The anticipated server upgrade has been put off for a week. It seems some 37331 h4x0rs (read script kiddies) were playing around in the host's servers over the weekend, so the upgrade didn't happen. It has been tentatively rescheduled for Monday, September 30th.
It's going to mean another IP address change for the site. DNS changes usually take a few days to reach all the way around the world, so loading the domain may be hit and miss for a day or two afterward. The new IP address will be 126.96.36.199, which you'll be able to load in your browser as http://188.8.131.52/~mikehealan/ (I think) until the DNS updates everywhere. spywareinfoforum.info/newlsetter probably won't work at all until things update, so just use either http://www.spywareinfoforum.info/newsletter/ or http://184.108.40.206/~mikehealan/newsletter/.
To prevent any confusion or posts being lost, I'll be closing the suport forums down on Sunday until the DNS update reaches my ISP (which seems to be last to update usually). Hopefully that will be no later than sometime on Tuesday.
Many of you reading this online will have gotten here from Fred Langa's Langalist, where Fred discusses Xupiter and how to get rid of it. He mentions this newsletter as a source of Xupiter removal instructions. The issue he was referring to is actually the previous issue. That issue did have manual removal instructions for scraping xupiter off your hard drive. However, both Spybot and Ad-aware have updated now to target xupiter. There is now no reason to go digging around in your registry and system files and I suggest everyone get one or the other of these two programs.
You can get Spybot from CNet. Make certain you use the built-in update feature before using it. You can get Ad-aware from Lavasoft's web site and the updated reference file either from there or from my site.
Do you find SpywareInfo useful? Well so do tens of thousands of other people. Unfortunately, the more popular SpywareInfo gets, the further over the bandwidth limits it goes (log stats
). Want to help cover these costs? We are accepting contributions via PayPal. More details and the link to use are at http://www.spywareinfoforum.info/support.html
. Thanks for helping out!
The subscriber list is building back up nicely. As most of you who were previously subscribed know, some jackass forgot that he had subscribed to this newsletter and forwarded it to my web host's abuse@ address. Of course I immediately re-forwarded the complaint to his ISP and asked that his service be terminated immediately. Just to remove the argument that someone might violate the laws of reality by being on this mailing list without having signed up, I deleted the database and told everyone to sign up again.
I'm not sure what exactly, but something in this newsletter routinely triggers several automated spam filters. That should show you how useful those things are. I know that several people never got that issue where I announced the database deletion because their email provider is intercepting and bouncing their email in the name of filtering out spam. Those people likely don't realize that they need to sign up again, and I've probably lost them as subscribers for good. However, I don't view that as a big loss, as their providers' interference with their email would have kept them from getting this newsletter anyway. Nice going sysadmins. Better hope your customers don't find out.
I laid on quite a rant in that issue about spam blacklists and ISPs that use them to bounce email. I encouraged people to complain to their ISP if their email was being intercepted without their consent, and I still do. I got some interesting feedback on that rant. It's too much to include it here, so I put two representative emails on this page. Sorry for the crazy formatting, you know how emails are.
Speaking of spam (real spam this time), it seems that there are several sleaze bag companies harvesting email addresses from message boards lately. They hit my forums and Wilders Security Forums and several others recently and spammed the addresses found. In my case, the spammer had the gall to imply that I had provided the addresses they had spammed.
<spam message removed>
I'm looking forward to working with you!
Affiliates Program Manager
The World's Largest Poster and Print Store
Tel: (510) 740-1310
P.S. I'm sending you this invitation because your e-mail address is listed for contact at http://www.spywareinfoforum.info/. Please click on the link below to remove yourself from any further invitations:
My message board members know me better than that, but this spam from allposters.com attempts to make it look like I have provided this address to them. I have done no such thing and I will soon be contacting their internet provider about this slanderous implication.
How did these allposters.com sleazebags get the address to spam this person? Most likely, they used a harvester robot. Harvesters are software programs run by spammers that crawl the web looking for mailto: hyperlinks, similar to the way search engines crawl the internet looking for pages to include in their search results. These addresses are added to their database, which they then use either to spam you, or to sell to other spammers... or both! It is these sorts of scumbags that make it impossible for people to provide public email addresses on web sites, message boards, and in newsgroups.
There are ways around this problem. I talk about two ways in an article I wrote some time ago on this very subject. Included in that article is a way to fight back against the spammers. If you would like to take some revenge on these harvesting scumbag spammers, there is a small MS-DOS program written by Bill Webb of CounterExploitation that will generate html pages full of random text and as many fake email addresses as you like. You put a hidden link on your pages which leads to these random pages and the spambots will follow the links and scoop up the addresses. I've hidden such a link somewhere on the main page of my site...
The program can be downloaded from http://www.cexx.org/toxic.htm
I want revenge against the sleaze that harvested my members' addresses and then tried to slander me in their spam. For that reason, I am announcing The Harvester Project.
Download that toxic program and run it to generate at least 10 pages of bogus email addresses. Upload them to your web site and link them from the main page, then email me with the link to the first page, and I will put a link to any page you like on a special page for those fighting back against the slimeballs. No porn, warez, hijacker/spyware sites please, but just about any other sites are fine, although I reserve the right to refuse to link to it if I feel the site is inappropriate. My site generates a hell of a lot of traffic (by my standards anyway), so this isn't a totally useless offer.
Make sure you read the documentation that comes with it and don't overdo it. Too many addresses per page will cause the whole thing to be ignored. Follow Bill's recommendations. Also, if your web site is on a unix/linux/freebsd server, it will treat filenames as case-sensitive. When you upload your pages, be certain you do not convert the filenames to lowercase. The filenames must be uppercase or the links from one page to the next won't work.
The link does not have to be visible. After all, you don't want people clicking on it, but you do want it there for address harvesters to find it. So do it the way I did and use a web bug. Right-click this link and download this web bug, then save it to your site's server. http://www.spywareinfoforum.info/images/webbug.gif.
Now, copy this code and insert it at the very end of your site's main page, just above this bit at the end, </body></html>:
<a href="toxic/INDEX.HTML"><img src="images/webbug.gif" alt="" border="0"></a>
Now, create the toxic directory (or better yet, give it another name, as spammers may start to ignore directories named toxic) and upload your pages to it. Place webbug.gif in your images/ directory and replace your main page with the new one and you're set. Address harvesters will start copying those addresses almost immediately and you'll start costing them money just as quickly.
Send me an email with the link you want and location of your main page and I'll add your link as soon as I take a look at it. Please don't use that particular address to contact me about anything else, use this instead.
One more thing. Spread the word about this! Tens of thousands of people are going to read this issue, and I'd like for every single one of you do this. One person with a bunch of bogus addresses can cause these spammers some irritation. Ten thousand sites with a dozen pages full of bogus addresses will make harvesting next to useless. The page isn't up yet (because I just thought of this a few hours ago ;-), but when it is, the page will be at http://www.spywareinfoforum.info/harvest_project/. Tell people about The Harvester Project and send them to that page.
Scribbled by Checkout from Wilders security forums
Last night I had a DRM...
"Mr Gates? You bought a SpeedStar 2000 XL GT from us a couple of months ago?"
"Yes, what a sports car! 180 mph! Vroom...!"
"Yeah, well, we've discovered a bug in the Engine Management System and you need to bring it in. The engine could seize at high speeds."
"And you'll have to sign the updated warranty agreement."
"Why? There's a fault, so you're obliged to fix it. Why should I sign anything?"
"Well, the fix involves limiting the top speed to 60 mph and adding phone-home capability to the on-board GPS."
"Hell, man! I don't want a sports car that only does 60! And I don't want my GPS to phone home!"
"Can't have one without the other. If you don't sign, your brand new car stays a deathtrap."
"So what's the GPS phoning home for?"
"In case you go out of you home state, Mr Gates. Seems some states want to charge a visiting fee."
"But I could get it all for free in a Ford! Dammit, I'm going to get my lawyers to rip that agreement apart and my lawyers are the best in the world!"
"I know...they're the people who wrote it. You see, the EMS runs under Windows CE."
Dream on...drm off.
That's it for now. The next issue should be out in a week or so. Remember, tell people about The Harvester Project (and warn them that the page won't have anything useful on it for a day or two yet).
The permanent URL for this issue is http://www.spywareinfoforum.info/newsletter/archives/september-2002/09262002.html. Please use this URL when linking to it.