Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Spam Your Rights Online

In Pursuit Of A Spammer 397

Kyle writes "Over at DSL Reports, We are currently pursuing a spammer from the West Palm Beach, Florida area. This wouldn't normally be news, but we think Slashdot readers may be interested in just how successful we have been. What's more interesting is that the spammer appears to be posting in the thread."
This discussion has been archived. No new comments can be posted.

In Pursuit Of A Spammer

Comments Filter:
  • by Jeremiah Cornelius ( 137 ) on Sunday July 13, 2003 @08:06PM (#6430957) Homepage Journal
    If I bring you back his ears?
  • by Anonymous Coward on Sunday July 13, 2003 @08:07PM (#6430964)
    It turns out, after I caught a spammer, I wasn't allowed to kill him. Apparently, that's not classified as justifiable homicide. You know how silly I feel now?
    • by fidget42 ( 538823 ) on Sunday July 13, 2003 @08:51PM (#6431183)
      You need a license. Duck season, wabbit season, spammer season...
    • by sllim ( 95682 ) <achance@earthlink . n et> on Sunday July 13, 2003 @09:53PM (#6431444)
      However if he posses a risk to life or limb you have a case.
      That is why whenever you see a spammer you need to shout (so you can be heard clearly)
      "He's Coming Right For Us!"

      I recommend a bazooka. More bang for the buck.
      • by blibbleblobble ( 526872 ) on Monday July 14, 2003 @06:27AM (#6433047)
        "That is why whenever you see a spammer you need to shout (so you can be heard clearly)
        "He's Coming Right For Us!""


        How about "we have concrete evidence that he has weapons of mass destruction"?
  • by Anonymous Coward on Sunday July 13, 2003 @08:10PM (#6430978)
    "We are currently pursuing a spammer from the West Palm Beach, Florida area."

    Will be see this on Fox?
  • by dmeranda ( 120061 ) on Sunday July 13, 2003 @08:14PM (#6431002) Homepage
    We are currently pursuing a spammer from the West Palm Beach, Florida area. This wouldn't normally be news,...

    Pursuit of fleeing vehicles is much more common in LA, but the West Palm Beach folks are very fond of pursuing rental trucks full of votes to be recounted. So now they are just chasing a truck load of canned pork, doesn't really surprise me much.

    • by 56ker ( 566853 ) on Sunday July 13, 2003 @08:44PM (#6431152) Homepage Journal
      I'm sure someone's writing a blockbusting film using this plot as we speak. ;o)

      A West Palm Beach county resident - annoyed that his vote for Gore in the presidential election wasn't counted - decided to get back at the world by being the most notorious, infamous spammer in West Palm Beach county....... pursued by people all over the world.....
  • by NeoSkandranon ( 515696 ) on Sunday July 13, 2003 @08:15PM (#6431008)
    We've found a spammer, may we burn him?
  • cool (Score:5, Interesting)

    by squarefish ( 561836 ) * on Sunday July 13, 2003 @08:16PM (#6431014)
    he has an email newsletter. Let's all sign [chaddeckard.com] up!
    • Re:cool (Score:5, Funny)

      by Mostly a lurker ( 634878 ) on Sunday July 13, 2003 @09:46PM (#6431401)
      who is Chad Deckard?

      Chad is also a business savant who has studied and solved every kind of business question, problem, and challenge that has encroached him over his business career.

      It will be interesting to see how well he copes with this problem.

    • Re:cool (Score:5, Funny)

      by Malicious ( 567158 ) on Sunday July 13, 2003 @11:39PM (#6431932)
      I signed up 30 Times!
      Root@127.0.0.1
      Admin@127.0.0.1
      Chad@127.0.0.1
      Etc..etc..etc.....
  • We're [link to DSL provider's home page] are pursuing a spammer! There's nothing really notable about this but he's posting in our forum [link to DSL provider's site again].

    Well, somebody's doing an effective job of spamming, anyway. After him!

  • by BabyDave ( 575083 ) on Sunday July 13, 2003 @08:18PM (#6431029)

    ... who's got a mental picture involving a Benny Hill style chase sequence?

  • by zpiderz ( 646360 ) on Sunday July 13, 2003 @08:21PM (#6431038)
    This person spammed a forum which is wrong, but what do they really expect to happen this company? Do they want their domain revoked, a reprimand, a fine? Do they have proof that they spam on a massive scale or send massive bulk e-mails. It's one thing to send 1,000 e-mails a day and another to post an ad in a forum (on the same subject for that matter).
    • I agree... What's next...

      Dear ISP, someone from your range of IP's visited my web site using Internet Explorer, which is expressly forbidden on my site.

      Given that they may have some info on this person being a spammer, but right now it sounds like whining.
      • by Anonymous Coward
        As always, its wise to read the material before commenting. Usenet has several examples of spam that was sent on 6/22/03 whoring antispamcard.com. In addition, they are selling another company's software without permission.
  • Fire + gasoline == big-ass fire

    Seems like the spammer did the worst possible thing he could have done, heh.

    Imagine if Bush had actually attacked Iraq in addition to bitching at them, for example.

    . . .
  • Besides... (Score:5, Interesting)

    by BJZQ8 ( 644168 ) on Sunday July 13, 2003 @08:25PM (#6431061) Homepage Journal
    Besides annoying the spammer in question, is there REALLY anything they can legally do to him? I doubt it. I have fought with spammers before, trying to get taken off of their lists, and they threatened ME with telling my ISP (a college at that time) that I was harassing HIM. I believe he would have done it, too. So I resigned myself to deleting hundreds of spams per week, and getting used to it. I can't wait until they make RIAA-style computer-nuking legal...we can all just start a computerized World War III.
    • Re:Besides... (Score:2, Informative)

      by ave19 ( 149657 )
      I registered a domain name with a service that provides email forwarding. (registersite.com)

      then, i created an email address (spam0) and use that for all my risky behavior. :) when it got too much spam, i deleted it, and created a new one (spam1)... lather, rinse, repeat.

      also handy side effect, when i change isp, i just update my forwarding address. i have a nice permanent email for myself.

      works good!

      -ave
      • This works better (Score:3, Informative)

        by efedora ( 180114 )
        Take a look at http://www.spamgourmet.com.
        You can make up email addresses on the fly and limit the number of replies to any quantity you like. When the number is exceeded the email is eaten.
  • by Anonymous Coward on Sunday July 13, 2003 @08:33PM (#6431108)
    As you may have seen, antispamcard.com recently spammed our forum.

    They posted 2 messages to your forum. Is that what this whole story is about?
    • Yes, you are. After the messages, we determined they've been sending spam. In the thread are linked a few examples of the spam they sent on 6/22/03. Searching groups.google.com, several pieces of spam can be found from both Heckman and Deckard.
    • by Anonymous Coward on Sunday July 13, 2003 @11:00PM (#6431736)
      1: It's a spammer that spammed. That's grounds for loss of a connection to the Internet, at the very least.

      2: It's an unrepentant spammer. That is grounds for permanent disconnection. Find out as much as possible about them and do what is necessary to insure that they are never able to connect to any ISP ever again. Unrepentant repeat criminals are removed from society, and unrepentant repeat spammers should be removed from the Internet.

      3: It's an unrepentant spammer sending spam about some kind of service to fight spam... I don't even know where to begin on that one.

      4: It's a story about how a slimeball spammer is being tracked down and is obviously nervous about it. It's a how-to. It's a recipe. It's inspirational. It is very much Stuff That Matters.

  • Awesome!! (Score:5, Funny)

    by someonehasmyname ( 465543 ) on Sunday July 13, 2003 @08:40PM (#6431137)
    I live in West Palm Beach! I might try bribing his garbage man to dump a truckload of junk in his yard.
  • by BillYak ( 119143 ) on Sunday July 13, 2003 @08:41PM (#6431142) Homepage
    All they have done so far is make a lot of links from one site/organization to another. There has been no action against the spammer. They are not certain of his real name nor his address. I think its great that they're tracking him down, but I would not go so far as to say they have been successful.
    • Thusly, the title of the article is In Pursuit of a Spammer. One company has already stated that legal action may be pending. We've only just begun.
    • by l810c ( 551591 ) * on Sunday July 13, 2003 @08:59PM (#6431216)
      Additionally, if it takes this much work to Kinda Get one guy, how are we ever going to get them all? Will the threat of isolated harassment stop most of these spammers, I doubt it.

      Don't get me wrong, I still applaud these guys efforts, but it's an steep uphill battle.

      • The name of the game is to make it too expensive to be a spammer. If the spammer is too busy fending off people trying to track him/her/it down and shut him/her/it off, then he/she/it is too busy to spam. Only when spamming is no longer economical will it be eliminated.
  • 9 pages? (Score:4, Funny)

    by Anonymous Coward on Sunday July 13, 2003 @08:47PM (#6431167)
    Can someone with a bigger attention span provide a summary?
    • Re:9 pages? (Score:4, Funny)

      by Klimaxor ( 264151 ) <jdunn AT sosbbs DOT com> on Sunday July 13, 2003 @08:54PM (#6431192)
      an anti-spam forum got spammed by a guy trying to sell anti-spam software, and after doing a lot of inquiries to several whois databases, determined that the anti-spam spam was really spam spam.
      make any sense?
    • Re:9 pages? (Score:5, Informative)

      by Anonymous Coward on Sunday July 13, 2003 @09:29PM (#6431327)
      Someone sent a couple of spam messages to a forum. Apparently they picked the wrong forum because now the whole rat-pack is trying to track down the sender.

      Using google, who-is databases, other directories, some luck and some pluck they have unearthed all details of that guy (Name, address, phone number, company he works for, color of his underwear and so on).

      Being a rather slow day on Slashdot, it makes it as one of the stories of the day.
    • Re:9 pages? (Score:5, Informative)

      by peter_gzowski ( 465076 ) on Monday July 14, 2003 @02:51AM (#6432494) Homepage
      Summary:

      Dslreports maintains an anti-spam forum, which discusses spam-fighting techniques. A recently registered user, AntiSpamCard, posts to the forum advertising its spam-fighting product, AntiSpamCard. This violates the rules of the forum, so another user, AmeritechTech, looks up the domain registration information (registration service: RegistryFly.com). It is full of false information (mostly na, na, na filled in everywhere). AntiSpamCard claims that false info is RegistryFly's fault. Further investigation leads AmeritechTech to believe AntiSpamCard are, in fact, spammers. The evidence:

      - Privacy statement on antispamcard.com states that they have an opt-out policy on receiving info
      - Domain listed as unwelcome here [rhyolite.com] and here [dolphinwave.org]

      From these sites, AmeritechTech discovers that antispamcard.com and putamericatowork.com are both owned by Brad Heckman in Palm Beach, FL. IP address for antispamcard.com seems to be within a block assigned to Crescive, Inc. (not to be confused with some car company), which is also mentioned on antispamcard.com. The host for this block of IPs is traci.net. Traci.net has a strict anti-spam policy. Name servers also appear to be owned by Brad, and hosted by traci.net. Registration of the domain names of the name servers also has na, na, na filled into most fields. Putamericatowork.com turns out to be hosted by aitcom.net, which has a very strict anti-spam policy. AmeritechTech also claims Brad owns spaminsurance.com, but I'm not sure why. IP in the same block (which it is) and identical layouts (can't check, antispamcard.com /.'ed), I think.

      After various emails to the various hosting companies, antispamcard.com and spaminsurance.com magically have valid registration information. AmeritechTech also gets an email from Brad from igpbrad@hotmail.com (remember that email) saying the registration info is updated. Antispamcard.com registered to Brad, spaminsurance.com registered to Chad Deckard. Same guy? Associates? Who knows, but there seems to be a link (in later posts, this is contested by "mystery poster" Ry2k, but the link seems pretty strong). Hunting around for Chad Deckard stuff turns up claims on this [zeropaid.com] board that he's associated with a scam to sell Kazaa "Gold", which is really just Kazaa Lite, but with a 9.95 price tag, plus it harvests your email. The site's still up, but I couldn't repeat the behaviour claimed by the message poster (posted back on Sept. 11, 2002) that takes you to infogeneratorpro.com, which seems to be the site registered to Chad. Also conspicuous is that Chad's name shows up on putamericatowork.com, a site owned by Brad (link [putamericatowork.com]). Also VERY conspicuous is that Brad emailed from igpbrad@hotmail.com, i.e. InfoGeneratorPro? Maybe a coincidence...

      Some more looking uncovers other domains in Chad's name: infogenerator.com, usub.net, and finder-network.com. This is along with spaminsurance.com and infogeneratorpro.com. About this time Ry2k shows up to claim that Kazaa Gold was just a client of Chad's, and when Chad found out what they were doing, the account was eliminated. Ry2k claims to be a former employee of Chad's, and warns the forum of tarnishing the good name of legitimate businesses in their persuit of spammers. I go to bullet mode, as it's getting late, and I'm tired:

      - Reverse look-ups on contact info for antispamcard.com produce a fax number registered to infogenerator.com.
      - Domain name servers (safeidentity.net) for antispamcard.com has contact info updated to Crescive, Inc.
      - Someone points out that RegisarFly.com may be shady, something about "using CNAME for their MX records". Maybe someone can fill me in...
      - google groups turns up complaints about spam from
      • Re:9 pages? (Score:4, Informative)

        by Michael Hunt ( 585391 ) on Monday July 14, 2003 @04:30AM (#6432736) Homepage
        Using a CNAME for an MX record is generally frowned upon, since it may not point at a valid A record, or, in fact, an A record it all. CNAMEs can point at any sort of data.

        The recommended way to delegate reverse DNS for blocks smaller than /24 is to CNAME the .in-addr.arpa entries to a zone under the control of the people who have the small allocation, for example.
  • by fugu13 ( 597296 ) on Sunday July 13, 2003 @08:52PM (#6431188)
    Notably, the most fervent researcher on the forum (Ameritec Tech) has discovered that the spammer was violating several people's copyrights. One of those people has replied and stated they are taking legal action against the spammer immediately for the violation.
  • Big Deal (Score:4, Insightful)

    by fm6 ( 162816 ) on Sunday July 13, 2003 @08:57PM (#6431209) Homepage Journal
    So a particularly stupid spammer spams a forum frequented by technically clueful spam haters. After much effort, these guys might make life difficult for this particular spammer. At best this will result in a reduction of spam that's too small to measure. So why should anybody care?
    • Re:Big Deal (Score:5, Insightful)

      by PaulK ( 85154 ) on Monday July 14, 2003 @12:09AM (#6432040)
      At best this will result in a reduction of spam that's too small to measure.

      It only takes one snowflake to start an avalanche.

      Visualize this:

      One man decides he has had enough, and pursues this spammer with all the tools at his disposal, including posting an article on Slashdot. Now, consider that the vast majority of /.'rs have also had enough, and quite a few decide that this is a good method of pulling the bugs out from under the rocks.

      At this point, the grassroot movement starts, and the spammers start scrambling for other rocks. As momentum grows, the word about this methodology reaches more and more people, who likewise have had enough. Eventually, by starting with this one snowflake, spam can become an abberation, instead of the norm.

      So why should anybody care?

      Because there is hope, and apathy/acceptance gives them the victory. I'd rather take them out of the game, myself.

  • I've noticed a few "diplomats" grubbing for money recently on the kernel mailing list. Nigerian vacations, anyone? Oddly, each sender/IP occurs only *once*, it seems. Even more oddly, no mention of "Free Speech" (or any other policy) is made. It seems that "Free STFU" goes hand-in hand with "Free Speech", for practical purposes.

    As opposed to legal ones.
  • by curtlewis ( 662976 ) on Sunday July 13, 2003 @09:21PM (#6431301)
    So if the spammer weighs as much as a duck....

    then he's made of wood?

    and therefore?

    A WITCH!

    BURN HIM! BURN HIM!
  • by linuxislandsucks ( 461335 ) on Sunday July 13, 2003 @09:36PM (#6431352) Homepage Journal
    THe best revenge is a weblog post with his own info being higher in ranking than his own website :)

    I should know I killed a spammer called Bruce Cullen(a movie extra-Outbreak one of the invefected victims that died in the movie) with this technique..

    It was so bad that he stopped spamming altogether..:)

  • by qtp ( 461286 ) on Sunday July 13, 2003 @09:43PM (#6431388) Journal
    Now you have the IPs, the URLs, the company names, etc.

    So report these to every blackhole list available, report the hijacked material on the sites to the original publishers, check his providers for more spammers like him, and report the provider if necessary (so they start taking an active part in this as well) and get on to the next guy.

    If ISPs began taking basic measures to block spam, refuse services to spammers, contact the providers of spammers, and blackhole domains, IP's, and networks that spam or encourage spammers, the spammers would eventually end up in a spammers ghetto of unscrupulous providers that could be easily blocked or filtered.

    If it is left up to law enforcement and legislation, there will be loopholes [donotcall.gov] as there are in the National Do-Not-Call Registry [206.16.196.198], and we will have opened up the door to congess regulating the use of email.
  • by Anonymous Coward on Sunday July 13, 2003 @10:10PM (#6431534)
    ...having served in the military for a significant period of time, when I saw the 'patriotic business statement' by Heckman I did a 'quick and dirty' search of some databases -no listing of a Brad or Bradley Heckman deployed as member of the U.S. Army during Operation Desert Shield or Desert Storm. Someone tell the #1 spam hunter at DSL report webpage to try and get a unit ID from Heckman? For some reason I can't post to that forum and I couldn't find an email address for the #1 spam hunter guy. The best way to sink a fraudulent business that preys on patriotic people is to show them he's a fraud.

    "Just an idea".

    -Anonymous Cowardly Good Guy
  • by MisterMook ( 634297 ) on Sunday July 13, 2003 @11:02PM (#6431744) Homepage
    I think we should just do a Slashdot story linking to Spammer websites every couple of days, the DoS attack should be brutal.
  • by Jboy_24 ( 88864 ) on Sunday July 13, 2003 @11:35PM (#6431909) Homepage
    Please tell me the "SPAMMER" did more then post 2 messages in an forum which actually shares the same topic as his posts?

    Or is it just enough that someone labeled him a "Spammer" that we have to "dump garbage on his lawn"?

    Was it just an AD? IF this really was only about 2 posts in a FORUM, not emails, not anything else, something that the forum moderator could delete if requested, then this actually makes me sick.

    • There were many messages and the moderators of the antispam foum at dslreports/broadband.com have deleted all but a few of them.

      I am really having quite a laugh about so many /.ers not knowing anything about dsl reports/broadband.com. It's like the consumer reports of xDSL and Cable broadband. There is even offical online realtime tech support provided in some of the ISP forums by the some broadband ISP's . ISPs are rated by the consumer there as well.
  • I don't get it... (Score:5, Insightful)

    by AtariDatacenter ( 31657 ) on Sunday July 13, 2003 @11:50PM (#6431971)
    I mean, I dislike spammers just as much as the next guy. But why is this a newsworthy story? Allegedly, someone posts a message about their anti-spam product on an anti-spamming message board. The claim is made that the poster is a spammer. So the story becomes that a spammer posts an advert to an anti-spamming message board.

    Aside from it being a bit uncooth, why is this suddenly The Hunt for Red October? Sure, it was kind of a stupid thing, but what's the big wreck that I should be rubbernecking over?
  • by Anonymous Coward on Monday July 14, 2003 @01:34AM (#6432303)
    The only reason you are getting spam is because someone (client) is making money by paying someone (spammer) else to send you (target) spam. We know (at least I do) that the client makes his/her money when target buy the product they are selling.

    Solution: Don't buy anything you get a spam for.

    But you might not know how the spammer gets paid? Again I do know because I used to work for these people. There are three different contracts a client can make with a spammer. First is paying a set amount of money per each email sent, this is very small amount, 1/100 of a cent. So the money to be made for a spammer is in the number of unique email address he/she can send email to. The second contract type is page views. You know the spam with the pretty graphics. Under this contract type, each time you open one of these emails the spammer gets paid. And just how does the spammer know you opened one of his/her email? The images come from the spammer's web servers and logs you image request. It is a little more complicated than that but you get the picture. And last contract type is web traffic to the client's site that results in a sale, again not going into details. Cha-ching, they both get paid.

    Before you start whining that you don't buy any thing that was spammed;
    1) Someone out there does and you can't stop them.
    2) I don't care.

    The only other recourse is to try to get the spammer booted off of his up stream provider. The spammer's provider(s) could be some little Podunk ISP or leased lines from the big boys. And the only way to get them booted is to complain to the right people, and no the /. forum is not the place.

    How is this done?

    Forget about doing whois on any domain or machine names you find in the email headers, they are most likely forged or just plain crap string of characters. Grab the first IP address of the smtp server closest to the origin of the message. Take that IP address and go to www.arin.com and pug it into the (IP) whois search. (ARIN assigns the IP addresss in the US and knows whom they are assigned to.) If the IP address is assigned to a US company it will give who and how to contact them. If the IP address is assigned in another country then the registry will be listed and just follow the link and repeat the (IP) whois search there.

    Usually an abuse@the_ip_owners email address is listed. Now you have to do is forward a copy of the spam to that address. If enough people forward email/complain spammers get the boot.

    Will you take the blue pill or the red pill?

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...