Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpamSlayer - should we DDOS spammers?

Posted by ryuzaki0 on from the what-lines-to-cross dept.

pointbeing writes "Just read this article about a company called Blue Security that essentially floods a spammer's website with requests to unsubscribe members - we're talking thousands of requests per day - the company's CEO says that fighting back by "inducing loss" against spammers is the only way to eventually stop them. Although I hate spam as much as the next guy, is participating in a DDOS attack the way to bring spammers to their knees? If it's okay in this instance, it it okay to DDOS the next guy who does something we don't like? "

6 of 587 comments (clear)

  1. Sophistry at its finest... by TripMaster+Monkey · · Score: 5, Insightful

    From TFA:
    The influx of tens of thousands of requests exactly at the same time floods the spammers' Web site, causing it to become inoperable.
    Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?

    Also from TFA:
    Launching a distributed denial of service attack is illegal in the U.S. and in most European countries.
    That's what I thought...what does Blue Security have to say in their defense?

    Again from TFA:
    Blue Security's Reshef bristles at the notion that his firm is involved with any type of DDoS attack. "We aren't trying to shut down any Web sites. We are just trying to slow these sites down so much the spammers can't earn money"
    Sorry, Reshef, but what you are describing is a textbook example of a DDOS attack. Whether the site in question is actully shut down, or merely incapacitated, is beside the point.

    This whole caper is a non-starter, especially so since a precedent for this sort of thing has already been established by Lycos Europe.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Sophistry at its finest... by Tinik · · Score: 5, Insightful

      Vigilatism may seem like a good idea at the time, but always leads to problems in the long run. It's better to work through proper channels to resolve these problems. If the proper channels can't resolve the problem, then work to fix them.

      Doing things properly results in a more permanent fix. Vigilantism just gets innocent bystanders hurt and only works until the next guy comes along.

    2. Re:Sophistry at its finest... by Technician · · Score: 5, Insightful

      Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?

      Rule #1 Spammers lie
      Rule #2 see rule #1

      If an e-mail has false headers, what makes you think the reply-to or un-suscribe belong to the spammer. A DDOS against a third party (Joe Job) is not the way to shut down a spammer. You may be helping him shut down his legit competition. An obfuscated URL may point to amazon.com for example.

      I liked the other aproach of repeatedly reloading the page used to buy the spammer's product. That's a way to have them melt or have the hosting company become less friendly to hosting spam product order websites.

      --
      The truth shall set you free!
    3. Re:Sophistry at its finest... by ArsenneLupin · · Score: 5, Insightful

      Personnally, I prefer to submit only one single unsubscribe request. My email address just happend to be ...:
      'or'test@yahoo.com'like'%
      If the spammer uses sequel sewer or access rather than a real database, this will wipe their address list squeaky clean!

  2. No, no no no no... by gmknobl · · Score: 5, Insightful

    I'm sorry, acting just like a criminal for revenge purposes, no matter how satisfying, is wrong. It just brings you down to their level.

  3. DDoSing spammers by farnz · · Score: 5, Insightful
    If you're sending an unsubscribe request to a spammer in response to a spam you've received, that's not intended as a DDoS; the spammer invited you to contact them and unsubscribe, and should have taken care to limit their list to avoid accidentally DDoSing their servers. In the same vein, I see nothing wrong with browsing a site advertised to you in a spam, despite intending to merely use up bandwidth, rather than make a purchase; again, if the spammer isn't happy, they shouldn't invite you to browse their site (in other words, they shouldn't send spam if they don't want to be visited).

    When you start trusting someone else to tell you who's spamming and who isn't, you invite them to abuse that power; what guarantees do you have that Blue Security will never go to a legitimate site owner, and threaten to tell SpamSlayer users that the legitimate site is spamvertised unless Blue Security receive enough money?

    --
    I appear to have a blog. Odd.