Forgot your password?
typodupeerror
Spam

Porn Spam using Slashdot.org name 242

Posted by Hemos
from the time-kill dept.
I've gotten a lot of mail, and seen this submitted - a porn site has sent mail using the Slashdot.org name, purporting to be Slashdot.org. They are not. We don't, and will not send mail out using your name. Click below for the full text of the message that was sent out. Update: 06/17 12:56 by H :Current going theory (thanks to Mark Rietman) is The list is the one maintained at distributed.net. This is because they used my distributed.net@rsoft.demon.nl adress (which i never use anywhere else). It's a list open to public (team stats-page --> memberslist) Update: 06/17 01:09 by CT : I just wanted to apologize. I'm getting a lot of hate mail, and I just want to reiterate that we didn't do this, and that I wish bad things would happen to the bastards who did this. I consider forging email to be among the worst of all net.crimes. And don't visit the site or you'll just encourage these pricks.

[TEXT OF MAIL FOLLOWS]

"X-Received: from pony-1.mail.digex.net (pony-1.mail.digex.net [204.91.241.5]) by groucho.med.jhmi.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) via ESMTP id AAA56584 for ; Thu, 17 Jun 1999 00:14:26 -0400 (EDT)

X-Received: from zamboni.mail.digex.net (zamboni.mail.digex.net [204.91.99.98])
by pony-1.mail.digex.net (8.9.3/8.9.3) with ESMTP id AAA14165
for ; Thu, 17 Jun 1999 00:11:07 -0400 (EDT)

X-Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
by zamboni.mail.digex.net (8.9.3/8.9.3) with ESMTP id AAA01690
for ; Thu, 17 Jun 1999 00:11:06 -0400 (EDT)

X-Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
(post.office MTA v1.9.3b **** trial license expired ****)
with ESMTP id AAA224 for ;
Thu, 17 Jun 1999 08:08:50 +0400

X-Received: from ras5.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1458.49)
id MQ9VDG1N; Thu, 17 Jun 1999 08:08:00 +0400
From: "slashdot.org" To: Date: Thu, 17 Jun 1999 08:07:52 +0300
Subject: Dear Member of slashdot.org (eisen@access.digex.net)
Reply-To: support@slashdot.org
Organization: slashdot.org
Content-Type: multipart/mixed; boundary=XX0BFF0BCE-00350BFFXX
X-Priority: 3
ReSent-From: Halmonster ReSent-To:

This is a Multipart MIME message. Since your mail reader does not understand this format, some or all of this message may not be legible.

--XX0BFF0BCE-00350BFFXX
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hello dear member!
Slashdot.org offer you new service of overclocking your operation system (w=
in95/98/NT/linux/mac=20
and more)
For more information please visit http://join.at/freepc CT:DO NOT CLICK THIS LINK! ITS A PAGE OF DAMN BANNER ADS! THIS IS A SCAM!
We always think about You

------------------------------------------
This message was sent to you by
Name: slashdot.org
Email Address: support@slashdot.org
IP Address: ras5.icp.rssi.ru
------------------------------------------

Using Aureate Group Mail Free Edition
Find out more about this product and try it=20
for free at: link
--XX0BFF0BCE-00350BFFXX--
"

This discussion has been archived. No new comments can be posted.

Porn Spam using Slashdot.org

Comments Filter:
  • After looking at the site in question, a slashdot effect would not help any, as the person who sent the spam is trying to get people to click on the links. For every link that you (everyone in general) click, he gets a small amount of cash through "click through" type services. There is no easy way to deal with these types of idiots. Unless the owners of /. are willing to sue, the idiot can go on using the slashdot.org domain forgeries in the headers. (atleast until certain laws become official, however long that will take).
  • I'm not going to visit it myself, but that link is probably full of revenue raising ad banners. So if we attempt to slashdot that site we'll just be making the spammer money...
  • Well you have a point. But if they are really any good they won't get caught. It's not as if they're breaking into the Pentagon or something.
  • If you get a billion people to come to your page, you suck unless you can get them to come back.

    Those people are morons because they may get a ton of hits, but most people would get offended and not come back. They have done nothing for their site, except make a reputation.

    Phht!
  • Please don't do this. Just because you have a lot of extra bandwidth to spare doesn't mean every link between yours and the target does, too. Most of the people who would actually incur damages if you do something like this are innocent.
  • War Stuff
    Uncle Target was used by artillery spotters in
    www2 to identify a target that should be targetted
    by all guns that could range on it. The German
    breakout of the Falaise Pocket was one of a few
    called in www2.
    Enough history. I have www.intra.ru firmly in my
    sights ... how bout you?

    CC
  • Willing to sue? Considering that it appears to originate in Russia, you might be able to file something here in the States, but how would you ever get anything effective out of it? I realize that the US policy towards the internet seems to be misguided at times, but can the situation be any better in Russia? Do you think they honestly have the resources to legally (ie lawsuits, courts, etc) fight spammers like we do here in the US?
  • Given that the owners of slashdot intend this as a business concern (they make money, right?), I think an argument could be made that their slashdot trademark has been violated and their reputation has been damaged. If they had registered slashdot as a trademark, they'd have a much better case, but I still think they have a case. Sue them.
  • >> so how did it get *my* address?

    so it was an early morning theory... i was wrong.

  • by Anonymous Coward

    The concept of anonymnity is the problem that makes spam possible.

    No futher comment required.
    /.

  • 'spam proofed'? it should be pretty easy to write some regexs that remove that 'proofing'.

  • by jd (1658)
    Remember the spam recycling place, and it's $5 CD voucher? What'd happen if everyone getting the e-mail mass-forwarded that spam to them? It might get them off their duff and DOING something, if they suddenly get 100,000 spams with forged content.
  • If you don't email him, be sure to give him the gift of the infinite ping...
  • I mean, look it up on Everything (everything.blockstackers.org, of course).
  • but that spread-legged penguin is kinda sexy!
  • Oh come on! It was immediately obvious that Rob would never allow the e-mail addresses to be used for this kind of crap.

    Anyone who's read slashdot for more than two hours should have realised it immediately.

    My initial response was "oooh, he's in for a bad life" (he as in the spammer).
  • Oh, I do smite the scum most heinously. It would just be nicer never to see it.

  • We can easily look for 'Alex Gurry' with any online search (assuming Alex Gurry is the real name of the person responsible). I found an Alex Gurry in Keansburg, NJ. I also found a couple more named 'A. Gurry'. I have the addresses and phone numbers, but I'm not willing to bet that any of these people are actually the spammer...
  • Looking at the headers in the spam I got, I returned it pretty hard to the guy. From the headers, it looked like the guy used some kind of point and drool warez program.

    Why people spam is beyond me. What would motivate someone to do something so sensless? It costs them money and does not gain worthwhile friends. Is it the same motivation that drives serial killers?

    Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
    by Edison.EBICom.Net (8.9.1a/8.9.1) with ESMTP id XAA14816
    for ; Wed, 16 Jun 1999 23:11:04 -0500
    Message-Id:
    Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
    (post.office MTA v1.9.3b **** trial license expired ****)
    with ESMTP id AAA207 for ;
    Thu, 17 Jun 1999 08:08:46 +0400
    Received: from ras5.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange
    Internet Mail Service Version 5.0.1458.49)
    id MQ9VDG1J; Thu, 17 Jun 1999 08:07:56 +0400
  • At work, I access slashdot a few times a day to keep up with Geek News. I've explained a few times that slashdot has nothing to do with "Slash" erotic fiction.

    This probably won't help . . .
  • Plus the stereotype of geeks drooling over porn sites while sitting in their rooms, hence they are actually targetting potential customers (the validity of this assumption is, of course, open to debate). Dunno where they got the addresses from, though; I haven't been mailed and my email address is non-munged.
    --
  • by Anonymous Coward
    This is the sorriest excuse for a porn site I have EVER seen. What with all the nerdy news stories and polls without enough options, I haven't found one decent nudie pic...I feel so cheated. Gotta admit, though, that Cmdr. Taco would be a great name for a porn star...
  • Dont "Just Hit Delete"[tm].

    You must decode the headers, and hunt them down. Spammers hate losing their net access. Usually there's a dialup, a web page and a drop box at the very least.. make sure you whack all three for max karma bonus.

  • by drwiii (434)
    X-Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru (post.office MTA v1.9.3b **** trial license expired ****)

    You think they'd at least register their software...

  • Technicly nothing new about this.
    I know a lot of you are not going to believe it when I say AoL and Microsoft are both against spam however both have publicly come out against spam simply becouse they are fed up with it.
    A lot of companys that are against spam have had the missfortune of having a spammer clame to be (in some way) a part of the organisation in question and people quick to judge lable them as prospam and of course we all want to believe all things evil of Microsoft and AoL mostly becouse it is usually true.
    Spammers will never admit the true idenity of the spams source. Any clammed supporter is yet annother victom...
  • >> I hope /. isn't selling their "members" names for $$$.


    If they were, don't you think it would be to some internet technology related company and not a porn site?


    Really, i don't think they are.

  • Shall we romp though my lovely copies? Let's go!

    >From support@slashdot.org Thu Jun 17 19:57:36 1999
    >Return-Path:

    We can ignore these lines.

    >Received: from localhost (tygris@localhost [127.0.0.1])
    > by tygris.strw.org (8.9.3/8.9.3) with ESMTP id TAA00173
    > for ; Thu, 17 Jun 1999 19:37:58 -0400

    FYI: tygris.strw.org doesn't exist, it's really a dialup from Erols.

    >Received: from pop.erols.com
    > by fetchmail-4.6.3 POP3
    > for (single-drop); Thu, 17 Jun 1999 19:37:58 EDT

    Can we say I worship ESR? ;)

    >Received: from mx04.erols.com ([207.172.3.244]) by mta3.mail.erols.net
    > (InterMail v03.02.07.03 118-128) with ESMTP
    > id
    > for ; Thu, 17 Jun 1999 01:42:52 -0400

    From the border server to my pop server.

    >Received: from mx.icp.rssi.ru (mx.icp.rssi.ru [194.85.223.7])
    > by mx04.erols.com (8.8.8-970530/8.8.5/MX-980323-gjp) with ESMTP id
    > BAA06613
    > for ; Thu, 17 Jun 1999 01:42:51 -0400 (EDT)

    From mx.icp.rssi.ru's servers to Erols. Some spammers just connect
    directly to Erols and spew junk there. This isn't the case.

    >Message-Id:

    This tells us one thing: mx.icp.rssi.ru is broken. It should of made
    it's own Message ID tag.

    >Received: from mx.intra.ru ([194.135.182.7]) by mx.icp.rssi.ru
    > (post.office MTA v1.9.3b **** trial license expired ****)
    > with ESMTP id AAA232 for ;
    > Thu, 17 Jun 1999 09:41:11 +0400

    Well, at least it's recording the IP address. However, post.office
    (unlike Sendmail) defaults to relaying, which is a Very Bad Thing(tm).

    >Received: from ras1.icp.rssi.ru by mx.intra.ru with SMTP (Microsoft Exchange
    > Internet Mail Service Version 5.0.1458.49)
    > id MQ9VDJNV; Thu, 17 Jun 1999 09:40:21 +0400

    EW! mx.intra.ru is running non-IP-recording Microsoft Crapware!!!
    Extreemly Bad Thing(tm). What are they running, NT?!?

    >From: "slashdot.org"

    We can start ignoring stuff now.

    >To:
    >Date: Thu, 17 Jun 1999 09:44:07 +0300
    >Subject: Dear Member of slashdot.org (tygris@erols.com)
    >Reply-To: support@slashdot.org
    >Organization: slashdot.org
    >MIME-Version: 1.0
    >Content-Type: multipart/mixed; boundary=XX92BD92BC-008992BDXX
    >Content-Transfer-Encoding: 7bit
    >X-Priority: 3

    [snip]

    >Using Aureate Group Mail Free Edition
    >Find out more about this product and try it
    >for free at: http://www.group-mail.com/1

    Spamware. news.admin.net-abuse.email knew about this and tried to get
    it taken off. I think it may be a good thing to Slashdot the makers of
    this product in your distain against spam.

    More tutorials for the pissed off at Sam Spade's library (via
    http://www.samspade.org).


    ---
    Spammed? Click here [sputum.com] for free slack on how to fight it!
  • Using the /. name in this manner certainly gives /. grounds to sue the perp. There is ample legal precedent, most notably the flowers.com case [mids.org] in which a spammer had to pay over $13K in damages and $5K in legal fees for forging somebody else's domain name in a spam.

    The main reason spammers aren't sued more often is that, their claims of wealth through pyramid scams notwithstanding, their seizable assets usually consist of an old 386 and a pile of chicken bones.
    /.

  • International law is a a joke, at best, and US law does not have any jurisdiction in Russia. It's been obvious for a long time now that the Internet is a society within itself, with it's own governings and rules. Stuff like this will make it interesting to see how the Internet evolves as a culture and a society. How do you set up, and what kind of rules and how do you enforce them in what basically is more of an anarchical system? Or is it the ultimate in democracy? Let the people decide. Or mobocracy, let the people react (as opposed to act).

    One of the stumbling blocks in the way of all this is conceited ideas like a physical government attempting to rule something that extends beyond it's boundaries. What exactly are the boundaries of the Internet? Theoretically, they can extend as far as you can communicate. Want a terminal connection on Mars? It is almost as if there is a seperate unseen (seen, but unseen) world that envelopes our physical one.

    It will be interesting to see how all this evolves and what will happen with it.
  • Of course /. isn't into porn. After all, what site recently posted a story from the 'geeks-should-never-be-naked dept.'?

    I have news for you, Rob. I'm naked right now.

    Okay, maybe not, but... I could have been. :>

    - Darchmare
    - Axis Mutatis, http://www.axismutatis.net
  • >Too bad there are not a US orginization, international law is a myth that exists only when everyone wants it to.

    IANAL, but if they have any U.S. assets or associations, you could probably go after those.

    As for international law being a myth, heck, Russian law is largely mythical these days, unfortunately. :-(
  • Mine is rigged as well and I haven't received it either.

    Typical of the asshole marketers out there. This is unfortunately one of the side effects of the commercialisation of the Net.

  • maybe a little more research would have made this believable... then again, putting their *.ru address somewhere in the body of the message didn't help either.
  • You'd be surprised how many do...

    I used to work at a Pre-Verio ISP and we were blacklisted more than once because of the fact that a) maps.vix.com is nothing more than vigilante justice, and b) no one bothered to do the slightest bit of research.

    We had a customer who direct-emailed about 15,000 people regularly. These were addresses aquired legitimately from response forms and trade shows. These people AGREED to get this email. Yet someone idiot who forgot that this was solicited email told the blacklist people and we lost email connectivity to vast portions of the net for about a week. Had they bothered to call us, or the customer, it would have been explained that it was solicited email. *sigh*

    As someone else has said in this thread, ignore stuff that's not directed specifically to you. I have procmail add a [SPAM] in front of any email not sent to my address, and I never publish my real address. At work I didn't even bother with the [SPAM], every message not directed to me or an alias I deemed interesting was sent to /dev/null without prejudice.

    -Rich
  • Why didn't I get any ? ;-)

    Seriously, I think the headers you posted are clear. Maybe it's some silly prank, or someone trying to show off his ability to "spoof" mailadresses. (Obviously not aware of headers n stuff)

    Message on our company Intranet:
    "You have a sticker in your private area"

  • I didn't look (and I refuse to give them the hit), but the post said that it's a page full of banner ads. That could mean they're not even really selling anything, just trying to collect hits on the ads that they're carrying for other sites, since they get paid per impression. So even if we all just took one look and closed the window in disgust, they would make money, just not from us. So the actual porn sites lose money by paying for advertising that doesn't get them any customers, but I for one still find the whole thing offensive because they're spamming me and trying to trick me into letting them use my click for their profit.

    If they're at all remotely smart, even in their own little paramecium/slime-mold/fungus/spammer way, they are probably not even hoping for us to be actual customers, just to collect hits. That's why it's important for us not to even look at the page, even "just to see for myself what it is, in order to be better-informed, yeah, that's it". Even that would make their attempt successful and hence endorse their spamming practices.

    David Gould
  • oddly enough.. I AM naked right now.. I just got out of the shower... freaky....
  • Posted by Assmodeus:

    i knew it was bogus when i realised that of the "operation systems" linux was not mentioned first... that and the horrible grammar...and the fact that they were from a .ru address

    assm0deus
  • Guess what? He (the AC) is right.
  • It's probably not the best solution, but somebody could take down his webserver. And then send an email to the admin saying - this isn't on, please deal with it. Or better still, email to owner of the weserver telling of the problem, and if he doesn't kill the site, then take down the webserver with extreme prejudice...
  • Although most or all /.'ers had a healthy hatred for spam before this, it just gets more meaningful when it hits home.

    KILL KILL KILL!!!
  • The best, most satisfying way involves rope, honey, and fire ants.
    Unfortunately, the authorities seem to disapprove of this method (can't think why...).

    To paraphrase a famous ex-prez:

    "Sure we could drag this scum out in the street and beat him to death with a 5-pound tuna, but it would be wrong..."
  • Of course. You can assume that we know what hackers are. This is slashdot after all.
  • I hate to say that... I got this message today.... I was surprised slashdot sent me the mail... and I didn't realise what it was untill I saw this article.
    I hope we can find the culprit and take him to task.... else there would be no end to this spamming.

  • At first I thought, "weird, slashdot sent me an email?"... then I saw the body of it. This person and all other spammers MUST DIE! - even more so than Jar Jar ;)
  • This was too obviously not originating from slashdot, but how did this guy lay his hands on the addresses?
  • After a little snooping of HTML, youll find yourself back at Alex Gurry's homepage (which is full of ads). His email address, alexgurry@intra.ru is included on the page; if logic serves, he is probably the one who did this.

    Send him an eMail and tell him what you think about SPAM; I did!

    jason
  • by Anonymous Coward
    Not that I'd suggest anybody ever doing somethig bad, but intra.ru is running IIS 4.0. Which, as the story from yesterday said, has a nasty little over flow problem that allows writing straight to the IP register. And the people who found this little insecurity have also posted a crack.

    Just thought it interesting. Wonder if Intra's sysadmins keep up on bugtraq.
  • I would say that advertising porn with the /. name qualifies as defmination.

    Too bad there are not a US orginization, international law is a myth that exists only when everyone wants it to.

  • Huh-that's strange. I'm not sure how he got it then-we're checking various things out.
  • We didn't send it. Conceivabily they got the list through other measures-that's what we are looking into.
  • The /. people are as against spam as the rest of us - why would they do that? Think before you post and try and raise hell.
  • The spammer got my old email address that I haven't used for several months since I got my static IP. He must have compiled the list of addresses long ago. What pisses me off is that the guy looks bent on trying to destroy slashdot getting people riled up and emailing abuse@slashdot. Would it be reasonable to assume this guy is pulling a DOS attack?
  • The list originated from the distributed.net memberlist of slashdot. It became very obvious to me when I noticed they had used an email I only use to send/recieve rc-5 blocks. Maybe the list should be protected by the team owner of /.

    I know it can be done, because EvangeLista did this already.
  • by jandrese (485)
    I think this is a little overrated. I've been posting my email to the usenet and Slashdot for some time now and I still get little (almost no) spam. The only account I have even been heavily spammed on is my old AOL account, but their system is stet up to delight spammers by always keeping a list of all of their members available to the public. Besides, if you never give your email address out what use is it?
  • My email account is not obfuscated, but it is a tripwire for spam. I haven't received a thing from this spammer. My account has been active for a few months now.

    Methinks this is just a prank to dig at the slashdot community. Lets not let that happen. Just ignore them and eventually they will go away, or get a little maturity.

    the AntiCypher
  • Perhaps they need to be taught a lesson. Slashdot should consider filing for a Usenet Death Penalty [stopspam.org] or, if there such a thing, SMTP Death Penalty.
    - - -
  • Doesn't seem like that great of an argument, I guess. If your ISP sucks, why not find a decent ISP who uses a good MTA? Seems that allowing an individual to connect directly to your mail host is quite an open door to abuse... I know, it sucks... bah, I don't know. I'm just sick of spam.

    p.s. I have no idea why this gets posted with a score of 2....
  • The only criticism I have is that the $100 "fee" is actually too small. Spammers who are running those despicable pyramid schemes are likely to make far more than this.

    I understand that the law in Washington State, U.S.A. allows people to sue for $500 for each spam with a forged return address that they receive. Your fee should be about this large.

    I believe that you have a right to make spammers pay in this way. I pay for my net access at home. Each spam I receive costs me money. Why can't I take action to recover my costs?
  • the stupid IIS stripped the last IP, so one can't tell that the spammer was in Russia. The vulnerability of the server in the domain .ru was used for this spam, but you cannot tell where exactly the spammer was located.

    About suing the organization who owns the server used in the spam: guys, forget about it. As far as I know our laws (yes, I'm from Russia) related to the computer crime, there's almost no legal way of suing someone for spam. And it would be a very time/money consuming process.
    Usually, we deal with such cases just by contacting with the sysadmin of the mailserver used in the spam and telling him to fucking close the security hole. Sometimes it helps, sometimes not.



  • Yep. It's been a back-burner project of mine for a while now to make a spam filter. I think I have a winning concept, but the execution is both time consuming and hard. I'll mention my concept and see what you folks think.

    The program would be a learning program, based most likely on a neural net. The core of the program would be a list of 100 or so "words". These words would initially be randomly chosen "words" from my entire inbox file. Eventually the program would see these words as triggers. For example the "word" mom@moms.isp.net (i.e. my mom's internet address) would be a strong indication it's not spam, however "VIRGINS!!!" would be a strong indication it's spam.

    Now the program would randomly choose these words, and eventually keep the ones with good relevance (like the above), and throw away the ones with low relevance. Low relevance words would be either words that are seldom seen, or ones that are found both in legitimate and spam mail: "a", "the"...

    The strength of this concept is that it is tailored to the individual. Even without things like my mom's email address, I imagine the words that are often seen in my legitimate mail are different from the ones seen in another person's. This goes down to the machines that the mail is likely to pass through on the way, etc. So once the 'net had been trained properly, it should be very good at knowing whether the new mail is spam or not.

    The other big strength of this system is that it ends up using the same criteria I use to determine whether or not something is spam -- the words contained in the message. I can tell at a glance whether something is spam based on the words. A rule based system can easily be fooled -- as this article shows.

    The weakness, of course, is that as a AI type program, it must be taught. But I don't think this would be too hard. My guess would be that to teach this program you'd simply have to take a huge chunk of mail you've received in the past, mark each message as being spam or not, and then let it train on that.

    So what do you think? A good idea? A lost cause? I know it really doesn't go after the root cause of spam, and means that the Spam keeps clogging up the 'net, just that I don't see it -- but right now that's enough for me.

  • quote from an earlier story:
    "Posted by CmdrTaco on Tuesday April 20, @10:59AM EDT, from the this-ought-to-get-interesting dept.

    Stephen writes 'UK ISP Virgin Net is suing a former subscriber for loss of business caused by his alleged spam'... I personally think that we should legalize spam , but require the word 'SPAM' or 'AD' to appear in th subject so we can procmail it out. Or just set our sendmails up to discard it. And I think failure to clearly label spam should be punishable by death."

    Even the above would not cover "joe-ing", or the disparaging of another's reputation through false headers...what just occured here at slashdot.

    If false headers and false reply-to addresses were not allowed, because mail relay protocols couls somehow intercept them, spam would cease to exist.

    When protocols are in place that require a genuine reply to and headers, they can be used whether they are required by law or not. After all, there is no law that specifically protects the right to use false headers and false reply-to addresses.

    I'm thinking here returning any email without a verifiable reply-to, and RBL(blacklist) the source of any any email without valid headers. The reply-to address could be queried somehow, such as when a large mailing is detected...there are probably other, better ideas how to implement this, but it would not require any new legislation. Just a consensus.

    The flood of angry replies would serve as a kind of DOS attack/mailbomb of any spammer's mailbox. The trafic would help shift the cost of spam back to the sender, and eliminate the profit motive. I guess a full mailbox would have to count as a false reply-to, and halt any further relaying of a given spam mailing. So once you get 5megs of replies, the spam stops...or you have to pay for a bigger and bigger mailbox (5 gigs+?).

  • He must have compiled the list of addresses long ago.

    In my experience as postmaster, spammers never use up-to-date lists. I receive severel rebounds from the mail system daily from mails destined for no-longer existing users on our system, and which bounce back since the reply-field is bogus as well.

    Needless to say, I hate this. A lot.

  • I have a Hotmail account I give out when filling out online forms and such - so if the Webmaster decides to sell my details (because he's outside the EU for example and isn't bound by consumer data protection laws) then the spam gets held at Microsoft's expense. It's amazing how much spam I get there as well. Then every month or so I open up SpamCop, and start cutting and pasting. Not only does this give me immense pleasure, but I feel I'm doing my bit against spam.
    --

    Barry de la Rosa,
    Senior Reporter, PC Week (UK)
    Work: barry_delarosa[at]vnu.co.uk,
    tel. +44 (0)171 316 9364
  • Are you on the RC5 team? Current theory is that they pulled it from there-apparently that's happened before I'm not on the Slashdot RC5 team and I got the spam. I am however on another RC5 team. Did they send it to everyone who's doing RC5?

  • >Not that I'm advocating this, but if we were all to
    >ping flood him, he would die a horrible death.

    *Argggh*. Kids at play. Pingflooding is *not*, I repeat *not* a good way to solve a problem. You hurt his ISP, his ISP's upstream, also, all the systems involved in ping'ing the poor sucker will lose some bandwith, and so on.

    Flooding hurts the *entire* net. Not only those that get hit. When ISPs have to double their bandwith because half of it get wasted because of smurfattacks .. you should start thinking.

  • The D.net team lists contain EVERY e-mail address that has ever contributed blocks to the team. Even if you submitted a single block, you're on the list for the long haul.
  • Most likely the addresses were picked up by a spider program going through the web. I didn't get it, and I'm not on the RC-5 /. list.
  • I dont quite understand why; but I agree with most of you, THAT SPAM MAKES ME SO F$%^ING LIVID its unbelievable. I've been kicked in the jimmy before, and I was pretty pissed. But I get spammed, and I get so pissed I want to hunt the prick down and shove his little porn lovin, banner ad hostin, laptop up his arse so far he burps it up in the morning.
    why is this???

    my main point is, simply go to the porn companies who are paying this prick to attract the customers, show them what he did (spam mailing). Explain that spam, especially spam under false pretenses, is in the grey area of legality (and also pisses a lot of people off), and more than likely the spammer will receive no compensation for his work.

    Its a small victory... Even though I would rather rip off his head and pee down his throat.
  • don't even think about doing that.. getting 'even' by doing something illegal is not only stupid, but could possibly land your ass in jail (which is not a very nice place, last time i remember it anyway). mail the owner of the relay used, if they refuse to respond, mail the uplink. if they don't respond, mail their uplink.. most (if not all) uplink isps have policies which will force their customers to deal with spammers or lose their connectivity. there's always someone to complain to.
  • Just want to wag my finger and say, "you knew it would happen!"
    The /. effect can be overwhelming at times, and this guy obviously picked you all out. He knew that either:
    1-you would all go to his site to see if he really WAS affiliated with /.
    2-you would all try to use the /. effect on his site, which is what he wants anyway
    Spam sux. But do not act shocked that it happened to /., I think it was overdue.
    (Of course I can keep a cool head about it cuz I didn't get the spam, LOL.)
    Short of hacking the f*ck out of his site, I don't think any of the other options laid out here would be effective...
  • I doubt that this was just a random spam to everyone in the world, with the hopes that it would reach some slashdot users who'd be taken in by the return address.


    And i'd bet pretty heavily against these spammers having stolen the internal email address list.


    What i imagine happened, was that some sort or crawler program sucked up hundreds of thousands of posts in the comments, after all its nots hard to generate the urls for the individual comments (http://slashdot.org/comments.pl?sid=99/06/17/1232 41&cid=xxx where xxx is the message number, can't be much simpler.) That would explain why not every single slashdot poster got the spam because some through that NOSPAM in the middle of their email addresses just to confuse spam bots.

  • After a little snooping of HTML, youll find yourself back at Alex Gurry's homepage (which is
    logic serves, he is probably the one who did this.

    ok, this is very likely, but perhaps its not him. its like someone who doesn't know much and blames slashdot.its just you've done a little more research and found this e-mail and i disagree with the comment below

    Send him an eMail and tell him what you think about SPAM; I did!

    doing that (esp if ya don't know 100%) is almost as bad as the original spam. because you're wasting bandwidth like spam does. two wrongs don't make a right, perhaps you should send a polite e-mail to the persons isp and tell them what is happening and they can acctually do something, cos if it is correct, they can do something about it.

    for one, by mailing him you're veryfying your e-mail is valid..

  • Why didn't you get any? Looking at your address, you are using newsguy, the same guys that provide the anti spam service spamhippo. They also do a good job cleaning usenet news of spam crap. I have a newsguy account and it seems well protected against spam. I'm waiting for a day to get spam at that account so I can watch the spammer get crushed like a bug.
  • Yup! That's it.
    The mail was sent to the address I userd for registering for that. And that's a different one from the one I used for registering at slashdot.

    Thanks for solving this riddle.
  • abuse@slashdot.org should exist.

    --

  • MTA stands for "Microsoft Transfer Agent", the portion of Microsoft Exchange Server that attempts to deliver the message to one of it's internal addresses.

    It looks like this guy was using one of Microsoft's 120 day trial licenses...maybe the best response is to forward the emails to piracy@microsoft.com and let them deal with it from an illegal-software perspective...:o)
  • Are you on the RC5 team? Current theory is that they pulled it from there-apparently that's happened before.
  • Damn it,
    They can get 180,000 valid email addresses out of there with a robot.
    I think we should ask distributed.net not to tell our emails,
    but rather our names, just like, ehm, seti@home does.



    ---
  • Push delete button.They wear out after a while.
  • Noticed the improvement in content!Really push delete,they give up after awhile.When you look at their site it adds month to your sentence.
  • Posted by ThickAsTwoShortPlanks:

    Great.

    Unfortuantly, I live in the UK. It's an american firm. Nasty international boerder problems. I guess I *could* sue them here, but, it's a whole different ball game.

    At least there's some positive action US citizens can take easily - now if everyone did this the 'net would be a better place.

    Thanks for the advice.

    Later.

    Mark.
  • by Anonymous Coward
    How to stop spammers:

    Spaming happens because of economics. Messages are cheap to send and 'no recourse' exists to punish the spammer.

    Answer: Make it MORE expensive to spam than to not spam.

    1-Create a 'sign' that says "if you sent spam, I'll accept it because I accept spam. My spam fee is $100" or something like this, depending on what works for you.
    2-Allow in the spam.
    3-Send the company with the spam a bill
    4-Charge fees when they don't pay the bill. Administrative fees
    5-When the bill gets large enuf, sell the debt for pennies on the dollar to a LOCAL person to the spammer.
    6-Said LOCAL person(s) takes the spammer to court on each debt they bought
    6a) different local people, different court days to make it more fun for the spammer.
    7-If the case is a draw, the spammer still pays legal fees. If you win, push the debt collection to the point where they either declare bankruptcy. or go to jail

    We don't need new laws....just a desire to turn the spammers over to lawyers and use the laws we ALERADY have.

    Me, I've been thinking about this idea for some time. Only works if LOTTSA people decide to play.
    Just getting lottsa people to play is the problem. And my automated software doesn't work 100% automated.

    (HINT: If you GOT the spam, and don't have up the 'notice of billing' it would be unethical to claim you did, then sell the debt to someone else.... So please don't take the above as an invite to /. The spammer in court. Cuz, like that would be wrong.)
  • Posted by ThickAsTwoShortPlanks:

    Good idea - I didn't think about this at the time. It's been a while, buit I might have a go at dealing with this some time in the summer.

    I supose this goes along the 'nobody has to forward your packets' line of thought.

    Thanks.

    Mark.
  • OK then...the headers say it came from ras5.icp.rssi.ru. According to www.rssi.ru [www.rssi.ru], that is the remote access service of the Institute of Chemistry and Physics in Moscow. RSSI is the Russian Space Science Internet, an non-profit ISP for the scientific community in Russia.

    I looked for an account administrator to send this to, and I found marina@rssi.edu [mailto].

    Please do not slam this woman's mailbox. Send a well-constructed, concerned letter. The spam is not her fault, but it may be her responsibility to deal with it.


    Mike
    --

  • No, we don't need no stinking laws. The internet can heal itself without involving the slow creaky wheels of justice. If they keep it up, the pipe dumping raw noise into the internet will be simply cut off and blackballed. Things like that happen if you have a mail relay and allow abuse.

    Here are a few great antispam links:

    http://maps.vix.com/ [vix.com]
    http://www.orbs.org/ [orbs.org]
    http://spam.abuse.net/ [abuse.net]
  • There are SO MANY good tools out there for sysadmins to block spam, if they'd just use them.

    maps.vix.com has both the MAPS, a list of known offenders, and the DUL, a list of dial-up users from which direct mail should never be accepted. (Dial-up users should always go through their ISP's mail host...) www.orbs.org contains a list of insecure mail hosts which are often trespassed by spammers.

    Blocking with these three lists would go a LONG ways towards reducing spam. If sysadmins would just use them... It's much harder to do as a user, unfortunately.
  • www.orbs.org is a clearinghouse of info for open relays. Very good site.
  • The spammer used an old address I thought I retired. Now that you mentioned it, it was my distributed.net address. I was just busting keys with that address, now I have to bust the skull of some dumbass knucklehead spammer so he can't father children in the future.
  • www.join.at points to www.rename.net, and they have a good anti-spam policy [rename.net]. I can't find a contact address, but there is a feedback form [rename.net]. Get this guy's link shut down. But BE NICE dammit, it's not rename.net's fault.
  • I AM naked right now.. I just got out of the shower... freaky....

    Yikes! That is the sign of a true geek. Gets out of the shower and checks Slashdot before getting dressed :-)

  • by Decibel (5099) on Thursday June 17, 1999 @08:43AM (#1846931) Journal
    As far as we can tell, the spammer did harvest the email addresses from our stats database. They seem to have targeted both the /. team as well as the OS/2 Warp team.

    As mentioned in our official announcement below, we're going to try to make it as hard as possible for spammers to grab email addresses, but its to impossible to protect emails that are listed 'out in the open'. If you're concerned about spam, PLEASE edit your info so that you are not listed by your email address.

    Again, we apologize to those of you who were targeted by this spammer. Its very disapointing that someone would use the services of a non-profit organization, who's goal is to make the computing world a better place, to send spam.

    Here's our official announcement:
    Yesterday, a spammer 'harvested' email addresses from our stats database and sent out spam with spoofed email headers, making it appear that the spam came from slashdot.org or team warped. It appears that the spammer took email addresses out of the team member listing for the Slashdot team, the OS/2 Warp team, and perhaps other teams.

    We are looking into ways we can make it harder for spammers to harvest email addresses from the stats database. Given the determination of some spammers, it will be difficult for us to completely protect email addresses without taking the stats off-line completely. Currently, our best line of defense is to allow participants to be listed by something other than their email address. If anyone has other suggestions, feel free to send them to our mailing list, rc5@lists.distributed.net.

    If you are worried about your address being harvested, we strongly suggest that you edit your participant info and change how you are listed. In addition to being listed by your address, you can also be listed at 'Participant 123456' or by your name, which you can specify on the same page.

    To edit your information, you need your password. If you don't have it, take a look at your personal stats listing at http://stats.distributed.net and click the link at the bottom of your listing that says 'I cannot remember my password. Please email...'

    Once you have your password, go to http://stats.distributed.net/pedit.php3 You will be asked for a user name and a password. Your user name is your email address, and your password is the password that was mailed to you.

    We hope that our users already assume this, but to clarify, distributed.net will never, ever sell or otherwise distribute your email addresses. The only method for people to retrieve email addresses is via the stats database. We do not support spam, and we're very sorry that someone would use our services to spam people.

    Jim Nasby
    distributed.net Human Interface
  • someone got their hands on an internal /. mail list.

    Not necessarily. I'm guessing they just used a random spam distro list. I should think that some people who don't even know what Slashdot is got this spam and are now rather confused. If they used a Slashdot mail list, surely everyone who reads Slashdot would have got the mail? I'm betting that only a small proportion of Slashdot regulars got spammed.

  • The loonies have left the gate, I'm sure. And this right after we read the Andover News bit about rabid slashdotters. *sigh*
  • Check out this link [deja.com] for a posting history with this address... note, however, that even this is not proof that "alexgurry@intra.ru" is the originator. Sure does look like it, though.
  • Unfortunately, this doesn't solve the problem... it just deletes it when it hits your inbox. It certainly does remove the major annoyance, but the problem is still there, clogging mail servers and using up bandwidth. And costing you money. I go back and forth - I let stuff come through for a while, put some notches in my spam-hunter belt, and then filter again when I can't stand it anymore. :-)
  • Bill them for the time you spend cleaning up the fallout. Make it just within the limits of small claims in your state, and then file a claim against them when they don't pay. The filing fee is generally rather small and you don't need an attorney.

    You've got a less than tiny chance that the idiots will blow off the court date (you would be supprised how many people do) and the court will almost certainly find in your favor as a result. You could win a lien against their bank account(s) or even physical assets.

    At least that is how it works here in Wisconsin. YMMV. Of course if the SPAM originates from outside of the US, this won't work.

    Thad

  • Somebody post the link. I ordinarily just submit spam to spamcop and hope that takes care of it, it'd be kind of cool if they got too much of a good thing, maybe for a few days running.

  • Hackers are less likely do "do something about it" than, say, crackers, which is what you are probably thinking of.

    Ah, but "doing something about it" might mean "use the Received: headers to trace the message, and complain to the ISP". Hackers/geeks/nerds are technically savvy enough to know how to do this. "Average users" may not be. Hence, hackers (in the Slashdot sense of the word) are a bad choice of people to spam.

  • by strredwolf (532) on Thursday June 17, 1999 @03:34AM (#1846995) Homepage Journal
    Right out of the books from SPUTUM [sputum.com] and Sam Spade [samspade.org], both good anti-spam sites...

    mx.icp.rssi.ru is an OPEN RELAY used by spammers to hide their tracks. Complain to postmaster@rssi.ru about it and send this spam to them, with full headers.

    The spammer is hosted via intra.ru. Send mail to abuse@intra.ru and postmaster@intra.ru with the full headers and spam and say "You have a spammer on your system which is compromizing security and profits. Please remove."

    Also, visit The Radparker Relay Spam Stopper [radparker.com] to block the relay on subscribed systems.



    ---
    Spammed? Click here [sputum.com] for free slack on how to fight it!

Work is the crab grass in the lawn of life. -- Schulz

Working...