terrible, nasty idea...
Chris Fortune
cfortune at telus.net
Fri Aug 27 19:30:02 CEST 2004
Bad, bad programmer! Go to bed with no Vee at qa.ra!
> This reminds me of something I read that Paul Graham had written (not sure
> if it was his idea or not), about the possibility of all antispam
> programs/devices chasing up the URLs in spam, not only to check the site
> content for rating, but also so that, as a mailing goes out, their servers
> are overwhelmed by the response. Kind of an unintentional DoS attack,
> although they can't say they didn't ask for it (literally).
I would like to share a truly e-e-evil program design: It is a CGI program that is run from the user's web quarantine, grabs an
email, puts it through bogofilter to confirm that it is spam, then if the e-mail is sufficiently bogus it extracts the spammer's
URL, alters the query string to falsify the recipient id, and spiders the spammer's website looking for the order page! The text is
parsed out of each page, and Bogofilter is used again to classify the web page contents. If the website is sufficiently bogus
then the program provides back to the requester an HTML page and javascript engine which will POST order forms to the spammer a set
number of repetitions, each repetition with random yet convincing values. Spam the spammer!
... Ok, I admit it's not the highest moral acheivement, but looks to be effective to swamp the spammer's inbox.
>
> I like this idea a lot. The downside is that it uses the bandwidth of the
> recipient (or his antispam agent).
In this design the server has small bandwidth requirements, the primary agent is the home user's web browser. An (un)intentional
DDoS attack. ;-)
More information about the Bogofilter
mailing list