WebApp Sec: Re: Article - A solution to phishing

[exon <exon () home se>]

Joseph Miller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Exon,
> Would you happen to have that script available?  If many people had access to 
> this script it could possibly cause DDoS and severely limit spammers.  I 
> would, of course, not necessarily recommend this particular action because of 
> the legal implications, so I must say, "We could use this as a possible 
> threat to illegal spammers".  Thanks for the info.
No, but the gist of it was something like this

john --incremental --stdout | while read foo; do wget 
nastyurl\?email=$foo () microsoft com -o /dev/null; done
I added some perl to read 100 lines and spawn 100 wgets at the time (the 
server seemed to block if I tried to do more at a time).
Not that I actually used @microsoft.com or anything. Well. Not that I 
officially admit it anyway.
Anyways. I've unsubscribed this list now (too much line-noise), so Cc: 
exon () home se if you want replies to reach me.
Cheers.

> - -Joseph
>
> On Thursday 16 December 2004 11:47 am, exon wrote:
>
> > Ian wrote:
> >
> > > On 14 Dec 2004 at 13:43, Adam Tuliper wrote:
> > >
> > > <snip>
> > >
> > > > Personally, I like stringing them on and giving them false information
> > > > and wasting their time. Its fun, I recommend all of you try it : )
> > > You make have stumbled across a solution
> > > here ;)
> > >
> > > Why not code an automated system that fills
> > > in their bogus log in screens with false
> > > information?
> > >
> > > There are only a limited number of banking
> > > web sites around so a template could be
> > > created for each.
> > >
> > > If enough people join in these phishers
> > > would get swamped with information and
> > > wouldn't know the good from the bad.
> > >
> > > Thoughts ?
> > This is known to be effective against spammers which use href-links in
> > email to verify 'live' email-addresses. It's usually highly effective if
> > you find something that looks like
> > www.some-site.com/remove_me.asp?m=email () somewhere org
> >
> > I used to get around 400 spam emails a day, so I wrote a quick script to
> > connect to a couple of these urls a couple of million times with
> > auto-generated email-addresses. Sometime during the second night of
> > running I kept getting connection refused and spam dropped down to
> > around 40 / day.
> >
> > Another anti-mischief act was when some organisation (can't remember
> > which) found out the IRL address of a spammer who had used their
> > mail-server and signed him up for every free hard-copy snailmail ads and
> > catalogues they could find. As it turned out, the spammer received some
> > four tons of advertising papers and leaflets through his mailbox in a
> > week, effectively causing a DoS on his own apartment. Retaliation can be
> > so fun. ;)
> >
> > /exon
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFBxtj4mXZROF+EADURAvNeAJ9oWsMhp3sep2nPSRNeJ3meaT7sEgCghoTH
> 0yrvOqZjlb8SfrDyf7yc75c=
> =JwXW
> -----END PGP SIGNATURE-----