RE: [cobalt-security] Spam from this list

["Chris Weiss" <chris@xxxxxxxxxxxxxx>]

Finally... someone with a sense of humor.  This is the security list?  Did
anyone other than Graeme get the irony of a break in against a participant
of this list???  I did nothing other than trace the machine to find out
where the site was hosted and who sent the spam.

Sorry for my poor attempt at humor.  I have spent years fending off hackers,
and I have never engaged in these activities except against test machines
for the purpose of hardening the OS and user applications.

The person who spammed me has a porno site hosted in the UK and with a
domain name registered out of Australia.  However, he has accomplices in the
US that run a 900 service, so tracking this individual or group will be
difficult.  As far as I can tell, this spammer is running yet another scam
site trying to get you to call 900 numbers to disenroll from a porno e-mail
list.  In case you aren't familiar with this scam, a spammer sends raunchy
messages to hopefully your work email address.  The only way to stop it is
to call a 900 service to remove yourself from the list.  The scammer then
pads the 900 charges, knowing you are unlikely to complain.  The really
nasty ones ask for a credit card number as well before your call can go
through.    There are no charges I could file unless I participated in this
obvious fraud.

I have complained to the spammer's ISP.  In many cases, I have successfully
stopped spam by shutting down the spammer's web site and/or e-mail account
by notifying the ISP.  So far, this person's ISP has not responded.  I have
found European and Asian ISPs to be very uncooperative with respect to spam.

I *did* not break into any machine. I did the following:

Ran traceroute, ping, and nslookup to narrow hostnames, services, ip
addresses, etc.
Checked out registered domain names.
Sent mail to postmaster@<naughtyhost>.com to see who replied.
Attempted to Telnet so I could see what OS and kernel were on the other end.
Tried to FTP to see what was available through anonymous FTP.
Tried some admin URLs to confirm that the host was a Cobalt Raq 3.
Performed a few web searches to look for more info.
I did find a person on this list with a domain that traced back to the same
host.  However, I don't want to reveal who it is unless I can prove this
person is the culprit.  I sent an e-mail to this individual, and have not
heard back.

I did nothing illegal!!!!

Again, please accept my apologies.

Chris






-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Graeme Fowler
Sent: Thursday, September 21, 2000 5:47 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] Spam from this list




On Thu, 21 Sep 2000, Richard Emerson quoted Chris Weiss:
>   I have identified one offender, and I have broken into your server to
look
> around.

Is it just me or has everyone had a sense-of-humour failure? I reckon
Chris was being just a teensy bit ironic with his statement... weren't
you? ;-)

Graeme



_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security