Slashdot Mirror
Spamfighting Since the Death of MakeLoveNotSpam?
vacuum_tuber asks: "The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd. There was speculation after its demise that Open Source spam-punishing tools would emerge. Other tools such as SpamVampire, LadVampire (punishes fake bank sites), Spam Research Tool and others were mentioned with increasing frequency, but there has been no coherent followup to gauge what people are doing since the death of the Lycos screen saver. What are you doing that you think is effective in punishing spammers or their spam-site sponsors?"
Just chop their heads off. See how well they spam if they cant see their monitor.
The best way to fight spam is to go home and turn off your mom's zombie computer...
or else!
Cooperation and user persistance has pushed spam already to the fringes of the Internet. Spammers have to just compromissed machines and other criminal methods to spread their messages.
Making them a victim will only make it harder to push them out, and it will take away resources from the actual problem: People buy the crap offered by spam! Spam is no longer free. If people would just stop buying based on spam, the problem would solve itself.
SANS Internet Storm Center http://isc.sans.org
I've been spamming the spammy spammers with my anti-spammer spammer. My spam scripts is well suited to spamming spammy spammers with spam. Spaming spammers is the best way to get them to stop spamming. Infact sometimes I use other spammer's spam to spam the spammers.
Now I'm off to eat my breakfast of spam, eggs, bacon, and spam.
Just a guy with an opinion
Make spam illegal, that is the only real way to stop it.
Write your congressman, if you have some free time try to meet with one of them and lobby them. Few people know how remarkably easy it is to get your congressman to sit down and meet with you.
Le français vous intéresse?
SPAM punishes itself by giving an "evil" image for their company.
Best way to punish spam is by keeping your friends AND foes aware of what to not pay attention. In the end, hopefully, they'll make less profit. Nonviolence resistance demands patience and is a slow process but always shows progression.
I use Spamvampire almost constantly. It works great. It sucks up their bandwidth, and while it doesn't DOS them, it does make the business of spam a hell of a lot less financially viable. I regularly pound on spammer sites (the sites actually selling the garbage) for a few days, then the site dies. Now, there's no way to know if it's because these sites are only designed to be live for a week or so at a time, or if I really am hitting them in the pocketbook, but I'd like to think that it works. At the VERY least, it makes me feel better knowing that somebody is going to be very shocked when they see their bandwith bill at the end of the month. And, the info that the guy who wrote the SmapVampire scripts concerning the 97% billing is very true, so the results he describes are actually quite realistic.
I don't respond to AC's.
Sending xmas cards to inmates about to be released from prisons in their state with the spammers name and home address as the return address with sincere hopes that they will come visit once they get out. Plus I get to use up all these extra xmas cards instead of packing them away for next year.
I Am My Own Worst Enemy
Another method is to hit the spammer's website... consider this perl fragment:
while (1)
{
- $sock = new IO::Socket::INET (
}- Proto => 'tcp',
);PeerAddr => 'website',
PeerPort => '80',
Reuse => 1
$sock->autoflush(1);
push @sockArray, $sock;
Naturally, the above code is for educational purposes only and is not intended to be used in anger
and this motley crew shall /. into oblivion...
If a spammer and a phisher were both drowning in a pool, and you only had enough time to save one, would get lunch or go for a walk?
If brevity is the soul of wit, then how does one explain Twitter?
Give them info that at least looks real.
If you give them your real phone number, then you can keep them on the phone line for 1/2hour (if you've got a headset), while you play your favorite game.... then tell them you hate spammers.
Even if you don't give them your real time, it forces them to verify the data. People pay for info from those spams because it's mostly good data. from people who want mortages.
If you keep the S/N ratio from spams higher than random cold-calling, then the spam's useless.
For stuff like cheap viagra, it's mostly an attempt to get them to annoy their credit card company. or just wasting their time. If we (slashdot) can each get spammers to waste 10 seconds of their time, that's some number of spammer man-years. If we can each get them to waste 10 seconds a week, they're out of business.
It's using the statistics of spamming against them. They currently get about 1million-1 response ratio with a very high signal-noise ratio. If we can get that up to 1000-1 with a 1-1000 signal-noise ratio, then they'll drown in their own garpage.
Free Software: Like love, it grows best when given away.
Or
LWP + PERL + SPAM = Fun
Take your pick, for something simple like a website that is hosted on compromised machines, simply loop the address through wget, use the output of ps -aux | grep wget | wc -l to keep the system load down to something reasonable - like 50.
Another fun game is when the spammer/phisher wants some personal information. Use LWP to walk through the order stages or web pages. Then give them the information that they asked for.
Name - Don't you know
Address - don't you wish you knew
City - not yet
State - that one
zip - 12345-678
Special order instructions:
Don't ever e-mail me again, ever, please. I'm begging you. In fact I'll be nice, i'll only send this very same message once for each attempted spam delivery. So far the machine that delivered this message has also made 150,000 connections, to try and deliver messages to users that don't exist.
Add random garbage to through off simply filters. Rinse and repeat until messages stop coming to you
Using the host command, with the name servers that show up in the whois. Walk the dns. It's trivial to repeat until server stops responding. Especially if the server is another zombie.
Tactics usually prove good at stopping sites hosted on compromised broadband connections. These machines generally have upload limits that run out quick. Sites hosted in China or Russia seem to have more bandwidth and can take more of a load. I only know this because I read around. I would never, ever advocate such a thing as returning the spam I receive to the spammer via his web sites order page. Doing what is suggested would probably get you in trouble.
My solution? Baseball bats, but my lawyer has told me that they may be illegal as well.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Posting the physical address of a spammer on /. and asking people to "please not sign him up for all the snailmail-spam you can find because that is so impolite" seems to have worked well in the past.
Well, it worked at annoying the spammer, that is. I don't know if the amount of sent spam actually declined.
So spammers would be crushed under their massive erect penisses...
I think we can keep recursing like this until someone returns 1
A long (long) time ago, I came home to find my wife pumping some online poll, somewhere. Vote, click, wait, back. Vote, click, wait, back. It seems that Marvel was running a "who's the coolest X-Man" poll, and the various fan-groups were doing their damndest to win. Since I wanted my computer back, SpamHammer was born. With a dynamic array of winsocks, it'd allocate as many as the target server could handle, and repeat the voting that you'd "taught" it xxx times. It did well, to the order of a thousand or so per minute if the target could handle it. I must say, the pained expressions on the faces of the various people who were NOT in my wife's fan-group was worth every minute spent coding it, if only I could have seen them. An army of them would spend an hour pumping in a few thousand votes... I'd throw in 10k votes in the time it'd take to make a cup of coffee. It was a few years ago, but it was the type of user-torture that lasts a lifetime.
Eventually, the phishing scams came out. And the mortgage quotes were flowing in. And I got tired of all of them. And I remembered SpamHammer.
So, a LOT of searching of the old file-tree to find it, a little tweaking, and V2.0 was born. This new version supports everything needed to pump tons of crap into any site, POST or GET, cookies or not. I spared no feature - from random emails, random name permutations from the USCB, junk mailing addresses that'll pass a city/state/zip xref, random credit card numbers with proper checkdigits, and even stuff picked from lists (think of med sites). Mortgage quoters want leads? Here, have a million. Just don't bitch when the lenders refuse to pay for those leads. Phishers want accounts and passwords? No problem - with the added benefit of DOSing the target host. Free viagra? Oooo... I get wood just thinking about it... here, have a hundred thousand orders for random crap on your site.
I'm not sure why, but there's something satisfying about getting a "write failure: access denied" after pumping a few million POSTs into a site, consisting of every major field being 32K each. The only thing more satisfying is knowing that certain med-sites simply email the order to an in-box... here, have a big pile of 1Meg emails.
help me i've cloned myself and can't remember which one I am
Even though spam may be international, the foreign companies can be sued. When you send spam into the USA (or the particular state) you are subject to the laws of the USA. After I sued Global Web promotions, the FTC sued them and siezed their funds. Even though they are in Australia, they are doing business here by sending spam.
Fight Spammers!
There are a few organizations & companies that would love for you to forward on your spam; and Spamcop [http://www.spamcop.net/] would love to help you LART the headers & spam web hosts.
;)
You can tell where the spam comes from; or at least identify the web sites they are spamvertizing. Yes, it is sometimes a BPITA - hence why I use spamcop to help auto LART the headers/email for me. I know with squirrel mail any spam you can auto forward to your spamcop account to be LARTed.
Normally I LART anything that gets past the spam filters, thinking that anything that does get caught is by the big spamhouses. I also report my spam to the Feds for action:
"FTC" uce@ftc.gov,
"US Postal Inspectors service" fraud@uspis.gov
These folks ask for spam, to either tweak their anti-spam tools or for internal investigation:
"junk_brightmail.com" junk@brightmail.com,
"SendUsSpam" spam@sendusspam.com,
"Spamarchive" submit@spamarchive.org,
"Spamrecycle" spamrecycle@chooseyourmail.com,
Specific countries have anti-spam efforts:
"Spam from China" spam@ccert.edu.cn,
"Spam from Korea" spamcop@kisa.or.kr,
As already mentioned - any spam offering grey market (aka cheap) software?
"BSA" software@bsa.org,
"SBA" piracy@spa.org
Any 419 scams?
"419@nigeriapolice.org" 419@nigeriapolice.org,
"Central Bank of Nigeria" info@cenbank.org,
"thoselads_scamorama.com" thoselads@scamorama.com,
"Treasury Nigeraian scam reporting" 419.fcd@usss.treas.gov
Child pr0n?
"FBI" iitf.tampa@fbi.gov,
"FBI_Child_porn" complaints.detroit@fbi.gov
Any stock or securities spam?
"cyberfraud@nasaa.org" cyberfraud@nasaa.org,
"nasd Penny stock fraud submittal" ombuds@nasd.com,
"Securities fraud SEC" enforcement@sec.gov
Any food or drug spam?
"FDA_Complaint" webcomplaints@ora.fda.gov,
"FDA_Complaint2" webmail@oc.fda.gov
FYI: there are some anti spam groups I am a member of, where a little bit of research dug up these agencies. It is easy enough to set up an auto forward on your spam folder to report & LART the spammer scum.
HTH!