Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Abused by spammers once too often

By johnmeacham in News
Tue Jun 06, 2000 at 10:09:58 AM EST
Tags: Internet (all tags)
Internet

Here is a page set up by a person who had one spammer too many. a spammer was repeatedly forging his domain name in the return email addresses so he took matters into his own hands. This was certainly a good way to make an example out of one case of relentless spammers but is this the way to deal with people who abuse the net in general?


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Here
o Also by johnmeacham


Display: Sort:
Abused by spammers once too often | 32 comments (32 topical, editorial, 0 hidden)
This story sounds a good B rate por... (none / 0) (#16)
by airfabio on Tue Jun 06, 2000 at 01:42:04 AM EST

airfabio voted -1 on this story.

This story sounds a good B rate porno movie script.

Hrm. Unsubstantiated, and frankly, ... (none / 0) (#1)
by rusty on Tue Jun 06, 2000 at 01:44:08 AM EST

rusty voted 0 on this story.

Hrm. Unsubstantiated, and frankly, pretty damn harsh. I don't think that cracking and public humiliation is the way to solve problems. That just puts you at their level.

____
Not the real rusty

Re: Hrm. Unsubstantiated, and frankly, ... (5.00 / 1) (#25)
by Alhazred on Tue Jun 06, 2000 at 05:04:08 PM EST

Tell you what Rusty. Try running a small ISP type business for a while....

You may well change your mind!

I've accounted for the arrest of several hackers myself, and nuked 2 or 3 spam operators (though I never went to the lengths this guy does). Strangely enough, nobody bothers my network anymore. Plus I got a neato collection of death threats that my answering machine taped, hehe. Maybe I should digitize it and put them up for people to laugh at. ;o)

Trust me though, people like these are real bad news. They're total parasites. If they used their industriousness to actually BUILD something, or at least did something for their "customers" I would maybe have some slight respect for them, but no way. They touch one of my machines, they get their asses kicked, HARD.
That is not dead which may eternal lie And with strange aeons death itself may die.
[ Parent ]
Re: Hrm. Unsubstantiated, and frankly, ... (4.00 / 1) (#26)
by rusty on Tue Jun 06, 2000 at 05:53:39 PM EST

Fair enough. I'd love to hear your tapes. :-)

____
Not the real rusty
[ Parent ]
This is freaky. There's gotta be a... (none / 0) (#8)
by magney on Tue Jun 06, 2000 at 02:10:23 AM EST

magney voted 1 on this story.

This is freaky. There's gotta be a better way to deal with spammers than this. It's definitely pretty close to the line between white-hat and black-hat, and in fact I personally think it's on the black-hat side.

Do I look like I speak for my employer?

Spammers have forged the thock.com ... (3.00 / 1) (#3)
by Inoshiro on Tue Jun 06, 2000 at 02:14:01 AM EST

Inoshiro voted 1 on this story.

Spammers have forged the thock.com domain name in the return headers of spam sent out before. I have attempted to get the spammer's name and contact information from the ISPs of the offender before, but they always refuse to give it without a court order (hard to do as I'm in a different country).

While I wish this person had turned these people over to the authorities, I know that they would not have been given the theft of service and libel charges they deserved, not would they likely be properly placed in jail. Until we have laws which deal with such criminals, vigilanties are the only solution which brings results.



--
[ イノシロ ]
More writeup helpful.... (none / 0) (#11)
by DemiGodez on Tue Jun 06, 2000 at 02:35:37 AM EST

DemiGodez voted -1 on this story.

More writeup helpful.

Maybe if you explained what was don... (none / 0) (#15)
by abe1x on Tue Jun 06, 2000 at 03:07:11 AM EST

abe1x voted -1 on this story.

Maybe if you explained what was done, or it was evident on the front page of the link.

Not a smart way to deal with spam, ... (none / 0) (#7)
by inspire on Tue Jun 06, 2000 at 03:58:57 AM EST

inspire voted 1 on this story.

Not a smart way to deal with spam, but great reading nonetheless.
--
What is the helix?

Interesting, but isn't this vigilan... (none / 0) (#13)
by martin on Tue Jun 06, 2000 at 04:31:27 AM EST

martin voted 1 on this story.

Interesting, but isn't this vigilantyism? But then I guess the law enforcements agencies aren't up to speed on dealing with this stuff so its a very gray area.

Re: Interesting, but isn't this vigilan... (none / 0) (#23)
by Digambaranath on Tue Jun 06, 2000 at 01:28:18 PM EST

Nothing wrong with a bit of vigilantism, so long as you apply the same ethical standards as you would to any other behaviour, and don't just say "Well, they done gone done me wrong, so I can do what I like." Personally, I think the author's actions smack of this reasoning a little (assuming he did what he claims to have done, which I, lkike others here, have my doubts about). Sure, if you're spammed, hack into the spammer's machine and do whatever is necessary to stop them spamming, but publishing freckles on bottoms and breast sizes???

[ Parent ]
An interesting read that is very to... (none / 0) (#14)
by psy on Tue Jun 06, 2000 at 05:23:57 AM EST

psy voted 1 on this story.

An interesting read that is very topical considering the question of the moment seems to be "is it OK to hack back?"

Yep.... (none / 0) (#5)
by Pelorat on Tue Jun 06, 2000 at 07:23:10 AM EST

Pelorat voted 1 on this story.

Yep.

Gyahh!!! MLP!!! Write something abo... (none / 0) (#10)
by Decklin Foster on Tue Jun 06, 2000 at 07:27:33 AM EST

Decklin Foster voted -1 on this story.

Gyahh!!! MLP!!! Write something about the page dammit!!!

It's always nice to hear stuff from... (none / 0) (#12)
by WWWWolf on Tue Jun 06, 2000 at 07:33:06 AM EST

WWWWolf voted 1 on this story.

It's always nice to hear stuff from the Front, and this was obviously a good War Story!

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


Look, I *probably* don't approve th... (none / 0) (#9)
by goonie on Tue Jun 06, 2000 at 08:03:29 AM EST

goonie voted 1 on this story.

Look, I *probably* don't approve the cracker's actions (though I have a great deal of sympathy for them), but then again, I'm not going to say that doing this sort of thing is *always* wrong. On rare occasions, I've reluctantly concluded that the just ends sometimes justify rather unpleasant means. But how does one draw the line?

So so - looks promising to start, b... (none / 0) (#17)
by Digambaranath on Tue Jun 06, 2000 at 08:38:46 AM EST

Digambaranath voted 0 on this story.

So so - looks promising to start, but turns out to be another of those spam revenge stories. If the guy had given us a bit more stuff on how he hacked into the spammers' system, it might have been more fun ;-) Oh yeah, and the HTML sucks....

This is definately the kind of work... (none / 0) (#4)
by HomeySmurf on Tue Jun 06, 2000 at 08:39:14 AM EST

HomeySmurf voted 1 on this story.

This is definately the kind of work crackers should be doing. They should be hacking into lamers and spammers computers and causing them problems.
"Politics is for the moment, an equation lasts eternity." -A. Einstein

This is a fun story, but the action... (4.00 / 4) (#2)
by bmetzler on Tue Jun 06, 2000 at 09:04:13 AM EST

bmetzler voted -1 on this story.

This is a fun story, but the actions that the administrator took are kind of bogus. He got full remote access to the Windows clients? How'd he do that? Did the clients just happen to be running BO? Also, stealing data, even stolen data, or data used against you probably isn't the best idea.
www.bmetzler.org - it's not just a personal weblog, it's so much more.

Re: This is a fun story, but the action... (none / 0) (#24)
by porkchop_d_clown on Tue Jun 06, 2000 at 01:33:15 PM EST

That was my first question. How did he get that kind of access to windows machines?

*but* if you read carefully, you note that he never had "shell" access - he simply managed to get read/write access to the hard drives - I'm fairly certain this can be done through good ol' file-and-print-sharing.

People who think "clown" is an insult have never met any.
[ Parent ]
Re: This is a fun story, but the action... (5.00 / 1) (#30)
by Anonymous Hero on Wed Jun 07, 2000 at 06:35:03 AM EST

I'm fairly certain this can be done through good ol' file-and-print-sharing.

From memory, If you have a Windows machine handy, you can just connect to any unprotected shares using the 'net' command.

Even if it only allows to have read access of their C: drive, that means that you can grab a copy of their Windows password file ( c:\windows\*.pwl ) for processing by either 'l0pht crack' or 'Cracker Jack'. After that, your in with read/write permission.

This is one of the reasons why people scream about sharing under Windows - it opens too many possibilities for external intrusion.

Unfortunatly, once people start using it, they find it hard to stop and it's very common on Windows LAN's. Because of that, if one machine is compromised many of the rest in the network quickly follow.

You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.



[ Parent ]

Re: This is a fun story, but the action... (none / 0) (#29)
by Anonymous Hero on Wed Jun 07, 2000 at 02:29:31 AM EST

If they were running Windows boxes with known security holes (which isn't much of a stretch) it'd be pretty easy to do something like copy backoriface to the system and have it run on startup. Once that happened, everything else is trivial and it's worth remembering that you probably only need to do this on one box to get account/password info for the others.

[ Parent ]
There's plenty of other sites like ... (none / 0) (#6)
by fluffy grue on Tue Jun 06, 2000 at 10:04:07 AM EST

fluffy grue voted 1 on this story.

There's plenty of other sites like this as well. You can also run wpoison to fubar (and log) their harvesters (and it's easy to hack in other extensions, such as using real email addresses of known spammers or people you hate). There's also setting up spamtrap email addresses which immediately forward everything they receive to various spam-reporting agencies, and then you can get just plain EVIL too.
--
"Is not a quine" is not a quine.
I have a master's degree in science!

[ Hug Your Trikuare ]

Is this legit? Lets look at the evidence (3.00 / 3) (#18)
by squigly on Tue Jun 06, 2000 at 10:36:00 AM EST

Okay, as was pointed out in an earlier response, getting a screenshot isn't easy. However it is possible since BackOriface is capable of being installed remotely.

He claims to have downloaded over 100 Megs of data from them. He also claimed that they used dialup for admin. A lot of data to download, from dialup clients, but not imposible. It is also possible that the bulk of the data was on the server.

The photos were of an actual person. If it is all faked, then the antispammer certainly went to a lot of work. This suggests that the antispammer certainly had a problem with this person.

There is no actual concrete data. He doesn't say who he is or where he lives. He also doesn't give any dates. Getting his IP address wouldn't be to hard by cross referencing spam with his examples (I've got a hotmail account full of the stuff if you want), but too much effort for most people. Clarification is impossible. email address link goes to root@127.0.0.1

--
People who sig other people have nothing intelligent to say for themselves - anonimouse
Legal ways to do same (2.50 / 2) (#19)
by Denor on Tue Jun 06, 2000 at 11:24:44 AM EST

  I posted this to slashdot, but it seems relevant here, too. I saw a story in the NY Times today about a someone nabbing a spammer for forgery - the person forged the return headers, of course. I think it's a novel idea, and hopefully they'll nail the guy.
  As to what this person did in retailation - hacking into the spammer's computers, I'd say it pales in comparison to the spammers hacking into mailservers (via open SMTP relays which companies *cough*PSINet*cough* are too incompetant to close) and wasting their bandwidth and everyone else's.

-Denor


I for one think it was a great idea. (none / 0) (#20)
by mrbob on Tue Jun 06, 2000 at 12:52:05 PM EST

I guess I must be the only person who agrees 100% with the person for getting back at this/these spammer(s). I don't feel the government should have such control over the internet and that it should remain the "untamed" land that it is. With the internet being as diverse a place as it is, the only "police" there should be are those hackers/crackers kicking someones ass. I guess I'm a passificst in that I'd not screw with anyone unless they screwed with me. What have I got against any of the other billion netizens. I don't care what they do online and they shouldn't care what I do, UNLESS THEY DO SOMETHING THAT AFFECTS ME (or vice-versa). When that occurs, it should be no-hold-barred. Kick till they puke, while there down, to the death. It would teach people a little respect. Lawsuits and court-orders can't do that. well, thats my feeling anyway ;-) Take it or leave it.

bob

The Major Backbones *SUPPORT* These People (4.00 / 1) (#21)
by Anonymous Hero on Tue Jun 06, 2000 at 01:10:12 PM EST

If you read the ICQ logs, you'll have seen a few mentions of some backbone providers who are supporting these people -- "we can keep you up for six months before you're busted" sort of thing.

It may be that someone is being paid under-the-table to give access, against company policy.

Either way, it stinks.

best way to deal with spam is don't recieve it (4.50 / 2) (#22)
by Anonymous Hero on Tue Jun 06, 2000 at 01:17:36 PM EST

The best way to deal with spam is to not recieve it in the first place.

After many years of figthing spam from trying to hide my email address to complex filtering rules I finally have my mailbox about 99.9% spam free.

To do it I had to create 3 accounts each with a different service. The first was with bigfoot and email forwarding service. here I created my email address that I give out to everybody.

Next I opened an account with hotmail simply to collect junk email in. The main thing about this one is that the user name is totally different than the other two accounts

The final account is my normal isp's email account that I keep private at all times.

Going back to Bigfoot I setup my default forwarding address to the hotmail junk collecting address. Then in the members tools area I setup a filter to watch the To: field an redirect any email that contains my normal user name to forward to my real email address (since my bigfoot email address is blkwolf@bigfoot.com I have the To filter look for the work blkwolf).

This simply takes advantage of the fact that 99% of spam email (at least that I've recieved) does not use a persons email address in the To: field. Instead just leaving it blank or putting somthing fake in there. Anything that is actually sent to my real email address name gets to me without any problem. All other email is directed to the junk mail account where once a month or so I can log in and hit the global select all button and delete everything in one shot without ever having to read or download any of it to my pop email client.


This is fiction (none / 0) (#27)
by noek on Tue Jun 06, 2000 at 08:13:19 PM EST

This is fiction according to me. The man writing this story doesn't even give his fake email. What I also miss is how he got access to those systems. People aware of the fact that they do illigal things usually guard themselves. It would have been interesting if he had revealed a bit more, like the names of the tools he used.

My favorite part... (5.00 / 1) (#28)
by mattm on Tue Jun 06, 2000 at 10:48:02 PM EST

My favorite part is the (non)explanation of how URL's in the spam posts were 'encoded'. Of course, anyone here can figure it out with just a moment's thought, and if 'Rodona' (five'll get you ten that's a false name -- people who do work that tends to draw irate responses have a habit of using feminine pseudonyms to sucker [mostly male, sigh] complainants into acting more polite and chivalrous) really "paid $500" for software to carry out the encoding, then he/she/it is no different from most other spammers: lukewarm-IQ dullards targeting other lukewarm-IQ dullards.

No different from most HAX0RZ and script brats, either, come to think of it...



Re: My favorite part... (none / 0) (#31)
by WWWWolf on Wed Jun 07, 2000 at 06:58:38 AM EST

Some people were selling the "encryption" ("extremely complex proprietary mathematical formula" IIRC) for spammers and the reasoning was that those %&#@ idiot anti-spammers (who, according to them of course, had too much time in their hands) couldn't decrypt those.

Sounds tough, eh? Not to me...

Also note that schemes like that don't really work. Especially if you use virtual domains and crap like that. The RFCs, AFAIK, don't even require the support for decimal IPs anyway.

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


[ Parent ]
I want to believe! (none / 0) (#32)
by adamant on Fri Jun 09, 2000 at 01:58:51 AM EST

It's funny Mulder, there's part of me that really wants to believe!

-adam

Abused by spammers once too often | 32 comments (32 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!