Forgot your password?
typodupeerror
Censorship Government The Courts Your Rights Online News

When Good Spammers Go Bad 305

Posted by Hemos
from the whip-lash-from-spammers dept.
pfleming writes "According to this blog article on BadTux by Eric Green, the constant harrassment of spammers has a price. You get a Cease and Desist letter- or more correctly, your ISP gets a C/D letter. But, if you're a hard core geek you just might get your site more notice as it gets mirrored out onto sympathetic hosts. Also mirrored in other locations."
This discussion has been archived. No new comments can be posted.

When Good Spammers Go Bad

Comments Filter:
  • by Yarn (75) on Monday July 21, 2003 @08:53AM (#6489772) Homepage
    How much is the hourly cap? I have mirrored it, although the formatting of the rant is pretty dire
    http://blue.doosh.net/~yarn/elgreen.html.gz [doosh.net][4k]
  • by vandan (151516) on Monday July 21, 2003 @08:59AM (#6489813) Homepage
    I've got a file with ip addresses of spammers who've pissed me off enough to blacklist them. It's available at http://enthalpy.homelinux.org/spammers.txt [homelinux.org].

    I use the following script:

    for I in `cat /etc/firewall/spammers.txt`
    do
    echo Blacklisting Spammer: $I/23
    iptables -A INPUT -s $I/23 -j REJECT
    done

    to blacklist them.

    I personally guanantee that all the addresses in this list have spammed me. If you don't believe / trust me, fine - don't use it. I use it on a production server and have never had any complaints...

    By the way, the /23 in the iptables might be too 'clumsy' for some. You can use /24 which blocks a smaller group of computers around the ip address in the list. /23 works fine for us.

    The list is 98% asian dsl accounts.

    Also, for an alternative solution, try this:

    smbclient -L $IP_ADDRESS

    where $IP_ADDRESS is the address of the computer that spammed you.

    If you're in luck, you'll find yourself connecting to a Windows computer. It'll ask you for a password. Hit enter. If you're still in luck, it will list the available shares, and a list of server names. Pick a server name. If there are more than one, try each one ;)

    Now, download and compile 'smbdie'. Search for it on google. Run:

    smbdie -i $IP_ADDRESS -p 139 -t $SERVER_NAME

    where $SERVER_NAME is the server name you just picked from smbclient's output ( above ). If you are still in luck, you will have rebooted the spammer's computer ( it blue-screens ), and maybe even caused some data loss.

    Really don't like them? Add the smbdie command to a cron job. I've found most spammers have fixed ip addresses, and they become available to reboot again withing approximately 2-3 minutes.

    Enjoy!
  • Re:It was going ok. (Score:5, Informative)

    by interiot (50685) on Monday July 21, 2003 @09:05AM (#6489842) Homepage
    That was a bit of hyperbole. I don't think he would have spent time collecting all this info and putting up various mirrors if he didn't want the truth to get out and save people $100.

    Here's most of the paragraph that you quoted from

    • I offered to take down evidence-eliminator-sucks.com for free. All they had to do was take all mention of me off their site. I mean, what do I care about what Windows losers get scammed out of? But no, they had to go off and hire a solicitor to spew out a cart00ney, and now it's too late for that: the site is now hosted on several servers scattered around the Internet, and I couldn't make the site go away now even if I wanted to.
    What he's refering to is this page [evidence-eliminator.com] on evidence eliminator's page that twists the truth a lot about Eric Green.

    Anyway, if he wanted to be more accurate, he probably would have said "I care a great deal about evidence-eliminator removing untruths on their website about me, more than I necessarily care about getting the truth out."

  • by alienw (585907) <alienw.slashdotNO@SPAMgmail.com> on Monday July 21, 2003 @09:09AM (#6489862)
    You do realize that this is illegal and you can be prosecuted?
  • site text (Score:4, Informative)

    by Anonymous Coward on Monday July 21, 2003 @09:14AM (#6489887)
    Mirrored from news.badtux.net
    Eric Green doesn't use Windows very much. A long-time Linux user and advocate since 1995, Windows software interests him about as much as, say, the price of pork bellies on the Chicago futures market. So why is the publisher of a much-spammed Windows software product trying to shut him down? Welcome to the wild and whacky story of the strangest bunch of spammer scammers on the Internet: those whacky folks at Robin Hood Software whose overpriced "Evidence Eliminator" software is spammed on every Internet forum on a regular basis. This is a tale of spammers and spam, and an unlikely spam fighter who has learned that spammers suck even worse than most people think. And in the end, it's the story of how spam fighters around the globe support each other when the spammers decide to go after their critics and detractors. It all started back in June 2000. At the time, I was researching encryption algorithms for use in a new software product. There was this product called 'Evidence Eliminator', produced by a company named 'Robin Hood Software', being hyped on the sci.crypt and alt.privacy newsgroups. Curious, I went to the web site of the publisher of the software. After being subjected to flash animation, popups threatening me with jail if I didn't buy Evidence Eliminator, and no way to contact the makers of the product other than a web form, I decided: "These people aren't credible." And said so. From my work account. Big mistake. I didn't realize I was dealing with spammers. I thought they'd be interested in seeing what an industry veteran thought. But there was no response to my message on the sci.crypt newsgroup. As far as I was concerned, that was the end of it. I went on with his life. But Andy Churchill, one of the principals of Robin Hood Software, wasn't so eager to let go. Imagine my surprise when, in early 2001, I ran a Google search for my name and discovered that I was part of a vast conspiracy by some strange New World Order collection of villains to destroy the makers of "the best security product on the market"! Naturally I wasn't happy. And as someone who isn't shy about expressing his opinion, I expressed it, sending EMAIL to Robin Hood Software demanding that they remove any mention of me from their site. Andy Churchill of Robin Hood Software iadmits to have received that EMAIL, but says, "we deleted it". There was no response from Robin Hood Software. So I did what comes naturally to any Linux geek: I put up a web page. Which Robin Hood Software swiftly (and in violation of my copyright) duplicated on their own web site, with "False." (no explanation) beside each of my points as to why you shouldn't buy their software. And as time went by and, thanks to the readers of my site, I accumulated more and more evidence about Robin Hood Software's activities, including evidence that they were behind the "push ICQ" spamming of their product (an EMAIL to their affiliates urging them to do that kind of spamming), Robin Hood Software's web site became yet more lurid, even to the point of duplicating a copyrighted gag photo (cropping out Agent Binks) on their own web site. These people don't appear to be too stable -- definite candidates for the aluminum foil beanie award. In early 2002 I purchased the domain name 'evidence-eliminator-sucks.com', and did a major overhaul of the web site to try to organize the by-then large amount of information that I'd accumulated about Robin Hood Software and its activities. By that time it was clear that these weren't nice people. Deceptive claims in their advertising, huge amounts of spam originating from their affiliates, ia browser hijack virus that hijacks people's web browsers and redirects them to the Evidence Eliminator home page, and their continued attempts to disparage their critics and competitors on their aptly-named Dis-Information page pretty much are a Major Clue. I also launched the "Evidence Eliminator Sucks Conspiracy" -- both a statement on what I feels is Robin Hood Software's paranoia in their rantings about a "vast conspiracy" out
  • K5 (Score:5, Informative)

    by Malc (1751) on Monday July 21, 2003 @09:20AM (#6489920)
    How funny! I just discovered and read a story on Kuro5hin [kuro5hin.org] about this, written by Mr. Green himself.
  • by reynaert (264437) on Monday July 21, 2003 @09:20AM (#6489922)
    He posted the article to Kuro5hin [kuro5hin.org] too. You can find it here [kuro5hin.org].
  • Re:Open source? (Score:2, Informative)

    by tomstdenis (446163) <tomstdenis@gm a i l .com> on Monday July 21, 2003 @10:07AM (#6490139) Homepage
    I know you're a troll but for the benefit of other people here...

    hdparm is your friend. Make sure you enable udma transfers. E.g.

    hdparm -d1 -X udma6 /dev/hda

    You can do this for your other drives/cdrom/etc.

    For example, without udma I can only burn cd's at around 12x and it uses all of the cpu time. With it on I can burn cd's at 30x and the cpu is virtually 99% free.

    In short, configure your computer properly. Even in older windows you had to enable DMA for DVD roms and such.

    Tom
  • Re:Kind of on topic (Score:3, Informative)

    by YetAnotherDave (159442) on Monday July 21, 2003 @10:17AM (#6490203)
    2 thoughts:

    1) don't let your browser report your real email address (if you're on windows, this may require using a non-IE browser)

    2) Spamassassin is your friend...
  • by Eric Green (627) on Monday July 21, 2003 @10:29AM (#6490296) Homepage
    Yep, I have a fairly low user number here :-). The blog is still down, but I retrieved the story and posted it as a static page at the URL in question. No more Slashdot Effect. I didn't realize that my poor Celeron 800 with a whole 64mb of RAM couldn't keep up with a 512kbit DSL line when serving dynamically-generated pages, but it's having no problems handling the load with a simple static page.
  • by Eric Green (627) on Monday July 21, 2003 @10:46AM (#6490411) Homepage
    Well, it wasn't as if I was planning for my *blog* to get slashdotted. But once I realized what was happening (i.e., why my web server's hard drive light was on solid!), it wasn't a big deal. After all, I already knew that GeekCode was slow as a slug, the only reason I used it was because it was the easiest of the PHP-based weblogs for me to modify, and my blog has never gotten more than a few thousand hits a day so the speed didn't matter. But if everybody's coming there for one article... (shrug) serve it to them statically. My web server (which is running FreeBSD, BTW, not Linux) is now quite happy.
  • by Anonymous Coward on Monday July 21, 2003 @11:25AM (#6490678)
    I joined one of these free "membership" web sites - with a sexual theme (alright, so it was "gayfisters.com") - and started getting spam from the site about evidence eliminator.

    When I posted in their "discussion board" that this had occurred and pointed out the "Evidence-eliminator-sucks" web page, I was promptly tossed off the system - with no warning or explanation. Even better, I'm still getting the spam email from the web site.

  • Their product (Score:5, Informative)

    by Eric Green (627) on Monday July 21, 2003 @12:37PM (#6491261) Homepage
    I've seen their product reviewed by someone in the security community who I respect. He reports that it's a bit slow and bloated (being Visual BASIC), but does appear to erase files (doh! Like you said, it don't take a genuis!). The only real complaint he had was that the user interface was somewhat non-intuitive -- it was easy to set up the program so it'd erase critical system files and make your system unbootable, for example.

    As for their ethics, yes, their ethics suck. Their advertising says you'll go to jail if you don't use their product, they have popup scare ads that display your hard drive (if you're using Windows) and says that they're looking at your hard drive and you better buy their software or all those porn gifs will get you thrown in jail (it's a simple btw, with C:\ as the source -- i.e., it's just displaying your hard drive to yourself), and then of course there is the virus that their affiliates are sending around to hijack people's web browsers and point it back to the Evidence Eliminator site, and ... well. I think you're getting the picture now. These are not Nice Folks. And if we can trace that virus back to their offices, they will be wearing stripes soon.

  • Fear Mongering Jerks (Score:2, Informative)

    by jeffclough (164914) on Monday July 21, 2003 @12:40PM (#6491280) Homepage
    Here's [evidence-eliminator.com] all you have to see to know what type of people these folks are, if they're still allowing links from slashdot. I could hit this page from my grandmother's PC and it would present me with the same sort of rhetoric. If they're rejecting links from slashdot, open a new browser window and go to http://www.evidence-eliminator.com/go.shtml to see the scare tactics these guys use to drum up business.
  • by Animats (122034) on Monday July 21, 2003 @12:47PM (#6491371) Homepage
    The UK doesn't have a First Amendment. Libel laws override freedom of expression. Thus, UK-based criticism sites are vulnerable to libel claims. In the UK, you can be required to prove the truth of any negative statement you make about a person or company. This has come up in some famous consumerism cases, most notably one involving McDonalds, the fast food operation.

    US law is much less restrictive. The First Amendment is held to encourage "robust debate", even if some the statements aren't entirely correct.

  • by Anonymous Coward on Monday July 21, 2003 @02:02PM (#6492104)
    Anybody taking bets on how long it will take Robin Hood to spew it's legal folks at slashdot?
    http://www.angryflower.com/aposter.html [angryflower.com]

Bus error -- please leave by the rear door.

Working...