How To Catch A Scammer/Spammer

Joe 90 writes "An interesting story got posted on the Irish Linux Users group. It involves the arrest of a scammer/spammer working in an internet cafe. It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man. Story is available on the Linux.ie mailing list By the way Gardai = the cops in Ireland."

We have a Hannibal Lecter here or something?

[dzym]

He attempted to eat several cops after downing the USB drive?

No wonder there was a struggle!

Re:We have a Hannibal Lecter here or something?

[dzym]

Reminds me of the chick character in The Running Man movie bringing out the unedited footage of the "Bakersfield massacre" in the underground broadcast room.

Amber
If you want to make an impression, forget the speech. Try this instead.

Mic
What is it.

Amber
It's the original video from the Bakersfield massacre, before they
edited for broadcasting.

Ben
Where did you hide that?

Amber
It's none of your business.

Re:We have a Hannibal Lecter here or something?

[I+confirm+I'm+not+a]

As long as he's not sticking the USB drive up where the sun don't shine in public.

Call me odd, but I'd be prepared to tolerate watching that happen in public. I reckon it'd only need to happen a few times before the flow of spam becomes <ahem> constipated.

Re:We have a Hannibal Lecter here or something?

[AndroidCat]

A USB drive isn't very filling. He should have had the platter. A 14" drive platter that is...

Re:We have a Hannibal Lecter here or something?

[superswede]

This is in style with a headline in a Swedish newspaper that was reporting about the German psycho cannibal story back in 2002 where one guy offered to get his willy cut off, fried, and share it with another wacko who afterwards would finish the rest of him:

German tried to eat his penis, but got eating himself!

(direct translation from Swedish)

Re:We have a Hannibal Lecter here or something?

[mbottrell]

Now that's eating ya words! :)

Re:We have a Hannibal Lecter here or something?

I believe Kyle from South Park said it best:

"What the f*** is wrong with German people?"

Re:We have a Hannibal Lecter here or something?

[c4ffeine]

I'm more curious about how he managed to eat a 10 minute struggle... Do we have a 4-dimensional guy or something?

Re:We have a Hannibal Lecter here or something?

[mr.+methane]

Call me really odd, but I'd be prepared to lend him an old full-height seagate hard drive, and provide a baseball bat to assist with installation.

(cranky because I accidentally deleted several important messages today that were mixed up in the 100+ spams in my inbox.)

Comment removed

[account_deleted]

Comment removed based on user account deletion

the power of /.ing

[basil+montreal]

I kinda like all the stories I have read here about /.ing the spammers and signing them up for junk snail-mail and the like. (and if anyone can find me the link to the old story, I'd appreciate it)

Re:the power of /.ing

He just wanted to hear someone complain. Good Job !!!

Re:the power of /.ing

[tlovie]

I think this is the one you mean... HOWTO: Annoy a Spammer

Re:the power of /.ing

WTF are your hand fucking BROKEN?

No, but the Slashdot search is.

Re:the power of /.ing

[irokie]

what's interesting is if you look at the stats for HEAnet.ie (which is the provider for the ILUG mailing list and also one of the mirrors for kernel.org and sourceforge), the peak traffic for today happened several hours before this story was posted on /.
and when the /.ing did begin, it was only a marginal increase in traffic.
you'll have to try harder /.ers!

whitelists rock

after trying every spam blocker known to mankind
I've finally switched to whitelisting. So far
it absolutely rocks and it doesn't need any
legal enforcement whatsoever.

For good measure I have a password override on it
and any email that contains the password has
it's senders address automatically added to the
whitelist.

which is why I'm not afraid to put my email right
here : j@ww.com , no spam will get through because you're still missing the password :)

Very simple, extremely effective.

Re:whitelists rock

[internewt]

which is why I'm not afraid to put my email right
here : j@ww.com , no spam will get through because you're still missing the password :)

I hope the password's not viagra, or some l33t speak typo variant.

Re:whitelists rock

I just sent you an email containing:

1. The meaning of life.
2. The location of $1,000,000 I buried 10 years ago.
3. How to get any woman you want.
4. How to stay young and live forever.

Oh well.

Re:whitelists rock

Very clever, but you should have made the password something other than 'password'.

Re:whitelists rock

Sorry, that doesn't solve the whole spam problem. Your mail server is still getting hammered by spam, it's just that you aren't seeing it. You are still paying for, directly or indirectly, the bandwidth that is being gobbled up by all the unwanted email that is sent to you.

Re:whitelists rock

And it also means that I can't email you, since I don't know your password, and the only way I could get your password is by asking you, and the only way I could ask you - since I don't have your address or phone number - is by emailing you.

Doubtless that doesn't bother you, as you probably aren't interested in getting email from me. I, on the other hand, do frequently receive personal email from strangers. Your "solution" is worthless to me.

Re:whitelists rock

Except that now, anyone who cares to do a simple whois lookup on the domain ww.com will quickly find himself in the posession of your name, address, and phone number, in addition to your e-mail.

Not that anyone will call. But still, maybe you'd better think about that?

Re:whitelists rock

[enjo13]

But not effective in all circumstances.

For me spamming has always been an inconvienence and nothing more really. However, once I helped to implement a new customer support system at work I began to realize just how difficult the problem can be. In that setting (support via e-mail) a whitelist isn't much of an option. An aggressive spam filter isn't really an option either (we really can't have even 1 false positive). We do run a basic filtering system that catches a lot of the spam, but we're still receiving several thousand messages a day. It's a strain on our database and more importantly on our customer support staff who have to wade through all of the spam.

At this point it's just stupid.

Re:whitelists rock

[essreenim]

People generally don't care that much about the decreased bandwidth - a problem which can also be solved - use port knocking algorithm of some kind!

And besides, spamming is pretty sophisticated these days, if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to ( as far as I know )
I promise I'm not a spammer, I am interested in the subject though.
I do believe whitelisting is the way to go!
Only way to be sure!

Re:whitelists rock

[Roofus]

If he's using something like TMDA, he can view all emails that have been queued and not delivered yet. This means you can kiss your $1,000,000 stash goodbye =)

Re:whitelists rock

[Mr2cents]

you forgot one:

5. How to enlarge your penis.

Re:whitelists rock

actually no, that's not correct, you see you
could easily add my address to *your* whitelist
and if you had added yours here I could have
added yours to mine, after that we could
exchange email. But since we can communicate
like this it seems we don't need that :)

jacques.

Re:whitelists rock

I've got absolutely nothing to hide, which is
why my real address & phone number are in the
whois.

And I think anybody that registers domains with
fake ID should not have them to begin with,
10:1 it's a scam in progress.

Re:whitelists rock

[essreenim]

Yes, but that can be overcome with a web based e-mail interface.

Its a simple idea:

Problem: sender is not on recievers whitelist

Solution: There is an alternative means of sending mail. sender just has to solve a simple puzzle or retype "fuzzy" text from the screen, at some designated page. The solution to the puzzle, together with senders e-mail are encrypted and sent off to the recievers web server. The senders e-mail is then TEMPORARILY added to the whitelist - i.e allowed to complete 1 smtp packet delivery for example, and then his/her mail address is removed from the whitelist
The sender then sends his/her mail (smtp) to the reciever. If the sender is a spammer, he cannot resend additional messages until he refills out another puzzle!!. So now the only way an anymous mailer daemon can spam is if it has AI built in,
lets see the spammers take that challenge on!

But do people want to implement systems like this, let alone whitelists??

No, they'd rather we all got spammed to oblivion!

Re:whitelists rock

correct, but that's because spam as of now still
works. If whitelists where more common then I
think that the spam would actually decrease.

As long as 10% or so gets through that's not the
case.

Up to now I was receiving 1500+ spams per day,
since the whitelist is up not a single one,
and as far as I can see no mail got lost.

If I evolve the password scheme a bit it might
become easier to use (let's say a few levels of
passwords that can be invalidated individually).

The 'auto-add' facility really takes the pain
out of it.

Re:whitelists rock

People generally don't care that much about the decreased bandwidth

They would care if they knew part of the money they pay their ISP for mail access goes to extra disk space, bandwidth use, CPU time, etc that is only necessary due to overwhelming spam floods.

a problem which can also be solved - use port knocking algorithm of some kind!

Huh? You want people to have to use a non-standard handshake simply to send you an email? Exactly how much software is compatible with this?

And besides, spamming is pretty sophisticated these days, if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to ( as far as I know )

Not according to my logs, sadly.

Re:whitelists rock

[essreenim]

I came across a nice implementation for anti-spam a while ago - temporary hash mails.

You may know it:
Works as follows:

You want to contact them so you give THEM *YOUR* email address they then send a temporary e-mail addresss you can reach them at, of the form:

AZ34Z76ZSD6Z6SDG76SD67Z3@.xxx

I think it's a great idea, an idea I had myself, but it's still great _someone_ implemented it first..

Re:whitelists rock

[Halo1]

Which in turn sucks very much for all of us mailing list administrators, because when the next mydoom or somefool, we're again inundated with posts (held for administrative approval, of course) from all these whitelist auto-responders.

Some even happily tell you that they'll blacklist you permanently if you don't click on the provided link. So I have the choice between clicking on that link and letting the virus through to their mailbox, or just hoping that they'll never want to subscribe to my mailing list. I obviously opt for the latter.

Re:whitelists rock

[Big_Al_B]

I've got absolutely nothing to hide,
by Anonymous Coward

Um...

Re:whitelists rock

[VanillaCoke420]

I have whitelist only on one of my email addresses. I don't want people to spam me, but I do want ordinary people be able to send me email, even if I don't know them.

Re:whitelists rock

[Smallpond]

if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to

Ridiculous. Spammers don't even see bounces, since most spam isn't sent from their own computers. Its mostly sent throw open relays and hijacked machines. I see attempts from names I blacklisted 5 years ago.

Re:whitelists rock

[Krypto420]

which is why I'm not afraid to put my email right here : j@ww.com

... but you still post anonymously ;)

Re:whitelists rock

[essreenim]

No, thats not true.
The millionaire spammers - the ones making serious money from mass mailing use their own h/w

Re:whitelists rock

[nuggetboy]

What about mailing lists to which you may want to subscribe? I've found you rarely can find out ahead of time what the sending address will be.

Re:whitelists rock

[jamshid42]

If this were true, couldn't you set up a script on your system to send a false undeliverable message back to the spammer to get yourself removed from the email list? If this works, I would think that more anti-spam applications would have this capability built in.

Re:whitelists rock

Perhaps the poster is like me. It takes time/effort to register to participate.

Registration gets you what? Access to karma? What else? Cool in a nerd kind of way, but not necessary.

In other words, it may not be hiding, it may be laziness or lack of care... both in my case.

Re:whitelists rock

[miracle69]

We do run a basic filtering system that catches a lot of the spam, but we're still receiving several thousand messages a day. It's a strain on our database and more importantly on our customer support staff who have to wade through all of the spam.

An improvement on your system might be to create some bogus addresses early in the alpha space - i.e. aaaaa1234@mycompany, aaaa2841@mycompany etc... - say 20 or so and then spread those onto all sorts of places where you know it will be snatched up and spammed. All email that these addys recieve is automatically spam and can be used as a filter for legit addys to help your current spam filter.

Re:whitelists rock

[kcdoodle]

besides, spamming is pretty sophisticated these days, if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to ( as far as I know )

I have several Email addresses I turned off years ago. If I recreate them, I will get several spam messages within 15 minutes, then I turn them off again.

Those spammers are either stupid or persistent (or both) checking an Email that has been dead for years.

Re:whitelists rock

If this were true, couldn't you set up a script on your system to send a false undeliverable message back to the spammer to get yourself removed from the email list?

Dunno about anything else, but you can right-click on an email in KMail and select "Bounce..."

Re:whitelists rock

[essreenim]

Thats not true of all spam mail.

Re:whitelists rock

Actualy my real name is Anonymous Coward, I wander why so many slashdotters peretend to be me when posting. I have no karma whatsoever...

Re:whitelists rock

[ramsejc]

Sounds like the kind of spam we block all day long around here. I'd be proud not to have recieved your email. Truth be told, if you had any of that information that you are proposing to have, you would not be sending me, or anyone else email about it.

Re:whitelists rock

[Aidtopia]

spamming is pretty sophisticated these days, if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to ( as far as I know )

I doubt this. There was the recent article which analyzed CDs of email address sold to spammers. There was no filtering for duplicates or obviously bad addresses. Since spams usually have a forged address, there's no way for the actual sender to know about the failure. Futhermore, I get 100-150 bounces a day from spams sent to bad addresses with my domain forged in the header.

It's so cheap to send mail, that spammers have no incentive to be efficient. So we all pay for the load.

Re:whitelists rock

For good measure I have a password override on it and any email that contains the password has it's senders address automatically added to the whitelist.

I just sent you Webster's dictionary, followed by several e-mails conatining, collectively, a list of every ASCII permutation less than 16 characters in length. Which one got through?

Re:whitelists rock

[MORTAR_COMBAT!]

re: your sig: "Ah, that tastes nice. Thank you." ~~ Johannes Brahms, composer, d. April 3, 1897 (famous last words)

I thought Brahms died of cancer? Are you suggesting he was poisoned! Call "Cold Case" !!!

Re:whitelists rock

[skiflyer]

Whitelists suck for any business who is trying to take orders or allow customers to contact them. It's not such a great idea to just ignore emails from users who wants to do legit business with you, in most cases it's worth paying some highschool student to just delete all your spam for you instead.

And before anyone says, then email them back with a request for some sort of validation... the general idea is not to be a PITA to your customers.

Re:whitelists rock

[Ugot2BkidNme]

Sorry to inform you of this but yes they do. Mass mailers used by legitament companies and spammers alike track this information. Legitimate companies that contact there clients usually will give up if the MTA cannot be found 10 attempts. With in a certain amount of time. In fact heres another bit of information you might not be aware of.

If your MTA is set to notify another MTA that an e-mail does not exist. You just gave them valuable information. they now know that they can now submit as many e-mails they want to you for testing without sending a message to aquire all teh e-mail addresses from your MTA. So your friendly message just ended up giving yours and everyone who uses your MTA on your domains email address to a spammer.

Thinkign that people are not suffisticated enough is pretty stupid. I could mention a few spammers who know more about mail protocol then any other person on the planet. As well as how to exploit every spam blocking software.

Now the problem with this is real businesses that have valid unsubscription and only contact you based of interaction by you or someone who used yoru e-mail address gets blocked by spam blocking/blacklisting. This forces the legitimate businesses to begin acting like spammers.

Re:whitelists rock

[jcuervo]

My method is better.

No mail will get through to me because I didn't pay my DSL bill.

(Yes, I'm running my own MX.)

Re:whitelists rock

[jcuervo]

I just sent you an email containing:

1. The meaning of life.
2. The location of $1,000,000 I buried 10 years ago.
3. How to get any woman you want.
4. How to stay young and live forever.

Oh well.

...You spammed him?

Re:whitelists rock

This is funny, but not for the reason the parent intended (and the mods modded it +funny).

It's funny because while the parent meant to expouse a downside to whitelists, the e-mail would have been worthless spam like any other and would only serve to help the grandparent's whitelist earn its keep.

I say "would" because you can bet the parent didn't actually send the e-mail, for the very same reason why nobody would truthfully send such a bounteous e-mail to a complete stranger (aside from the fact that the parent already knew it would bounce). It's extra work and there's nothing in it for them.

In short, trust in human nature and use a whitelist.

Re:whitelists rock

[JuggleGeek]

I have no reason to believe that spammers ever remove addresses from their lists. They *might* do that if the original connection is refused, so the mail is never delivered. But I'm sure they don't see bounces - they are forging other peoples addresses so the bounces go to some innocent party.

I receive ~500 spams a day, many to addresses no longer in use (due to the spam they receive.) Many of them get auto-deleted. Even the few that get though the filtering (not many) will never allow the spammer to know that I saw it, as I don't allow emails to show HTML unless I specifically request it for that specific message. So they can't use web-bug type of tracking to see that I received the email. However, despite the fact that they have no way to tell if I received the spam, they keep sending. It's just so cheap to send all the messages and not worry about it, and the spammers do not care about the bandwidth waste.

I agree with you that whitelisting is one of the best ways to make sure you get the mail you want - I use it quite a bit myself. But it's not a cure-all.

Re:whitelists rock

[bonhomme_de_neige]

2. The location of $1,000,000 I buried 10 years ago.

Let me guess ... it's in Nigeria right?

Re:whitelists rock

[Avlimator]

I agree, almost completely.

From the standpoint of a private individual with some technical knowledge, the SPAM issue is merely an occasional nuisance. I don't really get any personal SPAM, but that is only a result of diligence on my part.

On the other hand when you are dealing with the public, most corporations feel they have little choice but to publicize e-mail addresses for their services. Unfortunately, all it takes is one nasty crawler to pickup an address from a webpage and then it spreads, seemingly exponentially.

I think the only way to successfully prevent most SPAM is to stop posting e-mail addresses. A lot of people figured this out a long time ago, and now interject various phrases into their e-mail addresses to throw off the crawlers. Yet companies still post generalized e-mail addresses on their websites (such as info@, or service@, etc.).

Why not just choose to require all Internet communication to be initated through the web. If you have a question, don't allow direct e-mail, just have them fill out a form. For the reply, the company can always generate a random return address that will only accept mail from the intended recipient. I would assume at least some companies already do this (as it's not exactly a revolutionary idea, in my opinion), but it surprises me that it is not widespread.

Re:whitelists rock

" Except that now, anyone who cares to do a simple whois lookup on the domain ww.com will quickly find himself in the posession of your name, address,"

Speaking of which....damn Canadians!

Sounds like a Monty Python episode

[Bombcar]

A unmamed man aprehended a scammer and a spammer,a nd put them in the slammer using only a scanner and a spanner!

Or something like that........

Re:Sounds like a Monty Python episode

[kjdames]

Heh, more like "The Court Jester" circa 1956.

"The pellet with the poison's in the flagon with the dragon; the vessel with the pestle has the brew that is true."

Re:Sounds like a Monty Python episode

[YetAnotherLogin]

Who are you? Spam-shady?

Please stand up. Please stand up...

Re:Sounds like a Monty Python episode

[Chas]

The bobbies with the bigsticks
Bashed the spammer like a hammer
Whilst the geek with a grin
Laughed his ass off as they did

Sorry, just woke up so this is a bit rough.

thumbs up!

[softwave]

It's a comforting thought to know that there actually is legal action being taken against those suckers.
I find it very amusing to read how the spammer tries to struggle and fight back the cops :) I think it's a proof that he knows he's in deep trouble :)

Re:thumbs up!

[s20451]

Unfortunately, it seems like the only thing he is being charged with is assault (on the police). The cops were unsure as to the legality of spam; they were looking for evidence of fraud. They may have found it if they had been able to examine his computer, but if the guy had kept his cool, he would probably still be spamming today.

Re:thumbs up!

[columbus]

So this eyewitness
applauds the superb work done by these gardai in a very difficult
situation.

Most of the time the Garda can't find their arse with both hands. Looks like they got it bang on this time. Fair play to them. I saw a similar scene at an internet cafe in Dublin about 2 months ago. Somebody was being hauled out of onto the street by to Garda and 2 plainclothes garda. I always figured he was getting busted for kiddie porn. Perhaps it was spam after all.

Re:thumbs up!

[nlindstrom]

Obliviously you didn't read the Slashdot headlines. They say that the man tried to eat the cops. That's why there was a struggle.

Sheesh. You'd think nobody reads the articles anymore.... :^)

Oh come on, give him a break

[GillBates0]

The very next Friday (2nd of April 2004) he turned up again.

It wasn't a scam, it was just a bad April Fool joke...and we all know we had a blast with bad jokes on Slashdot. Everybody deserves a little fun.

Re:Oh come on, give him a break

The very next friday, one week later from the first time he was there.

important details

[sczimme]

From the article:

Some of you who were on #linux on friday will know part or most of this story already as i witnessed some of it (while drinking a truly delicious hot chocolate).

You know, more people should mention what they're drinking when relating news like this. :-)

There is an interesting and [somewhat] related article on The Register.

Re:important details

[templest]

"Our top story this evening, 13 people slaughtered in what can be called the worst case of a mass Serial Killer that escaped from prison last thurday night. On a lighter note, this coffee is magnificent! So rich and smooth, with a perfect blend of roasted beans..."

Re:important details

[iocat]

It can go both ways...

Jobless figures plunged as the world celebrated the capture of Osama bin Laden. Unfortunetly this news is ashes in my mouth, thanks to this sour, flavorless cup of burned java. And did I mention there was only non-dairy creamer? I hate the world.

For the record, as I type this, I am drinking some warm, but free, Peets that I took from the Marriot near my office, where I had stopped by to use the free interweb access on the way to work (much easier to get work done where no one is bugging you with 'administrivia').

Re:important details

[lish2]

Ah, but was it from a hot cocoa sampler box?

/with apologies to Fark

Re:important details

"You know, more people should mention what they're drinking when relating news like this"

From the layout of some of the articles on slashdot, we can hazard a guess as to what they're drinking...

Re:important details

[Geoffreyerffoeg]

Oddly enough, I can just picture Dumbledore saying that.

It probably helps that it'd fit with the books....

Re:important details

[fdiskne1]

Glad I'm not the only one who thought of "Twin Peaks". Or am I?

Not a direct marketing whorehouse...

...but a search engine. Posted anonymously as I don't really want to have to fix their stupid server today. Thank you all very much.

Re:Not a direct marketing whorehouse...

[RicoX9]

You ought to look sometime at how many marketing/spam/spyware sites are front-ended by a "search" engine. It gets them classified as search engines in web filter databases.

Re:Not a direct marketing whorehouse...

Hopefully I staved off having to deal with their stupid crap when they can't figure out why they're getting so much traffic all of a sudden. That's all I was looking to do. ;)

Spam vs Crackers

[jetkust]

I hate spam more than I hate crackers

But yet combining spam and crackers can be quite a tasty treat.

Re:Spam vs Crackers

[KevinKnSC]

It's just pork, ham, salt, water, sugar, and sodium-nitrite.

Not really anything to get worked up about.

Re:Spam vs Crackers

[Graff]

Ugh please don't eat that crap. It's all fun and games until somebody gets mad cow from ground up whetever-the-hell is in that stuff.

Given that Spam is spiced ham I doubt that anyone is going to get Mad Cow Disease from it...

Re:Spam vs Crackers

Mad Cow is just a nickname for the disease. Many animals can suffer from it (or something much like it). Pigs and fowl may be no different. Click to read.

Re:Spam vs Crackers

I stand corrected. So spam is actually better than hot dogs. Who would have guessed?

Re:Spam vs Crackers

[Ithika]

Um, your link makes no reference to "mad cow disease" in anything but cows. Aye, coos get BSE, sheep get scrapie, humans get (v-)CJD and no doubt there are a lovely pile of prion-related diseases amongst many different animals. Doesn't mean we call them all the same thing.

Re:Spam vs Crackers

[KevinKnSC]

Ham is a specific cut of pork, and I should mention that the label on cans of SPAM has been updated to say "pork with ham", which clarifies it a little.

Re:Spam vs Crackers

[Graff]

Surely pork and ham are the same thing? Is a ham not a cured piece of pork?

Ham is pork but pork can be something other than ham. Pork is the name given to any meat from a pig, a ham is specifically the thigh and upper leg of a pig. You can learn about all the different cuts of pork at this web site.
Ham can be salted, smoked, sugar-cured, dry-cured, aged, baked, boiled, etc. There are literally dozens of different types of ham, depending on how it is treated and where it is made.

Re:Spam vs Crackers

[SnappleMaster]

It's no worse than sausage or hot dogs, really.

As I get older (and wiser?) I find myself more and more repulsed by the idea of eating ground up mystery meat.

Re:Spam vs Crackers

Except the sodium nitrite. That stuff'll kill ya.

DON'T KILL SPAMMERS FOR ME

Do it for Jesus

he got his wish

[capoccia]

well, i guess he got his wish:

Hope that provided some amusement. Forward it on to anyone who is interested. Really. I want to see it on the front page of slashdot and el reg within a week. And yes it really happened.

I guess he needed to add that last line, since this all happend around the first of April.

Destruction of Evidence

[khankell]

Maybe he should have looked into the Thermite option we saw in the latest edition of The Broken?

Of course, you don't want that going off when your trying to swallow the evidence. On second though, you don't really want it going off in your pocket either...

Re:Destruction of Evidence

[Professr3]

That article was SUCH an inspiration to me... I've got a block of magnesium coming in the mail, to act as an ignitor :D The rest is just aluminum filings and rust. *cackles with glee at the thought of indulging his pyromaniacal tendencies*

Did I miss out on Ireland becoming the 51st state?

[SuperMario666]

I work for a busy Dublin Internet cafe, doing some sysadmining and general computer maintenance. On Sunday the 28th of March, I got a rather distressing email...

...I asked around, and a man, described as being black (or is the word African-American these days?)

Hmmm...

Slainte!

[blcamp]

Cheers to the Gardai and to the Sysadmin...

One more spammer cuffed and gone.

CUFF THEM ALL... EVERY DAMN ONE OF THEM.

Slainte... everyone involved in the arrest deserves a drink... stronger than that truly delicious hot chocolate. ;)

ebolamonkeyman time!

[nfsilkey]

Of all the fallout from the 419 spamming, I dont believe anything is funnier than Ebola Monkey Man. Good way to kill productivity this fine Monday morning. ;)

sweet

[Maznafein]

This guy sent my first scam/spam to my cell phone last week. Sorry but I had to report you guys for it. I don't particuarly enjoy getting stuff to an address I've had for a week :p

Glad you caught the bastiche though.

-maz

Eating his pen drive?

[gmuslera]

Papillon way could have been more preferrable (well, and then he should try the same with the notebook).

Not sure if for simple spam he would have a problem under ireland's law, but as scammer probabilities go up.

Re:Did I miss out on Ireland becoming the 51st sta

[The+Queen]

No! Say it ain't so! It's bad enough we export McDonald's and Britney, but now we're exporting our political-correctness?

An "African-American" is a person of African origin living in America. Not all African-Americans are black, and not all blacks are African. Certainly it would be a strange coincidence if this black person in Dublin was visiting from America, and also happened to be originally from Africa.

This stuff hurts my head.

Should have let him eat it ....

... and waited for it to come painfully out again!

Would be a good beginning of the punishment for spamming!

Re:Should have let him eat it ....

Yeah, right, and you can put it in your USB port to search for evidence.

Re:Should have let him eat it ....

Sounds awfully unhealthy. I bet there is some lead in it to soldier parts together etc, it would melt off somewhat in an acidic stomach no? I'm glad he didn't eat it. Spam sucks, but so does poisoning.

Re:Should have let him eat it ....

[AndroidCat]

Are those USB drives solid state? (/me imagines little platters spinning at a jillion RPM coming apart in his stomach like the implanted nanobots in Diamond Age...)

Strange understanding of ethnicity

[robslimo]

the admin narrating the story said the perp looked to be black (or is the word
African-American these days?), roughly 30, with an accent which seemed
half London and half African

Uh, I don't think the term 'American' should be applied to a guy with a half London and half African accent who's currently in Ireland. I just don't see the connection.

Re:Strange understanding of ethnicity

[savi]

He's being sarcastic and poking fun of the spread of the term "African-American." My students write in their exams all the time about "African-American" tribes in Africa. A friend who teaches in England has had exchange students from America ask about "African-American" history in England.

Re:Strange understanding of ethnicity

[jfengel]

I once heard the hosts of a Canadian radio program refer to somebody as African-Canadian. I don't meet enough Canadians to know if that's really live usage or if they just made it up on the spot.

Re:Strange understanding of ethnicity

[shepd]

>I once heard the hosts of a Canadian radio program refer to somebody as African-Canadian

I can assure you that would be just a joke. I've definately never heard that term to describe someone who is black (the common term here), however, if someone really needed to be that explicit, "Canadian Born Black [gender]" would suffice.

Re:Strange understanding of ethnicity

i remember at the oscars when Halle Berry called Sydney Poitier an African American when in fact his an an Afro-Carribean (and more importantly a brilliant actor)

I also heard Americans refer to Nelson Mandela as African American but I dont recally when.

Re:Strange understanding of ethnicity

[miracle69]

I'm not sure it's just a joke.

In Vancouver, there is a restaraunt called the Afro-Canadian Restaraunt at 324 Cambie St. Phone Number is 604-682-2646. I have a picture of it, but not bandwidth for Slashdot.

Re:Strange understanding of ethnicity

[legojenn]

After I finished university, I took a job in Detroit . People where really friendly, and asked me questions about my hometown and stuff and one question was about how many African-Americans were there in Ottawa. I didn't understand the question. I figured, we have 3 universities, lots of diplomats, tourists, people on work visas etc....It's hard to estimate.

Re:Strange understanding of ethnicity

[jeremyp]

A friend who teaches in England has had exchange students from America ask about "African-American" history in England.

A large proportion of the black population here in the UK are imigrants from the West Indies (or descended from imigrants from the West Indies) which are part of the geographical entity known as America although not part of the political entity known as the United States of America. So it's not a stupid question to ask.

I can't tell you if any of the afore mentioned people would find the term "African-American" offensive, it'd be best to ask them before using it.

Re:Strange understanding of ethnicity

[shepd]

I bow to your ability to find oddly named restaurants! Good find! :-)

Although, now, that's *is* the first time I've seen the phrase used in Canada.

Re:Strange understanding of ethnicity

Uh, I don't think the term 'American' should be applied to a guy with a half London and half African accent who's currently in Ireland. I just don't see the connection.

Indeed, one of the following would seem more correct:

• African-Irish
• African-British
• African-African

Re:Strange understanding of ethnicity

More correct would be to not use the term "African" to mean "dark-skinned", nor "American" merely because the dark-skinned person was seen in America. Acquire a vocabulary for shades of brown or darkness.

What is the correct term for a child with skin tone like a light tan, whose father is a very dark-skinned Brazilian and whose mother was born in Chicago of parents from Norway and Italy?

Re:Strange understanding of ethnicity

[aastanna]

Na, I've heard it used at least a dozen times. Canadians more than just about anyone else take exception to being called americans, so you'd never hear someone called african-american here. Whether the term african-american/african-canadian is a good one is another question, but it does get used on occasion.

Re:Strange understanding of ethnicity

Although, now, that's *is* the first time I've seen the phrase used in Canada.

Except that its describing a RESTAURANT, not a PERSON.

You can also find "Indo-Canadian" restaurants and such. As in, the restaurant features food from Africa or Indo-China, etc.

Usually these restaurants also feature hamburgers and the like for the kids (and people like me who detest rice and other vegetables), which would be the "Canadian" part.

VERY different from describing a PERSON, who quite possibly has never even been to Africa, who has no relatives in Africa, etc. That person would be properly called, say, an ONTARIAN.

If you have to describe them for the cops or your mother or somebody, just call them black.

Eating...

[iNetRunner]

Hmm.. I kind of understand the attempt to eat cops (though you could have better diet), but how do you eat a 10 minute struggle? Is that something bad tasting that doesn't stay down or is it those police men that make it thight fit for your stomach? Well.. should subdue anyone..

Re:Eating...

[frishack]

cops->pigs->ham->spam
spammer->hungry->bezerk spammer buffet feeding frenzy
makes sense to me

Re:Eating...

[chadjg]

Well, if you are what you eat then all is good. I've always been a fan of jelly donuts, and the guy was in a cafe. So the two major food groups are already present.

I wanted to see ...hauled off in a paddywagon.

[damiangerous]

There's a certain irony to an Irishman in Ireland referring to hauling people off in the paddywagon. Especially when the guy in question actually isn't Irish.

Re:I wanted to see ...hauled off in a paddywagon.

I was pretty sure that Paddywagon reffered to there being so many Irish American cops, rather than the prisoners being Irish

Would have to be one tough USB memory card

[The+I+Shing]

What a great story!

Hey, if the memory stick were actually swallowed and then passed through the scammer's digestive system, and the Gardai waited it out and retrieved it from the loo, and it still worked, think what a great marketing slogan the manufacturer could make from that.

Tough enough to pass through the guts of a scammer!

If this story turns out to be a hoax, I'll be sorely disappointed. The thought of one of these 419 scammers desperately trying to break free of the grasp of the police in order to run back and hit a kill switch on his notebook computer makes my nipples explode with delight.

Re:Would have to be one tough USB memory card

[Zocalo]

One of our UK computer mags had an article on the robustness of these USB memory dongles in the last month or so. I skimmed it instore, but from memory the tests included:

• Microwaving
• Immersing in boiling water
• Freezing in a block of ice
• Sundry physical impacts

Digestion wasn't on the list, but I have no doubt that patience, a rubber glove and a dunk in disinfectant would be all that stands between ingestion, data recovery and prosecution. ;)

Re:Would have to be one tough USB memory card

[Alsee]

The thought of one of these 419 scammers desperately trying to break free of the grasp of the police in order to run back and hit a kill switch on his notebook computer makes my nipples explode with delight.

And twelve-thousand horny Slashot geeks go into neurotic spin-lock over gender uncertainty.

-

Re:Would have to be one tough USB memory card

[clem9796]

If they waited for it to come out, then the stick would be a USB dangle instead of dongle!

Re:Would have to be one tough USB memory card

[Monsieur+Canard]

MaximumPC magazine here in the States did a similar test recently. They put two leading USB keys through a series of everyday hazards such as:

- Going through a laundry wash cycle (both did fairly well)
- Going through a dryer cycle (not so well)
- Being dropped from a 2-story building (pretty decent survival)
- and so on.

One of the "joke tests" they proposed but didn't do for fear of cheesing-off the PETA crowd was the canine-digestion test (i.e. the dog ate it).

Re:Would have to be one tough USB memory card

[StrawberryFrog]

My USB memory dongle survived a high-speed trip up the vaccum cleaner hose with no damage or loss of data.

Re:Would have to be one tough USB memory card

[APDent]

The phrase my nipples explode with delight is from a Monty Python sketch. I thought the full works of Monty Python were a required part of the Slashdot cannon.

My hovercraft is full of eels!

Re:Would have to be one tough USB memory card

[Idarubicin]

Microwaving

You might get away with brief exposure to a conventional oven, but microwaving for any length of time is going to kill one of these devices.

There will be strong induced currents in any extended metal object, including the circuit board traces of one of these USB dongles. Very quickly, resistive heating will fry thsoe traces. Quite probably a lethal current will be induced or travel through the flash memory chip itself.

Ever put aluminum foil in a microwave? It's a graphic demonstration of the problem. A conventional compact disc will also spark prettily in a microwave. Heck, it's possible to create arcing between chunks of sausage. I did it inadvertantly just last week. Cut two wedges of Polish sausage, five to ten millimeters thick. (90 to 120 degree sectors.) Place them on a plate so that the points of the wedges are just touching; the arrangement should look roughly like a bow tie when viewed from above. Microwave on high. Within a few seconds, induced currents should flow between the two sausage halves (I presume that there is enough salt and water in the sausage to make it a passable conductor) producing sparking.

I assume no responsibility for damage to your sausages, microwaves, etc. Warning: sausage will be hot, yadda yadda yadda.

Re:Would have to be one tough USB memory card

[Requiem]

Do you want to come back to my place, bouncy-bouncy?

Re:Would have to be one tough USB memory card

Takes a lickin', a chewin', a swallowin', a digestin', a shittin', and keeps on tickin'.

Re:Would have to be one tough USB memory card

Well there's your theoretical armchair nerd analysis. And on the other hand there's some actual experimental results.

Which to believe? How ironic that your email address IS allsquiet@hotmail.com but you can't shut up. You're just an uninformed dickhead until you've done the experiment yourself.

Know-it-all wankers on slashdot? Well, you're a graphic illustration of THAT problem. Right down to the disclaimer - fucking parrot!

Re:Would have to be one tough USB memory card

[Geoffreyerffoeg]

The Slashdot cannon? We have an official Slashdot projectile launcher made with Monty Python videos!?

Re:Would have to be one tough USB memory card

Chill out, dude, not everyone can have as wonderful a personality as your post demonstrates you do. Sometimes it's entertaining to read someone's armchair commentary. I realize that you are just showing off to others of your ilk, so please, by all means continue with your mastubatory insults and humor. After all, everyone loves you for it, and it'll get you far in life. NOT.

Re:Would have to be one tough USB memory card

Sure, we should encourage cocksuckers like the grandparent to present their imaginations as fact. Everyone likes that, dude!

Re:Would have to be one tough USB memory card

[The+I+Shing]

It certainly would fit in with the surreal humor of Python.

Re:Would have to be one tough USB memory card

Parent is the world's first +6 Funny post.

Re:Did I miss out on Ireland becoming the 51st sta

[kjdames]

So he would be an Irish-American? Err, wait...

Re:Did I miss out on Ireland becoming the 51st sta

[Steffen]

Someone prominent in the U.S referred to Nelson Mandela as an African-American. I can't remember who but it brings a smile to my face whenever I hear it.

I was poking fun at them :-)

Privacy Rights?

[Monkey42]

Where's all the posts saying how this guy's privacy rights were destroyed/taken/bushed by the sysadmin?

This is /. we are supposed to ignore the fact he's in public and using someone else's internet.

Re:Privacy Rights?

[monstroyer]

Had the person been concerned with privacy, the guy should have used PGP/GPG. Since he was more concerned with exploiting an internet cafe for purposes of sending unsolicited and unencrypted mail to potential victims, fuck him.

Re:Privacy Rights?

[Monkey42]

Oh, I agree with you. Thats not the typical kneejerk reaction one expects here though.

Re:Privacy Rights?

[kevin+lyda]

they're in the replies you nitwit. i wrote a few of them. but then this is slashdot - you probably didn't even read the article, nevermind the followups.

Re:Privacy Rights?

[frost22]

Where's all the posts saying how this guy's privacy rights were destroyed/taken/bushed by the sysadmin?

You are confusing something. It is police that destroys/takes/bushes peoples' privacy rights. Sysadmins only rightfully exercise their god-given powers.

You have some truely dangerous misconceptions about the world, young monkey

This one goes out to all the fellas...

[TubeSteak]

[Useless]
64.21.81.131
NetRange: 64.21.0.0 - 64.21.191.255
OrgName: Net Access Corporation
[/Useless]

66.180.174.12
NetRange: 66.180.160.0 - 66.180.175.255
OrgName: Netsonic
OrgID: NESO
Address: PO Box 28283
City: Green Bay
StateProv: WI
PostalCode: 54304
Country: US

This IP resolves to Chicago & not to Wisconsin?

Neat :) but...

[MacAndrew]

i'm trying to picture a revived miami vice, focused on computer crimes. imagine the possibilities. ok, there aren't many...

congrats to the irish police for taking the offense so seriously. but is anyway here wary of the snooping involved? yes the sysadmin had every right to monitor traffic, but in what depth and for what purpose? for example, there's talk here of trying to fish out the suspect's email password and so on -- at police request. wouldn't it would feel a bit different in the police, without warrant, were to do the same themselves -- imagine worst case of them bugging all internet cafes to examine generic traffic without individualized suspicion. it's bad enough they want to see what we do at the library....

practically speaking, i would imagine the government generally lacks the resources to parse large amounts of computer data. but just wait until it can be done by computers hunting for suspicious transactions, much as the credit card companies do now to catch fraud. the capability is there.

i'm not sure where the legal stuff comes out here, this is not US law, but wonder about future possibilities. it is debatable what expectation of privacy you have in an internet cafe -- are keyloggers ok? is decrypting information different from reading plain text? must the user be warned? as an analogy, consider that when the federal exclusionary rule was first judicially established, it did not apply to states and the "silver platter doctrine" emerged whereby state investigators would get what the feds wanted and hand it over clean of any search and seizure problem. obviously this is a charade.

someone who acts at the behest of the government -- an agent -- pretty much *is* the government, and i wonder if this interpretation colors the reaction of anyone here on privacy -- normally /.'rs are pretty, um, passionate on privacy and gov't intrusion, even if this IS an (alleged!) spammer who by definition is not humanoid. :)

Re:Neat :) but...

[OmniGeek]

Well, the following considerations have a strong impact on my view of the privacy issues:

1) Scammer was using a public Internet cafe. For that matter, he was using the Internet, and don't we all understand that anything going out over the 'Net unencrypted can be considered seen by many eyes? There's no reasonable expectation of privacy in this situation. I certainly don't expect more privacy at an Internet cafe than I can get from using SSL on a machine I control; SMTP traffic is effectively public.

2) Scammer was caught in flagrante delicto, turned in by the sysadmin on the basis of unsolicited information from a public source. This is far, far from the situation where Ashcroft tracks my every 'Net transaction in the absence of probable cause. (And the police in this case VERY likely have probable cause to get a warrant to search the perp's computer and crack his codes.)

Even if this weren't a spam case, (say, a kidnapping or extortion rap instead), I don't see a fundamental issue of concern in the specific circumstances involved. I worry much more about snooping in the absence of clear evidence of a crime (yes, Mr. Ashcroft, I mean YOU).

Re:Neat :) but...

[Vellmont]

wouldn't it would feel a bit different in the police, without warrant, were to do the same themselves imagine worst case of them bugging all internet cafes to examine generic traffic without individualized suspicion. it's bad enough they want to see what we do at the library....


Huh? None of that even came _close_ to happening. What does "imagine if thing X happened" have to do with this case. Imagine if the police beat the guy senseless and shoved toilet plungers up his ass. Wouldn't that be a violation of his rights? Duh, of course. Didn't happen though. There's no slipperly slope here. The monitoring was all done by the sysadmin with no co-ersion by the police.


someone who acts at the behest of the government -- an agent -- pretty much *is* the government, and i wonder if this interpretation colors the reaction of anyone here on privacy


To some degree I agree with you. In this case though the sysadmin did it all ON HIS OWN, and AFTER it became clear that the spammer was breaking the law. The police didn't contact him and tell him to wiretap the spammer. The police didn't coerce the guy into working as their agent. He wasn't even working as their agent at all. The police only said you'd have to bring us proof. The monitoring was all quite clearly an independent action of the sysadmin, not someone acting as an agent of the goverment.

If you're concerned about privacy, I suggest you not surf the net on unencrypted wireless internet connections in public cafes where you aren't paying for access.

Self Defense?

[Dr.+Wang]

It even includes the attempt to eat a usb pen drive, several cops...

Now that is one hungry spammer!

Re:Self Defense?

[ColourlessGreenIdeas]

USB pen drives aren't very filling.

Re:Self Defense?

[Dr.+Wang]

But cops are!

Re:Did I miss out on Ireland becoming the 51st sta

[godzillion]

Dublin, Minnesota, of course!

Except that now...

[johnthorensen]

...your server has that much more spam to send to the bitbucket. :)

--JT

Re:Except that now...

And with spams full of dictionary words, some of them might inadvertantly contain the password...

Re:This one goes out to all the ladies...

[Cowboy+Bebop]

Well, let's all start flood pinging it before we start to start thinking about our actions, its neighbor IPs, or whether the information is even really accurate :)

Re:Did I miss out on Ireland becoming the 51st sta

Imagine the same politician thinking to himself, "don't say the N-word, DON'T say the N-word" over and over, and you'll see why Nelson became an American that day...
me

Now that's a funny image...

[evilviper]

It even includes the attempt to eat a usb pen drive

Can't... Stop... Laughing...

Re:Did I miss out on Ireland becoming the 51st sta

[phaze3000]

Unfortunately it would seem that whilst you have obviously been furnished with a good understanding of the term 'African-American' you obviously have zero understanding of the term 'humour'.

Re:Did I miss out on Ireland becoming the 51st sta

[essreenim]

Yea, ditto on the hmmmm
If he had a London accent, shouldn't he be described as English-American???

Re:Did I miss out on Ireland becoming the 51st sta

[meringuoid]

Hang on, Ireland can't be the 51st state. Britain already is.

I suppose that _does_ give us a united Ireland, though. I'm not certain which side would be happy about it this way. Both Irish would make one lot happy, both British would make the other lot happy - how does it work if the whole lot of us are American?

Re:Did I miss out on Ireland becoming the 51st sta

[Rick+Zeman]

No! Say it ain't so! It's bad enough we export McDonald's and Britney, but now we're exporting our political-correctness?

An "African-American" is a person of African origin living in America. Not all African-Americans are black, and not all blacks are African. Certainly it would be a strange coincidence if this black person in Dublin was visiting from America, and also happened to be originally from Africa.

It almost killed me when I heard a US newscaster refer to Nelson Mandela as African-American.
When your world is all round pegs, what can you do when you encounter a square one?

Bravo!

[Rick+Genter]

This story made my day. One less spammer on the 'net is always a good thing.

Best Line

[Jonathan+Platt]

Best Line: "Or a contraption which hits the user on the head for every mail they send. So if they send 1 an hour, it's a mild nuisance. But if they send 100 a minute, it'll probably kill them."

Re:Best Line

[jcuervo]

...a contraption which hits the user on the head for every mail they send. So if they send 1 an hour, it's a mild nuisance. But if they send 100 a minute, it'll probably kill them."

Yeah, I got one of those. I call it a "bat".

(Patent pending.)

Re:Did I miss out on Ireland becoming the 51st sta

[essreenim]

d'oh,
that's English-African, or Englishman of African extraction.
Ahh, it is an easy mistake to make *0*

A really good story ... I have a similar notion

[adzoox]

This was a really good story. I hope more libraries, internet cafes, and wifi hotspots will monitor their traffic occasionally like this guy did.

One line I liked, in particular:

"What have I learned? Firstly, digging up evidence on criminals is an exciting activity. "

This is the sentiment I have over my jackwhispers.com website. The deconstruction of the criminal mind is very fascinating - particularly when it involves a technical computer issue.

Re:A really good story ... I have a similar notion

[danila]

That is a very dangerous sentiment. Yes, it's a bit of slipperysloppish, but it isn't far from handing in your parents for crimethink, 1984-style. Digging up evidence on criminals (vigilantism) is not something everybody should be engaged in.

Re:A really good story ... I have a similar notion

If it's the truth - what's wrong with it?

A vigilante doesn't abide by the law - what law is being broken by rooting out internet scams and by warning others to avoid them?

Re:A really good story ... I have a similar notion

[John+M+Ford]

I must disagree to an extent. "Digging up evidence on criminals" is not vigilantism.
A vigilante (taken from Dictionary.com) is one who takes or advocates the taking of law enforcement into one's own hands.
This fellow saw a crime being committed, went through the trouble of doing some investigating and called the cops with the results of his digging. IMHO this is exactly the behavior everyone should be engaged in from time to time.
-John

Re:A really good story ... I have a similar notion

[jeremyp]

This guy had caused the Internet Cafe to get put on a black list. The police were not willing to do anything without catching him in the act. How was the sysadmin supposed to do anything woithout monitoring his outbound traffic?

Re:A really good story ... I have a similar notion

[danila]

Wrong is to violate the privacy and other rights of many innocent people in the process. Of course, people should be able to report crime when they encounter it and the sysadmin featured in the story did everything right. What I find dangerous is his suggestion that looking for criminals and catching them is fun. The police is trained to operate within the narrow confines of the law. They have to protect the society not just from "evil", but also from themselves. Witness the cops from the story - they spent 10 minutes restraining the guy, because they didn't want to harm him. Can you be sure that every overzealous sysadmin will be as considerate? I can't. So, let's leave fighting crime to professionals.

Re:A really good story ... I have a similar notion

[danila]

Well, I am not particularly opposed to what he did (just warning about the dangers of preemptive monitoring/recording), but now that you ask...

- he could have stopped at finding out who sent the messages and if he appeared again, warn him that spam is not tolerated
- he could have set up the network to limit outbound mail: traffic shaping to decrease speed, a Windows Messaging alert that spamming is not tolerated, etc.
- he could just live with being blacklisted (depends on how serious the problem was on practice)

I might have been too vague, but that's because we first need to define "monitoring". I am not saying that no monitoring is acceptable - clearly watching overall download/upload speed for the cafe is ok, but sniffing traffic to read personal e-mails is not. Where to draw the line is up to sysadmins, but I would prefer if they limit themselves to general well-being of the network.

Re:A really good story ... I have a similar notion

[0x0d0a]

I dunno.

I really dislike logging of things without my knowledge, but on the other hand, it's hard to do things like this.

If I had the opportunity to do something differently...well...

I think I'd like to see IP logs and connection logs kept for maybe a week at a public access location. I'm a little dubious about the access point person handing out dumps of the guy's connections (even if it was an interesting read) -- I could easily see nasty privacy violations. Suppose some guy was, say, a gay politician IMing partner while doing something unrelated that broke the law. The sysadmin here seemed pretty happy to be dumping out any interesting data onto the mailing lists -- what if he said "oh, and he spends his time sending IMs like the following...". In this case, things seemed to turn out pretty well, but I'd prefer to have a way that allows law enforcement to get data they need without anyone's rights or privacy being abused.

Plus, if this guy gets a decent lawyer and Ireland has laws anything like the US, he's going to have a field day with how all the evidence was obtained.

yes, ..yes they do

[essreenim]

Bingo,
I can't understand why e-mail never evolved to allow ONLY whitelists in the first place.
Our company doesn't use whitelists, just crappy blacklist rules, and now loads of people have spam!

Re:yes, ..yes they do

[DrSkwid]

I can't understand why e-mail never evolved to allow ONLY whitelists in the first place.

then you are a bit dumb

Re:yes, ..yes they do

[essreenim]

And that was a generic, non-original parrot reply on behalf of:

DrSkwid

Re:yes, ..yes they do

[essreenim]

j00 suck0x
the winner is the one that has the most fun, moron
perhaps EQ was a bit too hard for you, putting shaped blocks into holes sounds much more your thing
Another example of your simple flamebait reply style!, hehehh

Re:yes, ..yes they do

[DrSkwid]

yup, I'm getting good at it these days

you see, this is a forum, and you can say anything in a forum

if you dipped into you pocket instead of sponging you could look at all my posting history and see it's not all like that.

Karma: Excellent

do I *really* have to explain why whitelisting doesn't work and therefore *shouldn't* be part of the protocol?

Re:yes, ..yes they do

[essreenim]

No, you don't because we're obviously never going to aggree if it's the matter of whitelisting...

Re:yes, ..yes they do

[DrSkwid]

I found this document on the net, is it about you ?

<<attachment document.doc>>

www.emailspidereasy.com

[spellraiser]

Then, he spent a bit of time on http://www.emailspidereasy.com. Don't you just love the fake google-textads?

Yup, love is the word. I also love these links on the same page:

Credit cards - links to credit card resources

Cheap loans - compare and get a cheap loan

Compare mortgage quotes - cheap mortgages online

Work from home - make money with working from home

Seems this is the only site spammers need to visit; they have links to spamming resources as well! Very convenient ...

Re:www.emailspidereasy.com

[marsu_k]

Oddly enough, the site seems to be nonexistent at the moment. 'host www.emailspidereasy.com' returns 127.0.0.2

Re:www.emailspidereasy.com

[gonknet]

Yeah, I was worried there for a minute. I clicked on the link and one of my websites popped up! Could I be the source of all the world's spam?

They've already been notified...

[Ayanami+Rei]

and they are investigating.

They are a co-lo facility, barebones, FYI.

SMTP transparent proxy?

[andika]

... I was proxying smtp and http to postfix and squid ...

Huh? I thought transparent proxy can only be enabled for HTTP & FTP trough squid et. al. I guess I have to search more info about setting up postfix as a transparent SMTP proxy.

Re:SMTP transparent proxy?

[andika]

Ok, found two links:
spampd
and
smtpprox
Anyone can give opinions about those Postifx add-ons?

Re:SMTP transparent proxy?

[Steffen]

I do my transperant proxying using iptables.

Just forward outgoing traffic on port 25 to local:25.

You need to do some sanity checking afterwards, to make sure you haven't ended up as an open relay. Other than that, it works fine for me.

Re:SMTP transparent proxy?

[jeremyp]

You don't want transparent proxying for SMTP. The only way to detect which of the internal IP addresses was sending the spam was to look at the received headers. No SMTP server with visibility of the internal IPs = no received header with an internal IP.

Re:Just so I'm clear, here...

[Steffen]

Eh how about you read the mail.

Our cafe was *BLACKLISTED* by spamcop. I checked the logs. I found his MAC address and when he came in with his laptop. I asked the staff. They described him. He came back and I caught him red handed.

Meddling Kids

[freaksta]

And I would have gotten away with it, if it wasn't for you meddling kids!

Re:Meddling Kids

Scobby Scooby Doo!

what transparent proxy monitoring software used?

[Squeezer]

i wish the author said what monitoring software he used (other then tcpdump), what software was used to transparently monitor http and smtp

Re:Did I miss out on Ireland becoming the 51st sta

[swb]

African-American is about the stupidest PC label ever. First, as you rightly point out, it technically has no racial connotation and covers all the other racial groups who have lived in Africa for generations.

Secondly, a Kenyan I knew (who happened to be a black Kenyan), once told me never to call an African African. "There are no such things as Africans. There are not even Kenyans or other such nationalities, although I can tolerate being referred to as Kenyan since it is the best compromise between easily identifiable to foreigners and almost correct."

Technically my wife's boss and daughter are African-American, since both of them were born in South Africa. They're also white, and it would be side-splitting to have her report her "race" in college as African American. I'd wager there are more than a few college scholarships naively defined as being for African Americans, when they really mean blacks.

Full article text (for the lazy)

[thesaur]

Some of you who were on #linux on friday will know part or most of this story already as i witnessed some of it (while drinking a truly delicious hot chocolate). For those of you who don't, the following is a report written up by a friend of mine on his succussful (or at least, it's looking good) attempt to stop and catch a 419 scammer. I feel it's worth the read

John

-------- Original Message --------
Subject: I fought the scammer... and I won.
Date: Fri, 02 Apr 2004 21:54:30 +0100
From: Steffen Higel
To: John Allman ,
paulinemccaffrey at eircom.net, stevecash at ireland.com, tony.odonnel at cs.tcd.ie, declan.dagger at cs.tcd.ie, edwin.higel at brookside.ie, marynstanley at eircom.net, richard.bannister at cs.tcd.ie, oconnoat at tcd.ie, jean.higgins3 at mail.dcu.ie

[This is long, and is quite heavy on the technical discussion. Skip the bits you don't understand. It gets interesting.]

I work for a busy Dublin Internet cafe, doing some sysadmining and general computer maintenance. On Sunday the 28th of March, I got a rather distressing email from a sysadmin in a large U.S. University. Spamcop had blacklisted our server's external IP address. Abuse mail for the server in question gets sent to my college account (bad practice, I know, but it's a part time job). My college uses Spamcop as a blacklist source. You can probably tell what happened...

Anyway, said email included the full headers of an email which was natted by our server pretending to be from the widow of Mr. Jonas Savimbi, offering the recipient a share of an unspecified large sum of money. The usual panicked thoughts kick in... "Have I fiddled with something which has left us as an open relay?", "Has our server been cracked?", "Have I been sleep-spamming again?". A more reasoned examination of the headers showed that the mail had originated from one of the IP addresses that we assign dynamically to people who bring laptops into the cafe. This is something of a nightmare for cafe operators, we can hardly block outbound smtp but then again it isn't possible for us to manually check every single mail either. Maybe rate limiting is a valid technical solution. Or a contraption which hits the user on the head for every mail they send. So if they send 1 an hour, it's a mild nuisance. But if they send 100 a minute, it'll probably kill them.

A peek through the logs revealed:

Mar 26 15:04:16 server dhcpd-2.2.x: DHCPDISCOVER from 00:40:f4:5d:aa:f7
via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPOFFER on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1

Bingo. I had something to work with. The network card is one based on a Cameo 32bit chipset. Matches up quite nicely with these:

Return-Path:
Received: from 192.168.1.70 (server.XXXXXX [XXXXXXX.29])
byXXXXXXXXXXXXXXXXXX) with SMTP id i2QFrgi0002755
for ; Fri, 26 Mar 2004 10:53:44 -0500 (EST)
Reply-To: "michelle savimbi"
From: "michelle savimbi"
To:
Subject: urgent response
Date: Fri, 26 Mar 2004 15:53:26 +0000
Organization:
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_0 00_0034_01C221EC.6C64F7B 0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000ams
X-MimeOLE: Produced by Microsoft MimeOLE V6.00.2800.1165

I asked around, and a man, described as being black (or is the word African-American these days?), roughly 30, with an accent which seemed half London and half African had been in the cafe with a laptop and had a number of visitors call into

Re:Full article text (for the lazy)

Ah, Sweet. I was tired of getting this crap, (the same actual email from a guy named savimbi) so I backtracked through the ip address in the headers as soon as I received one. The guys computer was wide open, including the windows shares. I had also found MS Word files with variations of the text you describe and correspondance with other users concerning money transfers. Satisfied that this was the scammers computer, (wasnt much else on there), I installed a universal motherboard flash utility on reboot that flashed his motherboard rom with a text file. Nasty! It seemed to work, about two days later the emails stopped for a long time. I wonder if it was the same guy.

Diet tips

[zoeblade]

It even includes the attempt to eat a usb pen drive, several cops and...

Diet tip of the day: never try to eat cops. That whole pig motif's just a cunning lie.

Re:Diet tips

[lommer]

He actually might have a future in competitive eating - I don't know anyone, even championship hotdog eaters, that has attempted to eat a 10-minute struggle!

Re:Diet tips

Diet tip of the day: never try to eat cops. That whole pig motif's just a cunning lie.

Perhaps it has something to do with the guy's addiction to spam.... He went after the pigs but got his own bacon whooped!

Re:Diet tips

[anticypher]

Everyone knows the Gardai Sicini taste just like chicken. ta siad go halainn.

(Its an Irish joke, just mod it up)

Bain taitneamh as do bheile
the AC

damned /. filter doesn't like gaeilige accents

Good Show!

[b_w_duncan]

This is the kind of thing that makes your day, knowing that you personally have removed at least one source of the crap that fills inboxes. Let's hope the Irish bobbies can do something amazing with your tcpdump trace and if not I'm sure there will be vigilantes out there waiting to DoS the servers you mentioned!

We need more admins who are willing to take action.

Is there scope for running something like spamassassin on outgoing mail? Do people do this? Would give you a chance to stop outgoing spam before you get blacklisted.

Re:Good Show!

[trjh]

bobbies? if you're going to use slang, you'll look much less silly if you use it correctly. In this case you're in danger of making it look like you assume that the Republic of Ireland is part of the UK, which rarely goes over well.

Re:Good Show!

[easter1916]

Coppers, rednecks (Dublin slang for cops as they all come from "down da country", i.e., not from Dublin), the filth, pigs, guards, but no, not "bobbies". That's an English thing.

Re:Did I miss out on Ireland becoming the 51st sta

Ummm...I'm pretty sure Canada is already the 51st state.

Re:Just so I'm clear, here...

[skrysakj]

This is a story that starts with a sysadmin seeing a 419 scam, hearing that there was a black guy with a "suspicious" accent in his cafe, deciding that this must be our criminal, and deciding to read his e-mail to find out...

Right?

Not totally. He first said that a company (Spamcop?) blacklisted him and he didn't know why. He went back to investigate and looked through the logs, he saw a lot of traffic by someone using a laptop at the cafe and figured that the person was spamming. He had the hours it happened, and asked, and the person told him about the "suspicious" people during those hours.

USB drives....

[mrjb]

...are much tastier with a bit of ketchup, and easier to swallow too!

Re:USB drives....

[jcuervo]

...are much tastier with a bit of ketchup, and easier to swallow too!

I prefer ranch sauce.

Why Mandela not AA?

I was sick that day in school; why do you not refer to him as African American?

Re:Why Mandela not AA?

I was sick that day in school; why do you not refer to him as African American?

He's not an American.

Re:Why Mandela not AA?

I was sick that day in school; why do you not refer to him as African American?

Because he's not American. He's from South African.

Re:Just so I'm clear, here...

[bfree]

No, a sysadmin has his IP balcklisted because of spam, discovers it was sent from a laptop and when. Then he finds out that there was someone in with a laptop at the right time and they had visitors while they were there (which is not rare or suspicious of itself in a net cafe, but it attracts attention and can look suspicious depending on what they are doing). The guys description was male, black, 30 and a half london, half african accent. The sysadmin had the MAC address of the laptop and asked the staff to watch out for the same man. When the same guy appeared the sysadmin raced in and after the guy had waited to get a particularly private booth the sysadmin saw the mac address appear and hence had his confirmation. But the police wanted someone caught in the act of doing something illegal so he had to keep watching until the spam went again. Not quite as you described it eh?

Re:Privacy Rights? None

[phorm]

Hmmm, well let's think for a moment:

a) The internet cafe is more or less a public place, as well as a private establishment. If they don't have a sign indicating monitoring, at least they wouldn't have anything indicating that you do have 100% privacy

b) No "privacy" was violated until the issue with SPAM was discovered. At this time, massive SMTP requests were tracked to a particular machine/NIC using the MAC address.

c) MAC generally being a fairly unique identifier (not many people MAC-spoof), there was a fair bit of surety that the monitoring action was being taken against the same scummy spamming individual, used to acquisition evidence against his activity which while if perhaps not illegal, would almost indefinately violate the usage agreement for the cafe.

d) You don't really really even have that many privacy "rights" with your ISP. They log activity for these very reasons (spammers, kiddy-fiddlers, other illegal activitiy). If you were tagged as a spammer (with a non-spam friendly ISP) or a kiddy-pr0nography, you would no doubt come under scutiny with them as well.

Re:what transparent proxy monitoring software used

[jrumney]

He did say: postfix and squid (presumably using iptables or similar to do the rerouting to a local machine).

Cheers man!

[kdachev]

Though, I'd recommend calling the "militant anti-spam vigilantes" BEFORE calling the cops.

Take those baseball bats and solve the issue!!! :)

Have you noticed them spammers using any politeness when spamming you? - No. Alright then.

cliches

[MoFoQ]

"The pen is mightier than the sword"

In this dumbasses case, it's mightier than the sword when it comes to stabbing himself in the foot.

He should've used one of those biometric ones that you can encrypt your data (AES-128 or better I believe).

Re:cliches

The problem with biometric thumbdrives is that they require windows-only drivers. The right way to do this is to have the device draw power from the USB port, authenticate the thumbprint with no computer assistance, and only connect to the computer after the print is verified. This is probably way more expensive, but a good marketer would say that now you can use your pen drive on any computer, not just ones where the driver is installed.

The thing to do is use a normal pendrive, but encrypt all your files before transferring them to it.

Re:cliches

[MoFoQ]

or use both....use a biometric one but copy over encrypted files.

Re:Did I miss out on Ireland becoming the 51st sta

[adamofgreyskull]

Q. Surely Ireland, Britain etc. should be the 0th, 1st etc. states? ;o)
A. No. And don't call me Shirley.

Similar Problem but the Gardai did nothing.

[Kiffer]

I also work in a Cybercafe and Callshop in Dublin ...
Last year I noticed that someone was using our fax machine to send and reseive 419s ... we copied and collected the faxes for a while and rang the Gardai and told them what was going on ...
we had film of him comming in to send faxes and recieving faxes from people which went along the lines of

Dear Sir, we have resieved your money but need more to bribe people in Bank of Ireland / AIB / cant remmember which bank they where making up.

and getting replys with letters of Attorney for the transpher of money and such...

the Gardai came took the faxes and some photos from our security system... but said there was nothing they could do... I still see the guy around... not so many faxes though...

At the time my boss rang the poor person in america that was getting scammed ... who refused to beleive that it was a scam.. and insisted that it could'nt be and that they where going to get their money ... they had to ... they'ed risked there whole buisseness on it and had sent over $100,000 to the scammers... :(

we had so much dirt on that nigerian guy it's crazy that he's still wandering round free...

Re:Similar Problem but the Gardai did nothing.

As bad as this sounds... anyone falling for that scam deserves to lose their money.

Re:Similar Problem but the Gardai did nothing.

The rest of the story, in at least one well-publicized case, was that the apparent scam-ee knew full well what the scam was, and was trying to make it look like someone else (a boss) was falling for it, and hoping to take in some of the money in the middle, while the boss and the company took the fall.

It's not as simple as "the victim falling for it."
There's also the possibility that someone might "play victim" with somebody else's money, hoping to walk away with a percentage while bankrupting someone else and making them look like a fool.

That's the real danger of the 419. It's possible to succumb to greed and make yourself another middleman in the scam.

Re:Did I miss out on Ireland becoming the 51st sta

[stanmann]

The jury is still out on that question.

Re:I wanted to see...hauled off in a paddywagon.

[easter1916]

Actually, from his name the admin in question sounds German or Austrian -- Steffen? Could be Irish all the same I suppose.

And a nice Chianti....

[JaredOfEuropa]

... was found in the booth as well, I suppose?

f-f-f-f-f-f-f!!!

Re:And a nice Chianti....

[mr100percent]

Is the sig part of Jingleheimer junction or something? F is for Friendship!

Block egress port 25!

[RT+Alec]

The cafe operator ought to know better:

This is something of a nightmare for cafe operators, we can hardly block outbound smtp...

If you operate a public Internet access point (school, library, cafe, city park, etc.) please block egress port 25 traffic! Your patrons do not need to pretend to be an e-mail server. To allow such traffic to come from your network is to invite spammers, scammers, and so on to operate freely with your resources. Anyone needing legitimate e-mail access can use webmail or pester their ISP or business to use SMTP+AUTH+SSL/TLS for initial mail submission (on a port other than 25, of course).

Configuring a SMTP server to handle this in not difficult for a reasonably skilled sys admin, so no excuses!

Re:Block egress port 25!

[Cheerio+Boy]

You obviously have never tried to get Postfix running SMTP AUTH.

A royal pain - even with the right packages loaded.

Re:Block egress port 25!

[pacman+on+prozac]

Your average internet cafe user won't do any of the above.

They'll just walk 200 yards down the road to the next cafe where they can use their email.

Re:Block egress port 25!

[SiliconEntity]

Blocking port 25 is only a short term fix. There's no law that says email has to be sent on port 25. Wiith spammers increasingly using cracked PCs running SOCKS proxies and the like, these can be on any port whatsoever.

Spammers are quick to adopt countermeasures to simple technical efforts to thwart them. Anyone who receives email will have noticed how much the content of spam has changed in just the past year, in order to evade the new filtering technologies. The same thing will happen as port 25 blocking becomes widespread.

Re:Block egress port 25!

[0x0d0a]

If you operate a public Internet access point (school, library, cafe, city park, etc.) please block egress port 25 traffic!

Ultimately, this is a dead end for avoiding spam. It relies on securing every potential entry point to the Internet of spam, which just plain won't happen -- despite heroic (and often frusterating in side effects) efforts over the past few years, no luck.

The proper answer is in securing recipient points (with my preferred approach, with a trust network and signing) -- having a recipient only accept mail that he wants to accept.

Re:Block egress port 25!

[RT+Alec]

The harder it is to find an open relay or other means of injecting spam, the better. It makes spam busting technology work better (e.g. blacklists and other filters) and life more difficult for spammers.

In any case, as the story made clear, if your IP addresses are the source of spam, prepare to be blacklisted. Is being blacklisted so bad? All it means is you will have difficulty running a mail server. Why does everybody have to run a mobile mail server?

I run a non-profit wireless ISP, we make no mistake about our policies. We NAT to private address space, block everything, then open up selected ports that we feel are not subject to abuse. Sorry, but it is, after all, free access. A few people have noticed (not complained) that they cannot access their older e-mail systems (not using SSL, using port 25 for initial mail submission). However, VPNs, and most encrypted connections (including SSH!) are permitted. We don't care what you do on our network, but we're not willing to accept responsibility for innapropriate activity.

Re:Block egress port 25!

[0x0d0a]

It's not that I expect you to do so (I don't expect anyone *giving* something away to give beyond the degree they desire).

It's just that a lot of admins view blocking port 25 outbound as a solution to spam. It just isn't, and it's awfully frusterating (because it's become a tool used to force tiered service).

I run a mail server on my machine. I started doing so in university because I moved the thing between home and university, and both my home ISP and the university mail server disallowed relaying, so inevitably I'd forget to change my mail server settings, and my mail would start bouncing (except in the case of my home ISP, which simply silently dropped the mail -- usually it took a week or so for me to realize that none of my mail was going out). It also lets me get "undeliverable" warnings immediately and with the degree of information that I'd like -- one mail server that I used for a while at university was VMS, and was a royal pain in the ass.

So, while this is hardly a common usage, it is awfully frusterating when people simply try to ban servers or block ports with the intent of blocking spam. It hasn't stopped spam for years, and it isn't going to start, and it's a terrible inconvenience.

I just wish that instead of the next antispam hack being some half-assed attempt at pushing things off for another month until spammers modify their tools to deal with it (a la SPF), it would be a real move to a trust network with signatures. But that takes work to do properly, and it's so much easier to do bad hacks. :-(

Re:Did I miss out on Ireland becoming the 51st sta

[Patrik_AKA_RedX]

(or is the word African-American these days?)

Ah, political correctness. The art of preventing that what you say might offend someone, by making sure no one can understand what you're talking about.

Old idea, Patented

[Dr.+Evil]

http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=P TO1&Sect2=HITOFF&d=PG01&p=1&u=/netahtml/PTO/srchnu m.html&r=1&f=G&l=50&s1='20030009698'.PGNR.&OS=DN/2 0030009698&RS=DN/20030009698

Better stop innovating, it could get costly.

I think Allan Cox has been using a very similar method for a long, long time.

1. I send you an email
2. You autorespond "blah, put xx in the password to send me an email. You only need to do this one time to be added to my whitelist". (this verifies my reply-to address was real and that a human is answering)
3. I respond "hey I said 'xx'!"
4. You get the email and all is good in the world.

My mail is so bad now, I'm probably going to set up such a method. I just can't deal with it anymore. My email is utterly useless now.

Re:Old idea, Patented

[Nogami_Saeko]

POPFile... Kills. Spam. Dead.

Current accuracy is 99.12% over 8,000 messages. It misses maybe one spam a month, if that.

Most of the errors occured on the first week of training it. Now it's almost entirely flawless.

Highly recommended!

http://popfile.sourceforge.net/

N.

humour

[The+Queen]

Was it really a joke? Or has someone in Ireland been brainwashed enough by our media to think he's supposed to call blacks in his country "African-Americans" - ? It's sad that I believe the latter first, though I'd love to be proved wrong.

Re:humour

[easter1916]

I can assure you that racism is far more prevalent in Ireland than political correctness. You'll hear the n-word a lot more frequently than you would here (in the mid-West)... I was there last week on a visit to Cork and was astonished at how casually people tossed around deeply offensive terms. It's a shame, given that we Irish were long on the receiving end of that kind of crap.

"we can hardly block outbound smtp"

[TBone]

Why not?

You're a cyber cafe, not a shop that's set up with local accounts. Mail should be of one of two types:

• Webmail/remotemail/etc, in which case, the mail actually doesn't get sent from your servers, it goes through the webforms/ssh/whatever to be sent from the remote server
• Mail from actual local accounts for the Cafe's staff. This mail should be filtered to your mail server, and should only be forwarding mail from those accounts. Setting this up is fairly trivial with the many AUTH-before-SMTP methods out there.

Either way, your proxy server should have a default DENY outbound port 25 EXCEPT from your mailserver, which itse'f is handling the authentication for the few accounts that really are allows to send mail.

Re:"we can hardly block outbound smtp"

[lizrd]

That won't work very well because he seems to be running the type of operation that allows customers to bring in their own laptops and use the connection at the cafe. Being unable to send e-mail from the application of my choice would not make for any of my repeat business at said cafe.

The article did notice that he redirects SMTP traffic to his own server for logging. I don't like that very much either -- it breaks SMTP-Auth when I can't connect back to my own server to send my mail -- but I'll accept it as a cost of avoiding SPAM. Fortunately (for me anyway) port 465 (smtp over ssl) is rarely redirected with schemes like this.

Re:"we can hardly block outbound smtp"

[TBone]

Being unable to send e-mail from the application of my choice would not make for any of my repeat business at said cafe
-------

Being able to prevent spammers from dumping piles of spam out to the world will allow said cafe to stay open, since having their network conenction terminated for spamming wouldn't be of use to anyone.

If you really need to be able to use a local client, they could set it up so that you are given access on a per-MAC, per-person basis. I go in, show my ID, show my MAC address, they enable the firewall for me. Someone else can't use my card, and I can't use someone else's card, and then if something goes wrong, they can say "Sven did it, here's his address and the MAC accress of teh card he was using". Local law enforcement gets a detailed search warrant for a network device identified by MAC address XXX in the possession of Sven, or the equivalent in your local municipality, and another spammer goes to jail.

I would guess that you are a minority of the userbase, and that most people have access to webmail on their remote servers. Inconvenience? Yeah, but not as inconvenient as cafes closing down because they aren't blocking spammers.

Re:"we can hardly block outbound smtp"

[Skapare]

Being unable to send e-mail from the application of my choice would not make for any of my repeat business at said cafe.

So, they leave it wide open, spammers infiltrate, the address space gets blacklisted, and now you come in and use the "application of your choice" and voila, you are unable to send mail. Duh!

What cheesy ass application are you using, anyway, that can't be configured to use a specified mail server?

If you're using SMTP-Auth, presuably that means you are injecting mail into the outbound server for your email address. So why aren't they using MSA (which is essentially SMTP-Auth over a port designated for mail submission only)?

Another option is for email volume throttling. By feeding the SMTP (to various MX port 25 hosts around the world) through a specific server that watches the volume, you can at least limit the damage by limiting the number of messages going out. Intercept each connection and tarpit them at a rate such that no more than 1 connection is passed on per N seconds (such as 1 per 120 seconds as an example). And if you can track IP address to account (e.g. the account used to access services at the cafe), you can set this limit per account. That should be a reasonable compromise if the cafe wants to allow direct SMTP out for customers that don't abuse the net, while discouraging the spammers from coming back.

Re:"we can hardly block outbound smtp"

[innate]

Deny outbound traffic to port 25, and allow outbound traffic to port 587 (submission).

The whole point of the submission port is that it's a regular SMTP port that only accepts authenticated connections -- therefeore it won't accept incoming mail (except from an authenticated user of course). It doesn't require any changes to mail clients, and minimal changes to mail servers, and it's safe to let through the firewall at the Internet cafe.

Re:"we can hardly block outbound smtp"

Really easy to change mac addresses (on my card, anyway).

ifconfig wlan0 hw ether xx:xx:xx:xx:xx:xx

Use your mac to get an IP, not to identify a spammer in court.

By the way, the system I implemented lets you send 200 messages in a 24-hour sliding window, keeping track of when you send and to how many in an SQL database. Go over quota, and the delivery program automatically disables your account pending human contact. Really easy to do with postfix.

Re:"we can hardly block outbound smtp"

[lizrd]

You're correct. I could constantly reconfigure my e-mail client. But that's a pain in the ass. Furthermore the OP suggested blocking outbound SMTP entirely. I don't think that's a very attractive alternative because webmail just isn't as good as a real MUA.

I've had trouble (with STSN in particular) with 587 also being redirected to a proxy. My MTA warns me when STARTTLS fails and then I take steps to work around this. What I've found to be most successful is using 465. On port 465 the connections begins with SSL and then begins SMTP rather than starting with SMTP and then invoking TLS.

What I think really sucks is that the spammers have made it difficult for me to do my mail, even when I go about things the right way.

Re:"we can hardly block outbound smtp"

[Skapare]

What I think really sucks is that the spammers have made it difficult for me to do my mail, even when I go about things the right way.

You have to distinguish yourself from the spammers in some way. And you have to do this while spammers are trying to make their mail look as legit as they can.

Spammers have made a lot of things difficult. They make running mail servers difficult, too. That's why I and lots of other people believe no ISP should choose to allow spammers on their network. That's why I and lots of other people choose to refuse email from any address in those ISPs that do choose to host spammers so that maybe they will lose legitimate customers and go out of business, or maybe see the light (on the financial sheets) and kick out the spammers and go clean. That's why I and lots of other people use the broad brush when blocking spammers.

Re:Just so I'm clear, here...

[Kiffer]

Good work Steff.

In fairness the guy who was 419ing from my Cafe was Nigrian and I just use the word as an expleative now.
He also had a simmilar acsent... no laptop though.

heay Steff long time no see ...
wie gehts?
Chris

Re:Did I miss out on Ireland becoming the 51st sta

[vwjeff]

Or he could be American-Irish.

Ok, how about we just call him a man. Is that alright with everyone?

Similar experience

[lordsilence]

I don't think that the only problem for internet-cafes are the customers who run "illegal" software, but also the security-policies of the cafes themselves. If policies are not enforced lots can happen before someone takes action.

I'm currently a part-time employee at a Swedish Internet-cafe where I work as a system admin. I've previously only been taking care of the Linux systems which we run for sponsored websites and gameservers but have recently been forced to take over the work of our late Windows-loving administrator.

He had the responsibility to maintain our firewall (WatchGuard), our active-directory Windows2000 server (user-database and login) and the exchange system, aswell as other system as the check-in/out machine. These tasks has now forcedly fallen onto me as this previous admin has been removed from further duties. Perhaps he had too much on his hands or he simply didn't care, but lots of security-policies were not enforced which could have saved me lots of trouble.

Anyhow, recently I began getting calls from an employee at a university here in sweden who told me that spam were originating from our mail.domain.se machine, after doing some further checks I noticed the e-mails were infact being sent from a software disguised as "nortonav.exe" on one of our game-machines. Acting as a spam-daemon. The first thing I did when I had recieved the password for the firewall was to block all smtp-traffic except for the trusted exchange and shutdown this terminal. I've set-up a series of security policies as well as tried to teach the cafe-staff some security-values as in maintaining the antivirus/adware-awarity. Would there be other good countermeasures to take?

Some of the firewall-blocking:
03/31/04 19:05 firewalld[159]: deny out eth1:0 48 tcp 20 128 192.168.0.102 64.236.62.131 4697 25 syn (SMTP)
03/31/04 19:05 firewalld[159]: deny out eth1:0 48 tcp 20 128 192.168.0.102 64.4.50.99 4696 25 syn (SMTP)
03/31/04 19:05 firewalld[159]: deny out eth1:0 48 tcp 20 128 192.168.0.162 200.208.9.162 3525 25 syn (SMTP)
03/31/04 19:05 firewalld[159]: deny out eth1:0 48 tcp 20 128 192.168.0.162 213.212.42.30 3524 25 syn (SMTP)

It may be just me who has had bad experience with all administrators at companies I've worked at, who only see Windows as the only option but is it more common for these kind of people to ignore security?

Re:Similar experience

[AndroidCat]

People who run other Internet cafes would be able to tell you far better, but I believe there are packages that let you scub and reload a known Windows configuration after each user (or at least at the end of the day).

Certainly a configuration that doesn't allow users admin rights and locks everything down would be good, but I don't trust Windows to be secure in a rough environment like that. (Or any environment. I just installed Win XP Pro on a box, locked everything that I could remember. Forgot to ditch the idiot MS Java VM. D'OH!)

Re:Similar experience

[lordsilence]

Yes, but most of these software cost a lot of money. I wonder if there are any opensource-alternatives.

Re:Similar experience

[SuiteSisterMary]

One well regarded one is called something like deepfreeze; I'm too lazy to google for a link at the moment.

What it does, though, is return to a static state at each reboot; supposedly no matter what you do to it, just reboot, and you're back to your blessed state.

Re:I wanted to see

[Kiffer]

Wer hat das gesaght?

Der arme Spammer?

Mien Deutch sind ganz slecht.

oh wait are you talking about the nigerian?

Re:Privacy Rights? None

[danila]

Other illegal activities including using P2P, discussing Islam, contributing to Open Source, criticizing President Bush or Chinese Communist Party, etc.?

I don't want my activities monitored in the Internet cafe. Well, perhaps monitoring for network-related reasons is ok (traffic, spamming, port scanning, troyan sending, etc.), but not recording (that's what transparent proxying means).

Recording someone's activity should be reserved for those cases when the system administrator already has reason to suspect someone, not as a prevention or a way to entertain himself.

Re:Did I miss out on Ireland becoming the 51st sta

As a black man, I absolutely HATE being called African-American.

People *think* they're being *safe* by referring to me as one, but I'd rather punch anyone that uses that term in the friggin' nose.

similar news story

[way2trivial]

to be found here on the bbc

Re:Did I miss out on Ireland becoming the 51st sta

[swb]

Why is it every time school bureaucrats are shown to be fools they have to lash out and suspend students?

Cybercafes bveing blacklisted by anti-spam sites.

[cjellibebi]

Our cafe was *BLACKLISTED* by spamcop.

Does anyone else find having entire Cybercafes blacklisted by anti-spam filters a bit worrying?

I do a lot of travelling, and about a year ago, I noticed that in a lot of Cybercafes, when I tried to e-mail a particlar person, I got an automated response from their mail-server to say it had rejected the e-mail because it was spam. I usually use my Freeserve account (via a web-mail interface). I wondered how my e-mail address could have become blacklisted, and tried my Hotmail account which I hardly use (I only got one could use MSN messanger). The Hotmail e-mail got through (I got no automated rejection, and even a reply). This at first led me to the conclusion that my Freeserve e-mail address had been blacklisted. Later, I found that sometimes, e-mails from my Freeserve account would get through, and at other-times, they would be rejected.

Eventually, I figured out that it was the IP address of the place I was sending it from that triggered the spam-filter. This has lead me to two conclusions.

• E-mails sent from Hotmail accounts are immune to spam-filters, but not from Freeserve accounts.
• Just about half of the Cybercafes or Internet-Kiosks I have been to have been abused by spammers.

Do all spam-rejecting filters give out an automated rejection-reply? If not, then I won't know that my e-mail has been rejected by an anti-spam filter, and I won't try to mail it again from my Hotmail account or another place with Internet access.

Re:Did I miss out on Ireland becoming the 51st sta

[liquidsin]

Try this out for some fun with bad PC labels.

more filling

[oogoody]

>USB pen drives aren't very filling.

Don't know. That's a lot of bytes.

about you?

"Living in a former oppressive totalitarian state, now a relatively free country. My best regards to Americans, who do the opposite." This is on your entries page at /. - please explain

Re:about you?

[danila]

I was born in Soviet Union and live in Russia now. After the USSR broke, people really appreciated the freedom. It helped that our first president (with all his demerits) was bent on freedom of press, even when journalists called him a feeble-minded alcoholic or something like that.

It is slowly changing (according to Hunter's Corollary to Murphy's Law, things go from bad to worse) now that we have reelected our KGB president to the second term. But still, the strictness of our laws (though in general they aren't particularly strict) is more than compensated by the laxity of their enforcement.

Still, the progress in regards to personal freedoms over the past 20 years is staggering. Ironically, in the United States things went the other way, as the government continued to accumulate more and more powers and is not afraid to use them.

I am not happy here in Russia (because science is not funded and the country is not safe - murder rate thrice of the US one), so I plan on moving somewhere when I finish my PhD, but I will not even consider moving to US.

Re:Privacy Rights? None

[miracle69]

Except this was a private business whose product (internet access) was being degraded because they were being blacklisted because of a Spammer.

That has real consequences to the business, as customers may not return when they find that they can't send email to their company/friends from that particular cafe.

Re:Did I miss out on Ireland becoming the 51st sta

[mysticalreaper]

So they can stop the uprising, put the kids back in line. What's more amazing is they get away with it. And did you notice they also suspended students for passing out a petition critizing them for having racist awards like this? The exact sort of free speech that is VEHEMENTLY defended by the supreme court, and courts all over the USA, time and time again. It's one of the freedoms they got right, and they know what it's good for.

But then, this is the USA's public school system, which is apparently pretty bad. Makes sense that the teachers are lame too, doesn't it?

The important question...

[Tackhead]

> Detective number 1 grabs and tries to cuff him, detective 2 starts to do the same. A struggle ensues and goes on for a full 10 minutes, basically trying to pin him on the floor and then getting his arms behind so he can be handcuffed. Michelle agrees to co-operate on numerous occasions and each time tries to run to the booth to destroy whatever is on that machine.
>
> Eventually, 2 more gardai arrive and he's cuffed and brought out, crying like a little girl

...ten minutes of watching a spammer being beaten to a quivering pulp.

/me re-reads that sentence a few dozen more times... *aaaaaaaaah, yeaaaaah*

Ten. Whole. Minutes. Skulls thumping, billy clubs and fists flying, and 419er whimpering.

Video? Even grainy stuff from the internet cafe's security cam? Please? Pretty please? Pretty please with a lead pipe and a clump of spammer flesh on top?

> What have I learned? Firstly, [ ... ]

FIFTHLY: BRING A VIDEO CAMERA NEXT TIME! You got to see all the good stuff, and you didn't SHARE!

Re:The important question...

[Chewie]

Unfortunately, from the article text, it looks like it only took 10 minutes because they really were trying to restrain him without injuring him. Joint locks are difficult if you don't get to hit the guy first. I feel pretty confident in saying that if they'd actually been able to hit him, it would have taken about 10 seconds.

Re:The important question...

[Professr3]

Just a little punch wouldn't exactly "injure" him... consider it a mild anesthetic :D

59 65 73 2C 20 79 6F 75 20 6D 6F 73 74 20 64 65 66 69 6E 69 74 65 6C 79 20 64 6F 2E 00

Re:The important question...

I feel it's safe to assume those four Gardai will administer some "anaesthetic" to Mr. Spammer, when he's away from public view and in places it won't show. If some jungle bunny ripped my watch off he'd be in for it.

On the other hand the Irish Gardai can be surprisingly decent and they might not touch him - English police thugs are much more vicious, putting the boot in on closed-circuit camera recently!

Re:Racist Bullshit

[JohnnyBolla]

He didn't say they were scammers, did he? Re read the quote you posted. Doesn't say a thing about them being involved, does it?
You're not being politically correct, you're being an asshole.

Re:Racist Bullshit

[mkuki]

Amen. I kind of balked at the same paragraph (since the spammer was black the sysAdmin is now justifying denying access to other black people with african accents?).

Re:Did I miss out on Ireland becoming the 51st sta

Imagine the same politician thinking to himself, "don't say the N-word, DON'T say the N-word" over and over, and you'll see why Nelson became an American that day...

You mean Niggardly?

Whitelists are useless in business

[nurb432]

In a business you cant predict who your next customer may be.

If you filter him out, he will be someone else's customer..

Re:Cybercafes bveing blacklisted by anti-spam site

[Schmucky+The+Cat]

Of course IP addresses in cafes should be on blacklists. You answer that question yourself when you mention just about half have been abused.
Why are you sending direct to MX from an internet cafe?
You have a return email address on your email. The server that handles that address should be setup to allow an authenticaed relay for you. Then your email always goes to the MX of the recipient with the same IP as the address of your MX. If your MX is properly secured you'll never be blacklisted.
And no, not all filters reject. Most client side filters (many of which use blacklists in whole or in part) just dump the spam without sending a reply. SMTP does not gaurantee delivery or notification of delivery. It's up to you, not your technology, to make sure your messages get delivered. So setting up a configuration that works most of the time is in your interest. Sending direct to MX from a cafe is, as you've discovered, not very fail safe.

Amen, brother!

[chadjg]

I say let him eat the pen drive, then have our Guardai friends load him up with a couple of pounds or kilos of that good Irish farm cheese. Then we'll see how much he likes being a spammer.

Revenge fantasies really are a waste of time, aren't they?

Re:Did I miss out on Ireland becoming the 51st sta

[Idarubicin]

It almost killed me when I heard a US newscaster refer to Nelson Mandela as African-American.

The correct term, as everyone should know, is African-African.

Er, wait...

Paypal

[wowbagger]

Were I you, I would set up a Paypal tip jar.

I know I'd kick some cash your way!

Gardai

What the #$%^ is Gardai?

Re:Gardai

They're the Irish police.

51st state?

You're both wrong!

Every school child knows that CANADA is the 51st state. Britain and Ireland are clearly states which joined later. Duh!

Re:Did I miss out on Ireland becoming the 51st sta

[dave420]

Very true. I have a friend who's from South-Central LA (sorry, South LA), and he's black. He gets called "African American", which is pretty strange for him, as he doesn't know where his family is from. Sure, waaay back his folks were in Africa, but then so were everyone's. I'm white - would I be a European-American? Of course not.

The "funny" thing is, these politically correct terms are often more offensive than the terms they replace.

make that *spurious* ham

[JimmytheGeek]

Ham is a particular part of the pig, and spam is no part in particular...

Re:make that *spurious* ham

[EvilAlien]

99% lips, noses and assholes.

Re:make that *spurious* ham

[Chaset]

Reminds me of a You Don't Know Jack commercial: SPLAT
SPreadable Lips Anuses and Teets, the Other alternative meat!

An Garda Siochana

[Raven42rac]

The Gardai as they are referred to are actually called, in Gaelic "Garda Siochana na hEireann", which translates to "Guardians of Peace in Ireland" . They are the cops in the Republic of Ireland. They even go on peacekeeping missions abroad.

Re:An Garda Siochana

[cobyrne]

(One of) their slang names is "An Garda Sicini" (pronounced with a "h" after the "s", and the two latter "i"'s are long), which means "Guardians of the Chickens".

Re:An Garda Siochana

Retard they don't go on peace keeping missions!
Thet're just cops for fucks sake

Re:An Garda Siochana

[easter1916]

They've been deployed to places like Kosovo, Bosnia, etc., along with other western European police -- to train the locals how to be good police, not for peacekeeping. He was probably referring to that.

Re:An Garda Siochana

[Raven42rac]

I am not mistaken. I was in Ireland last April when boys were coming home in bodybags.

Re:An Garda Siochana

[Magickcat]

No, they are not the cops in Ireland. They perform policing duties but they are not the cops or the police.

Re:An Garda Siochana

[david42]

An Garda Siochana are the Irish police force. They do exchanges with other police forces around the world. The Irish Army, which is seperate, *does* take part in UN peacekeeping missions, for example they are currently in Liberia.

Re:An Garda Siochana

[david42]

An Garda Siochana is the (only) Irish police force.

Re:An Garda Siochana

[Raven42rac]

From my previous link:

The Garda Siochana (the police force) first participated in UN peacekeeping in 1989, when a 48 -strong contingent was sent to Namibia with the UN Transitional Assistance Group (UNTAG). Since then, approximately 400 members of the Garda Siochana have served with various UN missions throughout the world. 20 Gardai currently on service with the UN are serving in Cyprus.

Re:An Garda Siochana

[easter1916]

Coming home from where in bodybags? My sister is a Garda, as is my brother in law, and is my first cousin. I would have heard about this, I'm sure. Unless you're referring to them coming home from Limerick in bodybags, fucking hole of a place.

Re:An Garda Siochana

[Raven42rac]

Whoops, I got them mixed up with the Irish boys in the British Army. I know for a fact the Gardai go on peacekeeping missions with the UN and such. I have never been to Limerick, I have heard enough stories about it to not want to go either. I have mostly been to Derry in the North, and all over Donegal in the south, mostly Buncrana.

Re:An Garda Siochana

[easter1916]

I note with pleasure your omitting the Sassanaigh prefix "London-" in front of our ancient city of Derry. Thank you.

Re:An Garda Siochana

[Magickcat]

They are an organisation that performs policing duties, but they are not the police you pack of ignorant buffoons. After the atrocities that the former Irish police performed before Irish Independance, they were deliberately made distinct from police.

Re:An Garda Siochana

[easter1916]

Donegal is stunningly beautiful... I recently had the pleasure of visiting the Slieve League cliffs there during a visit home. I had never heard of them until recently, nor had my friends or family. Europe's highest seacliffs, just a wonderful, wonderful place. Never been to Derry, spent plenty of time in Andystown (Andersonstown) in west Belfast in the mid-80s though. Nice enough place... the whole north is weird for a southerner. Foreign signage, license plates, names, cops, military in your own country. Regardless of political opinion it's a very, very unsettling feeling. Particularly when some 18-year old squaddie from Liverpool or wherever has the fucking balls to point a weapon in your face and tell YOU to "Go home!".

Re:Did I miss out on Ireland becoming the 51st sta

Technically my wife's boss and daughter are African-American

If your daughter is african-american, you should realy check what your boss is doing when he asks you to stay in work after working hours...

Re:Did I miss out on Ireland becoming the 51st sta

Googlefight declares your 'humour' to be the loser.

Please begin using the proper spelling as soon as possible.

Re:Did I miss out on Ireland becoming the 51st sta

[ryanwright]

LOL!!

Tylena Martin, a junior, said the poster had been on the door to her homeroom class where she is the only black student. She said she felt hurt by the posters and the backlash that ensued.

Someone should tell little Tylena to grow the fuck up. Being a whiny little P.C. bitch isn't going to get her anywhere in life. The few celebrities that are both are the exception, not the rule.

The USB Key

The USB key was probably one of those encryption keys from http://enovatech.net/ they are used in some IBM laptops. It's a hardware real-time encryption device. Where the USB key is the "key".

Remove the key and the harddrive will be inaccessible.

I don't know if this has been done

[fishbot]

but couldn't internet cafes and the like install SpamAssassin on the outbound as well as the inbound servers? That way, if an outbound email is flagged as spam (tolerance altered to suit) it could be prevented from ever leaving the network?

If it's been done I'd like to see where/how, 'cos that could be quite useful.

Re:I don't know if this has been done

[The+Mutant]

How many internet cafes are running their own SMTP servers? Very, very few.

Most folks using such a cafe are there for web access - hotmail and such - and access email via a browser.

So browser based email couldn't be scanned since Internet cafe users might just be looking at ordinary web pages (albiet advertising spammy products)...

Well the school has an email address listed

[Lehk228]

I certainly hope nobody sends any nasty email to the schools email westside@westside66.org I certainly would not do so.

Re:Stupid Question

[easter1916]

Irish Law is effectively a modified version of English Common Law -- after all, what's now the Republic of Ireland was part of the UK until 1921.

Since independence, of course, Irish law has evolved along a different path -- a written constitution, for example -- Bunreacht na h-Eireann (basic law of Ireland).

All laws are published somewhere in here -- a very interesting site from our Department of Justice, Equality and Law Reform: http://www.justice.ie

Re:Racist Bullshit

Then why mention them in the first place?

I think the asshole shoe is on your foot.

Re:Just so I'm clear, here...

[ryanwright]

This is a story that starts with a sysadmin seeing a 419 scam, hearing that there was a black guy with a "suspicious" accent in his cafe, deciding that this must be our criminal, and deciding to read his e-mail to find out... Right?

Right. Every time a black man is arrested for breaking the law, it's not his fault. Some racist white bastard is to blame.

my W*O*R*K*I*N*G spam filtering method

[pangel83]

I have bought a domain (let's say johndoe.org) from a very cheap url forwarding company (at a rate of something like $15/year). It comes with unlimited e-mail forwarding aliases, and a "catch-everything" alias (let's say notexisting@johndoe.org), that forwards any e-mail send to non-existing alias to the default e-mail address that I have defined.
The default e-mail address (let's say secret@johndoe.org) is an alias that forwards everything to my real mailbox (let's say johndoe@aol.com). Of course, my real mailbox address, my catch-all address and the "default" address are not given to ANYBODY.

For my communication needs, or whenever asked, I just makeup a e-mail address (jonamazon@johndoe.org for amazon so that I will remember easily what address I use on the site). Since the alias is not setup in the mailserver, when amazon tries to contact me, the e-mail will follow the following alias path:
1) jonamazon
2) notexisting
3) secret (default)
4) real mailbox

When I see an spam message (once in two weeks!!!), I just divert the alias to point to an abuse address of a random spamhaus. The good thing, is that since I use random but descriptive addresses, I can see what websites actually harvest e-mails and sell them to spammers!!!
It is interesting to note that at some point I received e-mail that were addressed at some ridiculus random aliases (e.g. jesus@, happykitty@ etc) of my domain (clearly not used by me). Just an indication of the use of wordlists (of course every such alias got blocked).

I have not yet reached the levels of paranoia of giving seperate e-mail addresses to any of my friends of course :P

Anyway, it is not as complicated as it looks, and of course way less complicated than using bayesian filters and the like. And believe me, it works :)

Re:my W*O*R*K*I*N*G spam filtering method

[kertong]

good. I thought I was the only one doing this.

Once I see that a tagged email address i gave out has been harvested by spammers, I immediatley set up a rule to just dump the email.

Makes life much easier. :)

Re:my W*O*R*K*I*N*G spam filtering method

[MrDoh!]

Not only e-mail, seeing as all snail mail for an address ends up in the same place, easy to do for mailing lists. Signed up with for AntiVirus software with the name Edward Bola. Didn't take long to get the spam mail addressed to EBola, and could track where it had come from...

is accountant.com legit or not?

[gibbsjoh]

Hi all,

This OT but my money is worth more than my karma...

I had a buyer purchase my Sony Playstation on Ebay. Surprise surprise, its from a brand new ebayer acting on behalf of a relative in Nigeria. The offered US$22 (funny, the bid was GB20) via Western Union. I received an email from "Western Union" but actually from an accountant.com address (like the one in the article). I smell a rat and obviously won't send anything, but is this accountant.com a known haven for scammers?

Thanks, John

Re:Just so I'm clear, here...

[Jay+L]

I'm still not clear how you knew it was him from the initial log - did your staff notice him coming in and leaving at the time the logs said, or was he just the most suspicious person there during that time? Surely the cafe wasn't otherwise empty.

That said, although you don't explicitly say so in the story, I'm assuming you were tracing only that particular MAC address, and so if it weren't him, your tcpdump wouldn't have shown anything at all. For some reason the story implied that you raced to the cafe and set up a trace on his particular Ethernet port, which is of course not how it's usually done unless you have a managed switch...

Damn!

[Guppy06]

"It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man."

You mean he wasn't "shot while trying to escape?"

Re:Damn!

[zoney_ie]

They have to save the bullets for May Day... Policing the E.U. enlargement ceremony, anarchists, socialists, hippies, inebriated patrons of Temple Bar's pubs...

Its a joke

He is joking, grow a sense of humor.

Re:Did I miss out on Ireland becoming the 51st sta

[swb]

His daugter is African American because she was born in Africa and was born to a native-born African. Of course they're both white.

My wife and I don't have kids.

Re:Did I miss out on Ireland becoming the 51st sta

[MattT]

I'm surprised that the author used the term "paddywagon", which I understood to be an american term particularly offensive to an irishman.

Re:Privacy Rights? None

[phorm]

should be reserved for those cases when the system administrator already has reason to suspect someone

Which of course, they did. So in this case there's really nothing to complain about. As a sysadmin myself, I generally stay out of the proxy logs and/or people's home drives. However, there have been occasions where I've had to poke around:

a) Internet logs: Innapropriate behavior or suspect behavior gets one of two things. I general GREP of the logs for inappropriate keywords, or in most circumstances, a GREP of logs for the person in question.

b) Home drives: Recently we've been getting a bit high on the drive size in home directories. I don't like quotas, because some people have legit reasons to use more space. However, I do find this a bit useful:
du -ms /home/* | awk '{ if ( $1 > 100 ) print $2 ":" $1 }'
(basically, print out size/username of directories > 100MB)

Most users here (a school) are sub-100MB, with space for documents, some graphics, etc. More recently, we've been having issues with students storing game installers, demos, etc on the network space. Having several GB extra when I do a network-based backup can be annoying, so I periodically check out the homes of large drives. Minimal intrusion is done if possible, I just scan for the deepest large directory, then see the filenames. If they seem suspicious, I may investigate further, but in most cases the "WARCRAFT_3_DEMO.EXE" is a dead givaway.

The trick in being an admin is to be as unrestrictive/unintrusive as possible, while still finding ways to grab the info you need to deal with cases of abuse. Not always an easy thing to do... and sometimes I wonder where the students find the time/place to download over 50MB of pr0n (and hope I've never used the keyboard on that terminal).

Is this article legit?

[ObiWonKanblomi]

I mean, are there any news articles that can collerberate what this guy is posting or is this a tall tale?

Re:Is this article legit?

Well, he's posting here, although that doesn't mean he's not lying.

http://boards.ie/vbulletin/showthread.php?s=&thr ea did=151975

registration gets you...

[zogger]

... the ability to customise your display preferences, and also an easy way to keep track of on-going discussions that you have participated in.
At least that's why I registered.

Re:Privacy Rights? None

Only 50 megs of porn? Amature.

Re:Racist Bullshit

he never mentioned denying access to anyone.

Re:I wanted to see...hauled off in a paddywagon.

[con]

Many million Irish emigrated to the US between 1845 and 1950. One of the more popular areas for them to work was law enforcement. Therefore paddywagon actually refers to the fact that it carried so many Irish cops not that it carried so many Irish prisoners.

Re:This one goes out to all the ladies...

Start: 4/5/04 3:46:06 PM
Whois user: 66.180.174.12

OrgName: Netsonic
OrgID: NESO
Address: PO Box 28283
City: Green Bay
StateProv: WI
PostalCode: 54304
Country: US

NetRange: 66.180.160.0 - 66.180.175.255
CIDR: 66.180.160.0/20
NetName: NETSONIC-BLK2
NetHandle: NET-66-180-160-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.NETSONIC.NET
NameServer: NS2.NETSONIC.NET
Comment:
RegDate: 2001-10-15
Updated: 2003-05-28

TechHandle: IA111-ARIN
TechName: IP ADMIN
TechPhone: +1-920-490-1128
TechEmail: ip-admin@netsonic.net

OrgTechHandle: IA111-ARIN
OrgTechName: IP ADMIN
OrgTechPhone: +1-920-490-1128
OrgTechEmail: ip-admin@netsonic.net

# ARIN WHOIS database, last updated 2004-04-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Re:Did I miss out on Ireland becoming the 51st sta

[jcr]

No, I think it's:

51) Canada
52) Britain
53) Germany
54) Japan ...
397) France

Re:Did I miss out on Ireland becoming the 51st sta

[grarg]

I'm surprised that the author used the term "paddywagon", which I understood to be an american term particularly offensive to an irishman.

I think he was just taking the Mick. Or maybe he was just drunk, bejaysis.

Gwan da Steff!

whitelists DON'T rock

[heybo]

People generally don't care that much about the decreased bandwidth - a problem which can also be solved - use port knocking algorithm of some kind!

You can tell you don't have to pay for the traffic, and how is an algorithm going to stop traffic OUTSIDE the telcos router. You see if it goes into you network either good or bad traffic you pay for it. The Telco company just sees a figure based on that, and that is what you are billed for

And besides, spamming is pretty sophisticated these days, if the mail delivery fails, the target e-mail is often removed from the list of e-mail addresses they are trying to send scam e-mails to ( as far as I know )

You have got to be kidding! I see bad traffic from addresses EVERY day from addresses that have been dead for 4 years. If it bounces it bonuces back to some-poor-sap.comcast.com. We have blackholed all the big boys so today about 90% of the spam that gets through our servers and our filters is basically untraceable due to the fact that it traces back to some machine on DSL or on a cable network. One day the SAME message comes from a comcast machine here in the US. Tomorrow from a DSL modem in Denmark. You can't stop that, and they can't know what mail is bouncing nor do they care.

Fact 72% of the traffic logged on our servers IS BAD TRAFFIC!!. Either machines looking for an open relay, trying to send to generic addresses that don't exist, or bouncing because they have been blackholed. now with a number like that do you really believe that when they get a bad address they just go away?

Think about it like this only 28% of the use of the server and the connection to the network is paid for. The rest is stolen. Not a good turn around of profit=resources.

I do believe whitelisting is the way to go!

This just doesn't work on a business level. Say Joe Blow goes to your web site and wants to use your company. He sends you an email and he's not on the white list and his mail bounces. Most likely he will go somewhere else to do his business and you lost a sale.

The only cure is stiff harsh and cruel punishment of these assholes. They are theives no matter how you look at it, and they steal out of MY pocket daily.

Re:whitelists DON'T rock

[essreenim]

Thanks, your's was the only reply worth reading!

A translation

By the way cops = Gardai in America.

Once again, an American makes the mistake of thinking that he speaks standard English and assumes that the Internet should be translated into American English.

Re:A translation

Eh, I posted it and I'm Irish.

Re:A translation

[Magickcat]

Join the club.

"Cops" is American slang for police, but the Garda is not an literally equivalent term for either. If you're Irish, you should know and value the difference, unless perhaps your family were hiding under their beds whilst other people freed your country for you.

The Garda Siochana are deliberately distinct from police as the previous Irish police slaughtered and oppressed the Irish people.

My grandmother for instance recalled as a girl, the former "Irish police" executing people in the streets in front of their families.

The new organisation was named differently than mere "cops" and "police" to make the point that they were distinct from the group that had so zealously and cruelly subjugated, tortured and murdered the Irish people.

Guarda does not = police.

Ireland?

[sugarcakes]

Does anyone else think it a bit strange that an Irishman would consider calling someone in his own country "African-AMERICAN?"

Re:Did I miss out on Ireland becoming the 51st sta

[nlindstrom]

Duh. That would be African-Irish. ;^)

Is it legal to tap someone's internet traffic...

[thrill12]

... while in an internet cafe? I mean, in theory it's not much different from a hotel providing a phone service to a customer, whilst sneakingly listening in.
Don't get me wrong here, spammers are bad and should be caught, but it doesn't do any good when the spammer is let go in a day because of lack of undisputed evidence. My eavesdropping on a communications channel doesn't really do much good there.
I understand that when the communication actually goes to your own server there is nothing wrong (practically, in many countries it is ok to record a conversation as long as you are the one having it), but I feel that intercepting his yahoo or mail.com passwords is a little on the gray side of the law...
Please correct me, I want to be wrong here.

Re:Cybercafes bveing blacklisted by anti-spam site

[Skapare]

Does anyone else find having entire Cybercafes blacklisted by anti-spam filters a bit worrying?

I find that having to accept mass quantities of spam from cybercafes more than a bit worrying.

So you figured out that the blocking is based on the IP address. Of course it is. If you make direct SMTP connections, it's going to be blocked from zillions (well, realistically, a few myriads ... that's tens of thousands) of networks around the world. If you submit your mail via web pages on some free mail sites, such as Hotmail, you can still end up getting blocked by some of those networks because they scan the headers and look for the HTTP client IP address that the sites add on. Most don't go this far, but many definitely do that (I don't for free mail sites that are working to fight spam being submitted through their service).

E-mails sent from Hotmail accounts are immune to spam-filters, but not from Freeserve accounts.

That's not entirely true, but since Hotmail does make a big effort to stop submitted spam abuse, very few networks are checking its headers for blacklisted IPs. Hotmail is therefore more usable. Perhaps Freeserve isn't doing as well as Hotmail. I don't scan either of them for blacklisted client IPs at this point.

Do all spam-rejecting filters give out an automated rejection-reply? If not, then I won't know that my e-mail has been rejected by an anti-spam filter, and I won't try to mail it again from my Hotmail account or another place with Internet access.

Some do, some don't, and some have limitations. Because of the fact that spammers are using forged sender/from address in their mail so much, it has become necessary to avoid bounce back messages. Many networks (including mine) do block networks that bounce spam to forged addresses (they are just as much a part of the problem as open relays, open proxies, and infected always-on home machines). Some networks solve the problem by ensuring that all spam checking is doing during the SMTP session so it can be rejected by a 5XX response code, instead of sending back (to the forged address) a bounce message (this is the strategy I use). Some others who can't make that happen in all cases (because of their unfortunate choice of mail server software) might change things so the bounces are simply not sent (these are the cases where you won't know to retry an other way). This is one of the advantages of block-by-IP (which I do) as opposed to block-by-content (which I do not do) ... it happens at SMTP session time, and you get a rejection (which if you connected directly should result in your mail program leaving you a failure notice of some kind).

Be aware of this crucial point. My objective (and that for many network operators) is more about reducing the spam attempt workload for my network and servers, rather than reducing the exposure of the messages to human eyes and the excessive wear and tear on the "D" or "Delete" keys. Blocking the sources of spam does not eliminate the costs ... it only reduces it to about 1/4 of what it otherwise would be. But I still see an average of 2 to 3 SMTP connection attempts that turn out to be blocked as probable spam ... per second. Sometimes the peaks go over 100 (and the mail server bogs down briefly when that happens). What that means is I can't really cut the costs any further without also breaking the ability to override that blocking for specifically whitelisted email addresses (e.g. if I block at the packet level, I won't establish the SMTP connection at all, and won't know what the sender/from email address is to use that to check the whitelist database). So that means spam fighting has to go to the next level to further get it reduced, and that means doing stuff like blocking whole cafes, and large chunks or entire ISPs, to "encourage" them to do something to stop

Tut Tut

He should have taken some advice from ramzi

Re:Did I miss out on Ireland becoming the 51st sta

spook
nig-nog
chocolate soldier
coloured cousin
spade
oh, I could go on forever...

Re:Just so I'm clear, here...

[Smurf]

did your staff notice him coming in and leaving at the time the logs said, or was he just the most suspicious person there during that time?

The part of the story you missed is this (after the mail headers that matched the sysadmin's logs):

I asked around, and a man, described as being black (or is the word African-American these days?), roughly 30, with an accent which seemed half London and half African had been in the cafe with a laptop and had a number of visitors call into his booth and had been there at the given time.

So yes: the staff noticed him at that time. And yes: he was the most suspicious person at that time (ignoring the idiotic racial commentary), because he reserved a "somewhat secluded booth" (this can be implied since he wanted that specific booth the second time) and received what appears to be an unusual number of visitors calls.

Re:Did I miss out on Ireland becoming the 51st sta

[jcuervo]

I look forward to the day when we have to start saying "Black African-American", and then just shortening it to "black"... Ah, the lifecycle of a politically correct term.

Worth a beer?

[anticypher]

I'll be back in Dublin soon, time to drop in to buy Steffen a beer. Or seven. ;-)

the AC

Re:Did I miss out on Ireland becoming the 51st sta

[QueenOfSwords]

Hang on, Australia's AT LEAST the 53rd state. Possibly the 52nd.

Re:Did I miss out on Ireland becoming the 51st sta

[fdiskne1]

Ok, how about we just call him a man. Is that alright with everyone?

Except that he's a spammer/scammer. That doesn't qualify as a man. I vote for "scum".

All my spam is funneled into 2 files.

[iamcf13]

No kidding.

I use CF13 (see sig), a program I wrote to handle my spam problems once and for all.

The only 'false-positives' I got were from reputable senders that got subsequently whitelisted--problem solved.

In a perfect world...

[Spittles]

In a perfect world, Spammers would be aprehended and put in a prison cell with men who have had a penis enlargement, taken viagra, and are looking for a fresh new relationship...

Re:Did I miss out on Ireland becoming the 51st sta

[menscher]

I'd wager there are more than a few college scholarships naively defined as being for African Americans, when they really mean blacks.

I went to a private high school, where they had one of those silly racist scholarships. Amusingly, it was given to a white kid who had grown up in S. Africa.

No I hope they don't

[jotaeleemeese]

"I hope more libraries, internet cafes, and wifi hotspots will monitor their traffic occasionally"

I do not wish the same. Monitoring should be only performed when. like in this case, there are reasons to suspect criminal activity, and this shuld be backed up by a publicly available policy warning you that you do not have any expectation of privacy.

Casual monitoring of private sessions "just in case" or for the fun of it should be discouraged unless we want to become East Germany pre Berlin Wall fall.

419: Getting caught in UK = Jail Term!

[glawrie]

A news story being carried by Yahoo! reports that a Nigerian 419 scammer (arrested in Ireland it seems) has been tried and found guilty by a court in the UK (Wales) and sentenced to 20 months.

Re:Is it legal to tap someone's internet traffic..

[SuiteSisterMary]

Well, if you have to sign some forms for a membership, stating that you won't be using the service to do anything illegal, and that you accept the fact that your activities might be logged and monitored....

Re:Privacy Rights? None

[SuiteSisterMary]

Internet servers are like highways; you're not going to automatically get your car searched just for travelling, but if you're speeding, or driving erratically, well, you're getting pulled over.

Re:Is it legal to tap someone's internet traffic..

[thrill12]

Heck, I can sign an agreement that I am willing to be put on stand in the middle of a square and get tomatoes thrown at my head. That doesn't make it "legal" by law. Last I heard, the law overrules a contract when it clearly 'goes the other way' (not talking about the casual leapholes..). Sorry, I need a different answer :)

Re:Is it legal to tap someone's internet traffic..

[SuiteSisterMary]

You're right; you can't sign away legal rights.

You don't currently have a legal right to use somebody else's network to perform illegal acts. Therefore, as long as I let you know you might be monitored, I'm fine.

Hence the 'this call may be monitored for quality assurance' messages on phone queues, and 'Wal-Mart uses CCT and video recorders to help cut down on shoplifters, have a nice day' in, well, Wal-Mart, and 'Internet activity may be monitiored to help ensure quality of service blah blah blah' in Internet cafes.

Re:Privacy Rights? None

[danila]

Or, as American experience proves, if you are black.

Re:Did I miss out on Ireland becoming the 51st sta

In parts of the UK it's common to call Black people "Afro-Caribbean", whether they're from Africa or the Caribbean (but definitely only when they're Black).

I just call 'em "folks".