Lycos Anti-Spam Site Compromised [Updated] 520
An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" Update: 12/01 15:07 GMT by T : According to Lycos, the defacement reports were actually just a hoax.
Lad Vampire unaffected (Score:5, Informative)
This link still works (Score:2, Informative)
http://download2.makelovenotspam.com/screensavers
MD5 sum as of 11/26 (Score:5, Informative)
Re:"Fighting" spammers (Score:4, Informative)
Vigilante style justice does not always work out. For one, you open yourself up to illegal attacks from them, too.
If I legally took a spammer to court and if he DDoSed me, it would only strengthen my case. I have the legal recourse to support my stand.
However, if you did something like what Lycos did, what're you going to tell the judges? They hacked me for hacking them?
As much as I'd love to see spammers get kicked in the nuts, this is not the path to take. It makes us no different from them.
legally (Score:1, Informative)
The screensaver put my processor usage up to 100% though, so I stopped using it after one day.
Re:This link still works (Score:3, Informative)
Hash: SHA1
OSX version of the screensaver downloaded on the afternoon of 26th
November, compared to download just now (second checksum for reference,
download it yourself as a hedge against a compromised server giving back
good data to hosts known to have already downloaded the file).
Lines wrapped to reduce mangling.
- -rw-r--r-- 1 aqua staff 1120108 26 Nov 14:19 \
ea8c53d0fb0f30faf
- -rw-r--r-- 1 aqua staff 1120108 1 Dec 00:41 \
Desktop/MLNS_screensaver_en.dmg
ea8c53d0fb0f30fa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBrYfGU5XKDemr/NIRApqmAKDXGuZG5gWvp/9QS7d
+fP7YMmg3DwVFCspiLqze+g=
=4LKC
read again (Score:2, Informative)
The point of this screen saver is to increase the running costs of those website.
Who do you believe?
Re:There we go again... (Score:5, Informative)
The following are clearly completely untrue:
All the rest are HIGHLY unlikely to be correct. For instance you suggest this is illegal by selecting several options, yet you haven't pointed to any laws outlawing it.
Re:obligatory (Score:2, Informative)
Re:An alternative and legal idea (Score:3, Informative)
Wrong. (Score:4, Informative)
"The sites targeted will come from blacklists generated by Spamcop and other anti-spam organizations"
http://www.spamfo.co.uk/News/Software/Lycos_ant
From a previous news article I had read lycos is just making it available to download, and marketing it so to speak, but another company developed it, and im guessing since the site is down/comprimised,and that you can not access the black list its hosted somewhere other then lycos. But I could be wrong.
Re:Not at all (Score:3, Informative)
Can anyone in the U.S. who is getting the h4x0r3d message verify this IP?
Querying a U.S. DNS server and a European DNS server yeilds the same result:
Both have the same Authority Section as well:
Does anyone know of a DNS server that yeilds something differnet?
Re:Not at all (Score:2, Informative)
If someone else can pull the whois information and verify that as well?
person: Jimmie Clareus
address: Softroom GDC
address: Box 1088
address: S-161 02 BROMMA
address: SE
e-mail: jimmie.clareus@softroom.se
phone: +46 8 410 22 600
mnt-by: DGCSYSTEMS-MNT
nic-hdl: JC2251-RIPE
Some ISPs DO detect and block owned PCs (Score:3, Informative)
He downloaded and ran it. That problem was solved. Shame he didn't realise that there were other viruses in there too (or wasn't told that there might well me). Still, it's more than many ISPs do...
Tracing web page sources (Score:1, Informative)
Anybody can write a message like that. The interesting part is not what the message says, but where it comes from.
Try finding out exactly what URL you are looking at, and preferrably also what IP address the server name resolves to (in case someone has messed with the DNS). Then fetch a copy of the page, HTML and everything, using wget or some similar tool. Examine it offline, perhaps using a browser with a non-contaminated cache, to determine if the message is indeed found in that page.
I have always considered page visit counters evil. Even more so when they come as inline images, from an external site. It's ten o'clock. Do you know where your inline images are?