Jump to content


  • Posts

  • Joined

  • Last visited

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
    North West, United Kingdom

Paranoid2000's Achievements


Member (2/6)



  1. Forum spam is best deal with by other means - SpamHuntress has a good list of links on this. Getting back OT though, it appears that pre-emptive blocking of IP addresses not registered as legitimate mail servers may become necessary and this is the approach being taken by Spamhaus' PBL list.
  2. Finding the actual spam source isn't too difficult - most bounces will include a copy of the spam with full email headers which will reveal this (see Reading Email Headers on how to find this information - in my experience the *last* email header is normally forged so the second-from-last will show the actual source). However in most cases this source will be a compromised computer - mentioning its address and including the ISP responsible in your SpamCop report may help in getting it quarantined, but there are sadly too many ISPs who don't bother policing their networks for this to be a sure thing. I'm going to disagree with Don here and say that you are likely to continue receiving such bounces indefinitely and at an increasing rate - it's a win-win tactic for spammers since they tie up spam reporters and ISP abuse desks at no cost to themselves, and it also increases the chance of blocklists like the SCBL affecting legitimate mail (thereby discouraging people from using them - another bonus for spammers). You can (and should) ask your ISP/email provider to implement SPF and/or DomainKeys since this will allow others to identify emails forging your address but until the majority of email servers use them, this will have limited effect. The only real solution is to change your email address and to take extra steps to keep it out of spammers' hands (the best option is to use an alias system like SpamGourmet, SneakEmail or SpamMotel where possible).
  3. Post #7 in this thread covered that - they are their own ISP effectively. You could try finding and complaining to their upstream provider (you need to do a tracert from your system to find the IP address and then do a lookup on that) but the chances of them taking action are very slim. Well you really have three options:Bear with it and use filtering to block their spam. Your ISP (or whoever administers your email account) may be able to help in putting a filter in at their end so you never see emails from that domain again. Complain to their domain registrar, Attorney General in their state, BBB, etc. Post details of their spamming in relevant newsgroups, forums and blogs. The Internet gives an individual consumer a greater voice so taking advantage of it is a perfectly sensible step. The last resort - cause them inconvenience and financial cost. Possible options include using "spam abatement" tools like SpamVampire to drain bandwidth from their site or using a spam retaliator (like the Pharmacy Expressorator) to place fake orders (it is written for the Pharmacy Express websites and will only work with them but you can cut-and-paste the fake name, address and credit card details it creates into the Ancestry order page).
  4. I'm staggered here - not so much at those ignorant of SpamGourmet (the most effective spam prevention service I've come across, offering unlimited email aliases which can be shut down if they receive spam) but at those who are seemingly not prepared to do the least bit of research before posting. Given the frequent exhortions made in this forum to "read the FAQs", is it unreasonable to expect those here to practice what they preach to others? Getting back to the original post, SpamGourmet has to add its own headers like any other mail server and has to retain the existing ISP headers to avoid being identified as a spam source by SpamCop. The question then is whether this prevents SpamCop's address munging option - and I'm not sure that it does. Lwc, have you tried reviewing a SpamCop report to see if your real address is munged? If it isn't being munged, then this should be simple enough for SpamCop to address by checking all mail headers for an occurrence of the original receipient address rather than just the first. However it should be noted that spammers often include unique codes in the URLs for their sites (as noted in the SpamCop Mole Reporting FAQ) so address munging shouldn't be relied upon anyway. In this case, the best option may be to ask your ISP if they can implement an address whitelist on your account so that you can configure it to accept emails only from SpamGourmet to stop spammers from targeting it directly.
  5. Assuming that you were referring to the Spur-M-Enator, such concerns are groundless. This tool places orders directly to the spammers' back end database so has negligible bandwidth consumption. Specifically it sends a URL containing all the order data (about 600 bytes) and receives back a webpage under 340 bytes in size (it used to be blank but the spammers added a scri_pt to fire up 100 popups). So at under 1,000 bytes per transaction, 35,000 orders would take 35MB bandwidth plus protocol overheads. By way of contrast a typical SpamCop report would take over 50K (22,600 bytes submission page plus 29,000 bytes report page plus the size of the spam submitted). So this retalation example would have taken the same bandwidth as 700 typical SpamCop reports - and I'm willing to bet I alone have submitted close to that number for this particular spammer. The other retaliators are bandwidth-light also since they work by emulating "normal" web traffic. The only bandwidth-intensive tool I know of is SpamVampire and the bandwidth that consumes should be weighed against the "90% of all email traffic" DoS that we receive in our inboxes every day. I run a Tor exit node myself and I can assure you that such retaliators have no visible impact. The biggest problem Tor has is with people dragging 80MB+ Rapidshare downloads through it (to get around Rapidshare's IP-based download limits - since traffic is routed via 3 nodes this comes to 320MB+ of bandwidth). I would of course encourage anyone making heavy use of Tor to contribute back by running a server themselves, but that's certainly a topic for another thread.
  6. This operation is now using hijacked systems around the world, with images held on another server. The only way to put an end to it is either to secure every single PC on this planet or to make these spammers' business unprofitable. Posting false orders is the only way to achieve the latter - I'd be interested in anyone providing a method to somehow achieve the former, especially given the ignorance of many such server admins.
  7. Rather than continue this debate here, I would simply suggest people review the Wilders New spam Retaliation Tool which discusses the ethics/morality/legality of this. As for the parsing, I'm not too sure about the need for the referer codes since entering the domain on its own without them always works. It could be that it is resolving (deliberately) too slowly for SpamCop or that they are able to identify SpamCop domain lookups by other means.
  8. Since there is now a new wave of this spam (plus the related operation "LegalRX"), now would seem a good time to point out that a retaliator is available which can place fake orders (including a CC number that passes the site's verification). This is effective enough that the spamgang behind these sites soon block IP addresses (use Tor to get around this), so enough people using it should encourage them to stop spamming altogether. This retaliator requires the Firefox browser with the Greasemonkey extension (with NoScript and User Agent Switcher extensions strongly recommended). See the Pharma KS FormFiller thread for more details and download location.
  9. Just a quick note - the spammers' database server appears to have been taken down so the Spur-M-Enator can no longer be used (it just returns SQL errors). However Karlston's Firefox FormFillers can be used (FormFiller HGH in this case) to automate the process of placing orders at specific sites - they will ban IP addresses after multiple orders but with Vidalia/Tor, you can just keep changing address (Vidalia includes a "New Identity" option for manual switching). I find that the most effective method is to go through the order process, then hit Back twice at the confirmation page to return to the item selection. These spammers seem to have given up on poor old Ernesto though - did he keel over from too much Viagramax?
  10. This is where Tor comes in - an anonymising network made up of hundreds of volunteer users worldwide. The Tor client will change connections every 10 minutes by default, making this an excellent choice for fulfilling all your pharmaceutical needs. Please do consider participating as an exit node if you do make use of Tor in this fashion though - the more nodes, the harder it is for a spammer to block them all (installing the Vidalia GUI makes setup simpler and provides a useful bandwidth graph and network map). As for the cost of spam, the greatest would seem to be time involved - even the casual deleter would need a second per spam. SpamCop reporters would likely take 10 seconds to a minute or more to report (depending on the details and investigation involved) with those doing more in-depth reporting (checking for site redirection, reporting to domain registrars) easily racking up 30 minutes or more. Then you have ISP abuse desks, mail server administrators, blocklist maintainers, anti-malware (botnet) groups, companies and individuals along with law enforcement. Even a small time spammer is likely responsible for more lost time by society generally than a serial killer, so the main ones should certainly merit long (lifetime ideally) imprisonment.
  11. True - any response consumes some network bandwidth. However this is only a fraction of that taken up by spam so it doesn't take much for such measures to have a net benefit (pun intended). I've only received a couple of spams from this bunch in the last two weeks compared to the 3-4 day I was seeing previously. Ultimately though, this forces spammers to incur higher costs in terms of creating a more secure setup, which in conjunction with those needed to bypass filters (scrambling content, renting botnets) and avoid shutdown ("bulletproof" hosting, compliant domain registrars) means that only the largest and best-organised operations can make a profit. It is when these costs outweigh the profits that the spammer business model dies, and that has to be the objective for anyone who wishes to be able to keep using email in the future.
  12. The Wilders New spam Retaliation Tool thread has some discussion of the ethics/morals of this. Ultimately though, if someone is filling your inbox with junk and not giving you the chance to stop them, this sort of response is not only justifiable but necessary IMHO. As for possible abuse - look at the code. It has to be tailored to a site and in this case, was only possible due to the total lack of security on these spammers' systems (credit card details passed through in the clear for example). This type of action could not be done with any legitimate merchant using a properly secured setup - while other means of harrassment are possible, an attacker would need to get large numbers of PC users involved for them to be effective.
  13. There has been a tool released for tackling these sites by placing fake orders directly with their backend database. See the Kill Spammers Spur-M-Enator thread for details.
  14. Attempting to submit spam gives the message: Service Unavailable - Zero size object The server is temporarily unable to service your request. Please try again later. Reference #15.828194d5.1161328122.26c20ec No maintenance window is mentioned in the announcements so is there an outage? If so, any idea when it will be fixed?
  15. Email filters really need to be looked at as stop-gap solutions - they do nothing to discourage spammers from spamming (if anything, they'll spam even more to try to bypass them). Therefore spam victims need to consider more aggressive strategies to deter spammers, specifically ones that harm their business (or "bizness"). In the case of "refi spam", there is a simple solution - the KS FormFiller Refi extension for Firefox that makes it easy to swamp such sites with fake leads. Do this often enough for long enough and the spammers will eventually wise up and drop you from their lists (it's worked for me). This is discussed further in the Refi FormFiller (GreaseMonkey) v1.0 thread.
  • Create New...