Login/New-Account | Search | Submit a Story! | Greplaw!??
 
GrepLaw
- About
- FAQ
- Discussions
- Messages
- Topics
- Authors

- Preferences
- Older Stuff
- Past Polls
- Submit Story
- XML/RSS

GrepLaw
This site is a production of the Berkman Center for Internet & Society. Please email if you have questions, contributions, or ideas about improving this site.

F & F
Family

Friends

 
The Onion: The Spam Epidemic
posted by scubacuda on Saturday May 31, @07:39PM
from the X-Spam-Flag:YES==>uce@ftc.gov dept.
News The Onion's latest What Do You Think? section covers The Spam Epidemic. If it were open season on spammers, maybe the first response wouldn't be too far off:
"Thank goodness Congress is going to do something about this problem. This should all be cleared up in, like, three weeks."
Grrr...spammers and their stupid tricks.

Aimee Deep on Madster and Copyright | DirecTV Targets Pirates' Den  >

 

 
GrepLaw Login
Nickname:

Password:

[ Create a new account ]

Related Links
  • The Onion
  • What Do You Think?
  • open season on spammers
  • stupid
  • tricks
  • More on News
  • Also by scubacuda
  • This discussion has been archived. No new comments can be posted.
    The Onion: The Spam Epidemic | Login/Create an Account | Top | 10 comments | Search Discussion
    Threshold:
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    GrepLaw linking to questionable (adult) material (Score:1)
    by A Proud American on Saturday May 31, @10:27PM (#697)
    User #684 Info
    I was expecting a page featuring humorous jokes when clicking the link provided to me by GrepLaw, but instead quickly encountered the following quote (I will hide the expletives, however):
    "Gee, you make one little online inquiry into dripping wet teen pu**ies getting pounded by 12-inch horse co**s, and you're swamped for the rest of your life."
    This is highly offensive and, although some may find it amusing, is distasteful and trite. I'm disappointed by this article, and I'm surely not the only person who has been offended.

    I think an apology is in order.
    Re:GrepLaw linking to questionable (adult) materia (Score:1)
    by Bill_Royle on Sunday June 01, @03:27AM (#706)
    User #654 Info
    *Raising hand* I am one of those who found it amusing, and wasn't offended. It's illustrating very starkly exactly why a lot of people get tons of spam - because they click once on a link to a porn site brought to them by email. Sorry you didn't enjoy that one like I did - perhaps I've just seen a lot worse associated with the spam debate, brought to me via spam. I actually learned two new words via spam, which I won't repeat. A quote like the one provided in the section you're referring to pales in comparison to what I get in my inbox daily.
    Re:GrepLaw linking to questionable (adult) materia (Score:0)
    by Anonymous Coward on Sunday June 01, @01:50PM (#711)
    Congratulations! You are the trollee in Yet Another Succesful A_Proud_American Troll, or YASAT.
    Re:GrepLaw linking to questionable (adult) materia (Score:0)
    by Anonymous Coward on Sunday June 01, @08:19PM (#714)
    Methinks you need to familiarize yourself with the nature of humor of the Onion.
    Re:GrepLaw linking to questionable (adult) materia (Score:0)
    by Anonymous Coward on Monday June 02, @12:21AM (#718)
    That dude obviously didn't read this article http://www.pcworld.com/news/article/0,a id,109884,0 0.asp
    Re:GrepLaw linking to questionable (adult) materia (Score:0)
    by Anonymous Coward on Monday July 21, @12:58PM (#863)
    Your right it was offensive and funny at the same time!!!
    Actually... (Score:0)
    by Anonymous Coward on Sunday June 01, @08:15PM (#713)
    I'd love to have them shot and killed. If someone goes so far above and beyond the call to be a blight on society, it just may be justified. Honestly, even though this is a law site, how many of you actually wish we could get away with doing that? - Zav
    Re:Actually... (Score:1)
    by scubacuda (reversethis-{moc.emani} {ta} {aducabucs}) on Monday June 02, @12:04AM (#717)
    User #483 Info | http://www.greplaw.org/
    "Open season" as in bounties on their identies. (The spammer must pay $ to the person who reports her or his identity to the authories) Not "open season" as in physically harming them.

    There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie. Noel Godin

    Re:Actually... (Score:0)
    by Anonymous Coward on Tuesday June 10, @04:59PM (#791)
    I understand your point completely, yet the temptation to actually have someone break their legs is all too tempting. Not trying to be a troll, just echoing my disgust at what they have done to a damn fine distribution medium and tool. - Zav
    How They Cover Their Tracks (Score:0)
    by Anonymous Coward on Monday June 02, @01:49AM (#719)
    How they cover their tracks

    Why do spammers hide? Today, most ISP's will not tolerate a spammer. They are quick to terminate a spammer's account when complaints start coming in. A spammer wants to preserve access to one single ISP, and not have to keep signing up with new ISP's when their account gets closed. Setting up Internet accounts take time, which means lost money. There are many ways that spammers try to hide their IP addresses. As spam-fighters figure out these tricks, the spammers figure out even tougher ones to crack. As I see them, I'll post them here.

    * Decimal IP Addresses Ever see an e-mail address that looks like "spammer@123456789"? What the heck is that number? It's a legitimate IP address that your system will recognize. It's just in decimal. To get a human-readable IP address, you need to convert it into hexadecimal, divide it into four sets of two digits, then convert each set back into decimal (whew!) The Windows calculator will do base conversions when placed into "scientific" mode. If you don't want to do this yourself, then try the "Convert Decimal to Hex" tool at Network Tools.

    * Hexidecimal Addresses are starting to be used as well. These start with "0x", and the browser knows what to do with that. Take each pair of characters after the "0x", convert it from hex to decimal, and place a period between each resulting decimal number. This is the IP address.

    * Escaping Another trick is to use legal URL-formatting tricks to hide the address. This includes "escaping", usernames, passwords, and redirection. Escaping encodes the URL with a percent sign followed by a hexidecimal code. An escaped URL can look like "http://%2E%2E%2E%48%20%18%32%2F%48...". You can easily decode this by copying it into the location bar of your browser and hitting return. The status area of your browser will usually show you the translated address. If you don't want to make your browser go the the URL, then you can decode the URL with a good old ASCII translation table. Many of these have decimal, hex, and octal codes for each character.

    * Usernames and Passwords Did you know that usernames and passwords can be passed in a URL? This is typically not encouraged, because it leaves this sensitive information in plain sight for all to read. It goes like this: "http://username:password@www.website.com". Here's how some spammers have taken advantage of this: "http://www.website.com:www.spammer.com/@12343523/ x.html". Notice the confusing proliferation of "www" addresses. The one that counts is after the "@" sign, and the others are there just to throw you off the trail. The use of a numeric IP address after the "@" sign is supposed to confuse you even more.

    * Redirection A more insidious, hard-to-trace, and probably blatently illegal trick is "redirection". Many search engines now perform redirection when you click on a link resulting from a search. They do this to keep track of which sites are the most popular. Spammers have figured out how to use these to get you to their site by first sending you through these search engines. What you see is a really complex URL with a few well-known search engines embedded within. It's harder to dig out the final website URL, but it's possible. Be sure to report this abuse to all of the search engines involved, as well as to the ISP hosting the response site.

    * Relay Page Another trick I've seen is to create a "relay" page on a "throwaway" web site. This web site is typically created on one of those free hosting services (like Tripod), and the spammer doesn't care if it gets shut down eventually. The web page on this site contains a link to the true web site of the business. This way, the spammer draws complaints away from the ISP that hosts the real business web site. Complaints will go to the free ISP, and the relay web site will get shut down. It's worth the effort to dig into the relay page to find the true webpage address. There are even some businesses that make it their business to host these relay web sites. These are tough to get shut down, but they'll eventually go away with patient and persistant complaints to their ISP.

    * Encryption Often spammers will try to hide their true URL through a combination of these tricks. Another trick is to completely encode and encrypt the relay page using JavaScript. A JavaScript decrypter is used to rebuild the page for your browser. Of course, with some well-placed changes, you can make the decrypter dump the raw HTML to your screen to expose the web site instead. This requires a little programming experience, however.

    If you want to try this, then add a document.write(""); right before the decryption routine, and a document.write(""); right after it. This will place a large text box around the resulting code, and you'll be able to copy the decrypted HTML into a text editor for viewing. Also, if you see any window.open calls, then replace those with document.write calls. Remove all but the first argument in these calls, and the browser will display the URL instead of opening a separate window to it. Now you can download the page at this exposed URL for inspection.

    * Security Many spammers will secure a web page with JavaScript so that you can't right-click and get the properties of the page, or view the source, or do anything else to trace the web site. If you can get the URL of the page, then you can download the page to a file instead of loading it into a browser. This allows you to inspect the file in a text editor, such as Notepad. If you have an editor that is made specifically for web pages, then it may be able to load a page directly from a URL. If not, then create a little file with the following HTML inside of it: this [placeurlhere]

    Place the URL that you want to grab in the appropriate spot in the file. Now, save this file with an ".html" extension, such as "getit.html". You may have to enclose the whole file name in double quotes to prevent Notepad from automatically appending a ".txt" extension. Open the file with your web browser, and you will see a simple link, "this". Right-click on that link, (or click-and-hold on a Mac) and save the target to a file. Now you have captured the web page as a file to look at. *

    Domain Registries With the proliferation of domain registries, spammers have taken advantage of the resulting confusion. They will register false credentials with those registries who have lax rules or enforcement. They will also register will foreign registries, who have a difficult time responding to complaints in a different language. Verisign has created a fairly good "whois" lookup tool that finds the registry involved.

    When you are looking for the owner of a web site, don't believe the information registered for that site's domain. Instead, get the IP address for that site, then perform a network lookup on this IP. This registration has to be genuine, or the ISP involved would not accept it. Network Tools is great for taking a web site's domain and displaying all information available about that domain. Look toward the bottom of the report for the actual owner of the IP address. *

    Executable File There is one spammer who uses a disposable relay web page that contains an executable file for Windows. This file is doubly-compressed to hide its internal code. Once Windows decompresses this mess, it ends up with a dialer application. This application hangs up your modem and redials an offshore phone number. The resulting charge shows up on your phone bill. Those with a binary hex editor can figure out what was used to compress this file. Once decompressed, the web page addresses involved are exposed. If it's too late and you have charges on your phone bill, see this FTC page.

    Telephone Number Some spammers have taken to providing only a telephone number as a point of contact. Your only recourse is to complain to the telephone company that is hosting that number. You can look up this information at NANPA, the North American Numbering Plan Administration. More specifically, first find the state served by an area code in the NANPA list of Area Codes. Then download the relevant table from their Code Assignments page. You will need to match the state, the area code (first three digits), and the exchange (second three digits) on the table to get the company responsible for serving the phone number. Now you can search for that company in your favorite search engine to get their web page address. For 900 numbers, there is a separate table available.

    Humanity has the stars in its future, and that future is too important to be lost under the burden of juvenile folly and ignorant superstition. - Isaac Asimov

    [ home | contribute story | older articles | past polls | faq | authors | preferences ]