Just set up spampot.py, a similar program written in Python. Details, if anyone's interested, are here. Still waiting for a hit, but it's only been up since Saturday; firewall logs show I get probed about once a week.
Ah, Formmail.pl, the spammer's friend. Used to work at a small ISP where, sadly, we had copies of Matt's formmail around that would get exploited periodically. Trying to figure out which website was being hit, on a server w/maybe 100 websites and very few of them being logged (that was an extra the customer had to pay for), was nigh-impossible until I was given the root password and tried ngrep. Then I'd replace it with the NMS formmail, which I can recommend w/o hesitation. --Well, almost no hesitation...it's been a while. But it was great: drop it in and everything would work except the spamming.
I've written before about writing a fake formmail. Right now I've got my web server set up so that all requests for formmail (m/formmail/i) get directed to the script; as you can see, I still get hit about once or twice a week. I'd really like to figure out how to tarpit them, but I'm not sure I can do that on a running webserver.
Like you said, the problem is that once the mail is delivered, the connection is closed, and the spammer is off the hook. There's two ways you can get around this.
One is to set up a Teergrube/Tarpit (it's easy using the Linux ipchains TARPIT target) on a machine that shouldn't receive any mail by SMTP. You can tarpit everything, and nothing will get lost. (I think this is something everyone should do; it'd be neat if this sort of functionality was built into those little Linksys/Dlink firewall boxes...)
The other possibility is to set up your mail server so that, as soon as the client connects to your SMTP server spam filtering begins, and as soon as a message is determined to be spam -- ie, when the client is still connected -- you start tarpitting. By contrast, a lot of spam filtering happens after the message has been accepted and the connection closed.
TarProxy is meant to do just that. Here's an excellent article on how it works. The project page says it's in the middle of a big redesign, so I'm waiting for that; once something comes out, though, I'll definitely be trying it out.
Good article, but there was one mistake: "Linus Torvalds took a freely available, stripped-down version of UNIX software and modified it for a PC."
The stripped-down version he referes to is Minix, a version of Unix written for teaching purposes. It was Minix' limitations, and the author's refusal to accept patches removing those limitations, that led to the creation of Linux. Linux had no Minix code in it.
What? Nice troll. Point out the word "taxing" in my post. I'll wait.
Okay, my fault for feeding the trolls, but:
When I talk about "attacking the economics of spam," what I mean is making it unprofitable to be a spammer. I think there are lots of ways to do this; taxing, while one way, is a particularly stupid and noxious method.
Here are things I think will work to varying degrees:
It's absolutely insane. They won't stop 'til they've destroyed email.
It's melodramatic, but: spammers really have declared war on email, and the Internet and its users as a whole. They're fucking with email, they're fucking with DNS, they're sending out viruses to infect users and spread more filth, and they're trapped in this huge positive feedback loop that I'm desperately afraid won't end. They pump out millions of emails which get ignored so they pump out more which gets them blocked so they pump out more to get around that and they start attacking their opponents and now the volume of spam is so high they need to pump out even more just to get any sort of return...
Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.
If anyone's still reading this, try Ansel + patches I've made to it. Email me or leave a comment to get the patches...keep meaning to put 'em up somewhere.
How many copies of the goatse guy d'you think are in there?
Filmmaker David Cronenberg Arrested In Space
on
ISS Fender Bender
·
· Score: 5, Funny
INTERNATIONAL SPACE STATION -- Canadian filmmaker David Cronenberg was arrested today over 700 miles above the Earth's surface when he was found filming scenes for a sequel to his controversial film, Crash, a movie about sexual attraction to car crashes.
Cronenberg, who had not obtained permission to film from the American or Russian space agencies, was found outside the International Space Station by astronauts after they were awoken by what sounded like "a car being crashed". Upon investigation, the astronauts found Cronenberg discussing the result of a take with actor Elias Koteas and giving direction for the next.
"I can't believe he did this," said cosmonaut Alexander Kaleri from the space station. "This is not a movie studio."
The arrest comes only six months after Cronenberg announced that he was entering the X-Prize Contest, which promises an award of $10,000,000 US to the first privately-owned reusable spacecraft. Outside of a few die-hard fans of the director's work, no one had taken Cronenberg's entrace seriously.
"This really fucks things up for me," said John Carmack, the odds-on favourite in the contest. "If he posts bail and gets back up in space, then he wins the prize. I never knew he was this far ahead."
Cronenberg is being held in a washroom on the International Space Station pending a routine Soyuz supply flight. Sources at NASA say that it's possible he could be formally booked and bail set within as little as six days, giving him plenty of time to fulfill the X-Prize conditions.
Open-source programmer Richard Stallman could not be reached for comment, but sources close to the computing guru said he had been collaborating with Cronenberg for some time. "He was one of the paramedics in the first Crash," said a friend. "I think Cronenberg's making him a meteorite or something in this one."
Something I'm considering is setting up a Wiki for the in-laws; I figure the easy formatting and linking will be a godsend, and there's got to be a way to limit editing to just them, right? (Oh god -- awful random thought -- what happens when spammers find wikis? Jesus...)
That said, my father-in-law may be technically inclined enough to be interested in pico + HTML for Dummies. Know your audience, I guess.
I agree, it looks absolutely amazing. IF they a) release Solaris 10 free for home use and b) include Dtrace in it, I'm definitely setting up a box w/that. Jesus, I'd give my right arm to have someone port that to Linux/FreeBSD and GPL it...
UTAH - Today, the civil war within The SCO Group Inc (SCOX) became unusually public with the rapid-fire serving of hundreds of subpoenas.
The action -- and responses to it from SCO spokesman Blake Stowell -- serve to highlight the increasingly turbulent within its fortified compound for control of the company and its allegedly-valuable and -infringed intellectual property.
Stowell, spokesman for the company, was unable to explain the latest round of subpoenas in the company's lawsuit against IBM for copyright infringment. When asked what the purpose was, he replied that he had no idea, but"I know that some of them have been served."
For veteran SCO watchers, this is a sign that the previously-untouchable spokesman may be on the outs.
"Why wouldn't the spokesman know what was going on?" asked one CIA analyst. "It's his job. But it's little clues like this that give us a suprisingly good idea of what's going on in Utah."
A source within SCO, speaking on condition of anonymity, confirmed this view of events.
"Darl [McBride, CEO of SCO] just went crazy the other day when [Stowell] asked what the next step was," he said.
"He started asking all sorts of questions about whose side [Stowell] was on, was he wearing a wire, who else felt like this, this sort of thing. He even pulled out his laptop and started Googling for Stowell's name on LKML [a mailing list for Linux kernel developers]. Now we're not allowed to talk to Blake at all."
"It's a shame, because Blake was one of the moderates," the source continued. "A while back Darl started talking about putting Richard Stallman's head on a pike outside the compound. Said it was the least he deserved. Blake talked him down from that before anything could happen. Now there's very few left to do that."
However, McBride's hold over the company is anything but absolute, and the future of his leadership is still in question. "There's still a significant group within SCO that are trying to find the combination for the safe where he keeps his shares," said the CIA analyst. "That's why he hasn't left the compound in over six weeks."
Richard Stallman, founder of the Free Software Foundation, was unavailable for comment. Sources close to the computer guru said he had gone underground. "He saw some guy hanging around the office that he thought was a bounty hunter. That was enough for Richard."
Juliette Artru's homepage has further information on her research. Particularly interesting is the application of this technique to tsunamis: "This observation opens exciting perspectives for the study of tsunamis, not only for early warning purposes but also to characterize their propagation in the ocean."
A paper of hers from 2001 presents information on the Mount Pinatubo eruption. An abstract of the paper discussed in the ABC story is also available.
The ISP I used
to work at did this. They made a deal with a
company called Adzila (one L, as I recall) that
routed dialup traffic through a caching proxy web
server. Stuff like Google's page would have a
Dowco (or someone else's) ad at the bottom of it,
or one of (say) the New York Times' ads
would have one of ours susbstituted.
I was pretty unhappy with this, but was unable to
convince my bosses that this was evil or risky.
The company had apparently convinced them that
they had checked it out with their laywers, and
because they weren't changing the site's HTML --
they were putting outside Google's
final </html> -- they were safe. (Never
got an answer about substituting ads.).
I don't work there anymore, but last I heard it's
still going on, and there's a few ISPs, at
least in Vancouver, that are doing this.
Scary.
Slashdot Mirror
you insensitive clod! :-)
Just set up spampot.py, a similar program written in Python. Details, if anyone's interested, are here. Still waiting for a hit, but it's only been up since Saturday; firewall logs show I get probed about once a week.
I've written before about writing a fake formmail. Right now I've got my web server set up so that all requests for formmail (m/formmail/i) get directed to the script; as you can see, I still get hit about once or twice a week. I'd really like to figure out how to tarpit them, but I'm not sure I can do that on a running webserver.
One is to set up a Teergrube/Tarpit (it's easy using the Linux ipchains TARPIT target) on a machine that shouldn't receive any mail by SMTP. You can tarpit everything, and nothing will get lost. (I think this is something everyone should do; it'd be neat if this sort of functionality was built into those little Linksys/Dlink firewall boxes...)
The other possibility is to set up your mail server so that, as soon as the client connects to your SMTP server spam filtering begins, and as soon as a message is determined to be spam -- ie, when the client is still connected -- you start tarpitting. By contrast, a lot of spam filtering happens after the message has been accepted and the connection closed.
TarProxy is meant to do just that. Here's an excellent article on how it works. The project page says it's in the middle of a big redesign, so I'm waiting for that; once something comes out, though, I'll definitely be trying it out.
He just replied, saying mine was not the first correction he received, and he has asked his editor to run a correction ASAP.
Clarification: That's the article in the Christian Science Monitor.
The stripped-down version he referes to is Minix, a version of Unix written for teaching purposes. It was Minix' limitations, and the author's refusal to accept patches removing those limitations, that led to the creation of Linux. Linux had no Minix code in it.
If you don't have an answer to the question, just say so.
Why do you think I meant taxing? Where did I mention that word? What dictionary defined "changing the economics of spam" as "taxing email"?
Okay, my fault for feeding the trolls, but:
When I talk about "attacking the economics of spam," what I mean is making it unprofitable to be a spammer. I think there are lots of ways to do this; taxing, while one way, is a particularly stupid and noxious method.
Here are things I think will work to varying degrees:
- Blacklists
- Spidering spammer websites
- Legal action (sadly, no URL...)
I think the best idea is spidering websites. What if spamming meant inviting a massive DOS on your website?It's absolutely insane. They won't stop 'til they've destroyed email.
It's melodramatic, but: spammers really have declared war on email, and the Internet and its users as a whole. They're fucking with email, they're fucking with DNS, they're sending out viruses to infect users and spread more filth, and they're trapped in this huge positive feedback loop that I'm desperately afraid won't end. They pump out millions of emails which get ignored so they pump out more which gets them blocked so they pump out more to get around that and they start attacking their opponents and now the volume of spam is so high they need to pump out even more just to get any sort of return...
Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.
But really, what I want is revenge.
If anyone's still reading this, try Ansel + patches I've made to it. Email me or leave a comment to get the patches...keep meaning to put 'em up somewhere.
How many copies of the goatse guy d'you think are in there?
Cronenberg, who had not obtained permission to film from the American or Russian space agencies, was found outside the International Space Station by astronauts after they were awoken by what sounded like "a car being crashed". Upon investigation, the astronauts found Cronenberg discussing the result of a take with actor Elias Koteas and giving direction for the next.
"I can't believe he did this," said cosmonaut Alexander Kaleri from the space station. "This is not a movie studio."
The arrest comes only six months after Cronenberg announced that he was entering the X-Prize Contest, which promises an award of $10,000,000 US to the first privately-owned reusable spacecraft. Outside of a few die-hard fans of the director's work, no one had taken Cronenberg's entrace seriously.
"This really fucks things up for me," said John Carmack, the odds-on favourite in the contest. "If he posts bail and gets back up in space, then he wins the prize. I never knew he was this far ahead."
Cronenberg is being held in a washroom on the International Space Station pending a routine Soyuz supply flight. Sources at NASA say that it's possible he could be formally booked and bail set within as little as six days, giving him plenty of time to fulfill the X-Prize conditions.
Open-source programmer Richard Stallman could not be reached for comment, but sources close to the computing guru said he had been collaborating with Cronenberg for some time. "He was one of the paramedics in the first Crash," said a friend. "I think Cronenberg's making him a meteorite or something in this one."
Very nice. Thanks for the link!
That said, my father-in-law may be technically inclined enough to be interested in pico + HTML for Dummies. Know your audience, I guess.
I agree, it looks absolutely amazing. IF they a) release Solaris 10 free for home use and b) include Dtrace in it, I'm definitely setting up a box w/that. Jesus, I'd give my right arm to have someone port that to Linux/FreeBSD and GPL it...
[puts on tin foil cap]
Thanks for the author, but I ended up not checking for responses last night...stepped away from the computer (gasp!) to watch a movie with my wife.
http://saintaardvarkthecarpeted.com/drop
Oh man, good thing I wasn't drinking anything when I read your comment, or I would've had to buy a new monitor...
Now I'll never be able to unload www.luxury-moon-ice-cubes.com.
Stowell, spokesman for the company, was unable to explain the latest round of subpoenas in the company's lawsuit against IBM for copyright infringment. When asked what the purpose was, he replied that he had no idea, but"I know that some of them have been served."
For veteran SCO watchers, this is a sign that the previously-untouchable spokesman may be on the outs.
"Why wouldn't the spokesman know what was going on?" asked one CIA analyst. "It's his job. But it's little clues like this that give us a suprisingly good idea of what's going on in Utah."
A source within SCO, speaking on condition of anonymity, confirmed this view of events.
"Darl [McBride, CEO of SCO] just went crazy the other day when [Stowell] asked what the next step was," he said. "He started asking all sorts of questions about whose side [Stowell] was on, was he wearing a wire, who else felt like this, this sort of thing. He even pulled out his laptop and started Googling for Stowell's name on LKML [a mailing list for Linux kernel developers]. Now we're not allowed to talk to Blake at all."
"It's a shame, because Blake was one of the moderates," the source continued. "A while back Darl started talking about putting Richard Stallman's head on a pike outside the compound. Said it was the least he deserved. Blake talked him down from that before anything could happen. Now there's very few left to do that."
However, McBride's hold over the company is anything but absolute, and the future of his leadership is still in question. "There's still a significant group within SCO that are trying to find the combination for the safe where he keeps his shares," said the CIA analyst. "That's why he hasn't left the compound in over six weeks."
Richard Stallman, founder of the Free Software Foundation, was unavailable for comment. Sources close to the computer guru said he had gone underground. "He saw some guy hanging around the office that he thought was a bounty hunter. That was enough for Richard."
A paper of hers from 2001 presents information on the Mount Pinatubo eruption. An abstract of the paper discussed in the ABC story is also available.
I was pretty unhappy with this, but was unable to convince my bosses that this was evil or risky. The company had apparently convinced them that they had checked it out with their laywers, and because they weren't changing the site's HTML -- they were putting outside Google's final </html> -- they were safe. (Never got an answer about substituting ads.).
I don't work there anymore, but last I heard it's still going on, and there's a few ISPs, at least in Vancouver, that are doing this. Scary.