 Spam's Empire - Chapter 2
Posted on Wednesday, March 22 @ 14:39:29 PST by FatherTyme
EdisonRex submitted the following "
From the forum rules:
"Posting in the "For Sale / Wanting To Buy" section is for ACTIVE
members only. Do not register here just to post stuff you are trying to
sell. More than likely we will just delete your account and post. If
you're planning on posting a message here, make sure you read the rules
specific to that section."
David Ferris recently wrote, "One man's spam is
another's delicate repast". From the point of view of any forum
moderator, no spam is good spam. Forums operate like little (or big)
online virtual villages. People form relationships, move in, move out,
come back to tearful reunions, new people move into the neighborhood.
There are many dynamics of an online forum that follow real life. This is largely because it isn't a
"virtual" community at all, it is a real community. The people in
that community congregate for shared purposes. It is rare to find a true
community (as opposed to an electronic billboard) that tolerates spam.
Having participated in many long lived forums and mail lists over 20
years, starting with VAX-Notes communities on the legendary Digital
Equipment Corporation worldwide DECnet, various prehistoric dial-in
bulletin boards, the sadly abused Usenet, mailing lists,
and php/SQL-enabled web boards, it is obvious to me that participants are
tacitly (and many times actively) encouraged to use etiquette. As in the Real World,
door to door salesmen selling Cialis are not appreciated by most.
Online communities have various methods of dealing with spam. Some of
the communities with younger demographics have been known to actively
organize "spam back" attacks. Some heavily moderated forums have a
"shoot on sight" deletion policy. At LittleBlackDog, the moderators
started monitoring the source of spam attacks, and in many cases have
published the IP and geographic location of spam messages, deleting the
content and replacing the message contents with the trace information.
Being a community of mostly technically minded people, the transformation of
the mechanized barrage of mindless spam into a timestamped Neotrace log
has been popular. In a recent persistent attack by Nigerian "discount cell phone" spammers,
humorous editing of the post made for an entertaining, if ephemeral,
chuckle.
The appearance of the stars-empire first spamshot was not unexpected.
Spam technology, such as it is, seems to have depressingly predictable
patterns, one would assume, due to the nature of the scripts which are
spreading them. To set up for a phpBB spamshot, for example, a spammer
needs to register first, type in the alphanumeric "human readable" code
from the (apparently not very effective) spambot filter, receive an email to the
mail address the spammer used, and then activate the account using a
code sent in the email. When LonelyK showed up in the memberlist, with a
mail address of stars-empire@mail.ru, (I feel no duty to
protect the throwaway address of a spammer from mail harvesters), it seemed pretty
obvious that an unsolicited commercial advertisement post was going to
show up. The post showed up, and the link was removed, and a public
warning was posted to the spammer to read the forum rules. In the
spirit of solidarity that the dog pound shows, comments were left by
other members as well. One detail, which is, in hindsight, the most
significant point, was having gone to the site, and looking up the
site's owner in the domain registration, and adding that to the trace.
Registrant:
Oleg karabanov oleghelp@mail.ru +7.9265475502
Private person
bumajnyi proezd 14/2 etaj 4 ap.503
Moscow,moscow,RUSSIAN FEDERATION 127220
Surprise!
On Wednesday, March 15, the thread was revived by a new member with some bad news. My visible details in my profile, and my nick itself, were appearing in the forum that this new member was site admin at. The significance of this fact did not register for part of the evening, as at least with this instance the admin was kind enough to give us a heads up. The spammer had changed one of the publicly readable items; my website pointed to http://www.littleblackdog.com and the email registration was edisonrex@mail.ru ...
And then on Friday, March 17, a separate topic from a new French member tipped me off to a different spamshot, so my nick was now used in two different spamshots. Zebu was kind enough to give us information about the second spamshot to indicate that it was very similar indeed to the first one, except that the body of the message was entirely different, and completely without context. The same details were used.
It wasn't hard to draw an initial conclusion as to the source of the spam. Both spamshots traced back to chtivo.ru, a fairly well established Russian online bookstore. It has also had problems with being an open relay in the past. The fact that every single mail address was pointing to mail.ru was very coincidental, and although mail.ru is a fairly common webmail site, it just seemed lazy. It would be analogous to using yahoo.com as the source of all mail accounts in a spamshot in the US.
What was he thinking?
The first, and most completely puzzling act, was the inclusion of the link to http://www.littleblackdog.com along with my nick. When one gets to be a certain age, one can think in abstractions. And there are levels of abstractions to think about too. What happens if I do this? What can happen if this situation exists? What if someone does that? I was both a computer science and social science major in university. Human interaction with computer systems is a complex field, and complex thinking is required early on. After 22 years, it takes either a very smart person, or a moron, to confuse me. Even that being said, the decision tree to reach a conclusion is actually very short. Shorter, in fact, than any usual analysis.
If the whole idea of memberlist spamming is to increase page references and therefore increase the ranking of a site in Google, why is there a reference to littleblackdog, coupled with a text reference to stars-empire? It boggles the mind. Because here is what appears to this confused author: It links EdisonRex, http://www.littleblackdog.com, and http://www.stars-empire.com together in a very readily searchable set. Perhaps 50% of the textual references to stars-empire will be deleted by good admins. Perhaps only 20% of the bogus EdisonRex memberlist spams will be cleaned out (if you are an admin reading this, and you have one, hi there, do please clean it out). But it remains as a puzzle that the website link for EdisonRex on all of these spamshots was to, of all the places to send people, the place where someone who didn't like your spamming administers the forums.
So it occurred to me, that, perhaps to dissuade future spammers from doing something as foolish again, it would be within my modest abilities to demonstrate the effect graphically. With that, we continue to explain. We here think Oleg needs the education.
Why I Care about My Nick
The original concept of a nick was an alternative identity. People have used aliases for most of recorded history. In the context of modern online communities, a nick is as much of an identity as a real name for many people. In the context of my own nick, it was carefully kept associated with specific places in order to allow people to find me and know who I am. My reputation was in that nick, and a lot of good will. My good name was hijacked, for a purpose I did not authorise, by a person to whom I have never spoken, because he didn't like my enforcement of forum rules. In the modern world, that is a form of identity theft. In my mind, it is a violation of my very being, because EdisonRex is as much a reference to the real me as my real name is. This is a grave affront to me, indeed.
Next, The Dogs Hunt, and Let's Meet Oleg
"
| |
|
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
|
|
Average Score: 5
Votes: 6
|
|
|
