[104384] in Cypherpunks
Blocking Extr*ct*r Pro Spamware - www.extractorpro.com
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sun Oct 18 06:25:26 1998
Date: Sun, 18 Oct 1998 03:13:35 -0700
To: cypherpunks@cyberpass.net
From: Bill Stewart <bill.stewart@pobox.com>
Reply-To: Bill Stewart <bill.stewart@pobox.com>
The latest spam that got sent to the list was sent using Extractor Pro.
Their web page is at www.extractorpro.com, their sales email is
sales@extractorpro.com , and their contact page lists other phone numbers.
They've also got pointers to other spamware vendors.
I found it interesting that their tech support phone number +1-313-728-5211
has a different area code than their sales +1-314-878-6770.
(I could say something tacky like "It'd be a real shame if anything bad
should happen to them, heh heh", but instead I'll take the high road here :-)
One of the common features of spamware is web crawlers that
look for email addresses on web pages. Some of them might,
for some reason, follow the norobots.txt convention,
which allows web sites to request that robots follow their
guidelines for where to look and how fast, based on
criteria like origin and maybe software model,
but presumably most spamware extractors ignore it.
The Apache web server has a bunch of security features,
including the ability to allow or deny service based on the client's
IP address, browser, or various other environment variables.
http://www.apache.org/docs/mod/mod_access.html lists the example
BrowserMatch ^BadRobot/0.9 go_away
<Directory /docroot>
order allow,deny
allow from all
deny from env=go_away
</Directory>
which will deny requests from anyone using the browser "BadRobot/0.9".
So depending on the spamware, if it sends a browser-type string that's
recognizable, you can block it. (Finding out what Extractor's
Web Weasel product uses is left as an exercise for the reader.)
I don't know how valuable this is long-term; it's easy to block anything
calling itself "Spamware43" once it's recognized, and Netscape can sue
vendors whose browsers call themselves "Mozilla/ThisIsntTheSpammerYoureLookingFor",
but spamware vendors could pick random strings for every user
to get around recognition. But it's a start.
~~~~~
The configuration documentation also has the enjoyable sentence
"Suppose that time repeats itself for some reason."
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639