Slashdot Mirror
Spamfighting Since the Death of MakeLoveNotSpam?
vacuum_tuber asks: "The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd. There was speculation after its demise that Open Source spam-punishing tools would emerge. Other tools such as SpamVampire, LadVampire (punishes fake bank sites), Spam Research Tool and others were mentioned with increasing frequency, but there has been no coherent followup to gauge what people are doing since the death of the Lycos screen saver. What are you doing that you think is effective in punishing spammers or their spam-site sponsors?"
Just chop their heads off. See how well they spam if they cant see their monitor.
The best way to fight spam is to go home and turn off your mom's zombie computer...
or else!
No you're not. Best just give up and cease the first post business, forever...
A solid wooden stake usually does the trick. Make sure it's the heart, though...
webpage
Cooperation and user persistance has pushed spam already to the fringes of the Internet. Spammers have to just compromissed machines and other criminal methods to spread their messages.
Making them a victim will only make it harder to push them out, and it will take away resources from the actual problem: People buy the crap offered by spam! Spam is no longer free. If people would just stop buying based on spam, the problem would solve itself.
SANS Internet Storm Center http://isc.sans.org
I've been spamming the spammy spammers with my anti-spammer spammer. My spam scripts is well suited to spamming spammy spammers with spam. Spaming spammers is the best way to get them to stop spamming. Infact sometimes I use other spammer's spam to spam the spammers.
Now I'm off to eat my breakfast of spam, eggs, bacon, and spam.
Just a guy with an opinion
Make spam illegal, that is the only real way to stop it.
Write your congressman, if you have some free time try to meet with one of them and lobby them. Few people know how remarkably easy it is to get your congressman to sit down and meet with you.
Le français vous intéresse?
The best would be to make them use what they span for continuously. They should be made to use their penis enlarger and breast enhancers.
I, for one, truly do welcome our new spamfighting overlords!
No trees were harmed in the composition of this; however, numerous electrons were inconvenienced.
SPAM punishes itself by giving an "evil" image for their company.
Best way to punish spam is by keeping your friends AND foes aware of what to not pay attention. In the end, hopefully, they'll make less profit. Nonviolence resistance demands patience and is a slow process but always shows progression.
I use Spamvampire almost constantly. It works great. It sucks up their bandwidth, and while it doesn't DOS them, it does make the business of spam a hell of a lot less financially viable. I regularly pound on spammer sites (the sites actually selling the garbage) for a few days, then the site dies. Now, there's no way to know if it's because these sites are only designed to be live for a week or so at a time, or if I really am hitting them in the pocketbook, but I'd like to think that it works. At the VERY least, it makes me feel better knowing that somebody is going to be very shocked when they see their bandwith bill at the end of the month. And, the info that the guy who wrote the SmapVampire scripts concerning the 97% billing is very true, so the results he describes are actually quite realistic.
I don't respond to AC's.
Fully load the pages they link in the spam, including images and everything. Not only will this give you more meat to grind with your spam filter, it will drive the spammers web hosting crazy.
Nice tool to jam spammers...http://www.astrobastards.net/uc/
Sending xmas cards to inmates about to be released from prisons in their state with the spammers name and home address as the return address with sincere hopes that they will come visit once they get out. Plus I get to use up all these extra xmas cards instead of packing them away for next year.
I Am My Own Worst Enemy
Turn images off. And filter on <img src=. And tell your Mom to.
Maybe it's not the crime (taken one at a time), but the fact that spammers like you send out MILLIONS of your crimes everyday.
Rob a purse, go to jail. Rob it 4 billion times? Hmmmm...
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Otherwise for every spammer ... removed, there will be ten new spammers to take its' place.
ELOI, ELOI, LAMA SABACHTHANI!?
Another method is to hit the spammer's website... consider this perl fragment:
while (1)
{
- $sock = new IO::Socket::INET (
}- Proto => 'tcp',
);PeerAddr => 'website',
PeerPort => '80',
Reuse => 1
$sock->autoflush(1);
push @sockArray, $sock;
Naturally, the above code is for educational purposes only and is not intended to be used in anger
"...What are you doing that you think is effective in punishing spammers or their spam-site sponsors?"
what better solution than this one found at bash.org (source)
"i'm going to become rich and famous after i invent a device that allows you to stab people in the face over the internet"
This sig contains repetition and redundancy.
and this motley crew shall /. into oblivion...
If a spammer and a phisher were both drowning in a pool, and you only had enough time to save one, would get lunch or go for a walk?
If brevity is the soul of wit, then how does one explain Twitter?
Forcing ISPs to turn off/temporarily disable the accounts of zombied, 0wned, computers? Isnt that where most of the spam comes from? How much spam could be stopped that way?
Doesnt have to be permanent, just cut it off and request the user run ad-aware/spybot/a decent virus scan and away they go......
-thewldisntenuff
My MythTV HowTo
was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd
Yeah, it was so well recieved they pulled it without a trace after what, two days? Three?
It's a boneheaded scheme that creates many more problems than it solves. Imagine a spammer finding a dopey judge to give him a multi-million dollar settlement against lycos.. That'd sure teach him a lesson!
The whole scheme is as easy to get around as changing IPs.
Anyhow, I have a new plan. I'm going to drive 90mph on YOUR sidewalk because I have a problem with people driving like idiots. I encourage everyone else to do the same. Get drunk, do donuts in other peoples lawns, take out their fences. Run over their pets - hell, kill a few kids! That'll sure teach people that they should be more responsible when they drive.
I don't need no instructions to know how to rock!!!!
Give them info that at least looks real.
If you give them your real phone number, then you can keep them on the phone line for 1/2hour (if you've got a headset), while you play your favorite game.... then tell them you hate spammers.
Even if you don't give them your real time, it forces them to verify the data. People pay for info from those spams because it's mostly good data. from people who want mortages.
If you keep the S/N ratio from spams higher than random cold-calling, then the spam's useless.
For stuff like cheap viagra, it's mostly an attempt to get them to annoy their credit card company. or just wasting their time. If we (slashdot) can each get spammers to waste 10 seconds of their time, that's some number of spammer man-years. If we can each get them to waste 10 seconds a week, they're out of business.
It's using the statistics of spamming against them. They currently get about 1million-1 response ratio with a very high signal-noise ratio. If we can get that up to 1000-1 with a 1-1000 signal-noise ratio, then they'll drown in their own garpage.
Free Software: Like love, it grows best when given away.
"...the actual problem: People buy the crap offered by spam! Spam is no longer free. If people would just stop buying based on spam, the problem would solve itself."
So what you are in effect saying is that people who hawk too-good-to-be-true investment schemes and storcks shouldn't be punished? People are gullible, people are going to continue to be taken in by their greed, ignorance, or even illness.
I think these parasites should be taken down. Whether you agree with Lycos or not, I commend them for at least bringing this possible solution to the spotlight.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Why not just hose sites on current antispyware hosts & blocked urls lists? Everyone has them & some spare bandwidth. More satisfying than SETI in short term.
Just a thought.
I still believe that if people believe in fighting spam they should make the sponsers waste as much time and engergy that we go through wading through it. We should have servers on OC48 connections with web front ends on where you can submit a spam and have it hit the websites constantly for the same amount of "charge" that it cost to receive and cpu cycles to process the spam.
...but it still happens, sometimes almost unchecked in foreign countries. How is this really going to help unless you target the companies USING spam to hawk their goods?
The spammers are a symptom of a much larger problem. Don't get me wrong - I wouldn't mind seeing them strung up too - but I'd rather see the CEO of some penis enlarging / Viagra-distributing company do some hard time with big guys...
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Or
LWP + PERL + SPAM = Fun
Take your pick, for something simple like a website that is hosted on compromised machines, simply loop the address through wget, use the output of ps -aux | grep wget | wc -l to keep the system load down to something reasonable - like 50.
Another fun game is when the spammer/phisher wants some personal information. Use LWP to walk through the order stages or web pages. Then give them the information that they asked for.
Name - Don't you know
Address - don't you wish you knew
City - not yet
State - that one
zip - 12345-678
Special order instructions:
Don't ever e-mail me again, ever, please. I'm begging you. In fact I'll be nice, i'll only send this very same message once for each attempted spam delivery. So far the machine that delivered this message has also made 150,000 connections, to try and deliver messages to users that don't exist.
Add random garbage to through off simply filters. Rinse and repeat until messages stop coming to you
Using the host command, with the name servers that show up in the whois. Walk the dns. It's trivial to repeat until server stops responding. Especially if the server is another zombie.
Tactics usually prove good at stopping sites hosted on compromised broadband connections. These machines generally have upload limits that run out quick. Sites hosted in China or Russia seem to have more bandwidth and can take more of a load. I only know this because I read around. I would never, ever advocate such a thing as returning the spam I receive to the spammer via his web sites order page. Doing what is suggested would probably get you in trouble.
My solution? Baseball bats, but my lawyer has told me that they may be illegal as well.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Wait a second. That couldn't possibly be a false dichotomy.
WHY, YES. YES IT COULD.
There are no trails. There are no trees out here.
The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd
/. crowd about how hacking/DDoS is illegal and should be a punishable crime.
Yeah, um, right. Say the same thing in regards to the RIAA trying to prevent music piracy and you'll hear endless howls from the
If you want anyone to remotely take you seriously, you will have to first drop the double-standard.
I don't see this as being a retribution. The spammers use our network resources to send us URLs that they want us to click on. In exchange, they want some of the recipients to click on the URLs and buy their wares. If every spam recipient were to go to those web sites, the whole balance of sending "free" bulk commercial emails becomes not so free.
I think that if it's the recipient who is (automatically) pulling down the web sites pointed to by the URLs, then this could not be considered retribution. If instead, one site has a whole bunch of people hitting the web pages, then it maybe could be considered to be retribution.
Software sucks. Open Source sucks less.
I, Steven Ralsky, would like to thank you on the eve of your release from Pelican Bay State Prison. We and the missus would just like to tell you that we're sure you had nothing to do with strangling those 16 nuns, and your conviction with regards to that nasty cannibalism charge is surely bogus. We refuse to believe any of those charges about your indiscretions with those farm animals, either. Can you believe they called it rape? Philistines!
In any event, if you'd like to stop by someday for tea, please do so. Don't bother to knock- just come on in. Oh- the alarm system is broken, and my gout's been acting up, so I can't defend myself very well. Too much of the high life, you understand!
Sincerely yours,
Alan M. Ralsky
6747 Minnow Pond Dr.
West Bloomfield, MI 48322
Posting the physical address of a spammer on /. and asking people to "please not sign him up for all the snailmail-spam you can find because that is so impolite" seems to have worked well in the past.
Well, it worked at annoying the spammer, that is. I don't know if the amount of sent spam actually declined.
Easy really. Either smack all the idjits buying CRAP from spammers (this could work well for the ones clicking on the viruses in their emails too), or make sure every congressman and woman, every senator, every governor, every legislative member, basically everyone at every level of government gets as much spam as Bill Gates. Of course, getting leaders and parliament members of other countries signed up to spam email lists will hasten the demise of spammers, since the US wouldn't be forced to invade to remove the spammers... ;P
Julie Moult is an idiot.
How so?
Didn't they used to crusify people like that as a warning? With thousands next to a road?
They made one of them a halfgod to my recollection.
No showing off eliminated criminals as a warning or to set an example is the lesson we should learn from that imo..
among other things in the spam that you already get. Use Thunderbird for your email. It turns off images in email by default, so you can delete those unwanted emails. Use fake info, or use BugMeNot when you need to register for news sites. Run Ad-Aware at least once a week. Install a good anti-virus program, and scan for virii weekly. Don't sign up for contests. Resist the tempation to smack the monkey. You won't get a free anything. Don't give out your real email. Use a Yahoo, Hotmail, or Gmail account. Use Firefox with Adblock or Nuke Anything extensions, or both. Just don't fucking click on those ad-banners. You don't need Bonzai Buddy!!! arrrgh
"Fortunately, I'm adhering to a very strict drug regimen to keep my mind limber..."
Then, of course, there's a possibility that he wasn't serious.
Did you consider that possibility?
Don't even ignore spam.
;-)
Seriously.
The Lycos thing was an interesting sortee, but on a day-to-day basis? I'll keep doing what I do now: learn, build better filters, make it harder for the stuff to get through, defeat the purpose, drive their numbers down a fraction. I'm a systems admin; my users don't see much spam, largely because I've spent months tweaking the filters to stop it, building better code into my SpamAssassin, etc. Does it annoy me? Not really. It keeps me employed, and it makes me think, actually. A wise man once said, rather coldly, that without war there would be no innovation. (I'm paraphrasing). Largely, that's true I think ... though he didn't say anyone had to actually be killed. This is a war; spam, phishing, viruses ... they've made us all grow up, realise that the 'net isn't a toy any more, and stretch ourselves just a bit to make it safer, faster, etc. Yes, this doesn't help your Mum's computer, but one day it will. I'm not going to say spam is good, but I will say I think it was inevitable, and that our reaction to it can in fact turn out to be beneficial.
Irish by birth, Southern by the Grace of God.
For the spam that sells software, I parse the html code (kmail shows the code, not the rendered page) for links to the spam sites selling the software. It's almost always Microsoft Office, Macromedia Dreamweaver (and/or Flash and I forget the other Macromedia software), Adobe suites, Intuit's Quicken or QB, Symantec's software, AutoCad (?) and a few other regulars I can't remember right now. Almost always, the software includes the big ones above, and sometimes a few others.
So I parse the links, removing the filler, isolate the links, then go to BSA's site, and fill out their piracy form. I provide the isolated links, along with the entire email itself including headers, so that they can investigate the spamvertisement themselves.
Then I add a few words of encouragement at the bottom. Three words are generally enough, you can figure out your own slogans as a substitute.
Keeps the BSA busy, their minds on other things, minimizes the amount of trojaned software that clueless users download via spam if BSA actually takes action to close the sites or go after site owners, and lets me kill some time.
I've been thinking of ratting out the criminals selling "pirated" software on Craig's List to the BSA piracy line as well. Maybe I'll make that the next step. It'll keep cheap "pirated" windows software off people's computers, and perhaps give the prospective buyers more incentive to use FOSS/Linux instead. Or at least OpenOffice on Windows, which makes it easier to get them on FOSS/Linux platform later.
The BSA is the greatest thing since sliced bread. Without them, why would most Windows users migrate to Linux? Because its a better platform? Bahhh! They don't even know they're running Windows, let alone why Linux is better or not.
It seems easy enough. .jpg and .gif files. The client waits 2-3 minutes and does it again.
1. Central hubs who collect spam
2. Each client has a unique email address that the hubs forward spam to.
3. The client pipes the email through grep and uses netcat to download all
Compromising machines is only illegal if the victim can prove $5,000 in damages. Can you prove $5,000 in damages if I break into your machine and start using it to send spam? It is the same with spyware that uses browser exploits, hacking/cracking is not illegal unless you can prove $5,000 in damages, at least not under US federal law. I don't think there is any minimum damages requirement in UK law though.
Are you saying that Americans aren't better?
Just FYI.
________________________________________________
suwain_2
Most major ISPs actively search out people who are spamming. The ISP I work for (which is sort of a meta-ISP) does this.
Daniel Hartmeier of PF fame has a nice little howto on how to tarpit spammers on http://www.benzedrine.cx/relaydb.html I just love that idea, grab them in the act, delay them and send a NDR in the end.
And of course, if you ever meet anybody who bought anything form a spammer, hit them on the head with a big plank.
Sporri
If the "help" is in the form of a cluster bomb that kills both me and my assailant, then certainly hope they don't try to "help" me.
It isn't spam that is killing email, it is the wide variety of anti-spam implimentations that is. If you send an email and it didn't make it to its destination was it just a glitch or did it get eaten by some anti-spam technology. Did the anti-spam technology malfunction or is there a problem on your side.... It is a nightmeare to try and figure this stuff out.
Now people want to flood the evil guys off of the internet. Spam eats up a lot of bandwidth as it is, now we want to use more bandwidth to fight it. This isn't an attack on bad guys, it is an attack on the internet. This useless traffic further degrades its performance.
Several people have proposed scripts that click the links in the e-mails received.
Does this not confirm to the spammers that the address they're hitting is valid? MOST of the spam I get passes some form of variable passed, presumably to uniquely track me.
I'd be very angry if my ISP's mailserver was clicking these links for me.
Sure, if done enough, this will completely ruin the idea of tracking people through link-clicking. But in the period between now and when it's fully-implemented, won't it just make more trouble?
________________________________________________
suwain_2
No one complained about defending yourself, they complained because fighting abuse with abuse is:
stupid
in many cases illegal
in some cases against the wrong party.
DoSing someone's server is illegal in the US. Had Lycos tried it on my allocation, they would have been null routed as soon as I found out about it.
Attacking someone's web site is not defense. Even if they are a spammer, it doesn't make it right.
And if any of my users ever used the service, I'd kick them off too. Pull your head out of where you stuck it, you aren't getting enough O2.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
A long (long) time ago, I came home to find my wife pumping some online poll, somewhere. Vote, click, wait, back. Vote, click, wait, back. It seems that Marvel was running a "who's the coolest X-Man" poll, and the various fan-groups were doing their damndest to win. Since I wanted my computer back, SpamHammer was born. With a dynamic array of winsocks, it'd allocate as many as the target server could handle, and repeat the voting that you'd "taught" it xxx times. It did well, to the order of a thousand or so per minute if the target could handle it. I must say, the pained expressions on the faces of the various people who were NOT in my wife's fan-group was worth every minute spent coding it, if only I could have seen them. An army of them would spend an hour pumping in a few thousand votes... I'd throw in 10k votes in the time it'd take to make a cup of coffee. It was a few years ago, but it was the type of user-torture that lasts a lifetime.
Eventually, the phishing scams came out. And the mortgage quotes were flowing in. And I got tired of all of them. And I remembered SpamHammer.
So, a LOT of searching of the old file-tree to find it, a little tweaking, and V2.0 was born. This new version supports everything needed to pump tons of crap into any site, POST or GET, cookies or not. I spared no feature - from random emails, random name permutations from the USCB, junk mailing addresses that'll pass a city/state/zip xref, random credit card numbers with proper checkdigits, and even stuff picked from lists (think of med sites). Mortgage quoters want leads? Here, have a million. Just don't bitch when the lenders refuse to pay for those leads. Phishers want accounts and passwords? No problem - with the added benefit of DOSing the target host. Free viagra? Oooo... I get wood just thinking about it... here, have a hundred thousand orders for random crap on your site.
I'm not sure why, but there's something satisfying about getting a "write failure: access denied" after pumping a few million POSTs into a site, consisting of every major field being 32K each. The only thing more satisfying is knowing that certain med-sites simply email the order to an in-box... here, have a big pile of 1Meg emails.
help me i've cloned myself and can't remember which one I am
Even though spam may be international, the foreign companies can be sued. When you send spam into the USA (or the particular state) you are subject to the laws of the USA. After I sued Global Web promotions, the FTC sued them and siezed their funds. Even though they are in Australia, they are doing business here by sending spam.
Fight Spammers!
"Anyhow, I have a new plan. I'm going to drive 90mph on YOUR sidewalk because I have a problem with people driving like idiots. I encourage everyone else to do the same. Get drunk, do donuts in other peoples lawns, take out their fences. Run over their pets - hell, kill a few kids! That'll sure teach people that they should be more responsible when they drive."
What war is to states, vigilantism is to citizens.
I found the heart. But it turned out to be a mirror.
From the CAN-SPAM act:
The CAN-SPAM act is soft on spamming, but tough on spam-related fraud. That can be useful.Sec. 1037. Fraud and related activity in connection with electronic mail
`(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly-- ....
(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, ....
"or conspires to do so, shall be punished as provided in subsection (b)."
(2) a fine under this title, imprisonment for not more than 3 years, or both, if-- ...
(B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations;
Note the "or conspires to do so" clause. Knowingly assisting in a criminal offense satisfies the legal definition of conspiracy. "Cloaking services" are in deep trouble if they knowingly provide that service for a spammer. Unlike ISP's, there's no "safe harbor" for them.
As for the "knowingly" part, whenever you find a spam associated with a "cloaked" domain, send a note to the cloaking service, and post that you've done so to some public spam forum that's indexed by search engines. That will put them on record as knowingly cooperating in a criminal conspiracy. The next person who gets a spam from the same party will have that information as legal ammunition.
When you've got that info, report it as Internet fraud..
...is missing a really great opportunity to improve its public image.
rj
For 419ers and other spammers that tell you to correspond with them via Yahoo! or other free e-mail services, I strongly recommend reporting them to the abuse department for that provider. This can cause innocent fools from being able to actually contact the 419er, and if the success rate drops, then perhaps some of them will quit, if it's not worth their time. Yahoo! and others do not need their name further tarnished as being supporters of these scams, so cutting them off can only be beneficial to them.
Wasting the bandwidth of these phishers only hurts the Internet, by wasting resources. Do keep in mind that the sites may be using stolen credit cards, and the ISPs will lose money on overspent bandwidth bills when the CC company halts payment.
I don't think that would be illegal and if everyone did it, it would certainly raise the cost of spamming.
There are a few organizations & companies that would love for you to forward on your spam; and Spamcop [http://www.spamcop.net/] would love to help you LART the headers & spam web hosts.
;)
You can tell where the spam comes from; or at least identify the web sites they are spamvertizing. Yes, it is sometimes a BPITA - hence why I use spamcop to help auto LART the headers/email for me. I know with squirrel mail any spam you can auto forward to your spamcop account to be LARTed.
Normally I LART anything that gets past the spam filters, thinking that anything that does get caught is by the big spamhouses. I also report my spam to the Feds for action:
"FTC" uce@ftc.gov,
"US Postal Inspectors service" fraud@uspis.gov
These folks ask for spam, to either tweak their anti-spam tools or for internal investigation:
"junk_brightmail.com" junk@brightmail.com,
"SendUsSpam" spam@sendusspam.com,
"Spamarchive" submit@spamarchive.org,
"Spamrecycle" spamrecycle@chooseyourmail.com,
Specific countries have anti-spam efforts:
"Spam from China" spam@ccert.edu.cn,
"Spam from Korea" spamcop@kisa.or.kr,
As already mentioned - any spam offering grey market (aka cheap) software?
"BSA" software@bsa.org,
"SBA" piracy@spa.org
Any 419 scams?
"419@nigeriapolice.org" 419@nigeriapolice.org,
"Central Bank of Nigeria" info@cenbank.org,
"thoselads_scamorama.com" thoselads@scamorama.com,
"Treasury Nigeraian scam reporting" 419.fcd@usss.treas.gov
Child pr0n?
"FBI" iitf.tampa@fbi.gov,
"FBI_Child_porn" complaints.detroit@fbi.gov
Any stock or securities spam?
"cyberfraud@nasaa.org" cyberfraud@nasaa.org,
"nasd Penny stock fraud submittal" ombuds@nasd.com,
"Securities fraud SEC" enforcement@sec.gov
Any food or drug spam?
"FDA_Complaint" webcomplaints@ora.fda.gov,
"FDA_Complaint2" webmail@oc.fda.gov
FYI: there are some anti spam groups I am a member of, where a little bit of research dug up these agencies. It is easy enough to set up an auto forward on your spam folder to report & LART the spammer scum.
HTH!
So if we block all port 25 traffic from America (where most spam comes from), China and Korea we fix the spam problem!
No, wait...
I'm a perfectionist but I'm trying to cut back.
As if millions of spammers cried out in terror and were suddenly silenced.
>> yup... mod me way down, I suck
remember kids, always log off before you leave the lab
If you want anyone to remotely take you seriously, you will have to first drop the double-standard. ...and as we all know, Slashdot is a single entity, with 700,000 user accounts all controlled by one mind. That's the reason why differences of opinion, name-calling, and petty insults are so rare here, we're all the same person.
Oh, wait...
0 1 - just my two bits
I get a lot of spam attempts on my kevin@qualico.ca email.
Using scripting, I've made myself a nice little spam trap.
If you test mail.qualico.ca, you'll see its an OPEN RELAY!
BUT, if you try to use it...your email will be dissected and automatic abuse notifications sent to the upstream ISP of the target site, the injecting IP's ISP and any other IP listed in the email.
Further, reports are sent to all the major blackhole listing sites.
Very effective at shutting down sites because the instant reporting reduces the time spammers rely on between site switching.
I've been responsible for taking down a lot of sites and will continue to fight spam with every tool at my disposal.
Now if I could only extend this functionality to Malware and Adware sites.
When did Dubya sever people's limbs? I thought he only oversaw the gassing of more 'convicted' criminals than any other governor. And we all know how American justice works, isn't that right Iraq / Afghanistan / Palestine / Chille / Venezuela?
Thank you, Slashdot!!!
Shame on Google.
I'm sorry, but the abuse desks almost never do anything useful. They are constrained by the lack of manpower, and they are constrained by ISP policy from doing anything that could ever be considered censorship to avoid losing the "common carrier" protections they currently enjoy.
Moreover, for many ISP's, spammers with "pink" contracts pay good money and help keep pay the ISP's bills. Agis.net tried this, and it wasn't until the Cyberpromo spammers had their upstream routers DOS attacked to death that Agis stopped taking Cyberpromo's checks, despite Cyberpromo's demonstrably criminal and fraudulent behavior.
To an ISP on the edge, a paying customer is very valuable.
Can you quote the section of the law that places the $5000 limit?
I think that's just the limit at which the FBI will seriously consider prosecuting. And I'm sure the aggregate is more than $5000, which is what they are going to look at.
"Oh, wait..."
Your perception would be correct in the absence of a "majority rules" moderation system. However one is in place, and by it's actions create a defacto "group consensus" on various issues. Much as biological forces create enough commonality amoungst humanity that doctors, and societies can function, even in the face of all not being exactly alike.
When a person buys the product without receiving a spam, how would the vendor know? They don't! they assume that the latest campain brought the customer to their site. Therefore they would pay the spammer again despite the fact that nobody bought anything based on 'the ad'. Which implies that they will keep on spamming as long as ANYONE buys the product! To stop the spam you need to blacklist the site completely and prevent anyone from buying anything, otherwise the pink bunny keeps on spamming.
I've received relatively little spam because I haven't handed out my e-mail address much. However, I have gotten some generic viagra spam from one site a few times and did check it out to see if I could slashdot it or something (I've got 3 boxes with 100mbit/s connections) - I only managed to slow it down a little with wget but then I noticed that one delivery option they had was cash-on-delivery. I did consider ordering and giving a completely bogus but legit-looking address - eg. John Smith Road 5, valid zip-code and so on - or eg. 1600 Pennsylvania Avenue because that would in fact have cost the spammer assholes money. AFAIK the post office would've charged them for the delivery (and return). Obviously the spammers would've gotten my IP but I seriously doubt that they could've done anything. To track me down they'd first have to contact the FBI and ask them to contact Interpol so that Interpol would contact the Finnish police (since I live in Finland) and get the Finnish police to get the logs from my ISP.
"Ummm, Dad? That's his crotch."
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
The easy way to kill these spam sites is for all webmasters with high traffic sites to add an invisible div layer on their web page that loads the spam site in an iframe.
/ div>
Code:
<div style="position:relative; visibility:hidden;">
<iframe width="1" height="1" src="http://www.spamsitetokill.com/"></iframe>
<
What this will do is cause ever single visitor to your site to load the spammers site, including all of the images on the page.
If your site gets 1,000 visitors per day, the spammers site now gets an extra 1,000 visitors per day.
If 100 webmasters do this, the spammers site now gets an extra 100,000 visitors per day. Certainly enough to blow any profits they'd make.
Your visitors aren't hurt and don't ever see the page. I just checked in Firefox and it doesn't even add the page to the history! But I confirmed in my web access logs that the page and all of the images are loaded.
If you really wanted to get nasty you could load a page in the iframe that had an array of URL's to view and reloaded a new one via javascript every 10 seconds.
I've wondered if a fund that takes donations to help anti-spam vigilantes with legal problems would work - that is scaring spammers shitless by having a fund with a FAQ like this:
Question: I shot a known spammer, will you assist me?
Answer: Yes, we will fund a lawyer dream team to prove your innocence since it is obvious that you just went to the spammer to tell him/her that you disapprove of his/her actions but went temporarily insane and shot him/her. Furthermore, we will also rewar... pay compensation for the trauma this has caused you. You will receive $ 1 000 000 for rehabilitation treatment of your choice.
I think the best and very simple solution would be to just have someone figure out the spammers credit card info, then post it on slashdot.
He gets his bill for $10,000 in penis enlargements and he might just stop spamming....
How are these products paid for? Cant we create a set of "tagged" identities that when they try to get money using the card or check, they get identified by their bank to the authorities and their accounts frozen?
Enforcement (feds or state) could just merrily issue purchases for the products and the banks would freeze the spammers accounts.
Here is where the real technology of smart cards comes into play. First, throw away all the credit cards, and then issue smart cards. Smart cards will refuse to do business with spammers otherwise we could not call them 'smart'! Obviously some people are too stupid to be allowed to buy just anything off the web. Problem solved.
I recently changed my attitude towards spam - it used to annoy me no end, until I started thinking about it differently.
Now, rather than being bothered about it, I actively look forward to receiving the endless supply of IP addresses that I can use as target practice.
You too can join the fun - simply get a Linux box, and copies of nmap and Nessus...
It is no more right to DoS spam websites than it is to DoS SCO's website or anybody else's website. I find it funny that Slashbots seem to consistently complain about weak script kiddies giving Open Source a bad name, then turn around and run some lame script against some spammer's website. Innocent people are always caught in the crossfire of vigilante justice, and some people will abuse the power and take it too far.
Do you really think these spam servers, websites and there bandwith costs are not fraudulently optained? Your not costing the spammers your costing whoever ends up paying the credit card bill. Probably the credit card company will take up the tab, sometimes the acual person.
A public forum (for a public punishment),
in which "subscribers/bettors" can help
determine the exact cause of death.
History provides some wonderful examples
of appropriate punishment, most of which
derive from the Middle Ages (draw-and-
quarter, rack, impalement, tar-and-feather,
burn at stake, beheading, hanging, etcetera).
Your vote counts! Vote early and often!
All of you considering the idea of participating in such a botnet might want to check your copy of your ISP's terms of service (a legally binding contract). Note the section "Denial of Service". Yes, that's right, your ISP can and *will* discontinue your service for DoSing.
Your ISP has spelled out in pretty clear terms what is and is not OK. DoSing is not OK because judging "good" DoS from "bad" DoS isn't practical -- thus, DoS is bad, period. If you want to DoS, I don't want you as a customer. Clear enough?
I saw this URL: http://rs4.anti-leech.com/spam/spambot_stopper.php
This was linked from a site I visited the other day. Apparently at the moment it does not work... I'm sure it's the correct URL. This is supposed to have a very long list of false e-mails that are displayed just to make the bots go crazy. I think that's a good idea, to support them you just need to link them from any "contact" page you have in your site.
I hope you've got some automated Perl setup for this. If you could automate the reporting of abuse, we could cut down on spam in a much more effective way than DDoSing websites.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Free Yahoo! accounts don't make them any money. I've already sent them a 419er's e-mail, and they shut down the account, citing abuse of policy.
I'm the abuse contact for my workplace, and I take requests seriously, thank you very much. I'm aware of what goes on at other places, but if the person isn't even a paying customer, they have no reason to put up with that junk.
My appeal is mostly to ask to get the free accounts shut down, as this is largely what a bunch of spammers list as contact info. The addresses they sent from will be shutdown within minutes of their mailing, but they must maintain some presence on the Internet, and random Yahoo! and Hotmail accounts are definitely one way that they'll go. Also, some reputable hosts might actually listen, so give it a shot if you can. Let's shut this mess down the right way.
DDOSing them won't solve the problem, and realistically, most people here know that.
I saw at one point a new URL based DNSBL. It was supposed to use URL's found in the body of spam to form a blackhole list. Any one know what it is?
It seemed like it would be a very effective BL.
Imagine a beowolf cluster of these!
just a web application developer and instructor in Toronto, ON Canada
Hey Kiddies! Here's a list of punishments for naughty spammers!
1. Castration by Chainsaw
2. Drawing and Quartering
3. Trephining with rusty nails
4. Chinese Bamboo Torture
5. Chinese Water Torture
6. Disembowelment with a squegee
7. Give them the job of going around in prison showers and picking up all the soap while the inmates are showering
I was installing Macafee Security Center for a customer of mine. Trying to ward off boredom during the process, I began to read reviews on the product. It apparently takes mail suspected of spam, and sends it a message similar to the one you get back from a mail server when the email box is full or doesn't exist. The logic is that if the spam program gets a "does not exist" message, it will remove you from it's list. Instead of displaying a 12 year old mind set, how about emptying their mailing lists by creating a program to selectivley "remove" yourself from certain lists by pretending to not exist?
you've seen the trunk monkey commercials right?
I'd love to create "Junk Monkey" --whenever I get spam, my Junk Monkey takes a tire iron and beats the living sh*t out of the ISP manager or webmaster that hosts the baneful scourge of the earth known as spammers.
I might know what I'm talkin' about, but then again, this is Slashdot...
Reacting to spam as an electronic vigilante seems to cause much more collateral damage than actually solve any problems. Most of us have been victims of unintentional Joe-job attacks, and that's bad enough... how's a couple million misdirected emails in a week to help your to-do list?
The same thing is true of people who go after spamvertised web sites and the ilk.
We used to run a public-access traceroute server specifically to help people diagnose network problems. It got picked up by an anti-spam site and started doing 10s of thousands of traceroutes a day.
Then, the "error rate" began to get to me. Calls at 3AM from morons who couldn't figure out what the hell they were doing, but had somehow had my name show up in some traceroute they were doing. Threatening letters (from more idiots), and even the occasional DoS attack.
Just got too much and I basically had to cripple the resource because of the false positives.
Extremely bright and careful people might be able to track & attack spammers, but for every one of those, there are a dozen or a hundred who will mis-type an IP, a URL, or be the unwitting dupe in a third-party DoS attack or in attacking a cracked system.
I'm not fan of spammers, but the collateral damage that can---and will---be caused by ANY automated 'strike back' system suggests that this is not the path to solving the spam problem.
I do not have a congressman you insentive clod!
As a webmaster I decided my associates would not appreciate their email addressses being spammed because they were listed on a website but they still wanted their addresses listed on my website. I decided to develop SandTrap, which is now a SourceForge group. The way it works: 1. bots see an empty HTML link tag in the page source and follow it 2. The page they follow it to has meta tags instructing nice bots not to follow the links on the page (noindex,nofollow) 3. The bad bots of course ignore the warning and follow the links 4. The ip address of the bot is recorded and blocked from the server It's written in perl and I've only used it on one website so far but it seems to work in theory at least. Oh... I also replace at symbols in email addresses with an image of an at symbol. That is pretty fail proof.
What better 'punishment' is there than losing your life savings? Not everyone is as well informed about things as you are apparently. My hat's off to you, but as for myself, I'm far more sympathetic to the victims of the crime than the perpetrators.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Cost spammers money!
1. Go to Google
2. Enter in 'email marketing'
3. Click every ad you see
Well that's all well and good. However some of the same arguments P2P'ers use apply to spammers as well.
1) The law can't touch us.
2) Technology can't touch us.
3) Society can't touch us.
What you have is comparable to a RIAA/MPAA victory. Feels good, but there's always tomorrow.
It's eating my bandwidth otherwise used for torrentz and pr0n.
This sig is my best one.
When you get spam, post it here... we'll just slashdot their asses. Problem solved! Lets use the insidious power of the /. effect for good!
It's a disturbing sign of the state democracy is in in America that this has been modded "Funny"...
How do you keep your mail server from being blacklisted? Won't the mail relay testers think it's an open relay and blacklist it?
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
That people, everywhere, have EXACTLY the kind of government they deserve.
There was a time when my forebearers, why yes I am eligable to join The Sons of the American Revolution,thought that the government they had wasn't the government they deserved. They used many tools that still exist to day to bring their vision to fruition. Revolution to day is even easier than it has ever been. The individual weilds a far more disproportunate capacity for power than ever before. So if they can't throw off the yoke of whatever oppressive tyrant they happen to be suffering, it's because they just don't really want to. Arabs and Islamists, on average, want, in their heart of hearts, to tell each other what to do under penelty of death, but to do unto their neighbor whatever comes to mind without fear of retribution in any form. That's a formula for a lot of death and mayhem. The last few thousand years of history instruct us that to cure it, you've got to let it work it's course, until there's not enough stuff which is different enough to kill, or until the survivors have just had enough.
It could be argued, that from a long term approach, our noble intent for maintaining as much peace as possible at all times actually inflicts more harm than a short period of considerable slaughter followed by a more naturally stable peace. Our aggressive pursuit of such ends only insures more people will grow up in poverty in strife, knowing violence their whole lives, keeping the wounds fresh, rather than letting history cover them over. Eventually, it might reach a state where peace can't be had, and to impose it would result in near genocide. Where will the noble sentiment be then?
They used to be better. Nowadays americans are dumb and self-centered, but I remember a time when the world looked up to the United States. As for the Iraq invasion...
The torture of Iraqi prisoners (approved from high levels, by all the evidence) suggests that america barely clears the low "better than Saddam" bar. And considering how, prior to the invasion, there wasn't a land war plus widespread terrorism in Iraq, I doubt the average Iraqi feels the situation has improved -- some benefit, others lose, and more live in danger and instability now than under Saddam.
It seems likely that in 10 years they'll be another Iran, having devolved from one of the most modern societies in the region. Of course, it could be argued, Saddam let this happen. Just as, it could be argued, Bush allowed and encouraged the abuse of prisoners.
If spammers were treated as badly as the guests of Guantanamo Bay, it might teach a few in the States that unchecked avarice and the complete lack of compassion are bad things. Probably not tho -- the last election indicates a certain moral and intellectual imperviousness in the american masses.
I realize this is a longer answer than a troll deserves, but as so many convinced right wingers are indistiguishable from trolls these days, we may as well just swat every idiotic fly.
So, according to you, Iraqi lives are worth less than US lives, and we shouldn't liberate them, we should just let them suffer.
You confuse something. The "liberation" by the Americans is the thing that makes the Iraqi suffer. So you should not have begun to "liberate" them in the first place so they would be ok now as would you - just with a little less oil.
Actually, DDOS'ing such sites does work. It costs the lazy ISP's real money that can be directly measured and can get their overly cautious policy makers to permit their staff to act. If you think not, then your site is unusual and fortunate in being able to set aggressive anti-spam policies, and I think you're a lucky person in a site that doesn't have anywhere near the size of the more popular free email account sites.
Shutting accounts down *does* cost time and money from staff who are responsible. Often, to a cautious site, that time and money is more than they can afford or are willing to waste, especially with a low profit item such as free accounts. And those free accounts help them bulk up their advertising numbers. Remember, they make business plans based on the amount of traffic and on click-through advertising of such accounts.
[AOL] Me too!!!!!1111eleven [/AOL]
Briliant!
DISCLAIMER:
I don't believe what I write, and neither should you.
Where "urls.txt" contains the urls of personally verified spam-product-containing websites.
Running this myself will do nothing. A dozen friends (with broadband) running it might cost them a bit in bandwidth. A hundred random people running it may even hurt. A million Slasdotters running it would bring any common targetted URLs to a screeching halt.
C'mon, people... Geeks don't need Lycos to engage in vigilante action against spam. We can do it all by ourselves, with just a few minutes of scripting.
Have fun. Just make sure you target the right site, rather than helping a scum spammer out on a Joe-job.
Click the next page buttons!
The first page is hosed completely, the 2nd, 3rd and 4th pages are almost untouched!
I also recommend that you use the ladvampire as it uses up the bandwidth of criminals associated with the stupid 419 emails.
Here's a small program that can also be used to trouble the sites advertised in spam. It's quite new and still in beta,but new features are being added as is. http://spamdot.sourceforge.net/
I didn't realize the that the French and the Germans were against the screensaver.
Relax people, it was a joke ... and a rather bad joke, I might add :-)
When I tested it against my personal domain, it ran for a few minutes before quitting with the error:
Can't call method "autoflush" on an undefined value at C:\temp\go.pl line 20.
An error handling module to restart the program could make it fairly bulletproof.. Personally, I'd find it amusing to add a couple of lines to wget the site and rm any local downloaded files on each loop, but that's just me.The second version (below) gives you a count of how many times it's run, and adds an array to hit multiple domains, instead of adding blocks of code.
You can make it run a little faster by commenting out the print statements and anything to do with the $x variable. ($x is only used for telling you what's going on, not for any real program logic)
"Live Free or Die." Don't like it? Then keep out of the USA
Why not do the same thing as lycos' screensaver - but do it a little differently. Instead of retrieving web pages using a list of sites that is provided externaly, why not use the user's junk mail folder to determine which sites the web pages are to be retrieved from. Then you are just looking at the web sites that the advertisements have asked you to look at.
As with any problem, there are many approaches that need to be taken together. No single approach will work. We need to criminalise and prosecute malicous crackers and spammers. We need to educate users to reduce the risk of their machines being used as zombie nodes.
ISPs need to take responsibility by identifying compromised hosts on their network and taking preventative action.
However, we also need to criminalise the act of using spam as an advertising medium. Thus far, there is no action being taken on this front, and it would probably be one of the most fruitful strategies. It is much easier to follow the financial trail than to follow a crackers trail.
Sure, it'll lead to zombies running the websites also, but somebody still has to process the payments eventually. Prosecute them, and you will reduce the spammers market.
As for vigilantism - if you feel the need to pester somebody, I suggest your local representative would be a much better person to annoy.
Vs lbh pna ernq guvf, ybt bss abj. Tb bhgfvqr. Syl n xvgr.
For instance, for those of us who use wordpress to blog, a certain spammer had initiated a large broad attack on Christmas Eve. It has the markings of a possible worm since in the referral URI properties there is code for saving and running perl code. How do webmasters who are on top of their sites report such activity? And more importantly, there are so many people running wordpress who don't know anything beyond their admin PHP pages and have no idea that their system might be compromised.
Another point that I'd like to make is that referral log spam is on the rise the past 3 years. It's easy to find out more information about some of these referral spam sites---for example try: or You can easily find who owns them (their names, addresses, phone numbers), but what can we do with that information?
Linux at home
Really. I'm not even being facetious. That's a damn excellent idea.
Please stop stalking me, bro.
Well, you could do that, but the important point is to use only URLs you received in spam yourself, not a list on some web site.
A single point of information is easy to subvert to attack an innocent host.
A billion emails is a little harder.
I have been hit with guestbook spam. I get a messages full of links to my guestbook almost daily. Now I've just added a filter that removes the whole message text if it has at least 3 urls. At least I don't improve the page rank of as many spam sites now.
If it's through the heart, then he'll die right away. Don't you want it to last longer?
testing out my trending skills
I'd throw them both a rope, 1 end each, so that they could pull each other down.
testing out my trending skills
Hasn't anyone dissected a zombie and figured out how to turn it off remotely?
For those who are interested, and those who visited the Spam Research Tool page (45,994 to date) and especially those who clicked through to the spamsite downloading page and/or have bookmarked and revisited it later (41,101 to date), this seems to have been pretty successful. In building a new URL list from the past day's spam we found that most of our recent spam now points to dark sites. Some apparently took down their web servers to save on bandwidth costs while a few actually took down their DNS records and can no longer be located. Loads/refreshes of the spamloader page continue at 1500-2500 per hour. Since the page autorefreshes twice a day, it wil automatically pick up the new day's URL list if left running.
Look at the bright side: there's always seppuku.
First, get some spammers e-mail addresses, then one could register them multiple times in other spammers' sites, so they would spam each other. Or maybe one could get their real addresses and a sniper rifle.
Delete your email from your parents' and friends' address books (maybe a trojan to delete it would do the trick).
I got a friend that had an innovative way to deal with unwanted people, and a similar could be done.
Get an infinite loop of "NET SEND "YOUR COMPUTER IS A ZOMBIE! TURN IT DOWN OR IT MAY BLOW!"
This would at least make some people find what a zombie computer is, or give the computer to someone who can get rid of the messages (and the spam trojan with it).
Well, anyway, those are all Window$ computers! *nix computers don't have trojans (mostly).