Slashdot Mirror

← Back to Stories (view on slashdot.org)

One Man's Fight Against Forum Spam

Posted by CmdrTaco on from the heroes-and-villians dept.

JWSmythe writes "Free Internet Press has an interview with 'Random Digilante,' an anonymous hacker who has been taking over forum spammers' email accounts, and notifying forum operators to delete those accounts. It looks like his reasoning is sound, and his methods are safe, where he won't hurt any real users."

15 of 245 comments (clear)

  1. Illegal by Anonymous Coward · · Score: 1, Interesting

    No matter your reason, it's illegal to access other peoples email accounts without their permission. Even more so when you disable the accounts.

    If you do what you want based on what you feel is right, we might just not have any laws at all. There is a reason why the laws are created by the society as whole and not a single person or a group with single interest.

    1. Re:Illegal by Anonymous Coward · · Score: 1, Interesting

      He says it's "a legal gray area".

      Can you say specifically what laws he has broken, and in what jurisdiction?

      It's not very clear to me exactly what he did, so I'm on the fence as to whether he committed a crime.

      In order for me to say he committed a crime, I need to know very specifically what law was broken and what evidence supports the accusation. Generally, my standard for evidence is an approximation of the federal rules of evidence, but I am not very strict about it.

    2. Re:Illegal by Quothz · · Score: 5, Interesting

      If you do what you want based on what you feel is right, we might just not have any laws at all. There is a reason why the laws are created by the society as whole and not a single person or a group with single interest.

      So, just as an analogy, if the police decided to stop enforcing laws against auto theft, you believe it would be wrong for others to do so. I don't think that holds water. What this guys is doing is indeed illegal, but not immoral; when our government is unwilling or unable to enforce or prosecute laws it becomes incumbent upon non-sanctioned individuals to protect society by doing so. The simple fact is that the government is not able to even begin to scratch the sheer volume of spam, nor is it interested in going after spammers unless it can wrench a large settlement and some headlines out of the deal. If we wish to preserve the Internet as a medium for the exchange of ideas, some of us must take action to protect it from those who exploit it at a very real, monetary cost to innocent people.

    3. Re:Illegal by corbettw · · Score: 1, Interesting

      That's not at all what he's claiming. He's claiming that since a robot is operating the account, and he disagrees with the motivation behind the running of that robot, it's OK for him to hack into someone else's account. He even admits that a human being has to initially open the mail account before turning on the software to run it.

      I dislike people who have their POP clients set to download email every minute and process it using filters to put any email from me into a special folder. Does that give me the right to then hack their email accounts and take them over? Using the logic RD outlined above, it very much does. Which should show just how spurious his logic is.

      There's a reason why your mother taught you that two wrongs don't make a right. The world would be a better place if more people remembered that.

      --
      God invented whiskey so the Irish would not rule the world.
    4. Re:Illegal by clone53421 · · Score: 4, Interesting

      Well, his other point was, who’s going to complain? the robot?

      Chances are the human operator doesn’t even know what happened to the account, the robot just flags it as deactivated and asks the human to feed it more accounts. They probably don’t have any way of telling that somebody hacked the account and closed it vs. e-mailing the e-mail provider and having it shut down properly.

      Of course the main question (in my mind, at least) is why spammers are registering forum accounts with the same password they used to register the junk e-mail account that they’re registering under...

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    5. Re:Illegal by Pteraspidomorphi · · Score: 3, Interesting

      I think you're right, but is it more illegal than spamming? I believe the kind of spam sent by these people/bots is illegal in the United States and several other countries (though I'm not american, so I may be wrong). The sender is hiding his identity, deliberately getting around spam prevention systems and offering no method for opting out. So we're dealing with criminals here, and what is law enforcement doing about it? Random Digilante writes in his blog that he contacts ISPs, who would normally be expected to investigate these people (who inclusively break the ISPs own terms of service), but they usually do nothing. So while the taking over of e-mail addresses registered by criminals for the sole purpose of breaking laws and annoying the hell out of everyone may not be exactly nice, shouldn't you save your indignation for the actual spammers, their customers, ISPs, law enforcement agencies and lawmakers? Or for people who are out in the streets embezzling, scamming, mugging, kidnapping, raping and murdering?

    6. Re:Illegal by gorzek · · Score: 3, Interesting

      But he is doing this on other people's sites. Including mine, coincidentally. I already have spam filtering methods in place. Spambots can register but they can't do much of anything. I "trap" them quite effectively.

      I'm rather annoyed that he is breaking into spambot accounts on my site and sending me messages to deactivate their accounts. I don't need to deactivate their accounts--they are well-contained already. His "helpful" messages wind up being a greater irritant to me than the spambots themselves. I don't need you to tell me how to run my site, thanks.

      --
      Check out my world simulator thingy.
    7. Re:Illegal by qwijibo · · Score: 2, Interesting

      As a juror, I would have a hard time voting to convict a person for such an offense. There is very little you can do legally against spammers, so just as the legal system turns a blind eye to their actions, there's nothing wrong with doing the same to vigilantes going after them.

  2. Re:So silly.... by Darkness404 · · Score: 2, Interesting

    Not really and Slashdot really highlights it because far too often people who disagree with the poster will mod that post down for no other reason other than that.

    The reason why /. doesn't have much spam is because there is no market, how many people on Slashdot would want to buy P3n15 3nh@nc3rz?

    --
    Taxation is legalized theft, no more, no less.
  3. Spammers are getting good by Dan+East · · Score: 5, Interesting

    As someone who deals with forum spam on a daily basis, I'm rather surprised at how intelligent the spambots are becoming.

    Of course there's always the blatant, obvious spam (99% of which are video encoding tools for iPad, iPhone, etc). But I've recognized two other types of very covert spambots.

    First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts.

    The second type uses a database of sentences harvested from other websites, and attempts to post a sentence that matches keywords in that topic. Usually I can spot those because they aren't exactly on topic to the thread. I've also seen these modify various throw-away words, like adjectives and articles, so the sentence isn't an exact copy of the original source.

    Now the key thing with both of these kinds of spambots is that they do not include any links initially. A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.

    I've also noticed that the vast majority of spambots use yahoo.com email addresses, so yahoo's captcha must be weaker than gmail / hotmail.

    Now on the topic of this story, I don't quite understand. The forums I moderate have a few spambot accounts created daily (using recaptcha and custom implemented captcha). So it's not like there's just a couple spambot accounts causing all the trouble. Over the course of a month it around a hundred different accounts. So I don't see how this hacker is helping anything going after accounts one at a time manually.

    --
    Better known as 318230.
    1. Re:Spammers are getting good by clone53421 · · Score: 4, Interesting

      First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts. ... A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.

      For another example of this exact thing, just look at slashdot user clint999.

      http://slashdot.org/~clint999

      Last post was yesterday... it’s still active. Funnily enough it almost always posts exactly 30 min. after the hour, but not every hour.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  4. Re:So silly.... by catbutt · · Score: 3, Interesting

    You really believe that the reason that slashdot wouldn't have spam if people were able to post spam on slashdot and have it reach more than a few eyeballs?

    Anyway, slashdots system isn't perfect, and is designed to do more than kill spam. Regardless I think it works fairly well for what it does.

    For eliminating spam in forums and comments, all you need to do is this:

    Give the readers the ability to mark comments as spam with one click, and, as long as the reader has a decent history of not abusing the priviledge, the message will disappear immediately.

    This isn't that hard, but to do it well isn't trivial either. Probably best done by a company like Disqus where it is their business.

    There would need to be some checks and balances, where a person can get reported for erroneously marking something as spam. The system needs to be scalable, so that the admin of the forum doesn't have to deal with much, as all the work is done by users, and there is a checks and balances system to determine how much to trust users.

    The nice thing is that over time it reduces the incentive to bother spamming the forums, since (typically) the first person who sees a message, eliminates it. Also, on a system like disqus, where you have a global identity with some history, it could be smarter about how prominent to make posts if the person has no history of posting without being marked as spam.

  5. Re:So silly.... by Deep+Esophagus · · Score: 5, Interesting

    Let me know if you find a good karma system. I have been on /. for years, have never posted anything remotely spammy, have attempted to participate in discussions... so why is my karma set at "bad"? I have no idea what, if anything, I can do about that and because of it my comments never appear in any discussion threads. It is likely nobody will ever see this unless, as you say, they dig through the low rated posts. Not that I'm bitter.

  6. Ballot and jury don't work across borders by tepples · · Score: 2, Interesting

    And that action should go through the boxes in the correct order without skipping any. Jumping right to the 'ammo' box isn't the right way to do things in a lawful society.

    Soap, ballot, jury, ammo: Ballot and jury fail unless the parties have substantial assets in the same jurisdiction. So I don't see anything wrong with skipping to ammo against judgment-proof spammers.

  7. Re:Make a filter by AlphaCentauri4 · · Score: 2, Interesting

    Actually, it wouldn't help to email him to unsubscribe. He's not the one sending you email. He just sets up a vacation message on a spambot's email account. In effect, you're sending yourself email when you autorespond to a spambot with an autoresponder. The best suggestion is the one above, to set up a filter to autodelete any random digilante emails if you don't want them. It's not like he's changing or obfuscating them to outwit your spam filters. What I'd like to know is whether he can confirm his assertion that once a forum has instituted a strong password requirement -- so even the initial attempt at registration fails -- that forum is removed from Xrumer's preloaded list of forum URLs. If so, the reduction in bandwidth ought to make that a much better strategy than permitting registrations and subsequently deleting/sandboxing the bots.