When Good Spammers Go Bad

pfleming writes "According to this blog article on BadTux by Eric Green, the constant harrassment of spammers has a price. You get a Cease and Desist letter- or more correctly, your ISP gets a C/D letter. But, if you're a hard core geek you just might get your site more notice as it gets mirrored out onto sympathetic hosts. Also mirrored in other locations."

It was going ok.

[rf0]

I was impressed with the article until I got to the comment "I mean, what do I care about what Windows losers get scammed out of?". Now I like Linux much as the next geek but thats just going to aliante people.

M$ might be a monopoly but at least they have bought some form of consistency

Rus

Re:It was going ok.

[IIRCAFAIKIANAL]

No doubt. Calling someone a loser because of what O/S they are running automatically *makes the caller* the loser. Thankfully I've never met anyone like that in the flesh - just on the wild expanses of the Internet. Everybody I've ever met runs whatever O/S they need to do the job, whether it's Linux, Windows, BSD, or whatever.

That kind of shit is what makes Linux advocates all look insane and results in me having to explain that, no, not all Linux users are short-sighted, socially-inept zealots every time I bring Linux up at work. It's a lot easier to sell Linux to people without the idiotic pomposity.

Re:It was going ok.

[interiot]

That was a bit of hyperbole. I don't think he would have spent time collecting all this info and putting up various mirrors if he didn't want the truth to get out and save people $100.

Here's most of the paragraph that you quoted from

• I offered to take down evidence-eliminator-sucks.com for free. All they had to do was take all mention of me off their site. I mean, what do I care about what Windows losers get scammed out of? But no, they had to go off and hire a solicitor to spew out a cart00ney, and now it's too late for that: the site is now hosted on several servers scattered around the Internet, and I couldn't make the site go away now even if I wanted to.

What he's refering to is this page on evidence eliminator's page that twists the truth a lot about Eric Green.

Anyway, if he wanted to be more accurate, he probably would have said "I care a great deal about evidence-eliminator removing untruths on their website about me, more than I necessarily care about getting the truth out."

Re:It was going ok.

[ameoba]

my god. I can't believe that any real business would be so fucking childish as to post the picture, name & address of their detractors. that right there, regardless of any of the other stuff surrounding it, is enough to put them on my shitlist.

Re:It was going ok.

[Eric+Green]

You're right, that was a bit over the top, and I'll take it out once I get the site back up (it's currently somewhat slashdotted -- GeekCode isn't exactly the fastest blogging software out there!).

Re:It was going ok.

[Rogerborg]

Heck, if you're going to do that, just put up some pictures of your cats or something. It's Slashdot, it's not as though anyone's going to actually read the article before spouting off, we'll just skim it for mentions of Microsoft, Lunix and DMCA, then roll out the standard flames.

Re:It was going ok.

[JesterXXV]

Wow...IANAL, but this seems like outright libel to me. Sounds like he could sue them.

libel n.
a. A false publication, as in writing, print, signs, or pictures, that damages a person's reputation.
b. The act of presenting such material to the public.

Re:better mirror that geocities page

[maroberts]

Just failed to access his site. Lawyers may fail to shut it down, but slashdot can do it in seconds! :-)

With great power comes...

[xThinkx]

... You know the rest of it. Just as comic book characters have such a code, it would appear that computer geeks need one too.

It's obvious that the folks at evidence eliminator know a good bit about tech, and not enough about morality. A lot of other fine folks who run legit/non-shady companies have the same knowledge but don't use it to trick consumers into using their products (probably because they actually make something useful). Just because you have the power to do something doesn't mean you should use it. Imagine if the loyal slashdot crowd were to use our collective resources to advertise any one issue or cause.....

Lies!

[Baloo+Ursidae]

When good spammers go bad? Isn't that kind of pretentious thinking there are good spammers?

Re:Lies!

[devnullkac]

To paraphrase Starship Troopers:

The only good spammer is a dead spammer.

My own list of spammers...

[vandan]

I've got a file with ip addresses of spammers who've pissed me off enough to blacklist them. It's available at http://enthalpy.homelinux.org/spammers.txt.

I use the following script:

for I in `cat /etc/firewall/spammers.txt`
do
echo Blacklisting Spammer: $I/23
iptables -A INPUT -s $I/23 -j REJECT
done

to blacklist them.

I personally guanantee that all the addresses in this list have spammed me. If you don't believe / trust me, fine - don't use it. I use it on a production server and have never had any complaints...

By the way, the /23 in the iptables might be too 'clumsy' for some. You can use /24 which blocks a smaller group of computers around the ip address in the list. /23 works fine for us.

The list is 98% asian dsl accounts.

Also, for an alternative solution, try this:

smbclient -L $IP_ADDRESS

where $IP_ADDRESS is the address of the computer that spammed you.

If you're in luck, you'll find yourself connecting to a Windows computer. It'll ask you for a password. Hit enter. If you're still in luck, it will list the available shares, and a list of server names. Pick a server name. If there are more than one, try each one ;)

Now, download and compile 'smbdie'. Search for it on google. Run:

smbdie -i $IP_ADDRESS -p 139 -t $SERVER_NAME

where $SERVER_NAME is the server name you just picked from smbclient's output ( above ). If you are still in luck, you will have rebooted the spammer's computer ( it blue-screens ), and maybe even caused some data loss.

Really don't like them? Add the smbdie command to a cron job. I've found most spammers have fixed ip addresses, and they become available to reboot again withing approximately 2-3 minutes.

Enjoy!

Re:My own list of spammers...

[alienw]

You do realize that this is illegal and you can be prosecuted?

Re:My own list of spammers...

Except they may not be the spammers but users whose systems were abused by spammers or users who inherited the IP address of a spammer. There is absolutely no excuse for striking back against computers on the other side of the world. You can ignore them, no questions asked, but if you have to cause them harm, do it through their upstream provider. They know the situation and can deal with the problem in a civilized manner. Most ISPs will warn YOU and then terminate YOUR account if they become aware of your vigilante "justice".

Re:My own list of spammers...

[jmorris42]

> Check to see what netblock the dsl line is in and let the provider
> know instead.

Report a SPAM incident to an asian ISP? Are you new here? They just don't give a shit.

Re:My own list of spammers...

[theLOUDroom]

You do realize that this is illegal and you can be prosecuted?

First off: It is possibly illegal.

Are you familiar with the computer crime laws in most Asian countries? Do they exist? Do you know if they protect computers with no passwords? Many computer crime laws offer very little protection for computers on public networks, if the owner doesn't bother to protect them himself.

Second: Most spam is blatantly fraudulent. Let say I'm getting 419 scam emails from somewhere actually inside the US. The second they file a complaint against me, I can go after them for fraud. Put simply: Spammers don't want you to know who they are. They can't file a complaint, our you could go after them for fraud.

Third: How is someone in Singapore going to prosecute him? Is the US going to extradite him for crashing a computer that was sending fraudulent email to the US? Or are they going to say: "Hey why don't you come set foot on US soil and then we'll talk about it?"

Fourth: Let's say this computer does belong to an "innocent" (read negligent) bystander. Crashing his computer might actually get him to fix the problem/alert him that someone else is controlling it.


This isn't something I'd be likely to do myself, but I'm not going to start yelling "Hey, that's illegal!" without thinking about it. Morally, I don't see very much wrong with what he's doing. Legally, he's on shaky ground, but he could, possibly be in the clear.

The law is an ass

[Jardel]

That can work for either party, there's nothing new about people filing law suits in order to prevent someone from doing the right thing. It is important to remember however when dealing with such assholes that a letter from a lawyer is not as intimidating and many people think. Lawyers write letters which have little or not legal value all the time, I've received some myself when my old landlord and his wife got divorced and were fighting over who was the landowner. The letter itself wasn't worth the paper it was printed on, but it did have an official legal letterhead. Always make sure you know your legal rights and never trust the other guy's lawyer to tell them to you.

When what now?

[Jonsey]

When good Spammers go bad?

Logically, the only good spammer, is a dead spammer.

Therefore, all good spammers are past their experation date already.

So logically, all good spammers must be bad. :: Jonsey's Head Explodes ::

Kind of on topic

[0x7F]

I got this little gem in the mail this morning.

Date: Mon, 21 Jul 2003 04:59:32 +0000 (GMT)
Subject: Pussy-Hunter.net was hacked

I know they probably logged my IP, but I dont care, because I think it is wrong of them to steal my email address and send me porn adds, I recommend that you cancel any subscriptions with them immediately. The reason you are receiving this message is because im using Pussy-Hunter.net's own tool that they use to send emails to thousands and thousands of people. They have lists of stolen and random generated email addresses. If you dont beleive me just goto www.pussy-hunter.net/cgi-bin/ and look through the files.

When Good Stories Go Down

[vaderhelmet]

from the whip-lash-from-slashdot dept.
vaderhelmet writes "According to this server error on BadTux by the webserver, the constant loading of pages has a price. You get a 425 error- or more correctly, you cannot connect to the host. But, if you're a hard core geek you just might get your site more notice as it gets mirrored out onto sympathetic hosts. Also slashdotted in other locations."

Re: when good stories go down

[Eric+Green]

Well, when I staggered to my laptop at 5:45am this morning, immediately after putting on the coffee, and I couldn't read my EMAIL (which resides on the same server)... it took me about 5 minutes to reboot the server, watch it start all up again, killall httpd, read the server logs, and note where all the referers were coming from :-) Then I just set up the vhost to point to another directory (with the 'slashdotted!' in it), and set to retrieving the actual article of interest.

site text

Mirrored from news.badtux.net
Eric Green doesn't use Windows very much. A long-time Linux user and advocate since 1995, Windows software interests him about as much as, say, the price of pork bellies on the Chicago futures market. So why is the publisher of a much-spammed Windows software product trying to shut him down? Welcome to the wild and whacky story of the strangest bunch of spammer scammers on the Internet: those whacky folks at Robin Hood Software whose overpriced "Evidence Eliminator" software is spammed on every Internet forum on a regular basis. This is a tale of spammers and spam, and an unlikely spam fighter who has learned that spammers suck even worse than most people think. And in the end, it's the story of how spam fighters around the globe support each other when the spammers decide to go after their critics and detractors. It all started back in June 2000. At the time, I was researching encryption algorithms for use in a new software product. There was this product called 'Evidence Eliminator', produced by a company named 'Robin Hood Software', being hyped on the sci.crypt and alt.privacy newsgroups. Curious, I went to the web site of the publisher of the software. After being subjected to flash animation, popups threatening me with jail if I didn't buy Evidence Eliminator, and no way to contact the makers of the product other than a web form, I decided: "These people aren't credible." And said so. From my work account. Big mistake. I didn't realize I was dealing with spammers. I thought they'd be interested in seeing what an industry veteran thought. But there was no response to my message on the sci.crypt newsgroup. As far as I was concerned, that was the end of it. I went on with his life. But Andy Churchill, one of the principals of Robin Hood Software, wasn't so eager to let go. Imagine my surprise when, in early 2001, I ran a Google search for my name and discovered that I was part of a vast conspiracy by some strange New World Order collection of villains to destroy the makers of "the best security product on the market"! Naturally I wasn't happy. And as someone who isn't shy about expressing his opinion, I expressed it, sending EMAIL to Robin Hood Software demanding that they remove any mention of me from their site. Andy Churchill of Robin Hood Software iadmits to have received that EMAIL, but says, "we deleted it". There was no response from Robin Hood Software. So I did what comes naturally to any Linux geek: I put up a web page. Which Robin Hood Software swiftly (and in violation of my copyright) duplicated on their own web site, with "False." (no explanation) beside each of my points as to why you shouldn't buy their software. And as time went by and, thanks to the readers of my site, I accumulated more and more evidence about Robin Hood Software's activities, including evidence that they were behind the "push ICQ" spamming of their product (an EMAIL to their affiliates urging them to do that kind of spamming), Robin Hood Software's web site became yet more lurid, even to the point of duplicating a copyrighted gag photo (cropping out Agent Binks) on their own web site. These people don't appear to be too stable -- definite candidates for the aluminum foil beanie award. In early 2002 I purchased the domain name 'evidence-eliminator-sucks.com', and did a major overhaul of the web site to try to organize the by-then large amount of information that I'd accumulated about Robin Hood Software and its activities. By that time it was clear that these weren't nice people. Deceptive claims in their advertising, huge amounts of spam originating from their affiliates, ia browser hijack virus that hijacks people's web browsers and redirects them to the Evidence Eliminator home page, and their continued attempts to disparage their critics and competitors on their aptly-named Dis-Information page pretty much are a Major Clue. I also launched the "Evidence Eliminator Sucks Conspiracy" -- both a statement on what I feels is Robin Hood Software's paranoia in their rantings about a "vast conspiracy" out

Errr, Like Linux?

[Myriad]

Imagine if the loyal slashdot crowd were to use our collective resources to advertise any one issue or cause.....

Erm, you mean like Microsoft Bad, Linux Good?

Blockwars: multiplayer and it's free!

Wouldn't it be nice...

[Dark+Lord+Seth]

... if someone wrote a nice piece of mass mailing software that would be free, look great, run fast, spam people like there's no tomorrow and available under a "free but get your paws of my source code" license? I mean, we don't want the spammers to be able to realize that their latest toy doesn't actually send anything and has more backdoors then a Win95 alpha version, now do we? And it automagically has to hook up to a webcam if available, so we can have a laugh as a spammer realizes all his computers are now hosting illegal crap like Britney/Nsync/Linkin Park MP3s, various bad Disney animations as MPGs and files like "SCO_Unixware_kernel.tar.gz" while a RIAA/MPAA APC drives his/her front window!

Bonus points if said program makes a AYB quote the moment the spammer is sued into the nine hells themselves!

K5

[Malc]

How funny! I just discovered and read a story on Kuro5hin about this, written by Mr. Green himself.

new error page

[rutledjw]

The page officially says:

"Slashdotted!

Not available at the moment due to the Slashdot Effect. Will be back shortly as a (much faster) static page. Thank you for your patience."

So should this be a new error message? I'm thinking 501 - Slashdot...

Sales and Marketting

[Sabalon]

I got a call from some sales guy from some company once. I was busy, so I told him to send me some literature. Got it, looked at it, wasn't interested, so pitched it.

Apparently the sales guy thought that by sending me junk, he now has the right to call me whenever. First time I told him I wasn't interested, second and third times I added not to call me back. Fourth time I laid into him - he called by bosses number. Fifth time I did some research and sent his boss and a few other high-up's in the company an e-mail explaining how I had nicely asked to stop being bothered by the company and that they have now left a very bad impression, and that I talk with lot of other people that they may want to deal with, and am not afraid of sharing my opinion of a company if asked.

The VP of the company sent me an e-mail back saying (THE SALES GUY) IS DOING A GOOD JOB GETTING THE NAME OUT THERE SO BUY SOME PRODUCTS FROM US. (no lie - all caps).

Upshot is I've not been called anymore.

I look at it like X-10 - they've made some good products, but as soon as marketting/sales starts to lead, even the best company can get dragged downhill.

Better iptables use...

[ErikTheRed]

Great idea, however, if you really want to fuck with them (at least in a legal way), use -j DROP rather than -j REJECT. This should make their system wait for a timeout and thus tie up their spamming engine a bit (well, at least one thread of it)... See this article for more information.

already taken

[cliveholloway]

a geek who doesn't know his http response codes. Tch Tch

500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version not supported

You'd have to start at at least 506 - but then that might be used by later http implementations

better to just add a new block of response codes:

600 Server Slashdotted
601 Databaser fried
602 Redirect to Google Cache
603 Redirect to Goatse.cx
604 Random error from 4xx/5xx code
605 Cowboy Neal

Or just use the HTTP response that I seem to get a lot when viewing slashdot:

417 Expectation Failed

.02

cLive ;-)

Their product

[Eric+Green]

I've seen their product reviewed by someone in the security community who I respect. He reports that it's a bit slow and bloated (being Visual BASIC), but does appear to erase files (doh! Like you said, it don't take a genuis!). The only real complaint he had was that the user interface was somewhat non-intuitive -- it was easy to set up the program so it'd erase critical system files and make your system unbootable, for example.

As for their ethics, yes, their ethics suck. Their advertising says you'll go to jail if you don't use their product, they have popup scare ads that display your hard drive (if you're using Windows) and says that they're looking at your hard drive and you better buy their software or all those porn gifs will get you thrown in jail (it's a simple btw, with C:\ as the source -- i.e., it's just displaying your hard drive to yourself), and then of course there is the virus that their affiliates are sending around to hijack people's web browsers and point it back to the Evidence Eliminator site, and ... well. I think you're getting the picture now. These are not Nice Folks. And if we can trace that virus back to their offices, they will be wearing stripes soon.