My friend Olliver has been having demonic fun with spam bots by giving them too much to eat and has created a script under the GPL.

He says:

If you want to check it out, it can be found in the (original link deleted by Jrobbio) attachment on the 3rd post.

If anyone tests it out, please let everyone (including Olliver) know what you think about it.

You can see it partially working here: http://www.topfunwebsites.com/hungryspider/

JR

When I try to get to the link; all I get is a "ERROR: You are not logged-in" message.

But the copy on your website is simply funny - the names! OMG, they sound like the people who send me emails offering to share millions of dollars from some rich (and dead) Nigerian.

__________________
J de Silva
Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™

didn't think of that

I've uploaded it to GIDforums instead.

Rob

Attached Files

sod-0.1.1.zip (17.6 KB, 7 views)

Hi,
I was surprised to find my little script in this forum . Anyway, here's a working demonstration of the script:
anoncheck.bbclone.de

Regards,
Olliver

Hi Olliver,

Welcome to GIDForums™. I am curious, what are the chances your script does in fact create legitimate and active email addresses?

__________________
J de Silva
Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™

I'd say very unlikely. Looking at the code tells you why:

• There's a extension list (common TLDs) which sometime gets arbitrarily combined with sub extensions. Sub extensions are classifications within a TLS, ie. com.tw, ed.jp or gov.uk.
  Pretty often there are combinations which doesn't exist in reality, though the TLD will be always valid.
• The domain name sometimes consists of two parts which randomly get combined either by a dot, a dash or a number between 0-9.
• The name also sometime consits of two parts, however if available they'll get connected with a dot.

Even if it happens to generate a valid name it still has a nonsense domain and/or extension. Additionally, each name or domain part is randomly generated by combining syllables and single letters. I could use characters only, but then the results are obviously nonsense and can be easily sorted out by scripts. In order to really mess up a spammer's database the names still have to remain somehow reasonable so they can't get filtered out without unwanted side effects. I think it's pretty safe to use.

Olliver

That's good to hear... but you know, there was a time in the past where a spammer (or two, I don't know) used my email address in the return path for all his spam. I know I wasn't the only webmaster affected by this issue because it was actively discussed at another forum not too long ago.

This is not a problem really since most blacklists appreciate the fact that it's simply SO easy to spoof the email address in the return path. However the major headache (at the time) was that I received tons of 'bounced' or undeliverable spam. Of course I have since disabled my 'catch-all' but I shudder to think what the effect of your script is going to do to the volume of bounced emails some poor (innocent) webmaster is going to have to put up with.

__________________
J de Silva
Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™

Not nice, but understandable from a spammer's view, at least the more clever ones. I recently got some 419-scam with a wrong "to" header. Like the spammer set a forwarder to my address. Funny was, it was the same address one should contact him for the big 15 million dollar deal .
Your argumentation sounds like my script would help a spammer doing his/her job and that without it, that said webmaster would lead a peaceful life. that's not correct for several reasons. It's the spammer who collects the addresses and uses them to send unsolicited emails. In addition he/she is willingly spoofing headers in order harm someone else. In the end there's absolutely no difference whether the bounced emails come from real existing persons or faked addresses. The overall amount of recipients doesn't change, it just would have been compiled differently. With or without the script there would have been tons of emails to that spoiled address. It may take a day or two longer to get the "right" volume of addresses, but still it would be the same load on the SMTP server who has to send it.

But back to the discussion:
The main effect is, that no matter what technics a spammer is using, the collection of addresses will render his/her database completely useless. You have to see that the purpose of spamming is targeting existing persons, since that's what a spammer gets paid for. If the database doesn't meet this criteria any longer it means the spammer is out of business.

Olliver

No, that is not what I am implying. I did say that I was concerned about the effects "your script is going to do to the volume of bounced emails" - i.e. it is possible it will increase this volume. No where in my reply did I claim that your script will be the only cause of it


Except to the (spoofed) webmaster receiving the 'bounced'/undeliverable emails.

My concern with this script is not the idiot spammer anymore (if it's not already obvious to you), it's those innocent people that have to deal with the bounced emails that is really my concern. To a spammer who is stupid enough to put his own email address in the FROM field, this is considered a minor inconvenience (for the potential returns of his spam campaign) - but to a regular webmaster (a target of some retard spammer), even 100 of these bounced emails is enough to stress anyone out.

I have to disagree with you here... $$$ and a lot of it is what (generally) motivates a spammer - plain and simple; to the spammer, it matters very little if his 3.5 million addresses now include another 3,000 valid and 100,000 fake email addresses. If your script is able to seriously make a dent in their email address database, trust me, they'll pay 1000s of dollars to prevent it from happening ever again. Again, it is very, VERY easy for a spammer to commission a simple script from some kid for $100 to validate email addresses quickly. Heck, even I could come up with something in a matter of minutes...

The reason why I am even spending time on this thread is because I respect your objective but I am not convinced this is such a good idea after all. I mean, I am not talking about the script anymore, I am sure you've spent some effort on it and it works wonderfully - and that's something to be proud of. I was simply not convinced, I had to think about this and this is why I didn't shoot the idea down in my first reply already. But now that I've thought about it, I think the best way still, to get even is to get as many spam reported as you possibly can (and DON'T read / buy from spammers) and tell as many people as you know about how to handle spam. I know it's hard-work but I haven't seen anything else that may help the situation, really.

__________________
J de Silva
Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™

Actually, J, it's happened to me too. A virus spamming bot once used my e-mail address (I don't know where they got my e-mail address, perhaps from some forum), but I got quite a few "returned to sender" messages because of this. I must say that it's extremely peeving!

I think that this program looks interesting, although if its purpose is to generate realistic names (so I assume it would be something like: pencilmaster333, rather than g30xw3i32), what are the chances that it will generate a legitimate e-mail? Of course, this won't really affect much, as the 10,000 e-mail will probably crash the bot, but I'm just curious as to whether there can be any adverse consequences.

Conker

__________________
You're not supposed to be looking at this.