Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Good Spammers Go Bad

Posted by Hemos on from the whip-lash-from-spammers dept.

pfleming writes "According to this blog article on BadTux by Eric Green, the constant harrassment of spammers has a price. You get a Cease and Desist letter- or more correctly, your ISP gets a C/D letter. But, if you're a hard core geek you just might get your site more notice as it gets mirrored out onto sympathetic hosts. Also mirrored in other locations."

2 of 305 comments (clear)

  1. My own list of spammers... by vandan · · Score: 5, Informative

    I've got a file with ip addresses of spammers who've pissed me off enough to blacklist them. It's available at http://enthalpy.homelinux.org/spammers.txt.

    I use the following script:

    for I in `cat /etc/firewall/spammers.txt`
    do
    echo Blacklisting Spammer: $I/23
    iptables -A INPUT -s $I/23 -j REJECT
    done

    to blacklist them.

    I personally guanantee that all the addresses in this list have spammed me. If you don't believe / trust me, fine - don't use it. I use it on a production server and have never had any complaints...

    By the way, the /23 in the iptables might be too 'clumsy' for some. You can use /24 which blocks a smaller group of computers around the ip address in the list. /23 works fine for us.

    The list is 98% asian dsl accounts.

    Also, for an alternative solution, try this:

    smbclient -L $IP_ADDRESS

    where $IP_ADDRESS is the address of the computer that spammed you.

    If you're in luck, you'll find yourself connecting to a Windows computer. It'll ask you for a password. Hit enter. If you're still in luck, it will list the available shares, and a list of server names. Pick a server name. If there are more than one, try each one ;)

    Now, download and compile 'smbdie'. Search for it on google. Run:

    smbdie -i $IP_ADDRESS -p 139 -t $SERVER_NAME

    where $SERVER_NAME is the server name you just picked from smbclient's output ( above ). If you are still in luck, you will have rebooted the spammer's computer ( it blue-screens ), and maybe even caused some data loss.

    Really don't like them? Add the smbdie command to a cron job. I've found most spammers have fixed ip addresses, and they become available to reboot again withing approximately 2-3 minutes.

    Enjoy!

    1. Re:My own list of spammers... by alienw · · Score: 5, Informative

      You do realize that this is illegal and you can be prosecuted?