One Man's Fight Against Forum Spam 245
JWSmythe writes "Free Internet Press has an interview with 'Random Digilante,' an anonymous hacker who has been taking over forum spammers' email accounts, and notifying forum operators to delete those accounts. It looks like his reasoning is sound, and his methods are safe, where he won't hurt any real users."
Re:Illegal (Score:5, Informative)
He’s thought of that already, and seems to have his case made. RTFA.
RD: If I were taking over an account that was created by a human being who actually cared to contribute to my forums, yes that would be illegal.
FIP: Are you concerned about the possible legal consequences of your actions?
RD: Here is the reasoning I use, and I know that a lot of people argue it.
Especially now that I have a few dedicated forums whose only reason for existing is that they capture the login credentials of forum spammers, my feeling is that they're not people, they're robots. Xrumer [a forum spamming software] is a 100% automated process. The human has to set up the email address where the responses get sent for things like confirming your account by clicking on a link, but everything after that is done by the software. No human being is harmed by what I do, only a piece of software. If they cared, they would pay attention to the fact that these accounts are getting taken over very regularly by me. They don't. They just set up new accounts and start over.
It's hard to feel "bad" about taking these accounts over. All I can tell you is that I have never taken over any account that was not very obviously being solely used repeatedly to auto-register to forums. In fact by the time I get to them it's obvious that the spammer only set them up from 1 - 6 days prior to me taking it over. There are no human-written messages in any of these accounts. I certainly would not have gone so public with this activity if there had been. Only purely automated messaging has ever been present in any of these, and I have enough hard data to back that up.
Basically he claims that since a robot registered the e-mail accounts, you aren’t infringing on any person’s rights.
I doubt that it’d fly, actually, but who knows.
Re:Predicted future news: (Score:1, Informative)
In fact only vigilante does time. Remember that only email spam is covered by law, forum spam is not.
I was banned from Free Republic (Score:4, Informative)
I created an account and was banned almost immediately.
They have extremely vigilant forum monitors who will bring the banhammer down for the slightest offense.
My offense? I insinuated that gays might be able to serve in the military just as well as straights.
Re:Illegal (Score:2, Informative)
Unauthorized Access is against the law in quite a few juristictions.
Example "advanced" spam (Score:5, Informative)
Here's a specific example of what I'm talking about. Here is a post made to my forums in July 2010:
You can choose ‘Micro-ATX’ size motherboard for your HP. That limits the possible range of motherboards deals you will find. My advise is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, many choices. It is depending on money and what you want if your building a good rig for gaming multimedia etc and don't buy a case with power supply. Please choose a separate power supply.
Now here is a post from another website made in 2009:
Your HP case (the cheapest part of the pc!) takes a ‘Micro-ATX’ size motherboard.
That limits the possible range of motherboards\deals you will find. (look for a motherboard\processor package)
Now you are already buying ‘a whole new computer’ except the case, why stop there? (unless you want the small form factor)
My advise (thats why your here!) is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, much more choice.
Depending on money and what you want if your building a good rig for gaming\multimedia etc DON’T buy a case with power supply, they are usually sh*t (cheap\unreliable). Choose a case, choose a separate power supply (after research!)
Re:Predicted future news: (Score:3, Informative)
That's exactly what a spammer would say. Spam costs real people real money. Email is already a fairly heavily I/O bound process, especially at volume. I've seen spam floods kick a server from a load of 2 to a load of 15, and banning the sending IPs dropped the load immediately, but only once we figured out it was email that was causing the issue. After that incident, that became the first thing I'd check, if it weren't completely obvious that it was a problem account on the server (I was an admin at a web hosting company at the time).
The majority of my day as spent dealing with spam, either incoming or out going, sometimes from hacked accounts and other times from "email marketers" who would get entire /24's entered in spamhause and then keep legitimate email from being processed. That included personal correspondence, and a lot of times business mail from customers on vps or dedicated servers, who just happened to have the misfortune of having an IP in a block that got a bad reputation because of some douchebag.
Then, those people call into support, who of course can't do anything about it except come bother the admins. Then we have to find a new IP address that hasn't been tainted, reconfigure the mail server to use it, waste an IP in the process, and hope to stop the cause of the issue and get the old IP de-listed before we have to start all over again.
Spammers should be drawn and quartered. They are the worst, most vile people ever. If Francisco Franco molested baby kittens, he'd still not be as bad as a spammer.
Re:I was banned from Free Republic (Score:3, Informative)
Many sites develop groupthink. Slashdot certainly isn't immune.
Free Republic takes it to a higher level and eliminates any dissenting voices by deleting their posts, banning their accounts from posting, and logging their IP address so that future accounts created at that IP are automatically banned.
Forum spam is a different story, of course. But the thinking behind it is the same. These are posts that are not welcome on this site, therefore we must eliminate them.
Of all the sites I've visited, Slashdot (and perhaps Kuro5hin) has the best system. Posts are never deleted, and even posts modded to -1 can still be read by those interested. There is the pink page of death and other nasty bits that I think /. could get rid of, but on the whole this site caters to its posters very well.
That said, the groupthink is still very obvious.
Re:Illegal (Score:1, Informative)
And then when people claim that they were in fact the ones registering the accounts, they can stand before the court with 2000+ charges against the CAN-SPAM act.
CAN-SPAM was quite specific to email spam, this guy is dealing with forum spam, which in and of itself is actually legal (although some of the content of those spam messages might not be).
The e-mail being sent (Score:2, Informative)
Re:So silly.... (Score:2, Informative)
Re:One question... (Score:3, Informative)
Surely the bots aren't registrering on his honeypot forums with the same password as is used for the e-mail they use to register.
That's exactly what they are doing.
From what I gather, he's written a program to automatically feed suspicious looking e-mail addresses into and check the the registration password/e-mail combo to see if they are using the same for both the e-mail address and the forum software. If there it is a successful combination, it flags and suspends the account.
Dunno if that is 100% correct, but that's what I've gathered (I have not RTFA either)