[SGVLUG] fyi - excellent discussion re spam on LAMP SIG
matti
mathew_2000 at yahoo.com
Fri Apr 25 16:52:52 PDT 2008
From: brewthatistrue at gmail.com Add Mobile Alert
To: "LAMP-SIG General User Mailing List"
<lamp-user at maillist.lampsig.org>
Subject: Re: [Lamp-user] Spam killing sites
Good points by Brad.
Unless tied to some kind of honeypot, this tactic is largely useless
against
modern spammers that uses thousands of zombie PCs to send spam from
botnets of hijacked computers.
Here's my 2 cents on anti-spam philosophy.
Filtering isn't disincentivizing spammers, as they are sending more
spam than ever.
It's time for those interested in stopping spam to find new approaches
(such as participating in a honeypot project).
Some newer initiatives target web hosts and registrars whose services
are being abused by spammers.
The ultimate goal is to make business harder for spammers, through
reporting, shut-downs, and as many arrests as possible.
For more info on a few of these methods, see:
http://spamtrackers.eu/wiki/index.php?title=Reporting_Spam
http://wiki.castlecops.com/Anti-Spam_Services_Overview
http://wiki.castlecops.com/Bulk_Spam_Reporting
On 4/25/08, Brad Knowles <brad at shub-internet.org> wrote:
> Rez wrote:
>
> > http://www.eqcity.com/files/spam2h13.zip
> > spam2html.EXE v1.30 This DOS program reads a text file "spam.cfg",
which
> > has a single e-mail address on each line, and creates a web page
full of
> > e-mail links. External configuration file for show or hide e-mail
> > addresses, decide how many e-mail addresses per page, test for
> > incomplete addresses. Written in PowerBasic (DOS). Last revised
> 11/09/2002.
>
> IME, wpoison was one of the best implementations of this kind of
tool, since
> it had a wide array of various types of bogus addresses it would
generate,
> and try to lead the spam-spider down an endless series of pages
designed to
> exploit various known weaknesses in the spider code.
>
> It was also tied into a honeypot system, so that if you sent spam to
any of
> the generated addresses, it could then tie that spam back to a
specific
> spam-spider incident, and give you the date & time, IP address,
etc... of
> the particular crawler which was given that particular address.
>
> > However... I'm wondering how this does anything to discourage
spammers,
> > or does anything but waste everyone's bandwidth -- since most use
some
> > unwitting person's zombied PC to send spam, and don't care how many
of
> > the email addresses on their mailing list are good or bad; it's all
> > automated anyway. It only makes a difference if a spammer is
offering
> > differential prices on "known good" vs "shotgun to the whole world"
> > mailing lists.
>
> The honeypot part of the system is an effective tool against
spammers, since
> it causes them to identify themselves to the defenders, and you can
quickly
> black list them and prevent them from sending out more spam to you.
This is
> one of the key tools behind distributed reputation monitoring
systems, such
> as used as a component of calculating IronPort SenderBase scores.
>
> If you're not tying it into a honeypot and recording all the
information
> associated with the random garbage e-mail addresses you're
generating, then
> you're just wasting your bandwidth.
>
> --
> Brad Knowles <brad at shub-internet.org>
> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
>
> _______________________________________________
> Lamp-user mailing list
> Lamp-user at maillist.lampsig.org
>
http://maillist.lampsig.org/mailman/listinfo/lamp-user_maillist.lampsig.org
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the SGVLUG
mailing list