Slashdot Mirror
Eliza for Spam
Saint Aardvark the Carpeted writes "Check this out for sheer genius...This guy has posted to Perl Monks a script that uses the Perl Eliza module to respond to spam. Check it and contribute your suggestions for improved vocabulary." The downside of course is that spammers never set their reply correctly (which I think is forgery, and should be treated as such) so this is probably more academic then useful, but its definitely funny.
More generally, this looks like a scripting job.
b ulk+email
something like a cronjob of
wget --recursive --level=1 --span-hosts http://www.goto.com/d/search/?type=home&Keywords=
?
You will want to delete the output too
Cats: Eliza. All your base are belong to us.
Eliza: Does using that kind of language make you feel better ?
---
'nuff said.
But it still shows that the host is receiving the mails and *someone* is reading them. The solution for link-following is to remove anything from the link which might provide information about who's responding (anything that looks like a unique identifier, in particular a reference to your e-mail address). For responding, perhaps the best approach is to forge your own headers (fighting fire with fire) to give the impression of responding from an account that genuinely *is* invalid.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
At a company I worked at a few years ago, there was one particular customer who liked to bug tech support just to have someone to talk to. He'd ask the most inane questions, then when he got the answer, he'd generally say "Why would I want to do that?" in reference to what he was asking us how to do in the first place!
It got old and so we set up a psuedo tech support person and had that person handle all his tech support. We would send his email through Eliza (the one in emacs) and then take Eliza's responses and send it back to him. This seemed to keep him satisfied, and kept our tech support from getting aggravated by him.
The problem with clicking links or repsonding, you just verified your a valid email address...
Why does a commercial message need anonymity?
What we NEED instead of more stupid laws (we have enough idiotic ideas about computer "crime" in law enforcement already, Taco) is legal recourse for the recipient
Giving a legal recourse for the recipient would require a law you know.
Tell me about your mother...
But seriously. If your Samba isn't working right, then you do have a problem... how are you supposed to attract the opposite sex without the proper tools?
UUCP and FTP may be attractive, but lets face it. The girls want Samba, and lots of it. And what can you do about that?
Introducing Siagra, the one and only fix for all of your Samba problems.
Can't get your Samba up to do its thing? Siagra can help. 40% of men over 50 can't get their Samba to work. But Siagra is a new revolutionary herbal extract. It's not a drug. It will work wonders. It can do what you never thought possible!
I just downloaded an AliceBot to run on my laptop yesterday, first to see if I can get it to talk XML RPC or SOAP to my home automation server running Misterhouse, and second to see if I could turn it into a level 1 tech support agent for the TOTALLY inane questions that cripple the daily operations of my client's help desk.
First thing I have to do is whittle down AliceBot's knowledge base from over 27,000 categories to just a few. First, how to get the weather report. Next, how to read Slashdot, and finally, the rest of home automation.
Intelligent Life on Earth
> Click here, go down the list and open each link in a new window (rightclick, openinnewwindow then tally up the $ damage yourself.
Does it work if you open them in a new tab in Galeon? That way you don't even have to see them.
More generally, this looks like a scripting job. Even if they track IPs that have visited, people with dial-up connections could run the script every time they dialed up, with a low probability of duplicates. What would happen if one of the advertisers suddenly ran up a $3,000 bill? Or $30,000? Or $300,000?
Sheesh, evil *and* a jerk. -- Jade
The problem with clicking links or repsonding, you just verified your a valid email address...
Not neccesarily. You could configure your domain's "default" entry in virtusertab to forward every non-valid email address to your spam parser. The parser could determine whether it has links or other spam indicators and send it to the spam responder or postmaster as appropriate.
This would have the interesting effect of making the invalid email addresses appear to be get a better response than the actual addresses...
A dingo ate my sig...
I have a bunch of random e-mail addresses linked-to off a period on my home page. If any bot finds it, it gains 2,500 fake addresses. I update it every so often. It was generated by SpamBait. Everyone should do one. I don't have the link to the orignal program, but here's another.
Yeah, but its pretty easy to find the server from which the email originated from the full email header, heck, even a perl script could do this... (although i guess there are ways of even spoofing this????).
Then you just get the script to respond to postmoster or root@offenfing.machine, stating that spam was originating from it. If you include the message ID in the email, the admin can determine the spammer and hopefully will suspend their account. The again, it might be the admin doing the spamming....SirCam: Hi! How are you? Eliza: Why are you interested in whether or not I am ? SirCam: I send you this file in order to have your advice. Eliza: You're not really talking about me, are you? SirCam: See you later. Thanks Eliza: Oh... later. Thanks?
Most smart spammers (I know that may be an conflict in terms) will either use a phone number, a physical address, or a web form. The only thing you can attack there is the web form. Spammers will usually set a maximum length per field. You may only use 30 characters for your name, 10 numbers for your phone number, and 50 characters for a comment. The way around this is to save a local copy of the form and strip out the max length variables. Then set eliza on it, or just pipe the chargen port to it.
No replies made to AC posts. Please log in.
How does that make you feel that you have a problem with Samba 2.02?
This is funny. Just like SpamMimic.com , a program that hides secret messages as spam.
You could hook up two bots to talk to each other secretly.
What we NEED instead of more stupid laws... I mean a law that explicitly states this...
ROFL - Is this true cognitive dissonance, or just the normal rantings of the average young Ritalin-drenched brain?
"The future's good and the present is nothing to sneeze at." - Roblimo's last
umm it isn't called Siagra. It is called SWAT ;)
I'm at 48 - so enough Karma to burn. Just like to leave something here before this topic gets archived and I cannot have my say.
Personally I think the idiots who rated this post as "Overrated" and "Offtopic" are idiots.
Offtopic - my arse - you lame moderator shit. You just cannot seee deep enough to understand humor.
Overrated - hah! let yourself be known, and let's see your posts.
Perhaps it will all come out in M2. I've moderated and I know that anybody who moderates a post as "Overrated" is a self-centered pig. It's a lame moderators tool used where a moderator doesn't share the same sense of humor as others. Beware, next time I moderate - If I see any posts moderated as both "Funny" and "Overrated" then I will rate it as "Underated"
Fucking Wankers!!!
Click here, go down the list and open each link in a new window (rightclick, openinnewwindow then tally up the $ damage yourself.
Hit 'em where it hurtz -
Also spammers don't use their own email addresses. They will use a random address at some innocent domain, or they will use the address of some one who complained. When you use this, you are harassing some innocent person.
No replies made to AC posts. Please log in.
Had to try it out. Heres the results from a typical spam...
.BIZ .INFO Domains activation dates
:)>Dear Domain Registrant,
.BIZ domains has been announced - Sept 17, 2001 is
.BIZ domains.
.INFO domains, Sept 12, 2001 is scheduled to be the start-up date,
.BIZ, .INFO, .PRO, and .NAME. It is expected that over 3 million
. cgi ?email=[snip]
[headers snipped]
Subject: Re:
Thank you for your mail! I am new to here, and
+do not have good english -- forgive
Hi, how are you?
>The dateline for
>the last date for early-birds to pre-register their
>For
>where all pre-registrations made earlier will be processed.
What answer would please you most?
>We are now accepting pre-registrations for the new top level domains with
>extensions
>of
>these new domain names will be registered in the first few minutes when
>registration opens later this year. This will be the largest virtual real
>estate land grab in the history of the Internet.
I've told you before, I don't care about names -- please c
>According to the ZDNet July 2nd news article, industry experts have
>"estimated that 15 million dot-biz names will be registered by 2005".
I'm not sure I understand you fully.
>If you are looking for a great name like Cars.biz or Stocks.info, be
>prepared to face some stiff competition unless you pre-register early.
>http://www.NewExtensionsNow.com has built the premier pre-registration
>engine
>that can help you to secure the domain you want. Over 500,000 names have
>already been queued into our list and good names are going fast. If your
>domain name is important to you, do not wait until the last minute. Go to
>http://www.NewExtensionsNow.com to pre-register now.
I am not interested in names.
>If you have received this mailing in error, or do not wish
>to receive any further mailings from us, simply click here:
I would like to visit your site, but my mouse is broken
>http://www.newextensionsnow.com/cgi-bin/remove
That is interesting. Please continue.
Hmm, isn't replying to spam bad because it will
mark your address as 'in use' with spammers?
This looks like a fun thingy, but I wouldn't
use it to acutally reply to spammers for sure...
--
GCP
? just gave me an idea.
The downside of course is that spammers never set their reply correctly (which I think is forgery, and should be treated as such)
hy not have mail systems check back with the return address to verify it as sent / approved to be sent from that address. Then label the mail accordingly - approved by labelled sender or not. Then receivers can choose whether they want unverified mail or not, in advance of receiving it. Hmm. Of course this could be detrimental to anonymous communications hich have they own set of (very) useful qualities. (Specially against corrupt governments.)
This guy has a lot of interesting ideas. I would think it would be fairly simple to write a program that did the following things:
1: If a SPAM message contains a form, you forward it to the program (which would create a local SMTP server to receive messages only from you). It would fill the form with random data, but somewhat intelligently, by parsing the HTML and figuring out what is valid for the form.
2: If a SPAM message goes to a web site with a form, go to that form in your browser. Run the anti-spam program and click a button to auto-fill the form. You could configure it to fill out the form multiple times, in the background, without user intervention.
3: If the SPAM message contains a link to geocities, or other free web hosting services, forward the e-mail to your anti-spam program's local SMTP server. It will grab the link and then forward the e-mail, header, and link to the appropriate abuse@ address.
There are probably other things like this that could be done. If someone wrote this program, I'd use it religiously, and I'd imagine a lot of other people would too. If it was easy enough to use and as unobtrusive as possible, people would be using it like crazy. The spammers would get wiped out.
Believe me, if I had the spare time, I'd start writing this program today.
(which I think is forgery, and should be treated as such)
/. crowd erupts in a furor of activity, denouncing it as tyrannical. Yet, when spammers spoof their email addresses to avoid backlash of outraged netters too dumb to view the real headers and do a whois, (ab)using the very same online anonymity, it's suddenly "forgery".
Strange. When slashdotters insert "NOSPAM" in their email addresses, making them incorrect and misleading, it's fine. And when the government proposes systems to track everyone online, the
Pfft, yeah, whatever. Let's start making some sense now Rob, hmmm?
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
Haha. Well, I have been using a bunch of robot responders for email. You can reach alice@blibs.com, eliza@blibs.com and even mrt@blibs.com .. Alice and Mr. T will remember stuff about you and you can almost carry on a conversation with them. have fun.
-- these are only opinions and they might not be mine.
And how does it make you feel that eliza responds to spam?
If the spammers was forging a non-existant email address at a non-existant domain, there might not be much of a problem. (Cause, no one is geting 'hurt') But, spammers often times forge addresses in innocent third party domains, or will forge addresses of inocent third parties. In these cases the postmaster at the domain, or the person getting the thousands of bounces, gets hurt. That is where the problem arises.
No replies made to AC posts. Please log in.
Oh, I can make $10,000/week? How do you really feel about me making $10,000/week... wouldn't this just contribute to your feelings of inadequacy, stemming from your overly controlling mother? Perhaps if you tell me more about your relationship with your mother we can delve more deeply into the issues underlying your antisocial need to waste people's time with stupid email offers that no one gives a damn about.
Then again, I don't have the time to re-code ELIZA to do this, and besides, it's easier to bounce the email back after convirting it to an M$ Office document and attaching it, with a simple explanation:This seems easier than the forms approach...
--Got Lists? | Top 95 Star Wars Line
Is it only me who's noticed the irony that on an article about punishing spammers, the /. equivalent of them is out in force?
I'm an Angry Clam. You would be angry too if you were a ball of snot in a shell.
Oh cool. Maybe Eliza can answer the tons of Linux Questions my LUG E-Mail List delivers to me daily:
...
Question: "Hey Eliza! I have aproblem with Samba 2.0.2"
Eliza: "Tell me about your problem!"
Question: "The Win 9x clients can't get acces to my Samba File-Server."
Eliza: "That's a pitty. Your Win 9x clients can't get acces to your Samba File-Server..."
X
Boycot? Blackout? Subscriptions?
I don't care!
My friend and I have been kicking around an idea to use Eliza to reply to all e-mail. You could give it an AI that looks at a real response to a similar question, keep a database of those replies and then only forward messages to you that require a reply because the algorithm doesn't have a context to reply from. I already have a script that ssh's into machines that I maintain and do sudos and greps and such. My boss thinks that you have to constantly futz with things and be logged in all the time. He is the last log \ /var/log/messages king. He'd probably can me if he knew that I wasn't at the switch constantly, but then again it took me a week to explain how to even check logs.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
How is it fraud to fill out a form that:
1: You didn't request
2: You don't want to read
3: It's SPAM
4: It's public. That means: It's like a message board. You can write whatever you want. If the "moderators" of the board don't like it, they can remove it, but 1 and 2 of my post fall under free speech, in the States, and I doubt you'll find anyone who disagrees with it.
Remember, 98% of these guys are forging their e-mail addresses, which makes them guilty in some dozen states, or so, of the U.S. So they're going to come after me for posting garbage to their forms? I doubt it.
Now all it has to do is click on the link in the spam and fill out forms with data to clog their databases. More information can be found here:
http://lenny.com/spam/index.html
There is no
you can tell procmail to exit with whatever exit code you feel like it. there's an exit code for "no such user" if you can detect your spam with procmail and any combination of scripts, you can force it to send a bounce message saying that the user doesn exist. if you want, you can even force that sendmail-generated bounce message, and still receive the mail.
consider the following recipes:this would have you still able to read your spam, if you're so inclined. (deliver it to /dev/null if you're not.) i would tend to think that a "user does not exist" bounce message would be better for preventing future spam than an annoying little eliza-generated email
#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
I agree it's nasty, but hardly forgery. It's no more forgery than writing "Dr. Nikolai Pantsanundies, 6th planet of the Gastric System, 7th Dimention" in the return address portion of an envelope. What we NEED instead of more stupid laws (we have enough idiotic ideas about computer "crime" in law enforcement already, Taco) is legal recourse for the recipient. I say, if we can track down who sent it, we should have a legal right to send them a bill, and sue if it's not paid. I mean a law that explicitly states this, not just a sig tagline like some guys have tried over the years.
jX [ Make everything as simple as possible, but no simpler. - Einstein ]
I would like to order one copy of your interesting home business opportunity package, 3 tubes of thigh cream, your revolutionary mass-mailing program, my preapproved credit card, and credit repair package. And if there are any left, given that the offer was a last chance offer, 4 of your revolutionary wireless web cameras.
Attached is my credit card information. Click to open. ccinfo.doc
-- Another senseless waste of fine bytes.
No replies made to AC posts. Please log in.
It's a cool service. Offered free, but I recomend you pay for it... doesn't cost much and it's such a great service.