Slashdot Mirror

last I checked, nearly every godaddy domain is registered by godaddy itself and not whoever the spammer is that's creating the site. That could be considered unlegitimate address info. Just to site one example - look at the same spade address for http://www.kirksvilletoday.com/ , a massive biggoted website... http://samspade.org/whois/kirksvilletoday.com

I am personally obligated to post this link every time I see "Zone Alarm" and some phrase describing 'hack attempts' and 'logs' posted on the internet.

While most (read: all) of /. gets this, I post for user #1018050. Sir, please read this short article:

http://samspade.org/d/firewalls.html

Get some spam... check the originator. Use and check the country or origin. If it's a zombie, there's not much you can do. If it's from China or a former Soviet state, then use Sam Spade again to look up the ISP's netblock, and block all IP traffic from that block of IP's.

Problem: Personal software firewalls are nonfunctional snake oil. You need dedicated hardware to make a firewall, otherwise it's just feel-good, do-nothing masturbation. Especially when the underlying OS wasn't designed or properly secured for use as a security device.

It's not just windows; MacOS lacks such stuff at the moment too (though it will undoubtedly be much easier to integrate into it than into Windows).

Only after Apple stops making the default user "root" and insists you create a normal account and expains the difference and the reason for the distinction in terms your typical Apple target customer would be willing to read and understand. Otherwise, MacOS is just as bad as Windows when it comes to letting anything do anything unabated.

Pestpatrol. A word synonymous with incompetence in my mind.

They listed one of my applications (Sam Spade - an elderly windows whois / traceroute client, basically) as a security risk. I started to get phone calls about it from users (I have quite a lot of users, so a few of them were bound to be running pestpatrol).

I called the company responsible for pestpatrol several times, and they told me many things that turned out not to be true ("It's not listed", "We can certainly remove it", "Traceroute is a major security risk for enterprise customers.", "We have removed it", "Oh, when we said we'd removed it we meant, uh....", "We'll remove it within six weeks...").

The sheer level of corporate and technical incompetence involved was staggering (and I've dealt with some spectacularly incompetent companies). The idea that anyone would rely on them for anything security related is scary. (To be fair, I believe that I dealt with them early on in their buyout process, so it's conceivable that they've picked up some basic business practices from their new owner since then, but it's not something I'd bet the security of my network on).

While I got suspicious if that ip was a spyware on my comp,well its mozila's site - virtual-fxfeeds.mozilla.org = [ 207.126.111.225 ]

http://samspade.org/t/whois?a=virtual-fxfeeds.mozi lla.org;server=auto

Pets.com, and Webvan.

Priceline almost went bust - remember how they used to sell all sorts of stuff, including groceries at Jewel grocery stores.

(Side note: I wonder what the going rate for jewel.com is. But I digress.)

And frankly, I can't believe Peapod is still running.

This is what makes the parent even funnier.

" ... We won't throw anyone in jail or kick your servers out of the country if you do. ..."

What has baffled me is that Google.cn servers aren't even in China, so what's this talk about compliance with local laws? Am I wrong?

Jeez, I was hoping for something vaguely Kevin Mitnick, and instead I get Sam Spade. This may not be Intarweb 101, but it's maybe 102.

maybe FINALLY apple will be taking advantage of the fact that they have ownership of iphone.org ( http://samspade.org/t/whois?a=iphone.org&server=au to&_charset_=UTF-8&btnGo=Whois )

  -- hytmal

If you are really curious Sam Spade has a link deobfuscator feature.

BTW the site seems to not be working right now, but that should be temporary.

Too late: Sun already has it.

Zonealarm is nobody's firewall. Read this link about snake oil.

It's not that complicated to find out... www.hoagy.org resolves as 208.184.121.21 which is is also 208.184.121.21.above.net so from that you should be able to figure out where it's hosted.

Tools like http://samspade.org/ are pretty useful for quickly finding more info on a host/IP address.

In these two who is links Timecube and Above god is it possible to infer someting from thse two lines...
NS1.HOSTSAVE.COM 207.150.196.199
NS2.HOSTSAVE.COM 207.150.197.103

In these two who is links Timecube and Above god is it possible to infer someting from thse two lines...
NS1.HOSTSAVE.COM 207.150.196.199
NS2.HOSTSAVE.COM 207.150.197.103

Just in case his site gets /.'ed, here is his impressive list of links. - Jonah Hex in non-karma whore mode.
Downloads
Linux Wipe Tools: Three shell scripts for securely wiping all data from the swap partition, wiping unused disk space on the root partition, or wiping an entire disk, by Thomas C. Greene.

No Messenger: A batch file that eliminates Windows Messenger and fixes the problem of Outlook Express loading slowly when Messenger is absent, by an anonymous friend of The Register.

FileCheck MD5: A free, simple, lightweight MD5 utility for Windows, courtesy of Brandon Staggs.

Errata: A text file containing my various blunders and ommissions in the book (right-click and "save as," or view as HTML). Last updated 6 June 2004.

Links to Other Goodies
Mozilla: A free, open source Web browser and e-mail client for Linux and Windows, feature rich and far more secure than Internet Explorer and Outlook Express. Recommended for novices.

Firefox: A free, open source, stand-alone Web browser for Linux and Windows. Very light and fast. Recommended for intermediate users.

Thunderbird: A free, open source e-mail and news client for Linux and Windows. Recommended for intermediate users.

GnuPG: Gnu Privacy Guard; a free, open source replacement for PGP, for Windows and Linux.

WinPT: Windows Privacy Tools; a free, open source GUI frontend to GnuPG for Windows.

Anonymizer: Various services for anonymous Web surfing, e-mail, chat, etc.

OpenSSH: A free, open source SSH (Secure Shell) client and server for Windows and Linux.

PuTTY: A free, open source GUI frontend to OpenSSH for Windows.

Ethereal: A free, open source network traffic analyzer for Windows and Linux. Windows users will need to install WinPcap before installing Ethereal.

Ad-Aware: A free, closed source adware/spyware scanner for Windows.

SpyBot Search & Destroy: A free, closed source adware/spyware scanner for Windows.

Sam Spade: CGI gateways to numerous online tools, such as whois, traceroute, etc.

SourceForge: A vast repository of open-source software for Windows and Linux. The site can be overwhelming, but it has a search engine to help users locate packages.

GNU Project: The home base of the open source movement. A repository of open source products, chiefly for UNIX-compatible systems.

Security Information
About Internet/Network Security: An informative and useful site dealing with computer and Internet security, with reviews of security products and books, practical howtos and tips, and links to numerous tools and information resources, geared toward beginners and intermediate users.

SANS Institute: An educational and research organization with a vast archive of security research documents, news, and advisories, geared toward intermediate and advanced users.

CERT/CC: Computer Emergency Response Team Coordination Cente

Well, what they did BEFORE they had the zombies was SEND OUT LESS SPAM!

Spam did not increase by 50% the day that zombie machines came into existence. It's stayed on a steady increase and some of the spammers simply shifted from open relays to zombie machines for economic reasons. It was cheaper to steal bandwidth from some numb-nuts user than pay for it themselves.

And here is a link to the message where I made that statement, thus proving that you are a liar. Since you quoted the text word-for-word, I know that you went back to find the text and, therefore, you purposely fabricated that exchange by pulling your statement and mine two separate messages!

Hey, I didn't say ANYTHING about "the day". YOU were the one that inserted that.

Since I had NOT said it, but you tried to imply I had said it, that was a LIE.

Another of your lies and an attempt to change the subject. First you said that the spam increased by 50% the week that zombies came into existence and then you claimed that you had said that the 50% increase was "likely the week that they came on line." First a flat-out assertion and then a lie that you couched it with the term "likely."

Reference:
http://news.com.com/Attack+of+Comcast' s+Internet+z ombies/2010-1034_3-5218178.html

Deal with it.

So you found a tech writer who used flawed logic to spice up a story! There's a first. I know people who run mail servers on Comcast and they send no spam and I think that it's pretty unlikely that I have met every Comcast user who runs their own mail server.

Since I don't believe you administer any domains, I really don't care what your claims are.

Unlike you, I am not a liar. I also administer domains for commercial clients, but it would be improper to reference them by name in this discussion and without their permission. Now what domains do you run? Show me little man!

My experience shows that blocking open relays removes 15% of the spam. Since my reply to was to claim that "You make up numbers", referencing my experience is a valid citation.

But you didn't reference your experience. You made a blanket statement that if *I* blocked open relays at the firewall, *I* would see a 15% decrease in spam. This is why chronic liars like you should avoid people with good memories.

#1. Block port 25 - no more zombies - spam is reduced to 50%.
You have yet to show that this is impossible.

Yes, I have. As I have told you repeatedly, there are many business accounts at ISPs and those accounts need to have port 25 open. Since I have received spam sent through zombies on commercial accounts (one was even the company's web server), and that disproves your claim that there will be "no more zombies."

All you can do is claim that the spammers will now spam mailing lists and send a fraction of the spam through legit servers.

No, I said that they would also go to open relays and foreign ISPs just like they did before the zombies came on the scene. People were bombarded by spam long before the zombie machines ever existed. The amount of spam will hardly decrease at all. It did not, despite your lies to the contrary, go up 50% the week that spammers started using zombies. It's also idiotic to claim that something requiring almost every IS

The javascript looks pretty innocuous. You can use the samspade safe browser if you really want to look at the original page (and the javascript).

Some AV programs throw a warning about Bt.ow/btg when they see the pattern "Second Part to Hell" and the page includes the text "(c) 2002-2004 by Second Part To Hell" so it may be a false positive.

If you are concerned, more information about Bt.ow/btg is here and here

The javascript looks pretty innocuous. You can use the samspade safe browser if you really want to look at the original page (and the javascript).

Some AV programs throw a warning about Bt.ow/btg when they see the pattern "Second Part to Hell" and the page includes the text "(c) 2002-2004 by Second Part To Hell" so it may be a false positive.

If you are concerned, more information about Bt.ow/btg is here and here

My personal favorite ...
Sam Spade
-rick

If you're bad at math and need a quick way to turn a numeric URL into a DNS-named one there is a handy tool ("decipher") at www.samspade.org

Someday slashdot is going to show the address of all past AC posts. Are you ready? I am.

It is worth noting that at least HotMail already put the IP address of the client web browser into the mail headers. I had the misfortune to need to trace a mentally ill relative a year or two ago who had gone missing. He had sent email to his parents but the police said that despite the missing person report they could do nothing. Fifteen minutes with Sam Spade and a map of London revealed that two mails were sent from an internet cafe and a public library in North London just a couple of blocks away from the house of someone the family knew.

And there is no way Spam Arrest are the good guys here.

SpamArrest are spammers

I used SAMSPADE to reference their owned IP block (off the wonderful article) this is most definitely not their ONLY ip block, but if anyone does have more, it would be great to compile a whole list of "mean" IPS.

I do not care for this kind of intrusion (I equate this to exactly what spammers do to harvest your email...) then you can block these ips (route em to never never land.)

Practically everyone listed claims that they were "wrongly" listed (and maybe you were).

We weren't.

After having problems with our firewall blocking incoming emails we got it reconfigured (i.e. someone outside the company). Except once reconfigured it left port 25 wide open, so anyone could connect to our Exchange 5.5 (not my choice) server. Great.

Of course no ones configured the server to not accept relays. Why would they? Its blocked by the firewall....

So one day I'm bored at work and start entering some of our public IP addresses into samspade, and whoa! our server was listed.

El-prompto action commenced as the firewall was quickly secured, followed by some retesting, and de-listed within a week.

My only beef is we didn't get informed that we were being listed. Was only by sheer chance that I found out. Grrrr

This money would be going to lilo's personal business-class DSL line with RDNS capability.

To wit, somegeek.org has ip 66.140.25.154 which is owned by Robert Levin (lilo) from Southwestern Bell Internet Services.

This money would be going to lilo's personal business-class DSL line with RDNS capability.

To wit, somegeek.org has ip 66.140.25.154 which is owned by Robert Levin (lilo) from Southwestern Bell Internet Services.

This money would be going to lilo's personal business-class DSL line with RDNS capability.

To wit, somegeek.org has ip 66.140.25.154 which is owned by Robert Levin (lilo) from Southwestern Bell Internet Services.

ASN Explorer produces these results for 14478:

216.49.32.0/19
216.218.207.0/24

That's ok, I know all about subnetting. Guess that CCNA is good for something! Thanks!
ARIN info from SamSpade:

Life_Enhancement_Society (NETBLK-BRW-3614-LIFEENHANC)

4551 California Ave. #10
Bakersfield, CA 93309
US

Netname: BRW-3614-LIFEENHANC
Netblock: 65.89.25.0 - 65.89.25.255

Coordinator:
Hostmaster (ZB13-ARIN hostmaster@broadwing.com
512-427-3700

Domain System inverse mapping provided by:

NS3.BROADWING.NET 216.140.16.252
NS4.BROADWING.NET 216.140.17.252

Record last updated on 10-Mar-2001.
Database last updated on 1-Mar-2002 19:57:27 EDT.

I see they're located in Bakersfield, that checks. And a whole class C to play with. SPAMMING must pay well. I've also gotten SPAM from these jerks before, looks like Broadwing doesn't give a crap. Anyone know somebody at Broadwing??

Lookup my .co.uk domain

In the UK, we have a law called the "Data Protection Act" that protects all "personally identifiable information". This covers my name, e-mail and postal addresses, telephone number, etc - in fact basically anything that's held in a computer and can be retrieved by searching on my name. Companies are not allowed to gather, hold, disclose or use this information without my consent, and if they don't have a good reason to keep it (e.g. if they're just using it for advertising) then I can ask them to delete it.

This law also stops spammers operating from the UK - they can't legally make a list of e-mail addresses without getting consent from the people involved.

It's a pity the US doesn't have similar laws.

Head over to openrbl.org or osirusoft or Sam Spade and see if the server has been listed in any blacklists. If so, that's probably why your mail has been blocked. If not, contact road runner and find out what's up.

(not linked to conceal link's origin :)

Yes. Fantastic. Of course, in doing so you also broke the link in half. This is incredibly annoying to anyone who actualy wants to go to the link as not only do they need to cut and paste the URL in they need to edit it and remove the blank spaces. If you wanted to you could have done http://samspade.org/t/whois?a=shifmanconsulting.co m&server=magic in which case people could have either clicked or cut, pasted, and edited the url. BTW, slash now shows the domain name after the link if you actualy do link, so it's not all that bad.

In the future, please do not paste plain text links in slashdot.

In fact, one of them was to an email address that either

1. Bernie harvested from usenet
2. Bernie harvested from whois records
3. Bernie harvested from the SamSpade.org FAQ
4. Bernie bought a list from someone else who harvested it
5. Bernie read the SamSpade.org FAQ and decided that SamSpade.org, an anti-spam site, would want to received spammed resumes.

Even Bernie isn't stupid enough to do number 5, is he? Silly question, I guess.

In fact, one of them was to an email address that either

1. Bernie harvested from usenet
2. Bernie harvested from whois records
3. Bernie harvested from the SamSpade.org FAQ
4. Bernie bought a list from someone else who harvested it
5. Bernie read the SamSpade.org FAQ and decided that SamSpade.org, an anti-spam site, would want to received spammed resumes.

Even Bernie isn't stupid enough to do number 5, is he? Silly question, I guess.

At first I thought the post was a joke, but that is the actual listing.

You can even search it yourself.

Samspade.org has lots of cute internet research tools.

My company has been a victim of spam. The "From" address was forged so the mail appeared to come from us. Finding who is actually behind "Cybernet Enterprise"is a hard thing and the telephone number only gives a cryptic ansvering machine

Read the Received: line in the header of the emails. It will tell you what IP they originated from. Look this up and complain to the appropriate ISP.

There are a number of good antispam how-to's on the web.

This entire paragraph is just an attempt to satisfy the "Your comment violated the postercomment compression filter. Comment aborted " message.

The 'customer service' number actually worked, but was reassigned to another company. The guy on the other end of the line told me that I "had the right number, but that company went out of business".

I also spoke to the admin contact listed in WhoIs and was also told that Ariston is no more.

I spoke to the admin contact listed in WhoIs and was told that Ariston is no more.

I often prefer displaying my real email on web site, on news groups, because I love fighting spammers. we have _tools_. *grin*

uce :
before spam :


http://www.devin.com/sugarplum/ to protect your webserver from search bots.
teergrubing to protect your MTA :
http://www.iks-jena.de/mitarb/lutz/usenet/teergrub e.en.html
(and of course, hide your email like that : xavieratbocaldotcsdotunivdashparis8dotSPAMfr ;-)

after spam :


http://spamcop.net/
http://www.samspade.org
http://mail-abuse.org(RBL)

tools to semi-automaticly report/fight spam :

http://freshmeat.net/appindex/console/anti-spam.ht ml

irl :

As other says, send back the empty enveloppe.

One funny thing about phone spam is the possibility to talk to the person which is trying to sell you something, like to a human being. (after all, it's often a woman poorly payed to do this job. she(he) deserve humanity). I usually ask if the person is in good mood, and it's easier to say goodbye after this.

This guy's article is about the most flawed thinking I've ever seen concerning spam (apart from the spammers themselves).

If you want to check it out, look at: the article (safe browse mode via SamSpade.org). It won't be long before this guy gets kicked off his ISP for violation of his TOS, and giving out your home phone number to spammers (especially when there are sooo many reverse lookup systems out there) is suicidal.

Newbies: DO NOT FOLLOW THIS ADVICE!
---------------------------

I'll also bet that these folks would be interested in knowing they were hosting a non-shipping site. As would, their email drop.

I'll also bet that these folks would be interested in knowing they were hosting a non-shipping site. As would, their email drop.

I'll also bet that these folks would be interested in knowing they were hosting a non-shipping site. As would, their email drop.

One URL there was mangled; here's the right post:

Yes. I I use blcheck for this, with qmail-qfilter to put it right into the SMTP chain, although you can use it with procmail, too. That way users can use their mail clients to decide what to trash and what to keep.

Yes. I I use blcheck for this, with to put it right into the SMTP chain, although you can use it with procmail, too. That way users can use their mail clients to decide what to trash and what to keep.