Slashdot Mirror
Lycos Anti-Spam Screensaver Brings Down Spam Sites
ChairmanMeow writes "According to BBC News, the screensaver released by Lycos Europe that targets spam websites has been a bit too successful at targeting spam sites, bringing down two sites, with a third responding intermittently, and raising concerns that the screensaver amounts to a DDoS attack against spam sites. Of course, spammers deserve to be punished, but will DDoS attacks against spam websites help to curb the problem of spam?" While the screensaver allegedly throttles back when a site slows, it would seem it's being a bit overzealous.
Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer...
Why not target other sites like spyware/adware/malware sites like Gator?
Really,
:grrr:
Is there anything legally wrong with this?
It's not a "bot" army in that the owners of the PC's opted in to do this.
-nB
--
Damn 2 min between posts BS has got to go. Should be limited to within topics or something
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
You say that like it's a bad thing. They DDoS my inbox, loading pages that they ask me to visit sounds fair.
"History doesn't repeat itself, but it does rhyme." Mark Twain
I don't care if the spammers' servers are DDoSed. They can take their fucked-up business model and shove it, as far as I am concerned.
Good on Lycos for finally having the balls to stand up to these guys. The spammers have been stealing bandwidth off all of us for far too long now.
gadgetophile.com
Who controls the list of "spam sites"? What are the criteria for becomming a victim? I would personally like this process to be transparent before I encourage anyone to participate - I do think they have the best intentions, but the potential for abuse is a bit scary.
That's what sucks about the spam war.. the good guys have to be careful how they deal with the problem to avoid accidentally screwing someone innocent. The bad guys just double their output.
Yes, spammers are evil scum who need a standard NATO round square in the forehead. But this sort of rough and ready justice worries me. An attack on the network is an attack on the network, period. If this sort of thing becomes respectable where does it end?
If it is OK to DDoS spamers, who else is it ok to knock off of the net?
Kiddie Porn?
Regular Porn?
Nazi/Skinhead sites?
Anything YOU think is a 'hate site'?
Anything ANYONE things is a 'hate site'?
Anything anyone objects to for any reason?
Business competitors?
Political opponents?
Anyone applauding Lycos for this had better be ready to draw the line somewhere on that list above and defend why their line is the absolute correct one in language all can agree on or that line will creep down at Internet speed.
Democrat delenda est
Does it matter? Mission (screw the spammers) accomplished either way.
...who are always steamed up because the internet is an unperfect place or someone is billboard posting in some usenet group of you didn't read the faq are going to mad at something forever. Why even run anti-spam screen savers when you could be looking for seti or doing some folding or something useful. 1000 years from now spam and drugs and guns and all kinds of potentially bad things will still exist. You won't. Use your time on something useful.
Spammers neither detect odors around me, or allow me to walk. They're more like bacteria than a nose or a foot. So, on a side note, when was the last time you took antibiotics?
Vigilantism (sp? Is that even a word?) is legally risky at best. I would love to see lawmakers specifically exempt Lycos in the specific anti-spam effort. I'd also like to see lawmakers pass laws that increase spam penalties to death by slow and painful torture. Maybe that's just me.
But there's a big problem with the concept of legalizing even such specific vigilante acts. Where does the line in the sand get drawn? My USA Lawmakers seem ignorant (at best) when it comes to technology issues. Furthermore, making an exception for spam only would likely open the door to tremendous abuse. Would GWB authorize DDOS against non-Republican affiliated endeavors?
It's a slippery slope. As much as I like the concept, my doubts are not being assuaged.
"God is dead." - Frederik Nietzsche
... as least until one of your arsonists accidentally burns down the murderer's neighbor's house.
paintball
And 25 emails a day advertising V14gra isn't?
-- yawn. --
It's not useless, it serves a well defined albeit misdirected purpose.
The problem is that I doubt the spam sites domain names are hard coded into the screensaver. If they're not, the screensaver has to retrieve them from a remote source, and within days the spammers will simply squelch this uprising by DDoSing that source, rendering this entire approach useless.
*blinking cursor*
I'm not certain how Lycos' software works or where their pool of server names comes from so it's hard to speak to this instance. But If someone sends SPAM to my email account I don't see how they can complain if I browse their site. Now I guess the real question is where is Lycos getting it's list of spammers? If it's some blacklist in their backroom then it's a DDOS plain and simple, on the other hand if it pulls the addresses from the Junk folder in my inbox then I am just responding to their solicitation.
-- Dennis
They released the screensaver with a fixed list of sites? I thought it would look through your Spam folder in your mail client and visit each web site mentioned there; a much fairer way to do things and perhaps legally safer too.
I know someone has previously suggested making mail clients download every link in a message; the idea is that if everyone did this then spammers would even have an incentive to get 'unsubscribe' working. Yes, it does confirm that your address is live; so what, it was on the spam list anyway.
-- Ed Avis ed@membled.com
DDoS is not defined by the willingness of the parties involved. DDoS is a distributed denial of service attack. Denial of service means that ones service is being denied by another party. Distributed means it comes from multiple sources... just because people are willing to let it happen has NOTHING to do with it.
If me and 100 people on an IRC channel willingly installed something similar and used it to attack government websites or servers would they call it civil disobedience? I think not.
Get it right peewee.
It depends how the redirect is implemented, a META refresh would probably not work, but a HTTP "Location:" header might.
For a little while, sure. But once the ad purchasers realize they're not making any sales on those "clicks" they'll start paying far less per ad click.. it'll all even out.
Exactly. If the mortgage guys don't like the packets coming from our screensavers, why haven't they sent us any opt-out requests?
We could be seeing a dotslashing (a reverse Slashdot) where this site is bombarded by visitors because of all the links to it.
The really terrifying part is that non-geeks will get to see how geeks communicate...
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
To me, it seems their marketing campaign has gone the wrong way.
o fsense.com/signup.html)
I don't see any problem with email offers as such as long as they are above board so to speak, for instance because I have signed up for a company, or expressed an interest in a product.
Up until recently they had an email signup form on the web, and its not difficult to signup anyone you want, the site is quirky enough to raise a laugh amongst friends (I went through a phase of signing up folks to knitting pattern newsletters!).
(Archive link: http://web.archive.org/web/20040202064714/www.art
On the signup page, they do state that they never sell emails or pass to others, which considering the whole look and feel of the site (small family art business) seems like a reasonable line.
Now, if one of those friends was on Lycos and marked it as spam its quite feasible that the Lycos engine has taken it onboard as spam.
This could mean Lycos makes no distinction between a reasonable prospective mailing from a small reputable company and the hardened multimillion hidden linkage spyware infested crap.
But then again, I'm possibly very wide of the mark.
liqbase
So if I hire a spamhaus to advertise my competitor's website...
Hmmmmm. Needs a little caution, methinks.
"God is dead." - Frederik Nietzsche
*blink* oh, yeah, really clever law.
RIAA hacks into someone's computer.
Person has no legal recourse against RIAA
Person hacks back and knocks the RIAA off the internet / nukes their network / whatever
The point is that when there's no peaceful resolution (i.e. a court settlement), then everything descends into a non-peaceful solution, i.e. a free for all. And, simply, the RIAA wouldn't have much of a case in the courts against someone for the counter-hack - IANAL but if the person hacked CANNOT defend themselves against it in the courts (particularly if nothing infringing was found) then to hack back to prevent yourself from being attacked is self defence, defence of property not person, but nontheless self defence.
The other possibility is that with all the hacking and counter hacking going on, firewall and other defensive technology should improve no end, which is good. Eventually the computers will all be locked up so tight that it ends in a stalemate, with a situation identical to that today, except that it'll be because no-one can get into the other's computers, rather than because it's illegal.
Quite simply, if the law refuses to protect something or someone then the law can't complain when someone or something protects itself. That's got to be written down somewhere.
Although I'm probably entirely wrong because IANAL at all, in any way, shape, or form.
As long as they can do it to /. as well.
Why not get every person and every site on the net to DDos the entire farking thing off the planet? Doesn't that sound like fun?
Think about it, there is not one thing on the net that probably isn't an annoyance to at least one person out there.
If DDOSing a site you don't like becomes generally acceptable behavior, the net is in some serious trouble.
It's entire foundation of the internet being based on believing that people will generally "play nice" (as it is) is on the verge of causing it's destruction here.
Lets keep cool heads. Boycott and stop supporting the use of the lycos screen saver and get back to work on a better email protocol!
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
Universal broadband - even constrained geographically (ie we are all broadband peers in our neighborhood/block/town whatever) will make both ddos attacks and hacking individual machines ineffective. Imagine how popular radio would have been all those decades ago if more listeners caused the radio station to be knocked offline.
Welcome to the Internet. :-)
No, seriously, the 'net was founded on principles of consensual anarchy. That's the way it has always been, and the way it always should remain. By signing onto the Internet, the spamming companies agreed to join a transnational network that was effectively above the laws of any one nation. If someone wants a protected little world, they should wall themselves off from the 'net behind eight firewalls and never communicate with the rest of the universe. If a whiny, crybaby spam business wants to fight against it, let them try. Next time, the 'net's tendency towards autocorrection will ensure that they get BGP blackholed for all eternity.
The right solution for solving spam is not one of government. We don't need laws to make DOS attacks on spammers legal because they were never illegal to begin with. They agreed implicitly to accept whatever the Internet threw at them when they signed on. This is the way the Internet has always worked---when polite discourse fails to correct the error of one's ways, the 'net's response is to isolate the problem in the harshest possible manner to serve as an example to others who might choose to also act in ways that are harmful to the best interests of the 'net.
There's simply no other mechanism for solving this sort of problem other than everyone giving up on unsigned SMTP, and since too many people aren't willing to do that, the only alternative is to simply packet-spam the spammers into oblivion. I say, let their routers burn.
Check out my sci-fi/humor trilogy at PatriotsBooks.
First I'll cite an example from the university I work at. We bought a better connection based on the sole reason that we get so much spam the website was loading slowly. The option of having our email outsourced was looked at, but in the end it was still cheaper to just get a better connection. Are the spammers covering the new cost incurred because their actions? Haha, yea right.
There was just an article today about how big the market for spyware removal had become. It is well known that some spam sites install their crap when you visit their site, or if the person is using OE or even Outlook 2000 the stuff installs straight from the e-mail. Again, are they forking over some of their profits to cover the costs for this?
An eye for an eye is perfectly legit in this case since our governments are so slow to do anything worthwhile about the problem. In America we have the right to bear arms and form a militia (under certain circumstances) so what's wrong with us bearing different arms, our bandwidth and computers, and forming a different type of militia to get rid of our enemies?
Wilfull ignorance is no defense.
Bullshit. They paid someone to spam people, and now they're trying to say it's not their fault. They should have done their due diligence and asked just how this spammer proposed to market their paintings.How does taking down a spammer's Web site stem the flow of spam? The two aren't related, and in fact all that's happening is that a hosting company somewhere is getting blasted (not that that bothers me ... host a spammer's Web site and you can just take your lumps.) However, actual spam is sent using open relays and other bits of misdirection and likely isn't even on the same pipe as the Web site. Sure, this sends the spammers the message that we don't like what they're doing ... but one has to assume that they already know that. I guess I don't see what practical purpose this is serving.
The higher the technology, the sharper that two-edged sword.
Dude, that is like, what, +500 insightful? I wish I could un-post so that I could mod you up.
"God is dead." - Frederik Nietzsche
Tell you what. I do not think that the issue is being better than spammers, I think the issue is that it is about time a bit of vigilante justice is done to these bastards. No matter what laws are created, because of the nature of the Internet itself, this may very well be the only way to stop these people currently.
DISCLAIMER:
I don't believe what I write, and neither should you.
I think you are 100% correct, and I applaud your post. You hit it on the head.
DISCLAIMER:
I don't believe what I write, and neither should you.
If your site shares a network with a spammer, time to complain to your feed site. Anyone who puts their customers at risk by tolerating known spammers on their network deserves to lose business or to get sued by their customers. (something along the lines of tolerating a public nuisance which is interfering with your business, I suppose)
Tech Public Policy stuff
What if we frame it this way:
Lycos did not itself or via its employees directly take this action. they gave the victims of the spammers a way to fight back. The people who have not asked to have their inbox crambed with unwanted, often fraudulent emails have the feckless help of a few antispam laws and not much else except to change addresses often. I am sure the spammer didn't ask for all those pings or whatever the Lycos spammerjammer does...turnabout is fair play.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Big problem here. The most powerful win, at everyone else's expense. It seems fine when applied to spammers, but if somebody powerful decides they don't like you anymore, you're off the net, or worse. There has to be some kind of legal protection, as the ubiquitous network becomes a necessity of living, both for the powerful and for the average-joe.
There's no time to stop for gas, we're already late.
Are the ones who decided to do that attacks. Lycos just had an idea, it takes computer users to implement it (or not).
Quack, quack.
But there's a big problem with the concept of legalizing even such specific vigilante acts. Where does the line in the sand get drawn?
Thank you for your interesting comment.
The spam problem has been inadvertently created by the internet designers and should be addressed and eventually solved by the web designers. This is not an area where legislators need concern themselves. They don't have to pass laws about everything. After all, that would only perpetuate the illusion that technical problems can be solved by passing laws.
In the long run, the spammers will only win if they can convince the smartest web programmers to concentrate their efforts on the enrichment of the spammers. They could only do this by giving the best web programmers insane amounts of money. But spammers are too greedy themselves to do this. So they will eventually be driven off the web. Why they should be driven off is because they consume too much bandwidth for whatever service they provide to people who use the web. How they will be eventually be driven off is the question of the hour.
But it is the technical community, the open source geeks, that will eventually get rid of them. Since getting rid of the spammers is in the global public interest, we should give the people who are devising experiments to drive out the spammers the benefit of the doubt.
Getting rid of assholes is not the first step down any slippery slope.
Jeez, I sound like an economist playing with a cliche-generation program.
Comment removed based on user account deletion
How can they opt out when all the packets have no return address, all the information is spoofed, no opt out page is given and on top of that if they do say that they don't want any more they're given more anyways? Funny, but isn't that how they work?
Specks
Batteries not included
Only if it's a "real" HTTP client and actually follows them, which I doubt it does.
Now a CNAME on the other hand...
>:)
This is not the greatest sig in the world, this is just a tribute.
Special note: We are an innocent victim of Lycos anti-spam program and our lawyers preparing
a lawsuit against it. One Israeli company tried to resell our paintings and they used spam and to save their traffic they put links to images on our site. We broke all contacts with them
and nobody is sending any spam. We have NO connection with their spam.
You missed an interesing part in your quoute, the part stating "One Israeli company tried to resell our paintings and they used spam and to save their traffic they put links to images on our site" which means there has been spam sent out with their products.
If they are so innocent they claim, why don't they use their lawyers on the company that sent out the spam and put them in this position in the first place?
Maybe Global Crossing doesn't want to get involved in petty Internet politics
Except of course by reacting and blocking access to the lycos site they are getting involved.
it's much easier to come up with a conspiracy theory whereby Global Crossing is protecting those evil spammers
Except of course Global Crossing does provide international connectivity to many Chinese providers who host spammer sites and Global Crossing's abuse department specifically disowns complaints about these sites when the chinese ISPs are unresponsive.
Maybe Global Crossing is more concerned about people wasting their bandwidth on the latest cause of the day
If they were really concerned about this then they could simply block port 80 traffic TO the spam sites when it enters their network, not block access to the lycos site.
Your argument is really pretty flimsy, it aint no conspiracy, GBLX provides lots of backbone connectivity to spammer sites in china and GBLX blocked the lycos site - ever heard of occam's razor?
The net was founded by the military to make a distributed system that could withstand a nuclear attack. It was then used by academia to exchange information. Then the geeks and techie types outside those groups got in on it, finally the rest of the world, including big business and so government attention.
It certainly went through anarchic times, and is still pretty anarchic, but I think it is a stretch to say it was founded on it. As for above national law, why? Because it wasn't enforced for a while? What is so magic about using your computer and a phone line that means the law doesn't apply?
If anyone connecting to the net has to take whatever it throws at them, what about on-line extortion? If DOS attacks on spammers are legal, than aren't DOS attacks on everyone? How about fraud, phishing attacks or grooming minors? Do the victims of all these deserve it for connecting to the net?
Is the self-correcting net going to protect them? Because I don't see any sign of it happening, but I do see people being arrested and charged (and convicted) for these things.
The ideal of a self-correcting anarchic net sounds neat, but is hopelessly naive, and suffers the same problems as off-line anarchy. Too many people are arseholes, and too many of them can get away things, and too many are apathetic and won't do anything about it. Self correction isn't stopping spam, spam is getting worse. Self correction lacks accountability too, what if an innocent site is targeted by mistake?
It's clearly a popular idea on /., as you have been modded right up. Doesn't make it smart or means it works.
Not that I'm convinced governments can stop spam either, I'm not sure what the solution is, but the idea anyone connecting to the net implicitly agrees to anything that they receive through it boggles me. It won't wash in court either.
Exactly. If the mortgage guys don't like the packets coming from our screensavers, why haven't they sent us any opt-out requests?
By continuing to send SPAM, they have opted in to this program!
The act of sending SPAM is an opt-in request for this handy, distributed, load testing system!
Any time they want to opt out, all they have to do is stop sending SPAM, and their opt-out request will be processed within X business days!
How very handy!
I wonder if Lycos would be willing to sell this handy load testing system without requiring you to first send SPAM? I know I'd like to have the new firewall and load balancers stress tested before putting them into production.
It's kind of unfair to restrict this free load testing to established bulk mailers.
"Live Free or Die." Don't like it? Then keep out of the USA