Friday Cephalopod: Study in blue » « Friday Cephalopod: Study in blue

Spam advice

The Dennis Markuze story has made it to Ars Technica. I am much relieved to have that pest gone from my mailbox, but I was thinking about one point everybody is missing: the human brain seems to have an edge over computers.

I just checked, and the FtB site has accumulated about 2100 spam hits which none of you have seen, but which were automatically intercepted by the software (you aren’t missing much: somebody really wants to sell you shoes, lots of shoes). Markuze was hitting me on email and twitter for more than that, and the thing was, those all got past the filters I’ve got in place. So one obsessed crazy man with minimal technical skill and nothing but persistence outperforms all the spambots out there, at least on the scale of individuals, if not in breadth of attack.

Spammers might want to think about that. Instead of writing a new generation of software to circumvent our filters, maybe they should recruit social misfits with obsessive-compulsive disorder, and write software that amplifies their efforts. You can blame me if they take my advice.

(Also on Sb)

Friday Cephalopod: Study in blue » « Friday Cephalopod: Study in blue

Comments

  4. says

    Judging by some of the spam I get at my personal site, I’d assumed they were already doing that – though with cheap labor from developing countries instead of social misfits.

  5. moggie says

    Do you really want someone who will threaten to execute you unless you add 3-4 inches to your penis?

  6. eean says

    There’s a big difference between harassment and spam. Complaining that this guy wasn’t caught by your spam filter is like complaining that your car doesn’t fly. It’d be awesome if it could, but it doesn’t. :)

    That said of course computers are really horrible at understanding such things.

  7. Rev. BigDumbChimp says

    Hawaii eats more spam per-capita than any other state in the country.

    The McDonalds actually serve spam in Hawaii. I hear they make some combo of Spam, Nori and rice that is supposed to be decent.

    I haven’t personally tri….

    oh

    Email spam.

    nevermind.

  8. Otranreg says

    Hiring freaks is a cul-de-sac (although suggesting them is the kind of advice to get from a person who gets lots of spam), spambots will eventually become better than them once and for all (I wouldn’t expect any substantial improvement on behalf of the freaks).

  10. says

    @ Rev. BigDumbChimp-

    Guam, however, beats Hawaii in spam-consumption, and ranks as the most spam per capita of any state or territory. I lived in both places briefly while I was in the Navy, and it was unsettling to see all of it all over the pace. I’ve still never eaten it, though.

  11. MikeM says

    Who would win, Terminator or SpamBot?

    Yeah, thanks for the horrible idea, PZ. No doubt, some evil bastard is out there right now, taking you seriously.

    Somewhat related: Heard an NPR story this morning about how people are using the internet features in some new car security systems to hack their way into the vehicles. They can send text messages to the car along the lines of “unlock” and “start”, and drive away in your car.

    Nice work, guys.

  12. Midnight Rambler says

    The McDonalds actually serve spam in Hawaii. I hear they make some combo of Spam, Nori and rice that is supposed to be decent.

    It’s called spam musubi, and yes it’s awesome. Cut a can of Spam into about 8-10 slices, fry it on both sides to get rid of the fat (it also tastes more like meat that way); frying it it guava jelly makes it even better. Then make it into a sort of a sushi roll by placing sushi rice on the slice of spam and then rolling on a half-sheet of nori. The spam can is good for packing the rice, but they actually sell purpose-made little boxes for it. Good for breakfast or lunch, especially when hiking.

  13. Aaron says

    Fatboy is right, they already do this. Mechanical Turk-like systems are used to outsource bypassing captchas and generating spam to developing countries all the time.

  15. negativezero says

    Being an admin at a smaller forum that has been around for a long time (10+ years) and therefore landed on a sufficient number of lists, I have ample evidence of just that happening; it seems to be mostly farms of people in various less-well-off SE Asian countries. Before, they just registered and filled their profiles with links to shifty generic medication and knockoff watch stores, but lately, I’ve observed a couple of them actually trying to post in threads to pass off as legitimate users in a manner that isn’t exactly a useful contribution but implies comprehension of the thread’s contents that I would put far beyond any automated system in this day and age.

  16. Loqi says

    Mechanical Turk spammers are already out there, they just cost money and require some management. Much easier to make a bot.

  18. Chuck C says

    Do you really want someone who will threaten to execute you unless you add 3-4 inches to your penis?

    Mistress Tabitha said that very thing to me last night.

  19. MikeM says

    Midnight Rambler: We own a spam slicer. It’s a white plastic thing that has about 10 thin wires; you swing it down, and you can slice an entire can of Spam into uniform slices in one motion.

    It’s awesome.

    But I don’t eat any kind of Spam.

    My wife and kids enjoy the results, though.

    They even make a mold so the rice has the same cross-section as the slices of Spam.

    http://archives.starbulletin.com/98/05/20/features/stuffs.html

    I don’t know if they make them any more.

  20. TV200 says

    It’s funny, I dislike Spam on it’s own, but really enjoy Musubi.My ex wife basically grew up in Hawaii, so that was one of the first things she taught me to make. But it was a very silly process. She insisted that this be played during the process. That’s long since over, but I still make them occasionally, and any time I see or hear the word Musubi, I get that damn song stuck in my head.

  21. DLC says

    customer:”I like spam. I’m having the spam, spam spam baked beans and spam!”
    waitress “Baked beans are off!”
    Vikings :”Spam spam spam spam Spammity Spam, spammity spam spam!”
    waitress: “Bloody Vikings! ”

    The origin of why the word spam means useless junk that blocks out what you really want, courtesy of Monty Python’s Flying Circus, by way of my degrading memory.

  22. Carbon Based Life Form says

    For some reason, on my office computer, I keep getting Spanish language spam from Buenos Aires, urging me to buy office supplies.

  26. stvs says

    one obsessed crazy man with minimal technical skill and nothing but persistence outperforms all the spambots out there

    No. Spammers operate with a profit motive. Cranks do not. The challenge is not to circumvent spam filters, but to do so profitably. BTW, if you’re eating that much spam, are you sure that you’ve enabled greylisting?

  27. Dan says

    Spammers already do that. They hire third-world labor who can answer captchas then copy+paste spam messages into blogs and forums. I know, I was offered a several bucks a day to make thousands of such posts. It’s usually offered as a stay-at-home job.

    And no, I didn’t sell my dignity by becoming a spammer.

  28. cacondor says

    I recommend defense in depth. I run a mail server that used to receive over 1000 spams per day. I now have it down under 20.

    On the mail server machine, I run IPTables, which is a firewall. I’ll get to that in a moment.

    I run a service called greylisting. When you get email, greylisting will check the incoming IP address against a list of addresses that have sent mail. If it has sent mail recently, but not too recently, it is accepted. If not, greylisting forces a 4xx error: Service temporarily unavailable. Proper mail servers will then queue the message and retry. Spammers tend to treat all failures as errors, and move on to the next address. Greylisting lasts for a configurable period of time, usually 30-60 minutes.

    http://www.greylisting.org/

    My second filter is a little more complicated. When spam does get through, I have a .procmail script that looks for known patterns, and filters those to a special spam file. If a spam message hits my inbox, it gets added to that file. Periodically, I process that file and pull out spammers IP addresses. I then add those IP addresses to my sendmail configuration file to force rejections. There are other patterns in there for well known spammers. I will admit there’s some bias; a US based site not known for spamming will be blocked for a period of time based on how frequently it has been seen, following a 2^(n-1)+n days of blockage, where n is the number of times I’ve seen that IP spam. For known spam havens, they get tossed into the blocks permanently.

    Beyond that, I modified a tool,. fail2ban. fail2ban is a defensive tool used to block alphabetic attempts to crack open secure ports, such as ssh. It is designed to very regularly scan log files, and if it sees certain messages in logfiles that match a pattern, it adds a temporary rule to IPtables, effectively blocking access at the firewall.

    The default was to scan the log for ssh (a secure login tool) for 5 failures in quick succession, and to block the IP address from trying again for an hour or so.

    I modified this by adding my own rules: My rule scans the mail log file for various rejection patterns, and then blocks those IP addresses from sending email indefinitely. I currently have 1132 IP addresses on this IP table.

    http://www.fail2ban.org/wiki/index.php/Main_Page

    My anti spam rules:


    [spam-iptables]

    enabled = true
    filter = spam
    action = iptables[name=SMTP, port=smtp, protocol=tcp]
    sendmail-whois[name=SPAM, dest=(My personal address removed), sender=(My admin address removed)]
    logpath = /var/log/maillog
    maxretry = 1
    bantime = 259200000

    My filter definition:


    [Definition]

    # Option: failregex
    # Notes.: regex to match the password failures messages in the logfile. The
    # host must be matched by a group named "host". The tag "" can
    # be used for standard IP/hostname matching and is only an alias for
    # (?:::f{4,6}:)?(?P\S+)
    # Values: TEXT
    #
    failregex = ruleset=check_relay, (.*)\[\], (.*) This IP address has been identified as spam friendly
    ruleset=check_rcpt, (.*) reject=550 5.7.1 (.*) Relaying denied. IP name lookup failed \[\]

  31. Markita Lynda, thread-killer says

    I’m convinced that we won’t get rid of spam until the originator of e-mail is charged a mill (1/1000 dollar) or a tenth of a mill for each e-mail.

    WordPress has a good filter in Akismet and I set comment moderation to all new originators are held for inspection. Then even if it’s a person spamming, “Good point! I’ll be back.” it gets tossed into the spam bin.

  32. Markita Lynda, thread-killer says

    Graceprayer request: “Please make people wake up tomorrow and realize that gods are mythical.”

  33. says

    As others have said, they already do this. I’ve ran a webcomic for the past 8 years that allows commenting on posts, and occasionally we’d get comments that are *very* context aware, commenting on things happening in a given strip (something bots cannot do), that are still spam (identified by enclosed links).

    These human operated spammers come in two forms that I see:
    – People who get paid to visit as many sites as possible and leave spams.
    – People who get paid to simply add spam links to comments as they browse normally.

    The latter, however, might be malware: I suspect there’s a virus out there that installs itself into a browser and which adds links to comments people post.

  35. says

    Extremely informative thank you, I’m sure your visitors may perhaps want way more posts similar to this keep up the excellent content.