A Direct Attack on ? by ?


Forum: Linux and Free Software
Topic: A Direct Attack on ? by ?
started by: spark-o-matic

Posted by spark-o-matic on Feb. 09 2008,06:26
Good evening everyone,

These are the simple facts.

1:
In 2001 I devoloped,implemented, and began marketing a simple contact form.  The main selling point was that e-mail addresses were stored server-side, inaccessable to spiders/robots harvesting e-mail addresses to be sold.

2:
Note that this has been in use since 2001.  With a few simple 'rules' such as, Never use this address (use a disposable address) for mailing lists and purchases and those sites that require an e-mail to sign up but you just know their gonna spam you.  The addresses used by this form still recieve (almost) NO SPAM!!  Customers using this form have had similar experiences.

3:
About once every year someone will try to exploit this form..  These are usualy 1 or 2 hand made attempts..then they give up.  These have never contained links, and are archived with other relivant information.

4:
On Feb 02, 2008, 20:48 PST, and only upon request from a member, posted a link to my site.   This thread is:
Damn Small Linux Board Non-DSL Topics water cooler Python surpasses Perl

5:
I have recieved 4 contact attempts since advertising viagra.  These would be rather sofisticated or manual.  The links given were such that the 'SPAMMER' Would recieve a profit from a link click.

    a: recieved at 02/03/2008 1521 PST
    b: recieved at 02/04/2008 2144 PST
    c: 02/04 pm, implimented techniques that had been developed but 'on the back burner' for years.
    d: Pause between 02/04 and 02/08
    e: sofisticated  attacks or manual attacks of:
         e(1):02/08/2008 1521 PST
         e(2):02/08/2008 1533 PST
Three of the four would require a selection fron a drop-down box, other then default.  Numbers e(1) and e(2) would require steps to prevent  the contact attempt being terminated with the reporting of personaly identifying information which is not normaly logged.

6: My Comments:
SPAM HURTS US ALL!!!!!!!!!!!!!!!!!!!!!!
Without SPAM filters, we can recieve so many e-mails that it is easy to miss the important ones.  SPAM filters can be so strict that unless a person is 'White Listed", they go to the spam folder amongst 500 others, which many people just delete without looking at them.  A recient experience of mine is that a long time bussiness contact implimented a local spam filter.  There was no way to manualy 'white list' my e-mail, i had to send him an e-mail, then he pick it from 500+ SPAM's per day and white list me!
There have been laws passed in the USA in the past few years, but they only benifit the major ISP's.  The small individual or small hosting providor/isp/webmaster has no legal remedy, as I understand it.
I am now waisting my friday night righting the code and testing to impliment differnt things that will discourage abuses, while not inconviencing lagitament customers.
I will be wasting the next week contacting customers from the last 7 years to update their systems

7:
I have noted that people are 'sick of being ripped off'.  I have have developed a general policy of 'what is this worth to you, that I am not presenting you with an outragiouse bill'.  Individules/businesses will, more often then not, present me with more $ then i thought the job  was worth.  I was told 'The two most iimportant people in a persons llfe are their mechanic and their computer guy!'.

8:
I have, for years, had a poted policy of x$ per SPAM precessing/etc.. fee + legal expences on variouse sites.  But, have yet to find an  attorny to follow through.

9:
Spam and other abuses, have , over the years, become a     personal vendetta of mine.  They are the boon of the small business person.

10:
Who is williing to take up the fight.  I understand that the correct liscense becomes an issue.  some portions would need to encrypted to prevent immediate abuse.

Thanks in advance

Posted by jpeters on Feb. 09 2008,16:39
Fight for what? In a capitalistic society, everything that can produce money is exploited and sold. Your clients can hire you (for a fee governed by supply and demand), and you can support a lawyer...passing on fees to the consumer. Laws on a national level will be adopted when there is a financial benefit to someone for doing so.
Posted by newby on Feb. 09 2008,17:38
Quote (spark-o-matic @ Feb. 09 2008,01:26)
In 2001 I devoloped,implemented, and began marketing a simple contact form.  The main selling point was that e-mail addresses were stored server-side, inaccessable to spiders/robots harvesting e-mail addresses to be sold.

An EXCELLENT hack!  Way to go, Spark-o-matic!

Of course you will be criticised for a variety of reasons, including bizare ones. Just ignore them, don't take the flame bait.

Posted by newby on Feb. 09 2008,17:42
Quote (spark-o-matic @ Feb. 09 2008,01:26)
Who is williing to take up the fight.  I understand that the correct liscense becomes an issue.  some portions would need to encrypted to prevent immediate abuse.

This is an interesting topic.

What type of licence should be used for security applications?

I dunno, but perhaps others are thinking about the problem.

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.