Slashdot Mirror
How To Catch A Scammer/Spammer
Joe 90 writes "An interesting story got posted on the Irish Linux Users group. It involves the arrest of a scammer/spammer working in an internet cafe. It even includes the attempt to eat a usb pen drive, several cops and a 10 minute struggle to subdue the man. Story is available on the Linux.ie mailing list
By the way Gardai = the cops in Ireland."
Comment removed based on user account deletion
Someone prominent in the U.S referred to Nelson Mandela as an African-American. I can't remember who but it brings a smile to my face whenever I hear it.
:-)
I was poking fun at them
[Fuck Beta]
o0t!
- Microwaving
- Immersing in boiling water
- Freezing in a block of ice
- Sundry physical impacts
Digestion wasn't on the list, but I have no doubt that patience, a rubber glove and a dunk in disinfectant would be all that stands between ingestion, data recovery and prosecution.UNIX? They're not even circumcised! Savages!
Then, he spent a bit of time on http://www.emailspidereasy.com. Don't you just love the fake google-textads?
Yup, love is the word. I also love these links on the same page:
Credit cards - links to credit card resources
Cheap loans - compare and get a cheap loan
Compare mortgage quotes - cheap mortgages online
Work from home - make money with working from home
Seems this is the only site spammers need to visit; they have links to spamming resources as well! Very convenient ...
I hear there's rumors on the Slashdots
and they are investigating.
They are a co-lo facility, barebones, FYI.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Eh how about you read the mail.
Our cafe was *BLACKLISTED* by spamcop. I checked the logs. I found his MAC address and when he came in with his laptop. I asked the staff. They described him. He came back and I caught him red handed.
I do my transperant proxying using iptables.
Just forward outgoing traffic on port 25 to local:25.
You need to do some sanity checking afterwards, to make sure you haven't ended up as an open relay. Other than that, it works fine for me.
Hmmm, well let's think for a moment:
a) The internet cafe is more or less a public place, as well as a private establishment. If they don't have a sign indicating monitoring, at least they wouldn't have anything indicating that you do have 100% privacy
b) No "privacy" was violated until the issue with SPAM was discovered. At this time, massive SMTP requests were tracked to a particular machine/NIC using the MAC address.
c) MAC generally being a fairly unique identifier (not many people MAC-spoof), there was a fair bit of surety that the monitoring action was being taken against the same scummy spamming individual, used to acquisition evidence against his activity which while if perhaps not illegal, would almost indefinately violate the usage agreement for the cafe.
d) You don't really really even have that many privacy "rights" with your ISP. They log activity for these very reasons (spammers, kiddy-fiddlers, other illegal activitiy). If you were tagged as a spammer (with a non-spam friendly ISP) or a kiddy-pr0nography, you would no doubt come under scutiny with them as well.
The cafe operator ought to know better:
If you operate a public Internet access point (school, library, cafe, city park, etc.) please block egress port 25 traffic! Your patrons do not need to pretend to be an e-mail server. To allow such traffic to come from your network is to invite spammers, scammers, and so on to operate freely with your resources. Anyone needing legitimate e-mail access can use webmail or pester their ISP or business to use SMTP+AUTH+SSL/TLS for initial mail submission (on a port other than 25, of course).
Configuring a SMTP server to handle this in not difficult for a reasonably skilled sys admin, so no excuses!
The phrase my nipples explode with delight is from a Monty Python sketch. I thought the full works of Monty Python were a required part of the Slashdot cannon.
My hovercraft is full of eels!
I must disagree to an extent. "Digging up evidence on criminals" is not vigilantism.
A vigilante (taken from Dictionary.com) is one who takes or advocates the taking of law enforcement into one's own hands.
This fellow saw a crime being committed, went through the trouble of doing some investigating and called the cops with the results of his digging. IMHO this is exactly the behavior everyone should be engaged in from time to time.
-John
I may disagree with what you have to say, but I shall defend, to the death, your right to say it. jya.com/ap.htm
The Gardai as they are referred to are actually called, in Gaelic "Garda Siochana na hEireann", which translates to "Guardians of Peace in Ireland" . They are the cops in the Republic of Ireland. They even go on peacekeeping missions abroad.
I hate sigs.
I have bought a domain (let's say johndoe.org) from a very cheap url forwarding company (at a rate of something like $15/year). It comes with unlimited e-mail forwarding aliases, and a "catch-everything" alias (let's say notexisting@johndoe.org), that forwards any e-mail send to non-existing alias to the default e-mail address that I have defined.
:P
:)
The default e-mail address (let's say secret@johndoe.org) is an alias that forwards everything to my real mailbox (let's say johndoe@aol.com). Of course, my real mailbox address, my catch-all address and the "default" address are not given to ANYBODY.
For my communication needs, or whenever asked, I just makeup a e-mail address (jonamazon@johndoe.org for amazon so that I will remember easily what address I use on the site). Since the alias is not setup in the mailserver, when amazon tries to contact me, the e-mail will follow the following alias path:
1) jonamazon
2) notexisting
3) secret (default)
4) real mailbox
When I see an spam message (once in two weeks!!!), I just divert the alias to point to an abuse address of a random spamhaus. The good thing, is that since I use random but descriptive addresses, I can see what websites actually harvest e-mails and sell them to spammers!!!
It is interesting to note that at some point I received e-mail that were addressed at some ridiculus random aliases (e.g. jesus@, happykitty@ etc) of my domain (clearly not used by me). Just an indication of the use of wordlists (of course every such alias got blocked).
I have not yet reached the levels of paranoia of giving seperate e-mail addresses to any of my friends of course
Anyway, it is not as complicated as it looks, and of course way less complicated than using bayesian filters and the like. And believe me, it works