Spammers Be Gone IV subject logo: UNIX
2009-02-04
Posted by: badanov

Last December I announced that the battle between one of my bulletin boards and spammer was over with a victory over spammers. Read about it in the Unix subject category.

Since that time, spammers were trying repeatedly at the rate of about nine attempts per day to spam the BB, since that December 8 announcement.

Since January 15th, 2009, further attempts to spam the board have ended completely. You can see the list of offending IPs here.

These individuals were spamming a wargame portal I have used since forever. The original Frontline Wargame Club moved to the new digs some time in 2001, But it wasn't until the last six months of 2007 that spammers really got bad. It was so bad that the maintainer for the BB there had to password protect the whole forum, which was a real inconvenience for the club.

When I announced the new BB at the site on my server, spammers just followed there and started spamming the new board. Naturally, I began edit the program to counter spamming and found some success by changing some parameters by which guests can post.

In my opinion, the most effective countermeasure was to make return visits costly by making sure any subsequent connection went into a timeout for 99,999 seconds, effectively freezing the offending host. The reason for a timeout is that much web programming is unable to detect timeout except to break a connection after a certain period of time. If the programmed spamming machine detects this activity it could well mark my server as one to skip and then move on to another victim.

This tactic is effective because it doesn't require anything from any system program; any load is carried by the offending machine; a process just becomes a zombie, a return packet is simply delayed for the real time equivilent of 27 hours, 46 minutes, 39 seconds. A programmed spamming machine can be programmed to ignore a subsequent attack assuming incorrectly, that the server is having connection problems.

What I get in return is something more. I get a list of 166 zombies used by whatever organization to spam any number of vulnerable sites throughout the internet to study and to figure out how to deal with them in the future.

If you have something to add, Fire Away!

Number of Comments so far: 1

Click here for a list of stories in the Unix and Computer category