Spamfighting Since the Death of MakeLoveNotSpam? 352
vacuum_tuber asks: "The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd. There was speculation after its demise that Open Source spam-punishing tools would emerge. Other tools such as SpamVampire, LadVampire (punishes fake bank sites), Spam Research Tool and others were mentioned with increasing frequency, but there has been no coherent followup to gauge what people are doing since the death of the Lycos screen saver. What are you doing that you think is effective in punishing spammers or their spam-site sponsors?"
Don't join the mob (Score:4, Interesting)
Cooperation and user persistance has pushed spam already to the fringes of the Internet. Spammers have to just compromissed machines and other criminal methods to spread their messages.
Making them a victim will only make it harder to push them out, and it will take away resources from the actual problem: People buy the crap offered by spam! Spam is no longer free. If people would just stop buying based on spam, the problem would solve itself.
Spamvampire works (Score:5, Interesting)
Two approaches.. ban buying, hit the websites (Score:5, Interesting)
Another method is to hit the spammer's website... consider this perl fragment:
while (1)
{
PeerAddr => 'website',
PeerPort => '80',
Reuse => 1
$sock->autoflush(1);
push @sockArray, $sock;
Naturally, the above code is for educational purposes only and is not intended to be used in anger
What about - (Score:4, Interesting)
Doesnt have to be permanent, just cut it off and request the user run ad-aware/spybot/a decent virus scan and away they go......
-thewldisntenuff
Respond to them (Score:5, Interesting)
Give them info that at least looks real.
If you give them your real phone number, then you can keep them on the phone line for 1/2hour (if you've got a headset), while you play your favorite game.... then tell them you hate spammers.
Even if you don't give them your real time, it forces them to verify the data. People pay for info from those spams because it's mostly good data. from people who want mortages.
If you keep the S/N ratio from spams higher than random cold-calling, then the spam's useless.
For stuff like cheap viagra, it's mostly an attempt to get them to annoy their credit card company. or just wasting their time. If we (slashdot) can each get spammers to waste 10 seconds of their time, that's some number of spammer man-years. If we can each get them to waste 10 seconds a week, they're out of business.
It's using the statistics of spamming against them. They currently get about 1million-1 response ratio with a very high signal-noise ratio. If we can get that up to 1000-1 with a 1-1000 signal-noise ratio, then they'll drown in their own garpage.
Re:I don't punish spam. (Score:2, Interesting)
wget+bash + SPAM = Fun (Score:5, Interesting)
LWP + PERL + SPAM = Fun
Take your pick, for something simple like a website that is hosted on compromised machines, simply loop the address through wget, use the output of ps -aux | grep wget | wc -l to keep the system load down to something reasonable - like 50.
Another fun game is when the spammer/phisher wants some personal information. Use LWP to walk through the order stages or web pages. Then give them the information that they asked for.
Name - Don't you know
Address - don't you wish you knew
City - not yet
State - that one
zip - 12345-678
Special order instructions:
Don't ever e-mail me again, ever, please. I'm begging you. In fact I'll be nice, i'll only send this very same message once for each attempted spam delivery. So far the machine that delivered this message has also made 150,000 connections, to try and deliver messages to users that don't exist.
Add random garbage to through off simply filters. Rinse and repeat until messages stop coming to you
Using the host command, with the name servers that show up in the whois. Walk the dns. It's trivial to repeat until server stops responding. Especially if the server is another zombie.
Tactics usually prove good at stopping sites hosted on compromised broadband connections. These machines generally have upload limits that run out quick. Sites hosted in China or Russia seem to have more bandwidth and can take more of a load. I only know this because I read around. I would never, ever advocate such a thing as returning the spam I receive to the spammer via his web sites order page. Doing what is suggested would probably get you in trouble.
My solution? Baseball bats, but my lawyer has told me that they may be illegal as well.
cluge
snail-mail spam right back at ya! (Score:4, Interesting)
Re:What about - (Score:2, Interesting)
Still, if properly implemented, it's a great idea. Instead of cutting them off, drop any repeated, zombie-looking packets. Anything else, redirect it to a local site hosted by the ISP, for customers only.
It should read something along the line of..
"Our monitoring system has indicated that your computer has been infected with an internet virus, trojan, or worm. To prevent any harm to your privacy, computer, and personal information, we have temporarily disabled your account.
To clear this up as quickly as possible, below we have a wide ranging list of detection programs and simple instructions on how to clean up most problems. If you need further help, please use the form below of contact our support at
Basically, forcing self-help to those that need it. Seems a whole lot better than "call us after you're secure" to me.
Forward the spam to the BSA (Score:3, Interesting)
So I parse the links, removing the filler, isolate the links, then go to BSA's site, and fill out their piracy form. I provide the isolated links, along with the entire email itself including headers, so that they can investigate the spamvertisement themselves.
Then I add a few words of encouragement at the bottom. Three words are generally enough, you can figure out your own slogans as a substitute.
Keeps the BSA busy, their minds on other things, minimizes the amount of trojaned software that clueless users download via spam if BSA actually takes action to close the sites or go after site owners, and lets me kill some time.
I've been thinking of ratting out the criminals selling "pirated" software on Craig's List to the BSA piracy line as well. Maybe I'll make that the next step. It'll keep cheap "pirated" windows software off people's computers, and perhaps give the prospective buyers more incentive to use FOSS/Linux instead. Or at least OpenOffice on Windows, which makes it easier to get them on FOSS/Linux platform later.
The BSA is the greatest thing since sliced bread. Without them, why would most Windows users migrate to Linux? Because its a better platform? Bahhh! They don't even know they're running Windows, let alone why Linux is better or not.
Re:OpenBSD's spamd seems like a good idea (Score:2, Interesting)
All spamd/pf does, for those of you that don't know, is to stall the spam sender by sending replies v-e-r-y s-l-o-w-l-y using a daemon that runs alongside sendmail. The OpenBSD pf packet filter is used to redirect data away from the real SMTP daemon and to spamd. Some people call spamd a tarpit.
Typically we have about 200-300 spammers in our tarpit at a given time, with a mean time of stalling at a few minutes. At the end of the stalling, we send a 550 rather than a 450 -- a 450 temp fail IMHO is irresponsible and causes more problems than any spammer-punishing benefit it might have.
I'm not sure tarpits are punishing anyway. Rather tarpits reduce the effectiveness of the spamming by tying up the senders in the tarpit rather than sending more junk to people.
I assume that spammers are wise to tarpits. We see a large number of disconnects within a few seconds. Of course, lots of folks program a HELO or multi-recipient delay in their MTA. That is a complementary technique that helps tarpits be even more effective. The longer it takes for spammers to tell that they are tarpitted, the less spam they can send.
My payback? SPAMHAMMER 2.0 (Score:5, Interesting)
Eventually, the phishing scams came out. And the mortgage quotes were flowing in. And I got tired of all of them. And I remembered SpamHammer.
So, a LOT of searching of the old file-tree to find it, a little tweaking, and V2.0 was born. This new version supports everything needed to pump tons of crap into any site, POST or GET, cookies or not. I spared no feature - from random emails, random name permutations from the USCB, junk mailing addresses that'll pass a city/state/zip xref, random credit card numbers with proper checkdigits, and even stuff picked from lists (think of med sites). Mortgage quoters want leads? Here, have a million. Just don't bitch when the lenders refuse to pay for those leads. Phishers want accounts and passwords? No problem - with the added benefit of DOSing the target host. Free viagra? Oooo... I get wood just thinking about it... here, have a hundred thousand orders for random crap on your site.
I'm not sure why, but there's something satisfying about getting a "write failure: access denied" after pumping a few million POSTs into a site, consisting of every major field being 32K each. The only thing more satisfying is knowing that certain med-sites simply email the order to an in-box... here, have a big pile of 1Meg emails.
No, a legal solution. (Score:5, Interesting)
Even though spam may be international, the foreign companies can be sued. When you send spam into the USA (or the particular state) you are subject to the laws of the USA. After I sued Global Web promotions [barbieslapp.com], the FTC sued them and siezed their funds. Even though they are in Australia, they are doing business here by sending spam.
Putting "cloaking service" operators in jail (Score:3, Interesting)
From the CAN-SPAM act:
Sec. 1037. Fraud and related activity in connection with electronic mail
`(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly-- ....
(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, ....
"or conspires to do so, shall be punished as provided in subsection (b)."
(2) a fine under this title, imprisonment for not more than 3 years, or both, if-- ...
(B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations;
Note the "or conspires to do so" clause. Knowingly assisting in a criminal offense satisfies the legal definition of conspiracy. [lectlaw.com] "Cloaking services" are in deep trouble if they knowingly provide that service for a spammer. Unlike ISP's, there's no "safe harbor" for them.
As for the "knowingly" part, whenever you find a spam associated with a "cloaked" domain, send a note to the cloaking service, and post that you've done so to some public spam forum that's indexed by search engines. That will put them on record as knowingly cooperating in a criminal conspiracy. The next person who gets a spam from the same party will have that information as legal ammunition.
When you've got that info, report it as Internet fraud. [fraud.org].
Re:Spamvampire works (Score:4, Interesting)
But, I give up. I cannot convince someone who can't see beyond their own nose. Instead, I'll make this perfectly clear. I don't send spam, but if I ever get DDoSed by any of these holier-than-thou anti-spam vigilantes, I will do all I can to see the full force of the law fall upon them. You'd be no better than a script kiddie, and subject to the same punishment as far as I'm concerned.
Vigilante justice soils the good name of the anti-spam groups out there that are working hard to help the world control the spam problem. Attacking spammers with DDoS only changes them from being a criminal into being a victim, and we do not want that.
Spam Traps. (Score:3, Interesting)
Using scripting, I've made myself a nice little spam trap.
If you test mail.qualico.ca, you'll see its an OPEN RELAY!
BUT, if you try to use it...your email will be dissected and automatic abuse notifications sent to the upstream ISP of the target site, the injecting IP's ISP and any other IP listed in the email.
Further, reports are sent to all the major blackhole listing sites.
Very effective at shutting down sites because the instant reporting reduces the time spammers rely on between site switching.
I've been responsible for taking down a lot of sites and will continue to fight spam with every tool at my disposal.
Now if I could only extend this functionality to Malware and Adware sites.
Re:Respond to them (Score:3, Interesting)
Yea, it takes time to be a pain in the neck, but it feels so good. Am I an addict? Nah, compulsive, vengefull, and @n as$-h0l3 maybe...
8^>
SandTrap is my tool (Score:2, Interesting)