Spammers beware--hostile amphibians are once again

By +M2Ys4U
in Back Page News

 Share

Recommended Posts

Grand Master

+M2Ys4U Subscriber¹

Posted
  • Subscriber¹
Posted (edited)

First there was Blue Frog, a community antispam effort that stopped operating last week after Blue Security, the company that started the project, came under a withering denial-of-service attack.

Out of the ashes comes Black Frog Okopipi, part of a project that is apparently willing to become a flag bearer in the fight against spam. The project, dubbed Okopipi, is developing the Black Frog Okopipi antispam software as an open-source project, according to the group's wiki.

"This project aims to become a distributed replacement of antispam software Blue Frog," the Okopipi wiki states. The project merges two separate efforts--Okopipi and Black Frog--that arose after the demise of Blue Frog.

Blue Security waged a sort of do-it-yourself spamming campaign against the spammers. It said that more than 500,000 customers downloaded its Blue Frog software, which automatically sent replies back to mass e-mails. If all of these customers' systems responded, the spammers' systems would be overwhelmed. would get annoyed.

But the Web sites of Blue Security and some of the company's partners were knocked out last month by a massive distributed denial-of-service attack. In such an attack, scores of computers try to continuously log onto Web sites, in an effort to overtax the servers.

Okopipi's battle plan is to avoid depending on a centralized server, creating a target too big to be taken out by a single DOS attack.

"It will be based on a P2P network (the frognet)," according to a posting on the wiki. "On failure to connect, it could still opt out given e-mail addresses."

Participants will send reports of spam e-mails to Okopipi, which will use "handlers," which include dedicated servers, to analyze it. To avoid suffering the same fate as Blue Security, Okopipi's staff will not disclose information about its servers.

"Only the Okopipi administrators will know their locations," the group said on its wiki [in a brainstorming session]. This should make a DOS attack "very difficult," it said.

The Okopipi wiki said that the Black Frog Okopipi software will set participants' systems to automatically click the "opt-out" or "unsubscribe" links contained within spam--sending a response to the mailers advertised website. The software is still being developed.

Richi Jennings, an analyst at security research company Ferris, said that Okopipi should be careful if it decides to fight fire with fire.

"The project should also take care not to cross the line from legitimate spam complaints to attacking spammers using DDoS-like techniques," Jennings wrote on a posting to Ferris' Web site.

Source: CNet

Couple of things I'd like to add:

*The Frog will be sending opt-outs to the advertsied website, not the opt-out address in the e-mail, but it'll be throttled to stop a DoS attack.

*The network's still being designed - the topology referenced in the article are suggested ideas on the wiki. Although it WILL be P2P.

Further info: Okopipi's website | Okopipi Wiki | FAQ

Edit, I've made some corrections to the cnet article :)

Edited by M2Ys4U
Grand Master

Pupik

Posted
Posted

I'm ready to do anything against spammers (Even DDOSing them (Yeah, yeah. I'm running that vampire script, but I don't see that helps. Specialham is still running.)).

I'm sick of opening my email client and get spam in masses. And no, there's no build-in spam filter in Outlook.

This is what I get after not checking my inbox for 3 hours:

untitled6bg1.jpg

Proficient

Maxious

Posted
Posted

I'm not a big fan of fighting war with war

Sending mass email back to spammers, I don't think this is the way to fight spam.

???

"The Okopipi wiki said that the Black Frog software will set participants' systems to automatically click the "opt-out" or "unsubscribe" links contained within spam--sending a response to the mailers."

"It is important to understand that Okopipi is NOT a Denial of Service (DOS) network. The network is designed to specifically PREVENT overloading merchant servers. It's purpose is simply to empower users to complain about the spam that they receive."

Proficient

cybershark

Posted
Posted

It looks like to me most people would rather pretend spam doesn't exist or it isn't a problem, than try to help with fighting it.

For this project to work, it's going to need at least a million participants.

Much more aggressive legislation is need for going after botnets which a lot of major spammers are using.

I'm sorry but ignorance is no excuse for your computer ending up a "member" of a botnet.

Grand Master

+M2Ys4U Subscriber¹

Posted
  • Author
  • Subscriber¹
Posted

I'm not a big fan of fighting war with war

Sending mass email back to spammers, I don't think this is the way to fight spam.

Uhm, no, we're not going to be sending anything back to the actual spammers at all.

???

"The Okopipi wiki said that the Black Frog software will set participants' systems to automatically click the "opt-out" or "unsubscribe" links contained within spam--sending a response to the mailers."

"It is important to understand that Okopipi is NOT a Denial of Service (DOS) network. The network is designed to specifically PREVENT overloading merchant servers. It's purpose is simply to empower users to complain about the spam that they receive."

Correct, apart from the click the opt-out links, that's wrong. What it really does it goes to the advertised URL and sends an opt-out there.

the bluefrog looks like the azureus logo. Are they linked?

Okopipi is the native's name for Dendrobates Azureus - the same frog :)

Neowinian

black udder

Posted
Posted

I was a part of the blue frog community. Some of the things that were not mentioned or made very public were:

1) The spammer took their entire list of e-mails and now has spoofed his spam to show the user e-mails (one is mine) as the "sent by" e-mail. So now I receive hundreds failure messages a day.

2) The spammer, instead of just not sending spam to folks that don't want it, decided to start an 'internet war'. He decided to use DDOS attacks and shut down websites. It is he that said, "Leave me alone or I will shut you down."

Can't really blame him. He must be making millions.

To me, this sounds like a bully and a criminal. How different is, "Stop interferring with my spam business or I'll shut down your connectivity" from "Give me your lunch money and I won't beat your ass."

This isn't just a matter of fighting spam, this is a matter of legitimate social citizens standing up and saying, "No. This is not the manner in which our Internet is to be used."

Before you go defending some of these people ask yourself these two questions:

1) Why don't their e-mail spams have an opt-out request?

2) Why don't they ever list their name or address? Every legitimate business that I know about will do that. It's only the criminals that are hiding.

Veteran

yisman

Posted
Posted

"The project should also take care not to cross the line from legitimate spam complaints to attacking spammers using DDoS-like techniques," Jennings wrote on a posting to Ferris' Web site.

Why? Sometimes to defeat something, you do have to descend to their level. You can't take the high road when your opponent is placing mines and bombs under that very road you tread on.

I'll keep my eye on this, but I'll wait until I see how it goes.

I'm not a big fan of fighting war with war

Sending mass email back to spammers, I don't think this is the way to fight spam.

And what is your idea, exactly? Giving up? :rolleyes:

Grand Master

+M2Ys4U Subscriber¹

Posted
  • Author
  • Subscriber¹
Posted

Why? Sometimes to defeat something, you do have to descend to their level. You can't take the high road when your opponent is placing mines and bombs under that very road you tread on.

Because staying legal is the only thing that'll keep our project going.

Veteran

yisman

Posted
Posted

I was a part of the blue frog community. Some of the things that were not mentioned or made very public were:

1) The spammer took their entire list of e-mails and now has spoofed his spam to show the user e-mails (one is mine) as the "sent by" e-mail. So now I receive hundreds failure messages a day.

Yep. At first, I got the nonsense spam. Now, after they've already killed Blue Frog, they've started doing what you described, and I've been getting tons of failure messages in my G-mail account daily, even though I obviously never sent any of those e-mails.

Grand Master

+M2Ys4U Subscriber¹

Posted
  • Author
  • Subscriber¹
Posted

Good luck and I hope it works out, but I'm convinced that the only way the spammers can be taken down is by turning what they've been doing back onto them.

Blue Security showed that this method actually worked at reducing spam. I know that the levels of spam reaching my inbox fell dramatically after using it.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • U.S. delegation throws away all burner phones and gifts from China before takeoff

      By AsherGZ · Posted

      I named Hitler because he is the de facto anti-semite. But you don't have to hate Jews to be a genocidal maniac. In fact, these days, so called semites are the ones acting in ways that would make Hitler proud.
    • 3DP Chip 26.05

      By Copernic · Posted

      3DP Chip 26.05 by Razvan Serea 3DP Chip is a standalone, no-install portable tool that scans your computer’s hardware and automatically detects the latest drivers available for your specific configuration and external devices. It provides a clear list of drivers that need updates, locates the correct downloads, and helps you upgrade them easily. 3DP Chip will automatically detect and display the information on your CPU, motherboard, video card and sound card installed on your PC. You can also choose to copy these information into your clipboard with one click for later use (such as posting in a forum). Also, if you're upgrading your operating system or just need to reinstall Windows, 3DP Chip can backup all the drivers on your PC or laptop. 3DP Chip backup and reinstall features can save you hours of searching for and installing individual device drivers. 3DP Chip most popular drivers include: audio and sound drivers video drivers printer and scanner drivers digital camera drivers network drivers webcam drivers keyboard and mouse drivers 3DP Chip v26.05 changelog: Driver date/version information has been added or updated AMD motherboard chipset v8.03.25.247 AMD motherboard chipset v8.05.04.516 Newly added product or support has been enhanced AMD Radeon Graphics AMD Radeon 780M Graphics AMD Radeon 840M Graphics AMD Radeon 860M Graphics AMD Radeon 880M Graphics AMD Radeon RX 9070 XT AMD Radeon Pro W7500M NVIDIA GeForce RTX 3050 6GB Laptop GPU NVIDIA GeForce RTX 4050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5060 NVIDIA GeForce RTX 5070 Laptop GPU NVIDIA GeForce RTX 5070 Ti Laptop GPU NVIDIA RTX Pro 500 Blackwell Generation Laptop GPU NVIDIA RTX Pro 1000 Blackwell Generation Laptop GPU NVIDIA RTX Pro 2000 Blackwell Generation Laptop GPU Download: 3DP Chip 26.05 | 7.2 MB (Freeware) Links: 3DP Chip Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The official Funny Pictures thread

      By snowy owl · Posted

    • Apple reluctantly forces strict new age checks on Texas users starting today

      By zikalify · Posted

      Apple reluctantly forces strict new age checks on Texas users starting today by Paul Hill Apple will begin enforcing the Texas Age Assurance Law (SB 2420) following a recent court ruling that lifted an injunction on SB 2420. Starting June 4 (today), Apple will enforce strict age-verification and parental-consent rules for new Apple accounts created in Texas. This move will affect children under 18 who go to download apps or attempt to make in-app purchases. Apple previously expressed privacy concerns related to this law, but compliance is now mandatory for the company, nevertheless. Apple will use several APIs to follow the law. Principally, the Declared Age Range API will fetch the specific user age bracket (Under 13, 13-15, 16-17, or 18+) and a verification method. The Significant Change API (PermissionKit) will trigger a system dialog for parental consent if an app gets a major update or an age-rating shift. There is also a new property type in StoreKit that allows developers to automatically check when their app’s age rating has changed on a user’s device and then use the Significant Change API to request parental consent. Finally, App Store Server Notifications can be configured to tell developers when a parent revokes consent, blocking app launches. To ensure they are ready for these changes, developers must immediately use Apple’s sandbox testing environment to validate these APIs in their apps. For any developers out there finding this to be inconvenient, get used to it. Other regions, such as Utah, Louisiana, and Brazil, are looking at, or have implemented, similar rules.
    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In
    • Week One Done
      jefred earned a badge
      Week One Done
    • Apprentice
      JoeyNeo went up a rank
      Apprentice

  • Popular Contributors

    1. 1
      +primortal
      484
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Skyfrog
      72
    4. 4
      FloatingFatMan
      62
    5. 5
      neufuse
      54
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!