×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

SpamSlayer - should we DDOS spammers?

Hemos posted more than 9 years ago | from the what-lines-to-cross dept.

587

pointbeing writes "Just read this article about a company called Blue Security that essentially floods a spammer's website with requests to unsubscribe members - we're talking thousands of requests per day - the company's CEO says that fighting back by "inducing loss" against spammers is the only way to eventually stop them. Although I hate spam as much as the next guy, is participating in a DDOS attack the way to bring spammers to their knees? If it's okay in this instance, it it okay to DDOS the next guy who does something we don't like? "

Sorry! There are no comments related to the filter you selected.

Sophistry at its finest... (5, Insightful)

TripMaster Monkey (862126) | more than 9 years ago | (#13093652)


From TFA:
The influx of tens of thousands of requests exactly at the same time floods the spammers' Web site, causing it to become inoperable.
Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?

Also from TFA:
Launching a distributed denial of service attack is illegal in the U.S. and in most European countries.
That's what I thought...what does Blue Security have to say in their defense?

Again from TFA:
Blue Security's Reshef bristles at the notion that his firm is involved with any type of DDoS attack. "We aren't trying to shut down any Web sites. We are just trying to slow these sites down so much the spammers can't earn money"
Sorry, Reshef, but what you are describing is a textbook example of a DDOS attack. Whether the site in question is actully shut down, or merely incapacitated, is beside the point.

This whole caper is a non-starter, especially so since a precedent [pcworld.com] for this sort of thing has already been established by Lycos Europe.

Re:Sophistry at its finest... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13093692)

1. DDOS spammer web sites
2. ???
3. PROFIT?

I don't get how they will earn something by DDOSing spammer sites. Also they may have different mailservers and webservers at different locations.

Re:Sophistry at its finest... (5, Funny)

JustinKSU (517405) | more than 9 years ago | (#13093705)

Isn't there some rule of thumb - never fight evil with evil? This is a vigilante approach which is reserved exclusively for BATMAN

Re:Sophistry at its finest... (1, Interesting)

YomikoReadman (678084) | more than 9 years ago | (#13093716)

While it's certainly true that DDoS attacks are illegal, and that there is a precedence that sets these types of things firmly in the illegal category, I personally think that we should reexamine them. Set a statute that allows DDoS attacks against known spam hosts and the like.

Ultimately, all this soft CANSPAM style BS needs to stop, and tougher measures need to be brought up to speed.

Re:Sophistry at its finest... (2, Insightful)

turrican (55223) | more than 9 years ago | (#13093725)


Also from TFA:
Launching a distributed denial of service attack is illegal in the U.S. and in most European countries.

That's what I thought...what does Blue Security have to say in their defense?

...maybe they'll have to start using the same offshore ISPs as the spammers?

Re:Sophistry at its finest... (5, Funny)

shokk (187512) | more than 9 years ago | (#13093731)

Easy! To get around all these little rules, we'll just hijack a bunch of PCs to our dirty work for us. I'm sure the owners will not mind helping out for a truly noble cause. Then, we'll use servers in countries with questionable laws to control the DDOS. Then, to raise money to help us out in our quest, we'll use these servers to also mail out requests to help us secure our target US$20mil by sending us a paltry US$20k. We've got the spammers beat in will power AND on the moral high ground!

Re:Sophistry at its finest... (5, Interesting)

interiot (50685) | more than 9 years ago | (#13093741)

How do you define DDOS? If spammers send millions of emails in a day to AOL, does that constitute a DDOS against AOL? If large ISPs automatically send an unsubscribe response for each spam they get, and the total bandwidth is less than what the spammer originally sent, does that constitute a DDOS? Is it a DDOS if the large ISP's intent in doing this is to shut the spammer down?

Re:Sophistry at its finest... (3, Insightful)

Gherald (682277) | more than 9 years ago | (#13093750)

This seems like a form of vigilanteism to me.

If spammers are sending unsolicited emails to others, I have no moral problem with a system that sends coordinated unsolicited requests to their sites in response.

The legal issues are quite another matter.

Re:Sophistry at its finest... (1)

fshalor (133678) | more than 9 years ago | (#13093902)

An idea.... Start having all email servers reply message for message automatically.

It would immediatly double the amount of bandwitdh used by spammers.

Even if they filter (if they send to a box, drop responses from that box.) It'll still take some of their time and resources.

And legitimate emails wouldn't be harmed much. Sure I'd have more emails coming at my server. But I can handle double.

Re:Sophistry at its finest... (1)

saur2004 (801688) | more than 9 years ago | (#13093765)

OK maybe this is technically a DDOS attack. But is it really the same if the individuals are participating willingly and not through some worm or virus?

Re:Sophistry at its finest... (1)

TripMaster Monkey (862126) | more than 9 years ago | (#13093889)


But is it really the same if the individuals are participating willingly and not through some worm or virus?

No, it's completely different...the individuls participating willingly would be more accountable for their actions than the ones whose machines are infected.

Re:Sophistry at its finest... (0)

Anonymous Coward | more than 9 years ago | (#13093795)

It sounds to me like a text book denial of service attack. Not that I don't think that spammers have it comming to them but there is a certain line you just cannnot cross. It would be one thing if as a protest a few million users requested a web page and knocked it down but for one company to do this with email addresses you don't even know of, even if you own them feels wrong. Ok not a lot to add, it's pretty clear that this is illegal but what about a digital "sit-in" where in a highly coordinated effort we convince millions of users to log onto a site at the same time not just use a program to do it. It wouldn't be as effective as a DDos attack but would certainly show how much backing a certain cause had.

Re:Sophistry at its finest... (5, Insightful)

Tinik (601154) | more than 9 years ago | (#13093804)

Vigilatism may seem like a good idea at the time, but always leads to problems in the long run. It's better to work through proper channels to resolve these problems. If the proper channels can't resolve the problem, then work to fix them.

Doing things properly results in a more permanent fix. Vigilantism just gets innocent bystanders hurt and only works until the next guy comes along.

Re:Sophistry at its finest... (5, Insightful)

Technician (215283) | more than 9 years ago | (#13093847)

Sounds a lot like a DDOS attack...in fact, it sounds exactly like a DDOS attack. But aren't they illegal?



Rule #1 Spammers lie
Rule #2 see rule #1

If an e-mail has false headers, what makes you think the reply-to or un-suscribe belong to the spammer. A DDOS against a third party (Joe Job) is not the way to shut down a spammer. You may be helping him shut down his legit competition. An obfuscated URL may point to amazon.com for example.

I liked the other aproach of repeatedly reloading the page used to buy the spammer's product. That's a way to have them melt or have the hosting company become less friendly to hosting spam product order websites.

Shared hosting (1, Informative)

nmb3000 (741169) | more than 9 years ago | (#13093855)

Making a DDoS attack SOP against spammers introduces other problems. Most of these spammer websites are on cheap shared webhosts meaning that when you DDoS the spammer's website you're likely also attacking many innocent websites.

Even if it's determined that attacking a known spammer isn't actively prosecuted, the fact that you're attacking perhaps many other people as well will most likely get attention.

Re:Sophistry at its finest... (1)

DrWho520 (655973) | more than 9 years ago | (#13093917)

Not a fan of fighting fire with fire, I see. I would like to see a "Do Not Spam List." If you sign up, the system takes care of sending "Do Not Spam" replies. It is automated because one receives way to much spam to unsubscribe from each piece. Is it the lists fault that spammers deliver at such a rate that the replies from the system deliver at a higher rate and DDOS their machines?

Everyone likens spam to junk mail, but it is significantly easier to throw away junk mail then to unsubscribe from each and every piece of spam. Not that unsubscribe works anyway.

Slashdot (5, Funny)

ZakuSage (874456) | more than 9 years ago | (#13093674)

Wouldn't it just be easier to slashdot a site owned by a spammer company?

Collateral Damage (2, Interesting)

Zane Hopkins (894230) | more than 9 years ago | (#13093809)

But how do you correctly identify which sites to target. It will probably cause even more collateral damage than dns block lists.

Fighting fire with fire usually results in damage to both sides (friendly fire anyone?)

Re:Slashdot (1)

Baorc (794142) | more than 9 years ago | (#13093810)

Wouldn't it just be easier to slashdot a site owned by a spammer company?

And legal?

I don't think so (1)

Spy der Mann (805235) | more than 9 years ago | (#13093887)

Unless you want to publish pr0n,viagra or trips to Cancun on slashdot "SPAM" section.

Which I doubt it'll work, because most /.'ers would skip the ads and jump right to the good articles.

Nice try, tho.

Re:I don't think so (1)

srh2o (442608) | more than 9 years ago | (#13093913)

Since when did slashdotter's start reading the articles

Re:I don't think so (2, Funny)

richy freeway (623503) | more than 9 years ago | (#13093932)

skip the ads and jump right to the good articles.

Jump to the what?

Re:Slashdot (1)

HCIdivision17 (899510) | more than 9 years ago | (#13093894)

That'd be great except for two things: -The Bugzilla block -And we don't want the legal laymen to get the Slashdot-effect confused with DDOS, nothing good would come of that.

Hell yes! (2, Insightful)

base3 (539820) | more than 9 years ago | (#13093675)

I think a few GB of traffic in an hour is just the ticket for spamvertized sites, and I always do my part for any one I come across.

For those who complain that ISPs end up footing the bill because the spammers don't pay, well, I guess they'll need to be more careful about vetting their customers next time. As if there are any really "innocent" ISPs hosting Internet "pharmacies" or "Rolex" dealers.

No, no no no no... (5, Insightful)

gmknobl (669948) | more than 9 years ago | (#13093679)

I'm sorry, acting just like a criminal for revenge purposes, no matter how satisfying, is wrong. It just brings you down to their level.

Re:No, no no no no... (0)

Anonymous Coward | more than 9 years ago | (#13093711)

I guess you're one of those people who thinks murderers and rapists should just be given a stern lecture and then set free?

Re:No, no no no no... (0)

Anonymous Coward | more than 9 years ago | (#13093749)

So YOU think we should murder murderers and rape rapists, then?

Re:No, no no no no... (0)

Anonymous Coward | more than 9 years ago | (#13093895)

So YOU think we should murder murderers

What do you think some states have the electric chair or gas chamber, or lethal injection for?

rape rapists

What do you think happens to rapists and child molesters when they get to prison? Some bigger guy named Snake who was abused as a child teaches them what it's like to be abused.

Re:No, no no no no... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#13093785)

A stern lecture? Is it just me or does that seem a bit harsh? How about an hour of sensitivity training and a lollipop instead. Haven't you ever heard that cruel and unusual punishment is illegal in this country?????

Re:No, no no no no... (0)

Anonymous Coward | more than 9 years ago | (#13093787)

No, he just thinks they should have due process before being sent to state-run assrape facilities.

Re:No, no no no no... (1)

www.sorehands.com (142825) | more than 9 years ago | (#13093859)

There is a difference between you beating your neighbor over the head with a baseball bat because he was accused of a crime then him being locked up after a trial.

I wonder, would a spammer be treated the same way in prison as a child molester?

I agree with the first sentence... (1)

tolkienfan (892463) | more than 9 years ago | (#13093824)

"It just brings you down to their level."
but that completely minimizes the act.

Even regardles of collateral damage, it's plain wrong, immoral and either illegal or it should be.

Re:No, no no no no... (0)

Anonymous Coward | more than 9 years ago | (#13093886)

Why do countries have defence forces? When there are entities that operate outside its ability to enforce the country's laws, and these entities cause it harm, you sic your armies on them.

If these guys, or an other company, said that they would unleash the ddos-ing only on spammers who operate from jurisdictions where you have little or no anti-spam enforceability, what's wrong with that? If there's a fleet of spammers sitting out in bulgaria, and they simply refuse to comply with anti-spam laws (because they have no downside to fear, and only have upside to lose), it would seem that we have to get retaliatory, but in a surgical way, no?

It depends on the timing. (4, Interesting)

RealProgrammer (723725) | more than 9 years ago | (#13093915)

If you catch someone in the act of doing harm to you or to someone else, don't wait. Act. Stop the harm being done, or being threatened.

It may be necessary, in the process of stopping the harm, to inflict harm on the attacker. Take care that your response isn't more harmful than that which had been threatened.

Failing to act in that circumstance is at best a reverse tragedy of the commons, in the general case laziness, and at worst is sheer cowardice.

After the fact it becomes mere revenge, which is a waste of time.

This is just a DDOS, and that's bad (2, Informative)

fudgefactor7 (581449) | more than 9 years ago | (#13093681)

Not only is this immoral, but in many places it's outright illegal. This is not the direction to go.

Sounds like a lawsuit waiting to happen... (4, Interesting)

Iphtashu Fitz (263795) | more than 9 years ago | (#13093682)

All it'll take is one spammer to file a lawsuit against these guys to stop them dead in their tracks.

Re:Sounds like a lawsuit waiting to happen... (1)

www.sorehands.com (142825) | more than 9 years ago | (#13093827)

I would hope so. Of course for the spammer to file a lawsuit, they would have to come out from under their rock. Once that happens, there will be at least a dozen anti-spammers ready to file suit under the I-CAN-SPAM act and their state laws.

I don't condone the illegal acts, because then you lower yourself almost to the level of the spammer (which is 1 step above a child molester on the morality scale).

Re:Sounds like a lawsuit waiting to happen... (1)

dotpavan (829804) | more than 9 years ago | (#13093899)

if you see the flash tutorial about how it works, they first send warning messages about the spam being sent and only when there is no response from them, such a step is taken..

Easy profit (2, Interesting)

rockclimber (660746) | more than 9 years ago | (#13093684)

1. Spam in Name of Competitor 2. ? 3. PROFIT

I remember when this debate started (4, Interesting)

AEton (654737) | more than 9 years ago | (#13093686)

A couple of guys told everyone on Usenet about their latest green card scheme.

Should we bomb them into oblivion?

Or should we listen to the voice of reason and tolerate this behavior as a necessary evil, integral to the total freedom of the global Internet?

Sometimes I think we chose wrong.

Re:I remember when this debate started (1)

youknowmewell (754551) | more than 9 years ago | (#13093776)

You forgot the third option: Link them on Slashdot.

Re:I remember when this debate started (4, Insightful)

Have Blue (616) | more than 9 years ago | (#13093874)

And when the "necessary evil" is more than half the email traffic on the net and starting to drown out the things we are supposed to be gaining by putting up with this necessary evil? The moral of the tragedy of the commons is that nobody wins.

I don't think so ... (3, Insightful)

Living WTF (838448) | more than 9 years ago | (#13093688)

What if only once a bad guy manages to blame someone innocent who get's DDoSed? Should we hazard the consequences?

Just a thought... (3, Funny)

PornMaster (749461) | more than 9 years ago | (#13093735)

Does sco.com have an unsubscribe link? ;)

Re:I don't think so ... (1)

sqlrob (173498) | more than 9 years ago | (#13093742)

Only once? Some sites are hosted on compromised machines, deflecting any bandwidth issues away from the spammer. Is it ethical to take down a cable modem node because one there is compromised?

Wait a minute (1)

Pennywisdom2099 (896069) | more than 9 years ago | (#13093690)

What exactly are the "requests"? Are they e-mails? Packets? Also wouldn't one company sending the requests simply be a DOS attack not a DDOS since the extra D is "Distributed" and be easily blocked by the spammer?

upgrade! (0, Flamebait)

ChristTrekker (91442) | more than 9 years ago | (#13093869)

They need to upgrade from a DOS attack to a Windows attack! If all the spammers' machines were infected with Windows, surely some would subsequently crash and less spam would be sent out. That would be more effective than a DOS attack.

Do two wrongs make a right? (1)

millahtime (710421) | more than 9 years ago | (#13093703)

This beggs me to ask, do twon wrongs make a right?

This also brings out the same issues of mob mentality. Who decides who is bad or good? Who leads the mob?

Re:Do two wrongs make a right? (5, Funny)

nurhussein (864532) | more than 9 years ago | (#13093791)

This beggs me to ask, do twon wrongs make a right?

I don't know, but if two wrongs do make a right then your above sentence contains no spelling errors whatsover.

I think Homer said it best (1)

Huh? (105485) | more than 9 years ago | (#13093813)

Yes Lisa, two wrongs DO make a right.

Re:Do two wrongs make a right? (0)

Anonymous Coward | more than 9 years ago | (#13093815)

no, but threen rights make a left.

My mom always told me... (1)

kdougherty (772195) | more than 9 years ago | (#13093707)

Two wrongs don't make a right...

Slashdot Effect (1)

srh2o (442608) | more than 9 years ago | (#13093709)

Would you feel better if we agreed to call it using the Slashdot Effect against spammer.

Different purposes, different results (1, Insightful)

Overzeetop (214511) | more than 9 years ago | (#13093712)

If you shoot me and take my wallet, you are a murderer and a thief.

If I shoot you before you do so, being reasonably certain that you intend to shoot me and take my wallet, I have acted in self defense, and there is no crime.

Not really a one-for-one analogy, but it does illustrate that shooting someone does have different consequences depending on the situation and purpose.

Re:Different purposes, different results (1)

jimpop (27817) | more than 9 years ago | (#13093797)

If I shoot you before you do so, being reasonably certain that you intend to shoot me and take my wallet, I have acted in self defense, and there is no crime.

Don't rely on that to be totally true in all corners of the world, yet alone in all 50 US states. A better position is to feel that your life is threatened, not just your wallet. ;-)

Two wrongs don't make a right (2, Insightful)

Zane Hopkins (894230) | more than 9 years ago | (#13093713)

Why are they doing this, when they could put their energy into tracking the spammers so they can be prosecuted.

Only sending spammers to jail AND taking away ALL their assets (cash/cars/houses) is going to deter them.

Re:Two wrongs don't make a right (2, Interesting)

$RANDOMLUSER (804576) | more than 9 years ago | (#13093828)

The problem is the spammers are operating through zombie PC nets and open proxies. The actual (end) senders of the spam are usually unaware that they're sending it. Meanwhile, spamvertising is an inherently low margin operation. By costing the spamvertised site more hosting costs, you're taking away thier incentive to hire the criminal spammers who we can't catch anyways.

Imagine if drug dealers were invisible, but drug buyers glowed in the dark.

Re:Two wrongs don't make a right (0)

Anonymous Coward | more than 9 years ago | (#13093845)

Only sending spammers to jail AND taking away ALL their assets (cash/cars/houses) is going to deter them.

No it won't. This only works if they *know* that they will *defnitely* be caught. Anyone committing a crime (that is not a crime of passion) does so because they think they will *not* be caught, so the severity of the punishment is irrelevant.

Instead of trying to use punishments as a deterrent, we should be focusing on removing the incentive to do crime. In this case, make spamming unprofitable. DDOS is one (questionable) way that works on one spammer at a time. Convincing dumbasses to stop clicking the links solves the problem altogether. Unfortunately, the latter is likely impossible.

Or the opposite? (1, Insightful)

Anonymous Coward | more than 9 years ago | (#13093727)

Instead of unsubscribing thousands of emails, how about subscribing thousands of fake emails ... which in turn would lower their return ratio and might even result in fail delivery messages, using up more resources.

-Rick

Hate to break it to you, but (2, Insightful)

MatD (895409) | more than 9 years ago | (#13093736)

Spam wouldn't be a problem if people didn't actually click on the links. I've seen studies somewhere about the return rate on spam. While it is quite low, it's still high enough to make it worth their while.

Maybe we should establish a site that lists all the companies that support spam, and then boycott them. We could even have a plugin in firefox that would warn or block a site that was known to have used spam.

Menace to the Internet (4, Insightful)

dfn5 (524972) | more than 9 years ago | (#13093737)

This is just another form of spamming. Anyone who generates unnecessary network traffic is a menace to the Internet.

It's just communication (1, Interesting)

Anonymous Coward | more than 9 years ago | (#13093738)

If you contact me, then IMHO you have agreed to accept my answer, which may consist of more than you expected. Want to stop it? Stop contacting me. Yes, I am aware that this might hurt "innocent" owners of compromised machines. If they can't handle what their machines start, then they're free to take them offline.

do it as a stop-gap measure (1)

BrentRJones (68067) | more than 9 years ago | (#13093740)

DDOS is messy but necessary at this point.

Perhaps it could be "tuned" to more agressively hit the ISPs that allow spam to freely be sent. Then the ISP would have to filter out spam to provide adequate service levels.

Ultimately spam must die from lack of interest. People must not respond to spam.

Didn't someone else do this already? (1)

xotx69 (571221) | more than 9 years ago | (#13093745)

I think this is the link http://news.bbc.co.uk/2/hi/technology/4051553.stm [bbc.co.uk] to the BBC story about the Lycos screensaver that "slows" down spam site. They had to shut it down though because it started taking site down instead of slowing them down.

Should we kill the criminals? (1)

JossiRossi (840900) | more than 9 years ago | (#13093747)

Basically this comes down to the moral idea of whether or not iit's ok to do things to those guilty of crimes (or other unacceptable actsl ike spamming) that would not be ok to do to an innocent person or entity.

So, do we cut off the hands of thieves?

As a side note, the idea of internet vigilantism is a rather interesting topic, and one that as the internet continues to expand could become inevitable.

Re:Should we kill the criminals? (1)

Digital Vomit (891734) | more than 9 years ago | (#13093935)

Basically this comes down to the moral idea of whether or not iit's ok to do things to those guilty of crimes that would not be ok to do to an innocent person or entity.

WTF are you smoking? Of course it's okay to do things to those guilty of a crime that would not be okay to do to someone innocent. The concept of "punishment" is built on this. The concept of "justice" demands it.

What would you have us do if someone commits a crime? Just say "oh well" and let them go on their merry way simply because you would never throw an innocent man in jail?

It is absolutely okay to do things to the guilty that you would not do to the innocent. In fact, it would be morally wrong not to do so (that is, failure to punish wrongdoing is, in itself, wrong). And the punishment should always be commensurate with the crime.

This has been going on for years (2, Interesting)

RingDev (879105) | more than 9 years ago | (#13093751)

This is a common practice. I did some consulting work for a co-owner for one of the early email harvesting/organizing/sales/distrobution companies. (Not on his evil project though) He went through 6 IPs that year. Basicly, DDOSers would attack the entire node he was on, not just him, they would threaten the ISP. The ISP looks at the profit potential of one company, versus the cost of losing all of their customers and would boot him off their grid.

All in all a pita for him. But the thing that will shut down a spammer... Charge Backs. Anyone who deals with online sales and credit cards knows that the quickest way to lose your online sales abaility is to have a few people return their goods and demand their money back. CC companies hate this, and if you get more then a few over a year, you can bet your account is going to get revoked. And getting an ISP is a hell of a lot easier than getting a CC carrier.

-Rick

Instant Karma (5, Funny)

ledbetter (179623) | more than 9 years ago | (#13093763)

Sorry, but I can't feel bad for spammers (or sites that support them) who get DDoS'ed. They make their $ by annoying millions in the hopes that hundreds will be gullible enough to buy their crap. What goes around comes around... and I fully support the use of DDoS attacks against these loosers.

Furthermore.. the repeated HTTP requets should include in their USER_AGENT header the following so it shows up in the logs ("LOOKS_LIKE_YOUR_WEB_SERVER_NEEDS_SOME_V1aGrA")

use of innocent email/web addresses (1)

nostriluu (138310) | more than 9 years ago | (#13093764)

Spammers use unsuspecting third party email "from" addresses to to send spam. Spammers could also use fake unsubscribe links to redirect to innocent people's sites. Those people would be incidentally taken offline and might end up with tremendous bandwith bills. So this is just another bad idea.

DDoSing spammers (5, Insightful)

farnz (625056) | more than 9 years ago | (#13093775)

If you're sending an unsubscribe request to a spammer in response to a spam you've received, that's not intended as a DDoS; the spammer invited you to contact them and unsubscribe, and should have taken care to limit their list to avoid accidentally DDoSing their servers. In the same vein, I see nothing wrong with browsing a site advertised to you in a spam, despite intending to merely use up bandwidth, rather than make a purchase; again, if the spammer isn't happy, they shouldn't invite you to browse their site (in other words, they shouldn't send spam if they don't want to be visited).

When you start trusting someone else to tell you who's spamming and who isn't, you invite them to abuse that power; what guarantees do you have that Blue Security will never go to a legitimate site owner, and threaten to tell SpamSlayer users that the legitimate site is spamvertised unless Blue Security receive enough money?

What if you get it wrong? (0)

Anonymous Coward | more than 9 years ago | (#13093777)

For argument's sake, let's assume their stealth is better than your stealth and the wrong person gets targeted.

Who's going to profit from that?

Can of Worms? (1)

Evil W1zard (832703) | more than 9 years ago | (#13093779)

Ok this is a dumb move on many levels. For one it is going to be illegal activity in many places and will give the "spammers" a legitimate reason to sue the people behind the attack. This also seems like an asanine solution to the problem itself. So spam emails take up so much bandwidth and we should solve that by chewing up even more bandwidth in order to shut down them down... If your stated goal is to knock these people offline then why not just directly try to penetrate their box and disable their computer vs. a DDOS. In both cases the activity is going to be illegal and in both cases your goal is the same so take the route that is more virulent to the target while causing less disruption for other users riding shared bandwidth...

Re:Can of Worms? (1)

base3 (539820) | more than 9 years ago | (#13093832)

Ah, the "violence begets violence" argument. But if spam isn't attacked, it's guaranteed to grow. With a counterattack, ISPs will be motivated to kick their spammers quickly, and the "cost" to spam increases. Eventually, when it is established that spam will be met with a swift and devastating network attack, it will become less common.

We have to kill over 100,000 Iraqi civilians... (0)

Anonymous Coward | more than 9 years ago | (#13093786)

...to make the world safer. I guess the ends justifies the means when we are doing our good deeds.

Better than the option (1)

dazedNconfuzed (154242) | more than 9 years ago | (#13093893)

Should Saddam have been left in power, ensuring the termination of a million more?

Like 20 years of UN "Stop! or we'll say 'Stop!' again!" resolutions did any good.

WWACD? (1)

Trigun (685027) | more than 9 years ago | (#13093789)

What would Alan Cox do?

Alan has shown enough reason, good judgement, and overall technical prowess to be the voice of reason in these matters. Ask him. If he says, "Sure. It can only help", then sign me up. But I don't think that he'll be saying that anytime soon.

No!! (1)

Skellbasher (896203) | more than 9 years ago | (#13093811)

Creating a DDoS attack against a known spam source, although stress reliving and good clean fun, is not worth the potential legal risk. Aside from that, any action taken against spam retailiators takes attention away from the true problem, the spammers themselves. Courts are already ruling in favor of scumware vendors based on esoteric loopholes in laws that aren't to par with the technology they regulate, the last thing we need to do is getting people in trouble for taking shots at these morons. Once the laws of the land tell me I can use every avaliable bit on my internet pipes to blow these dirtbags out of the water, I won't do it. I hate spam, but I hate lawyers more.

Sounds great, until... (0)

Anonymous Coward | more than 9 years ago | (#13093821)

Your personal mail server is blacklisted, or a production server is mistakenly blacklisted. "The whole company network is down? Because an AOLien said we spammed them? Well, that's ok... we'll just stop doing business until the DDOS attack is over." Ok, this is an extreme example that I'm sure will never happen, but you cannot tell me that any safeguards put in place will be 100%, or won't give the real spammers sufficent warning to stave off the attack.

DDoS attacks affect more than just the target... (2, Insightful)

Afecks (899057) | more than 9 years ago | (#13093822)

Something everyone should remember is that unless you are directly connected to the spammer's LAN, you aren't sending packets to him directly. Every packet you send out travels many hops. Your ISP and everyone in between have to use resources to forward that packet.

I don't know about everyone else but I don't want my cable connection bogged down just because my neighbor feels like being an activist. Let's let the legal system do its job and use distributed computing for protein folding or other more worthy causes.

Don't you hate it... (1)

kjkeefe (581605) | more than 9 years ago | (#13093833)

Don't you hate it when a new sentence starts in the middle The editors must really have been asleep on this one...

One thing will stop them.. (0)

Anonymous Coward | more than 9 years ago | (#13093837)

We can always start taking right nuts...

The truely evil go free.. (1, Troll)

Tominva1045 (587712) | more than 9 years ago | (#13093838)



The truly evil spammers aren't going to follow the email advertising rules. They will hide where they are coming from or pay someone else to do it.

If the U.S Post Office sends people mail they take it.

When people watch TV they are inundated with 20 mins of commericals per hour; no choice.

Yet if a company follows the current federal laws on sending email they still get hammered. Just once I want to see a story about someone dumping an 18 wheeler truck of mail they got from the Post Office back in their parking lot.

The hypocracy of the hipster-dufus-script-writing-underemployed-geekdom can not be underestimated.

DDoSes impact more than the site being targeted. (1)

Jerle0 (899471) | more than 9 years ago | (#13093841)

Regardless of the ethical issues involved, any DDoS does a lot of collateral damage. I've been on a subnet before where someone else's machine was attacked, but it made my own site inaccessible at the same time, and probably strained other people upstream. Retaliation attacks are likely to hurt a lot more people than just the spammers, however irritating they are.

Easy... (1)

RancidMilk (872628) | more than 9 years ago | (#13093846)

Its not that difficult to stay off spammer's lists.

1. don't let people send you chain mail unless you are BCCd
2. Don't send out mail that will be forwarded.
3. Don't post your e-mail address on websites in NAME@dom.top form.
4. Don't subscribe to hoaky mailing lists.

I have done this, and I haven't had a problem, yet. If more people would learn how to manage their email, they wouldn't have to worry about spammers.

Re:Easy... (0)

Anonymous Coward | more than 9 years ago | (#13093916)

Brilliant idea there, rancidbrain. Now I want you to go explain it to mom and pop. How are you supposed to tell a non-technical person to avoid this stuff? I invite your training manual on how to avoid distributing your email address unknowingly. Your next assignment will be distributing it to everybody and incenting them to read it and follow the advice. If you can do that, you win one meelyun dollars. Don't quit your job yet, Einstein.

Don't DDOS'em, just fuck'em. (1)

Pig Hogger (10379) | more than 9 years ago | (#13093849)

Don't DDOS the unsubscribe servers, just flood them with useless information.

US Census publishes lists of first and last names, which can then be used by a script to generate fake e-mails, which then can be submitted to the unsubscribe website.

The idea is to fill the spammer's list of "unsubscribed" e-mails with worthless e-mail address, thus diluting the value of the list.

This method can also be used against ph15hers, too.

Crazy Idea (0)

Anonymous Coward | more than 9 years ago | (#13093858)

I know how to stop spammers from making money. No one buy what they advertise. Don't just ignore the ads, make a note to never buy from the companies in the ads. Unless they are *imagining* that spam increases revenue, this would have to work. Of course, I am surprised to think that someone buys the crap now.

spam == wasted bandwidth (0)

Anonymous Coward | more than 9 years ago | (#13093860)

My major concern as a sysadmin is to make my usage of bandwidth as effective as possible, and a high-volume spam day can be rough, esspecially dealing with limited resources. I didnt rtfa, but I'd imagine somthing like this would be implemented server-side, and it concerns us sysadmin types. DoSing the spammers would only increase your problems maintaining a healthy site. Spam is easy enough to filter out of end users mail, and frankly it gives me somthing to do when my thumbs come out of my ass. You know I'm right.

dustin

It's a jungle out there. It's war. (1)

gelfling (6534) | more than 9 years ago | (#13093870)

Or at least an arm's race and anyone who thinks that sunday school models of good behavior and just plain ol being nice is a better way to proceed, is being childish.

I wouldn't stop at email requests. I would hurl massive amounts of big frames at them all day like a REAL D/DOS attack. All you have to do is increase their cost of doing business a few percentage points.

DDoS by fax (1)

OliverWendellHolmes (890589) | more than 9 years ago | (#13093873)

I've heard of this being done with the annoying faxes coming in all the time; you know, vacations, mortgages and the like. Anyway, the guy I knew would fax the sheet back to the company, but to the telephone no. you were supposed to call. A few score of those would flood their phone system with faxes instead of customers.

It's all fun and games... (1)

arrow (9545) | more than 9 years ago | (#13093879)

untill the spammers website is hosted on the cablemodem of someone on your block.

I prefer the SpamVampire method (1)

syntap (242090) | more than 9 years ago | (#13093885)

With SpamVampire you set your browser to continuously load images from a spammer's site. It doesn't deny service but it eats bandwidth which (theoretically) increases his/her costs.

Simply Put... (1)

wetdirtmud (890895) | more than 9 years ago | (#13093891)

Two wrongs don't make a right. Three lefts make a right, such as attacking their ISP with complaints. [Considering they forgot about proxies]. Although I dont know what that has to do with turning left.

Great (0)

Anonymous Coward | more than 9 years ago | (#13093901)

Great guys now everyone is running to spammers defence. Spammers dont care about they do to you why do you care about their websites? They deserve to be in jail more than having their sites shut down.

Not going to work (1)

mfloy (899187) | more than 9 years ago | (#13093905)

These type of things are exactly what everyone *wants* to do to spammers, but we need to remember that they have rights just like everyone else. We can't go DDOSing a spammers site, and then get upset if someone were to DDOS a site we like.

Have to do SOMETHING (1)

Dadoo (899435) | more than 9 years ago | (#13093908)

As much as I feel this would be total vigilantism, I look at my spam statistics and see we're averaging between 50,000 and 100,000 spams per day and I feel that something has to be done - if only because of the sheer volume.

While I'd never DDOS a spam site myself, it's only because I'm concerned about the penalty. If I knew someone else who was doing it, I'd certainly have no problem looking the other way.

Of course we have to DDOS them (5, Funny)

Weaselmancer (533834) | more than 9 years ago | (#13093909)

...because it's illegal to castrate them.

illegality (1)

milktoastman (572643) | more than 9 years ago | (#13093927)

Yeah, it's probably illegal--but illegality can be defined with nails. Tap tap tap...

What shall we do? (3, Insightful)

erroneus (253617) | more than 9 years ago | (#13093936)

Two wrongs not making a right and all that... we know the drill. But it is undeniably wrong that spammers do what spammers do. With that in mind, we can either (a) wait until they see the error of their ways, (b) wait until sufficient legislation is enabled that will actually work or (c) do something about it ourselves.

A and B aren't working. C, at present, is the only answer we have available to us.

I want to say for the "record" (whatever that means) that marketing through email is okay with me so long as people WANT to recieve it. If someone out there WANTS to buy some descrete penis pills or any other "plain brown wrapper" item that's fine with me. And let there be a means for them to subscribe to the stuff. The key is Opt-in explicitly and without any tricks or gimicks and more significantly, an "instant off" function that will not require 4-6 weeks to update their databases (which is utter horse shit). Okay I said it... now let's move on.

We do everything we can to block these people. They do everything they can to avoid being blocked. Their attempts at evasion is proof positive that they know they are pissing off the world for profit. How many other business models work at public expense for personal gain? In effort to prevent at-large vigilante-ism, where should the line be drawn? As much as I'd like to pull over and beat the crap out of people with ridiculously loud stereos playing in their cars, it's wrong (and dangerous) to do.

I'm at a loss for what we should do about the problem. These people are essentially polluting the internet and it needs to stop. But how?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?