New Spam Retaliation Tool

Your newest ones run fine on Sea Monkey with Proxomitron. Most of them reply with the download hard drive popup now.

Using version D:
At hxxp://4yz.com/

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/database/public_html/onse/process.php:4) in /home/database/public_html/onse/redalgo/redalgo.php on line 76

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/database/public_html/onse/process.php:4) in /home/database/public_html/onse/redalgo/redalgo.php on line 76

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/database/public_html/onse/process.php on line 341

At hxxp://database3.com/
Half the time, window is empty. Half the time contains:

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/database/public_html/onse/process.php:4) in /home/database/public_html/onse/redalgo/redalgo.php on line 76

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/database/public_html/onse/process.php:4) in /home/database/public_html/onse/redalgo/redalgo.php on line 76

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/database/public_html/onse/process.php on line 341

At hxxp://gborders.com/
Windows usually empty. Occasionally:

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/gborders/public_html/onse/process.php on line 345

Rick

Using Version B and C, the opened windows is usually empty. Occasionally it contains the same text as above but far less often. Version A contains the same messages, more often than with B or C.

To anyone using these scripts and running SSM. The window filter module of SSM can be used to close those "we've downloaded your hard drive" popups. Just open to modules, then window filters. When the popup is visible on your desk, select it from the window list and add it to the filter list. At present, there are 2 different ones, only the site name on the title bar changes.
Rick

Quote:

To anyone using these scripts and running SSM. The window filter module of SSM can be used to close those "we've downloaded your hard drive" popups. Just open to modules, then window filters. When the popup is visible on your desk, select it from the window list and add it to the filter list. At present, there are 2 different ones, only the site name on the title bar changes.
Rick

I'm another one of those. Glad for the Window Filter. I usually don't bother to enable that feature but in this case comes in handy. Thanks.

[spamislame]

Quote:

Originally Posted by herbalist

Using Version B and C, the opened windows is usually empty. Occasionally it contains the same text as above but far less often. Version A contains the same messages, more often than with B or C.

I guess I was not clear: all versions listed are identical. There is no difference between them. I only named them differently so I could have multiple downloads from mytempdir (since they are suddenly a lot more flaky lately.)

It won't matter which one you download: they're identical. Any randomly different results probably has to do with which server you're hitting, which is randomly selected.

Thought that was certainly worth mentioning.

They've begun banning ip's If you use TOR, you'll notice that once in a while you get a permission denied page. Just switch identities. It should alleviate this issue.

I'm seeing a few new sites being spamvertised but they last so short a time I haven't been able to investigate so I could add them to this tool. Life must be getting more difficult for these idiot spammers. One can only hope.

Thanx

SiL

All the same? Interesting that when running "D", I got those messages far more often than with the others, on several runs with each.
So far, my regular unit is not blocked, and the dialup unit definitely isn't. Packaged the way they are, your scripts work well in my task scheduler.
I haven't had any success with TOR. Not sure if the problem is TOR or Vidalia, but when I use Vidalia to start TOR, my system resources get depleted to nothing in a matter of seconds, even with everything but the essentials shut off.
Rick

[Paranoid2000]

Quote:

Originally Posted by herbalist

...but when I use Vidalia to start TOR, my system resources get depleted to nothing in a matter of seconds, even with everything but the essentials shut off.

I see very high CPU utilisation by Tor when started with Vidalia - possibly due to Vidalia collecting the router information it needs for its network map.

However there is a new FormFiller retaliator available now for one of the longest-running spammers, MyCanadianPharmacy/InternationalLegalRX, which runs as a FormFiller extension in Firefox (GreaseMonkey required, NoScript and User Agent Switcher extensions strongly recommended along with Tor - this won't work with Proxomitron's filters). See the Pharma KS FormFiller thread for more details and instructions. It does require more attention (you may need to reload a page if you receive a 404/503 error) but otherwise provides an easy method for dealing with one of the worst spammers.

I get a high CPU usage initially, but it levells off after a bit. Ends up at 75% unused after a while. It's the available system resources that get pounded on mine. I just tried it again, shutting down everything else except SSM and the firewall. Started at 80% free resources. After about 90 seconds, I was down to 12% and had to shut TOR down. I didn't try to actually use TOR. Just started it up Vidalia. My 98 box doesn't make it easy to see which one is using it up. I'm pretty much resigned to not being able to use TOR.
Rick

[dallen]

I just realized that I made a mistake in post #96 of this thread. Since I started hosting the images with Image Shack, I just realized that I do not have the same control over the file name that I'm used to. If a moderator would be so kind as to remove that post of mine that would help clean up my mistake.

At any rate, this is what I wanted to show:

http://img482.imageshack.us/img482/2985/countsk6.jpg

[dallen]

This is the last update, I promise. I think the point is made that I am doing my part to combat the evil spammers.

http://img137.imageshack.us/img137/3320/countwo9.jpg

[spamislame]

Well they certainly aren't stopping anytime soon are they? They just switch affiliate id's. Today's is "xproject" (oooo... mysteeeeeerious. Bunch of idiots.)

So here ya go:

http://www.mytempdir.com/1113475
http://www.mytempdir.com/1113477
http://www.mytempdir.com/1113480
http://www.mytempdir.com/1113481
http://www.mytempdir.com/1113484
http://www.mytempdir.com/1113487
http://www.mytempdir.com/1113488
http://www.mytempdir.com/1113489
http://www.mytempdir.com/1113492

All are identical, I just post it several times due to the on again / off again nature of mytempdir.

Again: use FireFox, and make sure you have the NoScript extension. (Read the "whatitdoes.html" file.)

Thanx

SiL

Works good on Sea Monkey with Proxomitron again. Haven't seen any of the previous error messages with this version. Does that "we've downloaded your hard drive" message pop up for real customers too? SSM still closes that popup nicely.
What is the justincaserator.html file for?
Rick

[spamislame]

Quote:

Originally Posted by herbalist

What is the justincaserator.html file for?

It's a verification piece I wrote. One affiliate = one product = one site. Had to verify because they change affiliates every so often and I wanted to make sure I had the right number of each item.

Thanx

SiL

[Andysan73]

hello Guys a great site and topic, i am totally fed up over 100+ spam email now for viagra, fake watches and africans asking for there head kicking in.

I have tried and used your spurminator, but my question is this, i use osk and mail. when i get a spam email , ~Unnecessary comment removed - Ron~ how do i can the spurminator to attck them back?

how do i find out the information i need?
and how do i alter the sperminator to get back at these bastards?

cheers.

Andy "balls as big as buckets" san.

[Red Dwarf]

Newest versions of the hands-off fully automated retaliators for 2007

US Drugs or American Pharmacy
AutoAP . . . . . http://www.mytempdir.com/1144741

My Canadian Pharmacy
AutoCAN . . . . http://www.mytempdir.com/1144745

International Legal RX
AutoIRX . . . . http://www.mytempdir.com/1144751

If you have KS retaliator installed as well, ( http://thecarpcstore.com/phpbb2/viewtopic.php?t=459 ) deactivate it by clicking on the smiling grease-monkey icon. Only one automated form-filler at once shoud be active, or else they will conflict.

Be sure to read the documentation file before use.

Download, unzip, browse the unzipped directory, and launch the application. It will have a grey circular icon with a triangle within it.

Treat these like screen-savers, you can run any one of them overnight.

Environment - Windows and Mozilla Firefox browser

Anyone want to work this site over a little before it's taken down? Bank phish. Already reported it to Bank of America and Pirt.
hxxp://www.bankofamerica.com.onlinebankingid59489489.sanshi.biz/session.cgi/
I've given them accounts for Elmer Fudd, Bugs Bunny, and a few other "customers".

Rick

[gerardwil]

Quote:

Originally Posted by herbalist

Anyone want to work this site over a little before it's taken down? Bank phish. Already reported it to Bank of America and Pirt.
hxxp://www.bankofamerica.com.onlinebankingid59489489.sanshi.biz/session.cgi/
I've given them accounts for Elmer Fudd, Bugs Bunny, and a few other "customers".

Rick

I don't understand this answer

Gerard

[spamislame]

Quote:

Originally Posted by gerardwil

I don't understand this answer

Gerard

It's a phishing site. So that user sent them fake information.

I've written retaliation scripts for phishing sites which automate that process. The idea is: get lots of people to send as many fakes as possible so that the criminals behind the site have to weed through (literally) hundreds of thousands of fake entries before finding anything that's actually real. It's quite effective and I know for a fact that it pisses these spammers off. They make drastic but very rough modifications to their forms in an attempt to stop this from occuring.

This site is already down, btw.

SiL

[gerardwil]

Quote:

Originally Posted by spamislame

It's a phishing site. So that user sent them fake information.

I've written retaliation scripts for phishing sites which automate that process. The idea is: get lots of people to send as many fakes as possible so that the criminals behind the site have to weed through (literally) hundreds of thousands of fake entries before finding anything that's actually real. It's quite effective and I know for a fact that it pisses these spammers off. They make drastic but very rough modifications to their forms in an attempt to stop this from occuring.

This site is already down, btw.

SiL

Hi SiL,

I know what's up, I ordered a lot so far , I just didn't understand the post made by Herbalist regarding this.

Gerard

That one came down quick. Just got the e-mail late last nite.
Gerard,
I get these phish e-mails quite regularly. Sil put together a nice script earlier that made a Sears phish I received easier to attack. I realize that this isn't related to the pharmacy spam many of us get in abundance, but these phishers are as criminal as any spammer and deserve the same treatment. Besides, this phish came as spam e-mail too. Sure, we can report them to all the usual places and wait for them to get taken down, but these scum know that's going to happen. By the time they're taken down, they've already made money deceiving the unwary. But if it's targeted by enough people, it takes some of the profit out of it for them. I just post targets when I get them for anyone else who enjoys hitting them. Judging by this thread, several of us enjoy it.
Rick

Quote:

I just post targets when I get them for anyone else who enjoys hitting them. Judging by this thread, several of us enjoy it.
Rick

I'm always busy doing something screen-front so i definitely enjoy crowding out those ridiculous and annoying spammer-brains. Sort of like performing multi-tasking duties and checking every so often during the day/night how many fammy whammers went into their orders forms.

[Red Dwarf]

Quote:

Originally Posted by Red Dwarf

Newest versions of the hands-off fully automated retaliators for 2007

International Legal RX
AutoIRX . . . . http://www.mytempdir.com/1156732

Environment - Windows and Mozilla Firefox browser

Updated Jan 8th version has fixed a small bug that caused the automater to stop running occasionally. We can't have that

[latot]

Hello to everyone and thanks for the info that i have gotten here. I was getting a lot of spam so i searched for a place for help. This is were i wound up. I down loaded the Spur M Enator and sent over 5000 orders, I hoped this choked them a little bit, I know it cut back on my mail. Now it is coming in where you have to click on an address and I dont think I am hurting these people. I will Keep searching ways to Kick these guys in the pants so Thanks for all the help. I have a question about Firefox and Tor, I go to a sight that you have to sign in but they always say (welcome back your last visit was). How do they know that it is my computer signing in if the ip is changing when i use Firefox and Tor? Just curious because if the spammers know my ip everytime also then they are probably banning my orders. Thanks again.

[mantra]

tried to download it but no links work

but thanks

[Red Dwarf]

Not sure which link you referred to.

Spam retaliation tools with latest links are at http://thecarpcstore.com/phpbb2
See http://thecarpcstore.com/phpbb2/viewtopic.php?t=141
and http://thecarpcstore.com/phpbb2/viewforum.php?f=4

The European Spam Wiki is putting to gether a great amount of background information on spammed sites, who runs them, and how to shut them down.
http://www.spamtrackers.eu

Information specific to Pharmacy scams is at
http://spamhater.zoomshare.com

[Red Dwarf]

Complainterator Version 8

Version 8 of the automated complaint generator is now available

When you get a spamvertized site name, like c987fhj4rf8r.example.com/?oijoiufq
you can use the Complainterator to request the registrar who provides the name servers to remove them.
That takes down the spamvertized site, as well as any others registered under the same name servers.
Just fire up the Complainterator, key in the example.com and watch it do its thing.

You can find it at this location
and also at the download section of the European Spam Wiki

This tool and its method has been in use since August 2006 and has resulted in the removal of 250 name sesrvers from 12 different registrars, shutting down over 3,000 spammed sites.