Jump to content

HillsCap

Members
  • Content Count

    90
  • Joined

  • Last visited

Everything posted by HillsCap

  1. Hi, all. I've hammered the spammers into submission so badly that I no longer receive spam in any great quantity. I've only gotten 8 over the last month, and that number is still falling. So, I had to find another method of fighting spammers. I decided to set up the JackPot SMTP teergrube / honeypot, from http://jackpot.uk.net/. This is a cool Java program... it lets a spammer's test emails be relayed, while blocking the actual spam that is sent. It also keeps a log of spammer activity, and serves that log via a built-in HTTP server. If you open a hole for that HTTP server's port through your firewall/router, you can give the URL for it to ISPs, so they can see for themselves that their users are spamming. And reporting that a user is trying to send hundreds of thousands of spams carries much more weight than reporting that you received a single spam email. Anyway, I set up JackPot about a month or so ago, but didn't get any hits on it. So, I contacted Jack Cleaver, the author of the program. He suggested that I submit my JackPot to the various websites for open relay testing, which I did. Apparently, that worked. Over the last week or so, I've been getting nibbles from spammers in Taiwan, sending test messages (which, of course, JackPot let be delivered, to trick the spammers into thinking that it was, indeed, an open relay). Yesterday, the spammers got serious, and started sending spam, which JackPot is dumping to the bit-bucket. Over the last 24 hours, I've dumped over 200,000 spam emails, mostly addressed to HotMail accounts. If everyone using SpamCop also ran JackPot, I think that would allow us to catch a lot more spammers, and it could possibly force the spammers to either quit sending spam (because the chances of getting caught goes up dramatically due to more JackPot servers running, and the spammers are wasting more of their time and resources sending to SMTP servers that then just bit-bucket the spam), or to find another method of spamming. Either way, it's a great way to slow them down. Imagine if 1000 people were running JackPot, each dumping 200,000 spams per day. That's 200,000,000 spams that don't get delivered. And it's a lot more spammers getting caught and shut down. If you haven't tried it, I highly recommend it.
  2. Hi, all. Since Scott Richter is suing SpamCop to stop them from blocking his spam, I say it's time to strike back against this evil SOB, and protect the SpamCop service which has kept our Inboxes relatively unmolested for so long. Here's my plan: I want everyone interested in participating in a lawsuit against Richter to register their interest by posting to this thread. Then, we'll all compile our Richter spams, submit them to the FTC along with depositions, and have the FTC take Richter to court. There would be no cost to any of you except for the time required to fill out the deposition and print out the spam source code of each spam from Richter. The FTC will even pay for FedEx'ing the stuff back to them. I'm looking for at least 1,000 people, so let's all pitch in and bring this scumbag down. If you know of anyone using SpamCop who doesn't regularly frequent these forums, and they're interested in participating, let them know to come here to register their interest. After I've got the requisite number of people willing to fill out depositions, I'll get in touch with my contact at the FTC, and provide you all with the information necessary to send your depositions and spam printouts to her (contact name, address, FedEx shipping number, etc.). Let's get to it.
  3. I think you might be able to get a DynDNS account to set up JackPot, if you're on a dynamic IP address, but I'm not sure. You'd have to just give it a try and see if it works. As for whether your IP address will get added to the open proxy / open relay lists... that's the idea. That's the fastest way to attract the spammers. Since most people don't (aren't allowed to) do direct-to-MX mailing from their own computer, it won't matter if your IP address is on those lists, since the mail server of your ISP should still be clean, allowing you to send mail without problems. That's how I attracted the spammers to my JackPot... it sat idle for quite a while, so I submitted it to the open relay testing websites to get it listed. After that, the spammers showed up in droves. I've had them try to relay as many as 1,100,000 spams in a day.
  4. Hi, all. If you're looking for a good way to take a hunk out of a spammer's hide, you can easily do so by running up their web hosting costs. I've used FriedSpam.net in the past (you've probably all read my posts on using anonymous proxies to hammer spamvertised websites), but I've got an even better, faster way of hitting them. Some of you may have heard of the Lad Vampire, used to hit 419 sites and run up their hosting costs until they're taken offline. I ran it for a while to be sure it was effective. During that time, I downloaded about 100 GB of data, and helped to take down twelve 419 sites. Since the Lad Vampire source code was contributed anonymously, I figured that Mr. Anonymous probably wouldn't mind if I reworked the code to suit my own purposes. So, that's what I did. You can get a look at it here: http://www.hillscapital.com/antispam/index.htm Feel free to grab the source code and set up a spam Vampire to use against your own spammers. If everyone did this, spamming would be so expensive that the spammers wouldn't be able to spam anymore. You don't need a website to run the spam Vampire, it'll run just as well as a local file on your computer. If you want to help out, I'm currently hammering a couple of HKNet.com hosted websites that HKNet.com said they'd take down, but didn't, and a couple of USA Lenders Network websites.
  5. HillsCap

    Need Help

    If they do start up again, I've found that having a FriedSpam.net party with 10 of your friends for a couple weeks usually knocks a clue into the spammer's thick skull. Hitting their website about 100,000 times a day per FriedSpam participant tends to do that. What I've found to be extremely effective is to contact the spammers and TELL them that you'll be hitting their sites, and tell them to never send spam to your domain again. I've only gotten 3 spams so far this week. Of those three, one was from a newbie spammer, and two were from USA Lenders Network (ironically, they give their address as being in Canada), whose sites I've been working on / mauling for a while now.
  6. HillsCap

    registrant email addresses removed

    It looks as though Yahoo! has changed their tune a bit... every spam I submitted to them in the past, even if it contained a Yahoo! email address, came back with their boilerplate "The spam in question does not appear to have originated from or traveled through the Yahoo! mail system." message. Of course, we're using SBC/Yahoo! as our ISP, so ALL the messages to us travel through the Yahoo! mail system, but apparently they weren't smart enough to figure that out. At least now, they're shutting off email addresses that are advertised in spam. It's about time.
  7. HillsCap

    Another outlook 2003 addin

    I've got some VBA code that might work with older versions of Outlook. I'm running Outlook 2000, that's what it was designed for. It'll work with Outlook 2003, if you change the code workaround that forces Outlook 2000 to immediately send the spam reports, rather than waiting for the next scheduled Send/Receive. Outlook 2000 has a bug in it that requires the code workaround, Outlook 2003 doesn't have that bug. You might also have to change the code that looks at the folders and finds which one you're using for spam. http://www.hillscapital.com/spammerslammer.zip It's got full installation instructions in the source code, including how to create your own security certificate and sign the VBA code with it, so you can keep Macro Security at High, and the VBA code will still run, while blocking unsigned scripts from running. Just open the .bas file in NotePad, and print it out. The instructions are pretty comprehensive (read: long), but it's everything you need to get the code running. The code's got error checking (so you can't accidentally report SpamCop autoresponder emails as spam, so you can't accidentally report non-mail items as spam, etc.), and a whitelist that checks the email's sending address against those in your Contacts folder, so if a friend's email accidentally ends up in your spam folder, and you accidentally try to report it, you've got a chance to cancel the report. You can report multiple spams at once by selecting all of them, then clicking the 'Report As spam' button. And, the code's been tweaked to get around some of the issues that SpamCop experiences (the Would Send error, the Dumb Bot issue, non-printing characters, etc.) It helps if you know a bit of VBA coding, so you can tweak the code to suit you, if you want. I've got my copy set up to report to SpamCop, the FTC, and several Block Lists. You can add in any reporting addresses you want, in either the To:, CC: or BCC: fields. The code's open source with attribution, so feel free to tweak it, distribute it, create a self-installing plug-in with it, etc. If you update it, let me know, so I can get a look at the updated code and learn a bit.
  8. Hi, all. Got the following error on a spam I received last night: Finding links in message body error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found The specific spam report is located at: http://www.spamcop.net/sc?id=z512974943z97...0368fc6fbf3336z The spam itself looks like this: http://www.spamcop.net/sc?id=z512974943z97...&action=display Notice that the only thing added by my VBA code for Outlook (http://www.hillscapital.com/spammerslammer.zip) is the very last two lines... it does this to get around any occurences of the 'Would Send' error for emails that have no body. This has always worked just fine in the past... but I haven't reported any spam in a while (haven't gotten any in a while), so I'm wondering if some requirement has changed, and if so, how do I change the VBA code referenced above to come into compliance with those changes' requirements? If no requirements have changed, can anyone tell me what's going on with this one? Specifically the 'couldn't parse head, message body parser requires full accurate copy of message' part of it?
  9. HillsCap

    Error: couldn't parse head

    It worked. I went to the SpamCop web submission page, entered the headers and body, and removed all references to multipart boundaries from both. Upon submitting, it found the link and submitted to the right place. Now, I just have to figure out how to do that in my VBA code.
  10. HillsCap

    Error: couldn't parse head

    No, it's not the application that's the problem... grabbing the spam right off the server via web interface also shows that what I submitted is exactly how the spam was formatted by the spammer, (except for the last 2 lines added by my VBA code). I did quite a bit of work on the VBA code to ensure that it reconstructed the emails the way they were originally. I suppose I could set up the VBA code do a search through the spam source code, strip out any multipart boundaries, then insert my own, to be sure that it's constructed properly, but that'd be materially changing the source code of the spam, something I think SpamCop frowns upon. Plus, as you said, since spammers don't seem to mind garbling their source code in the interest of filter sidestepping and reporting subversion, if the source code wasn't properly done to begin with, it'd be hard to determine just where to place the new multipart boundaries. I wonder what would happen if I just stripped out all multipart boundaries, didn't enter any new ones of my own, and submitted to SpamCop that way? Would that affect SpamCop's parsing?
  11. HillsCap

    Error: couldn't parse head

    Actually, I HAVE experienced this before... when I was working up the VBA code for Outlook. My VBA code creates a new mail message, strips out the headers and body of the spam, concatenates them into one (since you can't get the headers and body all at once in Outlook), puts that into a .tmp file, and attaches that .tmp file to the new mail message. In the body of the new mail message is some information to make the reports compatible with other spam-reporting entities (size of spam, state of residence of spam submitter, date and time received, etc.). I'd set the code so that when it was putting the date and time received, it entered it as: Received: (date and time) SpamCop glitched on this, thinking that it was a header. In that instance, it thought I was reporting two spams... the spam in the attachment, and the new mail message itself. I dubbed it the 'Dumb Bot' error. It was easily fixed in that instance by setting the code to put the date and time received as: Received - (date and time) So, how do I code around this for future spams, since the spammers have obviously found a way to game SpamCop with this?
  12. HillsCap

    Error: couldn't parse head

    Aaahhh, I just noticed that, too. That's odd... I got referred to a webpage that says the error was because I'd somehow changed the text of the spam and it wasn't anything the spammer was doing. But, I didn't change anything in the actual spam source code... looking at the source of the actual spam, it's identical to what is in the spam report, except for the addition of the last 2 lines (added by my VBA code). If SpamCop finds headers outside the multipart boundary, shouldn't it just ignore them?
  13. HillsCap

    Error: couldn't parse head

    Ooookkkayyyy. When I clicked the button to submit that, I got the following: Reports have already been sent. No userid found Your authorization code is invalid. Please obtain a new authorization code. I'm a free SpamCop user, I don't think I ever had an authorization code, whatever that is. Is SpamCop glitching right now, or is it on my end?
  14. HillsCap

    LART'ing spammers...

    Hi, all. You know from my other posts that I run the JackPot fake SMTP server/teergrube/honeypot. So far, I've dumped over 1.3 million emails in the past week alone using that. But I also have other tools in my LART arsenal... one of them being FriedSpam (http://www.FriedSpam.net/). But, me being like I am (always pushing the envelope and trying new ways of doing things), I don't use FriedSpam like most people do. Most people use FriedSpam to repeatedly download a web page from a spammer's website, using a direct connection from their machine to the spammer's website. Unfortunately, doing this reveals your IP address to the spammer, leaving you open to hacking and DDoS/DoS attacks. I've been through several myself. So, I went about finding a way to still use FriedSpam, while obfuscating my IP address. I found the solution in what is called an 'Anonymous Proxy Rotator'. Essentially, what an Anonymous Proxy Rotator does is allows your machine to connect through a constantly rotating list of anonymous proxies to download the web page from the spammer's website. Thus, the spammer never sees your IP address, and can't attack you. The program I use is called MultiProxy... it's an older program that hasn't been updated in a couple years, but it's rock-solid and never gives me any problems. The way I've got it set up for the IP chain is: IE <<Port 8081>> WebWasher <<Port 8082>> MultiProxy <<external proxy port>> external proxies <<>> FriedSpam.net <<>> spammer's website Essentially, I set it up in Control Panel >> Internet Options >> Connections tab >> LAN Settings >> Advanced, so that HTTP requests went to localhost, port 8081. This connects IE to WebWasher. In the Exceptions box, I put sites I regularly visit that I want to bypass the proxy. I then went into the WebWasher Preferences, and set the 'Local HTTP proxy port' to 8081. In WebWasher Preferences, under Proxy Engine >> Client, I set up HTTP 1 to use 127.0.0.1, port 8082, and again put the sites I regularly visit and want to bypass the proxy into the 'Do not use proxy servers for domains beginning with:' box. This connects WebWasher to MultiProxy. In the MultiProxy Options >> General Options tab, I set the 'Accept connections on port' setting to 8082. On the MultiProxy Options >> Advanced Options tab, I clicked 'Override local IP', and entered 127.0.0.1 as the Local IP, and clicked 'Override local host', and entered localhost at the Local Host. In the 'Allow connections from the following IP addresses only' box, I put 127.0.0.1. Now comes the hard part... acquiring, maintaining and updating your list of anonymous proxies. I went to http://www.StayInvisible.com/ and cut-and-pasted every proxy listed into NotePad. After cutting and pasting all the proxies (approximately 1300 of them) from all the pages, I saved the file to my Desktop. I then went into Excel, and imported the file, using spaces as the column delimiter. I used the Data >> Sort menu to sort the proxies by their level of anonymity, and removed all proxies listed as 'Transparent'. You DO NOT want to use transparent proxies, as they show your IP address. I then removed all columns of data except for the proxy IP address and the port number. I selected all of the remaining data, and pasted it into a new NotePad window, then did a Search-And-Replace, searching for a single space ( ), and replacing it with a colon (. This gave me my list in the required format to import into MultiProxy... namely: IP Address:Port which I saved to a plain .txt file on my Desktop. I went to the MultiProxy Options >> Proxy servers list tab >> Menu button >> Files >> Import Proxy List, to import that file into MultiProxy. After doing that, I went to MultiProxy Options >> Proxy servers list tab >> Menu button >> Proxy List >> Test all proxies. After testing, the proxies that didn't pass the internal MultiProxy tests were marked with a red dot. The ones that did pass were marked with a green dot. I selected all the red-dot marked proxies, right clicked, and selected 'Delete' to get rid of the test failures. Next, I tested again a few times, just to be sure, deleting any red-dot marked proxies that showed up in the list. I then selected MultiProxy Options >> Proxy servers list tab >> Menu button >> Files >> Export All, saving the resulting .txt file on my desktop. After that, I started another program I found called Proxy Clean, which contains a list of proxy servers controlled by various governmental and law enforcement agencies. I used this program to clean the exported proxies list. (If any of you needs the updated list of proxies controlled by governmental and law enforcement agencies, let me know and I'll send it to you. The list that comes with Proxy Clean is pretty sparse, so I did some research of my own on hacker sites and doing a lot of WHOIS' with Sam Spade to come up with an updated list.) After cleaning the list, I selected all the proxies in MultiProxy Options >> Proxy servers list tab and deleted them, then went to MultiProxy Options >> Proxy servers list tab >> Menu button >> Files >> Import proxy list, importing the cleaned list. As a final step, I right-clicked on WebWasher, selected 'Use a proxy server' to send IE HTTP requests through the anonymous proxies, then surfed to Google, where I searched for the word 'porn'. I know what you're thinking, but I don't surf porn... we're using the search results as a final test of the anonymous proxies, for two very good reasons... 1) Some of these proxies will pass the internal MultiProxy tests, but will redirect you to sites of their own... so if the Google search results look normal, that proxy must be working as we want it to. 2) Some proxies will block certain content. By searching for the worst of that content, we'll trigger any blocking that might take place, so we can remove that proxy from our list. Now, I went into the MultiProxy Options >> Proxy servers list tab, and selected all but the first proxy, right clicked, and selected 'Disable'. This disabled all but the first proxy. I then clicked the 'Next' link in the Google search page to see if that proxy was working as I wanted. If it was, I disabled it, enabled the next one in the list, and repeated the process, clicking the 'Next' link in the Google search page again. If the proxy either blocked the content, or redirected me, I clicked that proxy, right-clicked, and selected 'Delete', removing that proxy from the list. If the proxy was too slow to be usable, I did the same. After completing that rather lengthy process, I had a large list of fast, anonymous proxies that didn't block content and didn't redirect me. Now, I was ready for FriedSpam.net... I just surfed to http://www.FriedSpam.net/, entered the list of spammer URLs that I wanted to 'fry', and hit the 'Start' button. I'm using it right now, as a matter of fact...
  15. HillsCap

    LART'ing spammers...

    In my first post of this thread, I stated that I chain IE through WebWasher, then through MultiProxy, then through FriedSpam.net, to 'data drain' spamvertised websites. I've learned that if you are simultaneously running the JackPot fake SMTP server / teergrube / honeypot and WebWasher, you'll see memory leaks in WebWasher and memory handle leaks in JackPot. WebWasher and JackPot don't play well together, so my advice is to stop using WebWasher, and chain IE directly to MultiProxy. Doing this allows JackPot to run without experiencing memory handle leaks, and speeds up your internet connection so you can fry spamvertised websites faster via FriedSpam.net. Also, if you're running ZoneAlarm, DO NOT update to the latest version, and DO NOT install the latest update if you're already running the latest version. It's causing major problems (computer hangs and not even Task Manager responds, major memory leaks, etc.). I recommend the Sygate firewall, instead.
  16. I figured out where the memory handle leak in my copy of Jackpot was coming from... I actually had three resource leak problems... 1) ZoneAlarm: ZoneAlarm has had a memory leak for quite some time now. The latest update causes users computer to hang for long periods of time, and the memory leak is worse than ever. I dumped ZoneAlarm, and installed Sygate's firewall. It is awesome... much better than ZoneAlarm. 2) WebWasher kept grabbing memory and not releasing it. It got to the point where I had to shut down WebWasher every few hours. 3) JackPot kept grabbing memory handles and not releasing them, building up to the point where it was sometimes taking over 600,000 memory handles. The WebWasher and JackPot resource leaks were related... for some reason, every time JackPot grabbed a memory handle, WebWasher would take more memory, and every time WebWasher grabbed more memory, it caused JackPot to grab more memory handles. It was a vicious cycle. Shutting down JackPot would make WebWasher stop taking more memory, and shutting down WebWasher would make JackPot stop taking more memory handles. So, I dumped WebWasher. Now, JackPot is running stably, even with 250 simultaneous incoming Port TCP 25 SMTP connections. A side benefit of all this is that my internet connection is much faster now (partly due to dumping ZoneAlarm, partly due to dumping WebWasher). Hence, when using FriedSpam.net through anonymous proxies, I'm hitting spamvertised websites much harder now. Another side benefit (now that I don't have any resource leaks) is that I can LART spammers 24/7 without having to reboot for weeks or months at a time. Look out spammers, here I come...
  17. Yeah, except I get the same exact replies from the Taiwan ISPs when I submit my JackPot fake SMTP / teergrube / honeypot URL for the logs to them, and I keep getting spam from the same IP addresses they say they've shut down. They SHOULD take my LARTs seriously, considering that I'm giving them the IP addresses of the spammers themselves, and not some email headers that might or might not be forged, and due to the fact that I'm reporting hundreds of thousands of spam attempts, not just one spam, but it doesn't seem to matter. I'm now dumping on the order of 600,000 spams per day coming from mainland China, Taiwan, and Hong Kong. I think all of the Taiwan IP addresses should be blocked for a time, that'd make the ISPs there wake up and get a clue.
  18. HillsCap

    "We're the biggest spammer on the internet..."

    It's hard for me to gauge the amount of spam that others see, as I haven't gotten any in the last 9 days and counting. All I have to go on is the statistics that spamcop shows me. It looks like it's quite a bit lower, and it's been that way for a while now. If it is because of the SpamCop servers being slow, they've been slow for a few days now... I wonder if they're having problems?
  19. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    For spam that you've received in the past, you can parse through the (rather lengthy) list of IP addresses and domain names Richter has used: http://www.hillscapital.com/richter.txt Of course, with him moving to CAIS, we'll have to redo the list soon.
  20. HillsCap

    "We're the biggest spammer on the internet..."

    Comcast finally deciding to clean up its act, along with Richter getting booted off Optigate seems to have dropped the spam delivery rate by quite a great amount. Look at the SpamCop spam reporting statistics... it's less than half what it was before. I haven't gotten any spam in the last week, so I can't gauge whether the amount of spam being sent is falling or not... is anyone seeing less spam being delivered to their accounts?
  21. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Well, I tried sending an email to CAIS Internet, urging them to drop Richter before he rapes their resources and leaves them high-and-dry with a bad reputation as a spammer friendly ISP, but the email bounced... their mail box is full. So, either a lot of other people are sending similar messages, or Richter has already started spamming, and they're getting complaints about that. Why do some ISPs have to learn the hard way?
  22. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Actually, it's CAIS Internet... I think that if they get enough emails and phone calls complaining to them about their incredibly stupid decision to host one of the world's most prolific spammers, they'll drop him like Optigate did. Canonical name: www.wvfiber.com Addresses: 63.223.7.82 Canonical name: www.ibis7.net Addresses: 63.223.7.82 whois -h whois.arin.net 63.223.7.82 ... OrgName: CAIS Internet OrgID: CAIS Address: 6861 Elm Street, Third Floor City: McLean StateProv: VA PostalCode: 22101 Country: US ReferralServer: rwhois://rwhois.cais.net:4321/ NetRange: 63.216.0.0 - 63.223.255.255 CIDR: 63.216.0.0/13 NetName: CAIS-CIDR7 NetHandle: NET-63-216-0-0-1 Parent: NET-63-0-0-0-0 NetType: Direct Allocation NameServer: NS.CAIS.COM NameServer: NS2.CAIS.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-12-09 Updated: 2001-05-21 TechHandle: CAIS-NOC-ARIN TechName: Network Operations Center TechPhone: +1-703-448-4470 TechEmail: domreg[at]cais.net
  23. HillsCap

    LART'ing spammers...

    Oh, you might want to add one more final step to the procedure outlined above. Before you use the proxies, you should ensure that they are indeed anonymous proxies. The easiest way to do this is to disable all but the first proxy in the list, and surf to http://www.dslreports.com/whois . If your IP address doesn't show there, then that proxy is anonymous. Disable it, enable the next one, and hit the 'Reload' button in your browser, checking the reported IP address again to be sure it isn't your own. Repeat the procedure for each proxy in the list. If your IP DOES show, then you should delete that proxy from the list. If you start out with a list of 1000 proxies, after all this testing you'll have around 20-30 good, fast, stable, anonymous proxies. I've gone through several thousand from around the world, and have built up a list of several dozen that I regularly use to FriedSpam spamvertised websites. Unfortunately, like everything with spammers, it's an arms race. They're starting to get wise and block each anonymous proxy from accessing their servers. But, I'm creating more work and more expense for them. Eventually, they'll have a list of every anonymous proxy in the world, and will be blocking our attempts at using FriedSpam in this fashion against them. That is why I'm coming up with DeepFriedSpam... it's kind of like FriedSpam on steroids... using spoofed packets. If they want to try to block that, they'll have to block every backbone router on the internet, effectively cutting them off from the internet. Let's see them try to beat that... But I need help on it from some C programming gurus... any takers?
  24. HillsCap

    LART'ing spammers...

    The really cool thing is that if you don't get a lot of spam anymore, but still want to use FriedSpam.net to go after spammers, you have a real-time list of spammers at your disposal. http://www.spamcop.net/w3m?action=inprogress&type=www Just pick 5 or so from the above list, drop them into FriedSpam, and let it run. You can also fashion URLs (instructions are on the FriedSpam.net website) so your more technologically-challenged friends can just click a link on your website, 'blog, or an email you send them, and it'll all be set up for them. You can even set it up so they don't even have to click the Start button... they just click the link, and they're frying spam.
  25. HillsCap

    MASSIVE LAWSUIT AGAINST SCOTT RICHTER...

    Hi, all. I've figured out a work-around to the problem of Unsolicited Commando grabbing ports when it's carrying out its tactical orders, then not releasing those ports when it's done. I set up Task Scheduler so that UC would run once every two hours, and would be shut down one hour after starting up. The UC server caches the tactical orders for each UC client, so you can leave the UC client shut down for a while, and when you start it up again, it'll run through all the tactical orders that have been cached for it in quick succession. This allows you to avoid the build-up of ports that UC grabs and doesn't release, and automates running it so you don't ever have to even think about it. Works great... I'm working on a similar solution for the JackPot fake SMTP server / teergrube / honeypot, to work around the memory handles leak. I'll post here when I've got it completed. Using these solutions, you should be able to run both UC and JackPot for as long as you like without having to manually start them up or shut them down. In other words, they're more 'set it and forget it'.
×