Gnutella Vs. SPAM 274
darekana writes: "I know you've heard the quote: 'Every new medium will be used for sex.' Well, every new medium also appears to be used for advertising.
Gnutella vs. Flatplanet.net who will win?
From the 'ShareZilla' developers' mouths:
'When the fine folks at Gnutella find a way to filter ShareZilla, we will figure out how to get around their new filters. A subscription to ShareZilla entitles you to that new version of our software at no additional charge.' Beyond the $74.95 (US) initial charge that is."
Re:Time to cut Florida off the 'Net. (Score:1)
A lot of it is those damn carpetbaggers. Steve Reptile...err...Respis (the pheromone/cable descrambler/whatever spammer) is also located in Orlando. Hmmm...I wonder if these guys are in "business" together?
James
Re:Slashdot values (Score:1)
For god's sake (Score:2)
He hasn't even read the article for god's sake.
Idiots.
Simon - who originally moderated this down, and wants the points back since the battle's clearly lost.
extending my reply (Score:1)
Re:Wonder if this could be dangerous? (Score:1)
Might be interesting to search for some of these names and see how well this thing is doing. The one I got is generation 5.
Option Explicit
Dim CurrentFilename, CurrentGeneration, InfectionDate
CurrentFilename = "AssFucking Collage Teens 15 Girls.asf.vbs"
CurrentGeneration = 5
InfectionDate = "7/16/2000, 6:29:52 AM"
const ProgramName = "Gnutella Worm v1.2 By LeGaLiZeBuDz"
const ProgramDate = "2000 May 28. The first v1.2 Gnutella Worm."
' Watching CurrentGeneration will be quite interesting. I wonder if
' anyone ever studied this compared with real viral spreading.
' Version History:
' 1.2 o Following Enhancements:
' o Now Sets INI to remove completed uploads and downloads, covers my tracks while searching for Victims.
' o Re-Coded for better performance while editing ini and victim files.
'
' 1.1 o Now copies itself to a list of target keyword instead of just current filename
' o Fixed a bug with Ini path... (1.0 didn't work at all. he he.)
'
' 1.0 o Initial Release
'
' Behavior Control Parameters
Dim NewFilenames, GnutellaPath, GnutellaIni, VictimFilename
NewFilenames = Array(ProgramName & ".vbs", "JennaJamesonmovie.asf.vbs", "PamelaAndersonmovie.mov.vbs", "AsiaCarerramovie.avi.vbs", "xxxFTPmovie.mov.vbs", "ASFCompressor(Noqualityloss).zip.vbs", "collegesex.jpg.vbs", "Gladiator.jpg.vbs", "Battlefield Earth.asf.vbs", "Evangelioncompleteepisodesscripts.txt.vbs", "ScanMaster.jpg.vbs", "How to eat pussy.avi.vbs", "AliciaSilverstone.jpg.vbs", "PearlJam.mp3.vbs", "Mp3compressor(Halfthesizebutsamequality).zip.vbs
Collage Teens 15 Girls.asf.vbs")
Re:How to combat spam (Score:1)
If they're sentient enough to know how effective their adverts are then you could even reply to the advert saying "as I saw your advert via a Gnutella-propogated advert I will never buy anything from your company".
However, I often doubt there's anything sentient behind any of these companies.
I want a way of spoof-request bombing them, but don't know how gnutella works to know if this is possible.
FatPhil
Re:Spamming/Filtering (Score:1)
/[Ww].*[Oo].*[Rr].*[Dd]/d
very handy.
Re:Slashdot values (Score:1)
Re:How to combat spam (Score:1)
Re:Rant about online advertising. (Score:2)
EVERY time that infomercial runs, the company has paid $2500-$5000 or more! How many losers have to buy that widget to pay for the run? The same ones keep running and running and running. They would not keep paying to run the infomercial if they were losing money...so someone out there is buying, and enough to justify the cost of sending.
maybe we need to organize some kind of campaign, like a public service announcement, to discourage people from buying anything they see advertised this way, along with a public list of companies and their execs who insist on using offensive advertising models. Build it into the next revision?
my
You become enlightened grasshopper. (Score:4)
I think I'd have the client check a few different searches and block anything that appears in all of them. Pass the information about the spammers to other clients as well maybe to make it more effective?
Time for a technical fix... (Score:2)
I can see another spam-cancelling service arising from this, too. Once each server has to confirm its existence before its search results will display and the anonymous spam problem is dealt with, it wouldn't be at all difficult to generate random queries and look for returns that have the characteristics of spam. Once a spamming host is identified, it can be put in a blocklist (or hacked, or DDOS'ed, etc). The mind boggles at the possibilities.
--
Blocks, Gnutella variant (Score:3)
In the blocks model, servers spin off into pods of 10. The 'blocks' of information are then routed through different pods, the origin IP and destination IP aren't known unless you have compromised all the pods in between.
An advantage of the pod model is that it would be easier to kill.spammers.dead pod A could voluntarily drop connections to adjacent pods if people in the pod B (the evil pod) has been feeding crap. pod A could trust adjacent pods that have been reliable in the past, they transmit a message to drop pod B from the loop and pod A does so.
A neat little system, and the cool factor is that multiple versions of the client could implement their own threshholds, filtering policies etc. You get organic filtering as the protocols that actually keep spammers out become the favored clients.
-spRed
disclaimer, I have no affiliation with blocks, and it has some protocol difficulties of its own. (but I do think it is on the right track)
Re:Why pay 80 quid for it? (Score:2)
---
Re:Probably Not Long-Term (Score:2)
Somebody else raised the very legitimate question of how this would effect clients behind firewalls. Would a change in the protocol, accomodating a proxy server or firewall IP address relative to the client, help? I ain't no IP guru, just curious.
The answer: moderation (Score:3)
So have some trusted authorities that moderate stuff - they don't have to be centralized... For example, just like we have warez groups now that release stuff and crack stuff, we could have groups that test stuff out, make sure it's quality, and pgp sign it to give it a seal of approval.
Then, you could program your client to check for that signature on anything you download.
--
Re:These assh*les deserve what they get (Score:2)
Florida - Scam Capitol (Score:2)
USENet spam on Gnutella? (Score:2)
www.usenet-replayer.com/short-archive/part/alt/fr
Care to explain more? (Score:2)
Re:Time to cut Florida off the 'Net. (Score:3)
Are you kidding? We're the beating heart of the porno movie industry, baby!
Also, the primary import location for nearly every drug except marijuana. That, we just grow. 2nd would probably be the CIA's fields in Arkansas.
--
Re:Wonder if this could be dangerous? (Score:3)
Why the
Actually, though, it strikes me as very strange that there so few (in fact, none that I've heard of) file.com viruses that masquerade as URLS. It seems like a filed called "Go To Weirdxxx.com" would fool a lot more people than one called "Love Letter for You.vbs". I'm sure plenty of people have already thought of this, so - can anyone give me an explanation why it isn't seen?
flatplanet.net Shut Down (aka Re:What?) (Score:5)
Like any true spam promoter on the Internet, alas, they will most likely move their operations and continue with their unethical practices. :P
Thanks for reading, and not spamming,
Al Gordon
Sr. UNIX Systems Administrator
DSL.net, Inc.
http://www.dsl.net/ [dsl.net]
Moderate the parent up (Score:4)
This is probably the best answer, snagging a large chunk of spammers and easy to implement, although I'd use comparitive lists of stuff, and not random words. Search once for Pink_Floyd-Have_a_cigar.mp3, then 'CIT coffee mug', then for 'The Phantom Menace', and finally 'K3w7 W4r3z d00d'. Blacklist anyone that responds to more than two.
Re:Slashdot values (Score:2)
Actually, I'd liken it more to stickers with ads stuck to the pages of the library books.
Obscuring the text you're wanting to read, you'd have to peel the stickers off the pages (and occasionally lift the text you want to read with them) before you could actually make such a defaced book useful again.
I'm sure that legitimate Gnutella sharing servers will still be in there somewhere, but I really don't like the looks of the future Gnutella if this system is allowed to survive.
Imagine getting 100+ responses to every search, 96 of each responses being from spam. It would take forever to find anything, effectively killing Gnutella's usefulness.
Perhaps the RIAA/MPAA had something to do with this?
I suggest we take steps to destroy it now. Anyone have an offshore ISP that is immune to legal action from yanking Sharezilla's website?
Man, oh man, if only I were in high school again. I beat the snot out of a kid who was tearing the pages out of books because he was too cheap to use the photocopier. (I was a bit of an unorthodox library geek back then, and while I was also an autoshop grease-monkey and an electronics lab terror, I've always loved books.) Anyone who assumes that nerds are placid sheep is an idiot. I see a wonderful parallel here... do any Slashdotters have nothing to lose?
A possible solution (Score:2)
A possible protocol based on hashing:
*Each client selects a random nonce constructed by appending n bits to a representation of the current time in seconds, as well as a header describing how much hash cash would be needed for a valid response.
*Any software receiving the query would be required to construct say x different collisions on the first y-bits of the hash of the nonce, with the input restricted to appending more information to the random nonce.
*If the original client does not a receive a reply containing valid, distinct units of hash cash, the client silently discards the information and places the offending IP on a blocklist. The original client keeps track of the last m units of hash cash to prevent duplicates.
*Each client may set its own threshold for how much hash cash will be needed for a valid reply. Responding clients may choose not to respond if it decides that too much hash cash would be needed.
There are many other alternatives that offer even more control over how much work would be required.
Abuse of a system, downfall of the abuser? (Score:2)
Just a theory =)
---
Difference between signal and noise (Score:2)
Re:What about IP verification??? Won't work (Score:2)
Who Wrote This Abomination? (Score:4)
You are Joe Cool-Hacker, a coder of such prodigious and long-standing skill you make Hiro Protagonist look like B1FF. You are invited to an expensive lunch by an oily but well-heeled guy who wants to discuss a project with you. After the initial pleasantries, Oily Guy gets to the point.
"I have an idea that's going to make millions, and I need someone to write it," says Oily Guy.
"And that is?" you reply.
"It's a new form of advertising."
"Uh...," you begin to say.
"Hang on, let me finish," Oily Guy insists. "It's not 'spam' like you guys like to call it. It's search-based. The ads are offered in response to legitimate searches from Gnutella clients. So unless the user initiates a search, they don't see anything."
You are dubious, but you remain cordial. "So the ads aren't sent unless the received search terms match ad's subject matter."
"Well, that's certainly a possibility," Oily Guy responds.
"What do you mean?"
"Well, the advertisers needs the ability to be as narrow or as broad as they wish. So they could respond only to detailed searches or, if they have a broad-appeal product, they could respond to everything."
"Everything," you deadpan, eyes fixed on Oily Guy.
"Yeah. Just like TV ads. A lot of times the ads have no bearing on the program, but they're still effective."
"Doesn't that diminish the value of the resource? I mean, if you opened the phone book to the plumbers section and got listings for sex clubs, doesn't that make the phone book useless?"
"This ain't a phone book. It's the Internet. And the real results will still be there; there'll just be a few ads in with them. It's not like this is illegal or anything. C'mon, there's tons of money to be made here. Aren't you interested in getting rich?"
At that moment, the server arrives offering fresh coffee. Do you:
The person(s) who wrote this software needs to be identified and blacklisted from further employment in our community. This kind of ethical bankruptcy must not be supported or allowed to continue.
Schwab
Re:How I'd get past that... (Score:2)
Re:[Not] A possible solution (Score:2)
Basically, it is a way of ensuring that the server receiving and acting on a request must spend a certain amount of time computing some function of the input in order to be able to send information back. . . The amount of work that needs to be done could be increased to keep up with the growth in speed of computers.
I fear that your entire premise is flawed. A system like this might work for a clearing-house system (e.g. Napster), but fundamentally infeasible for a distributed system such as Gnutella (see title).
In a Napsterish system, this would be an easier task, as you would only have to deal with one server. Gnutella, on the other hand, deals with numerous servers, and source is available allowing any would-be spammers to easily circumvent any safe guards built into it (and they could just tell their server to route to different servers for each request until the time limit is up or whatever).
[We are assuming that spammers have half a brain, but enterprising companies like the makers of Spamzilla, whose server was first slashdotted, and then apparently taken down, would probably be more than happy to create such as system.]
Furthermore, how can "The amount of work that needs to be done . . . [inccrease] to keep up with the growth in speed of computers?" Aside from any problems mentioned above (distributed nature, source availability), how would you ensure that someone would run the "correct" version for their hardware? Hell, Linux can run on a multi-processor Sparc or crawl on a 386. People don't upgrade all of their systems everytime a new top-of-the-line system comes out and it would be impossible to force people to choose the right settings.
Many users of Gnutella wouldn't be completely sure how to set the correct versions, and though an auto-detect feature could be implemented, it still is not perfect. Many people may find an old version and decide to use that.
There are many holes in your argument (and this may not be the most lucid rebuttal) that stem from your attempt to divide Gnutella in to a client/server setup, when it is actually a client+server setup. Moreover, your system would be impractical to see through to completion.
Spamming and Freenet (Score:2)
Re:Rant about online advertising. (Score:2)
How do we make it stop?
I don't know. I'd sure like some ideas. But I think the most cost-effective way to do things is the moral equivalent of the yellow pages. If I want a given product, I'll go searching thru an index, and at that point I'm asking to see ads. I *might* be interested in a "what's new" area... anonymously tailored to my interests. Other than that, I prefer my world ad-free... and for damn sure I shouldn't be having to pay the freight for anyone else's content (banner ads, popups, or anything else that wastes my bandwidth). If I'm getting a service for free (radio, broadcast TV) that's one thing, but if I'm paying, real content only, please. Anything else is just going to annoy me, or worse.
--
Do not meddle in the affairs of the BOFH,
for he is subtle and quick to*#![[NO CARRIER
Re:the question is (Score:2)
Re:Slashdot values (Score:5)
Legal commercial advertisements are fine, but this delivery method is NOT. They are not being censored. Imagine if you were looking for a book in a library, and you picked a few up and checked them out, only to find that although the cover looked like the book you wanted, ALL OF THE INSIDE PAGES WERE ADS. Imagine that this happened with every book in the library. You can see how this would piss people off no matter what was in the book -- the point was it's not what you requested.
Re:Florida - Scam Capitol (Score:2)
Up here in Toronto, I live in a three-bedroom 2-bath house on a big main street and right beside a housing project (gunshots and Acuras with loud stereos all night). Despite that, it's valued at over $279,000 CDN. And that doesn't include the snowblower I need to get into and out of the driveway for five months of the year.
$100k. Wow.
In most counties, your 'homestead' is protected in bankruptcy proceedings - scam artists can hang on to land and buildings up to $1 million when their schemes unravel.Mega-wow. Of course, that's only meant to promote legitimate enterpreneurs. Sure.
No state income tax, so add 6% to your take-home.Wow.
The weather is nice if you like Turkish baths and lightning). We have beaches where the water is warm.Yeah, I've gotta say, I've been to Florida a couple of times, and I love the climate. Both times were in August, both times I felt right at home in the sweltering heat and humidity. (I like being too hot more than being too cold.)
And what snake-oil salesman wouldn't feel at home with alligators in his backyard??Yeah, and he gets to crush all the smaller reptiles that always seem to be underfoot there.
Now, I understand. Thank you.
filtering idea (Score:2)
Seth
Re:Companies fake competitors' spam for their bene (Score:2)
Let's think about this. When you spam, you are advertising a product/service. YOu have to leave some sort of legitimate contact info so people can buy YOUR stuff., SO, logical choice would be to call their 1-800 order number and bitch the hell out of them, right? What if the spammer was advertising someone else?
So I guess that would leave it to go directly after the spammers themselves, whether it is a legitimate or a competitor's phone number/mailing addy. Argh.
Re:What? (Score:3)
Re:What? (Score:3)
Hormel is suing Gnutella, and has a cease and desist order, saying they're losing sales and not recouping the immense amounts of R & D money they've spent creating such delectable ham based foods.
Critics of Hormel say that since SPAM has been around since WWII, they've long recouped their initial investment.
Thank you,
George
Wonder if this could be dangerous? (Score:4)
Hmmmm, is anyone else seeing the possibility to transmit macroes or virues this way?
Network Abuse (Score:2)
It's unfortunate, but people are going to have to start designing applications and protocols with this sort of deliberate abuse and subversion in mind. (Of course, protecting against it is easier said than done...)
Re:[Not] A possible solution (Score:2)
Since it's slashdotted... (Score:2)
OHMYGOD!!! (Score:3)
First off, check "Jonathan Byron"'s reply. He summed up many of the points quite nicely.
But I just have to chime in, 'cause I recognise the address.
Knights Krossing is a notoriously shadey apartment complex directly across the street from the UCF campus, at the corner of Alafaya and University. I actually used to live about three miles west of there on University.
The complex caters to the least responsible of all the college students there. You rent a BEDROOM in an otherwise (poorly)furnished apartment. Each unit has four of these bed/bathroom combos, and you get paired up with roommates at random if you don't have a group of four. Utilities are included in the rent, but between the four of you, you still wind up paying about twice what it would cost if you were responsible enough to be able to pass a credit check and rent a house. But then, there's totally insufficent parking there, perhaps being right across the street from campus, mabye you make up for the price by not maintaining a car.
Basiclly Knights Krossing is (for the most part) where you get the 'rents/government to pay for you to live if college is simply 13-16th grade (or 17th or 18th as the case may be). I'm talking party central here. Any given night you can drive in there, park in a guest slot (or you WILL get towed) and find a kegger or five open to anyone who staggers up to the door (drinking age? what's that?). It is also where you go if you want to score weed or ecstacy or acid (or possibly something worse) and you don't want to head over to the bad part of town.
*LOTS* of dubious "business" deals go on there. From chem majors selling their cooked up batches of LSD, MDMA, and GHB, to CompSci majors running spam or porn sites (in at least one instance I know of, the FILMING of said porn was done in a Knights Krossing unit too). It's across the street from UCF, so there's bandwidth aplenty, both cable and dsl), and UCF does have a fairly good CompSci program (graduate, at least... undergrad classes are rathar lackluster).
Also, if you note the "technical" contact, you'll see "adelphia.com" adelphia is a notoriously WRETCHED cable company that, in Florida, just HAPPENS to employ a fair number of UCF grads.
Funny how it's such a small world after all...
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Re:Time to cut Florida off the 'Net. (Score:2)
Forget their money. I want nana's cherry old rust-free low-mileage 1974 Plymouth Scamp.
(Let's face it, Florida's roads will be safer if she takes the bus to bingo instead. Scamp vs. Honda = slightly dented Scamp, completely flattened Honda.)
The way to deal with Spammers (Score:2)
I read recently in 2600 magazine, an article about how to deal with spammers. According to the article the best way to deal with spammers is to waste the only resource of thiers we can, time. What we do is when one of these spams pops up, we goto the website and email the webmaster or thier service provider, complaining that the file they advertised was not available on thier website. Demand they make the file available. If you are really mean, suggest you will file a complaint with thier local Better Business Bureau or Chamber of Commerce. Better yet, do searches on copyrighted MP3's and then turn them in for illegally distributing copyrighted material, this has a special irony to it, turning the two great evils of the Internet against each other.
Jesus died for sombodies sins, but not mine.
Maybe I'm stupid... (Score:2)
good with the bad (Score:4)
Kinda like . . . (Score:3)
Kinda like eugenics for distributed file sharing . . .
Rant about online advertising. (Score:2)
Things like this just make my mind boggle. Advertising / spam on the net really drives me nuts. Why do people seem to think that by pissing off thousands of customers simultaneously thay will somehow pick up revenues ? Where do these people keep their clue ??
I really fail to see the point of this sharezilla thing, unless its just designed to be a complete GNUtella spoiler that drives people away from the service.
Or maybe its a gag. Whatever.
Marketeers are worse than lawyers. And adverisers are the worst form of Marketeer , cos they con themselves that they are "creatives". And as for advertisers that work in "new media" they have to be the lowest of all
I have a new spam address (Score:5)
I encourage you to join me.
(before you moderate me down, do a whois on flatplanet.net.)
Probalistic Analysis of Blacklists (Score:3)
Of course, by keeping a cumulative blacklist based on $n$ prior "random queries," the probability of success for a SPAMMER will go down as $p(1-p)^n$. By using $p=1/(n+1)$, the SPAMMER can keep his probability of success above $1/(n+1)^2$. This is bad since practical $n$ is limited by the rate at which the SPAMMER changes his server's identity.
The upshot is that any blacklist-based system is guaranteed to let a lot of SPAM through if the SPAMMERS are adaptive (change identities) and many in number (more than $(n+1)^2$ where $n$ is the effective time constant of adaptation). Collaborative blacklists can increase $n$, but introduce significant trust issues since adversaries can start blacklisting legitimate sites.
Re:Since it's slashdotted... (Score:2)
What is ShareZilla?
ShareZilla is a quick, cheap, and easy way to promote your products, services and web-sites across the latest and greatest thing on the Internet: Gnutella. ShareZilla intercepts every Gnutella search that comes across its network horizon and re-transmits an ad back to the person originating the request. In addition, ShareZilla can transmit an MP3 file (if that's what the user is requesting), or it can transmit a Movie, Text, HTML, VS, etc.
When the search originator sends out a request like: "Strawberry Rhubarb Pie" ShareZilla will return a string like this:
"WWW.FlatPlanet.Net - Strawberry Rhubarb Pie.mp3"
This is very useful if you're on the web to make money. If you're not on the web to make money, this is just a really neat way of finding out about the latest commercial press release about Strawberry Rhubarb Pie.
What is Stealth Mode?
While running in stealth mode ShareZilla responds to search requests with a advertisement string, instead of a file. Since the viewer of the ad does not need to download any files (or viruses) to their system to get your ad across, ShareZilla takes the opportunity to scramble its home IP address and other identifiying data that would otherwise be necessary to download a file, or find out who and where you are.
Since the response to the search does not include any return address, ShareZilla uses Gnutella Net's natural anonimity to keep your home IP address from being discovered. This way you don't have to wory about any number of hack attacks, which can only be done once the hacker knows your home IP.
Ok, may be I mis-interpreted what Sharzilla is ... (Score:2)
Of course, not that the site is semi-/.'ed, I'm having trouble re-reading that page to check ... sigh.
Re:Too easy to get around?... (Score:2)
To get around this the way you're suggesting, the spammer would have to dynamically create the bogus filenames on these other IP addresses - something they could possibly do if they had the access on that other machine while running the software. But unless it's an unwitting partner in the process (trojan?), it exposes at least one of the spammer's machines.
Like I mentioned, I'm no IP guru. This is starting to make my head hurt...
Re:What? (Score:5)
Has anyone considered looking for buffer overflows in the ShareZilla code? send a targeted request for '0xFF, 0xFF' or what-have-you and watch the spam factory turn to Jell-o.
Not Gnu (sorry, couldn't resist) (Score:4)
Re:Since the site's slashdotted already... (Score:2)
About ShareZilla-- I'm laughing my sorry ass off. All those boneheads who were hyping Gnutella when it first arrived on the scene should have listened to us oldtimers who were telling you that, as an application protocol, it sucks rocks. You're getting what you asked for.
ShareZilla is only the beginning. I'm waiting for the real fun to begin when the blackhats start swinging their malevolent gaze around to it. If you want to prevent network abuse you have to design the network to resist tampering by abusers.
The Gnutella network is a child's toy. (And Jason, if you're reading this, you should read this [ietf.org] and give me a call. I may have a hobby project for you.)
Flatplanet & Sharezilla (Score:3)
<grumble>submitted this story yesterday</grumble>
--
Since the site's slashdotted already... (Score:5)
It goes like this... (Score:2)
It can scramble the IP (return address) so that its users don't get "wacked" in revenge.
They are selling it to other spammers.
They know its "wrong" and that people will fight back, and they don't give a damn.
This may contaminate the gnutella filespace with junk, and "we" don't like that.
Thad
Re:Ad is what made internet big (Score:2)
75 seconds and not marked "troll" yet? (Score:2)
streeetlawya, abusing the +1 bonus since 1999
Re:Rant about online advertising. (Score:2)
* I spend $80 to send an advertisement to X people, where X is a really God-forsakenly large number. I'll say 8000, because I like it. Keep in mind that unlike commercials or billboards or the like, this is a *one-time* cost.
* 99% of those 8000 just ignore my advertisement. However, they don't actually cost me any more money and the 1% who bought my product (which hypothetically costs $1) just paid for my advertising fees.
* If I want more revenue..I send it to another 8000 people.
Therefor, I am thinking that this advertising is based on the idea that in a sufficiently large amount of people, -someone- will pay you money. And you can always get more people -at no additional cost-.
Commercials on TV and billboards have to be craftier than that, because they have continuous fees. Spammers don't.
Eric ze Kidder
Re:Care to explain more? (Score:2)
I guess a system like Gnutella must be able to live with that kind of abuse. OTOH, I wouldn't be too sad when I hear that someone did something nasty to their servers!
preventing SPAM (Score:2)
---
FlatPlanet are wrong - they can be banned (Score:5)
Anyway, as a consequence of this, I started collecting good/bad host information - I kept notes on the number of good (valid) and bad (invalid) packets coming in on every connection. Once the bad packets accounted for a certain percentage of the total packets, I said "fsck you" to the connection. Now note, it's not the node that you have the connection to that's creating the bad packets, it's just doing it's job in passing them around. What I was saying is "Hey, you're sending me junk - I don't care if it's not yours, I'm dropping you and talking to someone else". I would drop the connection, blacklist it for a few days, and start a new one instead. During the TTL wraparound time, whilst gnutella was totally unusable, my client was merely slow.
To get to the point: If every client allowed the user to say "this reply is spam", the route can be traced back (via MessageID) in the net to the clients that have a direct connection to the spambot. By creating a new (routed, so efficient) spam alert message, a client could be informed that one of it's neighbours was a spambot, and so (voluntarily) agree to both drop the spambot from the net *and* reply with the ip:port pair of the spambot, this could then be used to blacklist the ip:port pair for a limited time (again, voluntarily, per client).
Given that ip address are not yet (cf. ipv6) a dime-a-dozen, FlatPlanet would have to keep finding a new suply ip address blocks from which to attack.
I haven't kept up to date on gnutella development, but there must be a sizeable number of clones (with source!) by now. The major problem would be in moving people from the old unmodifiable Gnutella client, to a "new and improved" clone.
best wishes,
Mike.
Could there be GPL violations here? (Score:2)
Unless, of course, they are also doing this to point out some of the problems with the distributed system. Helluva way to point them out though.
More Insidious Than Spam is Harassment (Score:5)
my email address as every gnutella response...
gnut> find anything
CURRENT RESPONSES
-----------------
1) email matt@steinhoff.net for kiddie porn and anything
216.10.33.21:6345 size:80.854M ref:84279680 speed:10000
I got thousands of email messages looking for
[steinhoff.net]
child porn and else
before I nailed the guy.
When the search is distributed, the abuse is
distributed as well.
InitZero
Re:Slashdot values (Score:4)
I have never received any of that.
"Stolen software -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"Stolen music -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"Stolen movies -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"Bomb-making instructions -- INFORMATION MUST BE FREE!!!!"
I have never received any of that.
"but legal commercial advertisements?"
I receive several of those every day.
Anyone see's the difference?
ahhhh, thank you (Score:2)
Gnotella has flatplanet spam filtering code (Score:2)
http://gnotella.nerdherd.net/
Re:These assh*les deserver what they get (Score:2)
aren't we already doing this? I mean, the site seems down due to slashdot... Just find something new about them every day or so, post a story, and voila!
---
The spammers have to reveal themselves in some way (Score:2)
There's always some inherent weakness, for example, with email spam they have to harvest mail addresses in some way to build a mailing list to send spam.
The addresses they harvest can be poisoned using a spamido technique [freeserve.co.uk] so that they waste their time sending spam to /dev/null all over the internet. A waste of my bandwidth, but not my time.
It's the spammers underlying weakness that should be exploited. A spammers strength and weakness are the same thing grasshopper.
I don't know anything about Gnutella but I'll bet that there are certain characteristics that can be used to make spam a waste of time.
Re:Don't Respond (Score:3)
Yes, it would, but unfortunately, life's not like that. The reason spam is so common, is that it works. It costs so little that you only need a tiny response rate to be making profit. There will always be clueless newbies with the "oh, that's an interesting offer, I'll go and have a look" attitude. From what I've heard, email spam currently gets around a 2% response rate. That's about the same as traditional bulk postal mail, but the costs are so much less that the profit margins are significantly higher. You or I wouldn't buy anything from a spammer, but enough people do that it's not going to go away any time soon.
Re:The Basics (of Paranoia) (Score:2)
Flat Planet, Inc. (FLATPLANET2-DOM)
1214 Knights Krossing Cir. Apt 105b
Orlando, FL 32817
US
Domain Name: FLATPLANET.NET
Administrative Contact, Billing Contact:
Alexander, Justin (JA7080) justinalexander@USA.NET
N/A
12124 Knights Krossing Cir. Apt 105b
Orlando, FL 32817
(407)362-2212 (FAX) (561)795-6548
Technical Contact, Zone Contact:
Howell, Scott (SH1012) showell@ADELPHIA.NET
Wallace Technology
9944 Gardens East Drive
Palm Beach Gardens, FL 33410
561-691-4410
Record last updated on 13-Jul-2000.
Record expires on 08-Nov-2000.
Record created on 08-Nov-1998.
Database last updated on 8-Aug-2000 19:41:10 EDT.
Domain servers in listed order:
MIA.WALTECH.COM 208.204.251.45
NS3.SUPERB.NET 207.228.226.5
Re:Ad is what made internet big --- BAH!! (Score:3)
It would be valid to say that advertising exists on the internet because of its increased use. Not the other way around.
Internet advertising doesn't really work. People aren't clicking on those banners, and they plain don't like them. A text sponsorship link is going to get more click-thru's than the annoying animated banner that's pissing me off now.
Site that MUST survive off of advertising aren't going to make a profit. If you launch a site and expect advertising to pay the bills, think again. The site must be established before it can even come close to being supported by advertising.
Right now the majority of advertising on the 'net is being done by morons that have no clue what they're doing, like this ShareZilla thing. Advertising is an art, and it can't be successful unless it's well planned and executed.
Think about it, when you get a spam mail, see a banner, or download a dummy file, you're annoyed. Rarely do you want to annoy your customers. When you're watching TV and you see a good commercial, you aren't going to be annoyed. Hell, there's even sites like AdCritic [adcritic.com] that have commercials you can watch anytime, and people DO. You don't see anything (and you won't) with banner ads or spam mail.
Basically what I'm saying is there is not any real advertising being done on the internet. Right now it's just hacks spamming people, and saying that this made the internet big is just insulting. If anything it is hindering it's evolution.
Deception (Score:2)
hashcash is the solution (Score:2)
WE NEED BLOOOOOOOD! (Score:2)
Why don't we just post a headline with a link to their site every day on
These assh*les deserver what they get (Score:2)
Companies fake competitors' spam for their benefit (Score:2)
Loads of people have commented along the lines of "well nobody in their right mind buys something because of a spam advert, so surely spamming will die off?".
They're missing the point.
Spam is frequently used by companies who put their COMPETITOR'S names and products on the spam adverts. Thereby their competitors get all the abuse and the original company looks holier-than-thou.
For some people, the bad customer reaction to spam is the whole damn point of spam. Bad press for your competitors is good press for yourself. If you can wind your competitor up in trouble by faking some spam- particularly if the originator is difficult to trace as per gnutella- then you win.
--
Re:Care to explain more? (Score:2)
Re:The answer: moderation (Score:3)
You only display search results that have been signed by one of the people you list as "trusted authorities"
--
Re:Network Abuse (Score:5)
I like that, I think I'm gonna quote you on that one.
I see this as a serial killer unleashed on the bootlegging community of Prohibition times. A large community of people breaking the law, but whose only real harm is that perhaps they're depriving companies of revenue. Now they aren't being arrested, but are instead being attacked by other citizens.
I'm not sure how the morality all works out in the end, but in the meantime, I think it's probably a bad idea to directly antagonize the hacker community. Sure, the majority of Gnutella's users are relatively ignorant mp3 and porn sharers, but it's a powerful Open Source networking tool, and has support from some skilled people. If flatplanet declares war on the Gnutella community, I'm betting on Gnutella in the long run.
Besides, how effective can the ads be? I know I would be less likely to buy from a company that was already antagonizing me and whose advertising was presented in the form of an attack.
Why pay 80 quid for it? (Score:2)
The gnutella protocol is open now, and given the limited implementation I wrote of it (only search & download) in about 6 hours it's beyond me why anyone would actually purchase a product to deliberately destroy their brand name.
What I can see however is someone like [insertmonopolisticsoftwarecompanyofyourchoice] planting virus riddled versions of [insertmicrosoftofficeversionofyourchoice] to try and back their point that pirated software is of a lower standard than their own.
Re:Wonder if this could be dangerous? (Score:3)
The only files that you could transmit a macro or virus in would be like *.doc, *.exe, etc. And what would be the difference between downloading one of these from ANY GnuTella user or this service?
Besides, If you're downloading anything that has a filename like "MAKE MONEY FAST - WWW.SPAM.COM.exe", you deserve to be infected. In fact, you deserve to be shot.
Re:FlatPlanet are wrong - they can be banned (Score:2)
---
Re:Care to explain more? (Score:3)
Re:FlatPlanet are wrong - they can be banned (Score:2)
With the old client you couldn't restrict bandwidth or number of node connections, so it is a good idea to pick another one if you're connected for more than an hour.
And there is a ton of other clients [wego.com], some with source.
A better answer (Score:5)
Re:Wonder if this could be dangerous? (Score:2)
Yes I've seen one already.
It would do the search result spoofing, so if you searched for "Pink Floyd" it would return "Pink Floyd.vbs"
The vbs file would then attempt to modify your file sharing directories, via textually modifying your .ini file to share your root drive.
At the time I was impressed .. a potentially better way would be to have the script be a JavaScript embedded inside a HTML file - most browsers allow lots of malicious things inside script on HTML files on the local machine
(IE. "Local Intranet" on IE).
Steve
---
Time to cut Florida off the 'Net. (Score:2)
Will someone please explain to me what it is about Floridians especially that attracts them to shady business models?
I don't get it. But I do know that clearly half of my spam comes from Florida. (40% of it is from the other 49 states, especially southern states; the other 10% is from gross third-world nations.)
Geez, all I thought there was down there was blue-haired little old ladies from Binghamton who weren't strong enough to start the snowblower anymore.
I've got a nice pair of wire cutters. If someone tells me where the fiber is routed, I'll happily take 'em out at their borders.
Re:Slashdot values (Score:2)
I have a few questions:
I receive junk mail in my mailbox. Since the USPS believes that "Information must be free". By extension, I conclude that the US government does so to. By the same logic, can people download music and movies and whatever they damn well please? Yes? No?
I like to listen to music. Can my neighbor play his stereo at deafening volume levels throughout the day?Yes? No?
People download music from web sites. Should people tolerate receiving
The point is this-
People don't want PUSH technology. They're tired of PUSH media such as television, radio, magazines and newspapers. The web is different. People like the freedom it provides. That's why they won't tolerate spam and banner ads. PUSH is anathema to the web. The sooner the PUSHers realize it, the better.
Finally- Nobody said these spammers can't put up their stuff on their web pages. They're free to do so.
-rao
Re:Blackholing spammers and their ISPs is key (Score:3)
Walt
What about IP verification??? (Score:4)
What if Gnutella had a built-in query verification step, something wherein each search result gets re-queried, as in "do you really have this file?"
Step 1: The query goes out
Step 2: A result comes back from IP address x.x.x.x
Step 3: A verification transmission is sent to x.x.x.x to confirm the presence of the file
Step 4: Upon successful verification, the file is displayed in the search return window.
Would this add to much new traffic to the network? I'd hope not...
Re:Slashdot values (Score:4)
Nobody wants to censor advertisers - they are welcome to put up a web page with their advertisements for those who are interested. However, they aren't welcome to use my network to send me their content without my request (and neither are the publishers of those other types of content). Also, they shouldn't be sending me ads when I really requested music, for instance.
As a separate issue, I don't feel that the information necessarily wants to be free if it is copyrighted. It is a caricature to say that all /.ers feel that way - they are just the most vocal about their opinions.
Re:Since the site's slashdotted already... (Score:2)
I consider the relative anonymity of gnutella to be more significant than it's current use. The solution to the imposter problem will probably be publishing a kind of signiture, a document signiture, as a kind of filter. That way instead of just requesting "a Strawberry rubarb pie recipe", one would need to ask, and filter it against the document checksum (which should be the first bytes transmitted). It it doesn't match, then abort the transmission. If it does match, then check the file using the checksum as a key, and only display/save the file if the checksum matches.
It might be better to have the file encrypted, and then use the "checksum" to decrypt it block by block, but there would need to be parity bits that would only allow decryption to proceed if the checksum matched the expected value. This would prevent forgeries from being received at the block level rather than requiring the entire file to be received before the forgery could be determined.
This has the cost that you must know more about what you are looking for. If you don't know the checksum and key, then it will be easy to slip forgeries into any anonymous channel. If you do, then it can be sufficiently difficult that it isn't worth the effort.