Porn Spam using Slashdot.org name

I've gotten a lot of mail, and seen this submitted - a porn site has sent mail using the Slashdot.org name, purporting to be Slashdot.org. They are not. We don't, and will not send mail out using your name. Click below for the full text of the message that was sent out. Update: 06/17 12:56 by H :Current going theory (thanks to Mark Rietman) is The list is the one maintained at distributed.net. This is because they used my distributed.net@rsoft.demon.nl adress (which i never use anywhere else). It's a list open to public (team stats-page --> memberslist) Update: 06/17 01:09 by CT : I just wanted to apologize. I'm getting a lot of hate mail, and I just want to reiterate that we didn't do this, and that I wish bad things would happen to the bastards who did this. I consider forging email to be among the worst of all net.crimes. And don't visit the site or you'll just encourage these pricks.

[TEXT OF MAIL FOLLOWS]

"X-Received: from pony-1.mail.digex.net (pony-1.mail.digex.net [204.91.241.5]) by groucho.med.jhmi.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id AAA56584 for ; Thu, 17 Jun 1999 00:14:26 -0400 (EDT)

X-Received: from zamboni.mail.digex.net (zamboni.mail.digex.net [204.91.99.98])
by pony-1.mail.digex.net (8.9.3/8.9.3) with ESMTP id AAA14165
for ; Thu, 17 Jun 1999 00:11:07 -0400 (EDT)

X-Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
by zamboni.mail.digex.net (8.9.3/8.9.3) with ESMTP id AAA01690
for ; Thu, 17 Jun 1999 00:11:06 -0400 (EDT)

X-Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
(post.office MTA v1.9.3b **** trial license expired ****)
with ESMTP id AAA224 for ;
Thu, 17 Jun 1999 08:08:50 +0400

X-Received: from ras5.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1458.49)
id MQ9VDG1N; Thu, 17 Jun 1999 08:08:00 +0400
From: "slashdot.org" To: Date: Thu, 17 Jun 1999 08:07:52 +0300
Subject: Dear Member of slashdot.org (eisen@access.digex.net)
Reply-To: support@slashdot.org
Organization: slashdot.org
Content-Type: multipart/mixed; boundary=XX0BFF0BCE-00350BFFXX
X-Priority: 3
ReSent-From: Halmonster ReSent-To:

This is a Multipart MIME message. Since your mail reader does not understand this format, some or all of this message may not be legible.

--XX0BFF0BCE-00350BFFXX
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hello dear member!
Slashdot.org offer you new service of overclocking your operation system (w=
in95/98/NT/linux/mac=20
and more)
For more information please visit http://join.at/freepc CT:DO NOT CLICK THIS LINK! ITS A PAGE OF DAMN BANNER ADS! THIS IS A SCAM!
We always think about You

------------------------------------------
This message was sent to you by
Name: slashdot.org
Email Address: support@slashdot.org
IP Address: ras5.icp.rssi.ru
------------------------------------------

Using Aureate Group Mail Free Edition
Find out more about this product and try it=20
for free at: link
--XX0BFF0BCE-00350BFFXX--
"

Re:Keeping geeks clothed.

Why wait tell you get out? With an old keyboard splash cover and careful placement of your monitor you can check slashdot in the shower!!

Okay, what not to do.

[bleh-of-the-huns]

After looking at the site in question, a slashdot effect would not help any, as the person who sent the spam is trying to get people to click on the links. For every link that you (everyone in general) click, he gets a small amount of cash through "click through" type services. There is no easy way to deal with these types of idiots. Unless the owners of /. are willing to sue, the idiot can go on using the slashdot.org domain forgeries in the headers. (atleast until certain laws become official, however long that will take).

Re:Okay, what not to do.

[gordo_lk]

Willing to sue? Considering that it appears to originate in Russia, you might be able to file something here in the States, but how would you ever get anything effective out of it? I realize that the US policy towards the internet seems to be misguided at times, but can the situation be any better in Russia? Do you think they honestly have the resources to legally (ie lawsuits, courts, etc) fight spammers like we do here in the US?

Re:Okay, what not to do.

[dillon_rinker]

Given that the owners of slashdot intend this as a business concern (they make money, right?), I think an argument could be made that their slashdot trademark has been violated and their reputation has been damaged. If they had registered slashdot as a trademark, they'd have a much better case, but I still think they have a case. Sue them.

Re:Okay, what not to do.

[The+OPTiCIAN]

It's probably not the best solution, but somebody could take down his webserver. And then send an email to the admin saying - this isn't on, please deal with it. Or better still, email to owner of the weserver telling of the problem, and if he doesn't kill the site, then take down the webserver with extreme prejudice...

Re:/. effect as a source of good?

[shogun]

I'm not going to visit it myself, but that link is probably full of revenue raising ad banners. So if we attempt to slashdot that site we'll just be making the spammer money...

Re:Any crackers available to help?

[shadrack]

Well you have a point. But if they are really any good they won't get caught. It's not as if they're breaking into the Pentagon or something.

Spa(s)ming Retards

[Listerine]

If you get a billion people to come to your page, you suck unless you can get them to come back.

Those people are morons because they may get a ton of hits, but most people would get offended and not come back. They have done nothing for their site, except make a reputation.

Phht!

Re:/. effect with ping?

[ivan_13013]

Please don't do this. Just because you have a lot of extra bandwidth to spare doesn't mean every link between yours and the target does, too. Most of the people who would actually incur damages if you do something like this are innocent.

Uncle Target

[CC]

War Stuff
Uncle Target was used by artillery spotters in
www2 to identify a target that should be targetted
by all guns that could range on it. The German
breakout of the Falaise Pocket was one of a few
called in www2.
Enough history. I have www.intra.ru firmly in my
sights ... how bout you?

CC

!@#$^ Aureate again

> Using Aureate Group Mail Free Edition
> Find out more about this product and try it=20
> for free at: link

Aureate is also responsible for the AdSoftware
advertising banners (SPAM) on such products as
CuteFTP, NetVampire, Go!Zilla etc. It sends out
a request to one of the SPAM servers on TCP port
1975, then every 30 seconds - 2 minutes, a SPAM
banner is sent back on virtually any TCP port
> 1023. Do yourself a favour - block outgoing
packets to port 1975, and boycott Aureate!

/. effect with ping?

Could we all just start pinging him? Not quite the ping of death but it would bog his machine down!

Re:yeah, but my address is 'spamproofed'

[danec]

>> so how did it get *my* address?

so it was an early morning theory... i was wrong.

Re:Time to call the lawyers

[Steve+B]

by Anonymous Coward

The concept of anonymnity is the problem that makes spam possible.

No futher comment required.
/.

Re:yeah, but my address is 'spamproofed'

[johnathan_galt]

'spam proofed'? it should be pretty easy to write some regexs that remove that 'proofing'.

The Moron is toast.

Have a look at
http://join.at/freepc
now.

Forward it!

[jd]

Remember the spam recycling place, and it's $5 CD voucher? What'd happen if everyone getting the e-mail mass-forwarded that spam to them? It might get them off their duff and DOING something, if they suddenly get 100,000 spams with forged content.

Re:Nooooooooooooooo! (Important!!!!!)

[dattaway]

If you don't email him, be sure to give him the gift of the infinite ping...

I thought "Pants are optional" at BSI

[Ian+Schmidt]

I mean, look it up on Everything (everything.blockstackers.org, of course).

Call me a freak...

[Monk!]

but that spread-legged penguin is kinda sexy!

Re:I got the message today....

[Blade]

Oh come on! It was immediately obvious that Rob would never allow the e-mail addresses to be used for this kind of crap.

Anyone who's read slashdot for more than two hours should have realised it immediately.

My initial response was "oooh, he's in for a bad life" (he as in the spammer).

Hunting them down

[Some+guy+named+Chris]

Oh, I do smite the scum most heinously. It would just be nicer never to see it.

Re:Try to find out his real name, then phone him

[_vapor]

We can easily look for 'Alex Gurry' with any online search (assuming Alex Gurry is the real name of the person responsible). I found an Alex Gurry in Keansburg, NJ. I also found a couple more named 'A. Gurry'. I have the addresses and phone numbers, but I'm not willing to bet that any of these people are actually the spammer...

Re: d0rk - you just gave alexgurry your address!

Now you'll be spammed even worse...

Duh.

Re:Shut him down and flush him with an enema

[dattaway]

Looking at the headers in the spam I got, I returned it pretty hard to the guy. From the headers, it looked like the guy used some kind of point and drool warez program.

Why people spam is beyond me. What would motivate someone to do something so sensless? It costs them money and does not gain worthwhile friends. Is it the same motivation that drives serial killers?

Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
by Edison.EBICom.Net (8.9.1a/8.9.1) with ESMTP id XAA14816
for ; Wed, 16 Jun 1999 23:11:04 -0500
Message-Id:
Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
(post.office MTA v1.9.3b **** trial license expired ****)
with ESMTP id AAA207 for ;
Thu, 17 Jun 1999 08:08:46 +0400
Received: from ras5.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange
Internet Mail Service Version 5.0.1458.49)
id MQ9VDG1J; Thu, 17 Jun 1999 08:07:56 +0400

The irony . . .

[Badgerman]

At work, I access slashdot a few times a day to keep up with Geek News. I've explained a few times that slashdot has nothing to do with "Slash" erotic fiction.

This probably won't help . . .

Re:Reason for using slashdot.org

[larien]

Plus the stereotype of geeks drooling over porn sites while sitting in their rooms, hence they are actually targetting potential customers (the validity of this assumption is, of course, open to debate). Dunno where they got the addresses from, though; I haven't been mailed and my email address is non-munged.
--

How did they get my E-mail address??

I got the same spam email, what i'm wondering is HOW did they get my e-mail address?

my e-mail isn't posted with my comments, so
from where did they get my e-mail address in connection to slashdot??

the subject says:
Subject: Dear Member of slashdot.org (phazer@.ml.org)

How do they know i read slashdot if my email address was never posted here?


(i don't usually get spam, this is the second spam mail in 6 month..)

Re:How did they get my E-mail address??

[Hemos]

Distributed list.

No porn?!

This is the sorriest excuse for a porn site I have EVER seen. What with all the nerdy news stories and polls without enough options, I haven't found one decent nudie pic...I feel so cheated. Gotta admit, though, that Cmdr. Taco would be a great name for a porn star...

Re:Spam, the ultimate coders itch.

[Ancipital]

Dont "Just Hit Delete"[tm].

You must decode the headers, and hunt them down. Spammers hate losing their net access. Usually there's a dialup, a web page and a drop box at the very least.. make sure you whack all three for max karma bonus.

hmmm

[drwiii]

X-Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru (post.office MTA v1.9.3b **** trial license expired ****)

You think they'd at least register their software...

Nooooooooooooooo! (Important!!!!!)

No don't email him.

Or at least send an Anonymous email. Otherwise he will have your address for real!

And then you will be sorry!

Spamdot?

[Felinoid]

Technicly nothing new about this.
I know a lot of you are not going to believe it when I say AoL and Microsoft are both against spam however both have publicly come out against spam simply becouse they are fed up with it.
A lot of companys that are against spam have had the missfortune of having a spammer clame to be (in some way) a part of the organisation in question and people quick to judge lable them as prospam and of course we all want to believe all things evil of Microsoft and AoL mostly becouse it is usually true.
Spammers will never admit the true idenity of the spams source. Any clammed supporter is yet annother victom...

Re:good question

[danec]

>> I hope /. isn't selling their "members" names for $$$.

If they were, don't you think it would be to some internet technology related company and not a porn site?

Really, i don't think they are.

Re:How to LART this spammer:

[strredwolf]

Shall we romp though my lovely copies? Let's go!

>From support@slashdot.org Thu Jun 17 19:57:36 1999
>Return-Path:

We can ignore these lines.

>Received: from localhost (tygris@localhost [127.0.0.1])
> by tygris.strw.org (8.9.3/8.9.3) with ESMTP id TAA00173
> for ; Thu, 17 Jun 1999 19:37:58 -0400

FYI: tygris.strw.org doesn't exist, it's really a dialup from Erols.

>Received: from pop.erols.com
> by fetchmail-4.6.3 POP3
> for (single-drop); Thu, 17 Jun 1999 19:37:58 EDT

Can we say I worship ESR? ;)

>Received: from mx04.erols.com ([207.172.3.244]) by mta3.mail.erols.net
> (InterMail v03.02.07.03 118-128) with ESMTP
> id
> for ; Thu, 17 Jun 1999 01:42:52 -0400

From the border server to my pop server.

>Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
> by mx04.erols.com (8.8.8-970530/8.8.5/MX-980323-gjp) with ESMTP id
> BAA06613
> for ; Thu, 17 Jun 1999 01:42:51 -0400 (EDT)

From mx.icp.rssi.ru's servers to Erols. Some spammers just connect
directly to Erols and spew junk there. This isn't the case.

>Message-Id:

This tells us one thing: mx.icp.rssi.ru is broken. It should of made
it's own Message ID tag.

>Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
> (post.office MTA v1.9.3b **** trial license expired ****)
> with ESMTP id AAA232 for ;
> Thu, 17 Jun 1999 09:41:11 +0400

Well, at least it's recording the IP address. However, post.office
(unlike Sendmail) defaults to relaying, which is a Very Bad Thing(tm).

>Received: from ras1.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange
> Internet Mail Service Version 5.0.1458.49)
> id MQ9VDJNV; Thu, 17 Jun 1999 09:40:21 +0400

EW! mx.intra.ru is running non-IP-recording Microsoft Crapware!!!
Extreemly Bad Thing(tm). What are they running, NT?!?

>From: "slashdot.org"

We can start ignoring stuff now.

>To:
>Date: Thu, 17 Jun 1999 09:44:07 +0300
>Subject: Dear Member of slashdot.org (tygris@erols.com)
>Reply-To: support@slashdot.org
>Organization: slashdot.org
>MIME-Version: 1.0
>Content-Type: multipart/mixed; boundary=XX92BD92BC-008992BDXX
>Content-Transfer-Encoding: 7bit
>X-Priority: 3

[snip]

>Using Aureate Group Mail Free Edition
>Find out more about this product and try it
>for free at: http://www.group-mail.com/1

Spamware. news.admin.net-abuse.email knew about this and tried to get
it taken off. I think it may be a good thing to Slashdot the makers of
this product in your distain against spam.

More tutorials for the pissed off at Sam Spade's library (via
http://www.samspade.org).


---
Spammed? Click here for free slack on how to fight it!

Re:alexgurry@intra.ru

Who said you had to e-mail from your REAL address? You could use an email service like Hotmail. Create a temporary account and abuse the perpetrator from there.

Another method would be to forge the e-mail headers. This is more fun, because you could put interesting things like abuse@his-isp.com in the Reply-to field :)

---

The problem with society is that stupid people are allowed to hold motor vehicle licences, write letters to newspapers and cast votes in elections

FIGHTING FIRE WITH FIRE

I say that we fight fire with fire! They want to do this and we're going to sit idly by?

There are many things that we can do to get back at them since it's horrible what they did.

Re:Time to call the lawyers

[Steve+B]

Using the /. name in this manner certainly gives /. grounds to sue the perp. There is ample legal precedent, most notably the flowers.com case in which a spammer had to pay over $13K in damages and $5K in legal fees for forging somebody else's domain name in a spam.

The main reason spammers aren't sued more often is that, their claims of wealth through pyramid scams notwithstanding, their seizable assets usually consist of an old 386 and a pile of chicken bones.
/.

No, no, no...

Since I'm severely nearsighted, having a keyboard and monitor in the shower is useless.

The proper way would be to have a cron job that checks /. and reads it to me while I'm in the shower. :-)

its bigger than that

All these people wrote about b/c they are on team slashdot. The bot that sent the mail sent it from the name of the team you are are in. For instance, I got a message labeled as being from Team Warped, except the e-mail address was completely WRONG!

Internetional Law (Re:Time to call the lawyers)

[gordo_lk]

International law is a a joke, at best, and US law does not have any jurisdiction in Russia. It's been obvious for a long time now that the Internet is a society within itself, with it's own governings and rules. Stuff like this will make it interesting to see how the Internet evolves as a culture and a society. How do you set up, and what kind of rules and how do you enforce them in what basically is more of an anarchical system? Or is it the ultimate in democracy? Let the people decide. Or mobocracy, let the people react (as opposed to act).

One of the stumbling blocks in the way of all this is conceited ideas like a physical government attempting to rule something that extends beyond it's boundaries. What exactly are the boundaries of the Internet? Theoretically, they can extend as far as you can communicate. Want a terminal connection on Mars? It is almost as if there is a seperate unseen (seen, but unseen) world that envelopes our physical one.

It will be interesting to see how all this evolves and what will happen with it.

Re:Internetional Law (Re:Time to call the lawyers)

>Theoretically, they can extend as far as you can communicate. Want a terminal connection on Mars?

Wouldn't there be some really nasty lag problems involved in that? Mars is how many light-minutes away from Earth?

Keeping geeks clothed.

[Darchmare]

Of course /. isn't into porn. After all, what site recently posted a story from the 'geeks-should-never-be-naked dept.'?

I have news for you, Rob. I'm naked right now.

Okay, maybe not, but... I could have been. :>

- Darchmare
- Axis Mutatis, http://www.axismutatis.net

Re:Keeping geeks clothed.

[John+Meacham]

oddly enough.. I AM naked right now.. I just got out of the shower... freaky....

Re:Keeping geeks clothed.

[iceygambler]

Noticed the improvement in content!Really push delete,they give up after awhile.When you look at their site it adds month to your sentence.

Re:Keeping geeks clothed.

[azonic]

something tells me you'll get nominated for a darwin award someday :)

Re:Keeping geeks clothed.

[Bilbo]

...and you are surprised by this???

Re:Keeping geeks clothed.

[Ancipital]

Yebbut, isn't the whole point of pr0n that it contains actual fit(ish) sleek individuals pumping joylessly at each other? Geeks of either persuasion aren't well-known for being pneumatic or having acres of well-toned golden flesh :)

Re:Keeping geeks clothed.

[Stephen+Williams]

I AM naked right now.. I just got out of the shower... freaky....

Yikes! That is the sign of a true geek. Gets out of the shower and checks Slashdot before getting dressed :-)

Re:Keeping geeks clothed.

[gavinhall]

Posted by jghost:

I have acres of well-toned golden flesh, but I keep mine in several large vats formaldehyde down in the basement.

Re:Keeping geeks clothed.

[drox]

Heh. Acres of flesh, maybe. But well-toned? Golden? Not a chance!

Re:Keeping geeks clothed.

[Vermifax]

Well, in a similar vein, I checked my mail, said what the hell, and loaded slashdot (downloading buncha stuff today) and while it was doing that I went and took a shower

Re:Keeping geeks clothed.

[Zugok]

yikes, funnily enough I am too...for the same reason >_

Re:Keeping geeks clothed.

[BeNude]

Get dressed? Who gets dressed? I thought /. was clothing optional.

Re:Keeping geeks clothed.

[Dast]

Well, ya know... Gotta stay updated.

:)

Re:Time to call the lawyers

[Eccles]

>Too bad there are not a US orginization, international law is a myth that exists only when everyone wants it to.

IANAL, but if they have any U.S. assets or associations, you could probably go after those.

As for international law being a myth, heck, Russian law is largely mythical these days, unfortunately. :-(

Re:Not harvesting, or not fully

[THX1138]

Mine is rigged as well and I haven't received it either.

Typical of the asshole marketers out there. This is unfortunately one of the side effects of the commercialisation of the Net.

operation system?

[jabberwocky]

maybe a little more research would have made this believable... then again, putting their *.ru address somewhere in the body of the message didn't help either.

Re:Spam, the ultimate coders itch.

[richnut]

You'd be surprised how many do...

I used to work at a Pre-Verio ISP and we were blacklisted more than once because of the fact that a) maps.vix.com is nothing more than vigilante justice, and b) no one bothered to do the slightest bit of research.

We had a customer who direct-emailed about 15,000 people regularly. These were addresses aquired legitimately from response forms and trade shows. These people AGREED to get this email. Yet someone idiot who forgot that this was solicited email told the blacklist people and we lost email connectivity to vast portions of the net for about a week. Had they bothered to call us, or the customer, it would have been explained that it was solicited email. *sigh*

As someone else has said in this thread, ignore stuff that's not directed specifically to you. I have procmail add a [SPAM] in front of any email not sent to my address, and I never publish my real address. At work I didn't even bother with the [SPAM], every message not directed to me or an alias I deemed interesting was sent to /dev/null without prejudice.

-Rich

Porn mail

[_Spirit]

Why didn't I get any ? ;-)

Seriously, I think the headers you posted are clear. Maybe it's some silly prank, or someone trying to show off his ability to "spoof" mailadresses. (Obviously not aware of headers n stuff)

Message on our company Intranet:
"You have a sticker in your private area"

Re:Porn mail

They use Microsoft Windows. How smart could they possibly be? Not very.

Re:Porn mail

[dattaway]

Why didn't you get any? Looking at your address, you are using newsguy, the same guys that provide the anti spam service spamhippo. They also do a good job cleaning usenet news of spam crap. I have a newsguy account and it seems well protected against spam. I'm waiting for a day to get spam at that account so I can watch the spammer get crushed like a bug.

Re:Porn mail

[Evangelion]

Why didn't I get any? ;-)

I'm sure if you really want Spam, it can be arranged. It's generally not hard to come by :-)

Maybe it's some silly prank, or someone trying to show off his ability to "spoof" mailadresses. (Obviously not aware of headers n stuff)

No, it's spam... It's intended to get you to click on the link, so you can look at thier porn site, and maybe sign up. That's it. It's not about ego or l33t hax0r 5ki11s, just about getting someone to click. Once that is accomplished it's useless.

Re:Porn mail

[XDG]

The more disturbing bit is that it spoofs my e-mail filters by looking like it's from someone I'll read mail from.

Not necessarily

[David+Gould]

I didn't look (and I refuse to give them the hit), but the post said that it's a page full of banner ads. That could mean they're not even really selling anything, just trying to collect hits on the ads that they're carrying for other sites, since they get paid per impression. So even if we all just took one look and closed the window in disgust, they would make money, just not from us. So the actual porn sites lose money by paying for advertising that doesn't get them any customers, but I for one still find the whole thing offensive because they're spamming me and trying to trick me into letting them use my click for their profit.

If they're at all remotely smart, even in their own little paramecium/slime-mold/fungus/spammer way, they are probably not even hoping for us to be actual customers, just to collect hits. That's why it's important for us not to even look at the page, even "just to see for myself what it is, in order to be better-informed, yeah, that's it". Even that would make their attempt successful and hence endorse their spamming practices.

David Gould

I'm not on distributed.net, still getting spam

Hello,
I'm not on distributed.net, but I'm still getting the spam. It appears these people are not English speaking.
"Slashdot.org offer you new service"

fuckin m0r0ns

[gavinhall]

Posted by Assmodeus:

i knew it was bogus when i realised that of the "operation systems" linux was not mentioned first... that and the horrible grammar...and the fact that they were from a .ru address

assm0deus

Re:Porn scam

[Garpenlov]

Guess what? He (the AC) is right.

WE HATE SPAM

[Stardate]

Although most or all /.'ers had a healthy hatred for spam before this, it just gets more meaningful when it hits home.

KILL KILL KILL!!!

Re:Taking care of spammers...

[dr_strangelove]

The best, most satisfying way involves rope, honey, and fire ants.
Unfortunately, the authorities seem to disapprove of this method (can't think why...).

To paraphrase a famous ex-prez:

"Sure we could drag this scum out in the street and beat him to death with a 5-pound tuna, but it would be wrong..."

Re:The wrong people to annoy.

[murrayc]

Of course. You can assume that we know what hackers are. This is slashdot after all.

I got the message today....

[rkt]

I hate to say that... I got this message today.... I was surprised slashdot sent me the mail... and I didn't realise what it was untill I saw this article.
I hope we can find the culprit and take him to task.... else there would be no end to this spamming.

die spammers die!

[seymour]

At first I thought, "weird, slashdot sent me an email?"... then I saw the body of it. This person and all other spammers MUST DIE! - even more so than Jar Jar ;)

Well, where did he get my address then?

[iturbide]

This was too obviously not originating from slashdot, but how did this guy lay his hands on the addresses?

Re:Well, where did he get my address then?

[Hemos]

Huh-that's strange. I'm not sure how he got it then-we're checking various things out.

Re:Well, where did he get my address then?

[Hackboy]

Are you on the RC5 team? Current theory is that they pulled it from there-apparently that's happened before I'm not on the Slashdot RC5 team and I got the spam. I am however on another RC5 team. Did they send it to everyone who's doing RC5?

Re:Well, where did he get my address then?

[Hemos]

Are you on the RC5 team? Current theory is that they pulled it from there-apparently that's happened before.

Re:Well, where did he get my address then?

Hmm, I'm doing rc5des and didn't get the mail. -- it occurs to me, though, that I may be registered under an old email address that I don't read anymore (I couldn't get Solaris to forward my mail from it :-) )

Daniel

Re:Well, where did he get my address then?

[gmeb]

Not from /. ! I know an Anonymous Coward (hi Gaetan. ;-)) who also got this junk-mail, and I didn't. So it's not /. members that were targeted.

How one could go about collecting a list of /. readers:
* arrange with Hemos to place an innocent-looking ad on /.
* log all people that click through the ad
* now use that list for spamming purposes
Anybody still fill in their correct address in netscape ?

Oh, and if you don't know how to interpret the "Received:"-headers on e-mails, please don't complain about spam-mails. You're likely to mail-bomb an innocent person. I bet Rob was mailbombed because of this spam.

Re:Well, where did he get my address then?

i'm guessing they harvested them from the /. team listing on distributed.net anybody get the email who wasn't on that list?

Re:Well, where did he get my address then?

[Hemos]

harvetsting the pages would be my guess.

Re:Well, where did he get my address then?

[smcd]

yeah i was on that list too...

Re:Well, where did he get my address then?

[iturbide]

Doubtful. This was the first time I ever, ever, commented to anything on slashdot, and if you click on "user info" you'll find it pretty uninformative.
Or are you referring to something I haven't thought of?

And I don't have a /. account

I forgot to add I have no slashdot.org account either. Just once, I posted a not with my e-mail typed into the body of the text, so that must be it for me.

alexgurry@intra.ru

[iota]

After a little snooping of HTML, youll find yourself back at Alex Gurry's homepage (which is full of ads). His email address, alexgurry@intra.ru is included on the page; if logic serves, he is probably the one who did this.

Send him an eMail and tell him what you think about SPAM; I did!

jason

Re:alexgurry@intra.ru

[Chocboy]

After a little snooping of HTML, youll find yourself back at Alex Gurry's homepage (which is
logic serves, he is probably the one who did this.

ok, this is very likely, but perhaps its not him. its like someone who doesn't know much and blames slashdot.its just you've done a little more research and found this e-mail and i disagree with the comment below

Send him an eMail and tell him what you think about SPAM; I did!

doing that (esp if ya don't know 100%) is almost as bad as the original spam. because you're wasting bandwidth like spam does. two wrongs don't make a right, perhaps you should send a polite e-mail to the persons isp and tell them what is happening and they can acctually do something, cos if it is correct, they can do something about it.

for one, by mailing him you're veryfying your e-mail is valid..

Re:alexgurry@intra.ru

[httptech]

A search on DejaNews reveals alexgurry@intra.ru is indeed the owner of the spam.

http://www.deja.com/pro file.xp?author=alexgurry%40intra.ru

All his posts are porn-spam and reference the same URL that was in the email message.

Since his homepage on intra.ru exists and is another banner ad site, I'd say probability is extremely high this is the correct email address of the spammer.

Re:IIS 4.0 at Intra.ru

Not that I'd suggest anybody ever doing somethig bad, but intra.ru is running IIS 4.0. Which, as the story from yesterday said, has a nasty little over flow problem that allows writing straight to the IP register. And the people who found this little insecurity have also posted a crack.

Just thought it interesting. Wonder if Intra's sysadmins keep up on bugtraq.

Time to call the lawyers

[bluGill]

I would say that advertising porn with the /. name qualifies as defmination.

Too bad there are not a US orginization, international law is a myth that exists only when everyone wants it to.

Re:Time to call the lawyers

This is forgery--signing in the name of another with intent to deceive. Many were deceived (opened the link). The owner of the name was injured (hatemail and damage to reputation).

Talk to your DA!

Maybe you should move /. to Virginia if your local DA won't help. Eh, maybe not.

Re:Time to call the lawyers

Well, it's "forgery" any time anybody obfuscates their real email address with NOSPAM or other such lame 'protection' as well.

The solution (and we're headed there) is the requirement of end-to-end return address validation on all 'net email routing. With, of course, one-way encryption signing the messages. Strong crypto can be a good thing. Soon, if we're lucky, it will be required on all 'net corespondence and usenet posts.

The concept of anonymnity is the problem that makes spam possible.

Re:good question

[Hemos]

We didn't send it. Conceivabily they got the list through other measures-that's what we are looking into.

Re:good question

[RabidMonkey]

The /. people are as against spam as the rest of us - why would they do that? Think before you post and try and raise hell.

Re:good question

What's the difference? Porn sites have money too.

Re:good question

[dattaway]

The spammer got my old email address that I haven't used for several months since I got my static IP. He must have compiled the list of addresses long ago. What pisses me off is that the guy looks bent on trying to destroy slashdot getting people riled up and emailing abuse@slashdot. Would it be reasonable to assume this guy is pulling a DOS attack?

The connection between slashdot, RC-5 and porn

[Marc+Rietman]

The list originated from the distributed.net memberlist of slashdot. It became very obvious to me when I noticed they had used an email I only use to send/recieve rc-5 blocks. Maybe the list should be protected by the team owner of /.

I know it can be done, because EvangeLista did this already.

Re:The connection between slashdot, RC-5 and porn

[iturbide]

Yup! That's it.
The mail was sent to the address I userd for registering for that. And that's a different one from the one I used for registering at slashdot.

Thanks for solving this riddle.

Re:The connection between slashdot, RC-5 and porn

That sucks. Especially since /. was just asking
for more participants for rc-5. People might
think twice about joining if they are going to get
spammed for it.


It's a shame spammers have to ruin everyone's fun. :(

Re:The connection between slashdot, RC-5 and porn

[MikeTurk]

Now send an email to jjb@powersite.net and complain that alexgurry spamed his click-through page

I did exactly that. Transcript follows:

From: niles@powersite.net
This account has been terminated without pay and any traffic resulting from this SPAM has been blocked on our servers.

Niles

CEN

----- Original Message -----

>>From: "Mike Turk"
>>To:
>>Subject: Abuse of Click-Throughs (Fw: Dear Member of slashdot.org (miketurk@tampabay.rr.com))
>>Date: Thu, 17 Jun 1999 10:08:03 -0400
>>X-MSMail-Priority: Normal
>>X-MimeOLE: Produced By Microsoft MimeOLE v5.00.2314.1300
>>A person, apparently by the name of Alex Gurry, sent an unsolicited e-mail
>>with a forged return address to approximately 3000 readers of Slashdot
>>(www.slashdot.org). The reason I'm involving you is this: The URL below
>>(http://join.at/freepc) points to http://chat.ru/~sexybabies/hot.htm, which
>>has a banner from your site on it, and your site has a commendable policy on
>>spam. Please take whatever action you feel is appropriate.
>>Mike
>>--
>>Honk if you love peace and quiet.

So it appears that any click-throughs onto the trafficcase banner are now irrelevant. Yippee!

Mike
--

Re:The connection between slashdot, RC-5 and porn

[BitPoet]

Last time I checked, I was a member of Team UFie... I did /. for awhile, though. Hmmmm.

Re:The connection between slashdot, RC-5 and porn

[mistered]

Aha! Give that man a +1!

Go to www.trafficcash.com and view their Terms. They say

7.E-mail spamming is strictly prohibited. This
includes e-mail spamming, newsgroups, and IRC.
If you violate this term of your agreement you
will be terminated from the program and will
not be paid.

Now send an email to jjb@powersite.net and complain that alexgurry spamed his click-through page. This email is listed on the trafficcash site as the "questions or comments" contact. Or, if it's local for you, call 1-954-563-9008.

Thank you.

Re:The connection between slashdot, RC-5 and porn

[D.+Taylor]

Actually:

Team slashdot wasn't the only team spammed.

My team (nildram Ltd -- my isp), was also spammed and so were a few others I know of.

The best idea is to go to your properties on the stats page, and choose to be listed by real name (or participant ID)

Re:The connection between slashdot, RC-5 and porn

[mistered]

Just a note on my earlier comment, to explain where trafficcash.com came from:

http://chat.ru/~sexybabies/hot.htm is the actual page to which http://join.at/freepc points.

In that page's HTML, his click-through banners are of the following form:

Link:
a HREF="http://www.truly18.com/cgi-bin/click-te.cgi? alexgurry"

Image:
img src="http://www.trafficcash.com/newsite/banners/18 ban2.jpg"
alt="Truly 18" border="0" width="460" height="68"

Re:IIS 4.0?

Isn't join.at just a redirector such as come.to etc?

Re:Sad

[jandrese]

I think this is a little overrated. I've been posting my email to the usenet and Slashdot for some time now and I still get little (almost no) spam. The only account I have even been heavily spammed on is my old AOL account, but their system is stet up to delight spammers by always keeping a list of all of their members available to the public. Besides, if you never give your email address out what use is it?

Not harvesting, or not fully

[anticypher]

My email account is not obfuscated, but it is a tripwire for spam. I haven't received a thing from this spammer. My account has been active for a few months now.

Methinks this is just a prank to dig at the slashdot community. Lets not let that happen. Just ignore them and eventually they will go away, or get a little maturity.

the AntiCypher

UDP or SDP?

[Stavr0]

Perhaps they need to be taught a lesson. Slashdot should consider filing for a Usenet Death Penalty or, if there such a thing, SMTP Death Penalty.
- - -

Re:UDP or SDP?

[demon]

SMTP death penalty? I think that's called RBL, folks.

Re:Spam, the ultimate coders itch.

[Booker]

Doesn't seem like that great of an argument, I guess. If your ISP sucks, why not find a decent ISP who uses a good MTA? Seems that allowing an individual to connect directly to your mail host is quite an open door to abuse... I know, it sucks... bah, I don't know. I'm just sick of spam.

p.s. I have no idea why this gets posted with a score of 2....

Re:A method to make spamming expensive.

[B.D.Mills]

The only criticism I have is that the $100 "fee" is actually too small. Spammers who are running those despicable pyramid schemes are likely to make far more than this.

I understand that the law in Washington State, U.S.A. allows people to sue for $500 for each spam with a forged return address that they receive. Your fee should be about this large.

I believe that you have a right to make spammers pay in this way. I pay for my net access at home. Each spam I receive costs me money. Why can't I take action to recover my costs?

Re:Porn scam

Slashdot like other web sites are always under critisms, especially for what they post.... Its lame to assume other wise....

Kick ass!

HAHAHA! That just took my department by storm (everyone has sparcs with fingerd turned on on their desktop)

you can't be sure

[cambion]

the stupid IIS stripped the last IP, so one can't tell that the spammer was in Russia. The vulnerability of the server in the domain .ru was used for this spam, but you cannot tell where exactly the spammer was located.

About suing the organization who owns the server used in the spam: guys, forget about it. As far as I know our laws (yes, I'm from Russia) related to the computer crime, there's almost no legal way of suing someone for spam. And it would be a very time/money consuming process.
Usually, we deal with such cases just by contacting with the sysadmin of the mailserver used in the spam and telling him to fucking close the security hole. Sometimes it helps, sometimes not.

Re:Spam, the ultimate coders itch.

[Merk]

Yep. It's been a back-burner project of mine for a while now to make a spam filter. I think I have a winning concept, but the execution is both time consuming and hard. I'll mention my concept and see what you folks think.

The program would be a learning program, based most likely on a neural net. The core of the program would be a list of 100 or so "words". These words would initially be randomly chosen "words" from my entire inbox file. Eventually the program would see these words as triggers. For example the "word" mom@moms.isp.net (i.e. my mom's internet address) would be a strong indication it's not spam, however "VIRGINS!!!" would be a strong indication it's spam.

Now the program would randomly choose these words, and eventually keep the ones with good relevance (like the above), and throw away the ones with low relevance. Low relevance words would be either words that are seldom seen, or ones that are found both in legitimate and spam mail: "a", "the"...

The strength of this concept is that it is tailored to the individual. Even without things like my mom's email address, I imagine the words that are often seen in my legitimate mail are different from the ones seen in another person's. This goes down to the machines that the mail is likely to pass through on the way, etc. So once the 'net had been trained properly, it should be very good at knowing whether the new mail is spam or not.

The other big strength of this system is that it ends up using the same criteria I use to determine whether or not something is spam -- the words contained in the message. I can tell at a glance whether something is spam based on the words. A rule based system can easily be fooled -- as this article shows.

The weakness, of course, is that as a AI type program, it must be taught. But I don't think this would be too hard. My guess would be that to teach this program you'd simply have to take a huge chunk of mail you've received in the past, mark each message as being spam or not, and then let it train on that.

So what do you think? A good idea? A lost cause? I know it really doesn't go after the root cause of spam, and means that the Spam keeps clogging up the 'net, just that I don't see it -- but right now that's enough for me.

.../. showed tolerance for spam before this.

[Christoph]

quote from an earlier story:

"Posted by CmdrTaco on Tuesday April 20, @10:59AM EDT, from the this-ought-to-get-interesting dept.

Stephen writes 'UK ISP Virgin Net is suing a former subscriber for loss of business caused by his alleged spam'... I personally think that we should legalize spam , but require the word 'SPAM' or 'AD' to appear in th subject so we can procmail it out. Or just set our sendmails up to discard it. And I think failure to clearly label spam should be punishable by death."

Even the above would not cover "joe-ing", or the disparaging of another's reputation through false headers...what just occured here at slashdot.

If false headers and false reply-to addresses were not allowed, because mail relay protocols couls somehow intercept them, spam would cease to exist.

When protocols are in place that require a genuine reply to and headers, they can be used whether they are required by law or not. After all, there is no law that specifically protects the right to use false headers and false reply-to addresses.

I'm thinking here returning any email without a verifiable reply-to, and RBL(blacklist) the source of any any email without valid headers. The reply-to address could be queried somehow, such as when a large mailing is detected...there are probably other, better ideas how to implement this, but it would not require any new legislation. Just a consensus.

The flood of angry replies would serve as a kind of DOS attack/mailbomb of any spammer's mailbox. The trafic would help shift the cost of spam back to the sender, and eliminate the profit motive. I guess a full mailbox would have to count as a false reply-to, and halt any further relaying of a given spam mailing. So once you get 5megs of replies, the spam stops...or you have to pay for a bigger and bigger mailbox (5 gigs+?).

Re:good question

[CrazyFraggle]

He must have compiled the list of addresses long ago.

In my experience as postmaster, spammers never use up-to-date lists. I receive severel rebounds from the mail system daily from mails destined for no-longer existing users on our system, and which bounce back since the reply-field is bogus as well.

Needless to say, I hate this. A lot.

Do your bit against spam

[bpdlr]

I have a Hotmail account I give out when filling out online forms and such - so if the Webmaster decides to sell my details (because he's outside the EU for example and isn't bound by consumer data protection laws) then the spam gets held at Microsoft's expense. It's amazing how much spam I get there as well. Then every month or so I open up SpamCop, and start cutting and pasting. Not only does this give me immense pleasure, but I feel I'm doing my bit against spam.
--

Barry de la Rosa,
Senior Reporter, PC Week (UK)
Work: barry_delarosa[at]vnu.co.uk,
tel. +44 (0)171 316 9364

Sue Them

AOL's won several cases where spam headers were forged into AOL.com. This isn't much different and you're sure to win.

"But AC," I hear you cry, "They're international..."

No problem. Sue them. Win by default when they don't show up in court. Then get the US lines that feed the ISP cut off. That should be do-able. Sure, you probably cut the entire country off from the internet becauase of one person but maybe their mail admins will think twice in the future before letting their system be used as a spam relay.

Re:Sue Them

Sure, you probably cut the entire country off from the internet

You have no idea about the legal process. Given your suggestion to cut every uplink for something moronic done by one user, would cut personally you r's link much sonner than you think. Besides, it is not certain that legally you can challenge this guy in the USA, since the crime (if any) originated in Russia, you can only, I repeated only try to sue him there. To the best of my knowledge there are no laws prohibiting spam in Russia, there are no laws that forbig forgery of an Email. You have zero chance dude, even if you had money. MSFT tries for years, with all their money to prosecute real theifs selling warez CDs for $4 on streets, and they still can't do anything. Russia == no laws.

Re:Feel the power baby...

[arcade]

>Not that I'm advocating this, but if we were all to
>ping flood him, he would die a horrible death.

*Argggh*. Kids at play. Pingflooding is *not*, I repeat *not* a good way to solve a problem. You hurt his ISP, his ISP's upstream, also, all the systems involved in ping'ing the poor sucker will lose some bandwith, and so on.

Flooding hurts the *entire* net. Not only those that get hit. When ISPs have to double their bandwith because half of it get wasted because of smurfattacks .. you should start thinking.

The team list lists you anyway

[CraigMcPherson]

The D.net team lists contain EVERY e-mail address that has ever contributed blocks to the team. Even if you submitted a single block, you're on the list for the long haul.

Re:good question

[twrayinma]

Most likely the addresses were picked up by a spider program going through the web. I didn't get it, and I'm not on the RC-5 /. list.

Re:Favorite spice girl

I'd have all of them, any time, any place.

Don't shout at me for being off topic, you asked.

Re:possibly harvested from distributed.net?

IIRC, the team coordinator can set a flag to hide/not hide team members email addresses.

Somewhat Simple Solution

[Pika]

I dont quite understand why; but I agree with most of you, THAT SPAM MAKES ME SO F$%^ING LIVID its unbelievable. I've been kicked in the jimmy before, and I was pretty pissed. But I get spammed, and I get so pissed I want to hunt the prick down and shove his little porn lovin, banner ad hostin, laptop up his arse so far he burps it up in the morning.
why is this???

my main point is, simply go to the porn companies who are paying this prick to attract the customers, show them what he did (spam mailing). Explain that spam, especially spam under false pretenses, is in the grey area of legality (and also pisses a lot of people off), and more than likely the spammer will receive no compensation for his work.

Its a small victory... Even though I would rather rip off his head and pee down his throat.

Re:Somewhat Simple Solution

[iceygambler]

Push delete button.They wear out after a while.

Re:Any crackers available to help?

[kgasso]

don't even think about doing that.. getting 'even' by doing something illegal is not only stupid, but could possibly land your ass in jail (which is not a very nice place, last time i remember it anyway). mail the owner of the relay used, if they refuse to respond, mail the uplink. if they don't respond, mail their uplink.. most (if not all) uplink isps have policies which will force their customers to deal with spammers or lose their connectivity. there's always someone to complain to.

it was overdue

[The+Queen]

Just want to wag my finger and say, "you knew it would happen!"
The /. effect can be overwhelming at times, and this guy obviously picked you all out. He knew that either:
1-you would all go to his site to see if he really WAS affiliated with /.
2-you would all try to use the /. effect on his site, which is what he wants anyway
Spam sux. But do not act shocked that it happened to /., I think it was overdue.
(Of course I can keep a cool head about it cuz I didn't get the spam, LOL.)
Short of hacking the f*ck out of his site, I don't think any of the other options laid out here would be effective...

Re:it was overdue

[Shadowcaster]

So hack the little shit's site. Make the page say something amusing. Prefferably something insulting to him and/or his mother. ;)
Better yet, if you can find an email somewhere to the likely culprit while in the process of hacking, throw in a JS that sends an anon email from the page to it every time it's hit. Then spam the living hell out of the page.
And make the page RO so it takes that much longer for this genius to figure out 'Well why cant I delete this thing?'
Any other additions to this returnspam idea would be more than welcome.. by me anyway. :)

Re:good question

[danec]

I doubt that this was just a random spam to everyone in the world, with the hopes that it would reach some slashdot users who'd be taken in by the return address.

And i'd bet pretty heavily against these spammers having stolen the internal email address list.

What i imagine happened, was that some sort or crawler program sucked up hundreds of thousands of posts in the comments, after all its nots hard to generate the urls for the individual comments (http://slashdot.org/comments.pl?sid=99/06/17/1232 41&cid=xxx where xxx is the message number, can't be much simpler.) That would explain why not every single slashdot poster got the spam because some through that NOSPAM in the middle of their email addresses just to confuse spam bots.

Pay-Per-Click...

[Ellis-D]

For the years that I have used these programs, I have never seen a single cent from the money I should of made.. Any one else get the same results?
I ate my tag line.

Re:Pay-Per-Click...

[Jeff+Knox]

Actually, you just have to get signed up with a professional banner advertising company. Go check out safe-audit.com. They are very professional, you actually receieve your money. They have ads that pay anything for 5-30 cents a click, or they also have some that pay like 2 dollars or so for 1000 views. Check them out, ocassionally there servers have problems, but overall they are the best I have found.

abuse@slashdot.org

[mattdm]

abuse@slashdot.org should exist.

--

Re:abuse@slashdot.org

[demon]

Yea, as a mailing list for us Abuse (the game :P) freaks. I'd subscribe!

Re:Shut him down and flush him with an enema

[ChrisMul]

MTA stands for "Microsoft Transfer Agent", the portion of Microsoft Exchange Server that attempts to deliver the message to one of it's internal addresses.

It looks like this guy was using one of Microsoft's 120 day trial licenses...maybe the best response is to forward the emails to piracy@microsoft.com and let them deal with it from an illegal-software perspective...:o)

Please read his message!

[BiGGO]

Damn it,
They can get 180,000 valid email addresses out of there with a robot.
I think we should ask distributed.net not to tell our emails,
but rather our names, just like, ehm, seti@home does.



---

Re:Take 'em to small claims

[gavinhall]

Posted by ThickAsTwoShortPlanks:

Great.

Unfortuantly, I live in the UK. It's an american firm. Nasty international boerder problems. I guess I *could* sue them here, but, it's a whole different ball game.

At least there's some positive action US citizens can take easily - now if everyone did this the 'net would be a better place.

Thanks for the advice.

Later.

Mark.

A method to make spamming expensive.

How to stop spammers:

Spaming happens because of economics. Messages are cheap to send and 'no recourse' exists to punish the spammer.

Answer: Make it MORE expensive to spam than to not spam.

1-Create a 'sign' that says "if you sent spam, I'll accept it because I accept spam. My spam fee is $100" or something like this, depending on what works for you.
2-Allow in the spam.
3-Send the company with the spam a bill
4-Charge fees when they don't pay the bill. Administrative fees
5-When the bill gets large enuf, sell the debt for pennies on the dollar to a LOCAL person to the spammer.
6-Said LOCAL person(s) takes the spammer to court on each debt they bought
6a) different local people, different court days to make it more fun for the spammer.
7-If the case is a draw, the spammer still pays legal fees. If you win, push the debt collection to the point where they either declare bankruptcy. or go to jail

We don't need new laws....just a desire to turn the spammers over to lawyers and use the laws we ALERADY have.

Me, I've been thinking about this idea for some time. Only works if LOTTSA people decide to play.
Just getting lottsa people to play is the problem. And my automated software doesn't work 100% automated.

(HINT: If you GOT the spam, and don't have up the 'notice of billing' it would be unethical to claim you did, then sell the debt to someone else.... So please don't take the above as an invite to /. The spammer in court. Cuz, like that would be wrong.)

Re:A method to make spamming expensive.

Interesting, perhaps.

The question is: Is such viable?

If there is one group that can prove/disprove this it's the /.ers. Most hate spam. But do they hate it enough to work TOGETHER and hate it enought to take someone to court in, say small claims?

Or, even hate it enough to put up a wep page to track down this spammer, and sue him/her?

I'll bet that more /.ers are lazy and won't bother. All sound and fury that signifies nothing.

Re:Help! What can we victims do about this?

[gavinhall]

Posted by ThickAsTwoShortPlanks:

Good idea - I didn't think about this at the time. It's been a while, buit I might have a go at dealing with this some time in the summer.

I supose this goes along the 'nobody has to forward your packets' line of thought.

Thanks.

Mark.

Why don't we just /. them?

(Not an anonymous coward...forgot my password, and I'm proxied out of e-mail at work...)

Ok, if these guys are spamming us, why don't we just show them the true power of the /. effect, and overflow their e-mail boxes? Or the boxes of their sysadmin?

That'll learn em!

-The quest for truth died with the birth of the net. Now we have all the truth we could ever want. The new quest is how to make sense of all this damned truth cluttering my terminal. -Alex

The real alexgurry@intra.ru (maybe)

A quick search of the RIPE database (kind of a European Internic) shows who could be the real person behind Alex Gurry, including address and telephone number and his real (?) email address. (Sorry this isn't on a web page but I'm behind a firewall that will not let me ftp)

% Rights restricted by copyright. See www.ripe.net/db/dbcopyright.html


The object shown below is NOT in the RIPE database.
It has been obtained by querying a remote server:
(whois.ripn.net) at port 43.
To see the object stored in the RIPE database
use the -R flag in your query.



domain: INTRA.RU
type: CORPORATE
descr: Corporate domain for
descr: OOO "Intra-Center+"
admin-o: OIC1-ORG-RIPN
nserver: main.icp.rssi.ru.
nserver: mx.intra.ru.
created: 980728
state: Delegated till 30-SEP-1999
changed: 990608
mnt-by: INTRA-CENTER-MNT-RIPN
source: RIPN


org: OOO "Intra-Center+"
admin-c: GOE-RIPN
bill-c: GOE-RIPN
phone: +7 095 9350001
fax-no: +7 095 9350002
e-mail: gerko@icp.rssi.ru
e-mail: gerko@intra.ru
nic-hdl: OIC1-ORG-RIPN
changed: 980723
mnt-by: INTRA-CENTER-MNT-RIPN
state: RIPN NCC check completed OK
source: RIPN


person: Gennady O Eremenko
address: Intra-Center+ Company
address: 7a, Novatorov str.
address: 117421, Moscow, Russia
phone: +7 095 9350001
fax-no: +7 095 9350002
e-mail: gerko@icp.rssi.ru
e-mail: gerko@intra.ru
nic-hdl: GOE-RIPN
changed: gerko@intra.ru 980623
source: RIPN



%%% End of referred query result

Re:The real alexgurry@intra.ru (maybe)

It looks like "Gennady O Eremenko" is the web admin for this site "GOE-RIPN" so it probably isn't worth emailing him about this.

Re:operation system?(proving it was fake)

[Shaggy]

Actually, when I got it I could tell right off it was bogus - the address they sent it to isn't the same one on file here in my preferences ...

And the ip address of ras1.icp.rssi.ru seemed to be off a little...

Re:How to LART this spammer:

[kgasso]

if you have decent spam/open relay filters like me, the email gets dropped at the smtp server - check out obtuse's smtpd and also the MAPS and ORBS RBL's (which i filter with - no more open relay spammers). even if a server isn't in the database (yet), some PO'd sysop will probably add it to one/both right away, making the spammer lose a significant chunk of his audience.

Obtuse SMTPD: http://www.obtuse.com/
MAPS RBL: http://maps.vix.com/rbl/
ORBS RBL: http://www.orbs.org/

/. not into porn? What about Katz and his sexbots?

About which he went into too much detail. Hmmm. He's really been giving it a lot of thought.

--
Yeah yeah. I know. Score: -1 (Flamebait)

Makes sense that's it's through distributed.net

[Androgynous+Coward]

I was sent the email to my (former) work address and was registered with that address under the Slashdot Team. I immediately figured it wasn't Rob but also clicked anyhow (soooo tempting). Why even bombard this fellow and give him the pleasure (and maybe even press). If it can find out who he/she is just let Rob lean on him/her a bit (don't you have any clout, Rob?). Otherwise if you raise too much of a ruckus you have another Spamford in the press for the next year.

AC

You missed the court ruling; it's not anymore.

[MenTaLguY]

There was a /. article on this yesterday or the day before, I believe.
---

I never got it

[CrazyLion]

Just another piece of evidence that slahsdot didn't sell the list. I am not on slashdot rc5 team and I never got spammed, neither did my firends (who aren't on rc5 team either). I do know that slashdot has my e-mail address since I'm a registered user, so wherever the spammers got this list it wasn't from slashdot itself.

yeah, but my address is 'spamproofed'

[DJK]

so how did it get *my* address?

How to take him out.

[a.out]

If we cut off the reason that he is doing this it will be even better.

How do you screw over the clickthrough sight? Most porn sites have clickthrough policys, if you complain that the clickthrough site is spamming or using illegal means to generate hits they will pull the plug on his account and give him NO money.

I'd do this myself, but I'm at work so no porn sites for me.

DO NOT CLICK ON HIS BANNERS!

This is his isp: www.intra.ru can someone find his homepage?

Tell him what you think of spam: alexgurry@intra.ru

Re:Shut him down and flush him with an enema

MTA is stands for Mail (not Microsoft) Transport Agent. He is using Post.Office which is not a Microsoft product (look at www.software.com), so your complaints to microsoft will be useless. What is really strange that his Post.Office license is expired. Trial version of Post.Office has a number of user limitation but never expire.

Re:good question

[ian_d]

Hmm, I'm not a regular /.'er (registered last week), but I'm on the RC5 team since a couple weeks back. I agree in the RC5-list theory on this count.

/IanD

Re:Well, where did he get my address then? yes.

[iturbide]

Well, I guess we found it.
I'll just leave it to the bloodthirsty herd to deal with it.
Good luck at crowd control.

possibly harvested from distributed.net?

The only place I know of that has my email address visible in any connection to slashdot is distributed.net, where I signed on to the slashdot team. I assumed, till I saw this news item, that someone had set a robot walking through the results rankings harvesting addresses...
A simple test: did anyone get the spam who hasn't participated on distributed.net?

At least the SETI@home has a provision for NOT showing your email address on any public results pages.

Re:possibly harvested from distributed.net?

[zztzed]

If you want to destroy his possibilities of fathering children, you'd have to bust something other than his skull...

Re:possibly harvested from distributed.net?

[dattaway]

The spammer used an old address I thought I retired. Now that you mentioned it, it was my distributed.net address. I was just busting keys with that address, now I have to bust the skull of some dumbass knucklehead spammer so he can't father children in the future.

Re:possibly harvested from distributed.net?

[Doctor+Memory]

Dunno, kinda hard to father children if you've got a busted skull...

Re:possibly harvested from distributed.net?

[zur]

Even if the slashdot.org spammer didnt get his addresses from distributed.net listings, the way d.net lists its participants is very friendly for spammers. It`s very easy to get thousands of addresses listed, and probably most point to "real", frequently used inboxes.

A better solution might be to only list names, or to show team member listings only if you are a team member (i.e. you know the password for a team participiant)

I didn`t receive the spam message, and i dont send my blocks for the Slashdot team.

Re:possibly harvested from distributed.net?

[Andy+Dodd]

Nope. No spam, not participating in d.net. (At least, not for a while...)

Re:possibly harvested from distributed.net?

I'd also say definately from distributed.net - I initially thought it was a distributed.net announcement till I read the contents of the message.

It used an email alias I use exclusively for distributed.net

I belong to team slashdot, so I assume they just took the slashdot team listing.

Re:Spam, the ultimate coders itch.

[MikeTurk]

OK then...the headers say it came from ras5.icp.rssi.ru. According to www.rssi.ru, that is the remote access service of the Institute of Chemistry and Physics in Moscow. RSSI is the Russian Space Science Internet, an non-profit ISP for the scientific community in Russia.

I looked for an account administrator to send this to, and I found marina@rssi.edu.

Please do not slam this woman's mailbox. Send a well-constructed, concerned letter. The spam is not her fault, but it may be her responsibility to deal with it.

Mike
--

Re:International Law

[dattaway]

No, we don't need no stinking laws. The internet can heal itself without involving the slow creaky wheels of justice. If they keep it up, the pipe dumping raw noise into the internet will be simply cut off and blackballed. Things like that happen if you have a mail relay and allow abuse.

Here are a few great antispam links:

http://maps.vix.com/
http://www.orbs.org/
http://spam.abuse.net/

Re:Spam, the ultimate coders itch.

[Booker]

There are SO MANY good tools out there for sysadmins to block spam, if they'd just use them.

maps.vix.com has both the MAPS, a list of known offenders, and the DUL, a list of dial-up users from which direct mail should never be accepted. (Dial-up users should always go through their ISP's mail host...) www.orbs.org contains a list of insecure mail hosts which are often trespassed by spammers.

Blocking with these three lists would go a LONG ways towards reducing spam. If sysadmins would just use them... It's much harder to do as a user, unfortunately.

Check ORBS as well

[Booker]

www.orbs.org is a clearinghouse of info for open relays. Very good site.

No emails at distributed.net

[Marc+Rietman]

Well, to be honest, you CAN change the way it displays you id. Choose between:
- email
- participant 123456
- real name
- maybe more?

Just go to your personal preferences page at the statspage.

Re:???

[Marc+Rietman]

SlashDot can't have sold my email adress, just because they didn't know it.

I use different emails for different things. distributed.net@rsoft.demon.nl isn't one I've used at SlashDot.

Now you try to figure out how they could have done it...

PS: Read other comments before you insult anybody

Re:How to LART this spammer:

[MikeTurk]

I knew that mx.icp.rssi.ru is an open relay...however, the headers say this message originated at ras5.icp.rssi.ru, then went to mx.intra.ru, and then to mx.icp.rssi.ru. What I'm trying to say, I guess, is that it started within a dialup account inside icp.rssi.ru before it got to mx.icp.rssi.ru. This person may actually be a member of this ISP, and given the timestamp on the headers, he is most likely in the correct time zone (GMT +4) for Moscow.

Mike
--

Any crackers available to help?

[shadrack]

Just wondering if there are any crackers on /. who wouldn't mind helping out online society and going after these slimeballs?

Re:Any crackers available to help?

Here's how I feel we should handle this issue. The slashdot effect, is a mighty powerful 'force' if you will, and perhaps this time we can use its power for good. Basically what I'm suggesting is we use the slashdot effect to our advantage. If this guy wants to show us some banner ads, well lets all schedule to hit it at the same time. Mass viewing leads to crumbling of the httpd and he learns not to reckon with a group such as ours again.

Landsharks

[overshoot]

Since nobody else seems to have mentioned this, let me point out that there is already case law making this kind of thing actionable. (Look up the sorry story of flowers.com)

I'm not a big fan of loosing the landsharks, but in this case it'd be a major service to the 'net. And yes, that means I'd kick in to get the action started.

Re:Spam, the ultimate coders itch.

[f1r3br4nd]

To the poster who can tell "at a glance" whether something is spam or not: you might want to put special thought into what lexical clues allow you to differentiate between a legitimate dirty joke someone sent you and an XXX site advert. What other non-list messages are there that we get (and want to get) that resemble spam? I say non-list, because of course commercial lists that you've deliberately signed up for are trivial to make exceptions for in a filter.

Poison Spammer's Database?

Does anyone know what the consequences would be if a spam robot got its hand on this little document?

http://impressive.net/people/gerald/misc/email-a ddresses

yikes!

When reporting spam...

[davew]

Guys, a plea from someone who spends time at both ends of the postmaster address.

This sounds weird and useless when faced with an ISP that seems to be complicit in the abuse of your mailbox. But some ISPs, bless 'em, do still take this sort of thing seriously.

I make it a point to read, reply and act on every mail sent to postmaster@ or abuse@ my employer. It's thankfully a small trickle, since we don't do any kind of dialup. But it's sad to say that the important (technical) parts of these reports are often misdirected or swallowed up in threats of litigation or violence.

Think of it this way: every extra minute the abuse guy has to spend divining info from your report is one less minute he can spend fixing the problem between now and 5:00pm.

Know what headers you can trust

When making a technical report, make sure you get the facts right. Forwarding the spam to postmaster, abuse and domain-holder@every address in the spam will go to a lot of people who can't deal with the problem, which doesn't help anyone.

The only Received: header your can really trust is the one where it entered your systems. That'll usually have come from a dialup (sorted) or an open relay (messier). If it came from a relay, report it (see below) and by all means check the headers further down - but at least check them for sanity. They're often forged, and spammers are slowly learning just how many people get thrown off the scent by this.

The From: line can't be trusted at all. Forging it is trivial. And, of course, just 'cause someone says they're from Slashdot or AOL or Hotmail doesn't mean it's so. Concentrate on the network that really sent you the spam, not the one they say they are.

If there's a website mentioned in the spam (hint: if you see http://long-integer-address/, use "ping integer-address" to get it back into dotted-quad in a hurry) then traceroute and mail the upstream, but make it clear that you're reporting a site named in a mail abuse, not a host that spammed you. In other words: use a separate message.

Be polite!

You've heard this one before, but hell, it's worth iterating. It's amazing how refreshing it is to have a polite message from an obviously clueful individual land on your desk. Threats and foul language won't have spammers and spamlovers quaking in their boots, but it will give decent postmasters pause for thought before replying, and it will make the real evidence in your message harder to find.

And believe it or not, there are people out there who genuinely don't realise that their brand new UNIX machine came with a buggy sendmail. A bit of patience and cooperation works great with these people. Unpleasantness gets you blocked at the router.

I'll climb down off the soapbox now. Thanks for listening. I'm sure as hell not out to defend spammers or negligent ISPs. I don't think any of the above will help them. But I hate to see ISPs that do give a shit having to replace their Real Live Postmaster with a mailbot or clueless helpdesk just because the signal:noise ratio in reports has gone to hell.

Postmaster mail, like any RFC requirement, is binding by consensus only. Use it, early and often. Just please don't encourage its demise.

Dave

--

Re:The Team Warped list should have been spammed t

Wait, that means you weren't on the Slashdot RC5 team? What do you have to say for yourself, hmm?

alex gurry will not make money from this

[smcd]

I sent an email to jjb@powersite.net complaining about alex gurry's abuse. I just got a reply back. A reasonable action methinks.

From: "Niles" [niles@-nospam-.powersite.net]
To: [smcdermott@-nospam-.mediaone.net]
Cc: "Jay Cattanach" [jay@-nospam-.powersite.net]
Subject: Re: alex gurry spam [TERMINATE alexgurry - TCIII]
Date: Thu, 17 Jun 1999 11:55:06 -0400

Thanks for the SPAM report.

This account has been terminated without pay and any traffic resulting from this SPAM has been blocked from our servers.

Fight back?

[Arandir]

Looking at the message header (or any spam's header), how does one determine the true origin of the message? Is this possible?

Sometimes I feel like bounding their message back to them a couple thousand times.

Hackers vs Spammers, a fable

[seth]

So once upon a time (two years ago, maybe) some genius got himself accidentally subscribed to the perl5porters mailing list around the time of the major perl5.004 push (lots and lots of messages a day, probably more than linux-kernel).

So the genius, as they are prone to do, said "GET ME OFF THE *#@%$%$# MAILING LIST RIGHT NOW". Everyone on the list, as they are prone to do said "Figure it out yourself, dingus" and forwarded him his own subscribe message.

So the genius then said "Get me off this mailing list or I'll spam the entire mailing list every day for the rest of my life and you'll be sorry".

So Larry then said "You don't threaten with a slingshot the inventer of the rocket launcher".

The genius was never heard from again.

This whole situation makes me remember that story. Whether or not this guy likes it, he's brought down the ire of the /. community which, as we've seen, is capable of generating more email by shear volume than any spam program ever could.

Poor bastard. If he's actual email address ever gets out ... We'll, let's not think about that ...

/.'ers are all porn freaks!

[hs2534]

Do a 'finger @porn.org' and see who is really into porn....

Re:Shut him down

[gavinhall]

Posted by CanSmegWillSmeg:

Just a suggestion. Anyone out there still with an AOHELL account create another id & forward him all the spam that you can find.

Just a thought.....

Measure twice, cut once

[Ancipital]

This could be a "joe job". Make very sure (by pretending to be a potential customer, mebbe?) before releasing the dogs.

There have been cases in the past where pammers have deliberately faked people's details (indeed, sent a spam for their company) deliberately to discredit and harm them.

I'm not saying this is what this is, but just check before the loonies start attacking this guy, ok?

Re:Measure twice, cut once

The bastard is using his webpage with the sole purpose to make money. It's intellectual value is close to the absolute zero. IMO this is the lamest way to make money, which promotes the idea that one doesn't need brains to earn for life. Given that, I think this bastard fully deserves to get the maximum penalty available on the Net. Suckers must die, now.

Got scared.

[suprax]

That scared me for a second. I thought, geez, slashdot wouldn't be sending me spam, windows spam none the less. :)

Spamming with Slashdot?!?!

I hope no innocent bystanders get hurt. Spamming using the Slashdot name sounds like something that will not enhance your life expectancy on the Internet. It's so stupid, I wonder if this could be an attempt to get us to attack someone.

Help! What can we victims do about this?

[gavinhall]

Posted by ThickAsTwoShortPlanks:

About a year ago a certain porn site used one of my site's email addresses - 'asThickas@TwoShortPlanks.com' as a reply address to a message that was plastered over a whole bunch of newsgroups. As you can guess, I was not much pleased.

I didn't do anything about it at the time, but my question is what *can* the individuals do about something like this? Who do I complain to? The company was using their own hosting service, so postmaster wasn't really an option.

Can people like me sue (slander?) If so, does anyone know anyone who's had experience in this kind of thing, preferably someone who has delt with this kind of before, and is feeling like doing it on a no win no pay basis. It'd be great if we could actually start hitting back easily and quickly every time this happens.

Later.

Mark.

Re:Help! What can we victims do about this?

[demon]

First thing to do if they own the host - have a nice, friendly chat with their upstream provider, and explain the situation to them, and tell them outright that you aren't impressed with this person/group/animal/other entity. Some upstreams don't care, but others will take action and tell them in effect "just remember, we don't need you morons, so cut it out". Also, if you control your mailserver and you're using Sendmail, use the RBL feature, and let the Sendmail people know of any offenders. Always satisfying to blackhole a spammer. :)

Re:Help! What can we victims do about this?

[Todd+Knarr]

Suing is possible under several laws, but often not profitable. Your best bet is to track down who the spammer gets their connectivity from ( their upstream provider ) and complain to them. Look at traceroute for the network immediately before the spammer's machines, and use whois to find who owns that network.

Re:Reason for using slashdot.org

[antic]

(below stuff applies if the page in question is simply a string of banners. i couldnt be bothered looking to check for myself)

actually, hitting the page with banners hard, but *not* clicking through could get the guy's banner accounts terminated. alot of those places will kill accounts which are providing incredibly poor clickthrough ratios and/or poor signup ratios despite paying out for clickthroughs.

they also tend to have anti-spam regulations - just contact the owners of the banner ads, give them the details, and chances are, the dudes account will be finished. no cash for his clickthroughs. awwww. ;p

Re:/. effect as a source of good?

Actually, this would only encourage the spammer, seeing as the crackhead in question probably gets $0.005 (or so - wild guess here) for every person who clicks on that link.

Re:Spam, the ultimate coders itch.

[elflord]

Killing spam is not so hard to do. I almost *NEVER* get spam, despite posting under my (unmodified) real address in newsgroups.

The one thing you can do to eliminate almost all spam is to reject Bcc-mail. Spammers almost never put your address on the header, so this is almost 100% succesful.

Of course, you will need a collection of appropriate exceptions to your "delete all Bcc mail" rule, to take care of mailing lists. ( it's probably also a good idea to accept all email from your work's domain ) See http://pegasus.rutgers.edu/~elflord/unix/ for a tutorial on procmail which explains how to do this

The Team Warped list should have been spammed too

[Chainsaw]

I recieved a mail containing a similar contents - but from the Team Warped mailinglist. Someone is spamming all the RC5 teams!

Hello dear member!
Team Warped (OS/2) offer you new service of overclocking your operation system
OS/2
For more information please visit http://join.at/freepc
We always think about You

------------------------------------------
This message was sent to you by
Name: Team Warped (OS/2)
Email Address: support@os2.com
IP Address: ras1.icp.rssi.ru
------------------------------------------

Using Aureate Group Mail Free Edition
Find out more about this product and try it
for free at: http://www.group-mail.com/1

Tell join.at, as well

[Booker]

www.join.at points to www.rename.net, and they have a good anti-spam policy. I can't find a contact address, but there is a feedback form. Get this guy's link shut down. But BE NICE dammit, it's not rename.net's fault.

Definately from distributed.net?

[MacJedi]

The spammer send a message to the account that I use only for distributed.net. The address has even changed slightly (the old address will still deliver mail) and the only place that I have not updated adresses is distributed.net.....

Trial license expired

[Paul+Crowley]

post.office MTA seems to refer to this product:

http://www.software.com/products/impostoffice.ht ml
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.

/. effect as a source of good?

[ariels]

Uhmm, isn't there a thing called "the slashdot effect" that happens when 1e11 people visiting slashdot click on the link?

The email message included 2 links. What would happen if *everyone* clicked on them?

We should make sure this doesn't happen.

Re:/. effect as a source of good?

[smcd]

chances are everyone won't get the email at the same time. /. effect occurs because link is posted to /. and noticed by everyone within an hour or so. the emails will probably arrive over a whole day or more.

Re:/. effect as a source of good?

[substrate]

Somebody post the link. I ordinarily just submit spam to spamcop and hope that takes care of it, it'd be kind of cool if they got too much of a good thing, maybe for a few days running.

Re:Spam, the ultimate coders itch.

Why should dialup users be forced to relay through their ISP's mail server? I don't want to rely on their network any more than I have to. I sure don't want my mail delayed or lost due to their incompetence, or mangled due to broken Windows MTAs.

The attitude that people should always relay their mail through their ISP's mail server is the same "everyone uses Windows or is up to no good" attitude that brought us universities scanning their networks for non-Windows machines and kicking those students off of the computers, as well as dialup and DSL users being banned from their ISPs.

Spam to distributed.net team members

[Decibel]

As far as we can tell, the spammer did harvest the email addresses from our stats database. They seem to have targeted both the /. team as well as the OS/2 Warp team.

As mentioned in our official announcement below, we're going to try to make it as hard as possible for spammers to grab email addresses, but its to impossible to protect emails that are listed 'out in the open'. If you're concerned about spam, PLEASE edit your info so that you are not listed by your email address.

Again, we apologize to those of you who were targeted by this spammer. Its very disapointing that someone would use the services of a non-profit organization, who's goal is to make the computing world a better place, to send spam.

Here's our official announcement:
Yesterday, a spammer 'harvested' email addresses from our stats database and sent out spam with spoofed email headers, making it appear that the spam came from slashdot.org or team warped. It appears that the spammer took email addresses out of the team member listing for the Slashdot team, the OS/2 Warp team, and perhaps other teams.

We are looking into ways we can make it harder for spammers to harvest email addresses from the stats database. Given the determination of some spammers, it will be difficult for us to completely protect email addresses without taking the stats off-line completely. Currently, our best line of defense is to allow participants to be listed by something other than their email address. If anyone has other suggestions, feel free to send them to our mailing list, rc5@lists.distributed.net.

If you are worried about your address being harvested, we strongly suggest that you edit your participant info and change how you are listed. In addition to being listed by your address, you can also be listed at 'Participant 123456' or by your name, which you can specify on the same page.

To edit your information, you need your password. If you don't have it, take a look at your personal stats listing at http://stats.distributed.net and click the link at the bottom of your listing that says 'I cannot remember my password. Please email...'

Once you have your password, go to http://stats.distributed.net/pedit.php3 You will be asked for a user name and a password. Your user name is your email address, and your password is the password that was mailed to you.

We hope that our users already assume this, but to clarify, distributed.net will never, ever sell or otherwise distribute your email addresses. The only method for people to retrieve email addresses is via the stats database. We do not support spam, and we're very sorry that someone would use our services to spam people.

Jim Nasby
distributed.net Human Interface

good question

[smcd]

yes, i'd like to see this answered too. my -nospam- address is the one i use here so unless there's a pretty clever email bot out there, someone got their hands on an internal /. mail list.

Re:good question

[Stephen+Williams]

someone got their hands on an internal /. mail list.

Not necessarily. I'm guessing they just used a random spam distro list. I should think that some people who don't even know what Slashdot is got this spam and are now rather confused. If they used a Slashdot mail list, surely everyone who reads Slashdot would have got the mail? I'm betting that only a small proportion of Slashdot regulars got spammed.

Re:good question

[smcd]

Sorry I didn't mean to insinuate that /. sold the list of emails but rather that they were stolen...

Re:good question

[smcd]

Not if they wanted to disguise the fact that it was a /. mail list they stole. Let's just say I'm VERY suspicious about this. My email address isn't that old and I don't get much spam...

Re:good question

[Evangelion]

And is a clever email bot really that hard to imagine?

Re:good question

I'm suspicious too. I wonder if the /. guys will
review how these addresses got out. Enough with the random mailing bs.

I hope /. isn't selling their "members" names for $$$.

Shut him down

[iota]

One of his pages has lots of links and information about AllAdvantage.com, some kind of online make money by referral page. Check out their antispam policy, and send them an email saying you don't appreciate Alex Gurry's spammage.

http://www.alladvantage.com/antispam.asp

abuse@alladvantage.com

http://www.chat.ru/~alexgurry/index.htm = Alex

enjoy,
jason

Re:Shut him down

Doesn't that make you a spammer too?

Re:Shut him down

Stupid people shouldnt "breathe."

You stupid person.

Spam, the ultimate coders itch.

[Some+guy+named+Chris]

Man, spam sucks!

I got this thing this morning (along with my dozen or so other morning spam).

Filtering spam is such a hard thing to do. You would think that some creative and talented person would come up with a foolproof way to kill those things before we ever see them.

I suppose the hard part is not letting spam through, but never, ever tossing real mail.

Re:Spam, the ultimate coders itch.

[Booker]

Unfortunately, this doesn't solve the problem... it just deletes it when it hits your inbox. It certainly does remove the major annoyance, but the problem is still there, clogging mail servers and using up bandwidth. And costing you money. I go back and forth - I let stuff come through for a while, put some notches in my spam-hunter belt, and then filter again when I can't stand it anymore. :-)

Re:Spam, the ultimate coders itch.

[Merk]

See, the thing is I don't want to have to think about the lexical clues that make the difference between a dirty joke and spam.

I'm hoping that after a thorough training cycle my program would be able to tell the difference without my help. It could be many things: the "from" address, the "to" address, my name in the header, my name in the body, the presence of a hyperlink, trustworthy / untrustworthy domains in the header...

Given a big enough "training sample", I think my program should be sensitive enough to discover rules for spam without my helping it any more than flagging the messages in the training sample.

Distributed.net - I think not.

[Jeremiah+Savage]

I haven't contributed to D. net for slashdot (though I have for my school's team) and I got the spam. So maybe it was a generalized D.net attack against all teams.

Jeremiah

Re:operation system?(proving it was fake)

[robwicks]

I saw it this morning. I didn't look at it closely, but it sounded strange. I was going to send off an email to Rob when I got home.

Hello?

Looking at those headers and even the body of the message, how could anyone think that the message actually came from /.? Or are there really that many clueless lusers reading /.?

Too late.

[Booker]

The loonies have left the gate, I'm sure. And this right after we read the Andover News bit about rabid slashdotters. *sigh*

Re:International Law

[zur]

> Does that invulnerability work both ways? Could the sender of the mail be spammed just as he has spammed others? I like that:
> "Spam not unto others lest ye be spammed."

As spam.abuse.net says, don't follow up to spam postings, lest your posting also become spam. Nothing is gained by fighting evil with evil, we should hold the high moral ground in these issues.

Try to find out his real name, then phone him

If you can breach the anonymity of this individual and find out his real name then some Slashdotters who live nearby (Im sure we are in all major cities in the world) can knock on his door and politely ask him to stop posting Spam.

Perhaps tell his mom to revoke his Internet access, or his employer if he has another job besides Spamming.

From personal experience it feels GREAT to nail just one of the assholes.

Deja(news) search

[Booker]

Check out this link for a posting history with this address... note, however, that even this is not proof that "alexgurry@intra.ru" is the originator. Sure does look like it, though.

Take 'em to small claims

[Izaak]

Bill them for the time you spend cleaning up the fallout. Make it just within the limits of small claims in your state, and then file a claim against them when they don't pay. The filing fee is generally rather small and you don't need an attorney.

You've got a less than tiny chance that the idiots will blow off the court date (you would be supprised how many people do) and the court will almost certainly find in your favor as a result. You could win a lien against their bank account(s) or even physical assets.

At least that is how it works here in Wisconsin. YMMV. Of course if the SPAM originates from outside of the US, this won't work.

Thad

MAPS RBL

[HugoRune]

Perhaps the people who have been affected by this spam should consider starting the process of complaints to the offending open relay postmaster with a view to getting them listed on the RBL if they don't close it.

Details about reporting available here

Here's how to use it to filter spam.

Sad

[Da+Unicorn]

/me wonders if the power of the /. "effect" is a valid weapon against these lamerz?

Much like the line "Never get out of the boat" from Apocalypse Now. ... "NEVER post your email to a public forum"

After about 5 years of strictly adhereing to this rule, I get little spam. YMMV.

Just my opinion and not that of my company.. Wait we are one and the same...erk.

Da

Service with a smile

[imac.usr]

Wow, I've only been reading /. for a few weeks and already I'm a "dear" member. Not only that, but they're always thinking of me, too. And, according to the link, they're even willing to offer me a free PC. Who says Linux users aren't friendly?

Thank god I already obfuscated my email address.

make msg easier to read!

hemos,
can ya wrap that mail header in tags?? it'd make it -much- easier to read.

Reason for using slashdot.org

[dylan_-]

If you pretend to be Slashdot.org when sending out spam, then it will get reported on Slashdot. They will probably show the entire message. The porn sites you're promoting get slashdotted. Loadsa hits! Everyone is happy (cept Slashdot of course).

dylan_-


--

The wrong people to annoy.

[murrayc]

How stupid is this guy? He just pissed off a bunch of hackers - the people who are most able to do something about it.

Re:The wrong people to annoy.

[iota]

Hackers are less likely do "do something about it" than, say, crackers, which is what you are probably thinking of.

jason

Re:The wrong people to annoy.

[Stephen+Williams]

Hackers are less likely do "do something about it" than, say, crackers, which is what you are probably thinking of.

Ah, but "doing something about it" might mean "use the Received: headers to trace the message, and complain to the ISP". Hackers/geeks/nerds are technically savvy enough to know how to do this. "Average users" may not be. Hence, hackers (in the Slashdot sense of the word) are a bad choice of people to spam.

IIS 4.0?

Maybe they're running IIS 4.0 :D

Re:IIS 4.0?

[larien]

According to Netcraft:

join.at is running Apache/1.3.3 (Unix) on Solaris

Pity...
--

Russia has one great resource

Siberia.

They may be slow to enact laws on this stuff but I am fairly certain their punishments won't be a slap on the wrist like they are in the U.S.

His AllAdvantage account is BWF667...

I just went to the AllAdvantage anti-spam page and saw that they have a list of cancelled accounts in the XXX-### fashion, so i decided to go to http://www.chat.ru/~alexgurry/index.htm and did a lil mouseover on the AllAdvantage banner at the bottom(no i didnt click it =P), which revelated www.alladvantage.com/go.asp?refid=bwf667 so I suggest everyone emails abuse@alladvantage.com explaining the situation, giving the account number, his homepage, and his email address...

Re:Digitally Sign messages (Re: Time to call......

[CBravo]

The idea to sign messages is appealing to me. It's also a very possible idea.

His real email address??

[clehardy]

I don't know if this is forged or not, but here are the internet headers I got from the message:

Received: from copper.he.net (copper.he.net [165.90.189.2])
by rubens.artisan.calpoly.edu (8.8.6 (PHNE_17135)/8.8.6) with ESMTP id VAA22134
for ; Wed, 16 Jun 1999 21:54:51 -0700 (PDT)
Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7]) by copper.he.net (8.8.6/8.8.2) with ESMTP id VAA15759 for ; Wed, 16 Jun 1999 21:54:30 -0700
Message-Id:
Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
(post.office MTA v1.9.3b **** trial license expired ****)
with ESMTP id AAA81 for ;
Thu, 17 Jun 1999 08:52:42 +0400
Received: from ras5.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1458.49)
id MQ9VD2H4; Thu, 17 Jun 1999 08:51:52 +0400
From: "slashdot.org"
To:
Date: Thu, 17 Jun 1999 08:51:43 +0300
Subject: Dear Member of slashdot.org (clehardy@sigkill.com)
Reply-To: support@slashdot.org
Organization: slashdot.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=XX33DD33C9-005D33DDXX
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-UIDL: 209ff6604eda558a4f2dc0884fbd5782


Now, I may be mistaken, but it seems to me that he sent the spam from (at least the spam to me) copper.he.net (or Hurricane Electric).

Re:Moscow's timezone

I beg you pardon, but Moscow is in GMT +3.

Digex is such two-faced jerks

I work with an orginization that is dumb enough to use Digex as T1 provider. The org has several users that request their email addresses with the org be email aliases to an external address. When one of these users recieve spam through their email address they complained to everyone "involved" (receive and traceroute info), Digex forwarded on the complaint to us with the URL to their lease-line/internet-connection use policy and a statement that further occurences would be reviewed for **termination of service**. We immediately blacklisted the site that relayed and the site that orginiated the email. The org also notified Digex of the action taken and requested information on what further action Digex would like to see taken to ensure continued service. Digex never got back.

Well, this piece of email appears to violate the same Digex use policies. Is the internet connection to zamboni.mail.digex.net under review for termination? Have the administrators of zamboni.mail.digex.net at least blacklisted the intra.ru and rssi.ru domains? Does Digex enforce their strict zero-tollerence anti-spam policies on their own hosts the same as they do to their customers? Or does this high and might backbone provider which insists upon *garentees* from their customers also wave enforcement of Digex policies if their own resources infringe?

Re:The Team Warped list should have been spammed t

Not that easy. I have one email used only on d.net and I have not received any spam. I have not used this email anywhere else, so I conclude that at least not all d.net addresses were spammed.

Not in a legal sense.

[Andy+Dodd]

Mangling your email address to hide your real email address is legal. Anonymity is a legal right.

Just as long as you don't mangle your address to president@whitehouse.gov or malda@slashdot.org or the like. Then you're forging someone else's address, and that's illegal.

Feel the power baby...

[macdaddy]

Does anyone else realize just how much power /.'s really have? Not that I'm advocating this, but if we were all to ping flood him, he would die a horrible death. Now remember, I'M NOT ADVOCATING THIS and I DON"T RECOMMEND DOING IT!! But there would sure be a lot of power behind it. Hmmmm.......

No!

[cmc]

That's not the way to do it. Just report them to their ISPs and their accounts will be deleted, most likely. I got a bunch of spam over the past few weeks, and I've reported it to their ISPs. I got one seriously cool response:

The account was cancelled and all fines applied.

That feels better than just 31337 qrax0r1ng h1s bawx with muh l33t r00t sk1lz because you know he's actually been fined a couple hundred dollars (as his ISP's site said).

How to LART this spammer:

[strredwolf]

Right out of the books from SPUTUM and Sam Spade, both good anti-spam sites...

mx.icp.rssi.ru is an OPEN RELAY used by spammers to hide their tracks. Complain to postmaster@rssi.ru about it and send this spam to them, with full headers.

The spammer is hosted via intra.ru. Send mail to abuse@intra.ru and postmaster@intra.ru with the full headers and spam and say "You have a spammer on your system which is compromizing security and profits. Please remove."

Also, visit The Radparker Relay Spam Stopper to block the relay on subscribed systems.

---
Spammed? Click here for free slack on how to fight it!

International Law

[_J_]

This situation sounds like the sort of thing that could never be resolved over borders. The source of the spam is probably too slippery to be nailed. Therefore...

Does that invulnerability work both ways? Could the sender of the mail be spammed just as he has spammed others? I like that: "Spam not unto others lest ye be spammed."

Not that I'm trying to provoke anything, but his account, heck his ISP's server, could be maxxed out fairly easily.

Oh whatever...


J:)