, ifconfig will show you an address like 192.168.x.x in eth0

ifconfig is a useful command when for networking

More information about VM networking on the VirtualBox manual.

Resource: http://catlingmindswipe.blogspot.com.ar/2012/06/how-to-virtualbox-networking-part-two.html

How to send POST variables using command line

When you are developing using PHP or another technology, you can use the POST variables to send values from the client to the server page.

Now, for debug and application, you can use the UNIX command line to send POST variables. It is much more easy, because you won’t need a complete HTML form or AJAX script or other complex way.

To send the variables we are going to use the CURL command line utility.
After install this application use the next commands to send the POST variables:

Send a simple variable:

curl -d 'name=value' http://localhost/index.php

Send multiple variables:

curl -d 'first=value&second=value' http://localhost/index.php

This tool give you another interesting options, too see them all run:

curl --help

“¡Quiero escribir código PHP traducible!”

Como hispanohablante, estoy muy acostumbrado a escribir software en mi lengua materna. Pero luego me doy cuenta que mis aplicaciones llegan a un público diferente, gente de habla Inglesa.

He terminado escribiendo software en Español o en Inglés (podes usar condicional XOR). En este caso, sin importar el lenguaje de programación utilizado.
Este no es un buen habito porque luego es muy difícil de traducirla a un idioma diferente. Debido a esta situación he comenzado a investigar cómo escribir código que luego pueda ser fácilmente traducido.

Ahora explicare todos los pasos, desde el código PHP a los archivos traducibles y herramientas importantes.
Abreviando, deberás escribir el código PHP, extraer las impresiones (outputs) en un archivo PO, traducirlo y compilarlo en un archivo MO y listo! (no es todo pero casi)

Antes que nada te aviso que he utilizado GNU/Linux para esto. Si tú no estas en dicho ambiente, lo lamento.. Continuando:

PASO 1: ¿Cómo escribir código PHP traducible?

El archivo PHP deberá estar escrito en el idioma por defecto, en este caso Inglés.
El archivo PHP deberá cargar el idioma deseado desde los archivos traducidos y compilados, en este caso Español.

Cada salida tendrá un código especial, permitiéndonos que esta sea extraída en un archivo separado para ser traducido luego. El software que he utilizado para esta tarea es Gettext.
Las salidas serán como esta:

echo gettext("Hello world!")

Tu puedes ejecutar tu código, el resultado sera el string pero sin traducir. No te desanimes, la traducción no es automática. Esto nos ayudara a extraer la linea en un archivo separado.

PASO 2: ¿Cómo obtener el archivo PO desde el código PHP?

Previamente dicho, yo utilice Gettext, por lo que se utilizara el comando xgettext para producir el archivo PO. Aquí hay un ejemplo:

xgettext
-f /var/www/locale/FILES
-p /var/www/locale/PO
-L PHP
--from-code=UTF-8
--copyright-holder=Me
--package-name=MyApp
--package-version=0.1
--msgid-bugs-address=user@server.org
  • El parámetro -f esta apuntando a un archivo de texto plano que tendra las rutas de todos los archivos PHP que serán traducidos. He subido este archivo como ejemplo.
  • El parámetro -p es un directorio, en este se guardará el archivo PO.

Los otros parámetros hablan por sí mismos.

Ahora que tienes el archivo PO, puedes traducirlo. Utiliza un editor de texto plano, o inclusive mejor Poedit u otra herramienta. Eres libre

PASO 3: ¿Qué hacer con el archivo PO traducido?

Ahora el archivo PO que ya ha sido traducido deberá ser compilado (sí, compilado) en un archivo MO.

¿Porqué? Porque este archivo MO (también conocido como tablas de traducción) será cargado por el archivo PHP! PHP no leerá un archivo de texto plano con cualquier formato.

Para compilar el archivo PO, he utilizado el comando msgfmt. Aquí hay un ejemplo:

msgfmt -cv -o /path/to/output.mo /path/to/input.po

Ahora se deberá indicar al script PHP la ubicación de las tablas de traducción y el idioma apropiado.

En el archivo PHP, inserta las siguientes lineas en el tope:

$ABSPATH = "/var/www/";
// Especificar la ruta de las traducciones
bindtextdomain('messages', $ABSPATH.'/locale/');
textdomain('messages');
$codeset = "UTF8"; // Sí, sin el guión '-'
$lang = "es_ES";
// Definir el lenguaje que se utilizara
setlocale(LC_ALL, $lang.'.'.$codeset);

Ahora PHP esta apuntando el archivo MO en el directorio utilizado /var/www/locale/es_ES/LC_MESSAGES/messages.mo

He subido un proyecto en GitHub, así podrás ver todos los archivos completos: https://github.com/lucio-martinez/PHP-Translator

Fuentes:
https://en.wikipedia.org/wiki/Gettext
http://www.php.net/manual/en/function.gettext.php
http://www.php.net/manual/en/function.setlocale.php#89076
http://php.net/manual/en/function.textdomain.php
http://stackoverflow.com/q/5257519/1505348
http://stackoverflow.com/a/8809762/1505348

“I want to write internationalized PHP code!”

As a Spanish-speaker, I’m very used to write software in my native language. But then, I found that my applications will reach a different audience, English-speaking people.

I’d always end up writing dedicated software in Spanish OR English (you can use XOR there). And in this case scenario, it doesn’t matter the programming language.
This is a not very good habit because it was very hard to translate it into a different language. Due to this situation I started to research how to write code that could be easily translated later.

Now I will explain you all the steps, from the PHP code to the translatable files and the powerful tools.
In broad terms you have to write the PHP code, extract the outputs into a PO file, translate it and compile into a MO file and done! (is not all but bear with me)

First of all you should notice that I used GNU/Linux for this. If you aren’t in such environment, sorry for you.. Continuing:

STEP 1: How to write internationalized PHP code?

The PHP file shall be written in the default language, in this case English.
The PHP file will load the desire language from the translated and compiled files, in this case Spanish.

Every output will have a special code, allowing us to extract every line into a separate file, to be translated later. The software that I used to accomplish the previous task is Gettext.
So the outputs will be writing like this:

echo gettext("Hello world!");

You could run it and it will print the string but not translated. Don’t be disappointed, it is not automatic. This will help us to extract the line in a separated file.

STEP 2: How to get the PO file from PHP code?

I already mentioned that I used Gettext, so you will use the xgettext command line utility to produce the PO file. Here is an example:

xgettext
-f /var/www/locale/FILES
-p /var/www/locale/PO
-L PHP
--from-code=UTF-8
--copyright-holder=Me
--package-name=MyApp
--package-version=0.1
--msgid-bugs-address=user@server.org
  • The -f parameter is pointing to a plain text file that will contain the paths of all the PHP files that have to be translated. I uploaded this example file.
  • The -p parameter is a directory where the PO file will be saved.

And the others parameters speak for themselves.
Put this command in one line and maybe write your own script if you have big projects.

Now that you have the PO file you can translate it. Use a plain text editor or even better Poedit or another tool. You are free

STEP 3: What to do with the translated PO file?

Now the PO file that has been translated shall be compiled (yes, compiled) into a MO file.
Why? Because this MO file (aka translated tables) will be loaded by the PHP code! PHP won’t read a text plain file with whatever format.

To compile the PO file, I used the msgfmt command line utility. Here is an example:

msgfmt -cv -o /path/to/output.mo /path/to/input.po

Well, if you try to see if this is working by now, then you don’t know me. This is not all.
Now you need to tell to the PHP script the location of the translation tables and the proper language.

In the PHP file, insert the following lines at the top:

$ABSPATH = "/var/www/";
// Specify location of translation tables
bindtextdomain('messages', $ABSPATH.'/locale/');
textdomain('messages');
$codeset = "UTF8"; // Yes, without the dash '-'
$lang = "es_ES";
// Set the language that would be used
setlocale(LC_ALL, $lang.'.'.$codeset);

Now PHP is looking the MO file in the called directory: /var/www/locale/es_ES/LC_MESSAGES/messages.mo

I uploaded a small project into GitHub, so you can see the complete files there: https://github.com/lucio-martinez/PHP-Translator

Sources:
https://en.wikipedia.org/wiki/Gettext
http://www.php.net/manual/en/function.gettext.php
http://www.php.net/manual/en/function.setlocale.php#89076
http://php.net/manual/en/function.textdomain.php
http://stackoverflow.com/q/5257519/1505348
http://stackoverflow.com/a/8809762/1505348

Programming languages of users in GitHub

Introduction

In GitHub, almost every user have a list with programming languages (PL). See this picture:

Image

As you can see there is my user with the C# language.

At the begging I didn’t know why I have that PL, because I did never set it.

Question

So the question is, how does that languages are set if no one can change them manually? Yes, there is no option to activate it, or change your PL.

Answer

The list with programming languages (PL again) change automatically after upload a repository, adding any new PL to the list, but it also depends on the directory structure.

Explanation

If you uploaded a repository and the primary language used doesn’t appear in the list (it happened to my) is due to the directory structure.That is right. If you have all your folders with the source code inside one folder, then no language will be added.
This example is like I used to have one of my projects

New_Project: (container folder)
JavaScript (folder with source code)
    Images
    PHP (folder with source code)
    More folders

With the above structure, my user still has C# as the only PL that I used, and that wasn’t true. To let GitHub recognize all the languages, I removed the the container folder.
After such changes the PL were added to my user, just like this: C#, JavaScript, PHP.

Conclusion

This could be considered as a bug. It is not a normal behavior, or at least, what any user could expect..

Side note

The list is limited to 3 programming languages.