Jump to content
Sign in to follow this  
mythsmith

SpamCop Denouncer

Recommended Posts

Analysing many spam emails can be long and painful, because you must navigate through many pages and send many confirmations. How much is the time you waste:

* finding the links, clicking,

* waiting for a new window or tab to open and to load the URL,

* then moving through these pages to read the report,

* eventually confirm and wait for the reports to be sent?

In my humil opinion, too much!

So SpamCop Denouncer speeds up the find-click-load-send part of that procedure. The analysis cannot be skipped: at least you must check you are not denouncing your self or improbable organisations.

It works like that:

1a) Use -f option to download messages from a POP3 account (using fetchmail), and save them to input file.

1b) Use -r <path> to read form a different input file, without fetching anything.

2 ) Get all spamcop reporting URLS from the input file.

3 ) Download all spamcop analysis pages and parse them. No interaction required.

4 ) For each spam-id, present a dialog screen where you can see and select which recipients your report will have. That process is very quick as all information is already locally available. If you are not sure of what you are doing, you can see the full analysis, which was saved to a temporary file in (3) so you have not to download it again. Then, you might pick off some recipients, then Cancel the report or accept it.

5 ) That done, all accepted reports will be sent in one shoot to the selected recipients. No interaction needed.

http://daniele.modena1.it/code/spamcop-denouncer

This Python scri_pt needs fetchmail, grep and dialog. Was tested on Debian unstable.

WARNING: One-day-hacking-scri_pt here! Use at your own risk!!!

Share this post


Link to post
Share on other sites

SpamCop Denouncer v0.2 released!

* Many bugs fixed.

* Ability to parse spam pasted to standard input

* Ability to parse a mailbox and send each spam in it

* Security feature to alert if sensible spamvertised websites are found (eg, your own!)

* Process your spamcop queue (that brings no big time saving...)

* Added a "recently sent" database of spam IDs and hashes, so the risk of sending double reports is minimized

* Added a simple statistical engine, recording quality (mean age) and cost (seconds of human interaction).

Eg here are my statistics:

daniele[at]lami2:~$ spamcop -S1

STATISTICS since 05/27/08 (1 day period):
Reporting quality:   1.687h of mean spam age
Total time cost:  927.9shi, efficiency:	0.9s/spam
Processed: 1137, 162.4/period - Reported: 1041, 148.7/period

Reporting activity (1 day period):
day		processed  reported  sessions  cost	quality
05/27/08   16		 16		2		   0.00	0.00
05/28/08   179		178	   13		106.82	0.00
05/29/08   292		250	   14		245.41	0.00
05/30/08   185		183	   13		189.44	2.01
05/31/08   142		138	   9		 223.98	1.91
06/02/08   141		96		1		  21.42	5.41
06/03/08   182		180	   5		 140.83	3.36

Overall top 10 report destinations
coldrain.net			  605
devnull.spamcop.net	   374
kisa.or.kr				234
hanaro.com				231
certcc.or.kr			  231
ns.chinanet.cn.net		87
ttnet.net.tr			  72
olcab.ro				  60
cert.br				   52
jsinfo.net				42

(note: coldrain is user-defined additional recipient, that's why is on the top)

Have fun reporting more and better, and recording your improvements!

Edited by mythsmith

Share this post


Link to post
Share on other sites

I am receiving a lot of spam without any message body, resulting in SpamCop returning:

"No body provided, check format of submission"

I think bodyless spam is simply a nonsense, maybe used to test spam networks or to simply annoy zealous denouncers.

So today I added a check on the body of the messages: if it is empty, SCD will add a custom string such as:

'This spam email did not have a body. This string was added for reporting purposes'

The spam will then be happily reported.

Edited by mythsmith

Share this post


Link to post
Share on other sites

Just a quick note -- there is something strange going on with that website. Every time I enter it, the blue light on my builtin webcam flashes. Not sure if its actually taking a picture, but will get back to you if it is. The idea that a website could turn on the camera is downright scary.

I'm running Linux, so if you are a Windows user, there may be other surprises.

...Ken

Share this post


Link to post
Share on other sites
Just a quick note -- there is something strange going on with that website. Every time I enter it, the blue light on my builtin webcam flashes.

It's all ok: i included the WengoVisio flash object in the page:

http://www.wengovisio.com/index.php

Visitors can send video and audio messages to me using that applet, if they want.

So your webcam is flashing because Flash is scanning for a connected device - nothing dangerous!

Share this post


Link to post
Share on other sites
It's all ok: i included the WengoVisio flash object in the page:

.....

So your webcam is flashing because Flash is scanning for a connected device - nothing dangerous!

All in th eyes of the beholder .... me, I'd be thinking along the lines of a security issue being exploited.

Share this post


Link to post
Share on other sites

All in th eyes of the beholder .... me, I'd be thinking along the lines of a security issue being exploited.

You can contact Adobe to denounce that if a user enable their Flash product to use webacms, then it will illicitly query the operative system to know if there is one connected.

http://www.adobe.com/support/flashplayer/

I think youtube is seriously infected with that fault :ph34r:

Untill Adobe fixes the fault, you should disconnect your webcam and microphone or uninstall their drivers.

Or, you can forbid Flash to access anyway to your microphone and webcam (also only to check if it exists) when not explicitly allowed.

Edited by mythsmith

Share this post


Link to post
Share on other sites
Or, you can forbid Flash to access anyway to your microphone and webcam (also only to check if it exists) when not explicitly allowed.

So much easier to simply not let that kind of crap exist on your system to begin with.

But again, it's the described unannounced system scanning/tampering that's the real issue.

Share this post


Link to post
Share on other sites
So much easier to simply not let that kind of crap exist on your system to begin with.

You're right, I (you) should uninstall Internet.

But again, it's the described unannounced system scanning/tampering that's the real issue.

Also your browser "unannouncedly" scans/tamper your system to know the OS, the screen resolution, the lang, your precedent navigation (referrer) etc and, in default configurations, sends all those precious data to untrusted remote servers.

That's the way Falsh works. If you do not trust Flash, you can disable it unless requested (as I have done on my computer with flashblock).

I trust the WengoVisio applet and do not consider it carp also because it is part of the OpenWengo suite, an opensource Skype alternative, with the freedom to change service provider: http://www.openwengo.org/

The wengovisio object itself isn't open-source afaik, but I trust the source that produced it.

I'm sorry but you cannot dismantle the trust a person gives to someone/thing unless you provide good reasons.

A program for webcamming that scans for a connected device when allowed by your environment is not such a reason, to me.

Share this post


Link to post
Share on other sites
You're right, I (you) should uninstall Internet.

Whatever.

Also your browser "unannouncedly" scans/tamper your system to know the OS, the screen resolution, the lang, your precedent navigation (referrer) etc and, in default configurations, sends all those precious data to untrusted remote servers.

That's quite a stretch from what I'm talking about, but for the uninitiated, all the above stuff is 'how' the great www actually works.

That's the way Falsh works. If you do not trust Flash, you can disable it unless requested (as I have done on my computer with flashblock).

The continuous security issues and exploits is where my suggestion of "do not allow it" comes from.

I trust the WengoVisio applet and do not consider it carp also because it is part of the OpenWengo suite, an opensource Skype alternative, with the freedom to change service provider: http://www.openwengo.org/

The wengovisio object itself isn't open-source afaik, but I trust the source that produced it.

Fine, you trust this running on "your" system. This part of the discussion is the use of it to reach out and touch other systems from a web-site you are advertising for something else entirely.

I'm sorry but you cannot dismantle the trust a person gives to someone/thing unless you provide good reasons.

A program for webcamming that scans for a connected device when allowed by your environment is not such a reason, to me.

Again, you toss out a URL that is supposed to offer some kind of tool to be used for SpamCop.net Reporting. Why should there be an expectation that visiting that web-site to check out your offered tool results in a system-hardware scan initiated by that visit? Your alleged reason was for follow-on contact. assumedly support issues. That does not justify to me why this scan-thing would show up on the basic/front page .. it seems that this tool wouldn't be 'needed' unless someone chose to select that means of making contact ... so in my mind, it wouldn't need to be activated until that user actually attempted to make contact with you.

Now, with all that said, I see no sign of the scanning action happening on two systems here, see nothing in the code on the referebced URL that should activate any type of scan (ignoring the javasript link, not going to spend the time researching those, yet another tanhent on the secuity issue subject) .. so not sure what was being 'viewed' at this point that would have brought up the initial coment on this.

Share this post


Link to post
Share on other sites

Ok, I will move it to a dedicated "contacts" page.

I personally dislike Flash, but I see is the only technology that actually makes possible these things.

Thinking of another superficial visitor that happen on my blog and begin to scream that I'm looking in his webcam simply don't compare to the (remote) utility of that applet. I considered it more an opportunity to advocate a better voip network than dominant skype or msn, than an actual mean of contact me...

Again, you toss out a URL that is supposed to offer some kind of tool to be used for SpamCop.net Reporting.

Expect to find OT things in a personal website! I collect here all my stuff, and since I have diverse interests, the result is a permanently OT website.

What does it happen, afterall, when you visit a website with some sort of urchin.js incorporated? -> your visit is unexpectedly reported to an unrelate remote server, without your consense - privacy threat! (I disallow every such scri_pt each time i find a new one...!)

Or which embeds random ads? -> You will display content that is not related to the apparent purpose the page was written for.

see nothing in the code on the referebced URL that should activate any type of scan

This is the embedded flash object that activate the webcam:

http://button.wdeal.com/wvisio_v1-1/common...wf?wtf=29491355

With firefox, press ctrl+I while viewing the page: you see it in media tab.

You would not see it in the code of the page as it is loaded by this scri_pt:

http://button.wdeal.com/wvisio_v1-1/full_wengo_widget.js

So if you have restricted flash or java scri_pt env, the applet will not startup.

Share this post


Link to post
Share on other sites

Just the last point:

Fine, you trust this running on "your" system. This part of the discussion is the use of it to reach out and touch other systems

Flash is running on your system, not on my system. Your system will not be touched if you configure it not to be.

It's not my fault if you configured your system to run every crap it find on the internet.

I think I will leave the applet and add a link such as:

I CAN SEE YOU

Maybe with a sauron eye beyond.

The link will point to a page explaining why you should uninstall or turn off automatic Flash execution from your system.

It's a proprietary technology, so security updates are slow, torbid and you will never ultimately know what it is doing with your system while you browse ;)

Share this post


Link to post
Share on other sites

Just the last point:

Flash is running on your system, not on my system. Your system will not be touched if you configure it not to be.

It's not my fault if you configured your system to run every crap it find on the internet.

You seem to be of the mistaken thought that everyone is running flash. I am not... Wazoo generally uses a text only browser... many other regulars here are just as securely configured. In fact, I also no not have a camera.

Also, it is the applet that is accessing the camera that people are complaining about here and that is running on your site. You can do whatever you want with your system. We reserve the right to disable your link on this site and/or display a warning with it.

Also, many sites use flash (I see the request all the time), I have yet to hear about one accessing the camera system.

Share this post


Link to post
Share on other sites

I myself do disable flash in my browser.

Really, I never see a flash animation unless I explicitly ask it.

I do not run it.

That's why I consider all that question a little bit paranoic. None here has flash installed, all are using text browsers... so where is the point!??

It is Macromedia Flash that is accessing the camera because the applet is asking the if there is one.

Flash.

Not the applet.

The applet is running in a Flash sandbox, on your computer, not "in my site".

And it behave that way because someone configured Flash to do so.

Not the applet.

Flash.

APPLET	 ----------&gt;	 FLASH	-------------&gt;	 O.S.	 ----------------&gt;	HARDWARE
		 politely asks			  politely asks			  flashingly probes

1. The applet runs in a Flash sandbox. It asks flash if there is a camera outside of the sandbox. That is applet programmer's fault, to ask for something....

2. Then Flash, if configured so, asks the O.S. if there is a camera connected. That's user fault, let Flash knows secret things they do not want to be known.

3. Finally the O.S. probes the hardware to see if there is a webcam, and that sometimes causes the camera light to flash because it turns on. That is perfectly normal if you have installed camera drivers.

Flash is checking for a camera to answer the applet, no more than a browser answers a remote server when it asks the language, the os, or if a particular plugin is installed or not, if java scri_pt is enabled or not.

The remote system asks.

Your system reply what you configured it to say.

Don't like?

Change configuration.

Any remote system have all the rights to ask if you has a sound system, which display device are you using, if you have java/java scri_pt/wtf enabled, which language do you speak, where are you from and which page linked you here, BUT IT CANNOT, N-E-V-E-R, ask if you have a CAMERA.

That is a big, big, bigger, biggest security issue.

I think it's way more dangerous to say that you are navigating with Windows98', if you are really doing so, for example :D

Also, many sites use flash (I see the request all the time), I have yet to hear about one accessing the camera system.

http://www.google.com/support/youtube/bin/...mp;answer=57409

There are many other, eg some social networks that allows video chat between participants without the need to install anything.

I CAN SEE YOU, anyway :D

Edited by mythsmith

Share this post


Link to post
Share on other sites

None here has flash installed, all are using text browsers... so where is the point!??

I did not say ALL. There are many people who come here because they do not know what they are doing. We try to protect EVERYONE here.

It is Macromedia Flash that is accessing the camera because the applet is asking the if there is one.

Flash.

Not the applet.

The applet is running in a Flash sandbox, on your computer, not "in my site".

The applet, from your site, is what is triggering Flash to access the camera. Without the applet that is coming from your site, the camera would not be accessed. Those other sites you have mentioned (commecial chat/youtube) would be expected to access a webcam as part of their operation. A personal site would not usually carry those expectations.

As I said, many other sites utilize flash and do not access the camera.

Share this post


Link to post
Share on other sites

How should I explain that Flash is not accessing anything!?

In default configuration, Flash needs an active user confirmation to access the camera.

What is happening here is that Flash asks "Is there ANY webcam connected?" The drivers installed in your OS then check if the camera is still here, turning it on for a fraction of a second, and reply to Flash: yes/no.

This is not "accessing" it, because Flash isn't receiving any data from it.

It's the same difference between a cat and an ls command. The first accesses the file, the second only lists its properties. Infact it is available also for non-readable files!!!

This is EXACTLY what happens when your browser sends data about your environment to a remote server. Think of it. It asks the operative system version to your OS.

If quering for OS version lighted a blue light somewhere, you would be here screaming "We reserve the right to disable your link on this site and/or display a warning with it."!??? :o

Flash did not access your camera, unless a fault big as a mountain resides in it (again, in Flash, not in the applet) code.

But, as I trust the applet source, I know that the authors would not exploit such a fault even if it existed.

Share this post


Link to post
Share on other sites

But, as I trust the applet source, I know that the authors would not exploit such a fault even if it existed.

I completely understand how flash works, you can stop explaining it. Once again, however, it is the applet on YOUR site that is triggering the action in question (flashing the webcam). Not every flash site triggers that action (flashing the webcam) or this would not have become such an issue.

As Wazoo already said (in other ways), YOU may trust the applet, but by placing it on your public site, YOU are forcing others to trust it as well.

The suggestion to place it on pages that only require the functionality, with appropriate verbiage indicating what that page was for, would have ended this discussion a while ago, as a responsible way to respond. Your reply makes you just seem to be arrogant about it.

I am done with this discussion.

Note to other moderators: I vote to modify the links on this thread that cause this to happen and/or add a warning what will happen if the link is followed. I will leave it up to the other moderators to choose this action however.

Share this post


Link to post
Share on other sites
I completely understand how flash works, you can stop explaining it. Once again, however, it is the applet on YOUR site that is triggering the action in question (flashing the webcam). Not every flash site triggers that action (flashing the webcam) or this would not have become such an issue.

Your visiting any page triggers many, many other actions, that many users do not expect. But they don't light up a led, so they don't care.

Many of them, when knows which kind of info are distributing to entities they do not trust, disrupt this flow of information. Welcome to the knowledge that Flash CAN list your webcam properties. Now that you (and your webcam) have been illuminated, go, announce the verb, and make the folks disable Flash. Today was my embedded applet. Tomorrow could be the entire web. We will all die burned in hell.

But do not decide what I can and I cannot embed in my personal webpages, unless you provide a reasonable suspect that it's malicious or buggy (an exploitable form, malware, etc)

YOU may trust the applet, but by placing it on your public site, YOU are forcing others to trust it as well.

It's how the great www works. A network of trust. Welcome, again.

When you visit a website, your presence is notified to many third party entities whom the owner of the page trusts, but you may not, infringing your privacy, for example. If you do not trust those third parties, such as google urchin.js machinery etc, you should disable them.

I disabled Flash long ago. No one is forcing me to do anything, as my page is not forcing anyone. It asks. It's not my fault if you are configured to reply "yes, i have a webcam", and you don't like it.

The suggestion to place it on pages that only require the functionality, with appropriate verbiage indicating what that page was for, would have ended this discussion a while ago, as a responsible way to respond. Your reply makes you just seem to be arrogant about it.

Maybe I will do. But only to protect myself from uncareful paranoids. It's stupid, but uncareful paranoia is worst than silliness.

Note to other moderators: I vote to modify the links on this thread that cause this to happen and/or add a warning what will happen if the link is followed.

And this is not arrogant... To decide what someone can have or cannot have on his personal page, and cry out loud with moderators to ban him.

Anyway, i don't think paranoic people would never use my utility, because it's not written by ttottt themself-the-only-techie-they-trust.

As my topic seems to attract only this kind of person, I think keeping it is time totally wasted. No big drama: i built the scri_pt to aid myself, only hoped to find here advice and critiques (about the scri_pt!).

Moderate as you feel. Personally I would remove the entire topic so I can fresh start with the next "release", and maybe paranoid people will forget me.

Edited by mythsmith

Share this post


Link to post
Share on other sites

I think this is a case where people should simply agree to disagree and move on. This topic isn't about a Flash action triggered by a website...it's about the "Denouncer," yes?

I think that providing the link to the Adobe "Global Privacy Settings panel" was sufficient in dealing with the issue of concern, and most everything else seems matters of personal preference and opinions.

DT

Share this post


Link to post
Share on other sites
And this is not arrogant... To decide what someone can have or cannot have on his personal page, and cry out loud with moderators to ban him.
No, IMHO, it is not arrogant. It does have a bit of 'nanny' in it, but mostly what posters here want is to 'educate', not demonstrate, the pitfalls of being too trusting on the web. It was not asked to ban your post or to delete, just to break the link so that the non-technical would not go there. And that is no reason for you to be attributing any character except the one you are claiming, that it is simply within my control to do what I want with what I control. It has nothing to do with whether or not your use of Flash is malicious or benignly demonstrating what Flash can do. It says nothing about your website other than this is one website link I do not want on my website just as a server admin can block email from an IP address for a number of reasons including that s/he doesn't want anything with a 56 in it.

This is OT (or maybe not considering your reasons for posting apparently).

It's how the great www works. A network of trust. Welcome, again.

When you visit a website, your presence is notified to many third party entities whom the owner of the page trusts, but you may not, infringing your privacy, for example. If you do not trust those third parties, such as google urchin.js machinery etc, you should disable them.

I disabled Flash long ago. No one is forcing me to do anything, as my page is not forcing anyone. It asks. It's not my fault if you are configured to reply "yes, i have a webcam", and you don't like it.

Yes, it is a network of trust and etiquette is the way it works. No one forces anyone to go to any particular website - although those that contain deceptive practices are not being polite since the internet is built on trust. Therefore, anyone can block links to such sites from a website under hir control (a form of the 'cut direct' advocated by Miss Manners for those who do not follow etiquette rules offline). And, those who do control access the internet through technical means can enforce non-deception by making non-deception a part of the contract to access.

Still, using the internet requires more expertise from the average user than was anticipated. Between the marketing department wanting to get more business and not caring that the end user may not know how to use the product wisely (guns don't kill; people do) and the technical department working to 'protect' the hapless user, those who would be able to make good consumer decisions about where to go on the internet don't realize they have a choice.

As a matter of fact, I will not use a link provided here until one of the techies has done so and I wouldn't now go to your website because I don't know how to evaluate any things that you might have there to 'surprise' me. I like the freedom of the internet and wish that there were a better way of being able to 'hire' someone to keep my computer and browser in technical shape so that I would not experience any 'surprises' or would be able to avoid any sites that would 'technically' corrupt my technology. Fortunately, no one can physically force me to visit any sites or open any email that I don't want to.

Miss Betsy

Share this post


Link to post
Share on other sites

Miss Betsy, I prey you not to visit my website.

It's about dangerous things such as downloading a program written in a dangerous and immature interpeted language (Python, isn't it already SCARING?), an run it after having modified it to fit your configuration (AAAAHHHRG! Configuration! Do not mention it!).

As the FIRST post said: "WARNING: One-day-hacking-scri_pt here!"

Now the days growed, but it's still all about hacking.

I prefer non-professional programs to be presented in personal websites, and announced as what they are, instead of amatorial things presented in highly professional manner.

If you cannot resist visiting it, at least do not download anything and more than all do not execute any code presented.

You are NOT the target of this stuff for the moment, and will not be for a long time. Clear?

Edited by mythsmith

Share this post


Link to post
Share on other sites

Daniele,

I visited your website...but I need to learn more Italian so that I can understand it. Are you involved with the Scouts (as in Boy Scouts)? My son is an Eagle Scout. I just recently visited your country, but not the North. I was in Rome, Bari, and Sorrento (mostly in Sorrento). I took a cruise to Greece from Bari, and my flights were from Rome, but my wife and I spent a few days after the cruise in Sorrento (I brought back some Limoncello).

Peace,

DT

Share this post


Link to post
Share on other sites

Hi David, thank you for your kind words. I'm form the middle-north of Italy, and yes I'm an agesci scout leader.

I should study a bit more english too, i think... every time I read something I posted I see a new mistake...

I hope yahoo babelfish helped you understanding it ;)

( :o how do he know that? there is something evil going on his website... :ph34r: certanly a security issue being exploited :excl::excl::excl: )

Edited by mythsmith

Share this post


Link to post
Share on other sites

I'm form the middle-north of Italy

This may explain a lot of this, especially my part of it. Your English is good enough I did not have any idea you were from outside of the US, where most of our posters are from.

I was not accusing you of doing anything wrong except exposing the people who are hitting your site to a bit more thorough scanning than they would normally get on the majority of the internet.

Primarily, my POV was to protect the novices, who do not usually know enough NOT to click on every link they see, from following your link unless they were prepared for what COULD be going on.

When I see an activity light on a device, it is telling me it is active (and in this case COULD be capturing images), not that it is simply telling the OS (which would already know about it) that it is there. But then, my privacy and security concerns are strong enough that I do not install Flash, or have a webcam.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×