Slashdot Mirror
Spam War Takes Out Blog Services
munchola writes "Following on from the story about spammers attacking Blue Security's anti-spam system, CBR is reporting that Six Apart, which runs the popular LiveJournal and TypePad blogging services, has become a collateral victim. Six Apart told its millions of bloggers it had experienced 'intermittent and limited availability for TypePad, LiveJournal, TypeKey, sixapart.com, movabletype.org and movabletype.com', before resolving the issue in the early hours of Wednesday. '[The spammers are] trying to rip apart the internet just to make our community stop fighting back against spam,' Blue Security's chief executive Eran Reshef said, adding that he knows who's behind the attack."
I once went onto a support wiki for a company's website, all the articles had been cleared and multiple new ones had been added, something to the effect of: Free sample! Prescription drugs... Its sad, they took over a support wiki and filled it with spam.
Obligatory blog plug: http://www.caseybanner.ca/
"He's trying to rip apart the internet just to make our community stop fighting back against spam," Blue Security's chief executive Eran Reshef said of the spammer he believes launched the attack.
LiveJournal and TypePad found themselves suffering the brunt of the attack when Blue, which says it has been targeted by a "top four" Russian spammer, redirected the front page of its website to a blog hosted at TypePad's data center.
Reshef said Blue replaced the front page of its site with the TypePad blog to keep its users up to date with events, and disagreed with commentary that said Blue acted irresponsibly by passing the DDoS burden to Six Apart.
"We didn't offload any DDoS," he said. "That's like blaming the victim of a crime."
Since they were apparently in contact with this dirtbag, didn't they see this coming? Perhaps they were just being well-intentioned by shifting their front page to a blog with information for their users, but since they don't host the blog, that seems like dirty pool. Spammers are not known for being the most easy-going people in the world and sure he made threats about a DDoS. Seems a bit iffy. It could all be above board but without more info, who knows?
I find it interesting that they supply spammers with the addresses of their clients, so the spammers can avoid emailing them. Wouldn't a spammer get that info when they get bombarded by unsubscribe requests? Seems like handing the fox the keys to the henhouse while you slip off for a brewski.
GetOuttaMySpace - The Anti-Social Network
The best way to eradicate spammers would simply be to go after their clients.
That hasn't worked yet. If you have some idea how that could be accomplished and effective against spam and spammers, please feel free to elaborate.
Blue security seems to be causing pain to spammers, enough to get a rise out of them at least. Aren't they actually reflecting the spam back to the source? I think that was their tactic.
If they are effective, that's a net positive in the spam fight.
.
I've devised a method to keep opting out while Blue Security's down. I posted it on my journal.
The next step is automating the process, perhaps making a new version of Blue Frog that doesn't rely on a centralized server. Do that, and we'll regain our mailboxes.
This would be possible if more resources were diverted to fighting organized crime (and spam). Some countries do it, some don't.
Wordpress is an excellent open source blogging tool. Couple that with Bad behavior and Spam Karma 2 and you've got yourself a near impenetrable blog to spam in your comments. The new version of Wordpress has tools to migrate from some popular blogging systems, so.. go check it out.
I make these: http://beatseqr.com
Even if that's not the case here, it's certainly possible for someone malicious to subvert Blue Security's agent in such a manner.
It seems blue security has been compromised by the spammers.
I can't see why blue security should be blamed- except for their security problem.
The problem is spam and spammers, and it is ludicrous to think otherwise.
I have been working on the spam problem for >10 years.
The problem is lax ISPs and network operators who don't pay attention to their mail. Who don't jump on the trojaned machines on their network that are causing >90% of the spam problem in the world.
I have had the same trojaned machine sending me the same spam every 15 minutes, from a school district. It took me days to finally get a shitty response out of the network operators there to get that machine shut down until it could be cleaned. They didn't seem concerned at all, it was like I was "bothering them" to ask them to stop that machine from spamming.
I bet it was sending 150,000 messages between the ones I received. Obviously a major problem. They couldn't care less.
Now THEY should have been DOS'd.
Ya know, several years ago I asked one of the principles of Akamai to get involved, to provide some of the bandwidth and hosting in a fault tolerant fashion, which they reportedly are in a unique position to provide on their monitored distributed network. Practically cannot be effectivedly DOS'd. They thought my proposal "interesting" but didn't want to get involved for the good of the internet, because they didn't want to attract attention from the bad guys.
It wasn't 5 or 6 months before they were DOS'd and extorted.
EVERYONE is involved now. We are all being extorted by the spammers. If you cross them they will attack you, even if you just ask them to please stop spamming you.
The only possible answer is responsibility. Networks being responsible for what goes on over their network. Shut down spammers. Don't rent them servers. Don't sell them bandwidth. Jump on problems, even on weekends and holidays, and you have to do it FAST.
Nothing is going to stop spam completely, we can only increase the cost to spammers, and increase the costs for networks to sell to spammers. Make it uneconomical to have spammers as customers.
When the cheapest T-1 a spammer can find is $250,000 a month, spam will stop.
.
Need an analogy to understand why SixApart should sue? It'd be like a corrupt police unit grabbing a school bus full of kids to use as human shields in the middle of a gun battle with a gang while the cops try to fall back and call for backup.
Poking hornet's nest is a good thing if the hornets get so riled up the start stinging everyone, including the fucking owner who lets them run wild and sting everyone, aka, the people paying the spammer.
If corporations are people, aren't stockholders guilty of slavery?
It's an indirect approach.
The spammer does not get 'hit' directly, but his "sponsors" (as they were called somewhere) are.
I'm sure the "sponsor" won't be pleased once this system gets enough momentum to actually interfere with his commercial activities, and hopefully he will think twice before giving another "incentive" to the spammers.
Hence, the spammer will see his income diminish and either has to focus on other "sponsors", or find a different means of income.
I'm sure some of these guys are not stupid and will find a way to put their IQ to some other, hopefully a bit less anti-social, means. Those that wish to fight the battle to the bitter end, well, good luck to them but I'm convinced that in the long run they're fighting a losing war...
If there is one thing to be learned on slashdot, it has to be sarcasm.
Your analogy is also crap.
The best I've got is running a business out of your home that does tit for tat retaliation on organized crime businesses. They rough up one of your boys you rough up one of theirs. They get upset so they burn your house to teh ground. You escape and leave a note on the burnt out ashes that you'll be staying at the Middlebury Hotel in case your clients need to get a hold of you. The mobsters see the note and procede to burn the hotel to the ground as well.