Russian Minister Gets Spammed, Spams Back

elhim writes "According to an article in the Moscow Times: 'Spammers last week got on the wrong side of the wrong man, and quickly found themselves with a taste of their own medicine. The man? Deputy Communications Minister Andrei Korotkov. Tired of the endless spate of unsolicited messages that clog e-mail systems everywhere, [Korotkov and others devised] ...an audio message to be volleyed nonstop to the telephone numbers listed in the... [email] spam messages.' Sometimes Russia reminds me of the Wild West."

Spam

[LCookie]

Oh well I did the same multiple times.. Spamming back is a viable alternative to getting angry I think.. Plus it hits the spammers where it hurts them most...

Re:Spam

[Tynin]

Aye, I have done that a few times. Getting spam faxed to me always pushes my buttons the best. I have been known to fax back to the numbers listed my stack of printed RFCs. Always makes me feel better!

Re:Spam

[Picon]

Well if i was a Spammer and i get "Spam back attack", i will modify my "viable command return address" into the attacker address. Say for one day or two days.

Of course it is a loss of money, but an efficient way to fight against "Spam back attack" :)

But i'm not a Spammer :P

Re:Spam

[errl]

I can imagine that this is not a very smart thing to do. It would likely make things worse. If you reply to spam, it proves that you have looked at it, and thus are a good victim and they are likely to spam you more. Just at thought.

Re:Spam

[i+chose+quality]

i prefer a roll of toilet paper. write "please hold the line..." on the first paper. then, if it is almost through, tape the first to the last paper...

:)
revenge is sweet...

Re:Spam

[Lord+Dimwit+Flathead]

It probably doesn't make a huge difference these days, as most spam seems to be HTML email embedded with webbugs (1x1 image tag pointing at a logging script) so they know your address is valid as soon as you open the email if your client renders HTML. It's still a good idea not to reply, but it's a better idea not to open it in the first place.

In this case though, the article was about calling phone numbers listed in the spam, which if nothing else, at least increases the cost of doing business for the spammer. I'd imagine the parent poster was talking about the same, as email replies aren't likely to impose much of a burden on the spammer. It's a lot cheaper to glance at an email and hit shift-delete than to have an inbound phone circuit and operator tied up while somebody rants at them about the evils of spam.

Re:Spam

[garymm]

what email client can do this?

Re:Spam

[the_consumer]

Try reading the grandparent comment again.

Or, click this.

Re:Spam

[garymm]

ok, so i guess I'm out of luck, seeing as i don't use Linux.

Re:Spam

[Quothz]

Getting spam faxed to me always pushes my buttons the best.

If you're in the United States, and recieving unsolicited FAXes, you can sue the hell out of them. Usual damages, as I understand it, are five hundred bucks per violation, although I think it can be higher in some cases. I am not a lawyer.

Re:Spam

[ShadowBlasko]

"i prefer a roll of toilet paper. write "please hold the line..." on the first paper. then, if it is almost through, tape the first to the last paper..."

Not bad, although I prefer to use a ribbon made of BLACK paper. As long as I am going to annoy the fax spammer, I am going to eat up as much toner/ink as I possibly can along with his paper.

Just a thought.

Shadow

Re:Spam

[L7_]

the free yahoo mail web-client does that same thing, allowing you to block html from messages. Very useful. And only one click away from viewing the full html files (for those Dell small business emails! :)).

Re:Spam

[garymm]

most clients allow you to block html, but this the first i've heard of blocking html only from people not in your address book.

Re:Spam

[AVee]

Give pegasus mail a try. It won't show online images until you request them...

So the numbers is real?

[dizzy_p]

I've always thought everything was bogus.

I'll order the penis enlargement pills right away.

--dpr

Re:So the numbers is real?

[gerddie]

But you already know, what you will get!

Re:So the numbers is real?

[guinsu]

Wow, geek humor must be pretty bad when something as awful as that gets modded to 5. That comic sure make sa good companion to Penny Arcade though.

Phone numbers?

[minghe]

First of all. A spam message with real, working means of contacting the sender? Why din't I ever get that? Only in Russia, I say.

And second, that guy is hereby my god.

Re:Phone numbers?

[Uart]

sorry, Yakov Smirnoff had to take a week off, filling in for him will be Jeff Foxworthy:

"You might be a Soviet Russian if..."

Re:Phone numbers?

What is the point in advertising a language course, putting a phone number in the message for interested people to call, and then put in a fake number?

A spam message that attempts to start a transaction usually includes some way to contact the sender (or at least, the one that wants his product advertised). This is a lead to stop the spam by abusing it.

Re:Phone numbers?

1. That **ing American English Center send out its REAL phone numbers. It's Runet's curse for months now - all civilized attempts to get them down failed. They change mails everyday writing something like 'Tsent rAmerican sko goAngliy skogo' instead of 'Tsentr Americanskogo Angliyskogo' or 'Amer icanEngli shCen ter' to get the filters fooled.

Still I don't expect broken windows, masked armed men in their office and Militia (our local police) officers showing them a prescription to 'clean out' from there... It is a dream of almost everybody here, but it is not going real any day.

And their management which is 'very far, too far from here to get phone calls' - these people seem to be just insane i-net villains, striving not for business, but to 'show these Russian swines' who is the king of the hill around.

2. Read the article more accurately: even Andrey Korotkov had to confirm: that resounding measure didn't bring much good. God or not, but the problem remains.

Re:Phone numbers?

[minghe]

Not quite so. Many of those spams I get that are trying to con me of my hard earned cash don't provide more than a web page link or an nondescript reply to adress. This is probably to avoid all those ppl that would flood them with return spam and generally angry replies. It often takes a few clicks to get down to the actual real contact info.

Re:Phone numbers?

What is the point in advertising a language course, putting a phone number in the message for interested people to call, and then put in a fake number?

Misdirection. Underhandedness. Miscrosoft could send out porn spam and put Mozilla's phone number in it.

Re:Phone numbers?

[AndroidCat]

Miscrosoft could send out porn spam and put Mozilla's phone number

So by getting a huge number of people angry enough to call (or wanting to buy) this would be an .. MS-DDOS .. ?

Re:Phone numbers?

[flink]

Actually, when the Bolsheviks took over they pretty much disbanded soviets and institued state-run industry. It should have really been called Stalinist Russia or something.

Re:Phone numbers?

[arivanov]

get the filters fooled.

So filter on their fscking phone number for chirst sake.

Pon'al?

Re:Phone numbers?

[klk206]

His move was to give people a chance.

I had several continuous mailers who were not malicious spammers. I just called them and was removed from the lists. Presuming all spammers as non-malicious would be a good foundation for establishing an anti-SPAM law. Then those not listening your requests would face much more severe consequences rather that voice-bombing their answering machines.

% dd if=/dev/random | mail sco.com

Re:Phone numbers?

[Lobsang]

First of all. A spam message with real, working means of contacting the sender? Why din't I ever get that? Only in Russia, I say.

No! I'm not in Russia and I get lots of those. One day, I made an international call just for the fun of it and yes, it was a real phone belonging to a small company.

Sad, but true.

Wild West - not quite

[Eric+Ass+Raymond]

They could have sent out two 250-pound gorillas called Igor and Radek instead of an audio message.

Re:Wild West - not quite

[trikberg]

Very disappointing really. I was

- praying for "shock and awe".
- hoping for bunker busters.
- expecting at least a few tanks.
- prepared to be slightly dissapointed by a few snipers.

But phone messages? Sheesh. Russia just isn't what it used to be.

Wrong Number?

[Mooncaller]

Just hope the numbers in the email are correct!

BTW, Russia had its wild east. While we had our mountain man era, the Russian had theirs, except they were going in the other direction. The parellels continue untill the turn of the century!

Spammer gave the address

[okigan]

Now the big difference here is that this spam message contained the actual working return address.

Spam messages i get have a bogus return address, so that's not fair to compare. By the way if could find the emails of my spammers they would not be happy either, and telephone lines would have nothing to do with it.

Sometimes?

[poptones]

The "wild west" aspect has long been the source of attraction for me. And not just Russia, but all those former members of the federation. Definitely dangerous, but rife with promise as well.

Just like that other "wild west" once was - before it was planted with the neon of corporations.

Coincidentally, I just finished a commentary on that very topic.

(Notice I didn't say "ironic?")

Russian Rules of the Game

[some1somewhere]

You really, really don't want to get on the wrong side of Big Brother in Russia, China, and many other not-so-free countries.

I'd tell you about the story of what happened to the phone spammer in China that kept pestering a government office, but then I'd have to kill you... or someone'd do me.

So long story short... get the spammers to spam top government officials in Russia, China, N. Korea, and so forth... heck... maybe they'll drop a nuke on the spammers, and solve the problem for good!

Ha, ha.

Re:Russian Rules of the Game

maybe they'll drop a nuke on the spammers, and solve the problem for good!

No nukes please.. medical research needs human subjects too!

Re:Russian Rules of the Game

[vlad30]

Hmmm actually i would have thought that the US dept that controls echelon or carnivor would like to eliminate SPAM to cut down on noise they have to cut through, It could be argued they are helping terrorist, Drug dealers etc by covering these messages with junk

Re:Russian Rules of the Game

Very arrogant putting Russia among the communistic dictator countries it is a democratic country with free elections just as US.

China and N. Korea however are NOT!

Re:Russian Rules of the Game

[Chatterton]

No nukes please.. medical research needs human subjects too!

We can't use them as human subjects, they are not human, just spammers.

Re:Russian Rules of the Game

[AllUsernamesAreGone]

I thought everyone knew Echelon runs spamassassin..

Re:Russian Rules of the Game

Very arrogant putting Russia among the communistic dictator countries it is a democratic country with free elections just as US.

Very arrogant to put the US among democratic and free countries such as Russia.

Re:Russian Rules of the Game

[AndroidCat]

Nukes are too messy. (What about the wildlife? Will no one think of the wildlife?) A few good deepsinkholes would be perfect but mainly tend to be in west-central Florida. (Perfect for swallowing Clearwater, Flag base of $cientology.)

Give this a guy a medal

[vlad30]

Now if we can get our enlightened western leaders to do the same or better

Re:Give this a guy a medal

[wza]

Now if we can get our enlightened western leaders to do the same or better

Let's start with the middle-east spammers, while we still have our forces there...

Re:Give this a guy a medal

[BrokenHalo]

What middle-east spammers? I don't recall *ever* having had spam mail from a middle-eastern IP (with the rare exception of Israel).

To date, my stats indicate that 98.3% of the spam I get originates from the US.

Re:Give this a guy a medal

[Wastl]

As Slashdot is among these 0.01%, I'd prefer a whitelist.:-)

Sebastian

Re:Give this a guy a medal

[Anonym1ty]

Don't most Middle Eastern countries cut off your

Uplink for spamming?

Spam must contain a real contact method

[jurasource]

Otherwise it would be totally useless right?

Sure the from address is generally bogus, to skip past the basic anti spam methods out there, but something in the email must contain a valid phone number, web site, or address, otherwise how would the spammers make any money (and I suppose they must as they don't do it just to piss everyone off)

Re:Spam must contain a real contact method

[BiggerIsBetter]

Yes and no. Spam almost never contains valid automatible contact information for the Spammer, but the Advertiser absolutely has to have some way of being contacted. It's hard work chasing spammers, so there's my usual anti-spam technique - piss off as many "Spammer Customers" as I can. I appear to have been removed from spam lists several times just for hassling a few CEOs...

Re:Spam must contain a real contact method

[iapetus]

Of course, if I were a spammer, I wouldn't remove you from the list. I'd just move your contact details to the Reply-To: header. :)

Re:Spam must contain a real contact method

[BenjyD]

The contact info is often only a website hosted in somewhere like Vanatu with "Give us your credit card number and we'll send you Viagra, honest. No really, trust us." I don't like thinking about just how stupid someone would have to be to buy stuff from spam.

Re:Spam must contain a real contact method

[thogard]

No. Sometimes the spam has other reasons that aren't so clear. In fact I was just discussing this with someone from a bank's cc security department.

Recently there has been a number of spams with a twist on the getting asked to dial 90#. So why is there spam tring to convince people that an get an old trick to be considered to an urban ledgend? Its odd that someone is spending so much effort to get that message out.

In the past spam has been used to attempt to drive up stock prices and hurt other compaines reputations. Neither of those need real contact info.

Re:Spam must contain a real contact method

[LiquidCoooled]

In the past spam has been used to attempt to drive up stock prices and hurt other compaines reputations.

SCO are currently doing a damn good job of that right now.

Re:Spam must contain a real contact method

[fdiskne1]

Okay, so every spam needs to have a point. I'll buy that. But then what about this? I review subject lines of blocked spam to be sure no obviously legitimate email gets blocked. I really didn't think this one was legitimate, I just thought the subject line was funny, so I had to read the rest:

Subject:Dimensional Warp Generator Needed hqz ogrvr ertph

Hello,

I'm a time traveler stuck here in 2003. Since nobody here seems to be able to get me what I need (safely here to me), I will have to build a simple time travel circut to get where I need myself. I am going to need an easy to follow picture diagram for a simple time travel circut, which can be built out of (readily available) parts here in 2003. Please email me any schematics you have. I will pay good money for anything you send me I can use Or if you have the rechargeable AMD dimensional warp generator wrist watch unit available, and are 100% certain you have a (secure) means of delivering it to me please also reply. Send a separate email to me at: info@federalfundingprogram.com

Do not reply back directly to this email as it will only be bounced back to you.

Thank You

filler
x ogg jybofovzfbkzanvr ckn depd hsge
nnj sxey
ookft ac

hmmm...Tempted to start sending spam myself, if I can get such things by doing it.

Re:Spam must contain a real contact method

[AndroidCat]

Yeah, but they get Slashdot to do their spamming for them. :^P

Re:Spam must contain a real contact method

[SirLanse]

Yes, set up a screen saver to DDOS the spammer's clients. When thier web servers and phones crash, they will stop paying for spam.

Re:Spam must contain a real contact method

[cookd]

Only if the point is to sell the advertised product. Not all spam need be so direct.

For example: CALL 1-800-SOMEBODY-THE-SPAMMER-HATES AND WE WILL GIVE YOU FREE MONEY!!!!!!!!!!

So people start calling some random business's 1-800 number demanding their free money or complaining about the spam. Phone bill goes through the roof, legit calls get DOS'ed, and the spammer might actually be able to put some small company out of business.

I'm sure the more creative among you could come up with even more fun scenarios than this. But let's not give anybody any ideas, eh?

Re:Spam must contain a real contact method

[Koatdus]

I get this one at least once every two months. I haven't figured out if he is a nut or he is looking for exploitable nuts.

Re:Spam must contain a real contact method

[m4ximusprim3]

Otherwise it would be totally useless right?

:)

Go on, say it

[darnok]

OK, I will

Phone rings: "Let this be a warning to you: in Soviet Russia, spam *recipient* drives you crazy"

Hang up

Phone rings...

Beware the Joe-Job

[The+Famous+Brett+Wat]

Turnabout is fair-play. I used to make a point of phoning one of the local well-known-spammers when feeling particularly irate about him (usually just after getting spammed about the same old same-old again). Haven't heard from him in a while, though. In any case, I want to emphasise that you should be careful when you retaliate. There is such a thing as a Joe-Job (named after joes.com) in which a malicious third party sends out a metric buttload of spam claiming to be from you, and advertising your website, just in an attempt to cause shit for you. This relies, in part, on third parties taking retaliatory action. My own website has been the subject of numerous Joe-Jobs this year, strangely enough. So make sure you aren't hitting back at an innocent bystander.

Oh, and in Soviet Russia, the punchline inserts you. Sorry, but it had to be said.

Re:Beware the Joe-Job

[afidel]

Sounds like on of my pranks from the BBS days, when someone would piss me off I would post an ad for a hot car at an unbelievable price on all the local BBS's and put down their phone number and contact hours of like 1am-4am, then I would go to the stores that had index card ad boards and do the same =)

Re:Beware the Joe-Job

[Sycraft-fu]

HArder to do to a member of government, espicaly one from Rusia. Any time you deal with a large govenment you deal with latge resources adn the law on your side. In Russia, you also deal with the fact that civil rights is an issue as yet to be seriously discussed. If the spammer choses to retaliate, they could find themselves on the recieving end of some policemen that figure it is ok to beat the fuck out of a suspect.

Re:Beware the Joe-Job

[Pig+Hogger]

If the spammer choses to retaliate, they could find themselves on the recieving end of some policemen that figure it is ok to beat the fuck out of a suspect.

IN SOVIET RUSSIA...

suspects fuck the shit out of the beat.

Re:Beware the Joe-Job

[TheMidget]

HArder to do to a member of government, espicaly one from Rusia. Any time you deal with a large govenment you deal with latge resources adn the law on your side.

Not if the spammer is an American.

Re:Beware the Joe-Job

[budgenator]

Imagine a UN WMD inspection team desending on your warehouse full of penise enlargement pills looking for chemical weapon materials being smuggled!

I'm also sure there is a law somewhere pertaining to persons interfering with government operations in the US and very probably it doesn't define gov ops as USG only so it likely that it applies to interfering with foriegn governments as well because the several states are foriegn governments too.

Re:Beware the Joe-Job

[stoops]

i think what you were trying to say is...

IN SOVIET RUSSIA...

suspects fuck the beat out of the policemen.

The Group Against Harmful Programs

[mccalli]

Now this I like the sound of. From the article:
"With the brainstorming help of the Group Against Harmful Programs...".

The Group Against Harmful Programs. Wonderful. Sort of like the Fantastic Four, or the X-Men. Sounds like the sort of thing Tron would belong to. "That's Tron, he fights for the users under the banner of the Group Against Harmful Programs"...

Cheers,
Ian

Re:The Group Against Harmful Programs

[torpor]

I guess "Microsoft Haters Society" would be better?

Re:The Group Against Harmful Programs

[H.G.+Pennypacker]

I wonder if they also bio-engineer real viruses to retaliate against virus writers?

Re:The Group Against Harmful Programs

[gclef]

So, what, they don't use GOTO?

reminds me of the old days of prank calls

[FrozenDownload]

wow he sorta took it a bit far with that many calls in a morning, i say he should have at least been considerate and spread it out through the day, That way he could get much more satisfaction from it.
Although i can pretend to be saddened by the fact that people strike back at spammers in such ways... I'm really not.

IN SOVIET RUSSIA

[Jucius+Maximus]

... victims spam YOU!

Please let me be the first one to have said that ...

Entertaining, yes.

[aerojad]

It really is too bad that there continues to be no legal recourse to fight spam though. An arms race of annoyance between spammers and spam-ees probably wouldn't be the best solution though, but something does have to be done eventually. It would be nice to go back to having one e-mail address instead of various "spam" addresses and then my personal e-mail... which of course still gets spam.

Re:Entertaining, yes.

[johannesg]

It is true there is no legal recourse *yet*, but we now know beyond doubt that a highly placed russian government official is aware of the problem. This raises the hope that a law against spam could be in the works too.

Of course, being the russian government, they do have other options, like sending in the special forces for example. It wouldn't have to cost them anything - spammers are not likely to fight back, and I'm sure people would pay to see footage of a swarm of Hinds obliterating a spammers hideout ;-)

Poor man

Doesn't the Deputy Communications Minister of Russia have a secretary?

China?

[Jucius+Maximus]

"..an audio message to be volleyed nonstop to the telephone numbers listed in the... [email] spam messages.' "

Wasn't there an article some months ago about something simimlar happenning in china? 'Entrepreneurs' would illegally put up advertisements (i.e. posters) all over the place where you have to phone a number to get the product. (Typically these would be mobile phone numbers that were prepaid so there was no name on the account.)

The law enformenet officials would leave an endless loop of messages on tht moble's answering machine that they must turn themselves in and such. I doubt that they actually expected anyone to turn themselves in, but it made all those posters with the number on them useless and thus discouraged putting them up in the first place.

I wonder if this russian fellow was inspired by that action.

Re:China?

[wisdom_brewing]

im not sure about china but im sure it must be similar... in russia it is required for you to carry around ID at all times, as in your national passport, not your international one. most communist countries follow this system, and even to get a prepaid phone you must present your passport of which they take a quick photocopy... i guess fakes are easy enough to obtain and probably a worthwhile risk for an entrepreneur, as such

Re:China?

[dazed-n-confused]

I wonder if this russian fellow was inspired by that action.

I doubt it -- if you RTFA you'll see the minister trusted a spammer to remove him from their list -- not the act of a well-informed individual.

Wild West... Russia?

[Gurezaemon]

From here in Japan, heading west, we run into the USA, most of which appears pretty wild.
Of course, Bush is only adding to that impression...

Re:Wild West... Russia?

[gerddie]

From here in Japan, heading west, we run into the USA.
Certainly, only you have to cross Russia, Europe, and the Atlantic Ocean.

--
If your way the compass can not keep
three pearls of wisdom to thee do I give.

Logarithms suck

[lovebyte]

From the article:
Spammers have ways to get around anti-spam filters, he said, but it's possible to collect patterns from their e-mails and block certain logarithms.

What's the point? They will use polynoms! Oh.. I guess they meant algorithms.

Re:Logarithms suck

[frane]

I find log base 2 particularly offensive.

The biggest cost to them is toll free fax

[FredThompson]

At one time I had a small software company. We outsourced all the phone and fax messages since we didn't have people to work 24/7/365.

One of the things I learned is an incoming toll-free fax cost me a lot more than a voice call because a single page fax was completed very quickly and the charge was per call/per page.

So...if you're getting hit with crap like junk faxes, fax it back to them on their toll-free fax number about 30 times.

It took about a month of this but I don't get lots of junk fax anymore, except for the a**holes that block caller ID and don't list a number to get off their list.

Another fun trick was to use a standard fax machine with a continuous loop of paper. Let that baby run for about 10-15 minutes and you'll create a lot of clutter on the receiver's end.

Re:The biggest cost to them is toll free fax

[dspisak]

If you have 800 number service for any phone number when you get your bill from the telco it will list all of the phone numbers of the people who called your 800 number, even people with Caller ID blocked as the phone company *must* tell you the phone number of everyone using your 800 number services.

Pretty neat, eh?

Re:The biggest cost to them is toll free fax

[psavo]

Another fun trick was to use a standard fax machine with a continuous loop of paper. Let that baby run for about 10-15 minutes and you'll create a lot of clutter on the receiver's end.

Like somebody is still using paper faxes.

Re:The biggest cost to them is toll free fax

[Kosi]

Another fun trick was to use a standard fax machine with a continuous loop of paper.

A roll of toilet paper also suits well for the purpose of annoying somebody quite well.

Re:The biggest cost to them is toll free fax

[farnsaw]

> Another fun trick was to use a standard fax machine with a continuous loop of paper.

Be sure to use black construction paper. If they are using paper fax, the ink/toner will cost much more than the paper very quickly.

Better yet, use a computer and a fax modem.

To be truly cruel, scan a real document (wait for it) and then use Photoshop or some other software to smear the bottom half of the page. Then fax them this. It will make them think something is wrong with their fax machine, especially if you can send it from several different fax machines. (just change the info on your software and dialout from different phone lines). Then report that their machine is broken and watch them panic.

At one point I had too much time on my hands and a hate of Faxed Spam....

Re:The biggest cost to them is toll free fax

[stiggle]

Can't you set the line to not allow incoming calls which don't have Caller ID set?

Its usually an option on most lines these days.

Re:The biggest cost to them is toll free fax

[dickens]

Outfits like gosolo.com will give you a toll-free voicemail/fax number for cheap. You download your faxes as TIF files. It sends you an email when you have new messages.

Re:The biggest cost to them is toll free fax

[legojenn]

Toll free faxes are great. What I usually do is print a sheet of 50% grey with white text asking to be removed. I sometimes send it a few times if the fax spammer sends me multiple advert. Often an ad will come in 5-10 times as spammers just troll the federal government directory.

I figure if we overwhelm their means of getting contacted, they will nned to find another way to sell their "cheap" flights, useless courses and "affordable" toner cartridges.

Re:The biggest cost to them is toll free fax

[Skynyrd]

[quote]Another fun trick was to use a standard fax machine with a continuous loop of paper. Let that baby run for about 10-15 minutes and you'll create a lot of clutter on the receiver's end.[/quote]

Make sure to use black paper.
If it's thermal, it'll burn the head. If it's ink or toner, it'll use lots of it.

Re:The biggest cost to them is toll free fax

[spike2131]

I like the continuous loop idea. Another way to hose them is to repeatedly fax over a page of black construction paper. It's is a great way to make them use up all their ink.

Re:The biggest cost to them is toll free fax

[Mryll]

Fortresses aren't much of a useful ANI. :)

Well...

[morbuz]

Now I know who to forward my spam-mails to.

More money for the spammer ???

[AWxSlashdot]

Am I the only one to think about the spammer getting payed for those very expensive phone services ???

Re:More money for the spammer ???

I wouldn't like to be the Russian Deputy Communications Minister when his mom sees the phone bill.

Gulag Archipelago

[AtariAmarok]

If there ever was a group of people that should be sent to the Gulag, it's spammers.

Make $$$ fast

A smart spammer would be using 0900 numbers... Make

• me

money fast!!! Just call 0900-555-555 (calls cost $9.99 per minute, children/ministers please ask your parents/president first)

Stupid and Childish

[iion_tichy]

Very unlikely that the email-addresses are correct, so some innocent bystanders probably have to suffer now.

Re:Stupid and Childish

[ColdGrits]

Can you explain just how some innocent bystanders woudl suffer if the EMAIL address is wring, given that nobody replied to any EMAIL address?

Hint - RTFA. He TELEPHONED their number, he didn't email them.

Re:Stupid and Childish

[Rogerborg]

How do you telephone an email address? Well at least we know who's dumb enough to actually buy things from spam, assuming that you can figure out what the ringing thing on your desk is.

Top 6 Russian Spams

[AtariAmarok]

6. Ukrainian farm girls and animals. free web membership

5. Enlarge your putin today!

4. If you order today, you get a free Russian space shuttle

3. Free Vacation in Chechnya, Enlist today!

2. Out of work Russian comedian, will work for food. E-mail yakov@smirnov.com

1. Meet beautiful American wives!

Re:Top 6 Russian Spams

[BigBadBri]

You missed:

7. New supply of potatoes just in. Apply online now for your priority order!

liquidated the problem

[VanillaCoke420]

At the American Language Center, office manager Natalya Petrova [...] put it: "We liquidated the problem."

Did they shut down their own business?

This is a Public Service Announcement

[tankdilla]

For those of you new to Slashdot and fellow veteran Slashdotters, this is a PSA. As we all know there are many running jokes around here, i.e. the CowboyNeal option, 1. stupid action 2. ??? 3. Profit, beowulf clusters of everything, insensitive clod, and of course the most recently added SCO jokes, as well as many others I'm forgetting. By far, one of the most annoying of the running gags is IN SOVIET RUSSIA! Being that this story is about Russia, be warned that a veritable slew of IN SOVIET RUSSIA jokes follow this post. Any and everyone has come out of the woodworks with bat in hand for the communal beating of a dead horse. So for those with bats, swing away, today is your day. For the rest of us, strap in and enjoy the bumpy ride of redundancy.

Re:This is a Public Service Announcement

[anthonyrcalgary]

That's the only reason I'm reading the comments for this story.

I once tried something similar

[Sara+Chan]

I once tried something similar. I got the telephone number, which turned out to be in Uzbekistan. Then I set up my fax program to repeatedly dial the number, whenever I wasn't using the phone line for the internet. Thus, every time they answered the phone in Uzbekistan, they got a fax machine trying to get through--hence effectively disabling their phone line. And because this was in a different country, they couldn't trace me.

I didn't worry about the cost of the calls, because the people in Uzbekistan soon figured out that the calls were almost all faxes. I reckoned that even if they picked the phone up 10 times a day (to check to see if I'd stopped), it was worth the cost. Calls are only charged when they pick up the phone, right? So I let this go on for over a month.

Then I got my telephone bill. It was in the thousands. It turns out that there are three countries in the world where, if you phone there, you get charged even if no one answers the phone. And Uzbekistan is one of those countries!

I didn't know about that, and I complained to the phone company about the bill. But my case seemed weak because I was, it's fair to say, abusing the phone system. The phone company ended up splitting the bill in half, and I paid the rest.

I don't know if my attempts had any long-term effect on those nice folks in Uzbekistan. But at least I tried.

Re:I once tried something similar

[SirLanse]

That is why they invented free long distance via the internet.

Re:I once tried something similar

Little did you know that the spammer was the Uzbekistan phone company.

Re:I once tried something similar

[Sevn]

:)

This just makes me smile an evil little grin.
Simply awesome. :) I bet the high phone bill
was worth it. At least your telco let you off
the hook for half the bill.

UK Spam

[jbrw]

Two days ago I got a spam from a local (London, UK) company trying to get me to go to their event. It had a 378Kb attachment to it. Thanks.

The kicker was that the disclaimer said it was impossible to unsubscribe, as it was a carefully crafted one-time mailing list. I imagine i'll be on all future carefully crafted one-time mailing lists for them in the future too.

The email was sent with a from line of "[something]@noreply.com" or similar (which breaches their ISPs AUP), and if I was to contact them via their email address listed on their website, by their logic i'd have contacted them, thus allowing them to continue to spam me (since we'd then have an existing relationship).

So - best course of action? The Advertising Standards Authority, whose standards they ahve breached, seems to be a toothless tiger set up by the industry to pay lip-service to the general public (any ruling against an advertiser seems to result in a ruling of "we advised them to contact us in future before undertaking a similar campaign"). I'm not aware of any specific legislation to stop this (although i'd like to know where they got my email address from. Should I unleash the Data Protection Act?).

So, what's the best way to hit back? Complain to the ISP? File an ultimatetly useless complaint to the ASA? What?

Re:UK Spam

[GargoyleTS]

Ummmmm...Sh*t in their mailbox. Preferrably actually physically *take a steaming dump* in the mailbox of their business. Or picket their event for sending unsolicited E-mail. Contact supporters of the new law being considered for the UK and see if they'll join you at the event. Invite the media. Or, show up for the event...and bring every rowdy, unkempt, ill-tempered punk you can find and tell them these guys promised free booze and food... Or burn the place down when everyone's inside for the event. Sure, we'll get a few innocents, but this is WAR! And we're not gonna lose! (I think my second option is best, though I like them all really.)

Re:UK Spam

[MythMoth]

If there's a phone number, then leaflet all of the phone boxes in the Kings Cross area with it advertising their "services"...

D.

Re:UK Spam

[Rogerborg]

Give the ASA a try. They bitchslapped Telewest for me for repeatedly "forgetting" that I'd unsubscribed from their spam. The response was rapid, but they were fairly clueless - I sent full plain text headers, and they got back to me asking what the recipient email address was. D'oh.

Best case, I never get spam from Telewest again. Middle case, they spam me again and I get to find out what the ASA does to repeat offenders. Worst case, I get the spam, the ASA does nothing, but at least I get to piss off them by forwarding the spam. I have a vague hope that swamping the ASA with UK spam might get the problem addressed.

I don't believe that contacting someone to tell them to cease and desist constitutes having a business relationship. I'm sure that J. Random Spammer would assert otherwise, but you do need a record of telling them to get lost. What have you got to lose?

Re:UK Spam

[Sciamachy]

Go to the event and cause havoc by demanding they give you all relevant info under the DPA!

Re:UK Spam

[hawthorne]

All of the above

First, complain to their ISP. State clearly in the complaint that their customer is sending unsolicited email, and have not had your permission to mail them. If they are advertising a website hosted by a different ISP then complain to that ISP too.

According to the DPA, they need to have obtained your consent in order to process your data - ask the ISP if they can obtain that proof for you.

Second, post a copy to news.admin.net-abuse.sightings so evidence of their spammishness will be archived for all time.

Thirdly, complain to the information commissioner's office (DPA head)

Incidentally, if their ISP (or indeed the spammer) responds with something like 'you have been unsubscribed' then that means that your original complaint has been passed to the spammer - and that is where the information commissioner's office is likely to get very interested as they are passing your details between businesses with no permission to do so - so complain again about that!

Re:UK Spam

[jbrw]

Last paragraph is very interesting. Thanks for that.

(And, gee, my original message was a complete mess, wasn't it? I'm normally a little more easy to comprehend than that...)

Re:UK Spam

[Dawgg]

Get mail washer. Clean up the spam before you download it. Can automatically bounce the spam... and its free: http://www.mailwasher.net/ I had ceased using my popmail acct, but now I can view the stuff and bounce it before downloading it...

Don't spam the people in power....

[dspisak]

for they find annoying people & problems crunchy and rather tasty.

In Soviet Russia, spam spams you back!

Re:Don't spam the people in power....

[TheRaven64]

In Soviet Russia, spam spams you back!

No, I think you'll find this happened in capitalis Russia. In Soviet Russia the spammer would have been invited by some nice men from the KGB to go and play with their thumb screws, then sent on an all expenses paid holiday to Siberia. Don't you miss the good old days?

What a dumb idea.

[TwistedSpring]

The first law of SPAM is that if you don't want to receive even more of it, don't open or respond to it.

Re:What a dumb idea.

[swordgeek]

Sure sure, we all know this.

But I've been thinking--what if every single spam that was sent got replied to by someone saying, 'piss off you,' and then their site visited by every person who received the 'invitation' to it? If it happened all at once, the internet would be FLOODED with mail, all of it going to either spammers, or (more likely) hapless drop-boxes on yahoo, etc. Web sites would crumble under the load--the internet would stagger for a day, and then the companies who suffered would start to get SERIOUS about spam.

Re:What a dumb idea.

[arglesnaf]

I set up my companies mail server to send a rejection response to every message determined to be spam just in case the mail is legitimate. I send 20K-50K bounces a day, sometimes 10K to one spammer, and it really makes no difference.

Re:What a dumb idea.

[schon]

Please provide evidence that replying to spam actually puts you on a high value list.

RTFA. Anecdotal, but still evidence.

Please provide evidence that replying to spam WON'T get you added to spam lists.

Try it - create a new email address (say a bunch of random characters, @ your ISP's domain), then submit it to a 'remove me' list, and watch how much spam it gets. It really does work.

Re:What a dumb idea.

[Rogerborg]

No evidence then? Didn't think so. I accept that proactively touching a remove me list would usually get you added to it, but we're talking about replying to spam that's already arrived and making it worse. I don't see how you could make it worse. If you actually have evidence of this, please share it.

At last

[fatquack]

a minister who reads his email. If more politicians read their own email (and not a hapless assistant) the problem of spam would be evident to them and antispam legislation would be nearer.
And yes, I know legislation is not the sole solution, but legislation plus technical solutions is the best bet in my opinion.

make this a top 10

[mirko]

10. edible university diplomas

9. free anti-anti-spam software

8. Get a green (as in siberia) card now

7. Herbal alternative to Beef

Re:make this a top 10

[mirko]

You'd be less pricky if you toldme where the damn errors are. :)
At least you got a point by leaving out your anonymity.

Re:make this a top 10

[mirko]

celui qui m'a collé un "appat a flamme" est une têtede con.

overrated is okay, as long as it is not given to a "coward".

BTW, why isn't there the possibility to post at "0" ?

Re:make this a top 10

[mirko]

Excuse me Mr Asshole, maybe you should consider my effort, as a non-native speaker, to communicate with you in the language you're so proud to know : I indeed have not asked you to intervene in this thread so, fuck off, fatty : you are the one with the shitbag-ego.

en français ça donne : tu es un trou du cul, je t'emmerde, connard.

auf Deutsch : Du bist ein Arschloch, du riechst wie ein Schiessdreck.

Na Hrvatsko : Ti si gouzitsa, jebempti mater.

Re:make this a top 10

[mirko]

Hey, you already spent your 2 daily msgs ?
instead of posting here (which actually kinda entertain me), why don't you furiously yank over your pictures of Keira, as usual ?

SCO legal department?

[smoon]

So can we point this guy to the SCO legal department? Get them boys in Lindon Utah hoppin'. Ideally get some home and cell numbers...

"Hello?"
"Theese ees caal frrom Russia. tsk tsk tsk... [click]" :)

Do spammers use spam protection?

[Black+Noise]

... to protect them from themselves?

Enroll..

[Svante.1]

How about enroll 200 000 persons to there event?

If you can get the numbers correct they don't know who is comming and not. :) So they probebly have to send out the mail agen or phone everybody...

Case closed.

Since when is sci-fi defined by films?

[SubliminalLove]

In Soviet Russia, the dead horse beats you.

Re:Since when is sci-fi defined by films?

[JordanArendt]

1. Get bat
2. Beat dead horse
3. Profit!!!!!!

Re:Since when is sci-fi defined by films?

[Anonym1ty]

In Soviet Russia, spam sends you ---- Does that mean the vaction packages are real there?

In Soviet Russia

[Rogerborg]

Just shut the fuck up, already. It wasn't funny six months ago, it's not funny now.

In Soviet Russia...

[poptones]

we already ate the horse - and we don't HAVE bats, you insensitive clod!

useful

Does anyone have his email address? I need to send him a few mails with the phonenumber of my ex.

Re:useful

[Kosi]

Posting it here should do as well. Would that be the first /.ted phoneline, then?

And the result?

[permaculture]

Interesting story, but it ends with the minister admitting the retaliation was ineffective on this occasion. If the advertisers are to be pursuaded not to spam, we need more people willing to bring it to their attention.

If their phones were blocked *every day*, they might have to stop spamming.

Re:And the result?

[Advocadus+Diaboli]

If their phones were blocked *every day*, they might have to stop spamming.

No, the will change business and make a fortune from selling phone lines to antispam fighters.

The lines are jammed...

[m1kesm1th]

"..an audio message to be volleyed nonstop to the telephone numbers listed in the... [email] spam messages.' "

Lets hope they weren't premium rate numbers. If so, I doubt they'd be bothered about their lines being perpetually busy.

"hey, lets get some new lines in and spam those russian nerds again"

This is why we need Minister of Communication

[Vitus+Wagner]

Chances of Korotkov's campaign to succeed are based on two things.

1. He, as Deputy minister of communications, has some more influence on telco companies than damned ALC. He might tell couple of words to phone operators (typically Ministry of Communication has a lot of ways to make life of phone company harder, when it comes to renew the license and such) to charge a right side of phone line, ignore abuse complaints and so on.
   
2. Technically phone poll is carried out by Russia On-Line second biggest dial-up ISP in Moscow. It doesn't matter how many multichannels phone lines would ALC buy. A fraction of ROL's modem pool assigned to the task would orders of magnitude bigger anyway.
   

And I think that ways how big ISP are charged for phone usage are much different from ordinary customers anyway.

Now before everybody goes doing this...

[Pflipp]

...remember that there are some (lots of) spams out there that make money on the price-per-minute of the phone line you're trying to flood!

Vanishing point.

[The+Creator]

If you design a retaliation plan that just cansels out the benefits of spam. Then joe-job'ing someone whould also have no effect(since the "fake" spam benefits them the same amount as it hurts them). Now both "fake" and "sincere" spam is both useless.

The difficult part is designing the perfectly balanced retaliation sceme.

block certain logarithms?

[Majin+Bubu]

Look at the end of the article:

Spammers have ways to get around anti-spam filters, he said, but it's possible to collect patterns from their e-mails and block certain logarithms.

Logarithms instead of algorithms... Makes you wonder if the author knows what he is talking about!

National Anti-Spam List?

You would think that a national anti-spam list could be enacted, with all the penalties and guards that are on mass-market calling. Why is it that telephone communications are more well-guarded than e-mail communications? If you ask a company to put you on their do-not-call list, and they call you, they can be sued by you for substantial amounts of money. Why is this not the same for spam?

Chumley the Happy Walrus, anonymously lazy coward

Re:National Anti-Spam List?

[aerojad]

It would be much harder to do that for spam, because it would not be national. The do-not-call list is a national registry protecting people in the U.S. Spam comes from anywhere and everywhere. A do-not-spam list would go as far as to prevent U.S.-based spam, but because a signifigant amount of spam comes from Asia, it would only cause a minor dent, and not a dam to the flow.

Re:National Anti-Spam List?

[anthony_dipierro]

Why do I need mail from Asia? I'd just block all Asian email.

Re:National Anti-Spam List?

[MCZapf]

None of the SPAM I get comes from Asia. Is it just me?

Re:National Anti-Spam List?

[aerojad]

Sure, *you* can block whatever you want, but to do something on any larger of a scale wouldn't work (say for your network admins, etc) because legit mail does come from there as well.

Re:National Anti-Spam List?

[anthony_dipierro]

Why should I give a shit about my network admins?

To Sum This All Up

[Bruha]

Ring Ring!

Oh A customer!
(picks up phone)

Ni!

Hit them in the pocket.

[aaaurgh]

I recently got on the mailing list of a surf company in Sydney, I've no idea how since I'm in Perth and can't surf (Ex-pom).

I started receiving almost weekly newsletters and updates and, despite numerous phone calls and e-mails with the usual promises to comply, I just couldn't get off the list... then they sent the 2.5 Mb Word document, you know the type!

I e-mailed back and told them that they'd filled up my e-mail account and caused me to miss some important e-mails, plus cost me time and money due to the download costs. I advised them that, as they were now affecting my business, I'd be invoicing them $25+GST administration fee for each and every e-mail I received from then on and that if they didn't pay, I'd hand the account to a debt collection agency - one that takes a cut of the recovery value.

I cautioned them that it would not concern me if I received nothing from the agency but that such action could affect their credit rating. What a surprise(!), I've received nothing since.

If you can justify charging a fee to the spammer for administration or storage or anything like that, sufficient to stand up reasonably in a small claims court, then you should threaten to invoice the spammer and use a debt collection agency - it just might work for you too.

Re:Hit them in the pocket.

[aaaurgh]

Aw bugger! I use a boogie board, is that good enough?

FWIW I was cheering for the Aussies from the day I came back from Oz the first time and sent off for the migration doco. Let's face it, who'd cheer the English cricket team, except the barmy army?

Yeah, I know... flamebait! 8-)

Re:Hit them in the pocket.

[aaaurgh]

You're right, unfortunately. This method really can only work if you can justify a fee and have a clear target in your own country. It helps to have a business involved too in order to be able to invoice the charges more easily.

If you can get to that point, you should be able to find a collection agency that takes it's fee from the claim - if the method works, who cares if you get no money from it at the end if it reduces the spam just a little bit.

At the end of the day it's going to take a lot more effort but it's good for the little guy to get a win now and then.

Re:Hit them in the pocket.

[cosyne]

I was just going to set up an address like I_unconditionally_agree_to_pay_one_dollar_per_byte _sent_to_this_address@domain.tld and then try the usual practice of posting it somewhere on the net with a notice that nothing is to be sent to it. Then anyone with a contact address is fair game.
I doubt this would really hold up in court, but if it did, it might be worth buying the pills just to get a real address or bank account.

Go for the source

[zornorph]

This is the avenue we should be pursuing when trying to stop spam. Instead of trying to stop the spammers themselves, go after the source (advertiser) instead. If enough advertisers are convinced/shamed/etc that spamming is a bad thing, they will go elsewhere to get their message out, and the spammers will magically disappear.

Exploit!

[skinfitz]

...cut to spammers setting up premium rate numbers to put in their SPAM messages in the hope that people will spam them back by calling them all the time.

Wild West

[Wordsmith]

Was there a lot of spam in the wild west?

Spamlent Green?

[AndroidCat]

Whoah! Remember what happened when they served ground-up sheep to cows? We got Mad Cow disease. (And when you feed the cows to humans, you get same thing, different name. Creutzfeldt-Smirnov?) I'm not saying that spammers have some spam prion protein infecting them (or brains to infect), but why take chances?

SETI-style spammer bamming

[G4from128k]

How about an open source software project that creates a piece of software that attacks spammers using a SETI-style approach. Using spare bandwidth and CPU time, the software would repeatedly send requests to the links found in spam.

Repeatedly loading the homepage of some spam-spawning viagra sales site would hurt the viagra sales company. Companies that advertize with spam would find their bandwidth charges skyrocketing and their conversion rates plummetting. The key is to create disincentives for the e-commerce sites that try to flog their products and services using spam. While spammers can be anonymous, the e-commerce sites that use spam to get eyeballs need more permanence. Eventually, these companies would even penalize the 3rd-party spam sending companies for using email lists that generate too many spurious requests or that have low conversion rates (the spammer's pay drops if they send emails that lead to long streams of spurious requests).

Re:SETI-style spammer bamming

[russellamiller]

Great idea! Mod this up!

Re:SETI-style spammer bamming

[suwain_2]

Well, I'm not sure this would work out so well. (And I'm skipping over the fact that this is more or less a Distributed Denial of Service attack...) A lot of clueless companies only care about how many hits they get. They don't care (well, of course they do, but not entirely directly) whether or not you buy anything. They'll see that their newest spam company just got them 500% of the hits the last one did, and they'll pay the spammers extra, and tell all their 'friends' about how good the spammer is. Eventually they'll realize that the percentage of orders-per-hits is going way down, but at least in the short term, they're going to be overjoyed at how many hits they're getting.

Re:SETI-style spammer bamming

[dnoyeb]

Targeted marketing.

It wont take them long to realize they are marketing to people unwiling to buy. Thus they are wasting their time and money. They will then feel negatively about it without even ever knowing what really happened.

Re:SETI-style spammer bamming

[GenetixSW]

The catch here is that if their servers get pummeled offline every time they boot back up, it might also occur to them that they rather dislike being unable to market and/or sell their products. They'll also (hopefully) get complaints from their ISP if traffic on the network gets bogged down. So, realistically, I doubt they'd be too impressed by 500 million hits if those hits tear their server to shreds. =)

Re:SETI-style spammer bamming

[zx75]

There is only one real problem with that... It is called Denial-of-Service attack.

The problem with spam is that it is in a grey area of the law, no one likes it, but its not exactly illegal. However, such a concerted effort to melt a webserver is actually a crime. .nosig

Re:SETI-style spammer bamming

[mangu]

However, such a concerted effort to melt a webserver is actually a crime.

Why is that? If the spammer sends you a link to his site, it means that he wants you to see his site, right? Why would it be illegal to click in a link someone sent to you? Even if you click a million times, there isn't any legal limit on how many times you can access a site, is there?

Re:SETI-style spammer bamming

[theskipper]

A few months ago I was ready to open up a project based on a variation of this method but decided not to. The reason was simply that there didn't seem to be a bulletproof way for the action to *not* be interpreted as an attack from the legal/moral perspective. Yeah, in most cases the vendors are only slightly less scummier than the spammers but an acceptable solution would need to take the high road to be used widely enough.

In any case, here's the thought process I (and probably lots of others) have gone through so maybe others could clean it up and iron out the wrinkles.

It seems that one could make the method acceptible by framing the app as a way to increase traffic to the target sites. i.e. an app+site that's sole purpose is drive traffic to the vendors under the guise of a push directory for lack of a better term.

Outline mode:

- Application is a standalone executable with an embedded browser which downloads a number of "Sites of the Day" from (let's say) www.iluvspam.com.

- The "Sites of the Day" are the freshest sites gleaned from an inbox and *provably* spammed. All headers are saved and dropped emails documented. Or maybe couple it with a voting scheme for "most valuable products" at the iluvspam site. Obviously, there's lots of ironing need here to meet the high road philosophy.

- If you're really interested in making your penis larger and don't want to miss out on any late breaking penis enlargement breakthroughs, set default reload (with nocache of course) for every 30 seconds. This seems fair because if a stunning breakthrough is posted then its likely that they'd sell out of it that quickly.

- Or to be really sure that you're catching the latest breakthroughs for all of the fantastic products being offered by spam, the app auto scrolls through the list of sites and reload each.

- The application shouldn't be run as a transparent background service. Remember, its purpose is to serve as a useful tool for users to become aware of important products by reaching the sites. Otherwise it is simply a program the eats bandwidth with no other plausible purpose. So the purposes is no different than searching Yahoo and clicking on the URLs to those sites. Of course the value added feature is that it's better because it goes a step farther by reloading them so you always get fresh information on the products being offered.

- Allow disabling of the (default) auto reload setting. There might be some vendors who would complain about getting so much interest in their product so it's only fair to offer a way to disable reloading their site.

- The Sites of the day could be set for daily download. The link provided would need to be scrubbed to a raw url.

There are a number of other considerations and all of this is just a "cute" way of justifying a (insert more appropriate term than DOS here) attack. But what kept my interest in this scheme is that it could be rationalized and all it would take is 100k slashdotters running it to bring a majority of spam product sites to a halt.

Not to mention that the code would be simple and transparent; a few lines of cross platform code that could be trusted since it it's open source.

Of course the problem is that www.iluvspam.com would most likely be DOSed by some script kiddies hired by the larger spammers. Also, the maintainer of the iluvspam server will be the target of any legal mortars lobbed at them. Getting around that problem is left as an exercise for the reader :)

Re:SETI-style spammer bamming

[BigBadBri]

I can see the defence lawyer now -

Your Honour, my client was so excited by the prospect of increased penis girth that he inadvertently leant on his 'F5' key while reading the plaintiff's web page.

Re:SETI-style spammer bamming

[Jaeger-]

How about you build in a p2p network that communicates the "Sites of the Day" rather than depending on a single webserver somewhere?

As we all know, destroying a network (kazaa) is much harder than taking down a single server (napster).

Re:SETI-style spammer bamming

[Jaeger-]

And source code for p2p is available from a number of open source software projects, so adding in the p2p network would be relatively trivial.

Re:SETI-style spammer bamming

[anthonyrcalgary]

I love this. How many thousand requests can a spammer website take in a 5 second period?

Re:SETI-style spammer bamming

[anthonyrcalgary]

How is it different from what Slashdot does daily?

Turnaround is fair play: SQL injection

[TheMidget]

Another method of turnaround: Sql injection!

It's crazy how many spam websites are running on IIS with .asp scripts (or even better: .aspx!) as a frontend, and Microsoft Sequel Server as a backend .

Just type a spare single quote into the "remove me from your list" box, and watch as parts of the SQL query are displayed. Experiment a bit, and transform this into a query that clears the entire subscribers list, or that changes their spam messages to something funny, or that keeps the subscriber list but replaces all e-mail addresses by their own whois contact (or better: their upstream provider's whois..), etc.

For starters, the following string often removes the entire list when entered into the remove me box:

' or '' = '

(that's two single quotes between the or and the = sign).

If the site has an "affiliate program" (look around a bit...), the same string entered as a user name into the affiliate programme's login box might let you in, with a little bit of luck. If not, try the following instead (again, there are only single quotes in the string, no double quotes):

' or ''='' or ''='

If it still doesn't help, try to repeat the same string in the password box.

If still not ok, you may need to use a union statement:

x' union all select top 1 null,null,null from sysobjects;--

Start with one null, and keep adding more until the "parameter number mismatch" error disappears. Patience may be needed, certain login scripts require more than 40 nulls! Then start replacing the nulls with your desired password string, and attempt to find a combination which doesn't give you a type mismatch error.

Example:

x' union all select 'zozo', null, 'zozo', null

Then enter zozo into the password box. With a little bit of luck, this method may let you in.

Once you're in, you've access to the affiliate's (i.e., the spammer's) account:

• home address: always nice for a baseball bat expedition, or to pull an Alan Ralsky on the spammer.
• phone number: on your way to work, give your friend a call! One from each phone booth that you encounter! Write the number on bathroom stalls! Post it to slashdot!
• bank account number: well, just change it to your own!
• website URL: change it to you know what
• social security number: post it to as much places as you can
• ...

The benefit of such actions is twofold: not only does it teach the spammer not to spam, but it also tells him that Windows (and especially aspx + Sequel Sewer) is not a very secure technology.

Have fun!

Re:Turnaround is fair play: SQL injection

[Kalak]

An Insightful goatse - I'm impressed. It didn't really offend me in this context. I even expected it coming in the cotext you set up, and I'd love to add a "funny" on it for the punchline. Nice website defacement idea.

Too bad screwing with their database technically illegal, since the database is an "asset" for the company. The injection you propose would hurt their asset. You might be removing addresses that opted in (yeah, right).

I wouldn't try this at home, kids.

Re:Turnaround is fair play: SQL injection

[Koatdus]

Ack!!!!!!!!!! Stop it!!! You got me with the goat picture again!

(excuse me while I go loose my breakfast)

Re:Turnaround is fair play: SQL injection

[TheMidget]

As long as the webmaster has an ounce of brain,

You forgot that we are talking about spammers here. And Windows administrators. Neither of which are known for their smartness.

they have most likely configured their server to automatically replace a single quote (') in a query string with two single quotes (''),

You'd have a case if that was a PHP server. By default, PHP escapes all input (i.e. ' is replaced with \'), which pretty much defeats most of such attacks. However, if there are some places where the web-app expects numbers (such as affiliate id's) it may still be vulnerable (no need to close a quote to slip SQL code into a number).

which will escape it to MSSQL server.

With ASP, the admin has to specifically set up his rig to do this escaping. With PHP, it is the default setting. However, an admin dumb enough to run sequel sewer in the first place would probably not even know about the issue.

Which means no matter how many single quotes you type, you won't be able to doctor the query. Sorry.

Try it out. Just search for aspx news.admin.net-abuse.sightings on google groups and try out the links. Sort by date, or you'll find that most spams are too old and the site already has been closed. Or if you are in the habit of keeping your spam, just search your own collection for .aspx links. You'd be astonished at how many of these the SQL injection works! (I'd say one out of 3). However, for some weird reason, probability of success is much higher for .aspx than it is for .asp (For .asp it indeed takes quite a bit of patience to find anything worthwhile...)

Re:Turnaround is fair play: SQL injection

[JanusFury]

By default, PHP escapes all input (i.e. ' is replaced with \')

Are you sure about that? Because every PHP server I've ever used doesn't escape strings by default, you have to use addslashes().

Re:Turnaround is fair play: SQL injection

[TheMidget]

As far as I remember, it's the magic_quotes_gpc setting in php.ini, and most distributions ship this set to On. However, if the application program does know what it is doing (by using bind variables, or whatever), this magic_quotes_gpc setting may get into the way, and so the admin might have turned it off. Of course, even in that situation, it's better to turn it off locally (in the VirtualHosts clause, for example) just in case there are several apps on the system, some of which who are insecure, and some which are secure.

Re:Turnaround is fair play: SQL injection

[GoneGaryT]

Someone posted this method of goat prevention (after the fact in this case) a while ago - this goes in the mozilla chrome directory and is called userContent.css. Cut along the dotted line:

---Snip---

a[href*="goatse.cx/"]
{
text-decoration: line-through ! important;
color: brown ! important;
}

a[href*="tubgirl.com/"]
{
text-decoration: line-through ! important;
color: brown ! important;
}

a[href*="www.hick.org/goat/"]
{
text-decoration: line-through ! important;
color: brown ! important;
}

---Snip---

thanks to the original poster for this useful brainsaver.

Re:Turnaround is fair play: SQL injection

[Bumbleton]

I know how that feels. Here, I googled some solutions for you.

Re:Turnaround is fair play: SQL injection

[Theaetetus]

+5 interesting, plus some 'underrated' and 'informative'. Very nice troll. You've made my friends list.

-T

Re:Turnaround is fair play: SQL injection

[Tomble]

How odd that in reference to him posting Goatse pictures (and implying the idea of plastering them all over spammer websites), you then make references to "screwing", "injection", and "hurting their asset"... but you don't get modded funny either?

What's Slashdot coming to?

Re:Turnaround is fair play: SQL injection

[PSL]

This is not a problem with Windows/ASP/ASPX/or MSSQL. It's a problem of poor programming and can be done with any language and DB.

Re:Turnaround is fair play: SQL injection

[TheMidget]

This is not a problem with Windows/ASP/ASPX/or MSSQL. It's a problem of poor programming and can be done with any language and DB.

Yes, but think about it a bit. On which platform do you find the most inexperienced programmers? Guess what, on the platform that advertises itself as to be so easy that any baboon can use it...

Moreover, other languages and database engines have safeguards to make these things less easy to happen:

• in its default config PHP escapes the dangerous quote signs with a backslash. Which breaks SQL injection vulnerabilities in most cases.
• Professional databases, such as Oracle, provide "bind variables". These allow you to write ("prepare") SQL statement in which you can leave values undefined (SELECT user_id FROM users WHERE login = %1 AND password = %2). It's only when you use the statement, that you supply the values. No need to piece together SQL statements using awkward string concatenation. And if there is no string concatenation, there is no SQL injection. Moreover, it's more efficient: the database engine has to analyze the statement only once, rather than do it for each data.

A person could really start some trouble

[kmilani2134]

Wondering what would happen if you spammed this Russian politician and placed the number for the White House or some other important number in the body of the spam. I bet George W. would like it if the Russians were spamming his office. :)

Re:A person could really start some trouble

[suwain_2]

The next day, he "discovers" that Russia's buying some nukes from Niger... :)

Re:A person could really start some trouble

[shaldannon]

Given Russia's present economic condition, I think you meant to use the word "selling" :)

Not always

[AndroidCat]

The exception to the rule are pump'n'dump spammers. They push the virtues of some penny stock in hopes that some suckers will buy, pushing up the price. Then when the stock hits a peak, they unload their stock (profit!) and let the suckers take the fall.

For that, they don't need a contact method.

From Russia With Love

[g_goblin]

Biatch!!! Is what I would have put in the audio

Re:LOL That's got to hurt.

[Library+Spoff]

to quote other /.'ers...

you're new round here aren't you?

it's the goatse picture people....

Cowboy Baby

[mr_luc]

The turn of the century SUCKED.

It marked the death of the frontier. (I know, blah blah Indians were there first, but the population density was never that great and there were always massive sections of uninhabited land). The remaining frontiers are largely closed to the ordinary man, and are unlikely to ever be truly opened again to the point where you can just go somewhere, stake off a chunk of land, and just LIVE there, and have it be LEGAL.

I know, I know. Progress. We live 1.6 times as long, that's a good thing. Diseases can be treated better.

But, still . . . the death of the frontier marked the inability for a man to be physically independent. Now our lives are played out within the boundaries of 'The System', while our freedom must exist only in our minds.

cue matrix analogies.

Re:Cowboy Baby

[rsborg]

But, still . . . the death of the frontier marked the inability for a man to be physically independent.

cue matrix analogies.

Matrix Analogies indeed... perhaps you need to question the "independence" rhetoric you've been fed all these years. That "frontier" you spoke of belonged to someone else (Native Americans). Sure, in my childhood, I used to eat and breathe the same love fore indepedence, until I went to visit foreign countries. There I found people who were interdependent... they understood that there was no frontier, and that whatever you did impacted other people.

Welcome to the interdependent world... you're about a century late.

Let's Hire Him

[chia_monkey]

Yeah...we have all this hubub about all the overseas outsourcing, but I think we should hire him. Awww yeah. Let's get the Angry Russian on those spammers. I wonder how much he charges...

Re: 1. Meet beautiful American wives!

[marat]

Unfortunately spam has no borders and they still insist I'm tired of spoiled american women and need to meet beautiful russian wives even though I live in Moscow and already fed up of the latter ones.

But American Language Center is really one of the baddest spammers here. I can't wait to see them spamming FSB (current name of KGB) or other security service senior official one day.

Works against hijackers too.

[Chemisor]

It's the Russian mentality. Do you know why Russian planes don't get hijacked? They used to be, until the hijackers found out that the threatened pilot simply dropped the controls and started fighting back. No wimps in that country.

Tumbleweeds

[Red+Weasel]

The only part of the russian involvement in our Wild West period is the fact that they introduced the tumbleweed to the American west. I don't really care about the Russian settlers and homesteaders but every time I need to clean another pile of tumbleweeds out of my yard I still get pissed.

Damn Russians

Re:Tumbleweeds

[Mooncaller]

The tumbleweed was intruduced in the 1880s, the exact date has slipped my mind at the moment, but it is know. The seeds were in a shipment of grain from the Russian steeps to North Dakota. The version of Europian agricultur practiced in the US and cattle ranching were primarily responcible for its rapid spread. It likes the wide openness of freshly plowed fields and grazelands. As a footnote, the Russian Thistle (tumbleweed) is now endangered in many places where it was once indiginous. I have read speculation that at some point, it might end up completely extinc in it native land, existing only as an obnoxious weed in the Americas. Wierd. From Russia with love (or something).

Back in the USSR...

[EyeSavedLatin]

Back in the USSR... Back in the USSR... Back in the USSR...

Re:In Soviet Russia

[Z0mb1eman]

As long as people mod posts containing the words "In Soviet Russia" +1 Funny, I'm afraid they'll never go away...

Turnabout

[d'fim]

Why doesn't someone post the contact info for some Viagra suppliers? Especially their CEOs? Make life painful for THEM I say.....

The purpose: harass FederalFundingProgram.com

[Jammer@CMH]

The purpose of this spam seems to be the distributed harassment of FederalFundingProgram.com, whoever they are. Send this spam to 10^n people, and a reasonable number of nastygrams and crank emails will return to the target.

Hmmm...

[BrokenHalo]

I just read the F. article (honest!) and at the end they admit that "it's possible to collect patterns from their e-mails and block certain logarithms".

I wonder if they tried blocking log 0 :-)

Re:Hmmm...

[klk206]

Those were "algorithms", you dumbhead. It was just a typo. Russians never confuse logarithms with algorithms - they learned both in school (did you?)

Re:Hmmm...

[jdray]

Russians never confuse logarithms with algorithms...

IN SOVIET RUSSIA, algorithms are confused with YOU!

Re:Hmmm...

[BrokenHalo]

Maybe you ought to go see your doctor; tell him you're suffering from atrophy of the humour gland. In case you don't get the message, I was joking, you moron.

D'oh...

Re:Bah!

[rsigman]

I think it said: "Emergency, emergency, everyone to get from street!"

Re:LOL That's got to hurt.

[srw]

It used to be sport around here to try and trick people into following a link to http:// goatse . cx
(I have deliberately spaced that out. Don't follow it.)

Slashdot has implemented a number of features to try and avoid this. (i.e. listing the domain name beside links) I guess people are still sucessful sometimes, though.

-srw

Mailinator !

[M1000]

A friend just showed me this site: http://www.mailinator.com/ if you are tired of spam, you can use that website to receive an email, and you don't have to create any account at all !

Back in the day...

[Lord_Dweomer]

Back in the good ol' days they would've sent the KGB after them for something like this. (Smiles to images of big russians in black trenchcoats with automatic rifles busting in on some spammer and shooting him before he can even open his mouth.)

Spammed

[Redbw6]

You have got to love it!!! Everyone gets bombarded with junk mail so it's great to see a man of importance do something about it!

Re:LOL That's got to hurt.

[TheMidget]

Slashdot has implemented a number of features to try and avoid this. (i.e. listing the domain name beside links) I guess people are still sucessful sometimes, though.

Slipping in goatse links is easy. Too easy even. There are a number of redirector services (shorl.com) which allow you to hide the URL, and even most mainstream sites do have some way to redirect.

No, simply slipping in goatse into a comment is so easy that it has become uninteresting. The real art now is to have a goatsy comment moderated up rather than down as the usual troll or flamebait. Seems so far it is working well (+4, and counting...)

Next challenge: slip one into a story submission!

In Real Russia

[linuxislandsucks]

In Real Russia Spammers do not get call backs.. ..we take you out back in the woods and have you shot!

Easy Money

[donutello]

1. Set up 1-900 number.
2. Spam Russian minister.
3. Profit.

Ha!

Find out whether the spammer really sent the spam

[Matt+Ownby]

Yes, the scenario you describe is exactly what has kept me from writing some software to automatically redial spammer 1-800 numbers endlessly and rack up their long distance bills. The crap people leave on my car windows, the junk piling up in my snail mailbox at home, and the large volume of spam which flows into my email account like a wave of putrid filth... all of this stuff might be coming from the spammer OR it might be coming from a third party trying to get someone they don't like harassed by a mob of angry people. I don't think you can just look at a contact phone # and start war dialing it, assuming it's the real spammer.
You need to call the phone # first and find out if you're targeting the right organization. Once you've verified that you have got the right place, then you can commence with the retaliation, right? Or can you? I'm not sure that it's really legal to repeatedly dial a spammer's phone # 24 hours a day?

Some evidence for you..

[schon]

Please provide evidence that replying to spam actually puts you on a high value list.

How about this?

according to the Federal Trade Commission (FTC) [...] responding to spam may actually result in even more unsolicited email as these responses confirm to spammers the accuracy of the targeted email address. In fact, the FTC recently conducted a study wherein the Commission and law enforcement partners tested whether "remove me" or "unsubscribe" options in spam were being honored. Their findings showed that 63 percent of the removal requests were not honored.

The good old days

[GoRK]

For a little history, search for 'dot annoy' on google. It was a little unix script that did this with 'cu' back in the day.

Are you sure he doesn't work for the RIAA

[willy134]

That sounds like some tactic the RIAA would use. Maybe they were really offering him free music and he decided to call and send them fake or virus infected music over the phone.

Anyhow, maybe the RIAA are russian politicians... go figure :)

Me.

Re:Spam - webbug images

[Stephen+Samuel]

as most spam seems to be HTML email embedded with webbugs (1x1 image tag pointing at a logging script) so they know your address is valid as soon as you open the email if your client renders HTML.

That's the main reason why I turn off the loading of remote images in email...
for Mozilla: preferences -> Privacy & security -> images -> []Do not load remote images in Mail and Newsgroup messages

In my experience, most legitimate users attach images to their emails. If I get an email which has remote images that I actually want to see, I can always right-click and explicitly view it, or turn the option on for that one message then turn it back off again. (I think I've done that once or twice in the last year)

Re:Some evidence for you..

[Rogerborg]

That doesn't show it at all, it's just yet more supposition based on a bizarre assumption that spam is actually targetted.

All that it shows is that 37% of removal requests are respected, which is a hell of a lot more than I'd have expected. We're talking about replying to spam that's already been received. I'd be interested to know what happens if you create virgin accounts and try and unsubscribe to spam lists that you're not already on, but that's a different question.

Thanks for the link though, it demonstrates that this assumption runs deep.

What about anonymizer?

Is it still dangerous to do this if you go through anonymizer?

Finally a "Profit" plan with no "?" step!

[Animus+Howard]

1) Change your phone number to a 976 number, where the caller is automatically charged $49.95 just for connecting.

2) Spam the Russian Deputy Communications Minister.

3) Allow the Russian Deputy Communications Minister to tie up your phones for several days.

4) Profit!!!


P.S. In Russia, spam profits YOU!

Choice Quotes

[Bugmaster]

"I want to warn you that if you continue your illegal activity, then the necessary measures will be taken not just by me," the Korotkov voice intoned, after giving his name and ministerial affiliation."

As for how Korotkov's message was received by the language center's staff, Petrova said, "That question is for the management, who are not available." In fact, they were "very far away, too far away to receive phone calls," she said...

Remember folks: this is Russia, where the leaders of the country are also the biggest crime lords. The spammers did the right thing when they suddenly became "very far away". If you're too far away to receive phone calls, you are also too far away to receive "necessary measures", such as a bullet to the head.

This may sound cool and exotic, but it's actually pretty sad... Westerns are only fun to watch, they are not fun to live in. Especially when the robber gangs grow to the size of entire cities.

US Title code 47 section 227.

[budgenator]

as reported on Michigan Man Uses Junk FAX Law to Sue Sears Over Spam, US Title code 47 section 227, Restrictions on Use of Telephone Equipment defines

(2) The term ''telephone facsimile machine'' means equipment which has the capacity (emphisis is mine)

(A) to transcribe text or images, or both, from paper into an electronic signal and to transmit that signal over a regular telephone line, or

(B) to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper.

and further more,

(4) The term ''unsolicited advertisement'' means any material advertising the commercial availability or quality of any property, goods, or services which is transmitted to any person without that person's prior express invitation or permission.

so the sections

(b) Restrictions on Use of Automated Telephone Equipment

(1) Prohibitions. It shall be unlawful for any person within the United States - ...

(C) to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine; ...

(5) Private Right of Action. A person who has received more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the regulations prescribed under this subsection may, if otherwise permitted by the laws or rules of court of a State bring in an appropriate court of that State (emphysis is mine) -

(A) an action based on a violation of the regulations prescribed under this subsection to enjoin such violation,

(B) an action to recover for actual monetary loss from such a violation, or to receive up to $500 in damages for each such violation, whichever is greater, or

(C) both such actions.

Additionaly

(1) Prohibition. It shall be unlawful for any person within the United States -

(B) to use a computer or other electronic device to send any message via a telephone facsimile machine unless such person clearly marks, in a margin at the top or bottom of each transmitted page of the message or on the first page of the transmission, the date and time it is sent and an identification of the business, other entity, or individual sending the message and the telephone number of the sending machine or of such business, other entity, or individual.

(f) Actions by States

(1) Authority of States. Whenever the attorney general of a State, or an official or agency designated by a State, has reason to believe that any person has engaged or is engaging in a pattern or practice of telephone calls or other transmissions to residents of that State in violation of this section or the regulations prescribed under this section, the State may bring a civil action on behalf of its residents to enjoin such calls, an action to recover for actual monetary loss or receive $500 in damages for each violation, or both such actions. If the court finds the defendant willfully or
knowingly violated such regulations, the court may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times the amount available under the preceding sentence.
(8) ''Attorney General'' Defined. As used in this subsection, the term ''attorney general'' means the chief legal officer of a State.

while IANAL, it seems to me that Deputy Communications Minister Andrei Korotkov, A person under US law has recieved an unsolicited advertisement, to his computer which has the capacity to send and recieve faxes via a telephone line so it

Blocking Logarithms, eh?

[EvilStickMan]

"Spammers have ways to get around anti-spam filters, he said, but it's possible to collect patterns from their e-mails and block certain logarithms."

Yes, how dare those spammers try to calculate the correct power of a number. I'm surprised that so many spammers use the same kind of mathematical equation in their e-mail....

Re:LOL That's got to hurt.

[TheMidget]

It's been done, although that wasn't the submitter's fault, but rather a webmaster that didn't appreciate being Slashdotted.

Groovy! I must have missed this memorable event. Do you still have any pointers (which day it happened, or some unique keywords in the story to search for...)

Re:Phone numbers? fooled filters

[madpierre]

Fooled filters ...

I just filter out ALL HTML e-mails and delete em from the server.
Since most SPAM is HTML it no longer bothers me. Sorted :-)

Plain text rules KO.

illegal-not when the ' is in your name

[Gandalf1957]

Unfortunately many folks, myself included have the apostrophe in their surname and I can testify it does screw up SQL query engines big time thanks to poor foresight.

Re:LOL That's got to hurt.

[GlassUser]

The real art now is to have a goatsy comment moderated up rather than down as the usual troll or flamebait. Seems so far it is working well (+4, and counting...)
I believe you're close to another one, too.

There is no place like localhost

[Mr.+Arbusto]

I've always filled in my address as root@127.0.0.1

Damn people using Microsoft

Re:There is no place like localhost

[AVee]

Wich is an invalid email address according to the SMTP rfc. Should be root@[127.0.0.1] since the domain part is an ip address...

Re:LOL That's got to hurt.

[TheMidget]

Found it: BitTorrent Community Running For Cover?.

The site was Torrentse.cx (a name that is program...), and the link pointed to Tubgirl (btw, the tubgirl domain name is hosted at some kind of redirector farm, and in light of my previous comments about SQL injection it is very astonishing that the other sites of that redirector farm don't show similarly disgusting pictures... but I digress...)

Predictably enough, the link was removed from the slashdot story as soon as it became apparent what had happened. The swift action of the editors forestalled most of the expected fun: There were only a handful of comments about the picture...

If the webmaster of torrentse.cx had been smarter, he'd have shown the normal contents to anybody coming from a Slashdot-owned IP, or he could have showed the tubgirl only for one visit in ten, or whatever...

Re:Find out whether the spammer really sent the sp

[mfrank]

You can get into trouble for it. In Dallas about ten years ago somebody did that to Robert Tilton (a local scumbag televangelist) because Tilton had gotten a bunch of money from his mother. They started noticing a lot of hang-ups on their 1-800 number, and eventually had the cops trace the call and busted the guy. Can't remember the exact charge, but they can get you for something.

It works - Thank-you

[amembleton]

I don't believe it. No validation check was carried out on ' or '' = '

You would have thought it would have realised no @ was used for an email address!!

Well thank-you, it somehow accepted it.

In Soviet Russia ....

[madpierre]

SPAM is just a tin of processed meat of unknown origin.

Re:In Soviet Russia ....

[AragornSonOfArathorn]

> SPAM is just a tin of processed meat of unknown origin.

The origin is obvious. Here is Hormel's (the producer of SPAM, if you didn't know) business plan:

1. Hire a bunch of yahoos (a Beowulf cluster???); give them bats and lead pipes
2. Have them beat a dead horse until it is good and pulpy
3. Package pulpy meat in small tins
4. ???
5. PROFIT!!!

That is the origin of SPAM. Of course, in SOVIET RUSSIA, this is reversed. The dead horses beat the people to a pulp with bats. Russian SPAM is PEOPLE!!!!

That said, I for one welcome our undead SOVIET RUSSIAN horse masters.

Re:In Soviet Russia ....

[AragornSonOfArathorn]

almost forgot...

this SOVIET RUSSIAN SPAM is best served with HOT GRITS by CowboyNeal in the presence of NATALIE PORTMAN.

Also, IANAL, so YMMV.

Russia: Land of the Free, Home of the Brave!

[mkweise]

Remember when the U.S. was the Land of the Free and the Home of the Brave?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Fight fire with fire?

[DaveTibet]

The fun part is that while spam is technically legal in Russia, flooding somebody's phone number isn't, and is classified as a minor criminal offense.

On the other hand, the American Language Center is THE evil spammer of the .RU net and completely deserves such treatment. Their spam volleys are regular, annoying, and use all sorts of clever tricks to circumvent spam filters. By contrast, a lot of russian-originated spam (at least spam that I receive) is very business-oriented and largely contains honest-to-God offers to sell you tires, or electric cable or some other commodity, or seminar invitations; stuff you wouldn't show to your kids is extremely uncommon.

In fact, more than once incoming spam had left me thinking that had I been involved in commerce, I'd probably even react to those offers.

Re:Spam - webbug images

[Anonym1ty]

I can always right-click and explicitly view it

GOOD POINT

I actually send remote images with e-mail from time to time. I like to do it when I'm sending a large higher quality photo or photos to someone, particularly when I send to more than one person, or to someone on dial-up. -It's nicer than taking 30 minutes to view any of their e-mails and they can watch it as it comes in,That's what my friend (a senior citizen) says anyway.

I haven't found anyone who hadn't figured out how to view a remote image even when they turned it off like you do, so it's not an issue.

Magfificent Seven

[Pseudonymus+Bosch]

Sometimes Russia reminds me of the Wild West.

That's why they call it the Wild Est. (OK, it's Kazakhstan, but the movie sounds interesting).

my revenge stories

[menscher]

Once got an (800) number. Told my computer there was a BBS at the other end. Then left for the day. It probably dialed them a few thousand times.

Also once ordered toner cartriges. Got a shipment worth $400 or so sent out to a university (and told them to bill us for it).

The trick to dealing with spammers is that everyone has to respond to the ads. If everyone responds, they'll never be able to filter the legitimate responses from those of us who are making up fake info because we're pissed.

Re:Spam - webbug images

[dave1212]

OS X users -

Mail.app - double-click on the seperator bar between your mail and the preview window to toggle its visibility.

Entourage - Type Command-\ to toggle the preview window.

Re:trolling for spam

[TheMidget]

You lucky one. Complaining about not getting enough spam...

If you need samples, you can see enough of them in the Usenet newsgroup news.admin.net-abuse.sightings .

However, if you want to receive your own personal spam, the following strategies may help:

• Post often to Usenet, and use your real e-mail address
• Use your real email address when registering to web sites
• Post to mailing lists whose archives do not obfuscate your e-mail address
• Report bugs about KDE, and use your real address to do so
• Write a Perl module, and publish it on CPAN's Perl Pause.
• Put your real, unobfuscated e-mail address on your website (or into guestbooks at other websites)
• open an MS hotmail account
• when getting spam, always click on the removeme link
• when reading your spam, be sure to have all the nice features of your e-mail program turned on: HTML mail, HTML image display (very important), Javascript, ActiveX, ... Preferably use Outlook to browse your spam.

Re:trolling for spam

[RobertB-DC]

I've had huge success in attracting spam by simply registering a domain name. I use a dedicated email address for my domain registrations (if you're dying to spam me, do a whois on my domain name).

I forgot to clean out my "domains" mailbox for a couple of weeks, and I had over 240 messages waiting. It would have been higher, but the mailbox filled up to its 1 meg capacity. Every single message was spam.

Did you realize how many 1337 ways there are to spell p3n15 ?! If only that creativity could be turned away from the Dark Side..

"Injection" should have been the tip-off

[RobertB-DC]

I feel so used... I got the parent in my M2 stack, and blithely marked the "Informative" mod as "Fair". Then, curious, I checked out the article and thread.

How the hell did I miss those obvious "frontend" and "backend" links?

But I may have still meta-mod as "fair", since there isn't an option for "oops!"

By the way, for a full answer to the questions "what's a goatse?" and "where the HELL did you get that picture?!?!", as well as other Slashdot "gotchas", see the Wikipedia article on Slashdot Trolling.