From hungary-online-owner Thu Nov 23 00:36:38 1995 Received: from localhost (daemon@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id AAA07677 for hungary-online-out31415; Thu, 23 Nov 1995 00:36:38 -0800 Received: from localhost (daemon@localhost) (fnord) by nando.yak.net (8.6.5/8.6.5) id AAA07657; Thu, 23 Nov 1995 00:35:53 -0800 Received: from steve@isys.hu () via =-=-=-=-=-= for hungary-online@hungary.yak.net (7655) Received: from kingzog.isys.hu (KingZog.iSYS.hu [194.24.160.4]) (fnord) by nando (8.6.5/8.6.5) with ESMTP id AAA07647 for ; Thu, 23 Nov 1995 00:34:41 -0800 Received: from [194.24.160.22] (bubba.iSYS.hu [194.24.160.22]) by kingzog.isys.hu (8.7.Beta.11/8.7.Beta.11) with SMTP id JAA07816 for ; Thu, 23 Nov 1995 09:34:34 +0100 (MET) X-Sender: steve@mail.isys.hu Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 23 Nov 1995 09:37:44 +0100 To: hungary-online@hungary.yak.net From: steve@isys.hu (Steven Carlson) Subject: (HOL) spam - fighting back Sender: owner-Hungary-Online@hungary.yak.net Precedence: bulk Reply-To: Hungary-Online@hungary.yak.net At 8:36 PM 11/22/95, Zoli Fekete, keeper of hungarian-faq wrote: > we've both been on the net forever /;-)/ and I seem to be the more > skeptical, so don't think I want to reason with unreasonable people; > they could, however, be fought against quite effectively if enough of > the rest are convinced - that's where reason comes in. Folks - You might be interested in these two postings from the Computer Underground Digest (CuD) . The first file unmasks a well-known culprit called the Spam King. The second file talks about how to fight back against persistent spammers. It's very vicious stuff! =steve= -- Date: Fri, 20 Oct 1995 00:00:37 -0500 From: TELECOM Digest (Patrick Townson) Subject: File 1--Do Not Visit This Address or Call This Phone Number ((MODERATORS' NOTE: Pat Townson, editor of TELECOM Digest, and the one responsible for the birth of CuD in March, 1990, wins "Net-warrior of the week" award for his marvelous job of outing the "Spam King")). A nemesis of many on the Internet in recent weeks is a fellow known as Spam King. He has trashed hundreds of newsgroups with his messages, and this includes comp.dcom.telecom recently. I spent some time Thursday locating him. Spam King is Jeffrey A. Slaton of Albuquerque, NM as he admitted to me in a phone conversation this evening. Here is what I know for a fact: According to the phone company in Albuquerque, NM, the phone number 505-821-1945 is listed to 'J.A. Slaton' address withheld at the customer's request. When you dial that number which *always* goes to voice mail, try this little technique ... The instant it answers, press the * key. The voicemail system will respond saying, "We are having a problem right now, please do not hang up. To leave a message, enter the number of the person you are calling. To listen to your messages, press the # key." When you press the # key, another voice asks you to enter your telephone number (meaning of course, Jeff's phone number) ... so you enter once again 505-821-1945. Of course, since you are not Jeff, don't do this. You immediatly hear the name of the mailbox owner stated: "Jeff Slaton" (pronounced Slay - ton) And you are then asked to enter your (meaning his) password to pick up your messages. grin .... I really have to wonder who he thinks he is messing around with .... Now would someone be so stupid as to use SPAM KING as thier password? (using the associated digits on the dial). Well no, he did not use that, but I am not going to say what password he *is* using. That might be illegal and might be construed as me encouraging others to loot and destroy his messages. I'll let others of you figure it out, since after all it is against the law to hack someone's voicemail. This appears to be just your typical phone company voicemail system. It is NOT a 'D.I.D.' (direct inward dial) number to a voicemail system ... it *is* a number in his home that is just always left to go to voicemail. ================================ Speaking of homes, were *does* Jeffrey A. Slaton live? Well, I located him as follows: Jeff A. Slaton 6808 Truchas Drive NE Albuquerque, NM 87109 The phone number he actually answers on is 505-822-8919. He gets a woman who lives there to answer the phone; he hides behind her skirt. I got him to come to the phone and speak to me with some persistence. Naturally when dialing, if one wishes to preserve one's privacy one will prepend *67 to the dialing string, or do as the phreaks did years ago before the new-fangled phone system was invented and just run through a few loop-arounds or a couple of MCI dialups or whatever. Of course, readers are reminded that phone harassment is illegal and ransacking and looting of other people's voicemail is also quite illegal. Nor is it recommended that visitors without appointments drop in to see him at his home or try anything violent like smashing or busting up computers, modems, etc. That sort of thing just will never, never do ... not in a civilized America or on a civilized net. I mean, we are still pretending that we have a modicum of civility here, right? I don't want to hear any reports back about people trashing that telephone number (505-822-8919) so badly that the phone company is never able to re-assign it to anyone or about how someone went out there to 6808 Truchas Drive NE and busted up little Jeffy's toy computer. When he spammed my newsgroup, and rode express right through my mailing list a couple days ago, he got me ... well, let's say 'annoyed'. PAT TD Editor PS: You might want to let others know about this fellow so that when they are confronted with messages from Spam King they'll know who to see about it. Of course, in the process of posting this around, do not start spamming yourself. ... none the less, when you see some of Spam King's work, let Jeff know how you feel about it, and be sure to mention the newsgroup(s) where you saw his stuff. He'll appreciate that. ------------------------------ Date: Sun, 22 Oct 1995 03:23:08 -0500 From: TELECOM Digest (Patrick Townson) Subject: File 2--Attention Spammers: The War Has Started I don't know about the rest of you, but all this spamming in recent months has really started to get me irritated. I think one solution worth looking into is that of *spamming back at the spammers*. Since *they* do not seem to care what sort of irrelevant junk they sent out to every newsgroup and mailing list they can find, I see no reason why netters can't simply return the courtesy, armed with such details as: home address, home phone number, social security number of the spammer when known, banking information of the spammer when known, other personal details, etc. Then, I'll leave it to your imaginations as to how to best deal with the inconsiderate boobs who have trashed the net to the point of it being almost useless in recent months. Listen to them squeal like stuck pigs when the place *they* get *thier* messages and mail gets loaded with spam ... listen and watch how they carry on when their telephone number becomes so polluted they have to have it changed time and time again ... smile ... oh, there are people who can make those things happen. You can even be taught how if you don't already know the techniques used. And imagine the fun to be had by all with Jeff 'Spam King' Slaton's social security number and banking information ... ... Jeff sees nothing wrong with invading *your* privacy does he? You are gonna worry about his? Here is the data on Jeff once again in case you missed it, and then we will move on to a new assignment: Jeff A. Slaton 6808 Truchas Drive NE Albuquerque, NM 87109 Phone: (505)822.8919 personal answer, but lately on an answering machine. press '2' for Jeff, do not bother the rest of the family. Voicemail: (505)821.1945 once it answers, press * and listen to the voicemail system's response. Enter the proper numbers, etc as required. I'm doing a social security number trace on him now, and trying to find out where he banks. I'm not certain, but I think he has some other employment as well. If so, spam will be needed there also. Details provided when available. In the meantime, let's get busy with letters and phone calls to Jeff, letting him know how concerned we are about his attitude. When you write or call Jeff, be sure to let him know the newsgroup and site where you saw *his* spam. He'll appreciate knowing you are concerned about him as a net citizen. -------------------------------- Now let us direct our attention to the magazine club ... you know, the one all the 'international students' are raving about ... the one that Janet Dove introduced us to and Patricia Eng (president of the international students association) has been reminding us about with 30,000 byte, thousand line messages recently posted in dozens of newsgroups. Here is a header from a recent spam sent to me for my list -- thank God I still maintain telecom manually, else this crap would have gone out. This first part merely says that it arrived at our site, was delivered to my mail filter, processed through the filter according to my instructions, then remailed to me !absolutely!, bypassing the filter. Can't just drop things in the mail spool after filtering them, it may cause race conditions, file overwriting, etc. From telecom Sat Oct 21 17:50:45 1995 Received: by delta.eecs.nwu.edu (8.6.12/8.6.12) id RAA24689 for \telecom; Sat, 21 Oct 1995 17:50:44 -0500 Date--Sat, 21 Oct 1995 17:50:44 -0500 From--TELECOM Digest (Patrick Townson) Message-Id: <199510212250.RAA24689@delta.eecs.nwu.edu> To: \telecom@delta.eecs.nwu.edu Status: R Now, here is where the fun starts. Notice how the sender of the mail used certain flags in sendmail to diddle up the 'From ' and 'From:' lines, thinking they could avoid detection. Essentially what we see is, my site (delta) got it from our network mail machine (zeta) which got it from cornell. Cornell got it from ixc.net who in turn got it from 205.230.67.30. Hmmm ... well that turns out to be something called ppp30.ingress.com. Now maybe it came from there or maybe the person just put that there. >From For.a.prompter.reply.please.fax@If.you.do.not.have.a.fax.smail.is.ok Sat Oct 21 17:50:41 1995 Received: from zeta.eecs.nwu.edu by delta.eecs.nwu.edu (8.6.12/8.6.12) with ESMTP id RAA24676 for ; Sat, 21 Oct 1995 17:50:38 -0500 Received: from cornell.edu by zeta.eecs.nwu.edu (8.6.12/8.6.12) with ESMTP id RAA09521; Sat, 21 Oct 1995 17:50:36 -0500 Received: from [205.230.67.30] (pm1-41.ixc.net [198.70.48.41]) by cornell.edu (8.6.12/8.6.12) with SMTP id QAA01200; Sat, 21 Oct 1995 16:12:29 -0400 Note that when you trick the mail network by using certain sendmail 'flags' which allow you to diddle up your 'name' into something goofy like this, if you are not considered a 'trusted user' at your site -- that is, your name is in a certain file -- then the (unverified) comment will appear; sometimes it will be shown as 'authentication warning'. X-Sender: For.a.prompter.reply.please.fax@If.you.do.not.have.a.fax.smail.is.ok (Unverified) Let's assume for now the message ID number was generated by the site. Let's also assume that the person who dumped this load on the net is NOT the postmaster there. I know, even that is a big assumption these days; but let's assume the postmaster is straight ... Message-Id: We now need to send a note to 'postmaster@ppp30.ingress.com' and ask that person if s/he will be so kind as to check the site logs and see if it can be detirmined WHO is the actual user who accessed sendmail at 16:48 on Saturday, October 21 to send mail with the Message-ID shown above. You might want to cc 'postmaster@ixc.net' at the same time. Sendmail should have logs of who accesses it, regardless of what that person makes sendmail say to the outside world later on. X-Priority: 1 (Highest) Yeah, right. The highest priority my dear. You *will* be given close attention in the next few days, believe me you ... Date--Sat, 21 Oct 1995 16:48:12 -0500 Note although ppp30.ingress sent it out at 16:48, Cornell says they got it at 16:12. That's because Cornell is on a different time zone than ingress apparently. In effect, they got it 24 minutes after it was sent out. Now notice TO WHOM it was written and FROM WHOM it was sent ... To: For.a.prompter.reply.please.fax@If.you.do.not.have.a.fax.smail.is.ok (Patricia Eng, President, Association of International Students, Australia-New Zealand Chapter) From--For.a.prompter.reply.please.fax@If.you.do.not.have.a.fax.smail.is.ok (Patricia Eng, President, Association of International Students, Australia-New Zealand Chapter) Bogus From and Bogus (identical) To -- so with a 'To' line like the above, how did I get a copy over here, and how did you get one (if you did)? Well this tells us there must have been one or more bcc's ... 'blind courtesy copy' or do you say 'carbon copy' like me, the old fart that I am going back to carbon paper and typewriter days? Anyway, there is a bcc involved. It is a great way to send out mail to a huge list of people (or LISTS of people) without any of them knowing who the others are. I do it all the time with my mailing list to keep the names on the list from seeing the other names: I send it from myself to myself with a bcc that has a few thousand names! Subject--*** ===>> World's *Cheapest* Way to get USA Magazine Subscriptions delivered to *any* country (1,500+ USA titles to choose from). Mercifully, we shall skip most of this tripe; we all know what Janet Dove and now Patricia Eng have done: recently they joined a magazine subscription club in the USA. Janet Dove told us that she was 'a busy student' and would have no time for replies, so please do not write to her. Well, unfortunatly for her, a lot of you did write. Flames and more flames. Obscene letters, hate letters, you name it. Janet got the good trashing she deserved. It got so bad the magazine people had to change their address, phone and fax number. ---> PLEASE NOTE THE NEW FAX # AND NEW SMAIL ADDRESS, AS SHOWN BELOW. TO RETURN THE "REQUEST FOR MORE INFO" FORM TO. THE OLD ADDRESS AND FAX # ARE NO LONGER FUNCTIONAL. <--- You will get a quick reply via email within 1 business day of receipt of the info request form below. This time, they got smart ... but they're not as smart as you, are they folks? Grin ... they say, 'our fax machine is set up to only accept one page, and then disconnect.' Gee, I wonder why? Is it because so many of you folks last time around set your fax up with a mobious loop of paper which went round and round all night causing Janet's machine to waste all its paper? They say, "gotcha! it won't work this time, internet dudes ... this time we take one sheet of paper only from you ... and we cut you off!" ----> IMPORTANT NOTICE FOR THOSE FAXING IN THEIR REPLY: (*please* make sure there is *no* cover page and your fax is only 1-page, as their fax is set-up to receive only 1-page faxes. Your fax goes directly onto their 4.2 gigabyte computer hard drive, not paper, and all incoming fax calls are set-up to be auto-terminated at the start of the 2nd page, in order to allow space for everyone's replies to be received.. <---- *** No, what they mean is, 'in order for your hostile reply to not clog our machine and run us out of paper every few minutes all night long ... *** So a new approach will be needed. Read on ..... Hi fellow 'netters, My name is Patricia Eng and I recently started using a magazine subscription club in the USA that has a FREE 1 yr. magazine subscription deal with your first paid order- and I have been very pleased with them. They have over 1,500 different USA titles that they can ship to any country on a subscription basis. As for computer magazines from the USA, they more of a selection than I ever knew even existed. They have magazines for most every area of interest in their list of 1,500 titles. (Several hundred lines deleted; I am sure you are angry with me for cutting them out ... grin ...) And guess what! Patsy Eng is the same way as Janet Dove ... 'just a happy customer and a busy student' ... no time to answer flames ... and to make sure she does not have to answer flames, she thoughtfully screwed up her email address, as we saw above. Please do not email me as I am just a happy customer and a *busy* student. I don't have time to even complete my thesis in time, let alone run my part-time software business! Please fill out the below form and fax it to them in the USA at: 718-967-1550 (Fax line is open 24 hrs. per day, 7 days a week, but the *easiest* time to get your fax through is Mon-Fri, 9 am - 5 pm EST, due to the least # of faxes coming through during those hours.). We will discuss that phone number in just a minute. ----> IMPORTANT NOTICE FOR THOSE FAXING IN THEIR REPLY: (*please* make sure there is *no* cover page and your fax is only 1-page, as their fax is set-up to receive only 1-page faxes. Your fax goes directly onto their 4.2 gigabyte computer hard drive, not paper, and all incoming fax calls are set-up to be auto-terminated at the start of the 2nd page, in order to allow space for everyone's replies to be received.. <---- She stresses this again; you see last time the magazine people unloaded their commode here on the net, many of you responded vigorously, you damn near wrecked their fax machine ... good! And they would like you to fax to them during the business day ... not so much because that is 'when it is slowest and easiest to get through' but more because that's the time of day when they are there to monitor what is happening ... naturally, you will want to send your faxes at night and on weekends .... grin .... or smail it to them at the following address: Magazine Club Inquiry Center Att. FREE Catalogue-by-email Dept. PO Box 990 Staten Island NY 10312-0990 We will discuss this post office box in a minute also. NOTE: for the fastest reply, please fax in the below form. If you do not have access to a fax at work or at home, then please send it in by smail (airmail). They will email you their FREE catalogue and complete info on how their club works within 1 business day of receiving your form. Replying does not mean you are committed to joining, only that you are seriously interested in receiving more info by email and then have a quick friendly, no obligation phone call made to you to answer your questions and explain how they work. Only a complete FOOL would supply them with any information at all about themselves or their email address or snail mail address, etc. Sorry, but incomplete forms *will not* be acknowledged. If you do not have an email address, or access to one, they will not be able to help you until you do have one. If you saw this message, then you should have one. :) *** Snicker **** (About a thousand more lines deleted ... I do not intend to advertise their magazines for them.) Now here is where YOU come in ... here are some things YOU can do to help expose the vermin who, like Slaton, have managed to damn near wreck Usenet ... I. Write postmaster@ppp30.ingress.com (with a copy to) postmaster@pm1-41.ixc.net Text: "Please check your log of outgoing mail for 16:12 on October 21 and see if it is possible to detirmine which user sent the mail with the above referenced message-ID and give me that name. Thank you." Once the postmaster responds, see to it the rest of the net gets the correct user name. Finger the user if possible for more details as to real name, etc. Naturally, most vermin do not have .plan files in thier directory, but put together what data you can. II. That phone number: 718-967-1550. It is a working number in Staten Island, NY but it is non-pub. A fax machine is answering. I am running into dead ends at present finding out any more. I'll keep working on it, but in the meantime, if you have a fax that is a hundred pages long, you may need to call them a hundred times and send your fax page by page. Are there some pictures you want them to see, or a magazine article? Maybe they should get copies of other spams like their own ... but long distance is cheap these days (nights) ... so if you have to send several to get it all delivered, then do it. People in the local NY/NJ area may have a lot of faxing they need to do. III. That box number: PO Box 990, Staten Island, NY 10312 Send a short polite letter addressed as follows: Postmaster Staten Island, NY 10312 ATTN: Lock Box Rental Supervisor Text: "Post Office Box 990 is being used for business purposes, to solicit the public. Therefore, according to postal regulations, I am entitled to know the name and address of the box holder. "Please supply me with the name and address of the renter of Box 990, also a phone number if you have one. Please supply me with the name(s) of the person(s) authorized to sign for certified/registered mail and the name(s) of persons authorized to collect mail from the box or who are in possession of the keys to the box if they are different than the renter. "I am enclosing a self addressed stamped envelope for your convenience in making a speedy reply. If there is a fee for your service, please advise me. Thank you." If you want, just for a little fun, send a cc of the letter to the postmaster to the box itself just to let the boxholder know inquiries are being made about him. Nothing better than a little paranoia on his part. Naturally you do not send him a self addressed stamped envelope. Since he *is* running a business box, he will be powerless to stop you from inquiring of the postmaster. IV. Finally, once again in reference to Box 990, you may wish to send him LOTS of mail ... why not send printouts of his own spams back to him along with print outs of every other spam you can find. Naturally, no return address on the envelope, and don't worry if you short the postage a little .. the post office will tell him to pick up his mail at the call counter and pay the postage due. Send a few 'Jesus Saves' tracts, assorted treatises, etc. You are doing this to follow up on the fax message you sent earlier -- all five hundred pages of it! --------------------------- Be courteous and polite with postmasters, electronic or otherwise. It is not thier fault that they have idiots and con-artists as customers. Whether it is ingress.com, or the postmaster at Staten Island, they WILL get the point and understand the purpose of your POLITE inquiry. ----------------------- So ... now please finish your assignment with Jeff, and then begin this new assignment with the magazine people. Bear in mind the junk mail spam sent to the magazine people is only until we have more detailed information about who they are and where they are. Good luck on your mission! Keep their mailbox full and their fax machine humming ... each time a new spam appears, in addition to cancelling it as soon as possible mitigating its influence, let's hit them hard in return with as much personal data as we can dig up. Should there possibly be a Digest or mailing list devoted to a 'clearing house' function, identifying the vermin and coordinating return attacks, etc? War has been declared! PAT ------------------------------ ------------------------------------------------------------------------- Steven Carlson http://www.isys.hu iSYS Hungary info@isys.hu steve@isys.hu "One person with a belief is equal to a force of ninety-nine who only have an interest." - John Stuart Mill ############# # This message to Hungary-Online@hungary.yak.net # was from steve@isys.hu (Steven Carlson) # # To unsubscribe, # send "unsubscribe" to # An announcement-only subscription (less volume) is available # at # Send mail to for more information, # or to if you need human assistance. #############