Slashdot Mirror
Anti-Spammers DDoSed Out Of Existence
Anonumous Coward writes "Not one, but two anti-spam services announced their closure yesterday due to DDoS attacks, massive Joe jobs, threats, and the total lack of interest shown by law enforcement. monkeys.com pulled the plug at midnight with an announcement that makes you think of a suicide note. Short time later compu.net went the very same way. So, when will we see a distributed RBL that can stand up to distributed attacks?"
They must've been really broken up in that note ... they got midnight confused with noon.
Secession is the right of all sentient beings.
Crap! No more WordPerfect 5.0!
Is there a way to use the technology behind distributed.net or SETI@Home for this kind of application?
just wondering...ank
Still hoping for Gentle Treatment...
Too bad about the other guys, though.
Vigilante Justice does work!
I'd never even hear of the two sites that closed down. Personally, I use Spamcop's DNSBL, DSBL, and ORDB.
-Lucas
I want to see 64.94.110.11 ddossed out of existance too. They are a notorius spamming server!!!!!!!!!
Distributed, hidden, can't tell who registerd the file...freenet could fulfill the 'DDOS tolerant' needs here.
"Draco dormiens nunquam titillandus."
is that monkeys.com (or whatever) guy saying he'll give up for ever, or 6 months, or whatever, because of this attack? Why not see if he or anyone can do something about it (trace it, stop it, take legal action, wait until it's over and carry on again)? The whole thing seems a little melodramatic.
why cant the goddamn authorities tie in motive with these attacks and go after the spammers who are obviously promoting/funding these attacks?
_+_+__+_+_+_+_+_+_+++
when i moo u moo - just like that
"The loss of a fight, a battle, or even a war does not necessarily destroy the standing from which you fought. Superior fire-power amplified by the inactivity of the apathetic does not speak to the principles for which you fought."
He is an anti-spammer. RTFA.
I think you're misunderstanding the article. It was anti-spam services that got DDoSed, not spammers.
If you read his notice, you'll observe that his biggest beef is that he got no support from any of the big ISP's that probably used his services anyway. The /. blurb is right...until there is some sort of distributed, un-DDOS-able method of tracking spammers and their ever-rotating servers, we will continue to be blanketed with spam. By the way, has anyone noticed a particular surge in spam just today? I've gotten dozens of very similar messages in just the past three hours.
... atleast they didn't blow up blow up their servers.
Um, you got it wrong pal. It wasn't spammers getting DDOS'd, it was spam fighters getting knocked off the net. By spammers. You know, the bad guys.
Where's my lobbyist? Right here.
Um, read the friggin' blurb again. Anti-spammers - the good guys in this (unless you object to the more overactive vigilantes like SPEWS).
I'm a big advocate for as few (i.e. none) false positives as possible. I consider them way more dangerous than a false negative.... but used in moderation, these services are quite effective in reducting a large number of spam.
Using a spamtrap that using weighted scoring, like SpamAssassin or the like, you can use the data they provide combined with your other heuristics (and whitelists and bayes) to provide a much more accurate view of the overall picture.
--D
Huh? It seems like it is the Anti-spam service that
got hit here. The spammers won, or am I missing something?
Magnus.
Unfortunately, these are not spammers who are being forced to pack up and go home, but the operators of black-hole lists.
This is, unfortunately a victory for the junkmailers. I find it depressing that they were able to get away with such criminal behavior.
It may not be just, but it is fair, and that is more important.
...I posted this to Slashdot YESTERDAY. Why is it that all the really good article submissions are rejected and the short detail-lacking ones by ACs are accepted?
It's a real pity to see this, one more outpost gone down.
I wonder why the authorities wouldn't help out in this case?
"...Several
hundred abuse complaints, and numerous threats against our selves, our
servers, and our Internet connection. Ignorant administrators have placed
blocks on legitimate emails from our customers due to the spam sent out
using forged random users@compu.net email addresses."
Identify them. Here. Now.
Uh, you might try reading the article dumbshit.
That was an ANTI-spam site DDOSed out of existance. This is no Good Thing at all.
From Article II: "A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed."
Are we now supposed to "take up arms" against the SPAMmers ourselves?
William
When you're not looking, this sig is in Latin.
Kind of the wrong way around... They were anti-spam services, I believe.
RTFA. It's not spammers that's taken down, but ANTI-spammers.
--
*Art
Did you read the summary? These are ANTI-spam boxes that were DDOSed. This means MORE spam for you, not less.
"People that quote themselves in their signatures bother me" - athakur999
What exactly is a 'massive Joe job'?
The American spirit is still alive.
Apparently America believes in taking down the good guys? Or did you read the article?
Secession is the right of all sentient beings.
These "anti-spam" guys have been a thorn in my side, and I HATE spam. They will list you in their list for the slightest of insecurities in your email system, and keep you there for days, weeks, or months after you've patched them. They will assume you are a spammer, even if you swear to them up and down how much you hate spam (and mean it!). They will block whole subnets based on the activities of a few.
Most (all?) of the "anti-spam" systems out there are very poorly thought out. The ratio of "collateral damage" to actual spams stopped is way too high. And who appointed these guys worldwide "email cops" anyhow? I know I didn't.
There has to be a better way to block spam than blackhole lists and the like! Maybe making it a Federal crime to buy anything from a spammer? Voila, no one buys from spammers, so spammers stop spamming the US...
Honey, I shrunk the Cygwin
You, sir, are a hero. Not only did you avoid reading the article, but you apparently didn't even read the HEADLINE!
Dumbass, rtfa
The zombie machines have been compromised by any number of holes or emails. It cold take quite a long time to build a solid network that could send out such coordinated attacks.
However,
whoops not done...
/. article about an Ausie Spam operation shut down by DDoS, and nobody felt bad about it. And the more they pull this crap, the more likely law enforcement will look the other way while spammers are DDoSed back to 1960.
So I say DDoS them Back! Spammers have always operated outside the realm of good-and-proper. And people act like that generally meet an unfortunate end.
There was a
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
So it seems the spammers are lashing out, in the face of recent successes like the California spam ban. What do they think they'll accomplish?
Supposedly there are about 150 spammers doing the majority of the world's spam. I can't believe they can keep the entire world from eventually picking up the pitchforks. I guess they think that in order to control a thing, you must annoy it repeatedly for years on end?
...
Thats actually an *excellent* idea. Not really SETI@Home though, more like peer 2 peer technology.
Why not kill 2 birds with one stone - promote a valid use of p2p, which removes some of the RIAA threat, while simultaneously frustrating spammers.
Most writers regard truth as their most valuable possession, and therefore are most economical in its use - Mark Twain
Didn't even read the article. It wsn't a SPAM machine that went down, it was a machine that contained information that help fight spam.
*cough*
You don't seem to have RTA, because they are the *anti*-spam guys that provide RBLs....
I for one have noticed an incredible decrease of spam ever since the SoBig virus hit. I used to get 15 to 20 spams a day. Now I am lucky if I get 1.
hmm, Now that 30 mins of my day is freed up I don't know what to do with myself.
So we're throwing P2P clients in our mail programs now?
I mean, I can see that it could work, and it'd solve the problem....use PGP or something of that sort to encrypt it initially and have the client throw out the old list and install the new one whenever it receives a newer one signed by the spamfighters. And then you don't have to worry about DDOSes particularly.
But it seems to be a bit much to ask anyone to do simply to get a blacklist....
I think the bottomline failure in the "War on Spam" is that there's no central "root of trust" authority in the e-mail system... that is, no sactioning body regulating the use of e-mail in the way that we can have regulations about use of the PTSN that actually stick.
What I think is going to need to happen eventually is that e-mail is goin gto have to become a closed-system where ISPs have to pay to gain admission and risk ejection if the fail to control the Spam or other abuses coming out from their sources.
The fact is, any time you have an open unregulated communication system, the lowlifes are gonna be the ones who take it over...
I hate to sound like the typical crybaby, but why do the good guys always get screwed? If we (the spam-hating/fighting collective) were to do this, I can almost guarentee there would be media and probably law-enforcement backlash against us (as proven by the story of the spammer whose information was leaked by someone).
Now, knowing that law enforcement WON'T do anything against this, what happens when we decide on vigilante justice and return the favor onto the spammers who DDOoSed them (it's an assumption)? Will the law suddenly perk up and seek those who struck back?
And what sort of example is this proving? That Law Enforcement doesn't matter/work with technology as the internet? Is this foreshadowing for the California Anti-Spam bill?
This is your typical example of hitting your little brother/sister back after s/he hit you and your mom catching you only citing "It's always the second person who gets caught."
When modding "Informative", please make sure it both has a source and IS actually informative.
Perhaps spammer information can be disseminated via a p2p network in order to reduce load and create too many targets to take down? I suppose someone is doing this already and I need to hit google.
Thanks to POPFile, I can at least filter out most of the spam that gets into my mailbox, but I prefer a solution that addresses the source of the problem.
It's all fun and games until someone loses the key to the handcuffs.
Never. Fact is, for a blacklist to have any credibity it has to come from a central source. If it doesn't, then how are you going to authenticate the real blacklist from a fake claiming to be the blacklist but actually blocking legit ISPs and letting spammers by. P2P isn't the solution to everything.
A lot, if not the vast majority of infected zombie attackers out there are located in asia pacific. Trying to track down the responsible admin, and then trying to get a response is -near impossible-. Language barriers, general apathy, it's all there. On top of that a lot of hosts in Korea have awesome pipe.
Seriously, people keep bandying about the idea of using freenet for distribution of blackhole lists, but it's probably absolutely THE best solution to the problems we're facing. The ISPs can only do so much, and when the lists are distributed from a central, known source.. well, we've seen the results of this.
I suggest one of us take up the cause of creating this freenet distribution system. It could revolutionize the way trusted data is passed if it works successfully for an RBL. I'd do it myself, but I'm beyond short of time, and brains for that matter :)
Luck favors the prepared, darling.
... I heard on the radio a guy talking about hitmen. Apparently the average hit only costs about 5k. It's not impossible to track these spammers down. Well, I'll leave the rest to your imagination... ;)
We've had a succession of Washington suits yakking on about Information Security, and Cyber War and The Great Potential Threat To Our Infrastructure, and yet when DDoS attacks actually happen, what do they do?
You guessed it. Squat.
There's no votes and no budget in actually fighting crime. There's plenty of capital to be made in selling up the threat, and in promising that you'll fix it, given just a little more time in office, and a slightly larger personal empire.
What I'd like to see is our Dictator of Homeland Security pinned down and made to explain why he's not doing something about the attacks that are happening now. If we can't defend monkeys.com from a DDoS from malicious assholes, how does he expect to believe that we're able to defend safety or economic critical infrastructure from the same kind of attack launched by the truly malevolent?
If you were blocking sigs, you wouldn't have to read this.
I'm sorry but some of these list maintainers are anal, (VERY) self-righteous, awful people who will not listen, not even when the person at the other end of the line is polite, patient, and takes a polite and amicable approach to the issue of getting removed from the blacklist (and punches a pillow after the phone calls and emails instead of being rude to the person).
I'm sorry but with the hell I had to go through to get removed (too much unwarranted ass-kissing, too much putting up with the "I'm only a volunteer" crap) I am only glad to see these anal a-holes go.
Hmm... It sounds to me like peer to peer software would be a great way to distibute a DOS proof anti-spam system. Integrate Bittorent with the sharing system with an easy to choose tracker site. Of course I could just be talking out of my @$$ here.
I think that anti spam people should simply broadcast the blacklist information through some distributed system.
Filesharing, IM service, IRC (no DDOS there!), Usenet or such.
Then it is up to the individual clients on whether to add or remove the "spam" depending who signed it.
I think usenet, perhaps with multiple moderators could work.
Add a good web of trust, and it might work.
...for all the lip service various Federal agencies spew regarding reporting incidents like this, they sure don't seem to be acting.
Children in the backseats don't cause accidents. Accidents in the back seats cause children.
I really think the best way to manage spam is to have it so that those who want to email you that are not already on your list half to take a 30-60 second truing test. It could be from a site of your choice that issues a signed id string if the test is completed successfully. If someone wants to talk to you, then that's not that much of a nussance, but for a spammer sending out 10million emails/day it would be a disaster.
The assumption that only spammers hate blackholes and want them down is near-sighted. You're missing the fact that every single one of the blacklists also hit colateral damage targets, legit systems that have a near-impossible time proving they're not spammers. It could be those admins who want the blacklists down too...
Let's have the names+numbers of those law enforcement officials who didn't feel this was worth tracking down.
Then, let's call/fax/email/write just about anybody who remotely has power over them. State reps, governors, DAs. A few calls to radio stations(NPR might eat this right up), local "consumer reporters"....
Please help metamoderate.
Searching for intelligent life in the universe, and pr0n on your hard drive :-D
ha ha!
j/k
stuff |
Perhaps he could ask the community for help tracking down the DDOS attacks, it only takes one IP of a friend or someone down the road from one of us to get the ball rolling.
Go ahead and post the thousands of IP's... I'd be glad to poke around and see if I can find any of those pcs in this area or get in touch with any of the PC's owners.
No, this is
The biggest problem is these zones are HUGE. It doesn't take as much CPU/RAM as storage space. This could become the most highly traded file on Kazaa...
I, for one, welcome our new SPAM Overlords....
The internet seems to become more worthless every day, as more and more of it is hijacked by spammers and other commercialization.
How can we take it back? If we can't, how can we replace it with something more resistant to these electronic malignancies?
I want instant communication with friends and colleagues all over the planet, but I don't want UCE. I want instant access to the world's knowledge on all topics, from crucial news to movie trivia, but I want it without viruses, interstitial ads, popups, spyware, and all that other crap.
By using Linux with some other specialized software, I have erected a defensive perimeter around my internet existence, so the tidal wave of garbage largely passes me by. But the walls need maintenance, and there always seems to be some new leak that needs plugging.
It's regrettable that we need to take such drastic measures, but what really worries me is that the need is increasing with time. Can you imagine the situation where 99% of your email is spam? Is there an alternative to giving up email entirely at that point?
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
total lack of interest shown by law enforcement
If a MMORPG gets cracked and the rich owners get inconvenienced for half a day, the FBI flips out and immediately mounts an investigation.
However, these guys are repeatedly DDoS'd and nobody cares.
It would seem that the government only cares about cybercrime when big cash is involved.
The US Army: promoting democracy through unquestioned obedience
Personally, I think people play way too much into it. They become so extremely adament about it. If you want something to go away you cannot do that! You can be adament about an issue, but in an honest rational away, not just FSCK SPAM! That's hardly productive. There are certain precautions that can be easily instituted to circumvent vast piles of spam.
Easiest is only give an address to a select few. Can't do that and need to remain available? Have people append something to the subject line and filter that out. Gawwd I can see the business people now, what?!? and mess up my "pretty" business card design?!? Gawwd! shut up! If you can't expect any intelligence and understanding of the people you are doing business with, then by all means, you should be forced to deal with what happens when people disregard intelligence, drudging through the filth of your inbox.
This is definetly true.
I myself had a runing with Anti Spam sites. For some bizzare reason the IP of my mail server was listed as a spam server. Which is BS as it's only ever used for personal mail.
It took 5 emails and 3 days to get my server IPs of the list.
It's a real bitch. Your mail bounces, you call the ISP that bounced your mail and they tell you that "such and such list", now you got to go to that list and request a removal. The problem is that many of the lists mirror additions but NOT removals. So you get added to one list and tada you're in 20 and got to remove yourself one by one...
In Soviet Russia, the television watches YOU!
OK, IANAL, but I have an idea that so crazy it just might work.
Instead of outlawing spamming, outlaw the purchace of products advertised with spam.
You could enforce this in a similar way to recent online gambling regulations that prohibit credit card companies from honoring transactions for online gambling. So if you sell your products using spam, you can't collect on the payment.
Also, you solve the jurisidction problem of outlawing spamming. Instead of just moving the spammers out of the country, you now discourage spammers from ever sending spam into the country because it would then become illegal for anyone to purchace their products.
And finally, it would discourage the 0.001% of people who are idiotic enough to respond to this crap. "You'll go to jail if you buy this." is just the kind of simplistic message that would get through to these people. When spammers stop getting replies, they won't have anyone to sell thier service to.
This is just an idea, so I'm sure there's a few problems with it. But maybe in order to combat spam, we need to stop trying to go after the spammers and start trying to just make it unprofitable for them to operate in the first place.
A friend of mine, who has a business class DSL had his ip block blacklisted. Seems someone on the ISP had a trojan and was sending out spam. So monkeys.com blocked the entire ISP. And monkeys.com response, contact your ISP. All the customers where in a deadlock, the ISP didnt know why they where blocked, the customers couldnt get unblocked, so every customer trys to contact Monkeys. The ISP couldnt contact monkeys either, monkeys email queue was full. So the ISP threatens to sue, customers threaten to break kneecaps, and the spammers win.
Really, if RBL's can be tricked to block good ISPs, and you get get the IP blocks removed, its flawed and needs to end service.
BTW, I know many people who are switching to whitelists, and even at work, whitelists for internal mail only cuts spam almost 100%. Even earthlink etc, sell whitelist features as a value added service.
I wish law enforcement had the resources to go after whomever is DDOSing these ant-spammers.
But I understand that, especially now during our war against terrorism, law enforcement must prioritize, and go after bigger threats to our well-being.
I applaud John Ashcroft for realizing this, and using our scarce law enforcement resources to attack the real threats: Tommy Chong, the bong seller, and porn that personally offends him.
If these anti-spammers were serious, they'd do the right thing and incorporate as for-profit companies and make the campaign contributions that would purchase them real police protection. That they haven't makes it clear to me that they have no reason to expect law enforcement to take them seriously.
Opinions on the Twiddler2 hand-held keyboard?
It seems that even a central controlling body will use systems like http and email for they're own profit.
Giving up email to others is not the answer! At least now we can do as we want, we don't want VeriSign2 bouncing our emails wherever they please.
Here's a step in the right direction:OpenBSD and spamd
insert sig here
when spammers are outlawed, only outlaws will be spammers.
stick that in your crankcase and smoke it sh!tbr!ck
All is not lost, consider Spam Assasin if you are not afraid of Perl. It can help you block the Spam and does not cost a lot. Of course Windows users can download SAProxy a pre-compiled version, so they don't need to mess with Perl. At first it blocks about 50% to 60% of Spam, but you have to feed it Spam examples that slip through so it learns. You also need to feed it Ham (Non-Spam) examples so it learns from that as well. It only works with POP3 clients, so no AOL or MS Exchange mail.
If they were brave enough, they would have posted their blacklists to the Internet for others to pick up where they left off.
This is a sad event for those who want to shut down the Spammers, they got shut down themselves.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
The RBL needs to be distributed widely. Maybe if those Kazaa dorks could stop pushing worms for a minute they could integrate positive stuff, such as RBL, into their massively distributed P2P application.
These anti-spam lists were notorious for ruining the good names of ISP's who went thru the trouble of eliminating spammers from their ranks only to continue to be listed on these lists.
They couldn't run the damn things right, its probably disgruntled ISP's and not spammers who are DoS'ing them right now. And rightly so.
Mac OS X and Windows XP working side by side to fight back the night.
Could be, but that isn't the sort of behaviour that one would usually expect from admins (even angry ones). Really, admins get pissed about it, but I don't know any that would make personal threats of bodily harm over it. You could be right, but it seems to me that the spammer is a much more likely culprit.
Where's my lobbyist? Right here.
Here's Steve Gibson's account of dealing with DDoS attacks. Check out the rest of his page too. It's full of useful information.
A link for more reading about The Tragedy of the Commons as a general phenomenon.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
I think there are a lot of other good solutions out there for spam. It would seem that blackholing has it's place, but that if you want to bring large ISPs into the fold, you have to do it without all the collateral damage. Pinpoint strikes, if you will, against compromised servers, rather than concentrating on "punishing" people who often have no choice about their situation. Just my 2 cents, but if you want to get big business on board with the spam fight, you have to do it in a way that doesn't hurt their customers, so when you get DDOSed, you have somebody to help call in the FBI.
I don't believe for a second that spammers could withstand an ongoing heightened legal and governmental response backed by AOL, MSN, etc.
The poor guy gets DDoS'd, and then we end up Slashdotting his "suicide note"!!
This guy just can't catch a break.
Just a thought - I hear a lot of people complaining about these blacklist services, and how they are not responsive when some group or whatever "makes a mistake" or is spoofed, and gets blacklisted. And I've heard threats, etc. from these people. The question I want to raise is: did the spammers execute these attacks, or did these other people? If it is the "other people", then this is a good example of why this method of attack is stupid. Or, as they might see it, why it is so effective. I'll say this however - don't come to me with your simple (and therefore usually stupid) solutions to these issues unless you'd like to actually think about what is going on.
as long as the file was encrypted by a trusted person, and his private key was secure, you could use his public key to extract the block list.
n'est pas?
I'm sorry for the trouble these guys have had, but I've had more trouble with black lists then benefit. I've been black listed many times for stupid reasons. Like one of the sign-off's mentioned, I've had @mydomain.com used to send spams, had to handle the bounces and then been blacklisted on top of that. I've had spam link to a page I host even though the spam wasn't advertising the page, it was using the page to support the sale of its product. The page was about water safety, and posted by someone with no connection to the spammers. I've twice been blacklisted and once had UUNet filter my IP allocation because users had uploaded old vulnerable versions of FormMail.pl to their web sites and spammers found and abused the hole. Both times I had found and removed the offending script before getting shut down, only to be blacklisted/filtered AFTER fixing the problem.
As you might have guessed I have no love for RBL type services. I think their hearts are in the right place, but I'm tired of getting caught in the cross-fire. Since at some point, in order to benefit spammers have to be contacted by consumers, law enforcement should be able to track them down. I'd love to see that sort of thing become common. I can't see a technological solution even with a complete overhaul of how email works. I like the fact that a stranger can email me if they like. I just want to see legal limitations on that contact to prevent spam.
We need a series of servers distrubuted like DNS or NTP servers, that take requests for validation, and allow a handful of select "root" servers be the ones that pass out the info to the "leaf" nodes. That way if the "leaf" node is DDoSed then the system still works. They would have to DDoS all the nodes.
Just a random thought on the topic.
Scott
janitor
sdn website family
email: scott at sboss dot net
Heck, I get all of my research from 40-year-old movie scripts!
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
We found a spammer! May we burn him?
I'd like to see the IP traffic from these countries routed to /dev/null until they start making an effort to become good Internet citizens. I get nothing but loads of crap from South Korea, China and Russia. I'd advocate the same thing for American ISPs that show little interest in cleansing their networks of spammers, zombies and virus reservoirs.
Mea navis aericumbens anguillis abundat
Another RBL list that went down recently was at osirusoft.com. About two/three weeks ago they had a DOS attack. This makes me worry that the spammers are winning. On a side note, I've been using this service called shadango.com for the last month and it's filtering has been pretty solid. Also it allows me to check my hotmail, yahoo, and students address all from one interface. It's frickin' solid! I don't know if services like shadango.com are the answer to spam, but i'd say it's worth a try. Brian
I agree 100%.
Kill all the black lists. I've seen way too much money and time go down the drain because of false positives and appalling administration of black list services.
The only black listing that works is local, and that takes way too much time to be cost effective in a lot of cases.
When it comes to spam, more thought is required.
G/
My Paintball Pics
Believe me, folks, if my site isn't safe, then nobody is. I figured I was a complete nobody in the anti-spam scene, and yet I was an early target! The Spamafia brooks no criticism: you will be driven off the web forcibly. Oh yeah, and my experience was that the police really don't have the resources to do anything about this. My ISP at the time didn't seem to care much, either. And there are more attacks that you probably haven't heard about. It's a war zone out there, folks.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
I believe that the most popular services of monkeys.com were its unsecured proxies list and unsecured formmail.pl list. Most likely lists of individual IPs, though I've never used them.
As far as self appointed email cops go, just about anyone can propose and implement an anti-spam system. It is the reputation and effectiveness in the eyes of that system's users that matter. Poorly thought-out or excessively agressive systems simply aren't widely used. And as hard as it may be to wrap your mind around this, there are those out there who don't mind collateral damage, and some who even prefer it.
As far as federal laws go, the one entity that has the most power to stop network abuse is the network infrastructure. Any federal laws targetting spam should pin the responsibility on the ISP for allowing it onto the public internet. I believe it would be possible to write such laws without harming any common-carrier status or tread too close to censorship. Spam and DDoS attacks have nothing to do with content, they are infrastructure abuse.
ISPs are not policing their own networks well. They have little motivation to do so. Federal laws requiring it may be the only motivation they get.
Beer wants to be free
Much as I dislike spam I dislike anti spammers more. Especially the people who maintain RBL, blacklist entire IP blocks and kill on x-mailer.
They're a bunch of do gooding idiots who harm more than help. Godd riddance to them.
-- Be careful what you say. Someone might remind you about it another day.
The Blacklist Groups became arrogant beyond belief and alienated some of their strongest early supporters. We all know the story: blacklisting whole IP blocks (never mind the collateral damage to innocent parties, that's their fault for hosting with spammers, blaw, blaw, blaw...)
These people have NO ONE but THEMSELVES to blame, and the Internet is better off without their "I Am God" attitude.
Send him around to kneecap these scums.
Guaranteed.
Wassamatta you?
There better be no muthafuckaz tryin' to perp' shit against *my* homies in *my* lively 'hood. Might have to pop a cap in somebody's ass.
-Looking for a job as a materials chemist or multivariat
Which authorities? Which jurisdiction?
We are the complacent ones. We are responsible. We must no longer sit in our chairs and point at each other. If we don't like what's happening we must stand up and act!
Spamassassin is good. Rating systems are good. Distributed early detection of spammer hosts is good. P2P distribution of anti-spam intelligence is good. Rate-limiting spammer hosts is good.
If we really care, we will create the defense and save the 'net. If we really care, we will act.
I will act.
I fight spam!
So...
YAW hits the net, exploits a hole in some MS product which has had a patch available for months. Thousands of unpatched home systems are infected with DDOS malware. Anti-Spam sites (and anyone else on the hit list) get nuked.
Now, don't get me wrong, I'm all for going after the evil bastards pulling the trigger...but wouldn't it be a good idea to fight this on all fronts?
Right now it seems to me that the only incentive Microsoft has for coming up with a better way of announcing and distributing patches is their reputation.
End users? What motivation to they have in patching? Only when their PC becomes unusable do they take notice...but good DDOS zombies don't make a nuisance out of them selves.
My rhetorical question: if the vendors and the users involved in the DDOS 'circle of life' had something real at stake...
When some CRITICAL site (www.penny-arcade.com) gets DDOSes, we'll wish we had already taken more action!
Really?
US law. A citizen can be charged with stalking and can have a restraning order restrictions placed on that individual.
Criminal Harrassment.
Likely the result of a canadian lobby. Three percent of employment revolves around telemarketing to the US. Losses do occur but canadian tax laws provide the balance.
There is many more useful services for such an industry. Due to inept management, such services are not on the radar.
Nobody likes the idea of a 'big brother,' but at some level the system needs moderation/monitoring to keep innocents from being slaughtered by DDoS attacks. What policing action could keep these type of attacks from happening. Or are there stopgates that are just not doing what they should (all of dubahya's croonies)?
AC
If RFG can show that more than $5000 worth of damage was done to his computers or business, he can get the FBI involved. If they can track down who did this, there could be jail time for some of these bastards.
This post expresses my opinion, not that of my employer. And yes, IAAL.
If Slashdotters keep trying to reach it we are only helping the DDOSers.
that abomination of "song" is indicative of the zombie like behaviour of todays youth
offers for Brittney Spears CDs courtesy of the RIAA.
Spamming generates a LOT of money for these people. The fact that their "industry" is already considered criminal by the internet community only makes it worse. These attacks are totally predictable...they will do whatever is necessary to protect their revenue stream. They are like the mafia.
What I don't understand is, why can't the government go after the people who enlist the spammers' services? For example, I've gotten spam from some "financial services" companies that want me to take their investment advice. They have obviously hired a spammer to spew emails on their behalf. Why can't that company be fined or sued? If we make it too expensive for the ADVERTISER to use spamming services, then I believe that will reduce spam overall. Or am I completely naive?
There is no gravity...the earth just sucks.
(1) Allow all e-mails from individuals in your address book, or otherwise permitted individuals, to be downloaded in their entirity.
(2) For e-mails from individuals not in your address book, download the headers only, and sort them by a spam-filtering program like SpamAssassin.
social sciences can never use experience to verify their statemen
Hey maybe soon we'll see Spammers head to head against each other trying to get each others business. How soon before we see MDDoS attacks between Spammers trying to take out their competition?
What about using usenet to publish changes to RBL lists? Each valid command would be signed with pgp to authenticate the source... then you just write up some scripts to retrieve messages from certain newsgroups.. validate the signature and modify a locally stored list.
Spam posting to those groups would become a problem.. but there are other ways of dealing with that. The point is.. if you can validate the source of the change commands it does not really matter how they are published.
It would only be 'near time' instead of real time... but isn't that good enough?
Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats. -HLM
It's a matter of management priorities. J. Edgar Hoover, founder of the FBI, hated bank robbers. If you robbed a bank, no matter how little was stolen, you could count on the FBI to make a serious effort at putting your butt in federal prison for a long time.
Mea navis aericumbens anguillis abundat
Have the blacklist service, still provided by volunteers, hosted by some company, along with their own sites.
Like Yahoo. Google. MS. IBM. You know, BIG companies.
Spammers try to DDoS the company webserver. They probably won't succeed. If they do succeed, or even succeed a little, guess what, you just caused verifiable revenue loss to a company with long arms and deep pockets!
Come on, you "we hate spam, too!" companies! Here's your chance to help out.
So in this instance, let's say a dispatch from your friendly neighbourhood RBL freenet source would include, in a PGP signed plaintext message; - RBL IP or net / netmask - short reason Hell dudes, these dispatches could even be sent to a Usenet group... Has anybody tried that? Like an offshoot of NANAE? NANAE.dispatches? You'd filter for new adds and cancels, trusting only the signatures you want...
Luck favors the prepared, darling.
You're missing the fact that every single one of the blacklists also hit colateral damage targets...
...which is not a fact; sounds like someone with a grudge. I suspect the biggest public blocklist out there is Spamhaus, which has gotten to where it is in part because it does not engage in those tactics. And despite spammers attempts to DDOS it out of existance, it appears to have the resources to withstand the attacks.
Well, it happened again. Spammers can quite easily attack a company over the net - after all, they don't have to pay for the bandwidth, seeing that they're stealing it.
Making laws against spam will not help at all, as they are very easily circumvented. All a spammer has to do is take over some computers in any foreign country, and spam from there.
The ONLY WAY to stop spam is to make it illegal to use spam as an advertising tool. Thus, if your company is selling some crap, and you're caught paying for spam to sell it, you're going to have to pay for the wasted bandwidth and peoples time. This would be expensive enough to shut down quite large companies.
More importantly, it would stop people from paying spammers.
Yes, there's a problem, of course - you could target companies by spamming for them against their will. But currently, I do not see any other way of getting rid of spammers.
You have to shut down their source of income, not their spam itself.
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
I have an idea. If a RBL site is running it's own DNS servers, or has control over them, then that sort of a DoS redirect could be done quite easily. Simply find out the IP addresses of the important political entities, and modify the DNS records to point to them, rather than the RBL site that is under attack. That way the spammers would directly be upsetting the important people who might be able to pull enough influence to get the law enforcement to do something about the spam or DDoS problem.
Legislating spam out of existance is not going to have any effect if it is not enforced.
What ISPs are these losers using?
How are they doing the DDOS, using PCs infected with a trojan?
They need some serious bandwidth either way.
The sad truth is that there is no equal protection of the law. A rich corporation can legally destroy your life for sharing a few files on Kazaa, but most of us won't get effective legal protection even from DDoS.
I wonder if this wouldn't be a good application for .torrent -- I'd gladly trade the bandwidth I lose to spam for sharing parts of a RBL file. This would be similar to the freenet proposal but without having to commit to storing any class of content.
When that happens, we could easily block traffic coming from Korea and other overseas spam pits.
Newsfollow.com
-lj
"I love my job, but I hate talking to people like you" (Freddie Mercury)
...is a crack team of commandos to start hunting down spammers, dismembering them, taking pictures, and publishing them on the Internet as a warning.
Yes, I'm serious.
..It isn't a troll.
I am very small, utmostly microscopic.
Put it on a .gov website, then whomever tries to DDOS it gets a one way ticket to Gitmo.
between the greater and lesser infinities sleep the dreams undreamt
-mlk
It would be easier to go after the businesses that use the spammers to advertise. Their money is what makes it profitable and they have to make themselves physically available somewhere to collect the payments. Investigate them and if there is any evidence that they hired the spammers then fine them out of business.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
It's high time for MTA operator licensing.
I think we need to implement a system where operators of MTA software need to be licensed, just like radio operators. The licensing should be open to anyone. The rules need to be:
1. The licensee's MTA is only allowed to receive email from their own network to forward, and only receive email from other licensed MTAs from outside their network.
This means that licensed MTAs will reject email from adsl-1-2-3-4.somebigisp.com, but will accept email from mail.somebigisp.com. A cryptographically signed list is distributed containing the list of MTAs that are licensed.
2. If a licensed MTA operator's MTA is used to send spam or viruses, the MTA operator has their license suspended. Egregious violations can be punished by fines, or in extreme cases, imprisonment.
3. ISPs (as opposed to an MTA run by an individual or a small company) would have to be licensed themselves to send email, and hire only licensed MTA operators to run the mail gateway. If an ISP is guilty of allowing spam or malware through their MTA, they can lose their MTA license, and in egregious cases, be fined.
Licensing exams must relate to MTA operation best practise, rather than the specifics of operating a particular piece of MTA software. Licensees will be expected to learn how to properly configure and test their software before putting it online. Hopefully, the risk of a license suspension/revocation will provide ample incentive to ensure the MTA is configured correctly.
Licensing rules would have to be agreed by international treaty. The licensing authority should probably be national governments, but could be the administrator of the DNS TLD for the full DNS name of the MTA in question.
Effectively, licensing will be a big whitelist of mail server operators who have a minimum mandated level of clue, and a code of conduct enforced by the rule of law.
In the early days of road vehicles, there were no drivers licenses. However, you'd have to be nuts to argue that driver's licenses (and most are internationally recognised) are a bad thing these days. The same really needs to go for mail servers - doing nothing at all is no longer an option. In the last 48 hours, Exim on my server has rejected just under 3000 instances of the Swen worm and SpamAssassin has canned 400 spam emails. Indications are that it will ONLY get worse. Rewriting SMTP won't help - we need proper rules about email, and proper remedies that can be applied (license revocations, fines, imprisonment) when people fail to follow those rules. With proper MTA licensing, ISPs will ensure they can properly identify all users and can so punish people who try and abuse their MTA, instead of just ignoring the problem like they do now. I'm beginning to wonder if email is worth it any more unless measures like this are put in place.
In the short term, ISPs can help by blocking all outbound port 25 access apart from their mail gateway. Slashbot whiners who don't like this can stump up for a business broadband account and a static IP if they really must run their own MTA.
Oolite: Elite-like game. For Mac, Linux and Windows
I will do what ever it takes to block your spam from even being accepted by my mail server. It's MY SERVER, MY BANDWIDTH, MY RULES! If I want viagra I'll buy it, if I want penis enlargements I'll buy it. If you don't like it TOUGH SHIT!
"I bow to no man" - Riddick
The fact is, any time you have an open unregulated communication system, the lowlifes are gonna be the ones who take it over...
Yeah, just like Slashdot. Or Internet in general. I'd rather deal with spam than the problems of coordinating a international organization operating in every jurisdiction, with constant exchanges between different ones with differing community standards of what is acceptable business policy and not. There's a lot that could be done about the current system, without going to such extremes, but it's not being done.
Kjella
Live today, because you never know what tomorrow brings
If these guys are getting DDoS'd, can't the lists be shared across a distributed network, like bittorrent or something?
So that the lists will persist if the server goes out.
Provide an encryption method so that updates are only generated from a trusted source... etc...
I'm a big advocate for as few (i.e. none) false positives as possible. I consider them way more dangerous than a false negative...
You put it like there's some doubt or debate as to whether that is true. There shouldn't. A false negative (provided that it manages to go through content-based bayesian filters and the like) only means the person who receives the mail wastes a few seconds identifying it as a spam and deleting it. The consequences of a false negative can range from some confusion (that will still take much more time to clear up) to, for example, loss of job opportunities. And the victim will be a person who hasn't usually made the decision of using a blacklist and probably isn't even aware of the possibility of losing legitimate mail.
-- Repeat with me: "There is no right to profits".
Honestly, we need to have a world-wide moratorium on anti-spam activities for one month. Let the spam flow! It is probably the only way to really make the problem visible to the people who can do something about it. When the email systems get choked and slow to a crawl, only then will we see the uprising against spammers we need from Government, businesses, etc.
The NSA: The only part of the US government that actually listens.
Wouldn't some form of p2p style blacklisting system be ideal for this sort of application? Each mail server runs a small client that searches a p2p network of blacklisted hosts. Each host lists section of the list and queries other hosts to see if it's on the list. No central server to DoS, and I don't imagine the entire list being so large that it would cause too many bandwidth problems...
More to the point, given that it's certainly doable with plain old DNS: why don't we have one already?
Let's say I run a DNSBL server on a domain I own, "bl.dnsblacklist.com" say. How hard would it be to allow volunteers, preferably at large corporates and ISPs to download the entire zonefile contents via DNS AXFR (or whatever), in return for hosting a mirror server complete with another A record for "bl.dnsblacklist.com"?
I would get to vet the applicants, because they would need to contact me first to acquire the necessary permissions required get access to the zonefile. If I don't trust the applicant to be 100% legit, or get evidence they have misused the data (which, at then end of the day is just a list of IPs that have sent spam), then it's access denied. There are some potential problems with this that I can see though. We still have a limited number of IPs for the distribution of the zone files to the slaves, so it would possible to DDOS those, unless that role could be safely distributed too.
Note: this occurred to me while reading the article, so I almost certainly have missed some potential holes. Still, it does seem a way for a DNSBL provider to gain some resiliance for free if those holes can be plugged. Comments?
UNIX? They're not even circumcised! Savages!
...central authentication.
Freenet is perfect for this. If an RBL maintainer generates and publishes a SSK (subspace key) to a DBR (date-based redirector) freesite, he can maintain his list on Freenet, where it can NEVER be spoofed or DDOS'd, or deleted, except for lack of interest. Perhaps a tool can be developed that automatically feeds an SMTP server's blacklist with regular updates from Freenet.
Freenet is bloody slow these days, but an app like this could easily improve its performance, since the RBL would be widely propagated among the many interested nodes.
Ask your doctor if getting up off your ass is right for you! -- Bill Maher
It'd take some time to settle in, but soon you should have a fairly good idea of who is reporting real spammers, and which are trolls. True, it won't be perfect, but it's not like the idea is completely out of the question.
Kjella
Live today, because you never know what tomorrow brings
The point is not whether or not you or anyone else feels like blocklists are valuable.
The point is there're people (spamming scum) taking down anything they don't like about using DDOS attacks and the law enforcement agencies and ISPs are doing NOTHING to stop it.
Whether you like blocklists or not, the fact is a lot of other people do like them. They are being denied a valuable resource (to them) by people who oppose to what blocklists do. The opposition is using clearly illegal means to achieve their goal of runnign down all and every blocklist out there. This is a very definition of censorship.
Wait till some scumbag doesn't like what you do on your server and DDOSes it to hell and back. You try to contact the FBI about it and they don't want to hear about it. I'm confident you'll see what the point is then.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
Sadly enough, they'd probably go after the people who did the DNS change in additon or instead.
-Lucas
Would it be possible for the zones themselves to be distributed via rsync? Mirrors could be provided, and scripts could be setup easily to handle multiple zones from different 'lists' -- the problems I see here is that the zones would be available to ANYBODY (including spammers) -- However, they are now, just with alot more work involved.
Something to think about... Performing a:
rmerge sync
rmerge dsbl/monkeys.com
would be neat, and would not rely on any external DNS server, as the zones would be locally hosted.
Running the above from crond every 5 hours, etc. would keep the list fresh.
Forum Foundry, Inc.
My father already does this. You may e-mail him if and only if you are someone on his list of people he wants to accept from. It's basically his co workers, his family and his work contacts. Now this, of course, is not ideal, but for many people it will be an easily workable solution.
It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
I, for one, DON'T welcome our new spam overlords!
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
If you hire more male cashiers, you will only attract more female applicants because it will be a place with lots of men.
Can't an ISP detect if an IP address is sending out the *same* HTTP request several hundred times per second? I think that would be dirt simple to implement for an ISP (they could hash the request before comparing it so as not to invade precious privacy). There aren't any obvious legitimate reasons to be making that many requests, so I think its fair to assume that a machine doing so is participating in a DDoS and should have its upstream blocked.
Where are the press releases? What's Homeland Security doing? Who did they talk to at the FBI? Did someone contact them? Name names. Get press coverage. Contact reporters who've written spam stories.
*WARNING* If you're the type of person that can't handle any critism of the open-source/technical community, even from within, you might want to skip to the next message.
There's a funny thing that's been going through my head for years now which these two closures seems to be a part of.
Technical people don't make good administrators.
Years ago when I was in high school I used to run a BBS (bulletin board service - pre popular internet networks of computers). Every few months a SysOp (System Operator, the people in charge) would have a meltdown, send out a message telling everyone how much he'd (there were no women ;-) suffered, how ungrateful the users were and that he was shutting down to teach everyone a lesson.
Nobody ever learned a lesson, and I never felt the lesson they were trying to teach was particularly valuable.
I'm suspicious that this is a natural weakness of any system that relies on volunteer labour. If people don't have a strong (unfortunately usually economic) incentive to continue something, they're more ready to throw in the towel when the seas get rough.
We've all seen open-source projects die where the maintainer spits bile about no one contributing, no companies offering them cushy jobs where they can work on the project, etc, etc, etc. See the story about the Linux Router Project for an example of this.
As a non-technical example, a friend of mine was a volunteer firefighter and he got into the profession when just about every firefighter in his small town quit and they needed to replace the force. A baby had died at a fire they were fighting, and none of them had been able to deal with it, so they quit. Professional firefighters have all undoubtedly had the experience of someone dieing in a fire they were fighting, but you wouldn't expect their whole department to give up afterwards...
With both of these lists, sure denial of service sucks. Given. When you rovide a service for free you expect acolades, guys buying you beers and women offering you their virginity. Best case, sure. But sometimes things aren't going to go your way and it seems so easy to close up shop, which can really screw people there were relying on you.
If Slashdot started suffering sustained dos attacks, you can be sure that they'd figure out a way to get through it, or just button down the hatches until the attacks end. They're earning their livelihoods from this site, so they aren't going to give up on it easily.
Maybe this is something that we should be upfront about as a community. When a service/product is free (as in speech), future extension/maintenance/existance are never guaranteed, and the only thing you're actually getting of value is whatever is there right now. If the service is something necessary that becomes worthless the instant it stops being maintained (rare, but certainly the case in some instances, such as with these two lists or with things like BBSes), than maybe volunteer labour isn't the way to provide it.
Nothing we know of can stop DDoS attacks - except law enforcement getting off their asses and ACTUALLY PROSECUTING CRIMES. Remember, every DDoS attack is rooted in zombie machines. Unauthorized hijacking of someone's machine is a CRIME. The problem is, the law enforcement people don't care about this particular crime, so nothing we do can fix iit. http://www.seebs.net/log/archives/000071.html
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
For example, how about getting RMX (Reverse MX lookups) working. A lot RBLs are error prone. A distributed RBL would either not really be distributed (i.e. a central 'committee' that decides who's on the list and lots of mirrors), or a disaster (i.e. anyone on the net can block people). I'm not saying it couldn't be done, just that it would take a Herculean effort to prop up a technology that a lot of people think causes more harm then good.
:P. Older entries would automatically loose 'weight' so that people who change their ways can send email again. People who send in bizarre reports would have those reports weighed lightly.
The ideal (in my mind) anti-Spam 'tool chain' would be RMX and Bayesian filtering along with per-user white listing for messages that are flagged by those systems. A per-domain blacklist of "sites vouch for Spam via RMX" could be created and done on a somewhat distributed system, rather then an IP based system.
Anyway, here's how I would design a distributed blacklist type system. First of all, it would be based on RMX rather then IP space. That way people who are forced to share IP space with spammers don't get screwed. Users of the system could flag mail as 'legitimate' or they could flag it as 'Spam' legit email is sent in only as a counter, and actual Spam is forwarded to a central system. Unlike Kazza or whatever, we wouldn't need to worry about getting shut down by the RIAA so some centralization is OK.
No one person would decide what to 'blacklist' rather, simple counts of spam/non-spam could be retrieved by users. People running mail servers could see the Spam that they supposedly sent and, erm, repent
How do you prevent DDoS? Well, honestly I think the best solution would be to have users pay a small fee going towards hosting on something like Akami. That would be a lot simpler then trying to setup and manage the security of a distributed redistribution system.
We might also have an identity verification system to prevent spammers from faking thousands of accounts to fuck up the averages.
autopr0n is like, down and stuff.
We ALL of us /.ers need to DDOS the
clients of the spam companies.
If you advertise via spam, you want site hits.
Well if everyone who hates spam,
pinged the advertiser 1 time per min.
That site would die!
We need a simple screen saver that does that.
Then pass the site lists and screen savers around on Kazaa!!
This is ridiculous! We have a right to make our posts, and it doesn't take all that much effort to bypass them.
Everyone, come help join me DDoS the Redundant Moderators, by posting the same thing 12 times more!
Here goes, for those who need an update:
#7044775) He is an anti-spammer. RTFA.
#7044777) I think you're misunderstanding the article. It was anti-spam services.
#7044782) Um, you got it wrong pal. It wasn't spammers getting DDOS'd, it was spam fighters.
#7044786) Unfortunately, these are not spammers who are being forced to pack up and go home, but the black-hole lists.
#7044794)Uh, you might try reading the article.
#7044795)That was an ANTI-spam site DDOSed out of existance.
#7044799 Kind of the wrong way around... They were anti-spam services, I believe.
#7044800) RTFA. It's not spammers that's taken down, but ANTI-spammers.
#7044806) Did you read the summary? These are ANTI-spam boxes that were DDOSed.
#7044816) not included here, due to shocking originality of the poster
#7044850)Didn't even read the article. It wsn't a SPAM machine that went down.
#7044853) *cough* You don't seem to have RTA, because they are the *anti*-spam guys that provide RBLs...
Really, I think that these anti-redundant folks on slashdot are getting out of hand. We've got to get serious about DDoSing them, or who knows, with this level of involvement they might go on to actually stopping SPAM.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Yet another retard who thinks SPEWS is dead.
But don't let this fact disturb you, just go back to celeberating the "death" by masterbating to goatse.
mod UP parent
Post the spammers URL on Slashdot.
We all know what the Slashdot effect does to a server. Postem, and take them down.
And if we couple that with a chain letter that says, "for every visit to this URL Hormel will donate three cents to Cancer research" they'll be down and off line for weeks.
-Goran
Carpe Scrotum - The only way to deal with your competition.
Others might benefit from these lists for the obvious reasons, but what about those who are wrongly accused of spamming for absolutely NO reason whatsoever?
Oh, they get blacklisted like I did.
No, I'm not a spammer. Never was. I have absolutely NO affiliation with spammers/spam domains at all. They can't tell me how and why I was added to this list.
Not that it matters because it's not like I'm constantly sending out email that can't get anywhere, but it's the principle of the thing.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
They should simply block ALL DDoS/spam zombies which aid in these kind of actions (after a 24 hour period in which a chance is given to the host to clean up his/her act). After being blocked (unconditionally being firewalled on ALL ports) there should be a 1 hour period in every week in which the host is checked if he's still spamming/DDoS'ing.
Countries that do nothing or take too little action should get their IPs revoked until they clean up their act. Those countries should also be given a fair period of time to do this (at most a week).
Yeah, years ago when blocklists were fairly new I had some idiot put the ISP I used on their list. It did get sorted before too long, but it was a big pain in the ass having a lot of people I knew unable to mail me because some bozo decided that one spammer on an ISP was justification to stop email going to all their customers.
Needless to say, I've never even considered using any of these lists since.
It is amazing how many machines some of these people operate and the amount of IP numbers they lease
I found a spamming company here in the city that I live in. I tracked down their office. Did a little snooping to be sure that they were of mystery meat and saved certian body excerments for days. In the dark of the night I crept and smeared this on the doors (especially the knobs) windows and such and left a finger printless can of Spam by the door
Maybe it didn't stop them, but it did and continues to make me smile
It is sad to see several services get knocked out by DDOS attacks. Several people have commented that these people leaving is a good thing in that they don't like blackhole lists and all the associated e-mail blocking and the possible trouble of getting unblacklisted. However think carefully. This type of attack can pretty much be used against any service that some one dislikes. This might be RIAA against a download site, or spammers and a blackhole list, or a news service with an unpopular story. And just because someone runs a blacklist site, doesn't mean people have to use it to block mail.
This will be a problem in the future as the bandwidth available for zombie gets higher (ah, broadband) and more common. And as the average person gets all the advantages (without the security) of such a connection. DDOS is almost impossible to defend against without deep pockets. As almost all the sources are (innocent, if ignorant) 3rd parties, with the luck of large pipes and open machines.
The only real solution I see (other than deep pockets which only makes it harder, but not a solution) is P2P systems that have trustworth sources (public/private key encryption) and that can be distributed in the same environment (big pipe, many consumer) machines. But you still need to build a system and get it distributed out there before this solution is going to work.
We will see this tactic again.. not just against black hole lists.. so be careful what you wish for.
According to you, there's no e-mail program which can only download the headers of e-mail? I call bullshit.
The other part: downloading only e-mail from people you know. Easy. Any filter, even in Evolution 1.0, can do that.
The final part: filtering spam based on the headers. SpamAssassin dann well can look at the headers to determine spam-content. So can bayesian filtering programs. You obviously haven't looked at some of the settings files for spam-assassin.
Finally, even if there aren't e-mail progs that can do that (and there are), it's certainly somthing that's easy to implement.
social sciences can never use experience to verify their statemen
What do you think flooding is?
What do you think sarcasm is?
The SPEWS website just exists to allow people to look up entries. The zonefiles are hosted through multiple sources (including one Yahoo! group -- I'd love to see the spammers try to DDoS Yahoo! and get away with it)), and they're still being updated regularly.
SPEWS is still alive and kicking.
These DDoS attacks against anti-spam resources are going to create a backlash, however. I expect that someonthing truly nasty will emerge in response to these DDoS attacks.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Right on! This is a problem that can be solved at a technological level. The mail we use today was pretty much designed to work "well enough". This was before the rise of mail spam. Now we know better. This time we can do it better. Instead of plugging holes in dykes when the water is cascading over the top, it's time to move to higher, drier ground.
The difference with junk mail is that THEY pay the price. With UCE, your ISP (and you, if you pay per minute connection charges, or lose important business emails when your mail starts bouncing) pays the price. It's a similar situation to junk faxes, and it's about time that spam started being prosecuted as such.
Yes, like I said, I feel sorry for what they've gone through, and I didn't mean to support the DDoS'ers. However I've been very tempted to DDoS some of these lists myself as they keep jeopardizing the business I've worked very hard to build. Of course I'd never do that or condone it, I just like to dream about it.
If you think about it, by instructing sites all over the world to reject email from my users they've launched their own distributed attack against me. Not DoS attacks, but meaningful attacks none the less. Can I call the FBI in against them? Of course not. I have wondered if I would have a case against them though for the harm they have caused my business. I'm just not the type to go around suing people.
Operators of major anti-spam systems might join InfraGard, the HHS/FBI "outreach program" for infrastructure operators. Get anti-spam systems recognized as key parts of the telecommunications infrastructure. Meet FBI types.
Last night I had 84 SPAM messages, and 9 legitimate messages. That already works out to 90% SPAM. I'm getting close to dropping email compeltely, much as I like the good stuff, the bad is hardly worth it. (My ISP does catch 90 of the SPAM, but they don't give me a way to delete it automaticly)
"And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue."
Uh, No.
RoadRunner here in austin is now blocking spoofed packets, I'm sure they arnt the only one.
Most big name bandwidth providers are now rate limiting icmp.
Before anyone cries about this not being enough, I never said it was, I'm just arguing that they are doing something.
I'd rather they do too little than too much, and everyone here(slashdot, specificly your rights online section) should feel the same way. Which would you rather have, DDoS kiddies or every isp limiting you to port80 connections that arnt allowed to stay open longer than a minute and no more than 5 connections/min allowed?
Give us the choice and let the few abuse it and the many enjoy it.
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
Ever been part of a blacklist from one of these anti-spam groups? Same thing, except in this case there is NO ONE to call. They kill your domain, and you can't get a hold of them. They're irresponsible and as much as I hate spam, I hope more of these damn things get shut down. I've seem them do more harm than good.
So, when will we see a distributed RBL that can stand up to distributed attacks?
/. cheered when a few spammers were harrassed out of existence? Now that some anti-spammers are getting DDOSed out of existence, we think it's not so funny. These anti-spammers are often people who don't give the first damn about the legitimacy of complaints against their service and just do whatever they like.
I have a better question.
When are we going to see some civilization on the net? The way things are going now reminds me of many a story about the old west in America, where law enforcement is ineffective at best, nonexistant at worst, and ham-handed in the middle. Where citizens are fed up with being brutalized and form lynch mobs.
This DDOS is just an escalation in the war between spammers and everyone else. Remember how
What we need are real laws, enforced in a civilized, orderly manner. Not "self-regulation". Not vigilante groups armed with nuclear weapons.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
To put it simply:
Blacklist:
Allow All
Deny RBL
Whitelist:
Deny All
Allow people_I_know
And if you think it's h*** to get off of a blacklist, think about what it will take to get on people's whitelists. And everyone will have a different whitelist.
we need more spam. i think all operators should shut down their lists even temporarily to show everyone what happens(even themselves). either noone will notice a difference or everything will shut down.
there has been no control in the experiment. no real idea of wether it works. if anything it makes more money for the talented spammers, becuase they can send out more spam.
Apparently Ron is abandoning both but there were two related anti-spam things he did. One was to maintain a blocklist for open proxies. The other was to run a network of proxypots and to use these to discover the IP addresses from which proxy abuse originated. He trapped a lot of spam with those, as well.
Ron made periodic posts to news.admin.net-abuse.email in which he listed the top 40 proxy abuse-source IPs. He also contacted the ISPs from which the abuse originated and was successful in getting many of these to boot the spammers (which is a big reason spammers wanted to put him out of business, it would seem.)
Ron was making real and substantial progress toward ridding the net of spam - even if you never heard of him he was helping you, and the help I speak of had none of the flaws of blocklists.
Spammers look about everywhere on the net, seeking abusable open proxies. That means proxypots will succeed almost anywhere on the net. Just about anyone can help identify spammer IPs and get the spammers thrown off their ISPs. Ron's Top 40 list was a nice bonus and it helped show which ISPs were responsive and which protected spammers. Similar information from a single site (yours, if you'd do it) would be also have great value.
I'd direct you to the Bubblegum proxypot web page but that, too, seems to be down. There's still something you can do even if you don't run a proxypot. If you have a software firewall on your system you can find the log entries for rejected proxy connection attempts. Chances are great that those were made by a spammer. Report the attempt to the appropriate ISP. I'd also suggest letting your ISP know: if spammers are looking in your ISP's space for abusable proxies the ISP can take protective actions. Your ISP also may have greater clout with the spammer's ISP - at least it's worth a shot.
There is a way to fight of spam, with a p2p like system!
You first have to get rid of the 'blacklists' idea to detect spam. As already mentioned by many people, they have downsides and moreover in a p2p net there is no 'authority' and so they could do anything, but noithing what is intended.
You even have to forget about all 'traditional' ways to identify a certain mail to be spam.
A p2p is the most powerful tool against spam, I can imagine. It offers the strongest method to detact spam, because only a _network_ and distributed computing offers the possibility to reveal information unique with spam.
Unique to spam is that a huge amount of mails are sent over the net in 'short' time, with almost identical (i.e. identical in parts of the content, not header fields) content.
If we get to know, that many mails with almost identical content are sent over the net in a short time, than we know, that spam is going on. and viola, spam>/dev/null
0. If the sender is on the whitelist, the mail is treatened normaly! (To avoid declaring mailinglist, newsleters and the like to spam, if they are not.)
1. We need to use common p2p technology to inter connnect mailservers, relays and mailclients.
2. When revieving a mail it gets queued in a verification queue.
3. For each mail in this queue, checksums of different parts of the mail are calculated. This 'checksum-sets' of received mails are stored and keept for some time. (Let's call that, the mail servers own checksums)
4. The checksum-set ist sent out to a handfull other participants on this p2p for 'confirmation'.
5. If such a 'confirmation' request is received, the checksum-set is stored too. (For a shorer time)
6. All checksum-sets (the own ones an the ones from _different_ hosts requesting 'confirmation' are now compared to each other using Bayesian statistical approach.
7. If to checksum-sets indicate a very similar, both checksums-sets get bundeled together and sent out as an 'alert notification' to all hosts connected. (The host IP's recieving such a mail are very important to avoid checking one hosts copies of his checksum-set temporarily stored on other servers!)
8. When receiving an 'alert notification' the mailserver checks similarity against all checksum sets, he has stored. If further similarities are detected, the are added to this 'alert notification' and again sent out to all connected machines.
9. Once the a 'alert notification' reaches a critical number of 'host' that received such a mail, they sent this package to all of these hosts and theyl delete the mail. (Of course this 'alert notification' will not be deleted, it will, again, be stored for further checks, as a 'spam notification'. (Mailservers that recive such spam mail some time later, should not start the whole process all over, since spamcase is already clear. Of course they'll receive this 'alert notification' withn an indicator, that all included hosts have already received this package.
10. The mails that 'survive' for more than an hour in the veryfication-queue are valid and leave the queue.
11. We're done with it.
The critical number should not be high enough, to avoid droping mails with multiple receipents or 'false positives'.
(Maybee I have forgotten one or the other detail, but I hope you can understand the priciple
I use wpoison on my system...what is the legal status of it now? The license agreement used to say you had to link to their site. What now?
You should use AdiumX on your Mac.
The only solution is all out war!
The problem is that spammers have a significant financial motivation to act in the ways that they do.
Spam fighters, on the other hand, are fighting back and providing services mostly out of the goodness of their hearts. (Check me if I'm wrong, but i've never seen an article on the lavish lifestyles built by opposing spam.) This means that unless we can come up with an *unbreakable* technological solution the spammers will always win the war: they have a financial motivation to fight harder than we do.
The solutions I've heard proposed sound more like problems than solutions: central governing bodies, a regulated internet, pay-per-email, etc all make my crypto-libertarian instincts nervous. If we don't want our commons taken away, we have to defend it ourselves!
So how can we win against an enemy with superior motivation? We need to take away their motivation! We can't ever win by fighting the spammers, so lets start fighting the people funding them!
We need to (legally) DOS the resources of those who are benefitting from spam. This is going to require maturity and restraint in the heat of battle, but if we attack the wrong people, we will be no better than the spammers. Let me propose the following:
Benefits and prerequisites... :) This is where it is key to have high profile trusted and respected figurehead. If Joe Blow organises this on his dsl line, his access gets cut off and the feds disapprove. If an innocent party is wronged than he probably goes to jail. If, on the other hand, ESR organises it, public opinion on the net will massively oppose federal pressure against him and commercial pressure (ie his access being cut off) is much less likely.
Speed is of the essence. Attack must respond to take down target before any profit is made. Scale is important as well. Volume of traffic must decimate servers even on fat pipes (or at least cause high bandwidth $$$ usage). It might even be possible to DOS 1-800 numbers if every subscriber was willing to place a call and complain.
Would all this be illegal? Certainly as a whole the intent is to DOS the target and therefore is illegal. I could even imagine RICO coming into play (this is after all an organized conspiracy to commit a crime). However the actions of those subscribing to the service are not illegal (IANAL, someone else comment). After all, I (as subscriber) am just saving a highly recommended commercial resource for later perusal!
I realise that there is lots of hand waving going on here. But I firmly feel that this may be an instance to fight fire with fire, fight outlaws with vigilante justice, etc. We need to claim our space for our productive use and not for other's pollution and decimation. Fighting spammers directly is like "fighting terrorism". Attacking those who provide the incentive is like taking the battle to host countries of terrorism; a much more likely strategy.
http://metapundit.net
and was pretty much ignored at all levels.
You're comparing the operators of these services to spoiled children, when they've done more for the anti-spam cause than nearly everyone who will ever read your comment. What did they do to deserve that? If they are being selfish for giving up their efforts, doesn't that make you and I even more selfish for never making an effort in the first place?
Who wants to become a volunteer in a world where if your efforts fail you will be seen as a failure and if they succeed you will be seen as an entitlement?
...really. How many unsolicited personal emails do you get that are important? Even if you're in an organization with a network, how many corporate emails are not from the company domain? Just filter out anything not from a known source be it your personal or business address book.
...
Our institution has a central broadcaster for corporate info. Any email for the general worker population is sent via that broadcaster. That's one filter. Coworkers another filter. Personal address book another filter.
That's it. Anyone else goes to Junk and that is checked every couple of days in a dedicated time slot. Nothing gets missed. And time isn't a factor because when was the last time you received some kind of deadline item from someone you didn't know?
Maybe a business has a few machines that really can't implement such a filtering scheme (eg. sales) but not everyone in a business has to be subject anonymous email solicitations. But at home it makes no sense that you have to be inconvenienced by spam. Just look at it statistically, how many emails have you had from addresses you didn't know, that mattered? OK maybe that Nigerian general with the account
"Consensus" in science is _always_ a political construct.
So you suggest that these "good named" ISPs are resorting to crimanial acts? I don't know what kind of world you think we live in, but I doubt that a "good named" ISP would resort to commiting an illegal act.
Then there is the issue that a "good named" ISP wouldn't support the illegal acts commited on their networks by spammers. Those who get listed back usually are the ones supporting spammers, some have a contract just for their spamemr customers. Some spam supporting ISPs knownly rotate their spammers to get the spamers out of IP blocks and are well aware that becuase of this their customers beside the spammer suffer.
The isp that seems "good named" could inreality be doing deals behind closed doors with out without any care about their customers. If spammers bring them in more money then their customers, don't be surprised if they don't care about you and give the spammers special treament.
You're not short of time; creating the system you describe (assuming good client software) hardly takes longer then typing your post did.
- Download, install, and run Freenet.
- Download and install fcptools.
- Instead of having your RBL list sourced from the HTTP net, have the RBL-client download the list periodically by running a quick invocation of fcptools.
Somebody has to publish it, but you could start by simply mirroring an existing list. The publisher's life is a little harder; they need to learn how to use SSK keys, get one, and learn how to post periodic content, but we're still talking half an hour. Moreover, you won't even necessarily be personally identifiable.A Freenet implementation is not a pipe-dream that would take months of highly-skilled developer time to implement, it's something anybody could do in about half-an-hour, if the RBL clients are configurable enough to take the RBL lists from varying sources like a shell script and not just HTTP. I don't believe in RBL lists because I believe they are censorship, so I'm not going to do this, but it would take so little effort you'll be astounded. You could do it over a lunchbreak.
The ratio of "collateral damage" to actual spams stopped is way too high
Hear, Hear. Effective blacklists with no practical collatarate damage actually exist, even if all the attention seems to gather around the overzealous(SPEWS) and stupid(AOL) blocklists.
dsbl.org open proxy/relay list, easy to get out once you fix the problem. very effective.
spamhaus.org lists IP addressess known to belong to spammers. Not as effective as dsbl, but a nice compliment in case spammer decides to send mail directly instead of raping a relay.
with those two, 60-80% of spam will stop at gates, so you will still need a content based filter for the rest.
signatures pending - ansa@kos.to - (dont mail there)
I guess you could call boycott a distributed denial of service attack, if you stretched the meaning of DDOS enough.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
I'm kinda wondering, if I, as a lowly cable modem user, can easily identify hundreds (if not thousands, I haven't completely gone through my firewall logs) of zombies on the same netblock I'm on (68.0.0.0/8).
But the ISPs on that netblock (Cox, Charter, Bellsouth, Adelphia, Verizon, et.al.) can not.
You should see my firewall logs...day after day, the same IPs from the same ISPs are hammering me. It is CLEAR nothing's being done.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
Email is almost not worth using anymore, between the tidal wave of spam, viruses, trojans.
I've kept my personal head above water with procmail+bogofilter, but for how long?
Very simple. You have one person or a group that are trusted. They create and distribute a PGP/GPG whatever, public key to all the people who want to be a part of the network. Then every time a list goes out or a list is queried, you just check the key signature on it to make sure it came from the trusted people. So list creation is centralized (like it is now) but distribution is distributed. Easy to verify, hard to DDoS. Bingo.
Technically it's Pseudonymous rather than Anonymous, but all you need is a consistent set of signatures by a trusted key - you don't need to know a True Name for the human body that owns the key. Somebody who wants to run a list can publish the key in a bunch of well-known sites, and if somebody wants to sign it certifying that it's the original one they've seen, that's fine too. That doesn't mean that, for instance "The Original Joe Spews" won't be immediately joined by 500 other "John Doe Spews" "John Bigbootee Spews" "Joe Job Spews" "Spam-Haters Anonymous", etc., but that's a job for reputation to solve. Each one has a unique public key, and the name is just a convenient handle.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
How about distributing RBL data over gnutella or similar.
I for one am not surprised that this is happening.
:(
The massive overlisting method especially brought into play by SPEWS brings along massive collateral damage (99% of those affected by listings are not associated with any kind of spamming) and that pisses off a lot of people, and a lot of these people are from very big companies that can afford all sorts of retaliation. Add to that the resources from the big porn spammers whose daily profits could finance a small country, and you have a very pissed and very powerful enemy that easily could be behind small attacks like these.
If only SPEWS would grow up, get professional and remove those innocently listed, they would get a lot more friends. I used to be an avid anti-spammer myself, running my own private DNSBL and frequent participator in NANAE and everything, but then the hosting centre where I work got listed and I got insulted by both SpamHaus-Steve and those not representing SPEWS in NANAE when I attempted to explain/correct the blatant mislisting and the fact that the only real spammer got kicked out (for spamming) back in March. But despite the fact that no spam has referenced us in any way for over 6 months, we're still listed at full throttle. This listing actually references a non-spamming company while the spammer we kicked out was never mentioned...
No, I'm glad to see those vigilantees get their asses kicked. They were behaving in a very immature way, more or less intentionally oblivious to the damage to innocent third parties their listing causes, and perched so high up on their high horse that they lost all contact with reality.
Finally I need to emphasize that I hate spam and spammers as much as the next guy, but vigilante tactics and methods bordering on terrorism with the massive collateral damage are not the way to go. What we need is international legislation featuring monster fines and reward-driven manhunts for the spammers themselves. That'll kill them off pretty quickly, perhaps in more ways than one. Have those Darwin Awards ready because spammers gotta be breaking records in stupidity even now, and continuing under those outlaw conditions is downright suicidal...
Now I use Spamgourmet and I can track my addresses as well as block them. Never had a problem in more than a year.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
I think back to the mid-90s at the latest, people who got into open source/free software volunteer projects did it because they liked to code or it was an adjunct to something they were going to do anyway, or in some cases were getting paid to do (didn't Larry Wall write Perl to do reports at work?).
Nowadays, even a lot of the brighter kids are into it for the name recognition, street cred and popularity "the community". The product (as opposed to the *project*) is initially worthwhile because they're talented and they're able to impose their will on it. But when it gets too messy (volunteers won't cooperate) or too hard (difficult features, too much user support), they find the fame too fleeting to make it worthwhile and they go away.
I'm not sure all of this is bad, but it does seem that the better *projects* (and not just products) come from people who do it because sendmail/perl/samba/etc is just what they do, and therefore they're able to cope with the annoyances much better -- the work *is* the goal.
Dunno what this has to do with RBLs getting DDoS'd into oblivion, tho, since DDoS is hard to overcome if you're on fixed bandwidth or worse, metered bandwidth and the ISP won't or can't help. It's one thing for people to put their souls into a project, it's another for them to invest $$$$$/mo in it.
Something is better than nothing. Is it possible to post the blacklists on google groups and then post the links on 10-15 mirror websites?
Those interested in updating their blacklists could copy and download the file from google groups.
Is that possible or am I missing something very important here?
Also, I submitted a article on slashdot 2 days back(got rejected) about network security, windows and government agencies.
One might, though I certainly wouldn't advocate it, DDoS the sellers of bulk email lists.
the wal-mart where i live has about the same number of male and female cashiers... what the hell does it matter what sex a cashier is??
article. Over Reliance on windows not good for national security.
Bush is on fire and its not good for my lungs.
Maybe we are doing things the wrong way. Just maybe if one day we all got rid of our filters someone will take action. Maybe the internet craches who knows and the big moneys involved press the goverment(s) to do something.
The internet is going to crap, its like a big ecommerce site. It really makes me sad.
Monkeys listed my server and, once I fixed the proxy that got the server listed, I was completely unable to get unlisted because of upstream DNS fubars that are out of my control. Oh well, they didn't care about me; I find it hard to care much more about them.
Oh, go on, check out my job.
But then they'd DDoS the central key repository at MIT, Noooo! :^P
One line blog. I hear that they're called Twitters now.
So if you'll file under Arizona's new anti-spam law, I can get you all the examples and logs you want.
I confess to not being all that optimistic, though.
Lacking <sarcasm> tags,
Its easy - but it involves implementing a database for your email addresses. This is how it works:
- data base maintains two lists:
1. your list of valid sent to addresses - much like your current address book. But these addresses are much longer and cannot be guessed. I thinking something like a 100 byte random email address.
2. the list of valid email addresses people use to send you email.
Your mail reader gets a valid email address either from your local database - and should validate it with the send to mail host - or the mail reader retrieves a CAPTCHA for the person to solve from the destination's database server.
The mail daemon on the receiving end checks with its local database for a valid send to address. Remember its really long so spammers cannot search this space. If the address is valid the user gets the mail. If its not valid, then the maildaemon checks the return address to see if its valid. If its not - then no action is taken - if it is valid then the sender of the mail gets a response from the mail daemon explaining how to get a valid email address via a CAPTCHA test.
If you get spam on a valid email address - you tell your database to cancel that address. Voila! No more spam on that address. Now if someone wants to send you spam they can get a valid send to address but it takes a few seconds of actual human time to get it (the CAPTCHA). But its only good until the receiver cancels the address.
This system is completely workable with existing internet mail. Now I need to learn how to write an RFC and submit it.
This would require that people store the actual valid send to email addresses inside some sort of address book - unless they want to go through a CAPTCHA for every email they send.
This would also allow people to determine where spammers are getting their email addresses from.
A user could generate a valid sent to address for him/her-self without going through a CAPTCHA for places that require an email - like your bank.
Note: this would not stop those nasty email viruses from sending themselves. That's a separate problem of people running attachments that are sent to them via email. Though this would probably slow down those virii a little.
CAPTCHA: see http://www.captcha.net/ for more info on this curious acronym
NSA? FBI? Why go for the small fry?
Resolve them to either a .mil or to the House and Senate sites for 12 hours. After that, apologize and point out that they, with Gov-spec servers, were only hit for twelve hours while Joe Jared, Ron Guiliamette, etc. have been trying to deal with it for that many weeks -- but for some reason "law enforcement" didn't see it as a problem.
Lacking <sarcasm> tags,
I currently use a paid whitelist authorization company. It is awesome. Out of 4000+ spam mails, only 4 got through because the spammer actually to ok the time to authenticate (do good type associations). For the life of me, I cannot understand why everybody has not jumped on e-mail authentication as the final solution.
-Nuke the moon
give me fucking break. at least some out there are TRYING to curb spam.
My view. You get caught sending out mass spam, you are SHOT IN THE HEAD!
If all countries subscribe to this...be a lot less spammers(they'll all be dead)
Please point to the thread where you were "insulted." Heck, please tell us just what , so we can be sure your are not just some spammer claiming to be a "frequent participator."
I still doubt you anyway, you use the same spammy speak ("I hate spam as much as the other guy..."), you are ranting about spews when it isn't the supbject, sounds like you are just throwing the NANAE group arround, compaired these anit-spam tactics to terrorism, etc.
I would also think that someone who claims to be an "anti-spammer" wouldn't get quite so supset over spews, as well as understand why people have good reasons for using SPEWS.
1) Instead of having centralized servers that hold the blacklist, distribute them as a file. This file would be signed by the blacklist maintainer using a certificate from a reputable Certificate Authority, like Verislime.
2) These files would be distributed on a p2p network like Kazaa.
3) Client-side application would be built that would go to Kazaa maybe once a day or X number of times a day and fetch the latest and greatest version of this file. Even if anti-spammers create fake versions of the file, they can't fake the private key of the blacklist maintainer so fakes could be rooted out by the client-side application.
4) The client-side application would stay on the DNS server of the ISP, meaning that the ISP wouldn't have to set their DNSes to point to outside networks in order to get this blacklist info.
Yes, it is not extremely real-time in terms of modifications, but frankly who cares? Even once-a-day files would be great since it takes days for these blacklist maintainers to modify their list currently. Damn, maybe I should patent this!
These zombie machines are clearly insecure and already compromised, right? Well, the last legal briefing I heard (long ago, can't find link) there was no precedent regarding reacting to a "hacking" attack with a counter-hack in defense.
So these machines are compromised, run an nmap (or similar) and crash them or point them at SPAMMERS. Granted, up-front you'd have to respond to each attack but this could be scripted out. Any mapped attack (via a firewall or intrusion detection type analysis) causes the script to run which determines the source and launches a counter-attack. The number of zombie viruses / worms HAS to be limited, so you're scanning for, and acting on a limited set of vulns.
NO doubt innocent owners of these zombies will suffer until they patch, but I have limited sympathy here. Their ignorance is causing direct harm to others, not just RBLs but also Yahoo and other sites that have been targeted. They'll learn in the end.
Comments? Flames???
Computer Science is Applied Philosophy
The problem is companies who pay spammers to send their crap. And we know nearly all of them because we have their names, urls, products, etc... in all the spams we receive. Instead of trying to track spammers down, when they are rich enough to pay a judge, why not randomly catch as many of their customers as possible to make the other ones fear the risk ? Use Darl McBride and RIAA's method : "warning, we know who you are, you have a little chance to be caught, but perhaps 5 years in jail for paying someone to pollute the net will make you think twice if it's worth the risk".
And if the spammers lose most of their customers, they will have to raise the prices to a able to pay for their access, and become far less appealing as a means of communication.
Just my thoughts,
Willy
In a nutshell, it is a method to slow down the delivery of spam to the point that it is no longer profitable.
it was great until everyone wanted land... err *cough* until everyone wants it their way.
Please don't set up rules and regulation on the net, but I'll admit, this is pretty out of hand.
This news really sucks, because as a techie who provides list hosting for groups, I was hoping that some relief from spam was around the corner.
I'm so sick of spam that I've rethought my stance on the death penalty. After years of activism against it, I know support it's application against spammers. In my book, spammers are worse than other criminals because they are so in your face with their anti-social behavior.
What we need is a national list of home addresses of spammers, distributed via p2p services. This would allow people who are sick of spam to exercise whatever form of creative justice they want on spammers.
if we can agree that spam is not a problem, then why are we all so worried about it?
-- too cruel for schuel
The unstated (but pervasively implied) follow-up to the above statement is "... but I don't want to actually have to pay for any of it".
Sure it's sad to see a service that you're familiar with and like to use (like these anit-spam services) suddenly fold up shop. However, I'm curious why none of the comments anywhere in this thread bring up the idea of some type of for-profit approach (i.e. a subscription-based service).
If there really is no one who is willing to pay for these types of services... well, you get what you pay for. If you believe that "the internet becomes more worthless every day", maybe that's because when it comes time to put your money where your mouth is, you consider its worth to be $0.00.
Just my $0.02 (figuratively speaking, of course)
Slashdot is entertaining like pro wrestling is entertaining
Hey,
What do spammers want? Responses from people interested in their services, right? People willing, able, and eager to buy the penis pills, porn, whatever... So what if we followed-up to all the spam E-mail we got? All of us. All the time.
The result is that spammers would be overwhelmed: with such a large volley of requests for their services and products, they'd have a hard time weeding out the ones who are actually -serious-, the real messages they were interested in receiving. If their inboxes had as low a signal:noise as ours do, maybe their choice of business tactics would be less effective.
Or maybe they already do. I have no idea.
Well said.
Maybe it's not about the lack of women begging to bear your children.
For instance, Joe Jared's case. Osirusoft was purely a volunteer effort on Joe's part, and it took time and money away from his family. Which they accepted.
The lawsuit and DDOS, on the other hand, not only sucked money to fight them but denied him the use of his systems and connection for his main business (orthotic shoe inserts).
Joe didn't give up because we weren't worshipping him, he gave up because he had to in order to feed his family. Whether you approve or not really doesn't matter.
Lacking <sarcasm> tags,
I've already reverted to this tactic to pick up the slack in my spam ratios caused by the disappearance of osirusoft.
All I can say is "thank God I'm not your customer". If there's one thing I can't stand, it's overzealous mail weenies pettily blocking swathes of the Internet the size of Brazil. I've already had to change ISPs twice because of their dumb-ass "block legitimate mail and laugh" attitudes. They can keep their attitudes, but they will never get any more of my money until they change.
More customers should be told about what their ISP's mail admin gets up to. They're usually told "FooISP protects your mailbox from SPAM" and that's that. If Joe Customer knew that political coercion shit like SPEWS was being used and their mailbox was being held hostage by rogue admins for political gain, they wouldn't stand for it.
If there was only someway to connect the fortunes of the RIAA to these anti-spam activists effort and then point the two entities at each other.
Sort of like when the mean monster ate the bad dude in Star Wars II because of swanky Jedi mind trick.
Obi Wan, are you there?
the future is here, it is just not evenly distributed - w. gibson
The blacklister provides information to various people who choose, on their own, to say "I do not like what you are doing, Mr. Spammer, and I will not allow you to use MY system to do it."
Two problems:
Will I retire or break 10K?
The whitelist tactic is like making people leave a message even though you're sitting right by the phone. It's rude, and it will annoy anyone who is trying to email you for the first time, regardless of whether they're selling penis-enlargent pills or offering you a job. People whose first email to you is bounced or ignored probably won't try again.
Whitelists are great for stopping *all* unsolicited email, not just the commercial kind. It's just as good at blocking email from people who just read your resume, people who you gave your email address to at a party, etc. If you already have a good job, are already married, and have as many friends as you want, by all means go for the whitelist, but if you intend to expand your circle of acquainences, or try to get a job or a date, it's a bad idea.
0 1 - just my two bits
I read through alot of these messages and no one has really hit the nail on the head.
SMTP and POP are outdated protocols. A re-working needs to be done to ingrain authentication so the recipient can simply say, "Bounce all non-authenticated emails".
Although it's sort of chicken and the egg, if a solid alternative was developed I think many large ISP's could be brought on board quickly. They hate spam
Karma means nothing to me, so suck it...
The solution is obvious - the Internet and email will soon be a "Pay For" service. You will pay to send email on a per-message basis. This will be advertised as "Secure" or some other garbage. You will not be able to do anything for just your ISP fee, you'll have to have a credit card to browse the web (no more DOS if you have to pay, right?) and email (same.)
e d
So who is behind all this SPAM?
Um, HELLO! The government and the ISPs. (Huh?) Worst case scenario - the government wants to lock down the internet so politically inclined folks cannot just mass mail everyone and organize a new party, restructuring, or some other political coup. If you can't afford to send emails to everyone you want, you cannot harm the big businesses that run the government. So who are these big businesses? The ISP's, of course.
So when you tell the FBI you're getting DDOS'd to death why don't they care? Well, probably because they have been told to leave it alone so you quit and go home. Soon you'll be more than happy to PAY for something free. So they ISP's win, and so does anyone else who charges you a fee for Premium Services.
Simply because of junk email.
The real solution: Everyone should have server based filters, and build a few that work. I have to admit I am ASHAMED at all the admins who cannot block 98% of spam with only 10-15 well thought out filters on their mail servers, and BOUNCE them.
Examples of email content that real users rarely send:
table
input
type=hidden
!--
unsub
subscrib
etc... a few other well thought out HTML examples easily kill a TON of email. I lament the fact that I switched over to another host and do not have my filters, because I am slowly getting SPAM. As soon as I can, I'm installing something with filters and I'll be SPAM free.
Black lists don't work.
White lists are great and EASY.
Question: Why don't Yahoo and Hotmail 550/bounce SPAM per your settings? Because they want you to hate SPAM so they can start charging you MORE money. Which is exactly what MSN Messenger is starting to do, and Yahoo will probably be next. See where this is all going?
-RS25
If you came up with "private ISP antispam lists", you win a cookie... which expires in July 2038. I have over 70,000 IPs and subnets, up to /8's, in our private list. Currently, it traps more spammers than the RBLs do.
If your subnet gets in it, which is getting easier to do as the onslaught of proxies on DSLs (thanks to SOBIG.x), you don't even KNOW who I am to get off of it, or who I might share it with, or what domains are covered by it, and how many thousand others there are to figure out how to contact when your mail stops going through.
Today, I added nearly 600 proxies to our list; it was a relatively slow day. It's not all that likely that YOU personally will be blocked by MY list, but there are thousands of them out there, and it's likely that you'll hit one in the near future. We never thought of having our own lists before ORBS was taken out; now, we wouldn't be without them!
That wouldn't quite work, spammers can and do forge the email hearders.
So when Joe Spammer sends you a message with the forged address Joe_victim@Insertaddyhere.Com and you reply to the message, Joe Victim get the replys and not the spammer. Joe Victim also gets a bunch of complaints from people who don't under stand that his address was forged, as well as all the bounced messages for the invalid email addresses the spammer tried.
Why not launch DDoS attacks against the spammers themselves. Steal their ddos drones, hack the spam relays, take the true source ip`s of the spams offline, and take offline the websites that the spams promote.
Companies will think twice about paying spammers to advertise them if instead of bringing in revenue in the form of customers, it drains revenue in the form of bandwidth costs and lost customers.
Spammers also will think twice about their actions if their bandwidth costs go through the roof.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
such as Usenet and Freenet and Gnutella and probably Kazaa, and it's not too hard to develop efficient data formats for baseline and incremental update and detail records (easier for IPv4 blocking than IPv6
There are some problems with broadcasting the list as opposed to doing transactional interaction - a list of "mis-configured open relays or proxies with updates" is not much different from the spamware spammers' products of list of new still-usable open relays. (It's a bit less useful, because they know that some people are blocking them, but they also know that lots of people aren't.)
The other half of the communications process is harder - getting the information on spammers to the list maintainer without exposing the list maintainer to attack. A simple usenet group or IRC channel can be flooded, and email can be mailbombed, and the obvious way to do it is with bogus spam reports to reduce the integrity of the information. And some of it's an arms race, e.g. spammer submits a purported open relay to list-manager the list-manager's tester tests the "relay", and the "relay" captures the tester's IP address for DDOSing.
There are spam-reporting reputation systems - Cloudmark and Vipul's Razor do some of that, if imperfectly, or simple subscriber-only systems can stay below the radar (even though they'll have some spammers subscribing...) and you could probably build one that was P2P for a bit more safety. Vipul's distriuted approach lets users mark messages as spam, and distributes hashes, rather than killing whole sites, but you could adapt it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But the fact remains that there is a fundamental difference in me restricting how someone else uses my system, and in someone else dictating how I use my system by a cyber attack.
If the "someone else" is your customers, and you hold a government-granted monopoly such as a cable television franchise, your customers may be able to convince a jury that imposing restrictions on all residential Internet access accounts is tantamount to a "cyber attack" on their freedom of speech.
Will I retire or break 10K?
And, of course, the real problem in that scenario is the government-granted monopoly. However, I have difficulty in seeing where your right to free speech compels me to transmit your message.
A telecom company holding a government-granted geographical monopoly is likely to become subject to regulation as a common carrier.
There are also dial-up connections available which, while slower, are certainly servicable.
Dial-up is 2.5 KB/s up, on a good day. If "slower" means slower than the speech is generated, speech can no longer move freely over the connection.
Will I retire or break 10K?
All I can say is "thank God I'm not your customer". ...
If Joe Customer knew that political coercion shit like SPEWS was being used and their mailbox was being held hostage by rogue admins for political gain, they wouldn't stand for it.
For the record, I do not run an ISP, nor have I ever run one. Therefore, I believe I qualify as the "Joe Customer" you speak of. Also, for the record, despite my subtle fear of losing a valid email, I support the admins fighting the Good Fight(tm) against spam and spammers alike.
Many large ISPs have a much too lenient attitude towards spammers on their network. They're paid large sums of money for the bandwidth being used, and are apt to look the other way where spamming is concerned.
Can you honestly say that you find the spam you receive useful? Did you ask for that spam? I know my answers... and I have made it a point to not purchase any product or service that is introduced to me by way of spam.
Spam is one thing I could do without, and I'm willing to give a little to win in the long run. Aren't you?
Well, thought I'd drop a quick [positive] word for SORBS.net. Backed by the University of Queensland, I'd say it's got some decent bandwidth to withstand a DoS. I could be wrong though... :-/
All I can say is "thank God I'm not your customer".
I'm just as thankful!
If there's one thing I can't stand, it's overzealous mail weenies pettily blocking swathes of the Internet the size of Brazil.
Funny you should mention Brazil, they're blocked!
I've already had to change ISPs twice because of their dumb-ass "block legitimate mail and laugh" attitudes. They can keep their attitudes, but they will never get any more of my money until they change.
I make no effort to block legitimate mail, in fact just the opposite.
As for your money, if I lose your patronage to gain that of 100 people who are sick and tired of the e-mail address they pay for being cluttered with porn and penis enlargement ads, so be it.
See, that's why I am immediately and strongly suspicious of the disparagement of blocklists by anonymous cowards on slashdot: they all give basically the same argument, but this argument seems not to exist anywhere outside of anonymous forums on the internet. It's almost as if the spammers were trying to pull a little Microsoft-grassroots tactic.
The reality of the situation is that we disclose to users our methods of preventing spam quite clearly, and we have yet to see a single user complain, much less cancel their service because of our spam fighting tactics. In actuality, our subscriptions have risen as word has started to spread that for every 100 spams you get at our competition, you'll get 1 with us. This is an issue that users feel strongly about, and we've had a purely positive response from our actions. Users regularly (not an exaggeration -- REGULARLY) contact us just to express their pleasure with the low volume of junk e-mail they receive. I can't remember the last time a user called just to say "thanks" for anything else.
More customers should be told about what their ISP's mail admin gets up to. They're usually told "FooISP protects your mailbox from SPAM" and that's that. If Joe Customer knew that political coercion shit like SPEWS was being used and their mailbox was being held hostage by rogue admins for political gain, they wouldn't stand for it.
First, what the heck is a "rogue admin"? Are we talking AD&D, or are you actually implying that by protecting my customers against the biggest nuisance on the net today, I'm somehow behaving improperly? I'm sure I'm frustrating the heck out of spammers, but nobody else has complained.
Second, SPEWS (red flag as soon as you brought that up...you smell of NANAE) explains its purpose quite clearly to anyone who listens. SPEWS is attempting to coerce ISPs to enforce their own terms of service, because end users on the net are sick and tired of the amount of spam they receive. My customers not only stand for this, they applaud it regularly as I mentioned.
Finally, as I touched on before: we make no effort to *hide* the fact that we take all possible precautions to give our users the kind of service they want. I happen to believe thats a better path to success than cramming your advertisements down the throats of anyone and everyone you can find against their will.
And then there's the nuisance factor...script kiddies chucking up their enemys' domains as spammers, adding aol.com, etc.
How is this not helpful?
There are a couple of approaches that might make sense for distributed collection of Spammer and RBL data. The Vipul's Razor / Cloudmark approach is good of having real humans read spam messages and distribute pointers so that other humans don't need to read them, but that doesn't cut down on their transmission (at least from spammer to mailbox; it can prevent the mailbox-to-user transmission which is more annoying to the user.) But it doesn't identify open relays, open proxies, and other attractive nuisances.
However, you could build a distributed system that splits up the IPv4 address space and gives out chunks of it to the users for relay/proxy checking, and uses P2P mechanisms to share the results. You'd definitely have to have multiple users check each address space, and do some sort of karma system, and have some kind of randomization method for who gets which address space, because otherwise spammers and their pet zombies will put out false negatives for the relays they're using and false positives for machines they do use and DDOS the users who are checking up on them.
Perhaps something out of the control of the individual user, like a Diffie-Hellman key exchange with peer systems, would reduce the ability of evil users to do false negatives on the systems they report on? On the other hand, it would encourage them to scan the systems they're responsible for reporting on to see if there are any that are exploitable, but a reputation system still helps minimize the damage from that/
There are still problems with any active-probing system. How do you tell the difference between a good spam-prevention-bot user probing systems for abusable weaknesses and an evil spammer's bot probing systems for weaknesses? Can some chain of digital signatures help any? Is there any obvious way to implement automated trustable distributed karma?
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You'll see them show the money pretty god damn quick.
Since the Swen worm came out, we've both been receiving GIGABYTES of worms. Literally. (I haven't done a dissassembly yet, but I do suspect that our addresses are either hard-coded into the worm or being harvested by it from the archives of the anti-spam or anti-malware mailing lists in which we both participate.) Nothing to do except block the messages, which we are. But I'm upgrading my server, because the strain of filtering several gigabytes of extra mail a day is making it thrash like a sonofagun. And since the messages are coming from all over, it's impossible to tell if they're worms without receiving enough of each to match a pattern.
If the ISP is housing spammers, it probably doesn't care too much for the welfare of it's other customers as long as they keep paying their connection fees. If, however, customers of ISPs who house spammers [had the opportunity to] leave to another ISP, then it would cut into their bottom line and losing the spammers would be less detrimental than losing the rest of their customer base to competition!
...and that's the way the cookie crumbles.