elfs | Hatefully aggressive "social networking."

Bitten by social engineering.

So I got an email from someone I had never heard of, on an email I had never heard of, telling me that this someone had bought me a "virtual drink." Thinking it was spam, I told it to go away.

I received another email telling me that my drink was about to expire, and "Ellie" would be upset if I didn't accept it. I know so many names across the internet, hell, maybe I did know the person. I clicked on the link "See Ellie's Profile."

What I got was a very busy site that looked like a profile page, but it was lightboxed out with a pop-up saying, "Too see someone else's profile, you must have a profile of your own," and your typical "Tell us your username, password, etc." form. "Screw that," I said, and closed the window.

The site proceeded to bomb me with emails about people who had seen "my" profile, or given "me" more virtual alcohol, or whatever bullshit. The only way to stop the torrent was to actually finish the profile, then demand it be deleted. The question it asked was "Why? Not enough hot people? Or some other reason?" with a box for the other reason. I left a nastygram, for all the good it'll do.

Grief, I hate sites like that.

S	M	T	W	T	F	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Most Popular Tags

anime - 28 uses
art - 17 uses
book - 73 uses
books - 44 uses
camping - 42 uses
cats - 18 uses
cooking - 49 uses
design - 38 uses
django - 20 uses
exercise - 51 uses
family - 60 uses
food - 55 uses
geek - 340 uses
geeky - 33 uses
gtd - 18 uses
health - 22 uses
intelligent design - 43 uses
kids - 181 uses
life - 1084 uses
meme - 55 uses
movie - 58 uses
muse - 30 uses
music - 55 uses
news - 298 uses
philosophy - 101 uses
photography - 61 uses
politics - 175 uses
porn - 41 uses
programming - 51 uses
python - 20 uses
reading - 51 uses
recipe - 37 uses
religion - 63 uses
restaurant - 25 uses
review - 263 uses
science - 22 uses
seattle - 42 uses
sex - 64 uses
shrill - 654 uses
sighting - 387 uses
transhumanism - 20 uses
uncategorized - 44 uses
unemployed - 30 uses
vacation - 33 uses
video - 20 uses
video game - 20 uses
web development - 25 uses
wine - 19 uses
work - 26 uses
writing - 386 uses

Flat | Top-Level Comments Only

From:

technoshaman.livejournal.com

I keep a rather smaller circle of friends than you do. If I don't know the incoming email address, the first thing I do is hit "h" for "show full headers", and do a whois on the incoming IP address. This usually results in a pipe to bogofilter in retrain mode, and may even result in editing files in /etc/postfix. But better than 99 percent of the time, into the bin it goes, content unread. (I can remember *exactly one* FP in ... jeezus... years...)

But then, you're a dev, and I'm the paranoid BOFH. Not that that's a bad thing, just a difference in mindset.

dougs.livejournal.com

> The only way to stop the torrent

... is to read the headers and drop a regular expression into your spam filter.

pakraticus.livejournal.com

Granted, I'm not sure that my approach is less work... Also keep in mind that I'm old enough to remember the christmas tree trojan/worm at IBM so since the first eCard emails my reaction has been "If you don't want to limit correspondence to snail mail, you won't send me this crap."

1) Use greylisting, preferably with OpenBSD's spamd (Some of the variants for postfix have been less than effective). The botnets still don't bother attempting to resend because 99.999% of their targets are on systems that don't greylist.
2) Use email addresses that exercise a bit more of RFC 2821. mailbox+folder@[subsubdomain.]subdomain.domain.tld works wonders. Enough spammers strip the subdomains and see the +folder as invalid. And mutate folder and subdomains regularly for new clients, new vendors, and new bug reports.
3) Make use of spamtrapping. Post regularly to USENET with a client that creates predictable message-IDs for your domain, have those patterns configured as bad for tools like 'greyscanner'. When an email address given to a vendor is compromised have a chat with the vendor and add that email address to the spamtrap list.
4) Make use of tarpitting, If a sender is on a blacklist, let them spin on an SMTP connection that will ultimately reject them with a temporary failure.

Then again, I'm *ALSO* the sort of anal retentive to put the old 56K modem on the landline and set up mgetty to answer the phone when caller id is blocked, or the number has been confirmed to be a telemarketer. I'm just disappointed that none of them have attempted to call back with a modem because I'd love to apply computer trespass laws against them.

lovingboth

Clicking on links, rather than entering URLs by hand, is just like saying 'I read spam' to spammers.

It may not have stopped this one, and you may already do it, but +1 to greylisting.

zanfur.livejournal.com

I usually find the support email address for the site in question, and set up a forward rule that sends all their own spam back into their helpqueue. Including the helpqueue autoresponses. But, I'm hateful that way. :-P

lemur123.livejournal.com

Oddly, most spam sites are RFC-compliant enough to monitor abuse@evilsite.com

Elf Sternberg

Hatefully aggressive "social networking."

Hatefully aggressive "social networking."

no subject

no subject

Meh, regexes are too much work.

no subject

no subject

Profile

May 2025

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags