mersenneforum.org  

Go Back   mersenneforum.org > Other Stuff > Forum Feedback

Reply
 
Thread Tools
Old 2005-05-06, 02:04   #1
ixfd64
Bemusing Prompter
 
ixfd64's Avatar
 
"Danny"
Dec 2002
California

2×19×61 Posts
Default spam bots, this is for you!

Come and get some!
ixfd64 is offline   Reply With Quote
Old 2005-05-06, 02:16   #2
jasong
 
jasong's Avatar
 
"Jason Goatcher"
Mar 2005

1101101100012 Posts
Default

This SEEMS like a good idea, but does it really work? It'd be interesting to find out how a spammer handles this, or if they can even handle it at all.
jasong is offline   Reply With Quote
Old 2005-05-06, 02:30   #3
Prime95
P90 years forever!
 
Prime95's Avatar
 
Aug 2002
Yeehaw, FL

11011111101102 Posts
Default

Spammers also forge return addresses using a name from their database. When they use my return address, will I be the one to get the bounced email?

Whether it works well or not, I like the idea of fighting back in whatever way we can!
Prime95 is offline   Reply With Quote
Old 2005-05-06, 03:59   #4
Ken_g6
 
Ken_g6's Avatar
 
Jan 2005
Caught in a sieve

18A16 Posts
Default

It might work better if the bad e-mails weren't just on that one site that the spammers can block.

So here's a bunch copy/pasted from there!

Code:
onzbakzlkv@omhtlisuyvmzhes.net
emqsrxlsla@wzbrlmvaqibujod.com
dmbbrkdtmg@avhmoneydfrzfba.org
mqgisysful@tybpcxzubfuolia.org
pfnyggjxao@dyaitsxtgfxiyej.com
cztuegftmx@rcpnwofkxrujbot.com
uxvgjrjnrn@knsdasxyrrcbrts.org
xcalpavwdv@ikufntzygbwmjwp.com
ruswamsazh@otaecitnrgfjzzx.com
lubbzyewoh@zsdohylyoxuwxat.net
yqbyujpsrh@dowcqaheahrpjqb.com
byencyvemi@auycnccyjbjbuzd.net
uvguzifkmp@rjgctsmgbdqxpze.net
funjdajeub@ptajowdjblhdzjx.org
ibdmwgejmi@qzkfsgpvhystrks.net
xkbdofljyt@dtckvwgoezvupfc.com
wpujcbbnuj@bltubbmazwwphsd.com
xaczxfkvhx@ikydtoixbsfqyga.net
jwtftdqmio@ijmhgzekviwajtq.com
vlhsgvtgfh@jeobwvqkrqxlphs.com
ahqtexyvco@fuqngjnqozqmdcg.org
wovfgndqpo@exjnummcxalgtzw.com
cgxkenenob@eivdktqkdubgqfs.net
yqvtifogvp@fklhseeeyksoocb.com
iilatsucdd@hnvgxiyrzaenvop.net
vypjbibbov@clvdtbtvzlosyjj.org
kagfugyygo@mhmxfuxmzasrxmk.org
llzrkbvvtf@xzkxprsdloohjqp.net
uojswoiqdk@suwbgspandgdiew.org
wynexspdme@dhkdtibafqqzjzc.net
glmfabpslz@nyaanfjincdvwup.net
xlaenushkj@kpcfevfjjfogepy.net
fqsdlcidkx@wrsyrztpjpzmqyk.org
swlpiyesxd@ncapegaavyjajeh.net
stgzfnzxuj@pfofbuhqgsttkry.com
sislaazmhd@jhbktkspnowzzan.org
mwiawndhef@tysnzvdmhrssvpe.org
soufnixeat@stoxgrxyrsswswc.org
ncnhwupiri@eyycnpqkwqyvgbw.net
lmguaxuhrm@qztfcsauuxymgna.org
kyuzpxcuro@vbydwchtshkvgni.org
qjanhtwurv@ufhoquljydxfdka.com
mrtnahvztb@scsuieeoueeyagt.net
slbyoqqarp@zeixwfzkfyeezoq.com
ikmwjodzda@dsuhmozdjmsebky.org
licxshpdrf@wpquahyhjbcbtdo.com
adaxckibds@cwlysmvfisfmkqx.net
rmlvhptjpa@lnlfmdabmwydqbd.net
yaqqpboxbf@zxtybneoqcrpfjr.net
awmsoedhik@plrahpsongpnmwa.net
tcfxovzkzr@ylkmkkksgphzyel.net
jeuyjfmmxu@asbqrbzhglzdqiz.net
qfldxgtzzs@tcetddijlzzpmtv.net
dkzblzoalg@fmiremmvxzlguyg.net
dqdtgbyyae@aoaswzqngcmzmgm.net
reklwpriye@mbizkryclqqdgec.org
ezwdzyjqrw@xuonjrtvitrbzsz.net
rlxifofhpa@sehhotmuegfrgkv.com
yuinighqaf@omvyxmbczjjntpy.org
mystcqgpyh@svkhkmaqqzslmry.net
pagitxlufq@pehdatrsrgzgirr.net
hgmoymhujo@wvajrhqvcshfkds.org
nwhdczkibv@naxthbrbmzsndao.net
cbtcrojiob@wntyqrwukikajde.com
iqpotjkubd@bmwuxptmpkmccax.com
equlukqvue@burllsgnhrddunt.net
cgqqnjkbnp@ljnhwuizmynrwbz.org
fntgsrxesa@yewwnjpxsxkanvi.org
leuleebmzw@nekytovfmudikvg.org
dkmutmvipz@gosfqrldfhhjjbu.com
kygbotjfnf@zkuzdwgzglaffsn.org
qjmqwzogoq@dsalmmuqmthgfeu.net
evlucayqyv@xwmcuumevbgrvuh.com
stokgiympb@bbwkqsvswbsaykl.org
lgfdrpeudo@rubyvnwhhyihoya.net
wzsbyjlyqp@qjrewvtqtmodkry.com
rtuqigkopz@dvzxqcuqwcnizyi.org
averhoyezj@rcwobgvjobiviwt.org
fimjhokojh@rdrsxdduqzckkwy.net
rofbjghnzk@pvzeiwdbdmnavcd.net
lkhxfaqjjd@xlkbodfruavaxpa.net
mzdkvrenmf@rmkyidruugrfwdm.com
pjmflfugyh@ukcedxwmgrqoohx.com
vwippruigg@njcbfyfdoiivdpe.com
uyljoopint@wmusxrgehvozmer.net
ocyaxvzmvo@wejhhmgfrgenptq.net
mddxfquhoc@dzdmybxuhugotnh.net
ojmfedfclb@wvxbugctgfhnrqu.com
cldnvqhlot@tgfhwretwqhvsum.com
iqudupvtiu@avfsxohpswarybm.com
fnvqtrprhm@btnsoidubtqzpwm.org
rmbmhbwqyv@mvfggbkjljpazol.net
jmmjupeoas@wygtlsaatckmcqd.org
mihnndsrmd@qzyhsrkcilysvrb.com
tqvpzhfgvt@buigzhxriabvidc.net
dgkokwglke@abanwcjsnjkvjrr.com
yocxtiakog@pgbnlbyeafrgtvv.com
lacwotpuoh@huivpdmufobimhu.net
xskyimdxsd@ilupezedqqzkruz.net
tlzcpykyfq@kduomzwigeleavl.org
Come an' get it!

But it may still do no good if the DNS names are invalid.
Ken_g6 is offline   Reply With Quote
Old 2005-05-06, 17:00   #5
Peter Nelson
 
Peter Nelson's Avatar
 
Oct 2004

232 Posts
Default

Ken the email addresses you just pasted are static.

You probably didn't notice but the ones on the site were dynamically generated by a script on the server.

ie clicking the link which points back at the page would regenerate a DIFFERENT list.

I suspect that some harvesting software may be sensible enough not ignore following links to the same page address, so perhaps more than one dynamic page would be better.

Also one problem is that having harvested software spam generators will attempt to verify addresses. They will send out spam, for example with a very small image link .gif so that for valid addresses, a user viewing the spam will generate a web hit. This confirms that someone received mail to that address. Even if you delete the message, more will be sent. Clearly spam to these random addresses will never get verified this way so the advanced spammer will quickly remove the bogus addresses from their databases.

Another problem is that the domain names are random, as opposed to genuine ones. The spammer can quickly sift their database of garbage by doing domain name lookups for unknown domains. eg hotmail.com may be new so a DNS lookup verifies it, and future hotmail addresses are possible candidates whereas @myrandombogusdomainfdhjsjkfjhk will never be accepted as valid because a DNS lookup fails.

To save DNS lookups and associated time/bandwidth, a smart spammer may even decide to just accept harvested addresses using the 1000 commonest domains for addresses. They will quickly build their own list (or if you like "cache") of these eg yahoo.com, aol, etc. Therefore a domain never seen before (in the list) can simply be discarded.

I think the page is a good effort so the link to it here in the forum may inconvenience SOME spammers.

However as I have explained, there are some simple techniques that can severely diminish its effectiveness.

If for example the page were to generate random addresses AT common email domains like gfhkdhgkdfh@hotmail.com etc then these would be more difficult.

Further if I include on such a page a traceharvest@myantispamdomain.com then I could use custom software to recognise mail to that address as spam and contribute the message to a database of mails to be rejected (from any address)

Further, if these emails contain a hidden .gif or similar lookup (typically used to verify addresses) these can be identified and traced automatically. Unlike mail addresses which can be spoofed, these verifications must be made to real servers whose logs are used by the spammers to update their database.

Messages to the upstream ISP where these machines are hosted may point out if it violates their AUP agreement, and *might* get the site taken down.

All in all, spam is not a simple problem to solve, whatever is put forward.

One approach is to obfiscate email addresses online eg johnremovethis.smith@microsoft.com

Another approach is to make your email address on your webpage in the form of an image.gif displaying the address in a particular font or mix of fonts.

Tests have shown that putting your address as a mail to link on your page typically gets harvested and spam sent to it.

Also be careful what sites you give your address out to, and whether they display this on pages in forums etc. mersenneforum.org is fine in this respect because it uses nicknames.

Last fiddled with by Peter Nelson on 2005-05-06 at 17:03
Peter Nelson is offline   Reply With Quote
Old 2005-05-06, 18:23   #6
ixfd64
Bemusing Prompter
 
ixfd64's Avatar
 
"Danny"
Dec 2002
California

2·19·61 Posts
Default

I'll have to say, this script is quite old. A lot of more advanced spam bots can probably auto-delete bounced mail, etc.
ixfd64 is offline   Reply With Quote
Old 2005-05-06, 21:28   #7
jasong
 
jasong's Avatar
 
"Jason Goatcher"
Mar 2005

5×701 Posts
Default

I'm hoping there's a DC aspect that can be used to help fight spam. If anyone knows of a way that a grunt like me can help fight spam, please send me a PM. Btw, I'm already familiar with the obvious ones: (1) Don't reply to an unsolicited email, don't hand out your email to a site you don't trust, etc.

thanks
jasong is offline   Reply With Quote
Old 2005-05-07, 10:54   #8
Mystwalker
 
Mystwalker's Avatar
 
Jul 2004
Potsdam, Germany

33F16 Posts
Default

Quote:
Originally Posted by Peter Nelson
Another approach is to make your email address on your webpage in the form of an image.gif displaying the address in a particular font or mix of fonts.
eMail address harvesting scripts are often optimize for speed - so I guess most of them only check for traps, but don't do extensive scanning such as ORC of gif files or looking for "removethis".
It just takes too much time - you can find maybe 10 more addresses in that time. In addition, those who use these obfuscations aren't the target group for spammers...
Mystwalker is offline   Reply With Quote
Old 2005-05-08, 19:15   #9
Xyzzy
 
Xyzzy's Avatar
 
"Mike"
Aug 2002

11110100000002 Posts
Default

Quote:
Originally Posted by Peter Nelson
Also be careful what sites you give your address out to, and whether they display this on pages in forums etc. mersenneforum.org is fine in this respect because it uses nicknames.
We have our member list disabled for this very reason...

http://www.mersenneforum.org/memberlist.php?
Xyzzy is offline   Reply With Quote
Old 2005-05-08, 21:51   #10
IronBits
I ♥ BOINC!
 
IronBits's Avatar
 
Oct 2002
Glendale, AZ. (USA)

3·7·53 Posts
Default Project Honey Pot

http://www.projecthoneypot.org
Why not sign up for this to?
Get the harvesters
IronBits is offline   Reply With Quote
Old 2005-06-18, 16:12   #11
OmbooHankvald
 
OmbooHankvald's Avatar
 
May 2005
Copenhagen, Denmark

4418 Posts
Unhappy

Quote:
Originally Posted by jasong
I'm hoping there's a DC aspect that can be used to help fight spam. If anyone knows of a way that a grunt like me can help fight spam, please send me a PM. Btw, I'm already familiar with the obvious ones: (1) Don't reply to an unsolicited email, don't hand out your email to a site you don't trust, etc.

thanks
Once upon a time there was a DC project called "Make Love Not Spam" but it was (unfortunately) illegal or something and got shut down.
http://www.distributedcomputing.info/recent.html
Now the Net is crawling with viruses by that name, so don't try to download it from any place! It's dead!
OmbooHankvald is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking malicious 'bots... chalsall GPU to 72 0 2017-10-27 17:07
Spam Dubslow Lounge 2 2012-01-23 04:22
Ton of spam posts jasonp Forum Feedback 9 2009-07-19 17:35
Spam davieddy Forum Feedback 4 2007-03-19 03:55
Spam Alert (all over again) S485122 Forum Feedback 8 2006-11-10 15:51

All times are UTC. The time now is 12:12.

Fri Nov 27 12:12:24 UTC 2020 up 78 days, 9:23, 4 users, load averages: 0.92, 1.12, 1.18

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.