Slashdot Mirror
Lycos Anti-Spam Screensaver Brings Down Spam Sites
ChairmanMeow writes "According to BBC News, the screensaver released by Lycos Europe that targets spam websites has been a bit too successful at targeting spam sites, bringing down two sites, with a third responding intermittently, and raising concerns that the screensaver amounts to a DDoS attack against spam sites. Of course, spammers deserve to be punished, but will DDoS attacks against spam websites help to curb the problem of spam?" While the screensaver allegedly throttles back when a site slows, it would seem it's being a bit overzealous.
It's nothing illegal. Just packet spam.
Your ad here.
It's according to Netcraft. Their story is Spam Sites Crippled by Lycos Screensaver DDoS, followed by Lycos Screensaver Site Blocked by Internet Backbones and Lycos Screensaver Site Changed, Now Says "Stay Tuned". F-Secure also says spammers are beginning to fight back by redirecting traffic back to Lycos.
Come on people, primary sources! This isn't elementary school.
Post the links to the sites it targetted, we can finish them off!
can't sleep slashdot will eat me
Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer...
It's all those years of repression, where you have to just passively accept all the friggin spam that gets sent your way. I like to see them taking some heat for their despicable actions.
Instead of using Adblock we need Ad-Double-Block. With Ad-Double-Block you wouldn't not only block the image but use spare bandwidth to repeatedly click on add banners behind the scenes. If I understand the article correctly, the software reads your email and sends clicks through to the web sites listed that are in a spam box(?) while the screen saver is on throttling back when the site slows. Of course you should be able to configure the pain threshold for the sites.
What a horrible thing to do to those friendly neighborhood spammers. :(
FedEx?
What doesn't kill you only delays the inevitable
I don't know why Lycos is all high and mighty all of a sudden, their reputation isn't that great. Granted I dislike spammers more than Lycos but still... something about a pot and a kettle.
How do we know that the spammers didn't just take their servers offline in response to the attack?
The part of me that hates spammers says "yes its right." The moral part of me says "no its wrong two wrong dont make a right" The fact is it is wrong and illegal to DoS anyone even if they are a spammer. Also remember that many spammers take over machines and they send out spam, so this could be DoSing innocent people. If we really want to go after spammers we wont pay there products and report them to their ISPs for spamming.
Why not target other sites like spyware/adware/malware sites like Gator?
You say that like it's a bad thing. They DDoS my inbox, loading pages that they ask me to visit sounds fair.
"History doesn't repeat itself, but it does rhyme." Mark Twain
does the server not like getting butt-loads of unsolicited junk sent to it?
-bradly
I'm sorry, I just can't get myself upset about spam sites being brought down. I downloaded it to hurt spammers. If it hurts spammers a lot instead of only a little, then I'm all the happier.
I don't care if the spammers' servers are DDoSed. They can take their fucked-up business model and shove it, as far as I am concerned.
Good on Lycos for finally having the balls to stand up to these guys. The spammers have been stealing bandwidth off all of us for far too long now.
gadgetophile.com
This is not the right answer. Whether it's:
cutting off your nose to spite your face or
shooting yourself in the foot
you can choose your own cliche.
Now spammers will just include URLs of normal, unaffilliated sites in with the other links. Then you have Lycos being responsible for DOS attacks against innocent bystanders.
It's being a little overzealous in it's effects on the spammer's systems? Maybe they set it up to be proportional to the amount of "legitimate" advertising messages that the user receives from those sites.
include $sig;
1;
Lycos Europe denies attack on zombie army
Lycos head zombie hunter Ash gave a statement today...
Bitchslapped. Neat.
Who controls the list of "spam sites"? What are the criteria for becomming a victim? I would personally like this process to be transparent before I encourage anyone to participate - I do think they have the best intentions, but the potential for abuse is a bit scary.
That's what sucks about the spam war.. the good guys have to be careful how they deal with the problem to avoid accidentally screwing someone innocent. The bad guys just double their output.
The majority of spam comes from China (which includes Taiwan province and Hong Kong). These folks have no regard for another person's privacy.
If anyone is interested, I am willing to volunteer some Perl code for bombarding spam sites like those in China.
My screensaver (that i run even though i cant get it to run through the proxy i have to use) has been acting weird.. instead of showing a status of the "attack" it writes: "please wait"...
I think that some spammers put the update server down, and now the screensavers wont stop connecting to some of the sites even though they are down.
Spammers will hire scumware authors to write apps that packet sites who target spammers, making the circle complete. Then, the masses (tm) will get infected with the scumware. It isn't that hard to figure out.
When you look at the state of the world, how can you not become a radical, liberal anarchist?
Sure we're pounding spammer sites, but does replacing one form of useless traffic with another really accomplish anything?
Who doesn't like free music?
Say you start expanding your list with anyone who spams your email. So someone gets mad with Joe and starts spamming and redirecting traffic to Joe in emails. The Anti-Spammers think its Joe that's doing the spamming, and slap his website in the doomed spammer's list.
God spoke to me.
and the whole world drowns in a sea of pork.
Better to get the screensavers to coordinate so they hit the spam sites with peak traffic during what are likely to be peak rate hours for that site.
How about a plugin for Outlook/email client of your choice that simply loads every URL in every spam email you receive (socket, not web browser based), properly accessing inline images etc .. Not a DDOS since the spam specifically asks you to go to the requested URL ..
The more successful inbox spams received, the more the spammer's website gets pounded with the supposed traffic he/she is looking for. Of course, put some kind of limit on it so your own connection doesn't go down.
Wanna spam? Front the bandwidth.
Yes, spammers are evil scum who need a standard NATO round square in the forehead. But this sort of rough and ready justice worries me. An attack on the network is an attack on the network, period. If this sort of thing becomes respectable where does it end?
If it is OK to DDoS spamers, who else is it ok to knock off of the net?
Kiddie Porn?
Regular Porn?
Nazi/Skinhead sites?
Anything YOU think is a 'hate site'?
Anything ANYONE things is a 'hate site'?
Anything anyone objects to for any reason?
Business competitors?
Political opponents?
Anyone applauding Lycos for this had better be ready to draw the line somewhere on that list above and defend why their line is the absolute correct one in language all can agree on or that line will creep down at Internet speed.
Democrat delenda est
The goal is to flood the sites with traffic to eliminate their source of income. If they shut the sites down all the better. How can anyone who sends out millions of requests for people to go to their website complain about millions of hits on their server? -- Dennis
Rather, it's a bunch of people coordinating their requests for information. At worst, it's civil disobedience (though not directed at government) or an organized, peaceful protest.
I had a similar idea a while back, where people supportive of a cause could voluntarily elect to permit their computers to engage in simultaneous activity coordinated from a single point. It's cool to see this.
You could've hired me.
BEGIN TIN.FOIL.HAT
/TIN.FOIL.HAT
1) What if the spammers are taking down the server(s) deliberately, so that they can claim an effective DDoS? (and perhaps sue Lycos?)
2) What if they update their DNS to point to 213.115.182.123 (IP address for www.makelovenotspam.com) instead of wherever it is now?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
for all intents and purposes, DDoS = illegal. but DDoS'ing spammers? i think most of us are willing to turn a blind eye. ;)
Netcraft confirms it: Spam is dead.
Who really gives a shit? All spammers should burn in hell.
Beat down a guy to gain instant credibility. Sure, you won't get a white hat, but as an anti-hero the audiance will at least give you a chance.
If they do it on someone who is not a spammer they get their ass sued, good enough right?
Whats to prevent spammers from reporting lycos to their ISPs, well, the ISPs would not be too kind to the spammers either.
Joining the ranks of spammers by using a tactic that compares on a network level to their 'advertising' just couples the problem ... this is a cat and mouse issue ... you attack them - and they will go elsewhere... they will not go away.
... and untill it isn't profitable .. some asshole will be attempting to profit. PERIOD.
spamming is profitable
Lycos should be embarassed to stooping this low. and any of the lowlives running this 'screensaver' should be equally embarassed for being such a dumb ass.
...Makes the whole world blind. - Gandhi
eclecti.cc
Any time you attack a site like this, there is a risk of collateral damage.
Imagine two sites in the same city. All traffic in or out of that city goes through one of a handful of backbone pipes. If you attack a spammer enough to flood his backbone, everyone using that backbone will suffer.
"Good, the backbone deserves it" you say? If the backbone is in a country without spam laws, the backbone may not have any choice unless it wants to risk losing "common carrier" status.
"Good, the whole country deserves it," well, given what I've seen coming out of a few unnamed countries, you'd have a point.
Seriously, throttle or no throttle, deliberately pulling traffic from a site for the purpose of making it waste resources is as immoral as getting all your friends to help you steal all the free newspapers on a college campus so the newspaper will have to spend money to print more. By the way, stealing "all the papers" like that is illegal in some parts of the USA.
Besides, it's ineffective in the long run - within a month, spammers will figure out a way to mitigate the damage to themselves.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Hmm, it looks like we might be edging closer to some sort of internet version of mutual assured destruction. One side fires at the other, the other fires back, and then instead of all hell breaking loose, nothing works anymore on the internet. Of course we can turn our computers off, go outside and get some fresh air.
Yes, I know we haven't reached that point yet, but with all those taken over PC's out there, plus enough folks tired of spam, there is plenty of bad feelings out there for something to get out of control. This is just a small example of it.
...who are always steamed up because the internet is an unperfect place or someone is billboard posting in some usenet group of you didn't read the faq are going to mad at something forever. Why even run anti-spam screen savers when you could be looking for seti or doing some folding or something useful. 1000 years from now spam and drugs and guns and all kinds of potentially bad things will still exist. You won't. Use your time on something useful.
Someone get the world's smallest violin immediately!
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
dupe
Tech, life, family, faith: Give me a visit
I'm not too sympathetic to the plight of the spammers, but I think it sets a bad precedent, and will only result in an arms race.
Chip H.
come on, give us the URLs, we can give them some slashdot lovin' ;)
... who the fuck cares if we take their sites down now?
think again, now who the hell started this whole ware in the first place?
spammers must die. no question.
Say you don't like Nabisco (pick company of your choice). Pay a spammer to send out millions of spams advertising Nabisco. Now Lycos adds Nabisco to its list, and all those guys running its web server do a DDOS attack on Nabisco.
... as least until one of your arsonists accidentally burns down the murderer's neighbor's house.
paintball
Don't you feel the same? I'm sure you do.
Wouldn't it be great if someone would create a screensaver that would automatically visit the websites of the vendors of these enticing offers and display them on my screen? I'm a fast reader so it would be great if it could show a few each second.
That way, I'd be able to read all about their exciting products without having to do anything at all.
If there was such a screensaver, maybe lots of people would download it. After all, I'm sure we're all interested in the products on offer. And what e-entrepeneur wouldn't want to have thousands of interested potential customers visit his web site every second?
Hey, I like the idea of punishing spammers, but Lycos is playing a game that's very dangerous. They're doing DOS-attacks (by proxy) on servers, and where I live that's actually a crime. While sending lots of unwanted e-mail will get you a slap on the wrist, DOS'ing a machine without written consent actually gets you jailtime. Where is the liability here when someone installs this screensaver? Is the end-user responsible for the DOS, or is Lycos responsible?
Another point on this is that this only brings more traffic to the Internet. I know, what's a few measily packets when people are leeching torrents like mad, but still. While this effectively disables spammers for a while, remember that you can't fight fire with fire (or SYN with SYN in this case).
And what about machines that accidentally get on the list of machines to be abused? Hey, I know that in theory only bad guys get on the list, but I've had enough customers actually get on an RBL while they don't spam.
This is dangerous ground we're walking here, and sooner or later someone is going to call their lawyer. The ISP that provides internet access for the spammer perhaps, or perhaps even the spammer who knows that where he lives sending spam is nothing compared to DOS.
Haha, if they already took 2 sites down and the screensaver just came out this week, I wonder how bad it'll get now that it's been slashdotted.
Way to go, Crackerbarrel
Yeah, right.
i only wish we could do this to them physically instead of with packets.
-dk
Dream with the feathers of angels stuffed beneath your head.
How long will it be until the spammers become those black mailing DoS'ers?
Its a superb idea, basically allowing the "good" side internet to fight back against the "infected", "bad" side of the internet.
With this and anti-virus systems its starting to lok like the internet is growing its own immune system....
And 25 emails a day advertising V14gra isn't?
-- yawn. --
This: "Lycos Screensaver Site Blocked by Internet Backbones" is true. Some service provider only lists have been full of people disecting the client traffic and the update servers have been blackholed, moved, blackholed again. Lycos will be giving up. Plus it was a poorly designed client.
If by "overzealous" you mean hilarious, then yes, its overzealousness has caused milk to come out my nose.
I'm not certain how Lycos' software works or where their pool of server names comes from so it's hard to speak to this instance. But If someone sends SPAM to my email account I don't see how they can complain if I browse their site. Now I guess the real question is where is Lycos getting it's list of spammers? If it's some blacklist in their backroom then it's a DDOS plain and simple, on the other hand if it pulls the addresses from the Junk folder in my inbox then I am just responding to their solicitation.
-- Dennis
"it would seem it's being a bit overzealous."
Bull - clobber those slimebags out of existence. Who is gonna take the time to arrest every person on the planet running that screensaver? It's a great idea - I wonder if Lycos is culpable.
The heat from below can burn your eyes out
Who wants to bet on how long it takes for a worm to spread around and redirect this screensaver to non-spam targets?
Tech News, Reviews and Tutorials
Lycos attacks spammers
Spammers attack Lycos
Everyone else is caught in the middle
Tell me, when is chanserv going to step in and take control. This seems as immature as channel takeovers on efnet.
My advice to Lycos: Dont stoop to their level. No, I dont have the silver-bullet to spam, but as it was illustrated in the last Lycos-antispam-screensaver discussion in the standard "why your anti-spam solution wont work" form, this isnt going to do any good for anyone. Everyone's bandwidth and CPU cycles who downloaded this screensaver are better off doing something defensive in the spam war.
Im dreaming ofa big bndwdth, That can resist the
Could Lycos be held liable if they target a legitimate site?
Who am I to blow against the wind? -- Paul Simon
Lycos is not auto-grabing the urls from the spam. It is having someone open the spam, verify it is spam, verify the end link url for the Viagra or such. Only then is the site added to the target list. Lycos has said that they are not trying to take down the site but cost it money. Seems that they did not write their software right to take into account that everyone and their grandmother hates the spammers and would install it. So a few spam sites went down. I am of the opinion that this is a good thing. They should change their software so it does DoS the site. Having been/worked on large networks I can say that a DoS will 99% of the time only affect the hosting company and the people that sell them the pipe and most likely only at that pipes termination. (Also it is not a true DoS in the sense that the software request the page and completes the transaction!) And I say so the fuck what!?! The hosting company should get screwed for hosting the spammer.
It is about time we (the collective geeks) do something real about spam. Sure I have SA and all that installed but it is a pain, cost us money (time and hardware). Spammers should be shot. Spammers website should be hacked and cracked and trashed. The companys that knowingly host them should get the same. Their are no laws or police that can fix this chaos we call the Internet. It is up the the users to handle the shitheads.
It is time to declare ALL OUT WAR SPAMMERS. Let our motto be "Victory or....NO CARRIER!!!"
The lycos make love not spam screensaver isn't a bad thing, nor is it illegal, it is just screensaver based slashdotting.
/.
Its not sending random packets to the sites, its not icmp flooding them its just quietly viewing them.
The screensaver is just like adding a couple of hundred thousands extra idiots to the internet who read their spam and visit the websites.
I don't know what useragent string the screen saver sends, but I hope it looks like a browser, otherwise logfiles of the spammer's sites will be able to target users of the screen saver based on ip address in revenge attacks, which shouldn't be that difficult anyway but I won't go into how since you never know who is reading
Spam is bad, slashdotting is bad, slashdotting spammers? Well I guess two wrongs do make a right!
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
Last year, Berman tried to pass a copyright measure which would immunize a copyright holder's efforts to stop someone from violating their copyright -- hacking into their system to remove the material, take it off the network, or shut it down.
Fight Spammers!
Doesn't this just add to internet/network traffic? I mean, seti-at-home, et-all, are pretty network friendly. This thing is sending out a full fledged DOS attack. Don't you think this is a little irresponsible, especially to everyone else sharing your cable modem subnet? Don't get me wrong, I love the idea, but I think there are better ways. Maybe targeting them at non-peak usage times or at random scheduled intervals. There must be a better way.
Repant. Thy end is sheer.
look, you primative savages, this is my boom stick!
I may be offtopic, but for an Army of Darkness quote I am willing to take the karma hit.
Philosophy.
If this sort of thing escalates, the internet will become unuseable. DDOS attacks affect more than just the intended target.
My only political goal is to see to it that no political party achieves its goals.
You're all a bunch of fucking whiners. ISP's should just not accept BGP routes from CHINA(or all of asia for that matter) and spammers. Problem solved, and some whiny ass faggots on /. won't have to bitch about someone making it harder for them to do their illegal activities.
I would love to see a matrix of the backbones blackholing this site vs the backbones responsible for most of the spam injection. hmmmmmmm
Why are we so worried about this screensaver bringing down spam web sites? It can only be a good thing for all of us if the spammers have more obstacles to overcome in sending out their trash.
It is just you.
I love this! How soon can we get an open source version out there to do the same?
I prefer cutting off your nose to spite your foot.
ISPs have to earn money too. They don't care unless the backbone's full or they're not getting paid. Most colocated services in Europe have prices that include a complete rack and x MBit. If you need more, just call them, and within half a day you're up x MBit, no questions asked. Hey, it's your IP range. If it gets RBLed, they don't really care.
Assuming he knew what he was doing, the end user is liable.
It's like this:
If I'm a neo-Nazi in the USA and run a Nazi web site, and you live in Germany and mirror the site, you'll be in trouble, not me. I've done nothing illegal, merely immoral. In all likelihood, neither has Lycos.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...NETCRAFT CONFIRMS IT
the Lycos screensaver is dying (but it'll take a few spammers down with it)
I have often thought that virusses are boring. Wow you made my computer not work properly. A five year old can do that with some apple juice. I'd like to see more virus writers like this. Why can't I get a virus that magically installs linux on my computer and makes it look like windows? Make it so good that I don't even know i'm running linux. Make virusses that install software like folding@home and seti@home. That would be cool. Good work lycos.
"brxref
Is anyone shedding a tear for the spammers?
*listens to crickets chirp*
Okay... just checking. Back to DDOS'ing.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
If the collective ill will wishes of the spammer's countless victims towards these scum were somehow brought to life, there would be smoking craters and body parts, not just a few plugged up servers.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
This is called a Joe Job, and it happens all the time.
The last couple I've received were spam purporting to sell illegal weapons.
Not only did they make the victim out to be a spammer, but they made him out to be an illegal arms dealer.
I'm sure some people mistakenly reported the victim to the FBI, who was probably not happy to have to spend time on a false alarm.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
While the screensaver allegedly throttles back when a site slows, it would seem it's being a bit overzealous.
Oh, don't be afraid of the word, CowboyNeal. Ruthless. Committed. It does its duty as it sees it, and it sees it clearly. It has no time for the dirty gray areas of net politics.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
They released the screensaver with a fixed list of sites? I thought it would look through your Spam folder in your mail client and visit each web site mentioned there; a much fairer way to do things and perhaps legally safer too.
I know someone has previously suggested making mail clients download every link in a message; the idea is that if everyone did this then spammers would even have an incentive to get 'unsubscribe' working. Yes, it does confirm that your address is live; so what, it was on the spam list anyway.
-- Ed Avis ed@membled.com
Not that I like spam, but this is a bad way to combat it.
Are the spammers breaking the law? The arrest them and haul them into court.
If not... well, people are just DDOSing them because they don't like them, or what they do. If that's fine, then whats to stop the Right from putting out a screensaver that'll DDOS Michael Moores website? Or the Sierra club from putting out one that slams Exxon? Or Barnes & Noble paying people to run a screensaver that attacks Amazon? Heck, B&N could let you earn credits towards your next purchase by letting your computer slam the Amazon website.
I am NOT a man!
I am a free number!
No court in the land would call that illegal.
Just make sure you only do it once per inbound email.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Cry all you wish BBC but from the first get-go it was understood that the Internet was "SELF-POLICING".
Well thats just been played out in full view of the world and its finally the one venue that seems to be sucessful against the scrum who steals our bandwidth and forces us to spend endless time and effort deleting their spew and filth.
Score one for the white hats!
Who claimed that this wasn't a DDoS tool. Well, looks like you are wrong. I doubt any of you will readily admit you were wrong.
Two wrongs don't make a right. Cheesy, sure, but I think it's pretty relevant. There's gotta be a better way without doing "wrong" ourselves.
From the Spamfo article:
"The IP address of makelovenotspam.com has also changed from 83.241.136.230 to 213.115.182.123 and links to the screensaver removed from the lycos.co.uk main homepage."
Lycos wanted publicity, now they have it!
Comment removed based on user account deletion
In the real world, there's recognized right to self defense, an active one at that. If someone is an immediate threat to your life (or sometimes property), you are allowed to use force, even deadly force. For lesser situations, you can still use proportionate and reasonable force.
So what's the big deal? Spammers steal bandwidth, server resources, adminstrative resources, among other things. The spamvertised web sites brought this upon themselves. They, not Lycos Europe, are responsible for any collateral damage.
I'm glad to see somebody's finally stepped up to the plate with something like this.
someone would slap a lawsuit on me but since lycos is doing it...
It may slow distribution of spam, but one of the motivations for eliminating spam in the first place was reduction of bandwidth consumption.
Slashdot's name? When my compiler sees
From the article: "The Lycos plan has also come under fire for encouraging vigilantism."
As opposed to the lawlessness we have now? If the law refuses to deal with it then who will?
Isn't this more like having the entire neighborhood join the neighborhood watch, then post everyone around the perimiter of a pedophile's property?
the trouble with mobs and vigilanes though is they are not very just, and can't be relied on not to attack the pediatrician by mistake.
lynchings are generally considered bad things for a reason, and this is what this screensaver amounts to online lynchings.
Why not write an email client that does this. When you get a spam, you put it in a special folder and the client repeatedly accesses the site (a la the Lycos screensaver). That way nobody can be cited for orchestrating a DDoS or unfairly blacklisting. Each recipient can make their own spammer determination.
Whether the client uses the exact URL in the email (which often has identification codes for the recipient of the spam or the affiliate who sent it) is a matter of debate. On the one hand, I would want the spam site to know that using my email address will only bring it grief. I can only hope that this will cause spammer-using sites to crack down on spammers that are too aggressive. On the other hand, I don't want to identify myself to any spammer or show that my email is live.
Two wrongs don't make a right, but three lefts do.
longerer
longerer www.artofsense.com - no link from me here, they look pretty innocent
longerer
Can we get a non-corporate gpl'ed version of something like this going, please? Nothing and I mean nothing could please me more then locking my box and walking away knowing I'm hitting those fuckers with all the bandwidth I've got.
./revolution
All we have LEFT now is vigilante rule, i am constantly amused that a place like slashdot still has the WAAAAAA use the proper channels attitude come on, how well has that been working, this is the greatest thing ever, if not for the fact it will be short lived but the fact its going to inspire an entire new generation of spam assault tools that plays on the same level as the scum it fights.
While we're at it, can we just knock off SCO and Microsoft too?
In a world where justice is slowing, failing, crawling into mediocrity, let the people with a sense of honor take the matters into their own hands. Swift and merciless, efficent and victimless.
Hmm.. who is usually installing all sorta crap from untrusted sources? Yes, you got it on the first guess - dumb win32 users with unpatched machines, which are pissed off by the sheer amount of spyware and SPAM already present on their system and who think "yeah, this one sure will get me rid of the annoyances, unlike the other 20 something apps I downloaded this month". What happens when a spammer with hackers on the payroll gets tens of thousands of IP addresses of gullible users with vulnerable machines in the web logs? God, I would keep my domain and happily pay the bill for the high bandwidth usage, just to keep them "retaliation attacks" coming. Give me all you got!
According to netcraft GLBX was/is blocking access to the lycos screensaver site. Is this because the majority of DDOS traffic to sites that spammers use in China was transiting GLBXs backbones - sort of telling isnt it? Is GLBX the most spammer friendly backbone now?
Has anyone else onticed that the Lycos makelovenotspam site is also down?
Then I could use the filtering advantages of Thunderbird to target the people who target me. Perhaps one could even make it a menu option to open all the links in all the messages in your inbox, marked as spam, 10 times in a background Firefox.
It's not distributed, it's me taking them up on their offer. And since it'll happen when I check my email it shouldn't have the characteristics of a DOS/DDOS. When I'm done I just close a a window. I mean, I'm not really using my bandwidth when I'm sitting there reading my email, and wasting their bandwidth while filtering my email will give me a lot more satisfaction then merely deleting the email.
Mike Scanlon
See the problem is with the monitoring service. according to the article, Netcraft has it, spam is dead...
and if you see me strut, remind me of what left this outlaw torn...
First: I think it's really wrong to create this attack for a variety of reasons... and it tarnishes Lycos's good name and I think that's the worst of the reason why it shouldn't have happened.
Second: I am glad spammers aren't having such an easy time of it. They need stronger resistance than they have been getting.
I wish there were something that could effectively take these people offline. Will this do it? Hell no. It's about as effective as sending bags of junk mail to their home addresses. It'll piss'm off but these people are MILLIONAIRES. They're making their life's fortune this way. At some point, any of them could just quit and live off of their interest bearing accounts... if they weren't so damned greedy.
I'm still shocked every day to read the news and not hear something along the lines of "Spammer assasinated." Why would it be all that surprising? After all, we hear about crimes commited in road-rage incidents all the time. I'm hoping some Lee Harvey Oswald type just finds himself a nice place to hole up in and snipe at one of these assholes. Would it stop the spam? Dunno... I feel pretty certain it'd slow'm down QUITE a bit though. Here's to the dream.
Makes much more sense than the alleged "War on Terror". We know the enemy, we don't have to kill them (yet) to stop them, I can and would contribute to the effort with a clear conscience that this is the right thing to do.
Sure there may be legal repercussions but I still feel, in my gut, that this sort of thing is the right thing to do.
Come on George, declare a "War on Spam". I have a speech right here for ya:
"My war on spam begins with all spammers, but it does not end there. It will not end until every spamming group of global reach has been found, stopped and defeated.
These spammers spam not merely to waste bandwidth, but to disrupt and end a way of life. With every piece of unsolicited mail, they hope that genuine e-mailers grow fearful, retreating from cyber space and forsaking news groups. They stand against me, because I stand in their way.
I am not deceived by their pretenses to piety. I have seen their kind before. They are the heirs of all the spamist ideologies of the 20th century. By sacrificing bandwidth to serve their advertising visions -- by abandoning every value except the will to power -- they follow in the path of fascism, and Nazism, and totalitarianism. And they will follow that path all the way, to where it ends: in history's unmarked grave of discarded trash cans.
My response involves far more than instant retaliation and isolated replies. I should not expect one battle, but a lengthy campaign, unlike any other we have ever seen. It may include dramatic e-mails to ISP's, visible to news groups, and covert operations, secret even in success. I will starve spammers of funding, turn them one against another, drive them from ISP to ISP, until there is no refuge or no rest. And I will pursue ISP's that provide aid or safe haven to spammers. Every ISP, in every region, now has a decision to make. Either you are with me, or you are with the spammers."
From this day forward, any ISP that continues to harbor or support spammers will be regarded by me as a hostile regime."
shut the fsckers down, all of 'em. if they can do it to us, we can do it to them. let 'em go back to selling their "italian rolexes" on the streets.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The thing is you don't want to bring their site down, because that doesnt really cost them as much as incredible amounts of bandwidth will.
They're used to getting a trickle of the stupid and the curious, and paying with that from the 1 in 30,000 purchases they get.
By the way, anyone got that URL for the fuckers sending me fifteen offers a day to buy a rolex watch?
They could use a good ass pounding.
s'wut i sed.
We could be seeing a dotslashing (a reverse Slashdot) where this site is bombarded by visitors because of all the links to it.
The really terrifying part is that non-geeks will get to see how geeks communicate...
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
After RTFA, I didn't see any of the spammers claiming that the Lycos screensaver had taken down their site. Did I miss something? Is the media making up this claim out of thin air. There are a lot of reasons the sites could be down, including the possibility that the spammer's want it to look like Lycos is DDOsing them.
It's simple: I demand prosecution for torture.
Kiddie Porn?
These people need help.
Regular Porn?
Everyone has that.
Nazi/Skinhead sites?
These people need some education and understanding.
Business competitors?
No, everybody is a competitor to someone else. Some people just need to be less competitive.
Spammers
These people need to die.
The UCE could well be coming from a taken over zombee Or a site where someone got wifi access (either because it's a public site or by a warspammer). Better to send a message to the person who is the source for the spam - they spam or pay others to spam for them, they also run up a high usage charge on their website that does not net them a return.
I'm an American. I love this country and the freedoms that we used to have.
i'm so confused. isn't this the same lycos that has their sidesearch spyware (http://www3.ca.com/securityadvisor/pest/pest.aspx ?id=453078521)?
and if so, isn't this a bit disingenuous to be a anti-spam patriot while perpetuating their own brand of spyware? i mean, really, now.
If that's illegal, then what does one do to defend the Slashdot Effect? I guess you could argue that, "It wasn't meant in malicious harm", until someone purposely comes forward stating they linked to Such-and-Such website on Such-and-Such article because they dislike Such-and-Such, and suddenly all Hell breaks loose. I wouldn't call it illegal per se - only if the spammers have every right to DDoS the sites promoting or supporting the DDoS'ing of their servers as well. The freedom of the Internet will always come at a price, but at least it's still better than CAN...
Spammers don't like this, but they don't care what I want. Why should I care what they want?
Remove the caps and hold to a mirror.
anyone have any information on http://www.artofsense.com/? this site at least seems legit. would be bad if lycos were really bringing down innocents...
How about a screensaver that measures the amount of spam you setup in a filter and pipes it back to them. Surely this could only be seen as return mail and having the same effect. After all, spam does have the same effect on some ISP's. Maybe not cutting off the bandwidth but tying up all process in a mailserver has the same effect.
Two wrongs may not make a right, but this is a non-debatable issue in my mind:
There are only a few possible solutions to the problem:
Too many people rely on email for it to go away.
We've waited for years for major mail software organizations to get their act in gear and propose a solution for the problem. It isn't happening - and won't for some time, if ever.
I see nothing wrong with going after major detriments to society with otherwise unacceptable behavior. To quote a recent movie: "Perhaps on the rare occasion pursuing the right course demands an act of piracy, piracy itself can be the right course?"
...And Leave God to Sort Them Afterwards
How can this app be too successful when this is exactly what it was designed to do? Are tanks too effective when they obliterate an enemy vehicle? Come on folks, let's stick to reality. Spammers are flooding mailboxes around the world with unwanted packets. If I go more than 12 hours without checkign my email, it takes a loooooong time to get through all the spam. Is that not denying me the service of my email and net connection? No one likes political correctness taken to extremes. It just becomes a parody of itself. People are opting in to visit URLs that spammers put out to the world to visit, this app merely automates this process. It's completely legit, it's just playing the game in a manner less slanted towards teh spammers.
jX [ Make everything as simple as possible, but no simpler. - Einstein ]
Revenge is a dish best served cold.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Universal broadband - even constrained geographically (ie we are all broadband peers in our neighborhood/block/town whatever) will make both ddos attacks and hacking individual machines ineffective. Imagine how popular radio would have been all those decades ago if more listeners caused the radio station to be knocked offline.
If anything, it's a fantastic publicity stunt.
I'd completey forgotten that Lycos existed.
the viewpoint of the advocate of the lycos screensaver would probably state these points
- spamming is illegal in my state/country
- the spam material i/my son/wife recieves is offensive visually/textually
- spamming, malware and network slowdowns go hand in hand.
- why not attack them if we are being 'attacked?'
but put yourself in the position of a spammer, someone who as at least minimal knowledge of computers and tcp/ip. if you feel like you are being attacked are you going to give up? no. they have resources they will find other ways. the internet has always meant free speech, and while this may not exactly fit into that category we cannot start staging "online protests" by DDosing. (just like preventing business by standing outside of an office). How can we stop them? education. educate people NOT to buy their products, configure a spam filter, don't write your email down for stupid things and report spammers, don't be a vigilante. ddosing requests from spammers seems and feels good because it is retribution, but in the end we could be using this time to actually stop them for good.
aim: wdg asu
1) Automated script pulls websites from spam, adds it to list of "sites to ddos/'d-access'". People can get joe jobbed, or fake buried links bog system down.
2) Some Lycos employee in a back room goes through spam and checks links and enters them into the "sites to ddos/'d-access'" list. He is completely unaccountable to the internet community. Maybe he adds a friends site as a joke on his birthday. Maybe he gets paid off by spammer a to not add his site, but hit spammer b instead. Maybe his bosses get mad at altavista. Maybe he learns he is about to get fired...
Cute idea, but fucking scary. If someone hacks a webserver/signs up for a cheapo hosting plan and puts up a payment site for his spam, how long do we give the hosting company to take the page down? Anything too soon and were not giving the company enough time to deal with the matter effectively. Anything too long and the majority of the payments have gone through to the spammer. Shoot first, ask questions later or 20% effective?
The problem with the sweeping generalization fixes is that people are so starved for the final effect they don't see the problems with the implementation.
Baby out with the bathwater. We're basicly giving a company a botnet and asking them to clean up the internet for us.
I have experience with doing something that was, in some sense, a DoS attack. Of course, I had forgotten to set the evil bit...
The professor of a class I'm taking recently told us to be careful about what screen-savers we download and run; appparently he'd seen some unusual ones in his lab, and he was worried about viruses. His advice might be relevant to the Lycos screensaver, too.
I don't care what the justification is, this is a DoDS pure and simple.
Two wrongs don't make a right...but three lefts do.
Where would we be if Wheel had hid her round rock in a cave instead of showing everyone how it rolls?
Dear Spammer,
I hope you enjoy the packets we are sending you. This is a not SPAM. Previously you opted-in for these packets. If you would like to be removed from our packet list, please turn off your machine. Thank you.
Here's what I get for www.makelovenotspam.com:
jjeffries@falcor:~$ host www.makelovenotspam.com
www.makelovenotspam.com A 213.115.182.123
jjeffries@falcor:~$ traceroute www.makelovenotspam.com
traceroute to www.makelovenotspam.com (213.115.182.123), 30 hops max, 38 byte packets
1 gateway (x.x.x.1) 1.388 ms 0.772 ms 1.496 ms
2 (x.x.x.181) 10.403 ms 16.325 ms 29.059 ms
3 553.at-4-0-0.CL1.PIT1.ALTER.NET (152.63.39.186) 30.078 ms 26.343 ms 20.596 ms
4 0.so-4-0-0.CL1.IAD5.ALTER.NET (152.63.34.125) 30.713 ms 35.189 ms 17.594 ms
5 500.ATM7-0.GW5.IAD5.ALTER.NET (152.63.43.145) 20.766 ms 22.089 ms 28.399 ms
6 xa-gw1.customer.ALTER.NET (157.130.39.190) 44.347 ms 29.281 ms 22.978 ms
7 ua-213-115-182-123.cust.bredbandsbolaget.se (213.115.182.123) 31.790 ms 35.843 ms 33.322 ms
Whois:
route: 213.114.0.0/15
descr: Broadband Customers in Scandinavia
descr: Please report improper use to abuse@bredband.com
origin: AS8642
notify: noc@bredband.com
mnt-by: B2-MNT
changed: hostmaster@bredband.com 20040618
source: RIPE
But if you check out this netcraft link you'll see that the IP it knows about is different: 83.241.136.230
jjeffries@falcor:~$ host 83.241.136.230
Name: 230.136.241.83.in-addr.dgcsystems.net
Address: 83.241.136.230
jjeffries@falcor:~$ traceroute 83.241.136.230
traceroute to 83.241.136.230 (83.241.136.230), 30 hops max, 38 byte packets
1 gateway (x.x.x.1) 1.110 ms 2.266 ms 1.152 ms
2 (x.x.x.181) 13.181 ms 18.244 ms 13.192 ms
3 553.at-6-0-0.CL1.PIT1.ALTER.NET (152.63.39.194) 18.160 ms 16.479 ms 23.837 ms
4 0.so-4-0-0.CL1.IAD5.ALTER.NET (152.63.34.125) 27.729 ms 20.275 ms 17.367 ms
5 500.ATM4-0.GW5.IAD5.ALTER.NET (152.63.43.137) 23.103 ms 19.935 ms 22.293 ms
6 xa-gw1.customer.ALTER.NET (157.130.39.190) 30.378 ms 29.437 ms 22.138 ms
7 230.136.241.83.in-addr.dgcsystems.net (83.241.136.230) 18.647 ms 28.862 ms 24.483 ms
Whois:
route: 83.241.128.0/17
descr: DGC Systems AB Stockholm
origin: AS21195
mnt-by: DGCSYSTEMS-MNT
changed: bjorn.osterman@dgc.se 20040427
source: RIPE
If you hit those IPs in a browser, you'll get the same 404 error. Traceroutes to adjacent IPs go entirely different directions. This would appear to confirm that MCI is doing something funny with these IPs.
Is there anything like this that could take an RBL or whatever list of targets Lycos uses, and make it a daemon for Unixes/Windows? I don't care so much about the screensaver, but like the idea.
No sig for you.
First I'll cite an example from the university I work at. We bought a better connection based on the sole reason that we get so much spam the website was loading slowly. The option of having our email outsourced was looked at, but in the end it was still cheaper to just get a better connection. Are the spammers covering the new cost incurred because their actions? Haha, yea right.
There was just an article today about how big the market for spyware removal had become. It is well known that some spam sites install their crap when you visit their site, or if the person is using OE or even Outlook 2000 the stuff installs straight from the e-mail. Again, are they forking over some of their profits to cover the costs for this?
An eye for an eye is perfectly legit in this case since our governments are so slow to do anything worthwhile about the problem. In America we have the right to bear arms and form a militia (under certain circumstances) so what's wrong with us bearing different arms, our bandwidth and computers, and forming a different type of militia to get rid of our enemies?
Lycos Anti-Spam Screensaver... "The SETI for spam"
Check out this website: http://www.artofsense.com/. To quote the front page. Welcome to Art Of Sense Studio by Alvi Siren. Special note: We are an innocent victim of Lycos anti-spam program and our lawyers preparing a lawsuit against it. One Israeli company tried to resell our paintings and they used spam and to save their traffic they put links to images on our site. We have NO connection with their spam. While the website has no connection with spam, I believe it needs to be taken down out of respect to good art everywhere.
i agree. also, checkout this webpage: http://www.aa419.org/ladvampire.html it basically uses some javascript to constantly download images of fake bank site that are busy raping grandmothers out of their life saving, they have brought 178 site to thier knees so far, and more fall every day. its really badass.
tasty electronic music vittles
If it is acceptable for lycos to DDoS sites based on alleged spam solicitation, then on what grounds does one stop anyone else from doing this to any site they please?
I can see this being used by a corporation like Microsoft. They could write a screensaver to "Shutdown Hackers" and target all of those kittie h4x0r/sub7/1337 sites.. and maybe even go one to take out a few of their small competitors?
This is bad for the global network.
I guess this is sort of like what some people were doing to the RNC during the Republican national convention. You have to wonder if this trend will continue to grow, where people start DDOS'ng sites or people they don't care for. At first I was in favor of the idea of fighting fire with fire, but I get worried with where will it end. And imagine our brilliant elected officials write a law so vague that /.'ing some site becomes a criminal offense. Just my 2 cents
How does taking down a spammer's Web site stem the flow of spam? The two aren't related, and in fact all that's happening is that a hosting company somewhere is getting blasted (not that that bothers me ... host a spammer's Web site and you can just take your lumps.) However, actual spam is sent using open relays and other bits of misdirection and likely isn't even on the same pipe as the Web site. Sure, this sends the spammers the message that we don't like what they're doing ... but one has to assume that they already know that. I guess I don't see what practical purpose this is serving.
The higher the technology, the sharper that two-edged sword.
I wonder if any of the target sites are hosted on shared servers?
Shooting them is ok but DDoS attacks worry you? Man your values are fucked up!
Sindri Traustason.
In the very first thread about this I mentioned how this is going to get them in trouble, how does attacking spammers make them better people then the spammers? :D), this, IMO, just makes them worse. While, spam is a big problem, it is the least of my worries, and I have a million different email addresses (My website has about 400 different email addresses that you use depending on what your email is about) all being forwarded to my Gmail account, I get a fair amount of spam, but, still....
/. has discussed that many times.
I never really did see Lycos as a good company ("not evil"
I have to admit, the current email system is HUGELY flawed, but,
i agree. also, checkout this webpage: http://www.aa419.org/ladvampire.html it basically uses some javascript to constantly download images of fake bank site that are busy raping grandmothers out of their life saving, they have brought 178 site to thier knees so far, and more fall every day. its really badass. (i hate the /. filters....)
tasty electronic music vittles
Everyone seems so set against this. What if Lycos distributed software that monitored your inbox and automatically followed any links (after being sanitized first, of course) in spam? Would you consider that a DDoS?
I suppose you could consider it a "Socket Stuffer" Christmas gift from Lycos to all the wonderfull spam services that make our daily life so enjoyable.
Deviously clever spammers counter-attack by using... The Slashdot Effect.
Whether you like ads or not you have no right to punish people who choose to support their sites via advertising.
They aren't forcing you to go to their site, you are requesting it. Blocking adverts is one thing, but intentionally trying to harm advertisers is ridiculous.
Unless it targets adverts that try and look like system dialogue boxes. Those fuckers deserve everything they get!
Vote with your feet. Don't like a site's advertising policy? Support a different site with a better one.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
It's like sylvester and tweetie, roadrunner and wile.e etc... Somewhere, someone is getting screwed. Be it spammers or you. Lycos probably scams your email address to send you some much coveted mail of interesting products.
More likely they saw insert obscene number) of traffic and decided to shut their sites down pre-emptively to avoid the ridiculious bill mounting against them.
All we know is Netcraft saw them stop responding. I think they might have got the old jump to conclusions mat out of the closet.
The Lycos site http://www.makelovenotspam.com/ is down, reportedly by spammers hitting back. They had to see it coming, no?!
I think you are 100% correct, and I applaud your post. You hit it on the head.
DISCLAIMER:
I don't believe what I write, and neither should you.
Since the site is down, here's an emule download link to the makelovenotspam screensaver for windows. To those not familiar with the ed2k network, this is not a URL link. You click on it while running emule (or edonkey) to start the download.
I've never posted an ed2k link before. I hope it works.
If your site shares a network with a spammer, time to complain to your feed site. Anyone who puts their customers at risk by tolerating known spammers on their network deserves to lose business or to get sued by their customers. (something along the lines of tolerating a public nuisance which is interfering with your business, I suppose)
Tech Public Policy stuff
The funniest thing happened when I installed this screensaver. I work for a subsidiary of a major Japanese carmaker, and our network here at the company headquarters is comprised of about 1,000 WinXP machines (all set to admin rights by default...it's a nightmare, don't ask) plus the assorted SPARC machines for CAD and so on. I installed the screensaver on a whim (had received an unholy amount of spam that day and the BBC headline caught my eye) then was too busy to see what it was doing. When I did look at it, it was doing its thing with pretty arrows and graphs, so I thought, nice, take that you evil scum (besides, it's the company's bandwidth, so...). The very next day, which was when the news about spammers hacking the Lycos server started coming in, our whole network was down. It would come on for two minutes, then go down again for ten, then come back up for two, then go down again, in an endless loop which lasted the entire day. Needless to say, the IT guys started panicking and asked me what I'd done, since I am the one who is usually installing Firefox on every unattended machine, and tossing Knoppix CD's to everyone who wants them - and I for one had to lie and said 'me? noooooooothing'. I still don't know if it had anything to do with the screensaver (I uninstalled it, and the network is fine now), but it was weird.
Go figure, you start using a funny screensaver that promises to fight evil and end up DDoSing an entire network, your own.
The power of accurate observation is commonly called cynicism by those who have not got it. -- G.B. Shaw
SETI : Seek life
Lycos: Seek the no-lifes
Two great concepts!
[nt]
tasty electronic music vittles
There's a website: Artists against 419, that does the same thing. Interesting tactic, and really, spam eats our bandwidth, so is this turnabout fair play?
CVb
free ipod and free gmail!
Too bad that couldn't design their system to process the spam that a user actually receives and then use that information to decide which sites to "send traffic to". Much like with the "Do not call" list, if we assume SPAM establishes a "buisness relationship" with that site, they could not even claim the traffic is a denial of service attack, its simply buisness as usual!
:)
The only caveat is that people could then send SPAM with URLs that *wanted* attacked, but if a central server was setup listing sites that were true spam sources this problem could be avoided...
Should I patent this?
"DENIAL"-How an optimist keeps from becoming a pessimist- \ \
What's stopping the open source community from creating a desktop widget that does exactly this? It could use the freely available DNS blacklist info to avoid intentional attacks. It could be created and distributed in an entirely decentralized and blameless manner. While it would create more net traffic in the short run, it would be balanced in time by the drop in spam traffic which makes up [insert percentage here] current traffic.
...and the geeks shall inherit the Earth.
When the net has a problem, it usually routes around the problem. That's why it's "the net". DARPA designed it this way mostly; newer fixes have endeavoured to make it so. Other wise it becomes brittle and subject to breakage.
So the first thing to remember is that the bad guys will figure out some way around Lycos eventually.
The second thing is, as others have pointed out, suppose the christian right decides to get their people to do this to porn sites?
Suppose W. gets his supporters to do this to dissenters?
Suppose 10,000 people out there shut down whatever YOU hold dear?
The spammers need to face trial by law; then capital punishment can be administered.
Are the ones who decided to do that attacks. Lycos just had an idea, it takes computer users to implement it (or not).
Quack, quack.
When someone sends a SYN, you don't have to respond with an ACK. If they don't like it, they should delete those packets and get on with their day.
Whiners
Like screensavers capable of emiting EMP's targeted at those spammer boxes. That would be really cool.
The tone of the actual front page post amused me....it had a tone of almost sympathetic reasoning for the SPAMMERS? Come on, seriously, they do so much harm and create so much stress and problems for the average joe, right up to the Admin on a network...why not do something about it instead of waiting for constant back and forth of corporations and companies trying to create some kind of UBER (yes, I used UBER) software they can make millions on (which is their real goal, not just fixing spam).
I for one, dont like the idea of a group of users directing DDos attacks at valid sites / users, but when it comes to Spam, I guess years of dealing with it has worn down any sympathetic ear I would have otherwise had on the subject.
This? Not that I've ever used that before!
Seriously though, I'm scared..but I like your plugin idea.
Quack, quack.
If your going to take out a site, take out this one.
http://www.onlinereplicastore.com/
I get about 20 spams a day from these bozos
Comment removed based on user account deletion
"...a bit overzealous." Are you an idiot or what? If spam servers anywhere catch fire and melt it's a gift to humanity. Those bastards are a blight upon the entire industry. Nuke 'em!
"...a bit overzealous." Bullshit.
One person cannot DDOS a site all by themselves.
These spam sites have only been taken down because sufficiently large numbers of people all have the same opinion of them.
What we are seeing is democracy in action.
According to this it's already happened:
Spammers fight back Posted by Alexey @ 09:37 GMT
In an interesting twist, apparently one of the spam sites under attack from Lycos' "Make Love not Spam" operation has turned the tables. The front page of a spammer site called www.moretgage.info (which used to sell cheap mortgage loans) has been changed to contain a Meta Refresh tag, redirecting all web traffic to...www.makelovenotspam.com.
As an end result, depending on how the Lycos client works, the screen savers downloaded from makelovenotspam.com might be attacking the download site itself.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Just wait until the hacked versions come out that target the RIAA or MPAA. Which will be funny until the trolls come up with one which targets /.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
I don't see this working for very long. For technical or legal reasons... However, here's what's going to happen. A few spammers are going to get hit with huge hosting bills and they won't pay them. So now they've got collectors breathing down their neck for money and hosts realize that spammers are scum business not worth keeping because they don't pay their bills.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Advise use black paper with the ends taped together
when you do this the inkt will soon run out.
I only hope they have no electronic storage.
There are no stupid questions, Just a lot of inquisitive idiots. (from a good friend)
Let me guess. You voted for Bush didn't you.
uncontrolled western like space... welcome to the internet! let's rock *evil grin*
While I know it's legally right, justice has been served - now in the USA, the spamees' spam YOU!
No, seriously, the 'net was founded on principles of consensual anarchy.
:
By signing onto the Internet, the spamming companies agreed to join a transnational network that was effectively above the laws of any one nation.
My Friend, there is another transnational network that have existed way before Internet. In your country, I think it was AT&T who built it (not sure). This network, even if transnational, was not "lawless". The IP adress is now what was the telephone number, but you are still under the constraints of the law, the law of your country and if you are not american, the law of your country plus the law of the country you communicate with...
Interresting reading to finally iron this perception that there is a "cyberspace", different from the "meatspace".
I think most geeks that can't get a girlfriend would love to have a different world, where they can do all those wonderfull things that could finally impress some girls... Sorry my friend, there is no such world.
I don't get how you could get rated Insightful...
The Internet might have been wild in his early age, but as he goes mainstream, the legal crowd will order rules, with time passing, until it is fully ruled under national laws...
Interresting reading for you my friend (In english, I'm not too cruel with you, you see !)
HERE
Note : I'm not against US, like the author, but his point is still valid. Meatspace rules, Cyberspace is an illusion...
---
By the way I apologies my dear US friend, I'm French...
This is just being silly. Obviously if it has no impact on spammers then it is useless, and if it does have an impact (stealing resources from the spammer) then a spammer can in many countries fight back legally.
Lycos can 1) just swallow any legal claims and call it a PR expense, 2) do (1) and settle for cash with them without telling people, or 3) intentionally play a gray-area game with a slight tendency to go overboard, hence the impact on 3 spammers. This last game option attempts to maximimize PR impact (which requires at least 1 or 2 spammers be shut down temporarily) while minimizing legal costs.
It is not clear whether "throttling" actually means Lycos throws away some of your interaction to make it easier for some spammers.
It is also not clear whether any real hardship is borne by spammers and whether it has any real impact on the number of emails in the mailboxes of participants and the general public.
The problems with this are 1) you have to have a lot of people continually using this for as long as you want spammers out of commission, 2) it is hard to measure whether a given spammer is really out of business, 3) it is either too little or too much. The only clear winner is lycos.
If net vigilantism is allowed then you will get certain religious and political groupings doing the same thing. And spammers could go after Lycos! Or after individual users, y'know?
Now if you are of the legal opinion that this is fully justified due to 1) established business relationship, 2) they are denying me service, 3) the net routes around obstacles and the net is my karma, or 4) pry my fiber out of my cold dead hands (well that sounds like 3 a little), just put an updated list of spammers' IPs on a site I think you would get a much nicer DDoS in no time with less liability.
I also move that Lycos add this to their list of community services. They break the list into three sections: Active Spammers, Spam-supporting ISPs, and Spam Purchasers.
in my eyes, even better.
with this new found optimism i am now installing it \o/
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Come on guys!
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
" Easy fix, point the domain to lycos servers, have them DoS themselves."
That one could be a problem, what if one of the spammers decides to point the domain to a non-spam site (microsoft.com, sco.com, google.com are all familiar targets) and the DoS software crashes a real site... Lawsuit?
Considering spam is only sort of illegal, I think the spammers are on the legal end... I don't really know though.
ISP that condone this spamming activity need to send out a letter to their customers.
--start--
Do you need a larger pipe?
--end--
I've been assualted by spam for years. If I wasn't on dial-up I would install the screen saver.
I'm skeptical about Art of Sense's claim to not be spam. Their given phone number on their whois info is obviously fake (1234567890). Combine that with the PO box and you may never find out who they are. They do have (what looks like) a valid number for the fax line, however.
But this is the first good news in the battle against spammers I've heard yet. This is the first time anti-spammers have managed to directly cost spammers money. It's payback time for all of us who pay through the nose for bandwidth that spammers steal from us. It's obviously effective and if Lycos drops the ball on this project, other people will pick it up. This is a novel new application that has a lot of potential. Pandora's box has been opened. Maybe this is what it will take before law enforcement gets off their butts and starts prosecuting spammers. It's really a shame that there has to be this type of vigilantism, but when the authorities do nothing to stop these criminals, it's the only recourse.
I suggest we start cranking out more of these apps. Someone needs to produce an open source version that can be split into dozes of mutated versions. It has the potential to wreak havoc but it may be the best chance available to let the authorities know we're sick of this and if they don't start doing their job, we'll do it our way.
Is there a mirror for this software? I couldn't access the site yesterday due to a good ./ing. and today it only says 'Stay Tuned" - I'd love to get this up and running - and information (ie: guide to the file location, direct path, mirror, etc.) would be extremely welcome.
TIA
Never try to beat a professional at his own game!
Here is the Mac version on emule.
I agree. I think the screensaver is a great idea. You can say what you want about ethics and all, but the fact is that the spammers are already mounting their own DDoS attacks on anti-spam sites. Did the authorities do anything? Nope. Think about it... if a guy sucker-punches you in a dark deserted alley, would you punch back or ignore him? Spammers have clearly declared war on anti-spam sites(and the general public). I liken the DDoS of SpamCop in November 2003 to Pearl Harbor. The only difference is that after Pearl Harbor, we defended ourselves and vanquished our opponent. What was the outcome of the SpamCop DDoS? "Well, you'll just have to invest in better filtering software and pray it'll work". I'm tired of hiding from spam. We have to fight back.
I read the reports here and there about a spammer getting jailed/fined/lynched, but my inbox still fills up. I'll bet that for each spammer that is jailed/fined/lynched, you have 5 new spammers filling the void. What is being done to stop this? Not a lot. Spamming is still a HUGE moneymaking opportunity with relatively few barriers to entry, and it is "legal"(as long as you cover your bases).
IMO, the best thing about this tool is that it will allow the common man to "get back" at spammers. I think people have lost their patience. They don't want to wait months for the next half-baked, loophole-laden piece of legislation that the spammers in other countries will just laugh at.
Another facet of this discussion is enforcement (at least in the US). Many sites say that it will open you up to legal trouble, which may be true by the letter of the law. But consider this - very few spam that I receive are "can-spam" compliant. This, coupled with the fact that the US is the biggest source of spam, indicates that the US Government is having trouble enforcing a law that it made specifically against spam. IANAL, but I don't think there is a federal law against DDoS'ing. I'm not saying it's OK to DDoS, I'm just saying that I think you'll be struck by lightning 3 times before you get nailed for DDoS'ing a spammer.
And about the DoS at the user-level... If Lycos only directs a user to DoS spammers in countries outside of the users' own country, does the spammer have any recourse other than to complain to the DOS'ers ISP?
I hope Lycos chose a list of fqdn's in a dns zone in their control. Otherwise, I could see some spammers changing their dns lookups to point back at Lycos EU or some government or corporate sites.
No, I did not vote for Bush. However, I can understand why alot of people did. Keep an open mind about things.
Heck, I would have chosen "There's simply no other mechanism for solving this sort of problem other than everyone giving up on unsigned SMTP, and since too many people aren't willing to do that, the only alternative is to simply packet-spam the spammers into oblivion. I say, let their routers burn."
XML is like violence. If it doesn't solve the problem, use more.
It seems to me that if a spam has an link in it (which they all do), then they are sending you that link in an attempt to get you to visit their site. It was very nice of Lycos to automate the process for me and them. Now I need not bother reading the mail in order to make all those spam companies happy...by increasing the visitations to their site. Thanks Lycos! It's not vigilantism, its just progress. As computer systems evolve, more and more tasks get done by the computer, with less intervention from the user. :-)
The volume of spam arriving in my mailbox has dropped right off... :) I was getting some twenty odd landing in the trash having been filtered there... now I've gotten only two in the last day...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
This approach to controlling spam probably has more collateral damage than anything since firewalling entire countries.
I'm having fun just watching the page do it's job
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"
this exact program was my senior design project in college!
Go Lycos GO!
Attack Spammers!
I for one will now run this screensaver dedicated 24/7
Go Microsoft Go!
Sue spammers!
Die Rolex!
Die Nigeria!
Die Viagra!
Die Logos
Die Penise Enlargement!
Die Die Die!
Could it be possible that the spammers brought their own stuff down in an attempt to make themselves look like the victims, and provide them with a case against people that are doing these things?
Really, it's ironic, since these are the companies that totally shit-bomb people's servers and workstations on a daily basis. One thing to keep in mind, though, is that their wrong does not justify a wrong in like.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Looking at that old goofy "Internet Traffic Report" (remember? - from back in the 1990s?) web site, I noticed something that seems significant.
http://www.internettrafficreport.com/7day.htm
There seems to have been a tremendous effect on overall web traffic recently. The 'recovery' period seems incredibly rapid however.
Anyone know how to gauge whether this had any real effect on total spam sent on the (whole) internet? Also, anyone know difinitively what the start/stop times of the "attack" were?
I know the spamhauses themselves were not targetted. Does this merely reflect a couple hundred thousand people smacking the root nameservers with obscure domain lookups? Or was the screensaver using explicit IP addresses?
"God is dead." - Frederik Nietzsche
Want your competitors off the market? Just send a spam mail in their name, with their website URL. Without working sender-ID for e-mail, nobody can know for sure...
That's the reason why vigilantism is bad, why there must be a judge and proof must be presented.
Isn't it in fact more likely that the spammers themselves are taking down their own sites, in order to make themselves *appear* to have been victimized by the Lycos screensaver? The brownie points from the resulting legal sympathy may be worth more to them at this point than keeping the sites live for a few days.
It looks as if makelovenotspam has been pulled. I wonder if Lycos are getting cold feet?
Training monkeys for world domination since 1439
If anything they got Lycos in the news :)
They ask for your email in the contact form. How clever :D
Gee. Track any spamvertized website and you will see many of them going down after a couple of days. Often, these sites are hosted by malware-infected dial-up machines. Or by servers somewhere in China that are administered so badly that they can crash any minute.
Unless Lycos tells us how many servers were targeted, I don't see how the statement that two servers are down can be connected in any way to the workings of that stupid marketing toy.
If sending me info about stuff I don't want is Freedom of Expression so is sending a beautiful stream of packets at a site!
The spammers want to get people to visit their site right? That is why they send spam. So now they're unhappy that millions are going to their site via the Lycos screensaver? I don't understand they should be happy they are getting what they wanted -- increased traffic.
They are a spam hosting company , and they are blocking the trans-atlantic access to makelovenotspam.com.
> traceroute makelovenotspam.com
traceroute to makelovenotspam.com (213.115.182.123), 64 hops max, 44 byte packets
(hops 1-4 removed)
5 500.Serial3-7.GW4.NYC4.ALTER.NET (65.217.196.181) 4.280 ms 4.267 ms 3.817 ms
6 146.at-2-0-0.XR3.NYC4.ALTER.NET (152.63.25.98) 4.350 ms 15.281 ms 6.800 ms
7 0.so-2-0-0.XL1.NYC4.ALTER.NET (152.63.17.29) 14.770 ms 9.844 ms 12.983 ms
8 0.so-5-3-0.XL1.NYC8.ALTER.NET (152.63.1.49) 6.267 ms 5.575 ms 5.700 ms
9 POS6-0.BR3.NYC8.ALTER.NET (152.63.19.53) 12.412 ms 5.083 ms 5.795 ms
10 * * *
11 * * *
^C
Here is the traceroute to the download site which is still operational:
> traceroute download2.makelovenotspam.com
traceroute to download2.makelovenotspam.com (213.115.182.70), 64 hops max, 44 byte packets
(hops 1-4 removed)
5 500.Serial3-7.GW4.NYC4.ALTER.NET (65.217.196.181) 7.132 ms 18.167 ms 4.769 ms
6 146.at-6-1-0.XR3.NYC4.ALTER.NET (152.63.25.90) 4.726 ms 4.779 ms 4.454 ms
7 0.so-2-0-0.XL1.NYC4.ALTER.NET (152.63.17.29) 11.073 ms 5.675 ms 15.036 ms
8 0.so-5-3-0.XL1.NYC8.ALTER.NET (152.63.1.49) 5.391 ms 6.484 ms 5.798 ms
9 POS6-0.BR3.NYC8.ALTER.NET (152.63.19.53) 13.613 ms 5.041 ms 5.606 ms
10 204.255.168.134 (204.255.168.134) 6.497 ms 6.206 ms 7.160 ms
11 so6-0-0-2488M.ar1.ARN1.gblx.net (67.17.67.250) 118.008 ms 109.717 ms 111.907 ms
12 64.215.185.82 (64.215.185.82) 119.551 ms 109.770 ms 124.437 ms
13 pos2-0.cr1.sto1.se.bredband.com (195.54.123.114) 110.145 ms 125.686 ms 114.214 ms
14 vlan11.dr1.sto1.se.bredband.com (195.54.116.166) 110.620 ms 110.892 ms 118.073 ms
15 vlan6.dr1.sto15.se.bredband.com (195.54.116.226) 120.274 ms 117.771 ms 109.874 ms
16 * * *
17 * * *
^C
This makes me want to run the damn thing more than ever! Spam friendly hosting companies are now doing a denial of service to makelovenotspam.com. The company says they were not hacked, but it makes me wonder if Global Crossing didn't redirect the page accesses to the that "hacked" page (and yes, I did see it myself, but I didn't think to do a traceroute at the time).
I really hope they come back up or someone comes up with something equivalent soon. How hard would it be to get a perl script together that downloads the spamvertised web sites page of spamcop.net and downloads them 20 times each? False reports would get a 20 minute increase in bandwidth, but repeat offenders would get hammered long term.
I don't understand. They are wasting your resources by spamming you. Inside the spam they are hawking all sorts of junk, and BEGGING you to visit their site. So a program goes to the URLs listed in the spam. So what if it's once or a thousand times. They WANT you to go there.
How is that unethical when they want you to visit their site to buy their junk?
Instead of simply sending out request after request for a web page, never to be seen, what if someone wrote a screensaver that distributed lists of spam site web pages that contained forms and each screensaver would issue POSTs with bogus data? The result is not a DDoS attack but it would bury the spammers in a mountain of bogus requests for information/product etc that they'd have to sift through to get the legit ones. A computer's time is nothing.... A person's time is a huge deal. THAT would discourage the spammers a lot more effectively than this fiasco.
Even better print up some stickers with a message like "Call now for hot dates in your area: 555-1234" or "Girls ready to take your call 24x7: 555-1234" but with their phone number. Then put the stickers on the inside of the cubicle doors of public and commercial restrooms (pub, mall, bar, gas station, church &c). Not only will the resulting calls jam up their phonelines but given the nature of the calls most of their call centre/reception staff will probably quit. I'm not sure about the US but I do now that in the UK the staff who quit will be able to sue the employer under health and safety legislation on the basis that their trading activities resulted in an unsafe workplace.
Stephen
"Don't write down to your readers, the only people less intelligent than you can't read" - Sign on Newspaper Office Wall
As a concerned villager, I personally am off to grab my pitchfork and swarm the monsters castle like everyone else
Exactly. If the mortgage guys don't like the packets coming from our screensavers, why haven't they sent us any opt-out requests?
By continuing to send SPAM, they have opted in to this program!
The act of sending SPAM is an opt-in request for this handy, distributed, load testing system!
Any time they want to opt out, all they have to do is stop sending SPAM, and their opt-out request will be processed within X business days!
How very handy!
I wonder if Lycos would be willing to sell this handy load testing system without requiring you to first send SPAM? I know I'd like to have the new firewall and load balancers stress tested before putting them into production.
It's kind of unfair to restrict this free load testing to established bulk mailers.
"Live Free or Die." Don't like it? Then keep out of the USA
Unbelievable! Methinks you could stand to rethink your priorities in life.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
Replacement for the screen saver: :start_here
wget -m http://www.artofsense.com/english/
rm -rf www.artofsense.com
goto start_here
Of course, I'm one of thos freaks who has Cygwin installed on his work W2K box, so the above is a Windows Batch file for people who have cygwin installed.
www.artofsense.com is the only one still responding
"Live Free or Die." Don't like it? Then keep out of the USA
Should have hit "preview" first, then I would have
known to set the type to CODE on the post.
:start_here
wget -m http://www.artofsense.com/english/
rm -rf www.artofsense.com
goto start_here
"Live Free or Die." Don't like it? Then keep out of the USA
Incredible.
You found a site that will give me a reason to use IE, at least for that single page.
Now, how to get this working in Mozilla / Firebird....
"Live Free or Die." Don't like it? Then keep out of the USA
It not Lycos killing these sites its Lycos users.
I'm of two minds on this. There is the obvious DDOS aspect, and DDOSes are wrong. But on the other hand, this case is different than a normal DDOS. This isn't a few people with a network of hacked machines. This is grass roots.
/.er out there screaming that.)
Basically, what is the different between a DDOS and the internet equivelent of a picket or protest? I hate asking that question, because I didnt like it when folks did the same thing during the US election to silence the party they didn't like. But this is still the same basic idea of getting a group of people to protest in front of an unethical company's door.
In the real world, you can protest, but you still have to let people through unharmed and you can't do actual damage to the establishment you are protesting. You are just taking up space and congesting traffic outside the place.
It seems the difference here would be if you crash the box. And then there's the question of whether the box actually crashed or is it faked. (At least, I'd be amazed if there wasn't a
Can I obtain a copy of (or a reference to) that target list Lycos is using, so that I can examine it myself and decide what I should do about those targets? It's not that I think Lycos is wrong about them, but I want to get my brain involved in the process rather than merely lend Lycos my hardware and name.
If Lycos wants me to kill someone, they should provide me with the guy's name and photo and let me do the job, not blindfold me and ask me to pull the trigger while they take care of aiming my gun for me. The same if the guy should be allowed to escape after a slight beating. If they want my assistance with any of this, I want to take part in the thinking, not just follow their instructions.
Has Lycos released the source code for this screensaver? If not, why?
Hate, now that's a strong word ... dislike strongly-with prejudice (all puns intended)
... ...A LOT.
... A new Geek Sport.
We, "the victims", rebel by "playing into their hand".
(These advertisers are not "a people" so we can get away with "disliking strongly-with prejudice")
Soooo
-They WANT us to visit their sites.
-We visit their sites,
-The advertisers are HAPPY, no?
RIGHT, off you go.
Give them what they want and grab you a list of SPAM links, mix and match with your f(r)iends (like baseball cards),
Cruise from here:
http://anonymouse.is4u.de/
On an end note remember the immortal words of Arlo Guthrie in Alice's Restaurant.
And I went up there, I said, "Shrink, I want to kill. I mean, I wanna, I
wanna kill. Kill. I wanna, I wanna see, I wanna see blood and gore and
guts and veins in my teeth. Eat dead burnt bodies. I mean kill, Kill,
KILL, KILL." And I started jumpin up and down yelling, "KILL, KILL," and
he started jumpin up and down with me and we was both jumping up and down
yelling, "KILL, KILL." And the sargent came over, pinned a medal on me,
sent me down the hall, said, "You're our boy."
Didn't feel too good about it.
~hylas
By spamming me, or one of my associates, you have opted-in to a DDoS attack.
If, for some reason, you do _not_ wish to be DDoS'ed, you may opt-out of further DDoS attacks from me (but not my associates) by clicking here.
Exceeding the recommended torque is not recommended.
Oh wow. This is a brilliant idea. Not sure about the legality of it, though.