Slashdot Mirror
One Man's Fight Against Forum Spam
JWSmythe writes "Free Internet Press has an interview with 'Random Digilante,' an anonymous hacker who has been taking over forum spammers' email accounts, and notifying forum operators to delete those accounts. It looks like his reasoning is sound, and his methods are safe, where he won't hurt any real users."
Forum spammer sues vigilante, gets both arrested. Vigilante does more time.
Forum spam is best solved with good forum software. A good karma system is probably the best solution. I've never seen spam on slashdot (unless I dig through the low rated posts).
He’s thought of that already, and seems to have his case made. RTFA.
RD: If I were taking over an account that was created by a human being who actually cared to contribute to my forums, yes that would be illegal.
FIP: Are you concerned about the possible legal consequences of your actions?
RD: Here is the reasoning I use, and I know that a lot of people argue it.
Especially now that I have a few dedicated forums whose only reason for existing is that they capture the login credentials of forum spammers, my feeling is that they're not people, they're robots. Xrumer [a forum spamming software] is a 100% automated process. The human has to set up the email address where the responses get sent for things like confirming your account by clicking on a link, but everything after that is done by the software. No human being is harmed by what I do, only a piece of software. If they cared, they would pay attention to the fact that these accounts are getting taken over very regularly by me. They don't. They just set up new accounts and start over.
It's hard to feel "bad" about taking these accounts over. All I can tell you is that I have never taken over any account that was not very obviously being solely used repeatedly to auto-register to forums. In fact by the time I get to them it's obvious that the spammer only set them up from 1 - 6 days prior to me taking it over. There are no human-written messages in any of these accounts. I certainly would not have gone so public with this activity if there had been. Only purely automated messaging has ever been present in any of these, and I have enough hard data to back that up.
Basically he claims that since a robot registered the e-mail accounts, you aren’t infringing on any person’s rights.
I doubt that it’d fly, actually, but who knows.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
I created an account and was banned almost immediately.
They have extremely vigilant forum monitors who will bring the banhammer down for the slightest offense.
My offense? I insinuated that gays might be able to serve in the military just as well as straights.
You are a great writer. I found this article very informative. Would you like to be buying genuine spam today?
If you do what you want based on what you feel is right, we might just not have any laws at all. There is a reason why the laws are created by the society as whole and not a single person or a group with single interest.
So, just as an analogy, if the police decided to stop enforcing laws against auto theft, you believe it would be wrong for others to do so. I don't think that holds water. What this guys is doing is indeed illegal, but not immoral; when our government is unwilling or unable to enforce or prosecute laws it becomes incumbent upon non-sanctioned individuals to protect society by doing so. The simple fact is that the government is not able to even begin to scratch the sheer volume of spam, nor is it interested in going after spammers unless it can wrench a large settlement and some headlines out of the deal. If we wish to preserve the Internet as a medium for the exchange of ideas, some of us must take action to protect it from those who exploit it at a very real, monetary cost to innocent people.
Unauthorized Access is against the law in quite a few juristictions.
As someone who deals with forum spam on a daily basis, I'm rather surprised at how intelligent the spambots are becoming.
Of course there's always the blatant, obvious spam (99% of which are video encoding tools for iPad, iPhone, etc). But I've recognized two other types of very covert spambots.
First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts.
The second type uses a database of sentences harvested from other websites, and attempts to post a sentence that matches keywords in that topic. Usually I can spot those because they aren't exactly on topic to the thread. I've also seen these modify various throw-away words, like adjectives and articles, so the sentence isn't an exact copy of the original source.
Now the key thing with both of these kinds of spambots is that they do not include any links initially. A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.
I've also noticed that the vast majority of spambots use yahoo.com email addresses, so yahoo's captcha must be weaker than gmail / hotmail.
Now on the topic of this story, I don't quite understand. The forums I moderate have a few spambot accounts created daily (using recaptcha and custom implemented captcha). So it's not like there's just a couple spambot accounts causing all the trouble. Over the course of a month it around a hundred different accounts. So I don't see how this hacker is helping anything going after accounts one at a time manually.
Better known as 318230.
Well, his other point was, who’s going to complain? the robot?
Chances are the human operator doesn’t even know what happened to the account, the robot just flags it as deactivated and asks the human to feed it more accounts. They probably don’t have any way of telling that somebody hacked the account and closed it vs. e-mailing the e-mail provider and having it shut down properly.
Of course the main question (in my mind, at least) is why spammers are registering forum accounts with the same password they used to register the junk e-mail account that they’re registering under...
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Here's a specific example of what I'm talking about. Here is a post made to my forums in July 2010:
You can choose ‘Micro-ATX’ size motherboard for your HP. That limits the possible range of motherboards deals you will find. My advise is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, many choices. It is depending on money and what you want if your building a good rig for gaming multimedia etc and don't buy a case with power supply. Please choose a separate power supply.
Now here is a post from another website made in 2009:
Your HP case (the cheapest part of the pc!) takes a ‘Micro-ATX’ size motherboard.
That limits the possible range of motherboards\deals you will find. (look for a motherboard\processor package)
Now you are already buying ‘a whole new computer’ except the case, why stop there? (unless you want the small form factor)
My advise (thats why your here!) is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, much more choice.
Depending on money and what you want if your building a good rig for gaming\multimedia etc DON’T buy a case with power supply, they are usually sh*t (cheap\unreliable). Choose a case, choose a separate power supply (after research!)
Better known as 318230.
There is an easy fix for this. In his forum's usage agreement he needs to add a line stating that if he detects you are running a spambot he has the right to hack your account & disable it. Problem solved.
There is a war going on for your mind.
It would be nice to live in a world where whistleblowers and positive vigilantes were rewarded for their actions. But, in the vast majority of cases, these people end up in more trouble than the scumbags they're exposing and fighting. This guy will probably end up with more legal trouble for fighting spam than the spammers themselves will ever face for their network-clogging, frequently illegal, openly harassing activities.
SJW: Someone who has run out of real oppression, and has to fake it.
I think you're right, but is it more illegal than spamming? I believe the kind of spam sent by these people/bots is illegal in the United States and several other countries (though I'm not american, so I may be wrong). The sender is hiding his identity, deliberately getting around spam prevention systems and offering no method for opting out. So we're dealing with criminals here, and what is law enforcement doing about it? Random Digilante writes in his blog that he contacts ISPs, who would normally be expected to investigate these people (who inclusively break the ISPs own terms of service), but they usually do nothing. So while the taking over of e-mail addresses registered by criminals for the sole purpose of breaking laws and annoying the hell out of everyone may not be exactly nice, shouldn't you save your indignation for the actual spammers, their customers, ISPs, law enforcement agencies and lawmakers? Or for people who are out in the streets embezzling, scamming, mugging, kidnapping, raping and murdering?
he claims that since a robot registered the e-mail accounts, you aren’t infringing on any person’s rights.
I doubt that it’d fly, actually, but who knows.
Oh, it certainly wouldn't fly with Jean-Luc Picard, that's for sure.
You can't take the sky from me...
What this guys is doing is indeed illegal, but not immoral; when our government is unwilling or unable to enforce or prosecute laws it becomes incumbent upon non-sanctioned individuals to protect society by doing so.
Bruce, we've been over the five stages of grief a million times: I keep telling you, you're stuck at Anger and you need to move on.
You can't take the sky from me...
But he is doing this on other people's sites. Including mine, coincidentally. I already have spam filtering methods in place. Spambots can register but they can't do much of anything. I "trap" them quite effectively.
I'm rather annoyed that he is breaking into spambot accounts on my site and sending me messages to deactivate their accounts. I don't need to deactivate their accounts--they are well-contained already. His "helpful" messages wind up being a greater irritant to me than the spambots themselves. I don't need you to tell me how to run my site, thanks.
Check out my world simulator thingy.
As a juror, I would have a hard time voting to convict a person for such an offense. There is very little you can do legally against spammers, so just as the legal system turns a blind eye to their actions, there's nothing wrong with doing the same to vigilantes going after them.
I dislike people who have their POP clients set to download email every minute and process it using filters to put any email from me into a special folder. Does that give me the right to then hack their email accounts and take them over? Using the logic RD outlined above, it very much does. Which should show just how spurious his logic is.
The POP using people you describe are taking their email and sorting it how they want to within their own mailbox. You may not like it, but it's their space.
The forum spammers you're comparing them to use their e-mail address and software with the sole purpose of invading his website, which he pays real money for, and spends time maintaining, and which other people use to have conversations. The spammers further use this software to stuff his website with ads for pills, child porn, and other nastiness. This slows down his server (due to the load of fake accounts registering and posting) and can make his forums unreadable, driving away users. If his forums use ads, driving away users means a monetary loss
Your comparison is invalid, and your attempt at logic is laughable. They broke into his property, he kicked them out and took away their crowbar, which they signed up for under false pretenses.
Make a filter that detects his notifications and deletes the account automatically.
He is trying to help and he is fighting.
What are you doing about it? You're not helping anyone except of course protecting your advertising on your site.
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
And that action should go through the boxes in the correct order without skipping any. Jumping right to the 'ammo' box isn't the right way to do things in a lawful society.
Soap, ballot, jury, ammo: Ballot and jury fail unless the parties have substantial assets in the same jurisdiction. So I don't see anything wrong with skipping to ammo against judgment-proof spammers.
Surely the bots aren't registrering on his honeypot forums with the same password as is used for the e-mail they use to register.
That's exactly what they are doing.
From what I gather, he's written a program to automatically feed suspicious looking e-mail addresses into and check the the registration password/e-mail combo to see if they are using the same for both the e-mail address and the forum software. If there it is a successful combination, it flags and suspends the account.
Dunno if that is 100% correct, but that's what I've gathered (I have not RTFA either)
"There is a reason why the laws are created by the society as whole and not a single person or a group with single interest."
Since when? Most of the laws created since I have been alive have been created by groups with single interests, who get them passed by graft.
Disobeying an unjust law is patriotic.