WebApp Sec: Re: Article - A solution to phishing

[exon <exon () home se>]

Ian wrote:
> On 14 Dec 2004 at 13:43, Adam Tuliper wrote:
>
> <snip>
>
> > Personally, I like stringing them on and giving them false information and
> > wasting their time. Its fun, I recommend all of you try it : ) 
>
> You make have stumbled across a solution 
> here ;)
> Why not code an automated system that fills 
> in their bogus log in screens with false 
> information?
> There are only a limited number of banking 
> web sites around so a template could be 
> created for each.
> If enough people join in these phishers 
> would get swamped with information and 
> wouldn't know the good from the bad.
> Thoughts ?
This is known to be effective against spammers which use href-links in 
email to verify 'live' email-addresses. It's usually highly effective if 
you find something that looks like
www.some-site.com/remove_me.asp?m=email () somewhere org

I used to get around 400 spam emails a day, so I wrote a quick script to 
connect to a couple of these urls a couple of million times with 
auto-generated email-addresses. Sometime during the second night of 
running I kept getting connection refused and spam dropped down to 
around 40 / day.
Another anti-mischief act was when some organisation (can't remember 
which) found out the IRL address of a spammer who had used their 
mail-server and signed him up for every free hard-copy snailmail ads and 
catalogues they could find. As it turned out, the spammer received some 
four tons of advertising papers and leaflets through his mailbox in a 
week, effectively causing a DoS on his own apartment. Retaliation can be 
so fun. ;)
/exon