Slashdot Mirror
Lycos Declares War on Spam Servers
Psychotext writes "The Register have posted a story about a new screensaver from Lycos that targets known spam servers (taken from spamcop and verified by hand) with traffic in order to raise their bandwidth costs and hopefully price them out of the game. Lycos state that this is not a DDOS as Lycos monitors the site's responsiveness and throttles back when the site starts to falter. The screensaver is available here for Mac OSX, Mac OS9 and Windows, though you might need to lie about what country you are from." Reader JohnGrahamCumming writes "As part of preparing for the MIT Spam Conference I've put together a survey on what people are experiencing out there with spam, what they are doing about and followed it up with a test of different views of an inbox filled with spam and ham. You can take the test and be part of the survey results in January."
GREAT IDEA!
--
Power to the Peaceful
...too bad this also wastes bandwidth across the net.
I'm sure Lycos will love it when the spammer updates their DNS to point to Lycos.
Seems like they're just sinking down to the level of the spammers in order to try and fight them. As much as I hate spam, I cannot get behind this kind of activity. They're just adding more useless traffic, in the name of justice. Sorry, nice idea in theory, but I sincerely hope it never takes off.
I like how they state, even though that this screensaver overwhelms the server with requests, and can from many different sources, IT IS NOT A DDOS!
Actually, it's a great idea, now only if a cool Open source dev would make an open version of this and take away that whole throttling thing.. who would they sue?
It would be the gnutella of ddos's!
Excuse me, I don't mean to impose, but I am the ocean
This will never survive the legal challenges it will face. At least some of these companies can claim to be "legitimate" businesses. Of course if they just produce the list of addresses we can surely work out something involving wget for ourselves.
Humor from a Genetically Molested Mind
With all the blackhole lists, private IP filters and now screensaver-based DDOS, large parts of the IPv4 address space are becoming wastelands that won't be inhabitable even after spammers are driven out. Heck, a friend of mine just heard that a few class A blocks were just assigned to APNIC and immediately firewalled them off. There's got to be a better solution!
We all know: This is NOT spam!!
;)
Now we got: This is NOT a DDOS!!
Oh well, we gotta try a few things to try and bring the spam down
Any technology distinguishable from magic, is insufficiently advanced.
This doesn't seem like a very constructive solution. Hiking up bandwidth costs of spammers will certainly not solve any portion of the problem, as we've seen how much these people rake in. Not to mention the questionable ethics in a process like this. Lycos would be better off trying to work with other companies to try and somehow blacklist or filter all this garbage traffic instead of adding to it. As it stands, this is just some pathetic pissing match. Nice going, Lycos.
Try actually thinking for yourself. It's quite refreshing.
Why would a company do this? It only makes them a target for lawsuits. This is DDOS plain and simple and even blacklists catch innocent sites once in a while.
"Lycos state that this is not a DDOS"
"though you might need to lie about what country you are from."
While I'm all for taking down the illegal scammers, making this a battle of dirty tactics doens't really seem to have an upside. Seems like it is too easy to backfire as spammers have already showing lack of morals in pairing with virus and trojan writers. This is like two armies of zombies fighting each other as the master's watch from afar. I think I have seen this on a TV show one. The side of evil believes the conflict makes is stronger while the side of light also manipulates the lessers. How will this all end? "In fire!"
Cave, wreck, and deep diver.
Even though it's not DDoS, it's an attack on people's sites, which is probably illegal. The spammers could sue them. I mean, DDoSing SCO must have seemed like a good idea too, at least to the people who did it, but it was illegal!
That posts those stupid "automated responses" to spam solutions?
I expect him to come around here...
I hate that guy.
they can call it "NOT a DDOS" all they want, but it doesn't really change the facts. Technically speaking, they are right, because they are not trying to cause a Denial of Service, but I think that really in spirit it's not much different enough. While I certainly have no sympathy for spammers, I know that this is certainly not something that I'm going to be installing, as someone living in the US, because it seems to me that it's certainly possible for someone to win a lawsuit against the company or the people running this software.
Famous Last Words: "hmm...wikipedia says it's edible"
Bad idea, Lycos - nobody (no human, anyhow) likes spam - but the rest of us have so far refrained from crap flooding the net to stop it.
-- Cheers,
-- RLJ
Lycos is wrong on this one. Part of the problem with SPAM is that despite the appearance of email being free, there are hidden costs (Kind of like environmental impact costs). In the case of SPAM the costs are bourne by the ISP / bandwidth providers and the recipients time, energy, and money. Lycos makes the problem worse for the ISP.
Hell, if I were a SPAMMER, why not add some third party advertisements to my SPAM page. Perhaps each hit from these screensavers would generate revenue for me!
I'm also having trouble seeing how they claim this is not a DDOS attempts. Obviously by increasing the number of screensavers in use, the load increases on the target sites. Perhaps a new concept--the DDOP--distributed denial of performance? Keep flooding until ping time of site is > 30 seconds. Still sounds illegal to me.
This is a straight carbon-copy of a system that a Swedish ISP launched a couple of months ago.
The campaign goes under the name "Make Love Not Spam", and you can find it here.
When in doubt, act determined. Business 101
What is to stop the spammers from doing a reverse DDOS on you? They would have your IP address, and would enjoy wasting your bandwidth too. My guess is they have a lot more bandwidth than most of us do. They aren't exactly people I want to mess with. If nobody buys their stuff, they would go away. Unfortunately that's the only solution I see to 'fix' the problem.
I'm probably being stupid, but if Lycos already knows who the bad hosts are, why is it necessary to (not) DDOS them, instead of just blocking mail from those hosts?
... but ... hmm ... I'm not so sure that's a good idea ..."
It seems to me that any problem with blacklisting certain hosts would translate to a similar problem with the (not) DDOS approach (for instance, spammers changing hosts or compromising more machines).
Not to mention, this creates yet more traffic for the internet to handle. I'm sure it's up to the task, but it seems like there's no need to create new traffic and work when less traffic and work is one of the goals of the project.
Besides, this is sort of a murky, ethically gray area for a corporation. My initial thought was "neat!" immediately followed by, "well
... turning to the 3-D map, we see an unmistakable con
I used to love it when a browser hyjack used to occur on my customers machines and the default webpage was ALWAYS LYCOS!!!!
Isn't this the same as the "Artists against 419" site is doing?
The real "Libtards" are the Libertarians!
This is likely responding to a crime wave by using artillery or carpet bombing on the city. The innocents get hurt, and the spammers just find another ISP to use.
I don't want my IP in the hands of someone with the morale of a spammer [server logs].
Let alone any "carefully picked host", certainly not at times I'm not there to observe what happends with my machine[screensaver].
Nah-uh.
I think we can keep recursing like this until someone returns 1
Note also that this is for Europe only. While there is nothing from stopping you from downloading and running this program outside the US, it is technically for europe only.
Even if you check the site, it explains how site it "targets" are slowing response times.
Is this shady, yes.
Question? If you are being harmed by something and want it to stop and there is no other recourse but to take the matter into your own hands, is that wrong?
Answer: It's up for debate.
If someone was on a daily basis causing me to sift through hundreds of emails, losing important messages, having the spam filter delete it accidentally, or having to wait for everything to update in order to assure that I have all my mail, then yeah this is justified.
They care not about your resources, time, or anoyance levels, why the hell should you?
Vigilante justice is not pretty, but it does get the job done.
Ignore the "p2p is theft" trolls, they're just uninformed
This is a stupid idea and will only serve to irritate the rest of the Internet. As much as they'd like to think it's not a DDos, it most certainly is, and they're just sinking to the spammer's own level.
I hope Lycos rethinks their plans, or I fear the retributions will be far more damaging. Any net user who downloads this software is going to leave themselves open to prosecution.
Oooohh, this is such a bad idea on so many fronts.
1) They're going to get sued. Not just sued, sued a whole lot. Asses in a sling kinda sued. Spammers that are making good money have the budget to sue, and really Lycos is completely in the wrong here. Morally, sure spam sucks. But you can't do it this way.
2) It's against so many different TOS's that isn't even funny. With very very very few execptions, users can't legally run it (check your provider's TOS). They're opening every user up for:
a) federal charges.
b) lost ISP connection.
c) Lawsuit for damages from the spammers.
3) So you flood a facility with an OC3. Now not only have to screwed up one guy's day, you've screwed up everyone's day at that facility. Or worse, the screen savers send such a load to knock down a server, that they inadvertantly overload a few major peerings instead.
How about this for a proof of the point. I have a GigE connection in 3 different cities. My provider has multiple OC192's heading all over the place.
I rig up something that can handle a 1Gb/s through it, that can take the abuse, and still appear to be functional. Come on, think creatively, it's not that hard to do. I can serve 1Gb/s of web traffic with 6 machines. Actually, I do with 15 machines, at a very low percentage of their capability. So no matter what they throw at me, they can't take the servers or my line down.
Or worse yet, they attack me, so I flood them back with 3Gb/s. I'd bet I can swamp lycos.com. Sure, they'll bitch. They'll moan. They'll threaten lawsuits, but I returned exactly what they were doing. More than likely they'll lose in court.
Isn't there a rule for iptables to redirect traffic coming into one IP, into another one? a one-liner, if I remember right.
Lycos DDoS's me. I set up machines to redirect the abusive traffic to say whitehouse.gov, ftc.gov, or lycos.com. Ah, lets play nice here, lets redirect the traffic to google.com, and watch the lawsuits really fly. So Lycos makes a valiant attempt to knock Google offline. That'll go over really well in court.
Or, as one comment in here already said, if they do it by DNS names, just change the DNS record.
bad.spammer.com. IN CNAME lycos.com.
or
bad.spammer.com. IN A 209.202.248.202
bad.spammer.com. IN A 209.202.216.27
(That's what Lycos resolves as for me)
or just negate it entirely.
bad.spammer.com. IN A 127.0.0.1
or have a little fun.
bad.spammer.com. IN A 255.255.255.255
And [insert deity here] forbid, someone compromises the machine which controls this action. If I were an evil hacker (hush you people in the crowd), that'd be a great play toy. Wanna knock off some competition, just point Lycos to them, and turn off their ability to throttle.
I'd be *REALLY* pissed if I was hosting one, or there was a compromised box somewhere off in a corner that I didn't know about, and they decided to knock one of my networks offline.
Most spammers move around so frequently, attacking a particular hostname or provider really doesn't freakin' matter. They change the domain the links go to, and start sending again. The usable age of a spam is only 3 days. Spammers consider if it hasn't been read in 3 days, it's not going to be read.
I wish them luck, and hope they have a big enough budget to keep their executives who came up with this brilliant scheme out of federal prison. I sure as hell hope they don't accidently point at me for being a target, 'cause sure as hell they won't be on line long.
Actually, with an announcement like this, they've opened themselves up for being the blame of almost any DDoS attack.
Serious? Seriousness is well above my pay grade.
Hey I ran it for about 2 minutes, had my fun and threw it in the trash. While a quick zap it to ya spammer might be fun, fact is this will do very little.
I mean, most hard core spammers are using malware to get clueless users to spam for them and the rest are being hosted by companies who are either offshore or just don't care about what their users do with their bandwidth.
For me, a locked down sendmail server+procmail loaded with SpamAssasin+Razor and to top it off, a Bayesian enabled POP3 Clients all come together to eliminate approx 99% of my spam, so I only see a few per week.
That to me is what the world needs -- every sendmail server not allowed to relay, inboxes protected and every email client using filters.
Then and only then will the spammers be truly hurt -- when clueless idjits don't get those emails in the first place and thus, can't click those f*cking links.
Considering AOL, Earthling and other ISP's are starting to put all this in, that day may soon be at hand.
Have you noticed how makelovenotspam opens in a new window even in tabbed browsers then loads in the page hidden behind the new window "Our offers" from Lycos.
:\
Perhaps we should DDoS the goits for pushing adverts to people without their consent in an underhand fashion? Oh, no, if WE tried that they would airdrpo a million lawyers on us in a heartbeat
Beep beep.
Downloaded from the U.S and mine's working fine; just selected UK as the country and it installed ok.
Oh btw, remind me again how I'm supposed to know if there's some Lycos spyware embedded in it? Just curious.
There have to be better ways to clog up a spammers smtp server directly. An example I can think of is teergrube and uses up the offending servers available TCP/IP ports for sending out email. The disadvantage is that it is a server side solution only and must be implimented by your mail host. It also requires a number of mail servers, running as teergube mail hosts to have an effect on a spammers smtp server. However, if you run your own mail server here is a good site for getting exim, and spamassasin configured and running and from there setting up teergrubing.
"When Nature Calls We All Shall Drown" Johan Edlund
Way to multiply the bandwidth waste.
Repeal the DMCA!
I don't know why I sat through that. Volunteer surveys shouldn't take that long without warning the volunteer ahead of time. Plus he didn't bother to list my particular spam solution (greylisting) as a category, so I had to kinda fudge it.
Someone had to do it.
90% of the spam I get is coming from zombies attached to cable or DSL. The only this will do is make network access slower for the owner of said compromised computer, and it's probably already slow as hell because of all the spyware and trojans on it. It's just going to raise costs for the rest of us on cable that aren't unwillingly sending spam.
Additionally, what about the mom and pop ISP with 2 T-1's and a bunch of DSL customers? All you are going to do is saturate their lines, doing almost nothing to harm the spammer. I suppose it will force smaller ISP's to implement a deny outgoing port 25 rule, which they should all do anyway. My ISP does this, however, I can call them and tell them I run my own mailserver, and they open it for me. It's the people that are clueless that they worry about.
Need Free Juniper/NetScreen Support? JuniperForum
Here is my plan:
1. Announce that anyone who sends a spam or releases a new virus will be hunted down and killed by the US Navy Seals or Army Special Forces.
2. Follow through
Think about it; if there is a very real possibility that you will die if you spam or release viruses - maybe you won't.
If someone still ignores this and continues to be a bad Internet "citizen" they obviously they are deranged and should be considered a threat to others. Killing them is a mercy at that point.
Humor from a Genetically Molested Mind
This is my first troll. Yet I must do it.
I'll do almost anything to stop spammers.
I don't care if I am reducing myself to their levels.
They did not care, neither shall I. They have gone too far. Expect no mercy.
Fight!
Adolfo
http://shit.slashdot.org/article.pl?sid=04/11/26/2 129238
How about declaring war on unethical corporate behavior?
silly lycos... Spammers aren't that dumb. Soon they will see firewalls redirecting packets to their own servers... well, at least spammers will do something..
That's like saying it wasn't assault because you were careful not to hit me that hard.
Doug Smith. He lives in the southside. No seriously, can you verify that you wouldn't be some tool of a vendetta? how can you verify these kind of claims?
Lycos is still around?!
Now the virus writers can check for the existance of the lycos screensaver and modify the site to be whacked. And the folks who run them won't deinstall because they put it in in the first place and trust Lycos to give them the correct information. A little hosts mod and I can provide world wide sites to be pseudo-DDOSed. And with a tiny nudge from the other minions, the site will go down.
Brilliant!
[John]
Shit better not happen!
So, they've written an app whose purpose is to perform a DDOS...How long before a trojan or a virus takes control of this app and make it go after someone else?
If the app is trusted by your local firewall, getting a connection out to wherever you want it to go wont be an issue...
Lycos is notorious for distributing a spyware program called SideSearch.
Knowledge is power. Knowledge shared is power multiplied.
I declare war on the war against spam!
Heh I just typed in lycos.com's ip in the 'report a spam url' box. Anyhow--if they do so many checks, couldn't the spammers do a little hacking code so that the webserver, ping, or whatever else has a long delay (high latency) even without being DDoSed? Then they Lycosites would stop hurling packets out yonder, while they happily send their spam. The system is obviously morally wrong and technically flawed.
Well, to be perfectly honest, people trying to blacklist specific dynamic IPs (or even small ranges of them) are just showing their ignorance of how the net works.
Part of verifying IPs as spam sites should include the obvious; checking to make sure it's not an IP in some ISP's dynamic IP pool.
This type of checking is already implemented by some ISPs when deciding if email should be accepted or not by their mail server. (My boss set up a small mail server on his Charter cable connection, for example. Charter, instead of issuing him a true static IP, decided to give him a "fixed dynamic IP". Basically, they just punched his network card's MAC address into their DHCP server and told it to always issue him the same IP out of their dynamic pool.) This causes his mail server to be unable to handle emails destined for AOL, because they know his IP is in a dynamic range for Charter.
Sometimes, I've seen my own dynamic IP come up as blacklisted on services, but a closer inspection typically shows they just blacklisted the whole ISP, or at least their whole pool of dynamic addresses. These types of bans are usually temporary measures put in place because they're having problems coming from somebody on that ISP and they can't afford to wait around until that ISP co-operates with them to track down the individual doing it.
Kungsgatan 6
Stockholm, 111 43
SE
[Administrative contact] Brockman, Didde
Starring Ltd AB
Kungsgatan 6
111 43 Stockholm
SE
Email: technical@starring.se
Phone: +46 8 6144600
Fax: +46 8 6144610
The sites use Lycos logos, but it's not at all clear that Lycos has anything to do with this. While these sites link to Lycos, there's no obvious link to it from the Lycos main page.
We can't get rid of spam by fighting it... it is impossible to eliminate the bad things in this world.
So here is my idea... Instead of wasting all this time working against the current, why not embrace it and help persuade it to move where we want?
Microsoft has Outlook, MSN, and Hotmail. They could lead such an approach. They can setup their clients to only accept mails that have these 2 headers
x-advertisement
x-advertisement-unsolicited
They have direct access to the tons of Hotmail accounts. So they meet with the top spammers and setup a deal. Microsoft can create some kind of legit E-Mail ad service, and give the spamboys some special plan. They use all their wacky legal deals to set it up so that if people lie using the 2 new headers, they have some way of bringing them to court. And if those things don't work, they simply create a spam service so cheap, with such great features, (like not having broken/crypted english), that they put the spammers out of business.
Their clients should by default accept all E-Mail, even spam... that way the spammers still get their idiot clicks that bring in all their profit. The smarter people, who would never click a spam link anyways, will setup a rule to auto-delete all x-advertisement emails.
Just have security support advertise the blocks with community 701:9999, and poof! They are gone from a big chunk of the Internet :P
http://www.secsup.org/CustomerBlackHole/
So they're creating a service designed to cost spammers money. It seems to me that computer crime generally gets classified as using computer resources in a way not intended by the provider and in a way that costs the provider money. Lycos isn't just opening themselves up to lawsuits, they're inviting criminal prosecution. Anyone using the client would be subject to the same kind of risk.
Comment removed based on user account deletion
As they described the intent: Raising (their) Price Of Service - RPOS Or is it another r command?
Sue file sharing my ass, bitch. Modify this sucka to hurl an endless stream of billions of big frames at the RIAA.
Well, I'd obviously have to verify before going ahead with it. I certainly wouldn't attack an innocent. I should have stated:
pre-a.) verify veracity of accusations.
I'd surveil said alleged spammer for some time first to make sure I knew who I was dealing with.
I would download it but i have dail-up, i scared it will eat up my (already small) Bandwidth.
Insert Pithy Quote here.
I have been notice an ungodly amount of traffic going to our network.
We found out that a customer of ours was running a forum that passed around lists. Since I am also the Abuse admin, I was Never notified about this problem.
Not only this caused our upstreams to die out, it caused the clients in which DO not spam to get caught in the cross fire.
Geez, thanks alot Lycos....
Actually filling this one in was harder than I thought it would be. I guess because I'm too lazy to think up new catagories that consicely summarise the objections we've seen. Nevertheless...
Your post advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it [well, we'll find out if this is illegal once Ralsky et al. sue]
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam [providing Ralsky et al. with enough funds to make the court case long and bloody]
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Inethicality of slowing the entire Internet down, when a handful of spammers are responsible for 99% of our spam
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Having been on the wrong end of a spam cop report several times, I feel for the innocents who are about to start having their mail blocked AND get bombarded with extra traffic. Just how many lawsuits will ensue?
Will anyone win but the laywers?
paul reinheimer
Everyone pays for the bandwidth of the Internet, not just spammers to their ISPs. Why are you paying for waste bandwidth on the Net from Lycos, which won't kill spammers, but mutate them to some more resistant form? How about just distributing free address book email/messaging software, as open source, that lets us filter out message from people we don't know, who aren't introduced by someone within our "web of trust"? This kind of stupid shit is why Lycos is a loser, an also-ran from the popped bubble with more money than sense.
--
make install -not war
I like the idea because its grounded in destroying the economics that make spam profitable. Why not make it hurt more:
For example take a piece of spam advertising a site which provides no contact information and which replys on form submsissions to promote a product. Take random (but meaningful) data, such as fortune strings, delimited to smallish lengths for each field, and wget form submissions every few hours | minutes | seconds. Any legitimate inquiries are lost in (likly literally) an unceasing email bomb sponsored by lycos.The destinction here, is that rather then costing them more you are litterally losing them the tiny fraction of respondents which make spam profitable, this renders the model unprofitable and makes any attempt to offset the cost ineffective.
I take great satisfaction in ensuring that a spammers time is wasted to a greater degree then my own. Given the products that are often peddaled via spam a quick forward can often ensure this, for instance forwards to enforcement@sec.gov have resulted in six lawsuits (and counting) this month alone. There is a great forward for almost any ware, but medication, promotional stock tips, and cheap (generally pirated or edu version) software are some of the most fun - despite my dislike of Microsoft and the Government I relish the thought of their respective legal teams gunning down a newbie floridian who mistakenly purchased my address.
How do I keep track of people who are fingering
Can't they just press delete?
Second that. Producing more crap to fight crap leaves only losers.
Knowing how sneaky spam operations work (zombie networks etc.), I think that filtering/counter measures will never truly solve the spam problem, and that an effective solution will be economics-based.
One reason for the huge amounts of spam is that each single message has on average very little value for the recipient, and IMHO a good approach would be to increase that value. In a way: help spammers to reach an interested audience in a more targeted, specific way. So that not 1 in a million, but eg. 1 of every 50 mails sent produce a paying customer. Less effort for the spammer, less traffic, less annoyance, basically a win-win for everyone.
For that, you would need a way for recipients to 'advertise' what they're interested in: how many messages they want to receive, product types, type of organisations they'd like to hear from etc. Maybe in a system similar to publishing a PGP key or the "Geek Code". If a recipient has a way of indicating that (s)he is interested in viagra pills, then a spammer/advertiser can focus on that group, instead of spamming a huge amount of random people. Something that lets you tell 'the world' what you consider useful (or not) to find in your inbox, so that spammers/advertisers don't need to bother millions of uninterested folks to find a dozen customers. This would also put the burden of finding customers (selecting a target audience) on the spammer, instead of on the recipient (spam filtering). Ofcourse you could devise such a system in 1001 ways (preferably highly automated). Food for ongoing research...
This is a capital idea. And you say they're going to sue? I can see the filings now--our Chinese/Korean/Russian server, which had been happily serving up ads for \/!@g!-a, m-o-r-t-g-@-g-e-s, and pr3scr!pt!0n drugs, was taken down by these filthy thugs. We demand justice!
I too have felt the cold finger of injustice.
What if this makes it more acceptable for companies to host spammers?
funny how everyone here is up in arms about this idea, but then giggles like a schoolgirl and jumps for joy whenever a real/useful/interesting site gets slashdotted.
why doesn't slashdot just point some traffic to the spammers... clearly it (/.) pulls some weight on this interweb thingy.
And I hate spam just as much as the next guy/gal. Maybe even more for I get more than 1000 emails per week.
It would seem Lycos would have us believe that this DDOS tactic is OK, mostly based on the fact that we all hate spammers? I do not believe this hatred alone makes it all OK.
For one, this is not a victimless crime. Bandwidth costs money and well ALL pay for bandwidth, clear accross the globe. Normally the money goes up the chain and gets spread around nicely. But now they would have sympathyzers arbitrarily add to the collective bandwidth requirements in order to subtract available bandwidth from specific users of the internet.
Just to take it a bit further, but in a different direction, maybe we all hate google (ya right), and yahoo is kind enough to give us a tool to increase the operating costs of google. You might argue that we *choose* to use google and we do not *choose* to recieve spam, but I fail to see how this difference makes such immoral and mostly illegal tactics legit.
Flogging might be a good comprimise though. We should never overlook flogging as an alternative. No one gets hurt and we could even serve beer for the event and make it fun for everyone.
I think you underestimate just how much I just dont care.
...to go after the companies that are being ADVERTISED in the SPAM, rather than the mail servers? Let's make SPAMVERTISING result in a lot of non-revenue generating hits, not target the box sending out the SPAM. Nearly DDOSing some clueless idiot whose box was pwn3d isn't going to do any good. But if "Joe's Viagra Barn" currently sends out 10 million emails, gets 10,000 hits, and 1,000 sales and you suddenly change that to 10 million emails = 100 million hits and still only the same 1,000 sales, you've raised Joe's Viagra Barn's costs w/o raising their revenue, and it might change the economics enough that it makes it not worthwhile to send out the 10 million emails in the first place. Thwacking away at the email server, though, isn't going to do anything since I'm sure it's a different box every week, and almost definitely not in the "Joe's Viagra Barn" network. If the spam comes with a link to click on, send the traffic to the link. If the spam comes with an email address to send to, mail a random web page to it.
Yeah, and you stupid anonymous cow forgot to include your name -> no way to show anyone it was you -> no bragging rights for you. Pretty pointless to make a FP as anonymous cow, don't you think? Ahh well, coward or stupid cow, who cares.
You know .. this is a BAD idea.
It is bad for the Internet (increased traffic), and if the "spammer" is legit and in a co-lo facility, it's bad for the others who are co-located..
= Grow a brain...
Lycos state that this is not a DDOS as Lycos monitors the site's responsiveness and throttles back when the site starts to falter. They might not be running the servers into the ground but it's still stooping to the same level of the spammers. I mean, come on, if my site had a constant 50% load or somesuch, my bandwidth for the month would be gone fairly quickly. There's something very not right about doing this.
~Warning!~ The above is encrypted using rot676!
How long will it be before we see an open source clone of that on sourceforge?
Of course it will do nothing for zombie sites that are hosted on trojan/worm/virus hacked machines. That would just punish the technically incompetent victim of spammers.
Microsoft is pure dog-ma. FreeBSD is pure cat-ma.
Sounds abit like the war on terror..
:)
Anyone see a problem with ISPs just implementing challenge-response systems on their servers?? (i.e if you send an email to someone for the first time the server will send a reply with some kind of human-prooving question, then if you get it right your emails will always go through to that address). I don't see why everyone is going nuts with stupid laws and DDoS'ing (it is a DDoS at heart no matter how they try and phrase it). Why isnt this done? - plus gmails anti-spam system works like a dream
This comment does not represent the views or opinions of the user.
So I should tolerate spam from dynamic IP addresses because a few legitimate people don't want to bother with getting a decent ISP that will issue a proper static? I block mail from all dynamic IP addresses. I don't try to play whack-a-mole with bad ones.
If you are on a dynamic smarthost through your ISP -- and if you can't figure out how to do that, you have no business running a mail server.
-- Will program for bandwidth
The line from your approximate location that travels to the city in China housing the server is pretty cool. It needs a mushroom cloud at the destination when the server melts. Also, that throttling crap needs to go. Of course, you can just watch the host names and run wget in a tight loop against them, anyway. I'll be holding my breath waiting for bulletproofhosting.net to sue me in Federal court. Ha.
Here's a briliant example of some executive who just hung himself... lets rundown the problems with this:
1. Spammers can start sending out spam with legitimate websites (against their concent), to get them into blacklists, and then DOS'd by this program... very simple strategy.
2. Lawsuits, Lawsuits, Lawsuits
3. Many of these companies run on shared servers. Now these servers have legitimate clients on them too. When the servers crash, the ISP has to offer something to keep clients... guess what angry ISP's do? That's right.
4. I'd say this could definately be considered criminal, considering the sole intention of this program is to commit a known attack method on another computer.
This may go as far as criminal... but safely going to lawsuits.
SBL's are great... but they do contain incorrect entries from time to time. Spammers have spammed legitimate websites simply to ensure SBL's aren't perfect. I don't recall anyone perfecting SBL's as of yet.
So I'd be very cautious about this one. I know I'm not going to get in on this action. I don't need some webhost calling up my ISP saying that I'm DOSing their servers.
Take down a server by directing enormous traffic towards it.. hmmm... now where have i seen this before??
Unfortunately, the only thing they will achieve is force spammers to hijack unprotected sites, probably small business and personal sites, to send e-mail using their hijacked mail accounts. Then those sites will be listed and then the small guy will have a big problem as the spammer moves to another shell.
You scare me.
Stay tuned for new sig...
This is not a bad idea, but I don't see how they'll be able to legally do it for very long.
So when lycos have there servers hacked, which will happen making themselfs a huge target by having so many zombies to control, hackers will spend all there effort hitting lycos. And when they do gain control over the Millions of ScreenSaver Zombies who will be held resonsible for there actions and stupidity? And when this hacked network of Zombies DDoS some Copmany, I guess the lawyers over in Lycos will not be in for a good day. Anybody else see this turning into a huge mess 6 months from now?
I've read a few posts here about this being a bad way to fight spam, because it's an immoral attack in response to a spam attack, and Lycos is open to being sued...
I don't believe this is the case. In the first place, the spam is advertising the URL. They are literally inviting traffic, and the screen saver satisfies the request with traffic.
Second, many sites serving spam are compromised hosts at ISPs that are too lame to control their IP addresses. I highly doubt that the screen saver is going to send traffic to an actual business's web server (e.g. a colocated server that a business is paying money for). Much more likely, the IP address has already been stolen. I don't think anyone is going to sue Lycos for hammering one of their zombies with traffic.
Not a hoax,. It wasn't really Lycos idea from the start it was a Swedish ISP called 'Spray'.
But it looks like Lycos and Spray is teaming up now.
I haven't seen someone ever so strongly get things wrong. Did you even read the article? Your responses look like you're arguing against something completely and utterly different to what makelovenotspam.com is doing.
thats it
"brxref
While I'm all for poking spammers in the eye, doing this is going to send the wrong message to the wrong parties.
I'm speaking of the bandwidth providers who supply bandwidth to spammers, as with this screensaver they get the increase their profits. Isn't this sending the bandwidth providers the wrong message, that it's even more profitable to provide service to known spammers?
I'd think what we want to do is to reduce the profitability of spam at all levels. Sure hitting the spammers feels good, and reducing their profitability is a good thing -- but with this system you're just moving the profit around from the spammer to the service providers that support spammers.
Laws of supply-and-demand would seem to dictate that as spam becomes more profitable for the ISPs, the cost of their service provided to spammers will go down anyhow, while at the same time giving the ISPs a good reason to try to attract more spam-generating customers.
I see nothing good or worthwhile coming of this, no matter how much I've love to see spammers everywhere forced to claim bankrupcy.
Yaz.
While this is an appealing idea, swamping the spammers web site to increase their bandwidth costs is not going to really work. Like another poster indicated they would need to enter random data into the order pages to make it difficult to extract legit orders. Remember most spammers are probably buying their bandwidth at fixed cost rates. So while this may use a lot of their bandwidth it is not going to prevent legit orders getting through.
What should really be done to curb spammers is to have all major ISPs implement the following:
1. block SMTP for all users and force them to route thier email through the ISPs email servers. Permit users to request port 25 be opened up. This would block all the spam generated by zombie machines (probably greater than 90% of spam comes from such machines.)
2. Implement greylisting on the ISPs email servers. This blocks better than 90% of spam being sent today since it mostly comes from zombie machines.
3. Utilize the block lists that contain the web sites the spam sends people to to block those IP addresses at the main routers on the back bone.
By implementing these items across all major ISPs, virtually none of the spammers messages would get through to the dupes that actually buy the crap. If you can dry up the responses to spam then the business model should fall apart and die. At least one can hope.
Many people apparently don't really understand that this new screensaver is not going to punish the zombie machines owners by using up their bandwidth. It is aimed at costing the owners of the web sites that collect the orders. Which kind of the right idea. But I figure most of those sites are not using metered service but have ordered at minimum full T1's and probably have more than that dedicated. So trying to run up their bandwidth costs is probably not going to impact them that much.
Impementing the three items outlined above is guaranteed to have a major impact on spam.
Am I correct in saying that the peering relationships for ISPs are set up such that they pay for data put out onto the network? That is, upstream costs, downstream is free.
So if this thing spreads, and Comcast, Verizon, etc... the big boys, start having their upstreams maxed out, what will they do?
Sue Lycos? Maybe.
Jack up the price of service? Definately. They do that regardless.
Cut back all users upstream bandwidth? Hell, if their routers are choking, that's what I'd do.
Once again, FUCK YOU LYCOS YOU ARE NOT THE FUCKING BATMAN OF THE INTERNET. They're not even robin. Not even Robin's gay hair stylist.
I'm going to start work on a program to flood Lycos. It's not a DDoS, it's just going to make it too expensive for them to stay in business, because they've shown that they are not good for the internet.
I don't need no instructions to know how to rock!!!!
"Lycos monitors the site's responsiveness and throttles back when the site starts to falter. "
So they don't want to do a denial of service attack so when the spammer's need more bandwidth they allow them to have it... Okay I guess I just don't get it. Do they think the servers that the spammers are using pay on a per byte basis??
The race isn't always to the swift... but that's the way to bet!
I see all these replies about this saying things like "they are just sinking to the level of spammers" or "this is indeed a DDOS", So what if it is both? Do we really want to sit around while they try to fight spam with politics? If it really drives up traffic that much then maybe the spammer's ISP's will reconsider letting spammer's use their networks. I am unsure why everyone tries their best to criticize operations that may indeed work, even if those methods are not what some people see as ethical.
ItWasFree.com - Take the mystery
... the screensaver has any contingency builtin against target sites sending Location: headers, meta refreshes, etc. to reduce the bandwidth of a single request. Seems simple for the target sites to do such things to try to get around it. That said, this is a fantastic idea. I do believe I will take a prompt from an earlier post and make use of wget and cron to join in the fight :)
bash: rtfm: command not found
Mod parent down -1, redundant.
Sorry, but there won't be any one way to stop spam, but there will always be ways to fight it. One method will not cover all bases, but the more methods used, the less frequent we will get spam.
This title may be read in one of two ways, largely depending on the status of your inbox and/or the number of hours since you last ate. 1) Lycos Declares War on Spam Servers 2) Lycos Declares War on Spam Servers
You can't go around raising trouble with spammers just because they want to make your penis bigger and lower your monthly debt. The right way to fight this is through legislation and vigorous enforcement of that legislation. However, I don't think we will achieve that until some of the kids today grow up and become senators. Most of the old-timers on Capitol Hill have probably never used email (or computers, for that manner) in their life, though they must have staff that wade through their official email. It was only recently that legislation prohibiting most unsolicited phone calls was passed, and that shit had been going on forever. The spam industry will fight any such legislation to the death, just as the telemarketing industry did. God willing, 30 years from now the only place you'll find spam is at the grocery store.
As for vigilante justice, that is the worst thing you could possibly do. It puts the spammer in the role of the victim and damages your credibility. They will go to the police and get them to go after you. After all, what leg do you have to stand on? Assault on person or property is protected with law; spam, at the moment, isn't. It helps the spammers, it hurts us. Just don't do it.
I think the best thing to do is to actually INCREASE spam. Make huge lists of email addresses and put them on the web for all spammers to see, or send it to them directly. Eventually, the amount of time and resources put into combatting spam will be so ludicrous that everyday business will begin to suffer. Internet traffic will be so inundated with spam that backbone routers will be dropping packets left and right. Nobody will be able to do anything productive. Worldwide economies will collapse. Satellites will fall out of the sky. Etcetera. In this scenario, spam is its own worst enemy.
Spam-filtering simply doesn't work effectively enough to block the amount of spam that would make it unprofitable. And even if you could write a filter that blocks all of today's spam, spammers would just revise their messages to bypass them. Classic Incompleteness Theorem problem: any filter effective enough to be worthwhile can't admit all the mail you want and reject all that you don't.
Chill out, it's just another 5 foot nothing internet "tough guy".
The dude's probably too scared to answer the door with the Girl Scouts come selling cookies.
I don't need no instructions to know how to rock!!!!
There's Australia, but not New Zealand... And it's not like it's a small place, it's the same size as UK.
Hope Lycos really check the URL by hand - would be bad for someone to report an innocent site just to cause problems.
I think you just need a pointer record for your mail server. That's probably the most likely thing to cause a mail server to reject your mail, and one of the clues they look at to determine if you have a "real" mail server, and aren't in fact an owned computer in an user address pool.
Excellent idea. Program downloaded works a treat. ONLY USES 3-4 megabytes of your bandwidth in a 24 hour period MAXIMUM. Sheesh, I can afford that. I get more than that in SPAM every day!
:-)
If you don't wish to install software, simply visit the site and press the "Annoy A Spammer Now!" button many times until you lose interest!
IT IS NOT A DDOS! The software carefully monitors and ensures that webservers are not DDOSed (unlike Slashdot links), but simply eats through their bandwidth.
If you don't wish to install software, simply visit the site and press the "Annoy A Spammer Now!" button many times until you lose interest! You get to see a graphical url traceroute (simplified), the total amount of bandwidth used in the cause for the url, etc. It's great to know that I am costing them money! :-)
I hate spammers as much as anyone... but bandwidth is not an issue for the vast majority of the internet. Latency is, and will continue to be, the number one problem with moving more things onto the network. What Lycos is doing will, if successfully deployed, increase the number of packets flying around through all those old copper switches and cause network latency to be even worse!
I don't care about email spam... it sits on a disk somewhere until it gets fetched or forwarded. Constant network traffic to eat up bandwidth will also ruin any chance of getting sub 50ms ping times all around the country.
This is like saying you hate having the guy down the street burning garbage, so you get everyone else on the block to burn leaves. Yeah, it might smell a little better, but that's a LOT of smoke to breathe!
Nope... my ISP, for instance, has its entire dynamic IP range blacklisted -- having an MX pointer in my domain's info doesn't help with AOL and a few other domains who use those blacklists. So I have to use smarthost for outgoing mail.
Maybe once lycos is done ridding the world of spam. They will use all these machines running the Screen Saver to begin sending spam or take out their competition.
I'm not saying spammers are Nazis, just that we should melt their faces. We all know that spammers are REALLY Neo-Nazis whose leader, Coyb- Err, Hitler Mark II is going to take over the universe. . . . Or maybe I had a little too much bawls.
http://www.aa419.org/ladvampire.html
why don't we just link to spam servers in a /. story?
or else!
OMFG, I've only been saying folks should be doing this years now. Although, it would have been nice if someone OTHER than Lycos had come up with the idea.
UTF-8: There and Back Again
Two words: Direct Link
Seriously, I'm ready for something that seriously hits these spam sites hard.
.. it's a bit trivial (the idea), but I'm sure there would be a good few that would love to donate to the cause.
.. hehe .. from our screen savers.
I give folding@home my cpu cycles now, and frankly, I have spare bandwidth that I'm paying for from my cable company, so it's about time that I waste that on a good cause too.
If someone told me today that I could get a cute little screen saver which showed me the destruction of spam, I'd frankly be willing to donate a few bucks to the cause. Paying for it won't work
Let's seriously slashdot them
The idea isn't to degrade ther performance of the webservers even. The idea is simply to increase their bandwidth costs significantly.
Click Annoy A Spammer Now!
It's been said that in life, three things are sure: death, spam and taxes.
Mendozaaaa!!!!!!!!
grammar-lesson free since 1999. (rescinded - 2005)
maybe they should allow the spammers to opt in...or is it out ahhhhh screw it
Well I, for one, find this attitude quite disturbing. I'm referring to both your own attitude, and the Lycos attitude.
If everyone starts to see it as acceptable to apply vigilante mob justice to whomever they disagree with, all kinds of havoc could result. One of the key points here is that something like a screen saver is very accessible to everyone. Unfortunately, quite a large amount of "everyone" have very strong views on things that you may happen to disagree with.
Consider the result, for instance, if there was a legally acceptable screensaver that would DDOS any and all left wing websites that were denounced by certain religious evangelists with large followings. Maybe just political websites that disagree with one side's point of view would end up being attacked.
I hate spammers as much as most people, but I don't think that making it easy for everyone to participate in annoying them is the right way to go. If people are going to DDOS someone, I'd like to think that they're at least as interested in what they're doing to know who they're attacking. They should also be clear about why they're attacking them, what all of the consequences for that party will be (preferably from a first person perspective), and then be absolutely sure that they're happy with what they're doing and the problems they'll be causing someone.
In this case, most of the decision making power and information is determined by Lycos. I don't see Lycos as a particularly neutral, objective or trustworthy party to be running something like this. (Nor would I normally trust anyone to lead as much of other people's destructive power.)
Tell it like it is, brother! I just installed it.
Thats no blog, it's a LotD.
Dude, I don't know what the fuck is going on, but you better pay up.
Sam Leahy
Collections Dept.
Northeast Gas Corp.
I cant help but think that using some software like this product will be against alot of people's Acceptable Usage Policys that they signed with their Network Provider, using it could result in a warning or worse yet account cancellation.
I think spamming is evil E-V-I-L but this behavior of Lycos is like trying to put out a fire with buckets of Petrol/Gas.
-- Jim
-- If at first you don't succeed, lie!
2. It requests http://backend.makelovenotspam.com:80/xml/1/0/0/0
3. This produces an XML document that looks like this:4. To perform that actual attack, it does not make an HTTP request. Instead, it opens an XML socket to the server and sends small XML documents (all of the form {garbage}). Occasionally these have garbage xml tags embedded within them. I assume their reason for this is that HTTP requests go through the browser and could have personally identifiable info attached to them.
Summary: looks legit to me.
It's just a flash movie in a cross platform shell.Run it in your browser!
Quite often solution suggestions are presented like this one. Its catchy, quick and oh so stupid.
You cannot fight a sustained battle against a foe that can acquire unlimited resources for free. The spammers use drones for much of their dirty work, sending spam, and serving ads, sales etc. What good will this do if the spammers just recruit more drones out there to cope with the DDoS from Lycos. (And yes it is a DDoS no doubt).
All this will do is to create a lot of badwill for the antispam cause among ISPs.
Well this is the most brain dead method of fighting against spam. An example of methods that should not be practiced ... sigh
It seems domain keys is the best method to fight against spam. ;-)
You can find a wonderful article which compares various anti spam methods here:
http://poornam.com/articles_spam.php
Anyway we will definitely stop spaming soon ..
JM
No, he is absolutely correct. I've been blocked by a handful of ISPs, including RoadRunner.
If you want more detailed information, look-up the SORBS-DUHL, which seems to be the most popular blocklist in-use for this specific purpose.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Here is my whack-a-spammer script. Why go after the spammer? Much better to go after the guy who hired the spammer.
W E_WILL_DO_THE_SAME_TO_YOUR_WEB_LOGS
#!/bin/bash
COUNT=0
while [ $COUNT -lt 2000 ]; do
lynx -dump -traversal -useragent="By sending e-mail to my privately owned domain you agreed to my terms of service, including the stipulation that all spam would result in your webserver logs being filled with garbage. If you don't like it, don't send unsolicited e-mail to my domains. If you don't want me to visit your website, don't solicit my visit by sending me unsolicited e-mail. You do not have a First Ammendment right to waste my bandwidth, electricity, CPU time or hard disk space with your crap, characteristically illiterate or otherwise." $1?YOU_FILL_MY_MAILBOX_WITH_UNSOLICITED_CRAP_AND_
let COUNT=COUNT+1
echo $COUNT
done
I've run into this issue with AOL before.
Your ISP has to contact AOL and let them know your ip/subnet is no longer part of a dynamic netblock. AOL postmaster helpdesk is quite useful and understanding (at least they were when I contacted them). Other RBL for dynamic IP addresses will also remove you from their blocks provided you have a valid PTR for your IP and the netblock is assigned properly in ARIN or the registrar of your region.
PTR have a few gotchas. I've run into provider that filter dynamic ips by doing pattern matching againts PTR, so if you have, for example, "mail.madslocation.net" you might get blocked by somebody filtering "*adsl*".
Hope this helps.
No sig
The latest idea to fight spam comes from www.makelovenotspam.com (browser flash-plugin needed) and LYCOS, who offer a simple screen-saver program for the Windows (english), Macintosh (MacosX (english) and Macos9 (english)) in various languages (english, french, spanish, german,...) which actually surfs the promoted URLs inside spams and generates traffic for the website owners, thus generating costs for the sources of spam, and trying to slow down those sites. The screen-saver promises to only generate about 3megabytes of traffic a day when being used constantly for 24 hours 100% a day. Can we call this a new means of self-justice, or is this a legal means of making spammers pay for their trash they keep sending us? You cannot actually call it DDOSing those sites as each screen-saver only generates a few http-get requests from time to time, and visually displays the spam-servers on a world-map.
:)
The company actually delivers the live real-time spam information via XML files.
I wonder if anybody before got this idea, actually to collect the spam urls and shit inside spams, so that maybe someone could share this data through similar means to a big community (like slashdot), and making thos spammer websites fear a slashdot-like effect on their services with the help for example of a mozilla extension plugin or other nice little scripts and automatism?
Interesting questions and discussions come up, as lot of people ask if this could get Lycos or the actual users of the screen-savers into trouble? Can this be defended by our free-seech, 1st ammendment and other basic democracy laws or other means? Do you think all this is justified? What other solutions could there be for spam at all?
At leat i think that simple filitering and disregarding of such a huge problem doesnt solve anything at all, and i think i am not that mistaken, as spam hasnt really slowed down, or stopped just because of filtering, but spammers try to send even more sophisticated spam and scam, and just migrate over to other fields of endeavor like instant messaging clients, blogs and all that other stuff. So we actually need to tackle the whole problem on the very other end of the place, at the sites, services and products that come advertised in the spams.
I could think of a simple XML service maybe something calld "DSUX" (for: download spam urls xtensively) or some similar service
Any comments?
ICANN will revoke domains that contain false or misleading contact information. You and I both know that spammers aren't going to put their real information in there.
The screensaver approach is flawed because it will only work for high speed and permanent connections. Dial-up users will have to be online for it to even be effective and that's bound to drive personal firewalls crazy.
That screensaver could easily be modified to do some real damage. And I'm not talking about damage to the spam sites, either. And because it's not a virus or trojan horse, it would go undetected on most computers.
Pragma no cache
"When 10m screensavers are downloaded and used, the numbers quickly add up, to 33TB of 'useless' IP traffic."
I doubt 10m people actually use screensavers at all and if they did I doubt they'd use this particular one that makes their bandwidth bill higher.
Have you metaroderated recently?
Sometimes, you really would like to get on the nerves of someone that gets on yours. However, few of these spammers actually got personally on my nerves.
So I think to have a tool like this for yourself, and not only targetting the sites Lycos selected, would be ok.
So, can I configure that Lycos thing to point at Lycos themselves?
You could add some p2p effect, like ganging up with people whose opinions overlap with yours.
I think that screensaver thing that makes collages from images on the internet would be cool a way to rationalize add DDOS capability to. Or creating random poetry. Or a distributed search engine.
On the other hand, why bother with DDOS when you can just post the URL on slashdot?
I'm still trying to figure out what people mean by 'social skills' here.
Welcome to 1997.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
1. most countries are making spam illegal by now
2. most countries already HAVE laws that make it illegal to pay someone else to commit a crime
3. most countries also have laws that make it illegal to ASSIST in a crime.
spam will not go away as long as there are dumbasses who actually BUY stuff which is spamvertized, and assholes who think vomiting all over the inboxes of millions of people is a proper way to make business.
filtering spam only leads to spam mails with more random noise.
blacklisting spammers only leads to more spammers using hijacked botnets instead of true email servers.
ddosing spamvertized websites only leads to junktraders buying bigger pipes.
can you say ARMS RACE?
Course that's only 100 people, imagine a few hundred or thousand, it could easily shutdown small online vendors or personal websites, hurting average people if the idea is altered a little and falls in the wrong hands.
my karma will be here long after I'm gone
In fact, if you have a clue, you do fight fire with fire. One of the most effective ways to battle large, out of control fires, and without it forest fires would do a LOT more damage, every year.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Interesting lead, I followed it trough some more and checked their site
Luckily, that explained the situation, starring is a marketing company, that were contacted by spray(a Lycos company in Sweden) to Get more people to start using Spray's e-mail service.
There you have it, it is all a marketing campaign to attract more users to Spray(and Lycos) mail. I guess they made it quite well, mentioned on slashdot and all...
The screensaver can be firewalled in such a manner that its attacks are ineffective, while providing a free data source of destinations on the Internet currently considered "Most Wanted" by Lycos. How much would an IT department pay for a phone call if they're seen spamming?
...", each initiated by an end-user's filtered screensaver instance.
Combine the screensaver target list with the public SIP proxy provided by Pulver's FWD service and a bulk-rate calling card: when someone's about to be attacked by Lycos, they receive a recorded call alerting them.
A headless SIP client with a custom plugin could dial the calling card service and then transfer the SIP call to the recording at the exchange (preventing, in a limited fashion, end-user spoofing of the service for nefarious purposes).
A central pool of nearly used up calling cards could be tapped for many one minute calls of "you're considered a 'Most Wanted' spammer"; for more information, call Lycos at
This is really hilarious. They are expressly trying to use up the portion of bandwidth spammers *aren't using*, and getting everybody to install a Lycos screensaver! And they aren't even addressing the fact that a spam-serving network is undoubtedly well-resourced and has more heads than medusa. Hah! Too funny. Well except for anybody who happens to actually need bandwidth for non-spam purposes. It's like setting fire to a spider web, you just burn yourself out.
This is not a DoS (well it would be if it worked). It is just PR. Suddenly it got everbody saying "Lycos", front page on slashdot, etc., and it probably isn't even aimed at people who could figure out the problem. Most people will say great Lycos is taking a courageous stand, etc.
If Lycos was really serious about stopping spam, they should put the technical, managerial, and public relations resources they are dumping into this and go after the spammers one at a time. There are a finite number of people doing this in the world, and a corporation that wants to hunt them down can do it. Just follow the money, maybe buy some spam from these guys to confirm it. Then decide what to do about it. They might even consider posting a list of spammers, companies that profit from spam, and spam purchasers, on the net. Though that might make it hard to do subsequent investigations into spammers.
Well that's one thing they ought to do instead of this. Personally I think it would be better PR if they actually made some positive results in reducing spamming (with scientific proof) and publicized *that*. So this could maybe be called a half-assed DoS and a half-assed attempt at PR for mainstream technophiles, but on the whole it is just silly and wasteful. Thank god my fiber connection is nowhere near them.
I installed this, well, tried to. It failed saying Not to install it from my windows directory. Interesting considering it was "c:\stuff"
Shortly afterwards, windows would continually go back to the login screen after a period of about 15-20 minutes. Have just reran norton, and it detected hack.tool. I admit, its possible it didn't come from this file, but the timing just seems awfully coincidental to me.
Life is what you make of it.
I wanted to do this for years. I will join!!
Lars
Spam = unsolicited commercial email.
100 X 3.4 = 34?????
Go back to elementary school, the correct answer is 340.
I love it!
Until law enforcement starts cracking down on products advertised through spam, then this is the only way to fight the battle on this front.
I say, bring it on!
I am the maverick of Slashdot
Just post the spammer's ips here as a link. Duh.
Karma: Bad is the liberal way of saying this guy won't drink the kool aid here on slash dot. I wear my Karma with pride
Also, on a related note, this is a little java app that you can run as a background process thath injects false information into various spam/spyware related website forms.
Flash bulletin: hundreds of millions of average people are drowning in spam, fuckwit.
Think of the internet as a road system the routers being intersections and the data being the traffic.
All traffic that uses the highway has to pass through the intersections. Since so much of the traffic is going to one destination, the intersections closer to the destination will also become ensnarled. These intersections have nothing to do with the criminal behavior of the originating source.
It is like the excess traffic around a crackhouse. The traffic annoys the neighbors and may interfere with the commerce of the corner store as well.
Lycos is perhaps well intentioned but the are going to annoy the neighbors. This makes Lyco's idea just about as bad for the community as the spammer himself.
Far better idea to burn the spammer's house down.
That's because your ISP doesn't update their information. I've had this very same problem with a local ISP and a customer of ours that explicitly told his ISP that he wanted to host a mailserver. First of they "forgot" to open port 25 (as by default it's closed on inbound connections), then they "forgot" to update their lists.
It took them 3 weeks to update that list, and add another one for the RBLs to catch up. In the meantime our customer was helped by relaying his mail over our mailservers. Of course, this is a problem for any small to medium business that decides to run their own mailserver with ISPs that really don't do what they're being paid to do.
As it should be. What the hell are you doing relaying mail from a dynamic IP anyway? I know, it's everyone's right to set up a mailserver, but with the problems of virii setting up their own SMTP servers, spammers commanding armies of drone-workstations, and whatever they may think of in the future this is a measure that warrants the inconvenience. If you'd like to run an SMTP server, talk to your provider to get into a range that's not 100% dynamic IP address and hasn't been labeled as such. They'll charge you more, that's true, but you'll be free to send mail as much as you wish. If you don't want to pay more, relay your mail over your ISPs mailserver.
Temperary? What a joke! There are services for the express purpose of blocking dynamic ips. That's not "temperary". We're on our third isp here in an attempt to stay off blacklists. No spam has ever come from us, but we're paying for it anyway. We're with igs.net now, by the way.
tired of online ads?
http://www.aa419.org/
The site is filled up with linked images from a 419 scam site, so they use up their bandwidth just like the Lycos screensaver does for spammers.
I actually went to the Lycos screensaver site (select Int'l English from the dropdown, and go from there), and it looks to me like they're going after the sites that hire spammers: the online pharmacies, anatomy enhancement companies, and so on.
It also looks like they're not trying to kill the sites, just jack their bandwidth charges through the stratosphere to convince them to stop hiring spammers.
Yeah, its a waste of bandwidth to a certain extent. But then again, if it has the desired effect of convincing even a FEW companies to stop hiring the spammers, I can live with it. To my way of thinking, its kind of like cleaning out your closet or garage: you've got a big mess on your hands while its happening, but when its over, you're ahead of the game. Your view may be different :-)
--- Asking inconvenient questions for over 30 years...
sometimes art has to win out! eg, giving up my Marine Aquarium on dual displays is just a huge artistic sacrifice, when its replaced by such an ugly screensaver! why does it need to be a screensaver at all??
"There are 11 kinds of people: those who know binary, those who don't, and those who could not care less!"
Let's call it Distributed Reduction-Degradion Of Service: DR-DOS
A hunch tells me it won't run on Windows.
With great power comes great electricity bills.
The whole problem with Zombie Site is that they are unnoticed. The owners don't care or can't understand whats going on on their own system. Once their system starts crashing and the ISP block service and tell the owner to fix it or get lost they will be affected and fixed/shutdown.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
I love the idea, but I have a feeling it can backfire, though. The spammer controls the DNS, so Lycos is basically giving them a third-party DOS hose to turn on whoever they like. Yes, if they do that then people cannot get to their product. But, as soon as they see their traffic spike, they point the hose at someone else. Then the lawsuits will start to appear.
If staff at lycos are actually real-time monitoring this to make sure that the right person is getting shafted, then it could work.
That being said, sign me up! Whatever makes the spammers job harder & more expensive is ok by me.
TODO: come up with a clever sig
I took John Graham-Cumming's survey and dutifully walked through the is-it-spam test, but the test is flawed and appears to have been designed with some preconceived notions.
I don't filter my email in any manner like the test had me do. I open everything that makes it through an IP blocklists and spamcop/ordb lookup, glance at the body of it, and either accept or reject it based on my own fuzzy human criteria. It's no more possible for me to misclassify inbound email after I've looked at it than it is for me to choose the wrong cup for my morning coffee. Either I wanted it or I didn't.
The premise that an automated process can do a better job at deciding what I want than I can do myself is false.
Don't get me wrong - I'm all for automated blocking of spam, provided that the blocking takes place before the body of the email is even received. If the mail server has to accept the body of the email before the filtering goes to work, there's not much point.
Plus us people are a vindictive bunch. We'll even willingly hurt ourselves in a effort to hurt somebody who deserves it.
In this context I would willingly pay $1 if I knew it would cost a spammer $2. Why would I go out of my way to cost the spammer $2? Because I'm vindictive.
I bet I'm not the only one.
At the bottom of the
Which part of "not enough to go round" do you not understand, spaztard?
At the bottom of the
I would sue anyone who sent invalid/fake requests to my site in mass numbers. Calling it an 'attempted DOS'.
I never said *I* was running a mail server myself. I was referring to temporary IP bans in general... EG. I've been banned, temporarily, from IRC servers, because someone else on my ISP was causing repeated problems coming from different dynamic IPs in the same range as mine - and they just wanted a quick stiop to the problem.
No big deal, as far as I'm concerned, as long as they get to the bottom of the real problem shortly afterwards and don't punish the innocent indefinitely.
Set it up so it does overuse the connection,
but then turn around and send mutated URL's
at the servers.. I don't know what a DDOS
does, but its suitable, if you can prevent it
to send DDOS's from several sites.
However I don't trust this screensaver..
After I downloaded the program, they popped up
a screen about their other software titles.
Do you think they could be using this to collect marketing, like which software titles you are using,
and plopp a ID cookie into your browsers so that they can track you.. I mean, what is the value add
to this software, is it benefitting us or them?
I can see that it would work, if they were to build up their Identity.. But considering they are no longer the brand they once were, who knows who that brand is now?
It could be spammers yet.. Note they don't offer
software for the US.. Would this mean there is no regulations in place to protect users from misuse in these countries?
Just say no to license servers!!
if this technique raises the cost of business, and hence lowers the number of operating spammers, i be the net will be a lowering of total net bandwidth usage, even when consisdering the targetted crap flooding of spammers. spam is HUGE these days.
tasty electronic music vittles
This gives me a great idea. How about we post a spam site as a news item once a week. Death by Slashdot we know is legal.
-> Fritz
Spooooon!!!!!
Well, the story is off the front page now and I doubt anybody will read this, but I'm not sure it actually does anything. I installed it a couple of days ago as soon as the story came out (OS X version), and it stated that there were 9720 clients running. It shows the same number today; I would have expected to see at least a small /. effect and then a falloff, but the number has remained constant.
I also noticed that CPU usage is quite high when it starts up, and then it falls to zero after 5 or 10 minutes. Anybody have sniffer data that verifies it's actually sending traffic, let alone hitting spammer sites?
It would be an interesting little wakeup call:-)
You are so busy trying to come up with lame insults that you overlooked the simple facts. I'll try to use short words so as to not confuse you...
Most broadband ISPs issue "persistent" dynamic ip addresses. That means you generally get the same ip address day after day, even though you shutdown/reboot your computer regularly. For them to assign these persistent dynamic ip addresses, they need to have enough of them for all their customers. In other words, there has to be enough ip address to go around. All they need to do is properly assign label a block as static for the small percentage of people who need them.
-- Will program for bandwidth
Odd, from work I get to the Lycos page,
from my home ISP, I get a message:
" Not nice to hack spammers, we logged your IP,
and are reporting you to your ISP. "
Ha, as if they will bother, but more topical,
How are they intercepting the same URL from
the same article, ISP blocking the URL ??
I use a tool (written in Java) that I wrote. I tested it on my own webserver (not anyone elses). If you want to test your own webserver look at this one. http://plaza1.net/SpamFryer.jar you might have to right click this link and save it to desktop.
I think a better way to make spammers stop is not to waste their bandwidth with pseudo web page requests just to waste their bandwidth but to have a computer program scan your email, grab all the URL links found within, webcrawl those URLS looking for forms.
Once it has a list of web sites with target forms, it then allows you to pick any one of those web pages from the list, start your web browser configuring it to use the anti-spammer program as its proxy, let you fill in the form with bogus information and associate fields with a selection of possible responses, then until you tell it to stop will send out a post with that information or other similar information at random intervals.
This has the benefit of:
1) Since it takes user intervention to set up a sample form and that it is a response to a web form and that it would stop if the web site in question returns with an error code it could be argued it's not strictly a DoS attack
2) Gives the spamming victim some return satisfaction knowing that the spammer is him/herself now being spammed with bogus information in reponse to spam they sent out
3) Buries the "legitimate" responses to their spam in a mountain of bogus responses.
4) Keeps control of attacks in the hands of the user of this software, not the authors of the software keeping some arbitrary list of sites to attack
5) every so often if possible, post a legitimate fbi email address or other security type address in the hopes of enticing the spammer to spam them. If you're in the business of tracking down fraud or other questionable activity and someone comes up to you and tries to defraud you, you're not gonna just roll over.
And if the site is a scam, or trying to rip people off, then surely it's your civic duty to hinder their attempts to harm other people.
Paul "Say no to feeping creaturism"
At the bottom of the
One: aren't a lot of these spam sites located on hijacked PCs on DSL lines? I guess a DaDoS (Distributed 'Almost' Denial of Service) on them would help show up the problem to the ISP, but it wouldn't cost the spammer much - certainly they wouldn't pick up the bandwidth charge.
:-)
Second thought... How about a slashdot feature 'spammer of the day' link at the top of the homepage. When you log in you click the link a few times - a bit like the hungersite, only vindictive?
Maybe not on slashdot, but a daily-changed link to a spammer's site might be fun for all slashdotters to click
P
If the ISP doesn't do anything to prevent their customers from running spam servers or open gateways, they are as guilty as the spammer. I say block all the ranges that allow spammers, if that ISPs other customers don't like it, they should complain to their ISP about their policy on allowing spammers.
:-P
no comments about harboring terrorists, please
As long as we can all agree that, without exception, anyone protesting this is himself a spammer or uses spamvertising.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
What fraction of web sites are spam sites? It must be minuscule. One could find out by dividing the length of Spamcop's list by the total number of sites on the net.
But let's generously say that 0.1% of the web sites in the world are devoted to selling spamvertised goods. Let's say that they are operating at 10% of capacity (defined as willingness to pay, or isp tolerance, or fraction of fixed bandwidth purchased). Let's say that this idea will push them up to 100% capacity. Then the total amount of web traffic would go up by 1%. And web traffic represents a small fraction of net traffic. Big deal! The effect of this idea on the network is negligible.
If Lycos is doing this efficiently, which you can't tell from the article, they could be filling in blanks on the spammer's CGI scripts, which could use up their CPU and database capabilities as opposed to just burning bandwidth, or they could be just sending email, which is less interesting.
AA419's Lad Vampire web page really beats up my 2.4GHz machine, because it keeps trying to render the images after downloading them, using a lot of Mozilla CPU. If you wanted to be more efficient, you could write something similar that just did lots of wgets to /dev/null (obviously trivial on Linux/BSD/GNU/Unix, but probably not too hard on Windows, at least with a bit of Cygwin help.) But loading the page is a no brainer, so I just do it when I'm not going to be using the machine for a while.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
what if someone comes out with a similar program but you can pick the site?
Similar programs exist, they are called mirroring tools. I guess it would not take much scripting to make something like wget repeatedly mirror the same page, thus creating the same effect as the Lycos screensaver.
On Windows, there is HTTrack, but I have not tried to start it from a batchfile yet. If that is possible, we have our tool for the Windows skr1ptk11dd13s.
C - the footgun of programming languages
Have you seen this? www.spamitback.com Did lycos simply rip the idea from them, and then do a major press release?