Domain: astrobastards.net
Stories and comments across the archive that link to astrobastards.net.
Comments · 26
-
Old ideaThis sounds like what SpamVampire has been doing for ages (without the added Lycos popup adverts, of course). It doesn't work in Firefox yet but I'm pretty sure that it works in Konq.
Also, on a related note, this is a little java app that you can run as a background process thath injects false information into various spam/spyware related website forms.
-
Re:This is NOT A DDOS!!
Sounds to me like you are looking for a copy of Unsolicited Commando.
It not a DDOS - it just submits forms with pluasable but faked information. -
As I always do when a spam article comes along...
...please allow me to pimp two of my favorite anti-spam projects. First is the Unsolicited Commando squadron. UC is a happy little Java app that sits on your desktop and spends its days merrily filling out forms on spamvertised sites with perfectly real-looking (and yet completely bogus) data. Run one on your machine and help drive another mortgage spammer out of business! The second place I'd like to point you to is a spam vampire site. This is a webpage (IE only for now, but source is available and hopefully being ported to MozFireOperaSafariFox soon) that attacks spamvertised sites and reloads their graphics over and over and over and *over* again all day long. Basically it's the Slashdot effect put to good use. Burn up a spammer's bandwidth and... well, hopefully you'll have their children out on the street and doing vile things for money before long. Enjoy!! -
I know I'm late replying to this story...
...but as I always do when spam stories come around, please let me pimp two of my favorite anti-spam projects. First is Unsolicited Commando. It's a happy little Java app that spends its days filling out information forms on spamvertised sites with legitimate looking (yet completely bogus) personal information. Run it on your system and help make mortgage spams more useless and expensive! Secondly, let me point you towards a spam vampire page. It's IE only for now, but the source is available and hopefully it'll be functional in other browsers soon. The page sits and reloads graphics from spam sites over and over again to burn up their bandwidth - just like Slashdot, but put to a good cause. Load it up and fight dirty just like Sanford and his bottom-feeding friends!
-
Re:They're driven to make money.
Every fake contact you enter will produce a 50 dollar loss for the scourge who ends buying the database.
I mentioned this project elsewhere, but just to make sure you see it... Unsolicited Commando might be of some interest to you. -
As I always do when a spam story pops up...
...allow me to pimp two of my favorite projects. First up is the Unsolicited Commando project. It's a little java app that spends its day quietly and merrily filling out forms on spamvertised websites with completely bogus - and yet totally real looking - data. It's especially effective against - surprise! - mortgage/refinance spammers, which seems to be the specialty of the dirtbag mentioned in the article. Go check it out, and the source code is available just in case you think something fishy is going on.
The second page I'd like to point you to is here. It's a 'Lad Vampire' antispam page that also targets spamvertised websites, but in a different way. The page links to individual images on the sites and constantly reloads them without caching, thereby burning up the spammers' bandwidth and driving them out of business (or at least costing them some money and forcing them to sell their children on the black market). Be forewarned that the page has no help, no documentation, and *only* works in IE, so don't yell at me about that. The source code is available for that as well, so here's hoping someone can make it more usable in Moz, Opera, ThunderFireBunnyChicken, or whatever browser is your fave. -
Re:phishing automated reply
It's for mortgage spammers and not phishers, but I'm a fan of the Unsolicited Commando project. It's a little Java app that spends its day filling out mortgage applications on spamvertised sites with completely believable - but totally bogus - personal data. The source is available so perhaps a clever person could randomly generate credit card numbers and adapt the program to attack phish sites.
-
Re:Crush
In addition to all the other things I forgot to mention in my original post, include the Unsolicited Commando project. It's a little java program that quietly sends bogus data to spamvertised sites that require you to fill out personal info to get mortgage refinance and whatnot. Source code is available for those who want to see how it works.
-
It's already been built....
It's called the Unsolicited Commando. I was auditing the code a few months ago (around January 2004) and it looks good. So far, it looks like he has 28 people participating (the link provided says 28 IPs have taken part in attacks).
Code download is free, and you can just run it as a background process....
I believe the main problem with autotargeting domains that are advertised is what happens when the target server is being hijacked, or it's a server that someone wants offlined? So the guy that runs this site visits each domain advertised in spam, makes sure it's a legit spam site, and then lists the server on his Commando main server. Client programs grab the list, and hit the targeted domains repeatedly.
-
Re:forcing valid reverse domains on HELO would hel
It could be that 66.35.250.206 which is lists.sourceforge.net (which makes sense) is a firewall machine or load balancer that all the outgoing mail goes out through and that the name is different because if someone sends incoming connections it takes a different pathway, I am not sure. I think there are just too many different firewalling and load balancing methodologies for the reverse thing to ever work consistently.
If you want to try to get admins to pay more attention to overall configuration issues and screen out those who don't follow certain RFC rules then check out RFC Ignorant
I find that domains that refuse to create and respond to proper admin addresses are people who tend to fluant other rules and netiquette. The bogusmx list is especially telling because pure spam domains sometimes will list bogus MX records.
What about using the OpenBSD spamd with greylisting to greylist everything that isn't known to fight back, when it finds an actual spammer, spamd ties up the spammer's or zombies connections (by only return one character per second) without using alot of your resources. Spammers don't make alot of noise about this because they don't want to bring attention to the only thing that is really effective as far as giving them some trouble - other than that guy who fills up their product website forms with fake credit card info Unsolic Commando. If these two techniques caught on, it could put a serious crimp in spammers easy lives. -
Re:Best practices,... published?
Attacking the source of the money--that, I believe, is the only way to kill spam.
That's why I run Unsolicited Commando. It fills the inboxes of companies that pay for spam with spurious form fill-outs. I guess it's kind of like giving them a taste of their own medicine. -
Re:A little dos goes a long way
My preferred method of retaliation? Attack the source of money for spammers.
-
A much better, novel approach that just needs PR..I keep posting about this, I've submitted a story about it, but nobody ever listens, and this strikes me as the only ORIGINAL idea that I've heard in a long time:
Everyone says that filtering all the spam in the world isn't going to help if we can't stop users from clicking on it. They're right. So if we can't stop them from clicking, why not do the reverse--flood the SPAMMER'S inbox with false positives of our own?? Basically UC is a little program that goes to companies that spam's websites and fills out their sign up forms with real looking but randomly generated info. At SOME point, there is an opportunity cost to checking up on these false positives. For example, if it costs $0.02 to check up on a false positive, and the companies make $10 for each order they sell from spamming, then we need is a distributed network to put in more than 500 false responses for each positive response they receive. If you've got a distributed network of 1000+ computers, and you put in a false positive every 30 seconds, then in 1 hr that's enough 120,000 false positives or enough to cover for 240 real responses. The beauty of this is that there is no longer any profit for the business using the spammer. It hits them where it hurts most.
But this method requires a large distributed network to work! It could, but nobody seems to know about it! Right now it's just some guy's pet project--if this thing got a serious team and some serious PR, it could really take the spamming world by storm! (Of course you'd have to watch out for abuses--targetting innocent businesses networks--but we already have large blacklists a la spamcop and under an open framework I think it'd be safe enough to use.)
For god's sake people, if we got a large enough network, it could really work!
-
Re: there already is an anti-spamming toolIt's called Unsolicited Commando.
Basically, you try to fill up spamming companies's inboxes with false responses using randomly generated yet realistic looking information. Theoretically, you get enough people doing this sort of thing, you could remove some of the profitability from spamming. At some point, the company's gotta spend a least a little effort trying to verify information. Too much time wasted investigating false responses, maybe the company's going to change its approach.
'Course, it's just some guy's pet project right now, but these sorts of approachs are kind of interesting.
-
Change the economics with false positives--use UC
As was pointed out in the article, the situation with spammers sucks right now. The only way it's going to change is if we can change the economics of the situation--this calls for novel ideas, such as Unsolicited Commando, which uses the idea of false positives to make it economically less profitable for spammers.
The idea is based around the fact that there are to places to attack the economics of spam: one, the sending (spammer) side, and, two, the response processing (employer of spammer) side. It's already been argued that making email cost money to send isn't really feasible, at least not in the future.
But you can increase the cost of the response processing: every time companies get a positive response to their spam, the company must put at least some amount of effort into validating the information and then processing it (such as a subscription, product placement, etc.) So, what if the company received lots of potentially valid fake responses (false positives) to spam, so many that the processing costs would actually outweight the benefits of advertising with spam? If companies could never figure out who their real customers were, it wouldn't be worth it.
That's the idea behind Unsolicited Commando, a small program that runs in the background on your PC and that receives "orders" from a central server essentially giving enough information for the program to go to a website and fill out a form with real-sounding but bogus info. If enough computers were doing it, bogus info would be coming from such a variety of internet addresses that there'd be no way for spam companies to filter it.
So far as I can see, this type of approach is our best bet.
-
Re:combat the flaw? how?
This guy already is.
-
Re:Here's your fire...
There's also Unsolicited Commando.
It's a small java based application that generates realistic appearing information, and submits it to web forms assigned by a central server.
Unsolicited Commando appears to be intended to keep generating a steady trickle of real looking bogus data, rather than trying to overload the database with a torrent of obvious junk.
This probably wastes more of the spammer's time than just dumping a lot of junk into the form, as the more realistic the fake entries appear, the more likely that the spammer will have to follow them up to check the accuracy. -
Re:Slice the Spam into workable chunks
Are you running Java already? This takes no effort! www.astrobastards/uc [www.astrobastards] runs a client on your PC that works with a team of spam fighters by filling in the forms for all those "mortgage loan" spams with believable junk.
That URL's wrong. Try this: http://www.astrobastards.net/uc/index.jsp -
Re:getting rid of spammers
The current tactic of ignoring spam "in the hope it will go away" just helps raise the spammers' signal-to-noise ratio when they look at their replies. If they had to go through a million bogus replies to get the 10 that are stupid enough to really want their crap, they'll become unprofitable quickly.
unsolicited commando As I understand it, it fills out the forms that are linked to in spam with credible info so that the spammer gets paid for a load of information which the marketing company can't follow up, result: company thinks spammer is forging info and no longer uses his services OR company pays spammer on results only, spammer gives company loads of info but company says info faked, spammer does not believe them, thinking instead that they made up any old excuse and took his data with out paying him
looking at my UC interface it has sent bogus data to betterspot liensale and ecom-universe -
Re:Good ol' jpeg
cack uc@astrobastards.net etc
-
Good ol' jpeg
I use a good ol' jpeg file. Has never ever let me down. Not even once. Also, I've got a spider trap on my website.
-
Good ol' jpeg
I use a good ol' jpeg file. Has never ever let me down. Not even once. Also, I've got a spider trap on my website.
-
Re:I've always thoughtI am currently in three figures a day of spam mail and looking for willing people to gang up and lynch the spammers.
I find a lot of people who don't really want a clean inbox: they just want revenge. So do I. If you download my free software you can be part of a vigilante mob with hardley any effort. Unsolicited Commando
-
Home grown tools
-
Custom tools
I'm using my own tools. I've tied many computers together to launch a very subtle attack against the spammers. Unsolicited Commando
-
Only one option...
We will need to bring back vigilante mobs and lynchings. Of course, I'm totally in favor of this.