It has now been six and a half months.
Half-Mad
Is there a prototype out yet?
Is anybody making one?
Were the members who were originally part of this group full of hot
air? Big on plans, but run away when it comes time to make anything.
The newest version of Firefox has a "reload every xx seconds/minutes"
option. Set this to reload ever 2 to 5 seconds and a group of people
could bring down a spammers website using this feature. I have little
to no problem with using a DDOS attack against a spammer.
David Eckert
no idea, there supposedly is prototype that has never been released
yet by someone.
--
-David W. Eckert
NetCat
It would be nice to have a specialized program doing that, but I found
nothing on the web (SpamItBack and SpamDSpammer are pieces of crap).
Talking about law - what does the law do to protect us from spammers ?
The spamvertised sites are known and nobody prosecutes them in spite of
their often criminal activities.
Where "being legal" brought us? I get about 80 spams a day and that
amount grows slowly but steadily.
Finally, is loading a web page illegal ??
If I understand well, the spammers pay for the bandwidth used. By
implementing your idea we may not knock them offline completely, but at
least we shall increase their expenses....
I wonder, what others are thinking ??
Mosinu
> Talking about law - what does the law do to protect us from spammers ?
> The spamvertised sites are known and nobody prosecutes them in spite of
> their often criminal activities.
>
Actually you need to raise hell with your government and law
enforcement for your host country to enforce those laws. It is hard,
but it can be done. Australia prosecutes, but the US seems to be a
Joke.
Don't complain it doesn't work if you don't demand that your
government enforce it...I can't speak on France's laws as I have not
looked at those. Spammers get away with it because no one fights back.
You want to put a dent in spam, hit them in the wallet. Thats why
bluefrog worked. If enough people start to demand the laws be enforced
we might see something...
> Where "being legal" brought us? I get about 80 spams a day and that
> amount grows slowly but steadily.
>
> Finally, is loading a web page illegal ??
Well, depending on your host country...yes it could be if you are
repeatedly loading a page for the sole purpose of denying access to
"legitimate" traffic to the site. This is illegal in most countries,
and while they may not prosecute spammers but you can bet some ISP will
scream for you to be hung out to dry...
>
> If I understand well, the spammers pay for the bandwidth used. By
> implementing your idea we may not knock them offline completely, but at
> least we shall increase their expenses....
Not always true, a lot of the spam I have seen lately is on hacked
sites. So you would be party to taking out some innocent by stander
who's only mistake was having an insecure or exploitable site. This is
why trying to take down a site is a bad idea. You can't always be
certain you are attacking the spammer.
The other downside is if you take the approach, you open yourself up to
a setup...Spammer A hacks Website A and setups a fake site. Spammer A
passes out the info and they spam everyone with it. You attack Website
A and suddenly find out you attacked some web server at IBM. Now what
are you going to do when Big Blue comes gunning for you? We have
already seen the lengths they are willing to go to.
Our best bet to fight spam is demand that the laws be enforced and even
with the opt-out campaigns if you want such as blue frog did. But if
you set out with the intent of maliciously doing a denial of service
you are no better than the spammer and you deserve what you get in my
book.
>
> I wonder, what others are thinking ??
just my .02
NetCat
1. The law enforcement DOES NOT WORK. Look at the p2p file exchange!
They do lawsuits, they shut down servers, they do a massive propaganda
and what is the result? The p2p community is doing well and growing!
2. Suppose the NSA together with the FBI finish off all the spammers in
the US. What good will it do? Next to nothing, since so many of them
operate from Russia, where the only law is jungle law (believe me, I
know what I'am saying).
3. I do not want my children to read neither on the penis enlargement
nor to follow the porn links. I have all the rights to defend my home.
If an armed burglar breaks into my house, I shall not wait for some
Abstract Law to protect me. I shall grab any weapon available and use
it.
4. The only effective way against the spammers so far was the Blue
Security way. You can name their method in any nice way you want but it
was DDOS. Unfortunately they were fighting for the money, NOT for the
Idea and therefore they failed as soon as the money was gone.
5. Using DDOS is like using a gun, it is never good. I am NOT an
admirer of DDOS. Yet, show me another EFFECTIVE way...
Paul Herring
>
> Mosinu, thank you for your opinions. Now please read carefully:
>
> 1. The law enforcement DOES NOT WORK. Look at the p2p file exchange!
> They do lawsuits, they shut down servers, they do a massive propaganda
> and what is the result? The p2p community is doing well and growing!
Your arguement appears to imply that 100% of p2p traffic is illegitimate.
> 2. Suppose the NSA together with the FBI finish off all the spammers in
> the US. What good will it do? Next to nothing, since so many of them
> operate from Russia, where the only law is jungle law (believe me, I
> know what I'am saying).
Do you mean they spam from Russian computers or the business' they are
spamming operate from Russia? If the former, correct, little can be
done. If the latter, a bit more can be done.
> 3. I do not want my children to read neither on the penis enlargement
Use whitelists.
> nor to follow the porn links.
Use netnanny.
Or, shock horror, supervise your kids when they are on the PC.
> I have all the rights to defend my home.
> If an armed burglar breaks into my house, I shall not wait for some
> Abstract Law to protect me. I shall grab any weapon available and use
> it.
Your metaphor seems somewhat out of place.
> 4. The only effective way against the spammers so far was the Blue
> Security way. You can name their method in any nice way you want but it
> was DDOS.
No it wasn't. It was not DOS - they did not take the sites down (or at
least that was not the intention) - they simply filled out the forms
on the websites asking to be removed from their mailing lists, one
submission per spam received. This forced the person advertising to
spend an inordinate amount of time sorting through non-sales orders.
> Unfortunately they were fighting for the money, NOT for the
> Idea and therefore they failed as soon as the money was gone.
>
> 5. Using DDOS is like using a gun, it is never good. I am NOT an
> admirer of DDOS. Yet, show me another EFFECTIVE way...
Bluesecurity's way. It was effective; too effective it appears.
--
PJH
#700847 +(1920)- [X]
andyg721: i think it was on CNN
andyg721: Condoleeza Rice went to Asia
andyg721: the headline was RICE IN ASIA
Mosinu
> Mosinu, thank you for your opinions. Now please read carefully:
>
> 1. The law enforcement DOES NOT WORK. Look at the p2p file exchange!
> They do lawsuits, they shut down servers, they do a massive propaganda
> and what is the result? The p2p community is doing well and growing!
As Paul stated, you are comparing apples and oranges here. P2P has
changed dramatically in the last few years.
But you are inaccurate in your statement about laws not working; they
do not work because you aren't using them. It is a big difference from
an ineffective to law to one that isn't enforced. If you do not enforce
it, you can't tell if it is effective or not.
>
> 2. Suppose the NSA together with the FBI finish off all the spammers in
> the US. What good will it do? Next to nothing, since so many of them
> operate from Russia, where the only law is jungle law (believe me, I
> know what I'am saying).
Well considering that these two agencies have completely different
tasks, this wouldn't happen. But if it did, then great for the
Americans. Do you expect them to solve your countries problem? The
problem can't be solved by one country, it is international. If you
want to see spam cut down then make your government do its job.
Complain to the ISP's such as the one you use (wannadoo) for being lax
on taking action against reported spam and spammers.
>
> 3. I do not want my children to read neither on the penis enlargement
> nor to follow the porn links. I have all the rights to defend my home.
As Paul said, software exist for this and the best thing in the world
is to monitor them when they are online. Be a responsible parent and
don't let them online without supervision. Spam is the least of my
worries with my child online...far greater dangers exist than a penis
ad in e-mail for children.
http://www.antichildporn.org/parents.html
> If an armed burglar breaks into my house, I shall not wait for some
> Abstract Law to protect me. I shall grab any weapon available and use
> it.
Ok your analogy here is way out in left field mate. Does SPAM threaten
your life or the life of your family? If SPAM is not stopped is it
going to take your life? No, its not great to deal with but short of a
Spammer getting gunned down in Russia I know of no cases that show spam
has killed anyone. I don't like it, I don't agree with the tactics but
it isn't going to kill me if it doesn't stop.
>
> 4. The only effective way against the spammers so far was the Blue
> Security way. You can name their method in any nice way you want but it
> was DDOS. Unfortunately they were fighting for the money, NOT for the
> Idea and therefore they failed as soon as the money was gone.
This is not the case either. Do you understand what a DoS actually is?
In order the classify Blue Frog as a DoS they would have to have
intentionally set out (like you keep advocating) to deny service to a
site with REPEATED illegitimate traffic so that legitimate traffic
couldn't get through.
Blue Frog did NOT do this. Blue Frog sent 1 request per spam. So your
frog only visted the site once and filled out the opt-out. Did the site
fall over? Sometimes. Was it deliberate? No, but it happens and it
happens all the time. It is similar to the the slashdot effect.
http://en.wikipedia.org/wiki/Slashdot_effect
The sites went down because they did not have the resources for the
volume of traffic/SPAM they sent out. Victoria's Secret did that during
the Superbowl, they got more traffic volume than they planned on and
took down the site.
>
> 5. Using DDOS is like using a gun, it is never good. I am NOT an
> admirer of DDOS. Yet, show me another EFFECTIVE way...
If you are not an admirer of DoS why do you continue to suggest it? I
am not going to show you another way, the way doesn't exist. There is
no spoon...Besides posting here, what do you do to help fight spam?
Have you tried to enforce your laws or have them enforced? No magic
bullet exists to stop spam mate, sorry to pop your bubble.
If you purposely get into that war (DoS) you will lose. No question
about it. Why? Because they have been doing it longer than you have.
They know a lot more about it and have much larger nets than you are
capable of building legally. Do you realize what will occur during a
packet war with spammers? Let me give you a quick run down of how a
packet war would most likely go.
We create 100,000 machine network to DDoS with. We take down lots of
sites easily, the owners of the ISPs and backbones all that traffic
went over calls the police. They start to investigate (remember this,
it is important later).
Spammer A and Spammer B get pissed off, they hire hacker group A to
retaliate.
Hacker group A has 100,000 bot botnet attack everyone connected to us,
including your ISP (remember websites and routers log traffic so you
attacked spammer A and he now has your IP)
Spammer C and D see this and want to join in so they hire Hacker Group
B and C each with 100,000 bots.
Now its 300k (illegal) vs 100k (legal). Now in the middle of all this
are all those sites getting caught in the crossfire like two-cows, six
apart, etc during the blue frog attack.
But wait, it isn't over...while everyone who is anyway close to being
connected to us is destroyed and we try to fight back some judge is
signing warrants for Denial of Service and a number of other federal
and international crimes related to it for us. We would be shutdown,
and those of us who didn't go to jail would be paying heavy fines, and
criminal records.
Thus your life is pretty much screwed, the spammers are still spamming
and maybe if we were lucky a couple of those hacker groups members
would get arrested with us. If you think this isn't how it would go
then you are dillusional.
NetCat
You are both very self-righteous people, being right for any price!
It seems to me, that you do a lot in order to do nothing.
Your elaborate posts are illogical, but I want no longer wasting time
in fruitless disputes...
NetCat*
Paul Herring
>
> Mosinu and Paul,
>
> You are both very self-righteous people, being right for any price!
Erm - meaning what specifically...? You seem to be resorting to
ad-hominem again.
> It seems to me, that you do a lot in order to do nothing.
Well since you haven't attached that comment to any particular
statement of either mine or Mosinu, there's little I can do to refute
it.
> Your elaborate posts are illogical,
As are your arguments as pointed out previously, but then again, you
haven't addressed our points, instead you just 'give up.'
> but I want no longer wasting time
> in fruitless disputes...
You forgot your football...
--
PJH
#713059 +(1255)- [X]
<SaintAlvus> Does the name Doctor Pavlov ring a bell?
Mosinu
I really liked the football comment. I am a little confused how we
were being self righteous. I guess in his country applying reality and
logic to a problem is self righteous.
NetCat
French.
You've suprised me, because that kind of "argument" I had not expected
;-)
Paul Herring
>
> Your guess is wrong.
What guess? Who's guess?
> I just use a French e-mail account, but I am not French.
Lots of people use email domains whose nationality doesn't match the
owner of the email address.
I'm using a US domain for this email - I am not American.
And I personally take no notice of the domain, unless the poster
concerned posts in a foreign language which I don't exactly recognise,
as a hint to use in Babel.
> You've suprised me, because that kind of "argument" I had not expected
> ;-)
You posted statements that were blatantly incorrect. Did you expect
/not/ to be corrected?
NetCat
My previous post was for Mosinu, who wrote:
"Bravo Paul,
I really liked the football comment. I am a little confused how we
were being self righteous. I guess in his country applying reality and
logic to a problem is self righteous. "
You wrote then:
"You posted statements that were blatantly incorrect. Did you expect
/not/ to be corrected?"
If I were you, I would not judge others and especially I would not
"correct" them (that's a symptom of self-righteousness which I wrote
about before).
I would gladly express my opinion, but respecting opinions
contradictory to mine. Otherwise you either enter a fight or one of the
parties leaves... Either case is counter productive and frustrating.
Have a nice weekend.
Mosinu
French. I believe my comment was in regards to your statements and
perhaps that was how people from your country respond to differing
opinions.
In fact I don't think France was ever mentioned in this discussion by
myself or Paul. The only comment that I see that could even roughly
point in that direction was about your ISP and their lax view on
dealing with spam. But not about their country of origin.
Personally I don't care what country you are from, you could be from
Mars for all I care. Though I find it funny how you get aggressive
towards our post, calling us self-righteous and then accuse us of
trying to start a fight? So whom is doing the judging here?
It looked to me like you suggested something that was illegal in most
countries, we explained this to you and explained further why it was a
bad idea to get into a packet war. You got upset and as Paul so
humorously put it, took your ball and went home being indignant. Of
course I guess you expect people to just agree with you even when you
are in the wrong?
Have a nice weekend. =)
во пизду блядь
Paul Herring
>
> Paul,
>
> My previous post was for Mosinu, who wrote:
>
> "Bravo Paul,
> I really liked the football comment. I am a little confused how we
> were being self righteous. I guess in his country applying reality and
> logic to a problem is self righteous. "
So quote properly in future so we know what you're talking about. And
I didn't infer from that comment that any connection was being made
about your nationality and your email address. Mosinu could even have
said "I guess in his little world applying reality and logic to a
problem is self righteous" and still have made the same point.
> You wrote then:
> "You posted statements that were blatantly incorrect. Did you expect
> /not/ to be corrected?"
>
> If I were you, I would not judge others and especially I would not
> "correct" them (that's a symptom of self-righteousness which I wrote
> about before).
Did you read my correction about what BlueFrog did? Did you have a
specific problem with it or just the fact it corrected your incorrect
assumptions about what they actuallty did? Or do you still believe the
purpose of BF was to DDOS sites?
> I would gladly express my opinion, but respecting opinions
> contradictory to mine. Otherwise you either enter a fight or one of the
> parties leaves... Either case is counter productive and frustrating.
Well quite.....
Half-Mad
I don't care which.
No spammer will take you to court over bringing down his site. The
advertiser might.
Firefox has the ability to auto-reload pages. Firefox also has a
plugin that will fake the "Came From" information when loading a
website. Every website I load is given false came from information.
The plugin, RefControl, will give lots of control over what site is
given for the came from information. This will not stop your IP from
being displayed though. There are ways around that though.
I suggest some type of network to DOS attack spammers and/or the
advertisers who use spam. The advertisers would rather pull their ads
from spammers, rather than suffer the bad press. The spammer would
likely be beaten to death on their way into the court house.
Paul Herring
Either DOS attack the spammer, or the advertiser who hires the spammer.
I don't care which.
No spammer will take you to court over bringing down his site. The
advertiser might.
What happens when the inevitable happens, and a non-spam site is 'joe-jobbed' and subsequently brought down? What happens when Joe Public get to hear of it? "Spam fighters bring down <some well loved site>" Still think people will think you're on the 'good team'? Will you still get support?
Arancaytar
Half-Mad wrote:
> I suggest some type of network to DOS attack spammers and/or the
> advertisers who use spam. The advertisers would rather pull their ads
> from spammers, rather than suffer the bad press. The spammer would
> likely be beaten to death on their way into the court house.
Look up Spamhaus and e360insight. Spamhaus did nothing more than put
the spam company on their blacklists - compared to a DOS, which is an
outright illegal attack.
Spammers have no sense of shame - if they can sue, they will sue (and
if they can't, they may still try).
NetCat
Beware, people here are protecting spammers, taking care that no harm
happens to them - that's the bottom line (what makes me fully-mad, may
be they are spammers themselves?).
Your idea is technically fine, but too complex for an average user.
It should be an application running quietly in the backgroung, fully
automatic like the Blue Frog.
In order to be effective, we need thousands of machines running
together.
Of course, nobody will attack or sue 100,000 users. However any central
point (like the BS web site) will be attacked for sure.
See SpamDSpammer and SpamItBack. They have nice ideas, though their
software does not work correctly and is useless for now.
NetCat
Mosinu
most countries? We support spammers because are not willing to lower
ourselves to their level? Is that it mate? You guys show a severe lack
of understanding of how the world; and the internet works. What we have
been telling you is to protect you as well as this project from legal
problems.
Firstly, you are an idiot for outright suggesting illegal activities
in a public channel, and worst by the fact you are condoning tactics
that international law enforcement are itching to make an example out
of someone for (DDoS). This is made worse post 9/11 when they have
harsher laws to use against you, and with terrorist threats to the
internet.
Secondly did you not pay attention to what happened to blue security?
They weren't even DDoSing, despite your belief to the contrary. Did you
not see all the innocent bystanders that went down with them? How do
you propose to prevent this from happening? How do you plan to make
sure you don't fall for a 'joe-job'? What about the little isp that
unknowingly host some spammers site and you put them out of business?
These are all the things we have to consider when we decide how to
handle spam. The picture is a lot bigger than just one little website
you want to run in and knocker over like a spoiled child kicking over
blocks. Not only the fact that, once again your suggesting something
illegal and will eventually lead to prosecution. You are mostly right
about them not suing 100,000 users, they probably won't. But they will
go after the developers and contributors as well as any other big
supporters, as will law enforcement. Perhaps you missed over the past
decade where example after example of this occurred.
Since you seem to suggest we are spammers and trying to protect
spammers; despite not knowing how much I myself work on anti-spam
solutions or spam-reporting, perhaps you would be better off assisting
the projects you mentioned. It is obvious that your suggested method
and ours do not sync or come close to being the same, you might find
one of those two to be more receptive to your suggestions.
Half-Mad
one.
A DDoS attack is a hell of a lot better than the NOTHING that has been
happening here over the past seven and a half months.
If DDoS'ing the sites that pay for the advertising, then they would
likely only need up to a days worth of an attack, and a simple note
advising them to stop using spam.
If the spammer themselves are being attacked, then odds are their ISP
won't want to let them continue being a customer for too long.
I fully support the idea of DDoS'ing the spammers. At least it's doing
something.
Don Z (TFG)
Mosinu
site. You take down one node and the next one takes over. The bot is
basically acting like proxy to protect the real spam site. As we shut
down one, another "proxy" takes over. If you are DDoSing you are going
to take out that computer/ISP. Which has no effect on the spammer, but
cost innocent people time and money.
The other way this happens is a some advertised sites are on hacked
servers or windows desktops. These people don't know they are hosting
these sites until law enforcement or someone reports it to them. So if
you just go out and indiscriminately target a site because some link
came to you via spam e-mail you might be taking out some single mom who
hasn't got a clue or some small ISP who just missed a security patch.
Then of course, remember that spammers are willing to break the law to
stop you. They will use a joe-job just so you attack say IBM; you will
take the fall, not them.
The other problem with DDos is a lot of people get caught in the cross
fire. All those ISP's and routers between you and the spammer are
affected. Spammers also very rarely hosts there own servers. They steal
them, they are criminals remember? The sites that do pay the spammers
may or may not pay for hosting. While you can easily take down those
sites, remember that those hosting companies hosts more sites than just
the one your attacking. All the sites at the hosting company; with the
exception of the spammed site, are innocent sites. They may not even
know that www.pharmacyrx.com was hosted with the same hosting company
they chose. Is it fair to punish them?
Lets look at this another way, when you are talking about DoS/DDoS;
besides the illegal aspect, you have to consider the moral obligations.
To put it another way, if a terrorist was hiding in New York city,
would you condone bombing the entire city to rubble to get him? Would
you support carpet bombing London to get one murderer or rapist? Thats
basically how DDoS would work, it is carpet bombing cities to get one
person. One person, that your not even sure if he is there or not...but
your willing to risk all those lives, just for a small chance to get or
harass him.
I can't support that type of tactic both from the moral point and legal
one. While you guys forget the fact that from the beginning this
project has said it will NOT be part of any DoS, a lot of us haven't.
You can also ignore that Denial of Service is ILLEGAL all you want to.
Hopefully you will think about all the people in the middle of your
little war. Maybe you will stop for a moment and try to take the high
road rather than stooping to the same level as spammers. Breaking the
law to stop a criminal doesn't make you a hero, it makes you a criminal
also...
As for Half-Mad's comments...once you start the attack, the damage is
done mate. Stopping it doesn't mean they didn't suffer from your
mistake. How would you make it up to Aunt Jeannie for taking down her
little knick-knack site because you made a mistake? You going to pay
for the damages each time you mistakenly take down a site? How are you
going to explain this to a judge when some of those innocent sites
press charges?
Before any of you continue to suggest illegal activity you need to stop
and think about who might be reading this site. You are promoting and
recommending illegal activities on a public channel. This could come
back to haunt you later or be used as evidence against you. You can
think your bullet proof, but I can promise you that your not...
NetCat
DOS is the only ways that works so far.
I found 2 ways of fighting spam.
1. Reporting spam to Knujon (www.knujon.com). I am not sure how
effective they are, but they work on closing down spam sites.
2. SpamItBack (www.spamitback.com). They have released a new version of
their software, still far from perfection, but workable. You can
automatically download spammers web site up to 10,000 times and send
opt-out requests to their logs.
As for Mosinu, I am now convinced that he is a spammer (I think
Russian) who monitors the anti-spam sites. His "arguments" are not
worthy any discussion and his threats are rather pathetic.
Well, disregard and go further; it is a free world :-)
NetCat
Mosinu
on a little something.
I speak 7 languages, I hold a Masters in Computer Science & Electrical
Engineering from NCSU. I am one of the few in this project to actually
produced any working code (the Thunderbird extension I wrote and more).
I used to work for the leading Linux distribution, I am a member of the
Apache group and I now work in Federal Law Enforcement. I work very
closely with other Anti-spam groups and agencies. What do you do
besides run your mouth?
I haven't made any threats, what I have been doing is trying to warn
you about what your discussing being illegal. If you want to use
illegal methods, thats your problem. But do not continue to suggest
that this project go that route, as they have already stated they are
not going that way. Other "projects" or groups out there will be more
than willing to accept you I am sure.
Get a clue.
NetCat
Like always your arguments are misplaced, Mosinu.
I have never suggested Okopipi uses DDoS.
In the Free World, there is a freedom of speech and therefore we can
discuss anything
and express any opinion.
By the way, I admire you being so important and busy person and yet
finding time to write
your loooooong posts!
Happy New Year,
Adrian.
Mosinu
NetCat wrote:
> I am president of the United States (but don't say anyone!)
>
> Like always your arguments are misplaced, Mosinu.
> I have never suggested Okopipi uses DDoS.
>
Actually you have, both supporting Half-mad, your own suggestions and
the fact that this is OKOPIPI-DISCUSS. Why do you think everyone has
argued with you about this you moron? Because you are discussing this
on our project list, which drags us into your stupid little world. We
do not want that as part of this project, but you are obviously to
stupid to catch that. If you want to discuss DDoS, find a list that
agrees with you or join another project. As I have said already THIS IS
NOT THE PROJECT FOR YOU.
Getting a clue yet?
> In the Free World, there is a freedom of speech and therefore we can
> discuss anything
> and express any opinion.
Perhaps you should read http://en.wikipedia.org/wiki/Freedom_of_speech
before you go trying to spout off about freedom of speech. Pay
attention to the section on
http://en.wikipedia.org/wiki/European_Convention_on_Human_Rights. So
you see, freedom of speech has its limits.
In case you are to slow, here is the important section for you.
"The exercise of these freedoms, since it carries with it duties and
responsibilities, may be subject to such formalities, conditions,
restrictions or penalties as are prescribed by law and are necessary in
a democratic society, in the interests of national security,
territorial integrity or public safety, for the prevention of disorder
or crime, for the protection of health or morals, for the protection of
the reputation or the rights of others, for preventing the disclosure
of information received in confidence, or for maintaining the authority
and impartiality of the judiciary."
Paul Herring
[...]
I have never suggested Okopipi uses DDoS.
Au-contrare. On the 5th of December you posted the following:
4. The only effective way against the spammers so far was the Blue
Security way. You can name their method in any nice way you want but it
was DDOS. Unfortunately they were fighting for the money, NOT for the
Idea and therefore they failed as soon as the money was gone.
5. Using DDOS is like using a gun, it is never good. I am NOT an
admirer of DDOS. Yet, show me another EFFECTIVE way...
If that's not suggesting Okopipi uses DDoS, I don't know what is...
Kirk Z Bailey
lock key... If server A goes down, ne1 takes notice and starts serving
the hard path to server B.
And ns2 is watching ns1 from a very different address. If ns1 goes down,
it becomes active.
But in the end, you are talking about an organized crime. Exactly what
we are all upset about, but in this case not organized spamrime, but
DDoS crime. I understand the motive, but I want nothing to do with it.
So what progress is made on the distribuited server model for bluefroggy2?
--
end
Very Truly yours,
- Kirk Bailey,
Largo Florida
kniht
+-----+
| BOX |
+-----+
think
Kirk Z Bailey
You are hereby served notice to prepare to pay tribute.
--
Mosinu
be done with DNS. Can you explain what your talking about here or reply
with just the relevant quoted text to make it a little easier to figure
out what your replying to.
Thanks
Kirk Z Bailey wrote:
> yOU CAN DO THIS WITH A CUSTOMIZED NAMESERVER HANDLING THE TASK. dam caps
> lock key... If server A goes down, ne1 takes notice and starts serving
> the hard path to server B.
>
> And ns2 is watching ns1 from a very different address. If ns1 goes down,
> it becomes active.
>
> But in the end, you are talking about an organized crime. Exactly what
> we are all upset about, but in this case not organized spamrime, but
> DDoS crime. I understand the motive, but I want nothing to do with it.
>
> So what progress is made on the distribuited server model for bluefroggy2?
>
>
>
Kirk Z Bailey
whacking it with a request for a very small standard test page once a
minute. the page should be standardized so it can test content to see
that it conforms to the stock copy on hand. If the pinged server drops
the ball or times out, the DNS server starts serving that hard address,
and starts serving that of a totally different server elsewhere on the
net for a while. It also pings the original server infrequently to see
if it is back up again. When it is, it reverts back.
Each web server in this daisy chain of life mirrors the master pattern,
which is served on a master server never directly accessed by the world,
only by the units in the daisy chain. Each server btw is referred to as
a frog pond, as it is a p[lace of life for froglike applications.
Meanwhile, a second DNS server is watching the first one, same method.
If the server fails, IT takes over. This can be extended several layers
deep. In fact, it can be a circular chain. If the switch from attacking
box 1 to box 2, box 3 takes over, then box 4- and when box 1 recovers
it's wind, it can go to monitoring box 4. When box 4 fails, box 1
resumes service. Now attacking and crushing 4 totally separate boxes on
4 totally separate hosts should tax even Ivan the terrible's resources,
if the 4 boxes are on major pipe using server farms. Not exactly
distributed serving, but deeply redundant backup in a daisy chain of
life. Each box can be a webserver, and a NS server, as well as a frog
pond- new term for a server supporting froggy applications. Knock THAT
out... and we add another box someplace else, and it get's harder. WE
can mount enough power in time to make Ivan drop a gonad trying to life
the load demanded to bring it down.
Let's get aggressive. And unlike launching a DNS attack on Ivan, this is
legal. We can raise the dead with a totally new form of THE FROG, this
time a blue Mongolian horde.
Mosinu
it wouldn't hold more than an hour before it fell over. If it were
really that simple, everyone would have done it, though I wish it were.
This is something similar to a fail over system, and while it might
work for the inital attack once it started to cut over to fall back
servers they would get hammered as would the primary. This would also
give out the IP address of our servers, and DNS would be of no value.
The other problem is the site hosting for a place that has a setup to
deal with a true DDoS cost a lot of money. This is something we don't
have and won't get without corporate sponsors. We will not be able to
get corporate sponsors as long as people continue to suggest we partake
in illegal methods.
The P2P model is really probably our best bet to deal with DoS. This
removes all central points that can be attacked. He can attack clients
all day long, but he wouldn't have any single target to go after just
hundreds/thousands of little ones. Taking out one doesn't affect the
network.
It is late, so I may have read your suggestion wrong. I will reread it
again in the morning when haven't been buried under a ton of work all
day.
Kirk Z Bailey
Mosinu wrote:
>
> If you mean this as a way to protect Okopipi servers; while creative,
> it wouldn't hold more than an hour before it fell over. If it were
> really that simple, everyone would have done it, though I wish it were.
> This is something similar to a fail over system, and while it might
> work for the inital attack once it started to cut over to fall back
> servers they would get hammered as would the primary. This would also
> give out the IP address of our servers, and DNS would be of no value.
>
> The other problem is the site hosting for a place that has a setup to
> deal with a true DDoS cost a lot of money. This is something we don't
> have and won't get without corporate sponsors. We will not be able to
> get corporate sponsors as long as people continue to suggest we partake
> in illegal methods.
True, which is why I favored something like this INSTEAD of the illegal
methods employing a counter DDOS approach. This is legal, and simply
makes the task so much harder for the spammer.
SaintAlvus
about a thousand sites that have quoted my quote from the Bash qdb...
anyways.
Paul Herring
Sorry - did you want me to change it? :)
Half-Mad
Mosinu wrote:
...
> As for Half-Mad's comments...once you start the attack, the damage is
> done mate. Stopping it doesn't mean they didn't suffer from your
> mistake. How would you make it up to Aunt Jeannie for taking down her
> little knick-knack site because you made a mistake? You going to pay
> for the damages each time you mistakenly take down a site? How are you
> going to explain this to a judge when some of those innocent sites
> press charges?
>
DoS is easier than a shotgun to the spammers head. You don't have to
physically find the spammer for the DoS attack.
Sucks to be Aunt Jeannie.
Half-Mad
Jack shit has happened.
If you don't like DoS attacks, then make a nice little program to fix
the spam problem.
Kirk Z Bailey
Spam won.
Sigh...
--
cybercod
Now, every time I get a spam that has a reply email somewhere down in
the message, I add it to a email group that I call Spammers. When I
get a piece of spam that makes it past the spam filter (i currently
have over 3000 in the bulk folder of yahoo mail) I forward it to the
entire Spammers group, changing the subject line to something like
"Sure, sign me up"
Now the spammers are getting their spam returned, and all the other
spammers spam too. Its a few more clicks than just hitting the SPAM or
DELETE button, but I get so much satisfaction out of it. By doing so,
I've just wasted a moment of their life just like they do to us.
There's a lot of spam that doesn't have any place to reply to... and if
you reply to the originating email address you're probably just going
to hit a dead account or a bot controlled account. When they're
fishing, they have to have an address that they check for bites. Thats
what I forward to.
If more people get in this habit, I think we can be a thorn in their
side. And all they can do is throw more spam, ahem... I mean ammo, at
us. It doesn't take any special software or a DOS attack. It doesn't
break any laws that I know of.
Its just vengeful. And that suits me fine.
Hope you all join in... this project is obviously dead. Maybe a little
passive-aggressive tactic like this is what is needed.
Any comments?
Kirk Z Bailey
get lots of harassment. I was joejobbed a year ago, and was getting lots
of complaints about spam that CLAIMED to come from a domain I own.
Anylizing the headers it was clear it was coming from a site in Korea.
Another time it came from a young wet behind the ears, idiot on road
runner in California- who now is without service, thanks to myself and a
diligent friend who is my webhosting provider.
Spammers do not normally reveal how to REALLY contact them. The replyto
or from addres is either faked, or is an alias which feeds directly to
the bit bucket (/dev/nul).
Only the most amateur really reveal who they are and give a working
email address you can contact them at.
They don't want harassment or spam you see...
--
killabytes
On Jan 26, 11:01 pm, "cybercod" <cyberneticcodf...@yahoo.com> wrote:
> Well, I've decided to use the spammer's own methods against them.
>
> Now, every time I get a spam that has a reply email somewhere down in
> the message, I add it to a email group that I call Spammers. When I
> get a piece of spam that makes it past the spam filter (i currently
> have over 3000 in the bulk folder of yahoo mail) I forward it to the
> entire Spammers group, changing the subject line to something like
> "Sure, sign me up" <---------permission in case you're missing what I'm saying below
>
This is why you get so much spam, you're signing up for their lists
and giving them permission to send it to you
> Now the spammers are getting their spam returned, and all the other
> spammers spam too. Its a few more clicks than just hitting the SPAM or
> DELETE button, but I get so much satisfaction out of it. By doing so,
> I've just wasted a moment of their life just like they do to us.
> There's a lot of spam that doesn't have any place to reply to... and if
> you reply to the originating email address you're probably just going
> to hit a dead account or a bot controlled account. When they're
> fishing, they have to have an address that they check for bites. Thats
> what I forward to.
>
Instead why not forward it to your government agency that's setup to
enforce spam? They can't enforce a law if they don't even know the law
was broken or who the victims are and not having any evidence....just
a thought.
> If more people get in this habit, I think we can be a thorn in their
> side. And all they can do is throw more spam, ahem... I mean ammo, at
> us. It doesn't take any special software or a DOS attack. It doesn't
> break any laws that I know of.
>
All that would do is create more spam....for you and the internet as a
whole.
> Its just vengeful. And that suits me fine.
>
if you want revenge then sue them, in the U.S. you can get $1500-
$10,000 per e-mail they send unsolicited. Aus is another although I'm
not quite sure how their laws and court system works but seems to be
working there.
> Hope you all join in... this project is obviously dead. Maybe a little
> passive-aggressive tactic like this is what is needed.
>
nope, no thanks, don't want more spam.
> Any comments?
>
No comment ;)
Paul Herring
> cybercod wrote:
> > Well, I've decided to use the spammer's own methods against them.
> >
> > Now, every time I get a spam that has a reply email somewhere down in
> > the message, I add it to a email group that I call Spammers. When I
> > get a piece of spam that makes it past the spam filter (i currently
> > have over 3000 in the bulk folder of yahoo mail) I forward it to the
> > entire Spammers group, changing the subject line to something like
> > "Sure, sign me up"
>
Cybercod isn't taking the from address. They're taking a contact
address from the body of the mail.
[...]
> Only the most amateur really reveal who they are and give a working
> email address you can contact them at.
>
> They don't want harassment or spam you see...
.. then again, most spam doesn't have such a contact email address -
just a website usually.
--
PJH
#706281 +(1868)- [X]
TriPod11: bush ain't THAT bad...he kinda knows what he's doin
idaredbeet08: Please, Monica Lewenski had more President in her than
George Bush ever will.
cybercod
for people to give them their bank account and personal info. They
HAVE to have a return address somewhere, or else their little con has
no way to pan out. And it must be an address that they check.
So, either read a post and do some thinking before replying, or don't
reply. In either case its the thinking that is important
No one in here seems to be doing squat. At least I am doing
SOMETHING. And no, I'm not going to try to bring a lawsuit against
some unknown entity that probably exists outside of my country which
will likely dissapear before the first subpoena arrives. Thats just
time-consuming, most-likely costly, and ineffectual. I swear, the
Dudly Do-Right attitude of some people just gives me a migraine. "Oh,
you'll hurt the net more" Boo hoo. Like forwarding one email to 10
spammers is gonna compete with the nonsensical bull people are
watching on YouTube, for either drain on the net or bandwidth
requirements.
I tell you what I think.... I think all you negative thinking jerks in
here are working for the other side. I think that is why this project
is dead.
Don't bother replying, I'm unsubscribing from the forum. This place
is deadsville and its all the "CAN'T DO" people who killed it.
Scott Thompson
that they can sell to other spam lists for $$ and you get even MORE spam
because it says that you actually read them. Isn't that like shooting
oneself in the foot to teach someone else a lesson? (Hmm, my foot hurts
now, that will teach you a lesson??)
-----Original Message-----
From: okopipi...@googlegroups.com
[mailto:okopipi...@googlegroups.com] On Behalf Of cybercod
Sent: Friday, January 26, 2007 10:01 PM
To: okopipi-discuss
Subject: [okopipi-discuss] Re: It has now been six and a half months.
cybercod
On Jan 29, 8:18 am, "Scott Thompson" <sthomp...@advancedwireless.com>
wrote:
> And you just sent them back an email address that is known to be good
> that they can sell to other spam lists for $$ and you get even MORE spam
> because it says that you actually read them. Isn't that like shooting
> oneself in the foot to teach someone else a lesson? (Hmm, my foot hurts
> now, that will teach you a lesson??)
Yeah yeah sure, It will never work. You're probably right.
Except that you're not.
I already got a reply from one of them. Care to see what they wrote?
I admit its manglish... mangled english, but that just proves I was
probably correct in assuming that it is from a foreign country. (or
the person is just stupid)
Below was the email I received from him/her
-----------------------------------------------------------------------
-----------------------------------------------------------------------
-----------------
Subject: TALK ABOUT DEAL AND STOP SENDING ME MAIL,IF YOU WANNA DEAL
AND IF YOU DONT ?
Date: Mon, 29 Jan 2007 04:03:05 -0700
helllo i heard you And see that you are far too much than ordinary
person
,can we deal or what?i need us to deal?we can deal together and make
money
together if you know you wanna deal?please message me back and let
deal?i
can give you my phone number so we can talk on deal,.?ok
-----------------------------------------------------------------------
-----------------------------------------------------------------------
-----------------
I dunno, sound's pretty desperate. This was from the address that was
contained within the email, not the reply-to email address. He's
probably only gotten 10 or 12 from me since I put him on my Spammers
list.
I don't care what you think about it. I'm continuing my little
experiment. I was ready for a new email address anyway. I shall
offer this one up to the bonfire of the digital public good.
A word of advice to anyone else trying this, make a new email address
and message the people you wish to have that new address from your old
one, to let them know the change. Cuz if you get tanked, it would be
nice to keep your important contacts.
Not too sound like too much of a vigilante, but this is something that
is bigger than any one government can handle, and a little too trivial
to bother the United Nations with. I mean seriously, they got bigger
things to deal with, like overpopulation, oil, famine, global warming,
and war. Do you really think our junk mail is something they need on
their todo list? Do you really think any one government is going to
do something about it? Or even could?
Face it folks, its up to us.
We either fight back, or you may as well go ahead and do what the spam
tells you to do and get your penis enlarged. Cuz it seems like you
need something, since you got no balls.
I did what I said I would, I unsubscribed, but seeing this spammer's
response I decided to share it with you guys. Only to come back and
see exactly what I thought I would. A bunch of sniveling whiney
cowardly comments. "Oh, you'll get more spam!" "They're going to
get you!" "You can never win!"
Do you know how hard it is to get a new address? Its not.
You deserve to live in the hell you do not fight to escape.
-=COD OUT=-
PS. No I don't read spam. I simply look for an email address in the
body of the spam, I add that address to my address book in a category
called "spammers". I then forward that piece of spam to the entire
group "spammers" If there's no email address, and its pretty easy to
guess which ones will have one, I just forward it to the group
"spammers" then I mark it as spam. If I don't feel like it at the
time, I just mark it spam. And when I'm feeling really enraged with
spam, I go into my bulk folder, which usually has about 3000 bullets
in there, and I can fire at will til I feel better.
P.S.S.
If you dont have a better idea, just shut up.
cybercod
On Jan 29, 8:18 am, "Scott Thompson" <sthomp...@advancedwireless.com>
wrote:
> And you just sent them back an email address that is known to be good
> that they can sell to other spam lists for $$ and you get even MORE spam
> because it says that you actually read them. Isn't that like shooting
> oneself in the foot to teach someone else a lesson? (Hmm, my foot hurts
> now, that will teach you a lesson??)
cybercod
On Jan 29, 8:18 am, "Scott Thompson" <sthomp...@advancedwireless.com>
wrote:
> And you just sent them back an email address that is known to be good
> that they can sell to other spam lists for $$ and you get even MORE spam
> because it says that you actually read them. Isn't that like shooting
> oneself in the foot to teach someone else a lesson? (Hmm, my foot hurts
> now, that will teach you a lesson??)
cybercod
On Jan 29, 8:18 am, "Scott Thompson" <sthomp...@advancedwireless.com>
wrote:
> And you just sent them back an email address that is known to be good
> that they can sell to other spam lists for $$ and you get even MORE spam
> because it says that you actually read them. Isn't that like shooting
> oneself in the foot to teach someone else a lesson? (Hmm, my foot hurts
> now, that will teach you a lesson??)
cybercod
her response to that?
-----------------------------------------------------------------------
-------------------
Subject: yes,let talk about dealing as i am not ready to do a scam
business with you but
Date: Tue, 30 Jan 2007 05:54:13 -0700
Body of message:
-----------------------------------------------------------------------
-------------------
OK
>Subject: Re: TALK ABOUT DEAL AND STOP SENDING ME MAIL,IF YOU WANNA
DEAL AND
>IF YOU DONT ?
>Date: Mon, 29 Jan 2007 16:17:48 -0800 (PST)
>
>
>stop sending me mail, and take my address off of
>any address lists you have and I'll stop sending
>you mail. thats the deal.
>take it or leave it.
>
>I can make fake email addresses too so I can
>annoy you with the same tactics you use against
>me.
>
>I am not gonna fall for scams, just give up.
>
>When I have your promise that I won't receive
>email from you anymore, I will take you off my list.
>
-----------------------------------------------------------------------
----
Gee, seems everyone hates spam. Even spammers.
cybercod
wrote to him. Sorry about that.
cybercod
Just so you know, I have been getting more spam... or more accurately,
more spam signups. It seems the spammers are signing me up for stupid
newsletters and such, which is fine, because their first message is
always to see if it was really you who signed up, which it wasn't.
So, the spammers are wasting time filling in forms to send me spam
from someone else other than themselves because they don't want me
sending spam back at them. It takes much more time for them to fill
in forms than it does for me to unsubscribe to their little tricks.
Its actually quite funny.
Also, I've not gotten any Nigerian spam in a couple weeks, and no
phishing spam at all in just about as long.
Im still getting stuff from the morons who think I'm going to take
stock market advice from a piece of spam, and who mistakenly think I
even trade on the stock market.
And the bulk folder is still riding at around 3800.
Perhaps we should make a screensaver DOS application that works like
the Seti@home project, whose intent is to blow up the stupid geocities
spammers.
I know, I know, you don't like DOS. Thats what they killed blue-frog
with though. If you'll remember. Good for the goose, good for the
gander. And this little experiment proves (at least to me) that
fighting fire with fire actually works with these scumbags. It also
proves that these forums are invaded, or at least watched by the
enemy.
So to all of you worthless lowlife scumbag shit-for-brains scamming
spammers who are watching this little group, i give you a hearty "F U
C K Y O U" Get a job, get a life, and get a clue. We hate you,
and we're fed up. Oh, and if we find you.... you just better hope we
don't find you.
If we find you, if your cover is blown, you're looking at dealing with
mob mentality. And you can't reason with a mob. Your very life may
be in danger. Not that you have a life. Sleezeball. Take what money
you're making in the spam business and invest it in some kevlar body
armor, and an education so you can learn to do something meaningful
with your life. I wouldn't give you the sweat from my balls to drink
if you were dying of thirst.
To everyone else, have a great day!
David Eckert
--
-David W. Eckert
cybercod
new signups for newsletters, and I've been doing all my site
registrations (for non essentials) with 10-minute disposeable email
addresses. And the important ones, with my new address.
go figure
On Feb 11, 11:33 am, "David Eckert" <davy20...@gmail.com> wrote:
> Actually the signups I think are automated.
>
Scott Thompson
human is sitting there entering his email address into forms so he gets
newsletters. Meanwhile, the actual spammers are having a lot of fun
collecting his email address as a known good address and selling it for
money. He also thinks that by doing DOS attacks he's hurting the
spammer... when in actuality, it's just a ton of people that know
nothing about computers that have had their computers made into zombies
for the spammers because they haven't patched their computers.
Its time to move on people. This project is dead. There are many good
filters out there that for the most part screen out the crap very well
and cost nothing. Even the junk filter in Outlook captures about 95% of
the spam. I rarely have any issues with spam even though I get over 200
a day. I have to delete about 2-4 that miss my filter. Not a big deal.
-----Original Message-----
From: okopipi...@googlegroups.com
[mailto:okopipi...@googlegroups.com] On Behalf Of David Eckert
Sent: Sunday, February 11, 2007 11:34 AM
To: okopipi...@googlegroups.com
Subject: [okopipi-discuss] Re: It has now been six and a half months.
Michael
On Feb 12, 9:21 am, "Scott Thompson" <sthomp...@advancedwireless.com>
wrote:
> Do you really think he'll listen to you? He actually thinks some dumb
> human is sitting there entering his email address into forms so he gets
> newsletters. Meanwhile, the actual spammers are having a lot of fun
> collecting his email address as a known good address and selling it for
> money. He also thinks that by doing DOS attacks he's hurting the
> spammer... when in actuality, it's just a ton of people that know
> nothing about computers that have had their computers made into zombies
> for the spammers because they haven't patched their computers.
>
> Its time to move on people. This project is dead. There are many good
> filters out there that for the most part screen out the crap very well
> and cost nothing. Even the junk filter in Outlook captures about 95% of
> the spam. I rarely have any issues with spam even though I get over 200
> a day. I have to delete about 2-4 that miss my filter. Not a big deal.
>
> -----Original Message-----
> From: okopipi...@googlegroups.com
>
> [mailto:okopipi...@googlegroups.com] On Behalf Of David Eckert
> Sent: Sunday, February 11, 2007 11:34 AM
> To: okopipi...@googlegroups.com
> Subject: [okopipi-discuss] Re: It has now been six and a half months.
>
> Actually the signups I think are automated.
>