WebApp Sec mailing list archives
Re: Article - A solution to phishing
From: Joseph Miller <joseph () tidetamerboatlifts com>
Date: Mon, 20 Dec 2004 08:51:50 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exon, Would you happen to have that script available? If many people had access to this script it could possibly cause DDoS and severely limit spammers. I would, of course, not necessarily recommend this particular action because of the legal implications, so I must say, "We could use this as a possible threat to illegal spammers". Thanks for the info. - -Joseph On Thursday 16 December 2004 11:47 am, exon wrote:
Ian wrote:On 14 Dec 2004 at 13:43, Adam Tuliper wrote: <snip>Personally, I like stringing them on and giving them false information and wasting their time. Its fun, I recommend all of you try it : )You make have stumbled across a solution here ;) Why not code an automated system that fills in their bogus log in screens with false information? There are only a limited number of banking web sites around so a template could be created for each. If enough people join in these phishers would get swamped with information and wouldn't know the good from the bad. Thoughts ?This is known to be effective against spammers which use href-links in email to verify 'live' email-addresses. It's usually highly effective if you find something that looks like www.some-site.com/remove_me.asp?m=email () somewhere org I used to get around 400 spam emails a day, so I wrote a quick script to connect to a couple of these urls a couple of million times with auto-generated email-addresses. Sometime during the second night of running I kept getting connection refused and spam dropped down to around 40 / day. Another anti-mischief act was when some organisation (can't remember which) found out the IRL address of a spammer who had used their mail-server and signed him up for every free hard-copy snailmail ads and catalogues they could find. As it turned out, the spammer received some four tons of advertising papers and leaflets through his mailbox in a week, effectively causing a DoS on his own apartment. Retaliation can be so fun. ;) /exon
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBxtj4mXZROF+EADURAvNeAJ9oWsMhp3sep2nPSRNeJ3meaT7sEgCghoTH 0yrvOqZjlb8SfrDyf7yc75c= =JwXW -----END PGP SIGNATURE-----
Current thread:
- RE: Article - A solution to phishing, (continued)
- RE: Article - A solution to phishing lists (Nov 27)
- Re: Article - A solution to phishing Joseph Miller (Nov 29)
- Re: Article - A solution to phishing Michael Silk (Nov 29)
- Re: Article - A solution to phishing Rogan Dawes (Nov 30)
- Re: Article - A solution to phishing Adam Shostack (Dec 01)
- Re: Article - A solution to phishing Rogan Dawes (Dec 03)
- RE: Article - A solution to phishing lists (Nov 27)
- Re: Article - A solution to phishing Michael Silk (Dec 14)
- Re: Article - A solution to phishing Adam Tuliper (Dec 15)
- Re: Article - A solution to phishing Ian (Dec 16)
- Re: Article - A solution to phishing exon (Dec 20)
- Re: Article - A solution to phishing Joseph Miller (Dec 20)
- Re: Article - A solution to phishing exon (Dec 22)
- Re: Article - A solution to phishing Rogan Dawes (Dec 22)
- RE: Article - A solution to phishing Mark Curphey (Nov 29)
- RE: Article - A solution to phishing focus (Nov 29)
- Re: Article - A solution to phishing Tran Viet Phuong (Nov 29)
- Re: Article - A solution to phishing Saqib . N . Ali (Nov 29)
- Re: Article - A solution to phishing Mark Burnett (Nov 29)
- RE: Article - A solution to phishing WebAppSecurity [Technicalinfo.net] (Nov 29)