Domain: shat.net
Stories and comments across the archive that link to shat.net.
Comments · 18
-
Re:Same old same old
Yes, that's me... If I knew you back in the day, get in touch.
:) http://shat.net/contact.php is at least marginally likely to be read. Anything else is hit or miss. -
Re:OT: what about regular mail spam?
Before I try going to the post office and getting a glazed look from a postal grunt, does anyone know of a way to block all "Resident" mail, a complete opt-out of litter mills that don't even know my name?
The short answer is that it's not possible without a lot of effort on your part, perhaps more time than you spend filtering through the mail. The long answer is that you can cut junk mail to a trickle if you're willing to take the time. See Stopping Junk Postal Mail and ignore the Adwords on the right side, they're trying to charge $30 for mostly the same info. -
Re:Chatting can indeed be dangerous!!!
Very interesting! I was a remote for approximately 5 years, spanning Mac Help, YouthTech, Digital City, AOL Promotions, CLC, KARES, and various other interests. I never got a "DOJ Letter," as I wasn't much for public chat or hanging with Guides, but I did get one of these.
I was also blocking mail from specific users long before Mail Controls were available, my experiments with screen name refresh tokens led to the eventual "Update Screen Name List" link at keyword: NAMES (a poor TechLive friend got in trouble for distributing my form); keyword: NOTIFYAOL exists at my suggestion, as opposed to just being a button in chat rooms (thanks Chris!); and - as you say - God knows what else. Those were the days, no?
If you don't mind my asking, what was your Guide uniform, or perhaps your civvies? I might've known ye... -
Politically correct NetBSD Logo
Can be found here...
-
My tools are simpleLooks like most responses so far aren't addressing the real question - what you use to seek and destroy - and instead are mentioning what they use to avoid spam in the first place. All well and good, but since there aren't many answers to the question at hand, I might as well post mine.
I generally stick with the basics, whois and traceroute getting the most use. I rarely whois the spamvertised domain itself, unless I'm trying to determine the registrar or its DNS provider... But whois gets a lot of masked use, thanks to the following aliases (bash2, freebsd):alias apnic='whois -h whois.apnic.net'
So, suppose I get spam with an originating IP of 1.2.3.4, I just grab a shell and type
alias arin='whois -h whois.arin.net'
alias ripe='whois -h whois.ripe.net'[speaker@candletruq]$ arin 1.2.3.4
If ARIN refers me to RIPE or APNIC, I use the `arin` or `apnic` commands, respectively. Within a couple of seconds, I know which ISP was abused to send the spam, as well as (usually) some administrative contact for that provider. A few more seconds and I have the same information about whichever ISP is hosting the spamvertarget. If you find yourself constantly typing out...whois -h whois.arin.net 1.2.3.4
...or the appropriate flags to your flavor of whois, setting aliases to point to ARIN/RIPE/APNIC's servers can be a huge timesaver.
A script I wrote some time ago, called ANAL - get your mind outta the gutter, it stands for Auto NANAS and Lart - takes care of the rest. I paste in the spam, headers and all; then if I'm bothering to report it, I'll also enter in some abuse contacts for the origin/target ISPs. I post the form, the script posts a copy of the spam to the Usenet newsgroup news.admin.net-abuse.sightings, and also sends abuse reports to any email addresses I specified.
Not necessarily trying to plug myself, but if you've got PHP installed, check out ANAL. You can report spam to the ISP, and also archive a copy in Google Groups (which can help in future spam cases against the same spammer or spam-friendly ISP) at the same time.
Yes, I actually named one of my machines candletruq. -
Or cookie substitution
If so shouldn't it be possible to open up the cookie file and hand edit it?
You could also use someone else's Google cookie. For example, I wrote a PHP script called NukePost which deletes batches of Usenet posts from groups.google.com at once, automatically. Google's server expects - requires, actually - a cookie in order to complete the process.
I embedded one of my ancient cookies into the script, which is sent to Google every time someone runs it without modifying the cookie data. I've had numerous people write me thanking me for the script. In other words, lots of people have all used "my" Google cookie to delete their own posts from groups.google.com, without problem.
It's kinda like swapping your grocery store discount card with a friend. Sure they're tracking "you," but what they wind up with is a bunch of useless garbage... -
UO Lake Superior protest
Several years back, the Lake Superior shard (UO game server) was having serious problems. So a bunch of folks who played on that server hopped over to the Atlantic shard to protest. For whatever reason, it was red dress instead of going naked: Screenshot 1 Screenshot 2, they put us in jail
Of course, naked protests aren't unheard of. I don't recall what this one was about, but we were a merry band of nude archers: Naked Posse
Frigax -
UO Lake Superior protest
Several years back, the Lake Superior shard (UO game server) was having serious problems. So a bunch of folks who played on that server hopped over to the Atlantic shard to protest. For whatever reason, it was red dress instead of going naked: Screenshot 1 Screenshot 2, they put us in jail
Of course, naked protests aren't unheard of. I don't recall what this one was about, but we were a merry band of nude archers: Naked Posse
Frigax -
UO Lake Superior protest
Several years back, the Lake Superior shard (UO game server) was having serious problems. So a bunch of folks who played on that server hopped over to the Atlantic shard to protest. For whatever reason, it was red dress instead of going naked: Screenshot 1 Screenshot 2, they put us in jail
Of course, naked protests aren't unheard of. I don't recall what this one was about, but we were a merry band of nude archers: Naked Posse
Frigax -
A couple of mirrors
-
Re:One way to slow a specific flood
Here's a SMTP honeypot that you can compile and run on windows machines. It pretends to be a mail server & accepts incoming messages. I ran it last year but my cablemodem provider wasn't too happy so I stopped using it. But the more honeypots out there the better.
-
Re:Too bad for my users!
The link to remove posts from Google's usenet archive is here. There are a couple of stipulations in order for automatic removal to be possible. One, the "From" address on the usenet post must point to the real, unmunged email address under your control. Two, you must register and confirm a groups.google utility account from that same address (you can do so at the above link). The parent's parent's poster should be able to meet both of these qualifications.
If you find that you have a large number of posts that you need removed, I wrote a PHP script called NukePost which will remove huge batches from the Google archive at once. The script simulates a browser session and makes all the required, repetative form posts at Google's controller site for you. All you need are the Message-IDs of the offending posts. I may write a groups.google spider to retrieve those in the future.
In situations where it's obvious that you made the post but you can't qualify for automatic removal, an email to groups-support {at} google should get you taken care of. You need to include a few things in your message, details are here.
I've heard rumors that Google maintains a separate usenet archive for paying customers (i.e. governments, corporations) to browse, which does not honor the removal requests or the X-No-Archive header - though I have absolutely nothing to back that up with - so it's possible that nuking posts is a futile effort. It should keep the cheap spammers away, at least.
Shaun
PHPLabs Supersite -
A suggestion for anyone running Apache...
The htaccess directives in this example will eliminate the noise from your error_logs. They'll also redirect inbound Nimda or CodeRed requests to Microsoft. Not that Nimda or CodeRed grok the 302 Found replies, but it's nice to dream of giving M$ a taste of their own medicine
:)
(I tried to post the directives here, but the lameness filter wouldn't let it through.)
-s -
Re:But aren't poisoned addresses just stupid?
>but im wondering, has anyone else done work on this or heard of work like this?
I wrote one a few weeks ago that catches FormMail probes and mails a warning message to the person who's probing. Since putting the script in place across several domains, I've seen a significant decrease in repeat offenders. I used to get scanned by the same people day in and day out (i.e. the recipient value in the GET requests was the same), and I had a few who'd scan me weekly. Not anymore.
FWIW, the script is here. It's written in PHP, so you'll have to either redirect requests for formmail.pl to the PHP version, or use a CGI wrapper (hence the shebang line at the top of a PHP script :)
I also like the idea of a FormMail honeypot. Basically such a script would accept and deliver the first message received from any IP address; this would be the test message indicating that the probe was successful, so you'd want to make sure it was actually sent. Subsequent accesses to the script from the same /8 over the next 24 hours would generate log entries but not actually send mail, the spammer would be spamming into a black hole, [complete the honeypot analogy here]. I'd do it myself but I don't care for the idea of someone hammering me with thousands and thousands of requests. I'd love to know if someone else sets something like this up, though.
Shaun -
Re:Client Interoperabilty
>How long will it be before these clients cause sufficient
>incompatibility that seperate, client specific networks arise?
>What we really need is an agreement between the different
>developers to pass on these extra packets, or agree on a
>central "feature set".
I agree with you 100% on this issue - in fact, "developer fragmentation" was the #1 problem I listed in a September 2000 overview of problems facing Gnutella. (Note: This article is rather outdated, especially in that I no longer use the original Nullsoft client!! BearShare, LimeWire, ToadNode, etc. were not released when I wrote this.)
Luckily, we've come a long way since last September, or at least that's how it appears to me. BearShare and LimeWire, the two most aggressively developed Windows clients, seem to be fully interoperable. They send extra information - host uptime, for example - within the Gnutella packets. But they appear to integrate without any problem. How this extra data affects some of the older clients, I'm not sure; but the leaders in the Gnutella front seem to be "cooperative competitors."
Shaun -
Try this pic
http://shat.net/bonsaifbi.jpg
Disclaimer: that poor sap is not an FBI agent (that I know of). I found him on that "Am I a total raving dork, or not? Why don't I put my ugly mug in front of thousands of people!" site, glass bottle courtesy essentialsupplies.com. There, now I can't be sued.
Shaun -
They're also "quietly" planning to charge for AIM
At least, so say the icons built into the latest Macintosh AIM client. There's a service icon for "AIM Pay" and "AIM Pay (Unused)."
Shaun -
I'm scared
Scary, fucking scary. Anyone remember Richard Pryce's media-mogul character in Goldeneye? Fabricating the news, starting wars just so he could get ratings, and getting off on the whole deal. I can't help but see Case's face in that role.
Time Warner has their hands in a little of everything. AOL has their hands in a little of everything. Put them together and they're capable of controlling more aspects of Americans' lives than most people will realize. It's a monopoly in the making. What's more, Time Warner _is_ a (legal) monopoly in many markets. If your city is serviced by Time Warner Cable, you can't just cancel and take your business elsewhere. There's nowhere else to take your business!
Factor AOL's "protect the children" campaign (http://shat.net/misc/government.shtml) into Time Warner's cable television properties, and god only knows what will happen. My Father the Hero will never again be run on HBO, because it shows a teenage girl in a bikini... AOL can't have that happening on their networks! Then again, maybe they'll finally ditch the 20 different Home Shopping Network channels, since they collect "personal identifying information" from anyone who calls to order. AOL just hates anyone (other than themselves) who collects personal identifying information.
I'm just waiting for the announcement that AOL has bought Microsoft. Maybe then DOJ/SEC might take a look at what AOL's up to.