Jump to content

Talk:Open Relay Behavior-modification System

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Yobot (talk | contribs) at 09:48, 27 April 2015 (Tagging for WPNZ prelimary stage: Banner normalisation using AWB (10903)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconNew Zealand Start‑class Low‑importance
WikiProject iconThis article is within the scope of WikiProject New Zealand, a collaborative effort to improve the coverage of New Zealand and New Zealand-related topics on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.New ZealandWikipedia:WikiProject New ZealandTemplate:WikiProject New ZealandNew Zealand
StartThis article has been rated as Start-class on Wikipedia's content assessment scale.
LowThis article has been rated as Low-importance on the project's importance scale.
WikiProject iconInternet Unassessed
WikiProject iconThis article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.

Aftermath

It's gratuitous and unsubstantiated to claim that it was block lists that led to spammers discontinuing use of open relays. It's far more likely that it was the success of a small number of open relay honeypots that led to spammers seeking another means of distributing spam. Michael Tokarev ran a very successful honeypot in Moscow, one that had a brilliant feature: it logged the incoming spam on a web page. The log included the IP address of the source of the spam. The URL of the honeypot log could be sent to the abuse desk of the ISP that was the apparent source of the spam and the ISP could then watch the log and cancel the accounts using the IP addresses that showed up. That quickly burned up the spammer's stock of accounts to be used for abuse since he had never experienced such rapid and certain loss of accounts before. When the spammer was using UU.net accounts Tokarev could see, in the logs for the web page that had the log, the spread of accesses to that web page through the IP addresses used by uu.net: others besides the abuse desk obviously were being alerted to the tool and what it represented. [Most of this is unsourced and private communication and ineligible for inclusion in Wikipdia.] You can find discussions of the honeypot by Michael Tokarev using Google search.

The spammer shut down by the honeypot was a Ralsky associate in Texas. One of the original open relay test messages trapped by the Moscow honeypot went to a server in the Detroit area.

The honeypot web page is still there, showing the sources of the last spam messages received before the honeypot was disabled. [1]

The Jackpot honeypot, designed to run on Windows systems, also logged the spam to web pages. As it was a Windows program it made possible the creation of a substantial number of fake open relays that could be used to directly combat spammer activity. Whether a "substantial number" ever exited is not known. --Minasbeede 00:42, 22 September 2007 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Open_Relay_Behavior-modification_System&oldid=659452213"