Slashdot Mirror
Examining an Automated Spam Tool
Saint Aardvark writes "SecurityFocus has published an excellent column detailing how spammers r00ted an Apache server, and used it to send spam. The tool they used is (I hate to admit it) pretty sophisticated: it has macro capabilities, picks up email addresses from and reports success or failure to the master server. It's a very frightening read...and so is this: Message Labs reports that they now intercept 27 spam emails per second, up from 2 per second this time last year. Virus-created proxies are mainly to blame."
All this really makes me wonder when the death penalty will be approved for spammers. Or at least some harsh beatings...
Spam is profitable, and this is becoming a huge underground business. Spammers regularly compromise other systems and install sophisticated software to allow easier spamming. Here's a document that describes the link between spam and viruses
At what point does the gulag become an option for cases like this? Where are the authorities?
Stop corporate
yet another example spammers aren't just mom&pop operations. This is a big business, with big money backing it.
Something desperately needs to be done with SMTP to control this stuff....
One day I noticed that one of my remote servers was sending 24 hours a day a continuous 11Kbytes stream, using the 100% of the upload bandwidth (128Kbits).
Seems greed has once again turned around and bit someone in the ass (in this case it was a good thing). So all these spammers really need to do is slow down the avalanche of spam somewhat, and throttle their speeds when relaying. Otherwise, how long would this have went on for if he hadnt noticed his upload being maxed?
If only we could harness the power of these cool (and working!) distributed systems to provide efficient peer to peer content distribution or an actual legitimate email system of some sort...
A self-aware, self-improving spam program, that is able to self-propagate, with a distributed mother ship.
Wow, think of the possibilities.
sine puella vita suget
This is obscene. How far will spammers go?
If they're good, and are producing sophisticated tools and methods for spamming, then it's imperative that it is admitted, so people will understand the true nature of the problem and what anti-spammers are up against.
One of the most fatal mistakes you can make in any conflict is to underestimate your opponent.
It's official. Most of you are morons.
Although I haven't experienced spam that goes so far, I have received (in my special spam account for playing with Nigerians and lottery managers) quite a few mails with requests to confirm my e-mail address. It works like this - you get a mail saying something a la: "I am controlling the e-mail sent to my inbox for the following address: sucker@born.every.minute.com. By asking for you to confirm that you really sent email to me I can ensure that I receive no spam and that your email address really exists. This is a one time confirmation, please click the link below and your email will be delivered straight away, now and in the future. Regards, Alberto Huber"
The funny thing about it was that the "I" in question was neither someone I sent mail to nor someone I know at all.
Now if they think I'm going to go click the link to confirm that my e-mail address exists, then they would surely be willing to buy some property on Mars I have for sale. Radiation-free. Really.
People say I'm crazy, I got diamonds on the soles of my shoes...
Actually, and yeah yeah yeah, I know there are probably settings around this, but that default of cgi variables automatically being turned into global variables of the form $same_name_as_in_the_form has always seemed to be asking for trouble.
PHP, at least when I was looking at it a year and a half ago, always felt half-baked to me.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
No, not yet! I'm only halfway through my penis-enlarging regimen!
Did I read this right? Don't you mean this was an IIS server that was r00ted?
"Ask not what your country can do for you." --John F. Kennedy
People who buy pump&dump-spamvertised stocks lose their money.
People who buy bogus-prescription opiate painkillers go to sleep all the time and lose their nationwide radio shows.
People who buy penis enlarger pills have their dicks fall off. The problem is that they're usually older men who have already made their contributions to the gene pool, so Darwin doesn't get them in the end.
The problem, of course, is that all of these bad things happen to the customers after they've given the spammers their money, so it doesn't stop the spammers, and if they're dumb enough to believe that the spammers' products will work, they're too dumb to believe the Absolutely True Results By Top Scientists which say that their dicks will fall off if they buy fake vi1@gruh, even if we get the supermarket tabloids to keep printing headlines about it.
I think it's time we get a new mail protocol.
If we can somehow get a list of relays authorized for the sender's domain, it would be easier to flag a message as SPAM.
Also, I think the messages should be stored on the relay, with just a URL sent in the mail body. It would solve two problems:
* The size of the message will be limited by the size of the sender's mailbox.
* It will use more resources on the relay, and the admin should be less likely to run an open relay.
Death has been proven to be 99% fatal in lab rats.
yes it's definitely profitable, this is part of the problem, a major part of it!
even with all the crap that people are doing, new SMPT clients, new RFCs and bullshit, it's not going to work!
why? because spammers pay their ISPs tens of thousands of $ a month just for the privilege of spamming!
I remember an old story months (or years) ago about a spammer, got tracked down, the whole nine yards, the ISP refused to cut them off because they were paying the ISP over $50,000 a MONTH to send spam. These days they pay even more.
So all your "checks and balances" don't do any good, because the spammers are VALID users (at least in the eyes of the ISP hosting them).
And this is also why no one does egress filtering. AT&T US, etc won't do it because they get PAID to keep sending the stuff...
face it, spam is BIG business, it makes millions, esp for the ISPs, etc.
all your useless "valid" client checks, checksums, special SMTP servers, blah blah blah won't make a damn of difference.
the only way is with either good (huge) blacklists or bayesian all over the place.
and what someone said about "end users" not caring about bandwidth usage, not true. I'm an end-user, and I care, excess bandwidth costs me money dammit! I am my own mail server, so don't tell me a firewall on my server is gonna slow down the traffic. it doesn't.
I keep to my original proposal, a massive blacklist. headache? yes, but it'd work if kept updated...
Yeah, send 'em into the organ banks. Mind you, if my arm falls off, I'm not sure I'd like to know my new one might have come from a spammer...
End of lesson. You may press the button.
spammer find away in, use it for spamming.
Gets traced relativly easy to the server, a patch is issued.
This is probably the most benign thing that can happen from an exploit, and it is easy to track down. Finding it in a research center would be better, but barring that, this ain't so bad.
The Kruger Dunning explains most post on
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
Comment removed based on user account deletion
that this intrusion is probably the work of some teenage kid who will never have to do a day of real work in his life. But at least stuff like this keeps us admins employed. . . at least some of the time.
This comment was generated by a squadron of trained super elite albino ninja chickens for you.
It looks like a pretty standard challenge-response thing. While I suppose that those could be faked to verify emails on a spamlist, it's more likely that one of those viruses that emails with random from addresses sent mail to someone using a challenge-response system with inadequate spam controls being applied before the challenge stage.
This is going to make me move my web server to OpenBSD 3.4-stable on macppc even sooner. It would have two layers of defense against this kind of attack, even if the PHP hole was there.
Running under systrace might also help stop it from opening outbound connections.
It was a pretty good article, but he leaves off one glaring fact. If he had kept his software up to date, this would never have happened. BugTraq says August 2002 when this was identified.
This is a test. This is a test of the emergency sig system. This has been only a test.
it should be noted that this wasn't apache that was rooted. it was a poorly written PHP app, using an injection technique.
http://kered.org
Who exactly is funding all this spam? Is there one major media conglomerate behind it, like Viacom? That would be totally wild.
stuff |
I have 2 questions that I have always wondered:
1. Most spam mails are selling something physical and are actual companies; why can't they therefore be tracked down and slapped with lawsuits easily?
2. Why doesn't user education work? Maybe a mass education campaign towards users will make the spammers give up - I agree there will always be the odd idiot, but if 99% of users are educated, just like most kids know not to talk to strangers, there will eventually be a decline in such?
There was a great article in the local paper about how many ordinary businesses collecting email supposedly for customer service purposes are selling this info off, where it ultimately gets into the hands of spammers.
I'm not sure how the spammers re-close the loop with mainstream businesses, but I'm sure its happening.
That sounds suspiciously familiar, especially when you substitute "e-mail" with "innocent-looking links to Amazon.com".
"Ask not what your country can do for you." --John F. Kennedy
Well, there's no accounting for spammers' tastes. Judging from some of the spams I've seen, females with enlarged cocks are apparently pretty popular with these folks...
"Time is an abstract concept devised by carbon-based lifeforms to monitor their ongoing decay." - Thundercleese
I dont see what the technical or social barriers are. For example, it would not require any change in the way mail is transported. Instead it would all be handled by the recipient's browser.
consider the following straw man scheme. I send you an e-mail.
1) If I am in your white list the e-mail is accepted.
2) if not then the e-mail is examined for a signed, serial numbered e-stamp and if present a short message is sent to central post office to debit the senders account one penny, and a receipt is returned to my e-mail program which then lets the message in.
3) Finally if the message does not contain a stamp and is not white listed, the message is put in a spam folder and a memo sent to the sender (me) telling me that I need to request permission to send e-mail.
The last step is how for example Earthlink's highest level spam blocker works. If most messages are spam then of course it doubles the total number of messages sent, but does not double the total message sizes or hand shaking. To the extend that it works, the post offices will only be consulted if the sender is not in the white list so unused stamps can be reclaimed. Moreover one could have the option of refunding the senders stamp if the message were welcome.
I dont see what the sociologocal or technical hurdles are. Not every one has to be using the stamp processing client program. When stamps are not present it defaults to the earthlink system. When they are is skips that nuiscance.
the best part is that legitimate direct mailers might very well be willing to pay the postage to send you an advertisment but presumbaly in many cases these would be targeted ads to people with potential interest.
Some drink at the fountain of knowledge. Others just gargle.
I know it is selfish, but SpamAssassin does such a good job of killing of my spam, especially with Bayan (sp?) filtering, that I no longer care about spam. It eats up some bandwidth, but I have so few email addresses and emails are so small, I'll accept it.
Now my main concern is not getting rooted (or the equiv').
First spam, then the Empire! Finally Portugal is regaining it's place! Seaway to India, you say? Do I ear Brazil? Was that "Eastern Empire" sir? Bollocks! It all fades away compared to the might of SBTF.NET!
;)
On a more serious note, the telephone contact given in the RIPE lookup is a bogus one (lacks one number to be a valid portuguese phone number), the "Rua do Norte" street doesn't exist in Lisbon and SBTF isn't listed in any portuguese site that deals with companies registration.
Some say "bad publicity is good publicity"... I would rather not have my country mentioned by these particular reasons.
But... the guy reporting it is from Spain... this could be some devious plot to, er, something.
cheers
Nope. Windows is the master of both of those domains, thanks to the power of spam-trojan viruses.
This article is interesting because it was a PHP exploit on a *nix/Apache box, but Windows is where the big-time spammers do their R00Ting.Hi
s ins
I have made an eigenpoll
to find the best spamtools.
First ranking the tools you know,
the it runs some data minning and find the best tool.
Right now the list looks like.
sa-exim
Outclass
Mail Scanner
spamprobe
POPFile
SpamBayes
SpamAssas
Vipul's Razor
Blackmail
bogofilter
Infinospam
Spamthi
Shovel
SpamBouncer
Declude JunkMail
spamhole
does anyone know how much money a spammer makes? can it really be worth all the effort?
In my dorm we have blocked port 25 from LAN to internet. It was thought to keep viruses from propagating from out network and keep people from setting up a spamserver. Now it looks like a very good decision. (they can actually only use our DMZ smtp gateway, which is antivirus protected).
All ISP or the like should block port 25 outbound by default, and make people use the smtp server of the ISP. If people (1 out of 10.000) would like to use port 25 outbound, they should contact the ISP through a bureaucratic procedure. That would close the trojan hole at least.
Are there any other ports (priviledged/unpriviledged) that one can safely block to avoid trojans and the like???
I knew it all the time, Apache and Unix servers are among the most vulnerable on the planet. This could never happen to trusty old Windows boxen.
...oh, wait...
1) make money (or is spamming that easy?) :-)
2) get my rc control car that gives me a reduced mortgage, life insurance and 'elongates' my love life
More seriously, the education needs to be for the people who buy off these people. If people stop using the 'services' then the spammers will move onto some other way of making money.
I've gotten a few of those and always attributed it to a legitimate TMDA triggered by the newer breeds of email viruses that set the from: to be someone else from the addressbook (ie, me).
Let's first of all say I am no fan of spam. In fact, I hate it. All spammers - and virus writers - should be strung up and subjected to some real virii.
However, some of these statistics are possibly obscuring reality. For example, let's take Messagelabs anti-spam service. Until recently, all emails from WorldPay - receipts, etc. - were marked as spam. All the traffic on an email discussion list that I have signed up for are marked as spam. Some commercial email notification lists that I have signed up for (ie. Maplin offers) are marked as spam.
But none of those emails *are* spam. Admittedly, some spam emails do get through without being flagged. So maybe it's a bit 'swings and roundabouts'. And regardless, the situation is pretty depressing anyway.
One thing I have been thinking about - and just wondering whether it should be entered as an Ask Slashdot item - are some of the 'cures' as bad as the problem itself?
I work on biology / medicine journals websites, and we offer a number of automatic notification and general update services. Note that these are *not* spam - they are requested by individuals by signing up on the website - and instructions are given in every email in how to remove yourself from the list. And they are a very valuable service to many people that do choose to receive them. Yet it only takes 1 person to not bother to read or follow the removal instructions, or otherwise hit some other temporary (accidental) issue that holds up their removal, and then submit it to a blacklist service to bugger things up for many other people.
So where is the regulation on the blacklist services? Where is the ability for *genuine* (provably genuine) companies to register their services in such a way that rather than getting blacklisted immediately, they have the opportunity to respond to the issue raised? Is this a small or large price to pay to partially stem the tide of actual spam?
Uh, no. Using "he" as a generic 3rd person pronoun is deprecated, and has been so for a long time. Though I cringe at the thought of women being spammers, and would hope that women would have more sense. :-)
Note that both your references have notations about generic usage and the problems that arise.
The least worst I've heard recently is singular "they".
...laura
If you received an ad in the mail for my product and the ad was contaminated with anthrax, wouldn't I be liable? Maybe not if I told you I used a mail service to send my ad, and that they must have done the contaminating, but at the bare minimum, I would be expected to fess up as to who the mailer is. If I didn't know who the mailer was (blind credit card form or somesuch) I might be guilty of negligence - at least I'll bet a civil suit would say so, because someone has to be blamed for the contamination. Spam may not be anthrax, but there is a conceivable case for liability if we went after the marketers, no?
I wonder how long before people start having to "strike back". This guy got as far as finding out the master server; just imagine, for a moment, what he could have found had he turned the table and rooted the master server. He probably would be able to trace back all the way to the culprit.
I'm not saying this should be done; I'm just saying this will be done, sooner or later, by someone who got fed up enough. And that will mean the end of the Internet as we know it, since the spammers will react violently to the strike back, turning the whole net into a gigantic game.
Instead of having one mail server for your home or organization, you have two. Except one is secretly useless. It just blackholes everything that's sent to it.
You buy another domain and list the blackhole as the MX record for the new domain.
You sign up for a bunch of email marketing lists using addresses from the blackhole domain.
Everything that gets sent to the blackhole server is by definition spam.
The blackhole server also runs DNS. You set your real mail server's RBL DNS to point to the blackhole server.
Every time the blackhole server accepts a connection on port 25, the blackhole server immediately drops the connection (so no wasted bandwidth) and updates DNS with the originator's IP address.
You now have your own local blacklist, you don't have to trust somebody elses. Keep a log, if somebody bitches about it you can say "Well, somebody sent spam to my blackhole server on this date at this time from your IP. Suffer".
You'd have to combine it with a whitelist to let Yahoo and Hotmail and so on through, but you'd still kill a lot of spam.
Thoughts?
Wow, a lucrative publishing contract! I don't have to be evil anymore. --Meteor
The spam contains ads for the "Asta Design Group", which has been widely spamvertized. A bit of searching turns up this address:
360 NE 49 St
Fort Lauderdale, Florida USA 33334
E-mail: seafish1@ix.netcom.com
Another lead gives us
SeafishNET
360 NE 49 St.
Oakland Park, Florida 33334 USA
(954) 351-7961
seafish1@ix.netcom.com
Same address and zip code, but in Oakland Park, a Ft. Lauderdale neighborhood. Now we have a phone number. Google gives us
Checking the satellite imagery, that's a tract house backing up to a six-lane highway. It's not a mailbox service.
Since we're talking about felony computer intrusion here, that's the address to give the cops. This may or may not be the intruder, but they probably know who it is.
and is being used as a spam generator
What can we learn from this in our attempts to cut down the amount of spam we get? Well, one thing I learnt was that spammers are testing which mail addresses are rejected, and presumably not wasting their time on them. So if you prevent a spammer from sending mail to you (via ESMTP replies), then they are likely to (eventually) remove you from their lists.
What other things can we learn from this?
I've gone from maybe 10 spams a week to over 140 a day in the last year. It's a joke! I only get 5 or 6 real emails a day. I don't care what new geek ideas get invented, RFC's published or laws get passed. The ONLY way to stop this cancer is to make sending an email COST. FULL STOP. My la-la ears are on until you all agree with me ;)
You know I was just thinking about this. Is it illegal to look at someone's email in the US? Some wiretap like law or something? If so, detecting a spam bot on your system has to be done a different way. And if it is connecting to another smtp server your should not be looking that that either under US law? No?
I'm just thinking ahead, if a spammer is brought to court and stuff gets thrown out cause it was obtained by "illegal" means.
I had always wondered if the spammers actually kept track of whether the mail was actually sent successfully or not. My guess was they didn't, because I have users on my domain that have been gone five years, returning 550 responses the entire time, still getting the same spam they attempt to send to me.
So now we know they're checking this. Obviously they're not using it to change their lists -- so possibly it must be part of the billing side (ie only pay for mails that get successfully delivered.)
Semi-related unsolicited free plug for open-source spam control:
I recently switched from agressive DNSBL spam control to ASSP, a bayesian filter that proxies your mail server. It stopped all those virus-infected zombie mails that were getting through the DNSBLs dead in their tracks (pardon the pun). I can't recommend ASSP highly enough. http://assp.sourceforge.net/
I haven't met the guy and tend to hold him in reasonably high regard based on what I've read of his writings on the Internet. That being said, he appears to be extremely opinionated and tends to say or imply that certain people that disagre with him are idiots. While this may be the case (or may not be; I have no idea, but I'll give djb the benefit of the doubt), his tendency to express himself so bluntly probably turns many people off.
Help save the critically endangered Blue Iguana
"SHe/it."
Don't blame me; I'm never given mod points.
Now if they think I'm going to go click the link to confirm that my e-mail address exists, then they would surely be willing to buy some property on Mars I have for sale. Radiation-free. Really.
Or, more likely, if someone clicks their link, they can be added to the list of gullible people who can be expected to buy land on Mars.
Using "he" as a generic 3rd person pronoun is deprecated, and has been so for a long time.
Maybe on your planet. In the English speaking world, however, it's still common usage.
Apache, PHP, mySQL on Windows 2000.
mySQL got hacked recently (passwords removed, and accounts deleted). I checked the obvious means and found that they hadn't used the hidden door with the "Rape Me" sign on it. That door was renamed and moved anyway. mySQL isn't open to the outside so they had to go through the web-site somehow. My guess is an escalation of permissions hack from an account I gave someone.
mySQL doesn't handle anything worthwhile and PHP is in safe mode. I also pretty know who did it and it wasn't to be malicious. Nothing was deleted.
Nobody has ever hacked into my Windows box even though it runs logged in as an Admin. This also wouldn't be a big deal if mySQL would stop being dense and put in a configuration to define what constitutes localhost. The dreaded 1045 error. Even Mercury Mail and EZMTS have little configuration settings where I can say what IPs and domains == localhost so it doesn't keep sending e-mails to itself. Heck, you can't even set the root user during the install. What should have been a five minute uninstall reinstall of mySQL over WinVNC is now requiring I go down to my ISP and get physical access to the server.
So yes, the only exploits that ever happen on my Windows box do only come through open source products. And I do keep them up to date. They're just a pain to install, poorly documented (readability), and difficult to configure to be usable and secure. The 1045 error of mySQL is common upon install and yet in 4 versions is still there and solutions consist of "try this and hope it works"
Unless you intend to use FORMS for everything, PHP needs to have global variables on. This is just a lesson in paying attention to what those globals are and how to make sure they contain valid values.
Ben
Work Safe Porn
Why spend our time and money trying to stop spammers. It will never work. We will *never* be able to identify them beyond reasonable doubt. Spammers will forever be beyond our ability to stop them. Fact. But, there *is* something we could do to completely stop SPAM 100% tomorrow. Go after the people who are selling the product. They're easy to find. If they want to sell a product, they have to be availible and easily accessable to the buyer. Tracking down a seller who want's your money would be like... Well... even our law enforcement could do that. (poke intended) For every business selling their product via spam I suggest a $1000 fine for each SPAM in which their product was mentioned, sold or otherwise marketed. One law, one fine, directed not to the spammer but the seller of the product. Problem solved.
What these people did was hugely illegal, in probably every jurisdiction they're operating. You don't need anti-spam laws. You just need the enforcement agencies to pursue criminal charges against the guy.
I hope this guy has contacted the FBI and the authorities in Germany and other areas and is pushing them to launch a full investigation so they can put this guy in a prison cell where he belongs.
That is does work right now and if it stops he'll be out of luck.
I'm in the same boat, using an external email service for email and if Comcast started blocking outbound port 25 traffic (as my workplace does now) I would have to seek another service. I think Comcast would catch enough heat from blocking ports that they would loose more than they would gain.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Perhaps the FBI might be able to ignore us, but those that fund the spammers will have a harder time ignoring thousands of screaming Slashdotters.
Profitability of spam is nowhere near the kind of business the "mobsters" (ex-Soviet or not) are interested in. Compared to the drug trade, credit card "tricks", prostitution etc. those penis-enlargement pills is a joke. And by the way, being an ex-Soviet myself, I can tell you that abilities of ex-Soviet programmers and hackers are greatly exaggerated.
I am truly impressed that this gentleman in Spain performed a forensic analysis of what appears to be a true cyperpuzzle ... San Francisco to Germany to Russia to Portugal and finally to Spain.
I believe that instance documentation such as this demonstrates that legislation in the US can not possibly curb the tide of spam.
The overwhelming amount of spam I get now involves the advertising (and presumably selling) of a controlled substance--a prescription drug that is deemed a narcotic. The prescribing of this drug (and a few others in the spams) by legitimate physicians, and its dispensing by legitimate pharmacies are strictly regulated in some kind of effort to prevent the abuse of the drug--an abuse that is rampant in many areas of the US.
I keep waiting to hear that the Federal authorities have taken some action in this regard. If you've ever been through US Customs (and especially if you're young, not white, or in any way "unusual" looking) you'll know that they make a great show of looking through everybody's sneakers and dirty laundry on the hunt for "illegal drugs." Even in these times of terrorism, it's their chief claim to fame.
The potential for abuse seems enormous and growing to me. It also seems to me that a lot of the spams advertising this stuff originate in, or pass through, the U.S. If somebody in our town hung out a sign saying GET YOUR PRESCRIPTION NARCOTICS HERE--NO PRESCRIPTION REQUIRED, my guess is the police would take an interest. But we seem to have virtual open-air drug markets operating undisturbed.
If anyone wonders how spammers make money, this is certainly one possible way, and I suspect it's incredibly lucrative.
DUCT TAPE: The Election Supervisors' Secret Weapon
The spammers have been DDoSing anti-spam sites. Perhaps it's time to return fire.
While you're at it, look up irony.
This is an excellent idea. There may be problems with it, but if there are, it deserves a +3 at least and a reply, not -1 overrated!
For my 2 pence, I reckon that to get clients to encrypt by default and only accept encrypted email would chew up a lot of spammer's CPU time, and make the whole spam business a lot more expensive. Of course, this would also be difficult to make happen, particularly when countries like France make the encryption of private email illegal.
Wikileaks, no DNS
Comment removed based on user account deletion
With broadband widely available, every kid and his uncle has a server. I bet tons of them are set up and forgetten, computing power stolen and abused. Who ever updates them? Where do the wasted resources go?
I was very impressed with the forensics this guy did. It was fascinating. Too bad it's necessary. I wonder how many machines out there are compromised without anyone even knowing it.
If a jury has Internet users on it, I doubt a prosecutor could get a conviction no matter how compelling the evidence.
A few high-profile case where somebody kills a spammer and the jury lets the killer (I can't say murder in this case, it doesn't fit) walk will send a message to spammers.
Tech Public Policy stuff
I'm surprised at the amount of time spent on ways to cause trouble. I mean that unlike most slashdot users, computers are still a new thing for many people around the world, and unlike way back when...I started using computers and discovering the net, e-mail was a new and great thing. Of course, I wasn't exposed to it in the same time frame as the new people discovering e-mail for the first time. Unfortunately, I think that spammers need a serious lessons thought to them. Unlike using a bat which can be deadly and more or less give you a certain sense of immediate satisfaction, these people should suffer the same type of disatisfaction with a new product. Kinda like selling them some new service, but then having all the programers tamper into their software in order to cause them some undo frustration. Of course by writing this I'm asking for trouble, but again unfortunately, spammers being so courageous of nature, never show their faces. Cuz to be honets, I've already got my practice swings in, so if a spammer would like to get in touch on a face to face basis, sign me up. I'll be first in line (with my handy wonderbat) Sincerely, Crapflinger
* Make every stupid person smart so noone responds to spam
* Change every mail server in the world to use a new protocol
* Use client-side spam detection to hide spam and expect the stupid people to use it
Well, I have less than complete faith in any of these methods providing an adequate short term solution. So, why cannot we look at the big picture?
A few major spammers are sending millions of emails. The effect is close to being a DoS attack on the entire Internet. These emails are susceptible to pattern analysis if analyzed on a global basis. Surely what we need is somethng akin to an Internet-wide intrusion detection system. When pattern analysis indicates a spam attack, we simply block the traffic as close to the source as possible.
Wouldn't there be a cost associated with this? Sure. But the spam problem needs to be resolved and this is the only realistic short term solution that I can envisage.
These Indian spammers think its legal. order@imark-india.com (202.63.171.243):-
"Since India has no anti-spamming law.."
"This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. Since India has no anti-spamming law, we follow the US Unsolicited Electronic Mail Act of 2000, which states that mail cannot be considered Spam if it contains contact / removal information, which this mail does. If you want to be removed from the mailing list then you must reply to this mail with "Remove" in the subject line and e-mail for faster response and action
Beter that 1000 spammers go free than one inocent gets harmed.
Same percentage as my inbox.
Now where did I leave my bat?
Which is also rather stupid in that require_once() will happily take a URL instead of a filename. Downloading code from some website without any signature checking or other security measures is bad enough when a human does it (though most of us do); terrible for a program to do automatically.
Still, PHP is a popular web scripting language just as Internet Explorer is a popular web browser, so maybe security misfeatures don't matter as much as we'd like to think.
-- Ed Avis ed@membled.com
Is there some way this intrusion could be detected, and subverted into a honey pot trap? Write a similar client that responds to the iamdemon and stuff, and then goes through the motions. Sends back believeable statistics and claims to be delivering lots and lots of addresses?
Wait a sec, when windows users get infected its their own fault, but when linux or apache doesn't have the ability to scan for changes or trojans its the spammers fault?
There are many parties at fault here, including the sysadmin who doesn't run tripwire.
Sign up your local rep to a bunch of spam lists. If it's enough of a personal pain to them they'll do something useful. Otherwise why would they care--it's not like it's a Big Business concern which will net them money at re-election campaign time. Would anybody run an election with anti-spam as a key item on their plank? Of course not!
Know your enemy and know yourself, and you will win every battle.
Sun Tzu
What he can't kill, he has sex on. Trent.
I have taken a hard stance against any direct marketing of any kind. I let telemarketers know that I never respond to cold calls due to fraud risk. I let them know to advertise in the directory and on Their website where I can find their product when I'm in the market for it. Repeat calls puts them on my bad businesses list.
Making this clear seems to clear up much of the telemarketers calls.
Now if there were any way to get the message out to the spammers.....They could pare down their list to just those who care.
The truth shall set you free!
I know if I overload my kitchen electrical by trying to brew coffee, make a waffle, fry eggs in an electric frypan and heat a toaster bagel, I know the circuit breaker is going to pop.
Simple question, why can't they make routers that drop off if maxed out for a few minutes? Most everything else that gets overloaded will shut down. Even my car if overloaded too long will overheat. (towing a yacht over the mountain and hold freeway speeds will do it)
A router that learns usage patterns for port 80, 110, 25, etc could go a long way to protect the connection.
The truth shall set you free!
It is also illegal when the spammers do it. There is, quite obviously, no enforcement. Without enforcement, the question is no longer whether it is legal, but whether it is moral.
Charles Fish? Are you sure that's not just another red herring?
(Sorry.)
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Challenge-response is considered harmful. Why? For precisely the reasons you're highlighting. Either:
To those who've called these "legitimate" TMDA (or other) challenges: what is legitimate about sending unsolicited mail to the wrong person, merely because you've received unsolicited mail from someone else?
What part of "gestalt" don't you understand?
Unreal doesn't use port 25. It would also be based on usage patterns. It's kind of like where indoor grow operations are sometimes caught by unusual power consumption for a normal suburban house and it's prior history. A unusual pattern gets noticed and shut down.
The truth shall set you free!