Slashdot Mirror
Lycos Declares War on Spam Servers
Psychotext writes "The Register have posted a story about a new screensaver from Lycos that targets known spam servers (taken from spamcop and verified by hand) with traffic in order to raise their bandwidth costs and hopefully price them out of the game. Lycos state that this is not a DDOS as Lycos monitors the site's responsiveness and throttles back when the site starts to falter. The screensaver is available here for Mac OSX, Mac OS9 and Windows, though you might need to lie about what country you are from." Reader JohnGrahamCumming writes "As part of preparing for the MIT Spam Conference I've put together a survey on what people are experiencing out there with spam, what they are doing about and followed it up with a test of different views of an inbox filled with spam and ham. You can take the test and be part of the survey results in January."
--
Power to the Peaceful
I'm sure Lycos will love it when the spammer updates their DNS to point to Lycos.
I like how they state, even though that this screensaver overwhelms the server with requests, and can from many different sources, IT IS NOT A DDOS!
Actually, it's a great idea, now only if a cool Open source dev would make an open version of this and take away that whole throttling thing.. who would they sue?
It would be the gnutella of ddos's!
Excuse me, I don't mean to impose, but I am the ocean
This will never survive the legal challenges it will face. At least some of these companies can claim to be "legitimate" businesses. Of course if they just produce the list of addresses we can surely work out something involving wget for ourselves.
Humor from a Genetically Molested Mind
We all know: This is NOT spam!!
;)
Now we got: This is NOT a DDOS!!
Oh well, we gotta try a few things to try and bring the spam down
Any technology distinguishable from magic, is insufficiently advanced.
This doesn't seem like a very constructive solution. Hiking up bandwidth costs of spammers will certainly not solve any portion of the problem, as we've seen how much these people rake in. Not to mention the questionable ethics in a process like this. Lycos would be better off trying to work with other companies to try and somehow blacklist or filter all this garbage traffic instead of adding to it. As it stands, this is just some pathetic pissing match. Nice going, Lycos.
Try actually thinking for yourself. It's quite refreshing.
Bandwidth is not unlimited. The Internet can only handle so much traffic. With core routers very close to being overloaded, adding on completely useless traffic like this, no matter what the reason, is just dumb.
Why not use the resources used to develop this program to work on better spam filtering software? If nobody sees the messages, nobody buys the spamvertised products, and the spammers go away.
It's like investing in the future. If it works and makes it too expensive to run a spam destination site, spam destination sites will fade into history. This may be wishful thinking but the other option is to do nothing until 98% of internet traffic is spam related. I say "yeah" - if for no other reason than because it feels good. Of course, I'll have to wait for the linux equivalent - or maybe I'll go google for some ready made scripts - failing that, using this list and wget, I'll make my own. Sounds like a fun and righteously vindictive activity!
What changed under Obama? Nothing Good
they can call it "NOT a DDOS" all they want, but it doesn't really change the facts. Technically speaking, they are right, because they are not trying to cause a Denial of Service, but I think that really in spirit it's not much different enough. While I certainly have no sympathy for spammers, I know that this is certainly not something that I'm going to be installing, as someone living in the US, because it seems to me that it's certainly possible for someone to win a lawsuit against the company or the people running this software.
Famous Last Words: "hmm...wikipedia says it's edible"
Yeah, but...they're spammers.
It's like the Indiana Jones movies. Melting people's faces is bad. Melting Nazi's faces is awesome. Because, honestly, they're Nazis.
I'm not saying spammers are Nazis, just that we should melt their faces.
Bad idea, Lycos - nobody (no human, anyhow) likes spam - but the rest of us have so far refrained from crap flooding the net to stop it.
-- Cheers,
-- RLJ
Lycos is wrong on this one. Part of the problem with SPAM is that despite the appearance of email being free, there are hidden costs (Kind of like environmental impact costs). In the case of SPAM the costs are bourne by the ISP / bandwidth providers and the recipients time, energy, and money. Lycos makes the problem worse for the ISP.
Hell, if I were a SPAMMER, why not add some third party advertisements to my SPAM page. Perhaps each hit from these screensavers would generate revenue for me!
I'm also having trouble seeing how they claim this is not a DDOS attempts. Obviously by increasing the number of screensavers in use, the load increases on the target sites. Perhaps a new concept--the DDOP--distributed denial of performance? Keep flooding until ping time of site is > 30 seconds. Still sounds illegal to me.
What is to stop the spammers from doing a reverse DDOS on you? They would have your IP address, and would enjoy wasting your bandwidth too. My guess is they have a lot more bandwidth than most of us do. They aren't exactly people I want to mess with. If nobody buys their stuff, they would go away. Unfortunately that's the only solution I see to 'fix' the problem.
Isn't this the same as the "Artists against 419" site is doing?
The real "Libtards" are the Libertarians!
12 year old kids running Kazaa are WAY more of a threat to ahem, overloaded core routers, than this screensaver.
If you can't figure out my address, just drop me an e-mail and I will explain.
I don't want my IP in the hands of someone with the morale of a spammer [server logs].
Let alone any "carefully picked host", certainly not at times I'm not there to observe what happends with my machine[screensaver].
Nah-uh.
I think we can keep recursing like this until someone returns 1
Note also that this is for Europe only. While there is nothing from stopping you from downloading and running this program outside the US, it is technically for europe only.
Even if you check the site, it explains how site it "targets" are slowing response times.
Is this shady, yes.
Question? If you are being harmed by something and want it to stop and there is no other recourse but to take the matter into your own hands, is that wrong?
Answer: It's up for debate.
If someone was on a daily basis causing me to sift through hundreds of emails, losing important messages, having the spam filter delete it accidentally, or having to wait for everything to update in order to assure that I have all my mail, then yeah this is justified.
They care not about your resources, time, or anoyance levels, why the hell should you?
Vigilante justice is not pretty, but it does get the job done.
Ignore the "p2p is theft" trolls, they're just uninformed
This is a stupid idea and will only serve to irritate the rest of the Internet. As much as they'd like to think it's not a DDos, it most certainly is, and they're just sinking to the spammer's own level.
I hope Lycos rethinks their plans, or I fear the retributions will be far more damaging. Any net user who downloads this software is going to leave themselves open to prosecution.
Oooohh, this is such a bad idea on so many fronts.
1) They're going to get sued. Not just sued, sued a whole lot. Asses in a sling kinda sued. Spammers that are making good money have the budget to sue, and really Lycos is completely in the wrong here. Morally, sure spam sucks. But you can't do it this way.
2) It's against so many different TOS's that isn't even funny. With very very very few execptions, users can't legally run it (check your provider's TOS). They're opening every user up for:
a) federal charges.
b) lost ISP connection.
c) Lawsuit for damages from the spammers.
3) So you flood a facility with an OC3. Now not only have to screwed up one guy's day, you've screwed up everyone's day at that facility. Or worse, the screen savers send such a load to knock down a server, that they inadvertantly overload a few major peerings instead.
How about this for a proof of the point. I have a GigE connection in 3 different cities. My provider has multiple OC192's heading all over the place.
I rig up something that can handle a 1Gb/s through it, that can take the abuse, and still appear to be functional. Come on, think creatively, it's not that hard to do. I can serve 1Gb/s of web traffic with 6 machines. Actually, I do with 15 machines, at a very low percentage of their capability. So no matter what they throw at me, they can't take the servers or my line down.
Or worse yet, they attack me, so I flood them back with 3Gb/s. I'd bet I can swamp lycos.com. Sure, they'll bitch. They'll moan. They'll threaten lawsuits, but I returned exactly what they were doing. More than likely they'll lose in court.
Isn't there a rule for iptables to redirect traffic coming into one IP, into another one? a one-liner, if I remember right.
Lycos DDoS's me. I set up machines to redirect the abusive traffic to say whitehouse.gov, ftc.gov, or lycos.com. Ah, lets play nice here, lets redirect the traffic to google.com, and watch the lawsuits really fly. So Lycos makes a valiant attempt to knock Google offline. That'll go over really well in court.
Or, as one comment in here already said, if they do it by DNS names, just change the DNS record.
bad.spammer.com. IN CNAME lycos.com.
or
bad.spammer.com. IN A 209.202.248.202
bad.spammer.com. IN A 209.202.216.27
(That's what Lycos resolves as for me)
or just negate it entirely.
bad.spammer.com. IN A 127.0.0.1
or have a little fun.
bad.spammer.com. IN A 255.255.255.255
And [insert deity here] forbid, someone compromises the machine which controls this action. If I were an evil hacker (hush you people in the crowd), that'd be a great play toy. Wanna knock off some competition, just point Lycos to them, and turn off their ability to throttle.
I'd be *REALLY* pissed if I was hosting one, or there was a compromised box somewhere off in a corner that I didn't know about, and they decided to knock one of my networks offline.
Most spammers move around so frequently, attacking a particular hostname or provider really doesn't freakin' matter. They change the domain the links go to, and start sending again. The usable age of a spam is only 3 days. Spammers consider if it hasn't been read in 3 days, it's not going to be read.
I wish them luck, and hope they have a big enough budget to keep their executives who came up with this brilliant scheme out of federal prison. I sure as hell hope they don't accidently point at me for being a target, 'cause sure as hell they won't be on line long.
Actually, with an announcement like this, they've opened themselves up for being the blame of almost any DDoS attack.
Serious? Seriousness is well above my pay grade.
(raising clenched fist looking at the sky)
:)
DAMN YOU, GODWIN!
Kungsgatan 6
Stockholm, 111 43
SE
[Administrative contact] Brockman, Didde
Starring Ltd AB
Kungsgatan 6
111 43 Stockholm
SE
Email: technical@starring.se
Phone: +46 8 6144600
Fax: +46 8 6144610
The sites use Lycos logos, but it's not at all clear that Lycos has anything to do with this. While these sites link to Lycos, there's no obvious link to it from the Lycos main page.
(on a business network) many of your users install and run the screensaver and suck up your own bandwidth as well as that of the spammers.
I installed it and it doesn't seem to use much bandwidth (MacOS X). It does, however, seriously cut into the Folding@Home CPU cycles, so I'm not sure how long I'll play with it. I think I'd rather help cure diseases than DDOS spammers, even though the latter is immensely satisfying...
Actually filling this one in was harder than I thought it would be. I guess because I'm too lazy to think up new catagories that consicely summarise the objections we've seen. Nevertheless...
Your post advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it [well, we'll find out if this is illegal once Ralsky et al. sue]
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam [providing Ralsky et al. with enough funds to make the court case long and bloody]
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Inethicality of slowing the entire Internet down, when a handful of spammers are responsible for 99% of our spam
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Seems like they're just sinking down to the level of the spammers in order to try and fight them. As much as I hate spam, I cannot get behind this kind of activity. They're just adding more useless traffic, in the name of justice. Sorry, nice idea in theory, but I sincerely hope it never takes off.
There's a sort of hierarchy of ways to deal with people. At the base is physical force, and the top is reason.
If someone won't listen to reason, the only way to deal with them is to go down the list of ways to respond. How far down the list you go depends on the morality and importance of the problem (for example, if someone is wearing white after labor day, you might try to reason with them, or convince them with emotional arguments, but you probably won't pass a law or (going to the very bottom of the list) threaten to kill them for it).
Spammers won't listen to reason or laws, so you have to either go down the list (in this case, meet them at their level), or let 'em be. For example, I wouldn't advocate violence against a spammer (except prison time, but just barely, like 6 months max or something), but wasting their money (like they do to me?), count me in!
You scare me.
Stay tuned for new sig...
TONS of spam comes from them and enforcement of complaints to Abuse@ is nil. What, of use to a Westerner, could they offer to counter that?
What do you mean "them"? A billion people live in "APNIC", dozens of countries. A few thousand spammers. As for "Westerners"; I happen to be a white Caucasian male born in Australia, living in Hong Kong.
Because of attitudes like yours I have to use devious methods to email people on AOL, as they've blocked my normal domain for reasons they don't even deign to explain. Most of the world's spam originates in Florida. Do somethng about that first.
Course that's only 100 people, imagine a few hundred or thousand, it could easily shutdown small online vendors or personal websites, hurting average people if the idea is altered a little and falls in the wrong hands.
my karma will be here long after I'm gone
Interesting lead, I followed it trough some more and checked their site
Luckily, that explained the situation, starring is a marketing company, that were contacted by spray(a Lycos company in Sweden) to Get more people to start using Spray's e-mail service.
There you have it, it is all a marketing campaign to attract more users to Spray(and Lycos) mail. I guess they made it quite well, mentioned on slashdot and all...