Examining an Automated Spam Tool 415
Saint Aardvark writes "SecurityFocus has published an excellent column detailing how spammers r00ted an Apache server, and used it to send spam. The tool they used is (I hate to admit it) pretty sophisticated: it has macro capabilities, picks up email addresses from and reports success or failure to the master server. It's a very frightening read...and so is this: Message Labs reports that they now intercept 27 spam emails per second, up from 2 per second this time last year. Virus-created proxies are mainly to blame."
All this really makes me wonder... (Score:5, Funny)
Re:All this really makes me wonder... (Score:5, Insightful)
after all, I am a female.
Re:All this really makes me wonder... (Score:3, Funny)
Re:All this really makes me wonder... (Score:5, Funny)
Re:All this really makes me wonder... (Score:5, Insightful)
If you think about it, there are some really intelligent spammers (even though they are disgusting scum of the earth). They're always one step ahead of us and are figuring out new ways to spam us.
On the other hand, the people who buy stuff from spam are just plain morons. period.
Re:All this really makes me wonder... (Score:3, Interesting)
I think you're giving them too much credit. Technically, it's a lot harder to selectively ignore certain people then it is to yell at everyone. Staying "one step ahead" really isn't that difficult.
Re:All this really makes me wonder... (Score:2, Interesting)
I e-mailed their sales dept and informed them that I would have signed up for their service if I heard about it another way, but would instead be going with a competitor because of the way they went spamming.
The products themselves take care of that (Score:2, Insightful)
People who buy pump&dump-spamvertised stocks lose their money.
People who buy bogus-prescription opiate painkillers go to sleep all the time and lose their nationwide radio shows.
People who buy penis enlarger pills have their dicks fall off. The problem is that they're usually older men who have already made their contributions to the gene pool, so Darwin doesn't get them in the end.
The problem, of course, is that all of these bad things happen to the
Re:enlargements (Score:5, Funny)
Re:All this really makes me wonder... (Score:3, Interesting)
You both make excellent points,
a. go after the spammer
b. go after the people that fall for it
Yet they're both chicken before the egg type of solutions.
It was a weak protocol that let the genie out of the bottle. Open relays were a part of the net in the beginning because spam didn't exist, there was more co-operation between sysops, and because the net was mainly comprised of scientific and academic types.
Actually, what is really needed is a new mail proto
Re:All this really makes me wonder... (Score:3, Interesting)
For example mandate that ISPs charge 1 cent per e-mail sent from user, and see users to make very sure their computers are secure and not spam relays. Of course this also needs a cap on mails/day, or more like cap on $ spent on sending mail per day so users don't get burned too bad...
Or mandate a CPU challenge per e-mail sent from a MUA that takes 10 seconds to solve per recipient for something like 1GHz x86
No Death Penalty, Please!!! (Score:5, Funny)
No, not yet! I'm only halfway through my penis-enlarging regimen!
Nivenate 'em (Score:2, Funny)
Re:All this really makes me wonder... (Score:5, Interesting)
Jokes aside, while not being compromised myself I have gone through a similar process investigating distributed server farms on cable and DSL serving counterfeit software (once again advertised by SPAM). In all cases the final step ended up being somewhere in Russia at least 600km from of Moscow.
The method of intrusion is different though. In all cases it is windows software. Common examples are the one which copies DVDs to CDs (with all offers seen over the last 2 months being a trojan). Basically this, along with several similar common SPAM sucker gatherers is used for guess what - to gather suckers. The software actually works, but it contains a fairly sofisticated remote access trojan.
This has recently been extented to include sucker gatherers introduced in counterfeit branded software. Basically, you pay 39$ for a counterfeit Win XP pro at "OEM Clearance Sales" and get a Win XP pro with a "surprise".
Servers are all over the world, mostly on cable networks (strangely enough very few DSL ones). DNS (which is the weakest link) is run by known "questionable" marketing hosting sites usually in the US.
With the number of suckers around trying to copy DVDs onto CDs frankly I do not see a reason for all the effort into hacking sites with vulnerable lame PHP software. So I guess these were some "new kids on the block"
Spammers know what they're doing (Score:5, Informative)
Re:Spammers know what they're doing (Score:3, Interesting)
I could have sworn that this was illegal. I mean, it's like some random person changing the lock on my door, giving me a copy of the key, but keeping a copy for themself. If they don't have my permission to do that (read: informed consent), I'm willing to bet that they'd be severly prosecuted.
If, however, it's NOT illegal, what the hell? There'd better be a good reason for it not to be.
Re:Spammers know what they're doing (Score:5, Insightful)
It is illegal, but then again, many of the products and services the spammers are pimping are also illegal. The legality (or not) has very little to do with it.
Re:Spammers know what they're doing (Score:2)
Really, the drug/user market isn't that much different from the spam/buyer market...except perhaps more people hate the spammers...
Re:Spammers know what they're doing (Score:5, Insightful)
The Marketer is Responsible Too (Score:2, Interesting)
Re:Spammers know what they're doing (Score:2)
Not a good reason at all, but unavoidable I imagine. If only we could link spam to illegal music downloads! Let the RIAA subpoena them all!
Comment removed (Score:5, Insightful)
why not e-stamps? (Score:4, Interesting)
I dont see what the technical or social barriers are. For example, it would not require any change in the way mail is transported. Instead it would all be handled by the recipient's browser.
consider the following straw man scheme. I send you an e-mail.
1) If I am in your white list the e-mail is accepted.
2) if not then the e-mail is examined for a signed, serial numbered e-stamp and if present a short message is sent to central post office to debit the senders account one penny, and a receipt is returned to my e-mail program which then lets the message in.
3) Finally if the message does not contain a stamp and is not white listed, the message is put in a spam folder and a memo sent to the sender (me) telling me that I need to request permission to send e-mail.
The last step is how for example Earthlink's highest level spam blocker works. If most messages are spam then of course it doubles the total number of messages sent, but does not double the total message sizes or hand shaking. To the extend that it works, the post offices will only be consulted if the sender is not in the white list so unused stamps can be reclaimed. Moreover one could have the option of refunding the senders stamp if the message were welcome.
I dont see what the sociologocal or technical hurdles are. Not every one has to be using the stamp processing client program. When stamps are not present it defaults to the earthlink system. When they are is skips that nuiscance.
the best part is that legitimate direct mailers might very well be willing to pay the postage to send you an advertisment but presumbaly in many cases these would be targeted ads to people with potential interest.
Re:why not e-stamps? (Score:3, Insightful)
No offence, but many people more technically gifted than you or I have been wrestling with these issues for years and still haven't created a solution because the problem is a hard one to solve.
On a simple level, consider this - in order to migrate from the SMTP protocol to "something better", we would either have to (a) have the entire world convert simultaneously to the new standard or (b) allo
Re:why not e-stamps? (Score:3, Insightful)
Yup. Then my anti-spam system sends you an e-mail and you, the spammer collect my penny...
... my anti-spam system sends you an e-mail telling you to request permission. Then your anti-spam system sends me an e-mail tellin me that I have to request permission. Then my anti-spam system sends you an
Or
Re:why not e-stamps? (Score:2, Interesting)
The problem is that when you use the EarthLink system, you become a nuisance to hundreds of others around the world.
I currently am up to about 300 spams per day. Most of those are forged addresses--which means they belong to someome, just not the spammer. If I used the EarthLink system I would be sending "challenge" messages to about
yep (Score:2, Insightful)
Something desperately needs to be done with SMTP to control this stuff....
Re:yep (Score:4, Funny)
All jokes aside, this sucks that people will steal bandwith and commendeer other peoples computers. If we do not correct this problem, Microsoft might decide their "trusted computing" is the anwser because it would identify everyone and market it as "more secure". Have you seen the butterfly that keeps porn away from your kids? Or ISP's could blacklist anyone who is not on their "approved list". I guess freedom of speech is wothless if 100's of spammers are yelling all at the same time. Is there any way we call all yell "SHUT UP" back at them?
Re:yep (Score:2)
Did you read the article???
Any kid that could pull this off obviously could get quite a nice job as a sysadmin. I could not even follow most of the article!
Re:yep (Score:5, Insightful)
Yes. It needs to be completely blocked at backbone routers, and new and better alternative developed.
So, the steps would be
1. develop a better alternative as fast as possible, and make it as simple as possible to implement.
2. deploy the better alternative for test use.
3. develop a fixed version 2 of the better alternative after it's holes are discovered.
4. deploy the fixed version.
5. block SMTP and version 1 of new protocol at international and national backbones and national borders, so that everybody is forced to switch.
So SMTP would still be completly usable for example inside organizations, so if a company has huge installed base of legacy software, they could have internal SMTP-new protocol gateway.
Of course this would require IETF to get their act together, and various governments to agree that this must be done, and actual new protocol to be simple enough and not contain patented algorithms or any other stupidities.
So it will not happen. Then spam will overwhelm the internet transfer capacity. Then SMPT is blocked and free internet e-mail will cease to exist. Proprietary solutions will develop, but there will be a chaos. Incidentally, Microsoft will happily provide a closed proprietary system only usable from their operating systems.
Re:yep (Score:3, Interesting)
- "CPU cycle" stamp in every outgoing mail.
- Making the To-field to actually determine the recipients
- Making From-field actually identify the sender (by being added by the mail server software, not by client software, so email-specific login to the server would be needed).
- Integrating signatures into the protocol in different ways, at least to identify the ori
Well... (Score:5, Interesting)
Seems greed has once again turned around and bit someone in the ass (in this case it was a good thing). So all these spammers really need to do is slow down the avalanche of spam somewhat, and throttle their speeds when relaying. Otherwise, how long would this have went on for if he hadnt noticed his upload being maxed?
Re:Well... (Score:2)
Thats why all our xdcc bots were set to have max upload speeds.
And we didnt quite fill their hd's so that they didnt run out of space all of a sudden
If only (Score:4, Insightful)
They "r00ted" a native american waiter? (Score:5, Funny)
Re:They "r00ted" a native american waiter? (Score:3, Funny)
We'll the crackers were nice - they allowed the guy to keep 2% of his bandwidth in reserve.
Why do you hate to admit it? (Score:5, Insightful)
One of the most fatal mistakes you can make in any conflict is to underestimate your opponent.
Re:Why do you hate to admit it? (Score:2)
When will we have first anti-spam people to "disappear" or even murdered as an example to those who would try to hurt the profits of these people...? Or has this already happened?
Bad getting worse... (Score:5, Interesting)
Although I haven't experienced spam that goes so far, I have received (in my special spam account for playing with Nigerians and lottery managers) quite a few mails with requests to confirm my e-mail address. It works like this - you get a mail saying something a la: "I am controlling the e-mail sent to my inbox for the following address: sucker@born.every.minute.com. By asking for you to confirm that you really sent email to me I can ensure that I receive no spam and that your email address really exists. This is a one time confirmation, please click the link below and your email will be delivered straight away, now and in the future. Regards, Alberto Huber"
The funny thing about it was that the "I" in question was neither someone I sent mail to nor someone I know at all.
Now if they think I'm going to go click the link to confirm that my e-mail address exists, then they would surely be willing to buy some property on Mars I have for sale. Radiation-free. Really.
TMDA (was:Bad getting worse...) (Score:2, Insightful)
stupid gap in PHP... (Score:4, Interesting)
PHP, at least when I was looking at it a year and a half ago, always felt half-baked to me.
Re:stupid gap in PHP... (Score:3, Informative)
Re:stupid gap in PHP... (Score:3, Informative)
You see Register Globals has been OFF by default since 4.2.0 which was released 22-Apr-2002.
But yes it is a mess.
Re:stupid gap in PHP... (Score:3, Informative)
Frickin' moderators, so many people are so quick on the negative triggers, and not in a helpful way.
Re:stupid gap in PHP... (Score:2)
Re:stupid gap in PHP... (Score:4, Insightful)
Do you understand the issue?
In summary, a default where the global variable namespace of your program is settable by any bozo with a web browser is a poor design. Sure, a good programmer will take steps to make sure he knows where his or her data is coming from, but a language shouldn't encourage such public exposure of fundamental things. (which is why the default changed, according to other posters here)
New protocol? (Score:5, Interesting)
If we can somehow get a list of relays authorized for the sender's domain, it would be easier to flag a message as SPAM.
Also, I think the messages should be stored on the relay, with just a URL sent in the mail body. It would solve two problems:
* The size of the message will be limited by the size of the sender's mailbox.
* It will use more resources on the relay, and the admin should be less likely to run an open relay.
Re:New protocol? (Score:3, Informative)
Also, I think the messages should be stored on the relay, with just a URL sent in the mail body. It would solve two problems: * The size of the message will be limited by the size of the sender's mailbox. * It will use more resources on the relay, and the admin should be less likely to run an open relay.
This has allready been proposed by Dan Bernstein: IM2000 [cr.yp.to]
Re:New protocol? (Score:3, Informative)
Hatred of DJB (Score:3, Informative)
Do-it-yourself blacklist? (Score:4, Interesting)
Instead of having one mail server for your home or organization, you have two. Except one is secretly useless. It just blackholes everything that's sent to it.
You buy another domain and list the blackhole as the MX record for the new domain.
You sign up for a bunch of email marketing lists using addresses from the blackhole domain.
Everything that gets sent to the blackhole server is by definition spam.
The blackhole server also runs DNS. You set your real mail server's RBL DNS to point to the blackhole server.
Every time the blackhole server accepts a connection on port 25, the blackhole server immediately drops the connection (so no wasted bandwidth) and updates DNS with the originator's IP address.
You now have your own local blacklist, you don't have to trust somebody elses. Keep a log, if somebody bitches about it you can say "Well, somebody sent spam to my blackhole server on this date at this time from your IP. Suffer".
You'd have to combine it with a whitelist to let Yahoo and Hotmail and so on through, but you'd still kill a lot of spam.
Thoughts?
Re:Do-it-yourself blacklist? (Score:4, Interesting)
OK, but remember, you did ask.
First of all: what you envision is nothing new. It's called a 'spamtrap'.
The most important thing is that it relies on security through obscurity - as soon as the spamtrap addresses become known, they're useless (and can actually be used to fsck you up.) If you think this won't happen, I urge you to read the article - this spam machine isn't stupid, and will find your spamtrap addresses faster than you think.
Every time the blackhole server accepts a connection on port 25, the blackhole server immediately drops the connection (so no wasted bandwidth) and updates DNS with the originator's IP address.
Pretty simple - anyone who knows the spamtrap address(es) can now DOS your legitimate mail server by sending mail to your spamtrap. (I realize you noted this, but included only Yahoo and Hotmail.)
Spammers get your spamtrap address, they have infected machines on many different ISPs, so they send mail to your spamtrap using those ISPs' (again) legitimate mail server.
Congratulations, you have just stopped receiving email from every ISP on the planet.
yes it is profitable (Score:5, Insightful)
even with all the crap that people are doing, new SMPT clients, new RFCs and bullshit, it's not going to work!
why? because spammers pay their ISPs tens of thousands of $ a month just for the privilege of spamming!
I remember an old story months (or years) ago about a spammer, got tracked down, the whole nine yards, the ISP refused to cut them off because they were paying the ISP over $50,000 a MONTH to send spam. These days they pay even more.
So all your "checks and balances" don't do any good, because the spammers are VALID users (at least in the eyes of the ISP hosting them).
And this is also why no one does egress filtering. AT&T US, etc won't do it because they get PAID to keep sending the stuff...
face it, spam is BIG business, it makes millions, esp for the ISPs, etc.
all your useless "valid" client checks, checksums, special SMTP servers, blah blah blah won't make a damn of difference.
the only way is with either good (huge) blacklists or bayesian all over the place.
and what someone said about "end users" not caring about bandwidth usage, not true. I'm an end-user, and I care, excess bandwidth costs me money dammit! I am my own mail server, so don't tell me a firewall on my server is gonna slow down the traffic. it doesn't.
I keep to my original proposal, a massive blacklist. headache? yes, but it'd work if kept updated...
Re:yes it is profitable (Score:2)
Most people don't care about bandwidth.
"yes, but it'd work if kept updated..."
never work, becasue A)some spammers are a legitimate ISP customer. You cu of that ISP you cut off al the non spamming emails.
also, there is no insentive to spend the money to keep checking its validity all the time.
And it has the tacit involvement of real companies (Score:2)
I'm not sure how the spammers re-close the loop with mainstream businesses, but I'm sure its happening.
Re:yes it is profitable (Score:5, Interesting)
Because SPAM as a whole is becoming illegal in many areas, and much of what spammers do is already illegal. If the ISP is allowing the spammer to continue operation, and he is pumping illegal products/scams/etc then the ISP will be on the line.
It's one thing to profit for unscrupulous activity, it's another to knowingly allow an illegal one.
Making it easier to certifiably track spammers is part of the solution because if you can say with strong surety that an ISP is supporting the spammer... then you can take action against the ISP.
Re:yes it is profitable (Score:2)
There is no magic silver bullet that is going to make spam go away. The key is bringing all of these various pieces together, thereby closing the loopholes bit by bit until it is no longer feasible for spammers to continue their operations.
Re:yes it is profitable (Score:2)
Spam is also profitable for all of the companies selling anti-spam products. How many of them would go out of business of spam was stopped tomorrow? Is it really in their best interest to stop spam?
this is good (Score:2)
Gets traced relativly easy to the server, a patch is issued.
This is probably the most benign thing that can happen from an exploit, and it is easy to track down. Finding it in a research center would be better, but barring that, this ain't so bad.
Prison (Score:2)
Rich.
And the worst news is. . . (Score:2, Funny)
OpenBSD on macppc (Score:4, Interesting)
This is going to make me move my web server to OpenBSD 3.4-stable on macppc even sooner. It would have two layers of defense against this kind of attack, even if the PHP hole was there.
Running under systrace might also help stop it from opening outbound connections.
Re:OpenBSD on macppc (Score:2)
OpenBSD on SUN hardware is even better: Sparc chips have built in executable protection.
Sparc hardware nativly allows processes to set chunks of memory as "allow code execution, but don't allow self-modifying code".
Unfortunatly curent x86 hardware lacks this feature without a lot of work.
Pretty good article (Score:5, Insightful)
apache wasn't rooted, an installed PHP app was (Score:5, Insightful)
Spam funders? (Score:3, Insightful)
Re:Spam funders? (Score:3, Interesting)
The most reasonable guess along this line would be the drug companies trying to sell to an underground market. But everyone knows that the drug companies are fighting hard to keep the drug prices artificially high in the US, so what would they have to gain too? I mean, have you looked at most spam lately? It certainly doesn't appear to be a case of a real company trying to make a legimate p
Re:Spam funders? (Score:4, Interesting)
And then I suppose that once the basic spamming infrastructure is established and paid for by that, there's ready market for getting other businesses and plain scammers to do spam marketing, thus increasing spammer profits more and pushing down the price per email.
A question regarding education/tracking? (Score:4, Insightful)
1. Most spam mails are selling something physical and are actual companies; why can't they therefore be tracked down and slapped with lawsuits easily?
2. Why doesn't user education work? Maybe a mass education campaign towards users will make the spammers give up - I agree there will always be the odd idiot, but if 99% of users are educated, just like most kids know not to talk to strangers, there will eventually be a decline in such?
Re:A question regarding education/tracking? (Score:5, Insightful)
2. No, 99% is not enough. A 1% response rate would be insanely high. Even a 0,01% response would easily be enough. Because it costs next to nothing, with next to nothing in risk.
To pull on your "99% of users are educated, just like most kids know not to talk to strangers" analogy, it wouldn't work if the pedos could ask thousands of children simultaniously (i.e. no cost of time) and none of those that refused would report it. Who cares if 990 turn you down, if you can have a 10-kid orgy every day? Sounds awfully cruel, but that's the way spam works today. They pray on the few stupid enough, and hope that the great majority will simply hit 'delete'.
Kjella
Re:A question regarding education/tracking? (Score:3, Interesting)
True, but what if said companies were publicly outed and humiliated? What if an orchestrated effort was made to let said company know exactly how the world feels about their carelessness in hiring their PR firm? Would that not be sufficient to send the message that if you hire a PR c
Spammers Hiring Goatse Trolls? (Score:4, Funny)
That sounds suspiciously familiar, especially when you substitute "e-mail" with "innocent-looking links to Amazon.com".
SpamAssassin makes me not care (Score:2, Redundant)
Now my main concern is not getting rooted (or the equiv').
Re:SpamAssassin makes me not care (Score:5, Insightful)
Not selfish. The word you want is stupid. Your attitude is equivalent to saying you don't care about massive water pollution because you've got a really good personal filtering system that can make a small amount of drinking water safe, so you don't care about pollution, say, killing crops.
The problem with spam is that it is threatening to overwhelm the basic infrastructure of the net.
Finally! (Score:4, Funny)
On a more serious note, the telephone contact given in the RIPE lookup is a bogus one (lacks one number to be a valid portuguese phone number), the "Rua do Norte" street doesn't exist in Lisbon and SBTF isn't listed in any portuguese site that deals with companies registration.
Some say "bad publicity is good publicity"... I would rather not have my country mentioned by these particular reasons.
But... the guy reporting it is from Spain... this could be some devious plot to, er, something.
cheers
spamtools (Score:5, Informative)
I have made an eigenpoll [all-technology.com]
to find the best spamtools.
First ranking the tools you know,
the it runs some data minning and find the best tool.
Right now the list looks like.
sa-exim
Outclass
Mail Scanner
spamprobe
POPFile
SpamBayes
SpamAssas
Vipul's Razor
Blackmail
bogofilter
Infinospam
Spamthi
Shovel
SpamBouncer
Declude JunkMail
spamhole
Re:spamtools (Score:2)
Re:spamtools (Score:2)
how to fix the problem (Score:5, Informative)
Re:how to fix the problem (Score:4, Informative)
Except.. it wouldn't have, in this case at least. Gallery works with register_globals turned off, I just checked.. but then I noticed the code (this is in init.php if anyone wants to check):
The extract() function [php.net] basically takes everything from the _GET and _POST arrays and dumps them straight into the appropriate variables, which is exactly what register_globals does. Whether it was turned on or off, you would still be able to pollute the $GEEKLOG_DIR variable via get/post. This is a pretty braindead piece of coding right here, and makes me a little worried about using gallery. I hope they plan to fix this in the future.
Re:how to fix the problem (Score:3, Interesting)
Ess
Need to block port 25 all over (Score:4, Interesting)
All ISP or the like should block port 25 outbound by default, and make people use the smtp server of the ISP. If people (1 out of 10.000) would like to use port 25 outbound, they should contact the ISP through a bureaucratic procedure. That would close the trojan hole at least.
Are there any other ports (priviledged/unpriviledged) that one can safely block to avoid trojans and the like???
Re:Need to block port 25 all over (Score:5, Insightful)
I have to run my own e-mail server, because Comcast (my cable modem provider) doesn't allow me to send outgoing e-mails with my real e-mail address, its go to be @comcast.net or whatever their domain is.
If they block port 25, e-mail is effectively shut off for me as a usable technology on the Internet, and I'll be stuck either having to tunnel the e-mail to someone who doesn't have it blocked, or change ISPs.
Hah! (Score:2, Funny)
...oh, wait...
gotta be an easier way to... (Score:3, Insightful)
2) get my rc control car that gives me a reduced mortgage, life insurance and 'elongates' my love life
More seriously, the education needs to be for the people who buy off these people. If people stop using the 'services' then the spammers will move onto some other way of making money.
Interesting, but... (Score:5, Insightful)
However, some of these statistics are possibly obscuring reality. For example, let's take Messagelabs anti-spam service. Until recently, all emails from WorldPay - receipts, etc. - were marked as spam. All the traffic on an email discussion list that I have signed up for are marked as spam. Some commercial email notification lists that I have signed up for (ie. Maplin offers) are marked as spam.
But none of those emails *are* spam. Admittedly, some spam emails do get through without being flagged. So maybe it's a bit 'swings and roundabouts'. And regardless, the situation is pretty depressing anyway.
One thing I have been thinking about - and just wondering whether it should be entered as an Ask Slashdot item - are some of the 'cures' as bad as the problem itself?
I work on biology / medicine journals websites, and we offer a number of automatic notification and general update services. Note that these are *not* spam - they are requested by individuals by signing up on the website - and instructions are given in every email in how to remove yourself from the list. And they are a very valuable service to many people that do choose to receive them. Yet it only takes 1 person to not bother to read or follow the removal instructions, or otherwise hit some other temporary (accidental) issue that holds up their removal, and then submit it to a blacklist service to bugger things up for many other people.
So where is the regulation on the blacklist services? Where is the ability for *genuine* (provably genuine) companies to register their services in such a way that rather than getting blacklisted immediately, they have the opportunity to respond to the issue raised? Is this a small or large price to pay to partially stem the tide of actual spam?
Re:Interesting, but... (Score:4, Insightful)
The market regulates it. A blacklist that is too aggressive doesn't get used. It's really that simple. If your ISP blocks stuff you don't want blocked, compalin to them, or switch. If someone's blocking your mail, it's up to them to complain to their ISP. If they don't, they obviously don't object.
Where is the ability for *genuine* (provably genuine) companies to register their services in such a way that rather than getting blacklisted immediately, they have the opportunity to respond to the issue raised?
Most mail admins don't give a flying fuck whether you are a "genuine" company or not. I got spammed relentlessly by American Express, until I block their entire IP block until the heat death of the universe. If you don't want to be blocked, don't spem. It's not that difficult. Really.
OK. who's behind this? (Score:5, Interesting)
The spam contains ads for the "Asta Design Group", which has been widely spamvertized. A bit of searching turns up this address: [seafishnet.net]
360 NE 49 St
Fort Lauderdale, Florida USA 33334
E-mail: seafish1@ix.netcom.com
Another lead [stewartsintlschool.com] gives us
SeafishNET
360 NE 49 St.
Oakland Park, Florida 33334 USA
(954) 351-7961
seafish1@ix.netcom.com
Same address and zip code, but in Oakland Park, a Ft. Lauderdale neighborhood. Now we have a phone number. Google gives us
Checking the satellite imagery [keyhole.com], that's a tract house backing up to a six-lane highway. It's not a mailbox service.
Since we're talking about felony computer intrusion here, that's the address to give the cops. This may or may not be the intruder, but they probably know who it is.
Re:OK. who's behind this? (Score:3, Interesting)
Given the the German and Russian addresses, I would not at all be surprised if the distributed SPAM software was written by
"The Authorities?" I don't think they care. (Score:4, Insightful)
I keep waiting to hear that the Federal authorities have taken some action in this regard. If you've ever been through US Customs (and especially if you're young, not white, or in any way "unusual" looking) you'll know that they make a great show of looking through everybody's sneakers and dirty laundry on the hunt for "illegal drugs." Even in these times of terrorism, it's their chief claim to fame.
The potential for abuse seems enormous and growing to me. It also seems to me that a lot of the spams advertising this stuff originate in, or pass through, the U.S. If somebody in our town hung out a sign saying GET YOUR PRESCRIPTION NARCOTICS HERE--NO PRESCRIPTION REQUIRED, my guess is the police would take an interest. But we seem to have virtual open-air drug markets operating undisturbed.
If anyone wonders how spammers make money, this is certainly one possible way, and I suspect it's incredibly lucrative.
Questions for you Linux experts out there (Score:4, Interesting)
I was very impressed with the forensics this guy did. It was fascinating. Too bad it's necessary. I wonder how many machines out there are compromised without anyone even knowing it.
Re:Questions for you Linux experts out there (Score:3, Informative)
A realistic solution (Score:4, Interesting)
* Make every stupid person smart so noone responds to spam
* Change every mail server in the world to use a new protocol
* Use client-side spam detection to hide spam and expect the stupid people to use it
Well, I have less than complete faith in any of these methods providing an adequate short term solution. So, why cannot we look at the big picture?
A few major spammers are sending millions of emails. The effect is close to being a DoS attack on the entire Internet. These emails are susceptible to pattern analysis if analyzed on a global basis. Surely what we need is somethng akin to an Internet-wide intrusion detection system. When pattern analysis indicates a spam attack, we simply block the traffic as close to the source as possible.
Wouldn't there be a cost associated with this? Sure. But the spam problem needs to be resolved and this is the only realistic short term solution that I can envisage.
Re:(Slightly OT) Apache R00ted?? (Score:5, Informative)
No, and apache didn't get rooted, either. A poorly written PHP script did.
Re:(Slightly OT) Apache R00ted?? (Score:2, Informative)
Actually, nowhere does it say that root privilege was used at all -- the attack was against a PHP interpreter embedded in an Apache binary running as www-data, and it started a new process which also ran as www-data. The article summary is a bit misleading.
Re:(Slightly OT) Apache R00ted?? (Score:2)
True, I should have said, I believe, pVVn3d, as opposed to r00t3d.
So, the submission should read 'a PHP programmer allowed a variable to be set by an HTTP GET response, and got pVVn3d.'
Re:Prison? (Score:2)
Re:Prison? (Score:2)
Perhaps you can tell me where my organisation can get a fat pipe for fractions of a penny?
Re:Microsoft vs *nix (Score:2)
Nope. Windows is the master of both of those domains, thanks to the power of spam-trojan viruses [google.com].
This article is interesting because it was a PHP exploit on a *nix/Apache box, but Windows is where the big-time spammers do their R00Ting.Re:Not just "sounding better", he is correct usage (Score:3, Informative)
Uh, no. Using "he" as a generic 3rd person pronoun is deprecated, and has been so for a long time. Though I cringe at the thought of women being spammers, and would hope that women would have more sense. :-)
Note that both your references have notations about generic usage and the problems that arise.
The least worst I've heard recently is singular "they".
...laura