Just thought I would mention this as several said they get a lot of spam mail from their web sites.

I have found over the past year that if I only use emails which include "nospam@...." then my email does NOT get added to lists created by the scripts that extract email addys from sites.

Those extractors must have a filter that exclude the word 'spam' within the email. Give it a try and use the nospam@ in all references to your email addy and I think you will see a big decrease in the amount of spam you receive.

This of course will not get you off existing lists :(

After getting over 60 spam messages a day for several years with having my email posted on websites, I now only recieve perhaps one a month if that :)

I do find it very helpful to report all spam mail using SpamCop http://spamcop.net/

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/

Another way to mask your email on a website
is via this nice JavaScript function:


Then:


This works well in keeping robots from gathering your email :-)

~ ERASER

---

Free JavaScripts @ Insight Eye

The most effective way I've done is to create an image of your email address and post it as an image. No spam robot can read images, yet ... The only unfortunate backlash from this is usability for blind users - but there is a way around this by spelling your email out phenotically in your ALT tags, as in "type wil the at sign fba group as one word dot com" :-)

Hope this helps.

- wil

Or the best way is just not to post a text email address on your site...use contact forms (but make sure you don't post that they are insecure when there are prying eyes around).

Use multiple email accounts. Use one for subscribing to services and what not, then ignore it thereafter to avoid the spam. Also use filtering macros in your email client :-) On the email address I post publicly here in the forum, any email to the account get's thrown out if it didn't come from an authorized source or does/doesn't contain certain keywords.

--Philip
Links 2.0 moderator

There was an in-depth (well, as deep as /. goes <g>) article about this on slashdot a few weeks back:

http://slashdot.org/...sid=02/03/21/1836223

- wil

I just want to say, (and I am not re-visting any other post in this area here), that the amount of spam I am getting from two particular sites has doubled since yesterday. Nearly all of the messages contain the worm virus.

The spammer signed me up with two names, under which all my spam is comming to me under. Easy solution is to block by name here, but I went a step further, and blocked the whole site! The spams are coming from *.com.br.

I checked them up on Spamcop, but no info.

I've recieved this virus alert from my AntiVirus supplier today. It seems that it's spreading quite rapidly.

Is this the same on as you're getting?

- wil

Yes it is, but this is seperate to the ones I mentioned. Could be the case of the supplier cashing in on the cure here ie spreading the virus and hoping to catch people wanting the cure???

Outlook filtering bewilders me.... I am going to turn to my host for these bad boys (spam msgs).

I just make sure /var/qmail/control/databytes is fairly low so the sucker bounces right back at em ;)

And all your other mail :-)

- wil

You know I am now getting spam from blue chip companies like Novell. I have been signed up to a lot of mailing lists lately

After today, I will have pretty decent blocking going on so it will be a waste of time for the spammer.

Err nope. Works nicely if you set it at the right size...bounced a bitmap back at Jagerman..hehe

Well it happened. My machine fell over and I have been installing Norton Internet Secuirty for the last twenty minutes.

I was attacked by several viruses as a direct result of this spam attack!

The attack took my computer out for three hours, with the ability to do nothing - you know the scenario.

One of the viruses was detected and removed by the software/warning posted on the Norton web site. They have a free removal prog. just for this virus.

http://securityresponse.symantec.com/...ez.removal.tool.html

My host suggested I delete my mailbox, which I am not going to do..... crazy suggestion, how am I supposed to get mail???

In any case watch out for those spams guys and girls!!! Unless you have the latest and greatest methods and anti-virus software working for you.... its going to happen.


http://www.iuni.com/...tware/web/index.html
Links Plugins

>>
Unless you have the latest and greatest methods and anti-virus software working for you.... its going to happen.
<<

You don't get viruses without doing something to activate them. ie you have to click an executable file.

Are you saying you got infected without doing that?....

Where on earth did you get that idea Paul? Many viruses these days are integrated into the source code. For example, one I had once on my old PC..that ran a command via the email, which totally screwed up my machine, gave me loads of blue screens..and then deleted all my emails!

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

Andy

What? Are you trying to imply that viruses are built into your operating system or the software you are using?

With viruses, you must physically execute the dodgy looking attachment you recieve through your email. And, IMO, it's your own fault for doing so in the first place. <g>.

- wil

I'm not at all implying that. I'm just saying, that viruses CAN and ARE integrated into emails, without the user having to execute the attachment. For example, worms. They do't show as attachment, you just have to view the email for it to infect you!

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

Hm. That is surely not true? How can someone write a plain/text email that was a full c++ or vb worm? That is absolutely impossible. Sorry!

- wil

http://www.sans.org/...ook/alerts/virus.htm

Aha. Microsoft Outlook. I should've known! Why on earth does it execute scripts and stuff by default - such such such a stupid program! Grr...

Why don't people just use a decent email client and we can eliminate these worms for good! :-)

- wil

Checkout the URL I just added above. This bug is likely to be fixed now seeing as it was found 2 years ago.

Yeah - I hope so. I still don't understand why people would want to use MS Outlook, though. Every single worm I've heard of repeatedly say ".. and sends to everyone in your Microsoft Outlook Address book .. " la di la. Ugh.

- wil

Thank you Paul..you proved my point I used to have Outlook Express 6, and that still seemed to have that flaw...so maybe M$ havn't fixed it :| I know that Outlook 2002 has it fixed by default, but you can change the settings to run files/codes within emails. I have also noticed a lot of emails coming through with stuff like;


I'm not really sure if this is a virus...or what. But there is no attachment, so if there is a virus, it isn't running on my PC :)

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

>>
Every single worm I've heard of repeatedly say ".. and sends to everyone in your Microsoft Outlook Address book .. " la di la. Ugh.
<<

Haven't we been through this before :)

Thats because most people use Outlook so it's obviously going to be targetted the most....you realise why hackers spread viruses?....its to affect as many people as possible...they aren't going to achieve much trying to spread viruses around pine users

Yeah - we've been down this road :-)

But my point is that if we can educate people and get them to use Pine then there wouldn't be such a market for these hackers = less damage.

- wil

I really don't know what's the fuss about MS Outlook. Just disable the preview function and the address book, et voilà, no more trouble.

The only thing anybody could nag about are Outlook's default settings. Solution: see above.

Why not switch to Eudroa, though? A lot more powerful and I believe it handles mail in a more 'correct' manner than Outllook i.e. it threads messages by attaching appropriate headers wich Outlook doesnt do. Not sure if you're running in IMAP mode on Outlook, however.

- wil

>>
But my point is that if we can educate people and get them to use Pine then there wouldn't be such a market for these hackers = less damage.
<<

Yeah but you're missing the point...just shifting everyone over to another mail app would do nothing other than encourage hackers to find exploits in that software too.

Yeah, except that people don't have such a vendeta against other software manufactures.

And they are generally more secure. People are still using unsecure Microsoft products. I'm still using IE 5 at home, simply because it takes far too long to download an update (IE6) over a 56k modem! The number of people using unsecure MS products is phenonamol. While other mail clients have been more secure from the word go - what was the need to allow scripts to be executed anyway? <g>.

- wil

I've used Eudora before. Apart from constantly messing up my desktop and changing my default browser settings (such as minimizing fonts etc.) it can only handle a single user account (at least the last version I used).

Yep - Eudora can handle multiple email accounts. And it handles them properly too - all independant of each other.

I was trying to set someone up on Outlook 2000 the other day and started adding multiple accounts, and then noticed you can only have one signature! And you can't specify a signature for each seperate account! I stopped there and uninstalled before finding out other horrors.

- wil

>>
I was trying to set someone up on Outlook 2000 the other day and started adding multiple accounts, and then noticed you can only have one signature! And you can't specify a signature for each seperate account! I stopped there and uninstalled before finding out other horrors.
<<

So use Outlook Express 6 which can do that.

I tried Eudora once. I really hated it. The interface was NOT user friendly... there were icons and functions without explainations, etc. Also felt the toolbar icons were way too small. Anyway, that's what they forced us to use at school but I don't have to suffer with it anymore. I installed it on my pc once and promptly removed it.... Eudora crashed my computer whenver I had Internet Explorer running at the same time.

Erm... If you set up multiple identities, rather than accounts, you can have multiple signatures for sure... although I don't remember having any problem have multiple signatures in a single account before.

Also, not sure what you mean about Outlook not threading messages? Maybe I'm missing something, but I don't seem to have any problem viewing the message lists in a threaded mode.

Wil, my question is this: If you hate MS so much and can't seem to grasp how to use any of their programs, why the hell do you continue to use them?

Quit using gheto programs like Netscape (whos programmers seem to not understand why Netscape sucks), upgrade to decent, stable versions of MS software (win2k/xp pro, outlook 6, etc), quit being dense and learn to use the software, and (most of) your problems will go away.

--Philip
Links 2.0 moderator

>> So use Outlook Express 6 which can do that.

Interesting. Why can the free version do this, but not the paid one? Bizzarre!

Thanks

- wil

Philip

I use Microsoft products while I'm at my desk in work. Basically, we use the Office suite as standard, although the only program I really use out of it is Word.

At home, I have my own setup sans Microsoft.

Although, saying that; I have to admit that I've ordered myself one of those new Sony Vaio laptops that come pre-installed with XP. I want to try it out just to see if it might be worth it. Although, I think my business decision in terms of upgrading in work would be to wait for the next release of Windows, codenamed Longhorn.

Cheers

- wil

uh... Outlook 2000 is not exactly up to date. The feature probably didn't exist at all in that version. There's also a bit of difference between Outlook 6 for XP and older versions of Windows.

--Philip
Links 2.0 moderator

Hm.. anyone else see the subliminal message?

--Philip
Links 2.0 moderator

?

- wil

Guess your subconsious is doing things you aren't aware of.

...desk...sans...Longhorn... = ...pc....without...Windows = Linux/Mac w/ Netscape

--Philip
Links 2.0 moderator

Nope. Still don't get you

- wil

Hmm I have a longhorn login screen :)

http://www.xp-erience.org/...onghorn/longhorn.jpg

I was reading an article today in Computing today (the printed version not the web version I just linked to) that advised businessed not to splash out on XP as it's just an inbetween before the next release.

Which actually makes sense when you think about it. Microsoft's products have a life-cycle of 3 - 4 years (source: Microsoft), Windows 2000 was their latest milestone, now project longhorn will be out in 2003/04 therefore it advises businesses not to waste money upgrading on this fancy new in-between. Basically it argues it's just another marketing ploy, an extended product - kind of like those king size Mars bars they brought out a while back. ;-)

- wil

On the security issues, Microsoft doesn't help uses of older Outlook versions fix security bugs very well. When running the online office product updates, it doesn't recognize older versions (pre-2000) of the office suite - so you think all is OK with your copy after the message "no updates available" is displayed. Nope, its a case of hunting down the fixes and hoping you have right ones!

~ ERASER

---

Free JavaScripts @ Insight Eye

I know what you mean! I just visited windowsupdate.microsoft.com and found out that my version of Windows needed 13 'critical security updates' to be up to scratch. Hm, nice of them to let me know that my system was vunreble, huh?

- wil

I'm personally looking to move away from MS products for specialist areas like email and web creation due to bugs and continuous security issues. Recently tried a beta of dreamweaver 5 for web creation and was stunned by the professionalism of this program compared to Microsoft's offering. Just need a decent email prog now ;-)

~ ERASER

---

Free JavaScripts @ Insight Eye

Microsoft's job isn't to hold your hand...its up to you to make sure you are using up-to-date software.

The update button sits on your start menu...it isn't hiding anywhere.

I understand that. But I do think there should be a sense of responsibility at their part. They are basically supplying me with faulty software, I could argue.

- wil

Yeah but it isn't faulty....people purposely go looking for the hole.

Microsoft can't cover every single possible hole that 6 billion people may find whilst purposely trying to find security holes. Thats like buying a car and then getting it broken into and then complaining to Alfa Romeo that they should have used bulletproof glass in the windows.

I don't think we'll ever see eye-to-eye on this topic, Paul, so I'm going to leave it at that. :-)

- wil

I love it when I get up in the morning and you forum Veterans have been going at it!! (jokingly)

Yes, the attack was through Outlook Express 6. And very interesting to read your comments on how a virus can attack without opening.

I am 99% sure that I do not open any attachments where I do not know the author.

There is always the possiblity the author did not realise their attachment had a virus in it either as well.

Thanks guys.

I think I removed the last of these bad guys (viruses) this morning.

Yes, as this is exactly what most worms try to achieve. They look in the recpient's address book and forwards itself onto everyone in there, so the virus may *appear* to be coming from a friend or colleague.

- wil

Scary!

I am still getting around 20-60 per hour from *.com.br. (this contains the klez worm). Although this is spam related, spamcop seem to not get involved with virus related spam.... I may be wrong on this, but it was the impression I got from their rules.

I have put them into the Outlook blocked senders list, but it still "bugs" me. I'd like to get these guys.

I could not find a report an virus attack on the symantec site. There really should be way of reporting these guys, but I guess it is the attention they are after.

No, I think the reason these aren't blocked or traced is that these are usually bogus email accounts, or relayed over open servers whith bogus accounts. If you actually sent something back to them, it would more than probably bounce anyway.

- wil

What virus is this one again? It sounds like it could be one of these?

• W32/Lohack-A
• W32/Badtrans-B
• W32/Yaha-A

- wil

Yes, you are right. My autoresponder has been getting bounced continuously... I may have to shut it off for a while. Because I get a 'bounced' message each time this happens.

The .com.br one is the

W32.Klez.H@mm

I also got the

JS.Exception.Exploit this morning, that is not a biggie.

(not to mention a SUB7 attempt every 10 minutes or so )

Are attacks this common, or am I being targeted here??

Yes, you are being targetted. This is not common practice at all in my case. Or maybe my firewall blocks these kind of attacks, I'm not sure, but I've never been pounced upon like you're having now.

And no, I don't want to be either <g>.

- wil

What are you using for a firewall may I ask? Is this a software or a hardware job?

I just installed Nortons Internet Security... I only had the XP built in prior to yesterday.

>>
not to mention a SUB7 attempt every 10 minutes or so
<<

Hehe too funny. How do you know that is happening?....is your firewall telling you?....if so then theres no need to worry as obviously the firewall is blocking it.

...and yes it is common...I used to gets alerts all the time for port scans and stuff...quite annoying....I ended up getting rid of the firewall :)

Yes, the latest version of the Internet Security has this neat little side bar... which tells you the ip, port and type of virus or whatever that is attempting attack. It then automatically blocks that computer from accessing your computer for 30 minutes. I like it actually. Though I am using an older Dell Inspiron, and it was struggling to keep up with the applications before I installed this firewall!! The little engine that could, is now the little engine that gets hits by virus, and STILL CAN!

I know what you mean by continuous firewall irritation though. This version seems to be a little more intellegent in auto senseing everything, and leaving you alone. Does it sounds like I work for Symantec? Actually I don't but, it seems to be keeping my system alive during this attack.

This attack only started two or three days ago, but no end in sight yet.

Paul

You had continous port scans, huh? Have you got a static IP?

- wil

>>
You had continous port scans, huh? Have you got a static IP?
<<

Yes and yes. 213.106.15.150

What is socket.net ?

I figured it be something.co.uk or so.

How did you get socket.net?

erm... looks like the winXP login screen to me. I thought all the Longhorn stuff that was posted there was BS??

--Philip
Links 2.0 moderator

From a DOS prompt type:

tracert ip address

I was going to try telnet, but I figured it'd be too creepy.

People still use Pine? Good grief. Maybe they're stuck at university somewhere.

Yeah thats why I asked because when I do a traceroute I don't see it :)

As Microsoft IS supplying a mechanism to detect vital security updates, then they should make sure these work for ALL bloody programs coming out of their workshops. Such a statement suggests a lack of proper understanding on how MS IS responsible for supplying safe software to the masses. If your new car had faulty wheels, you would expect the recall to include your model as well as the very latest model comming out of the factory.

~ ERASER

---

Free JavaScripts @ Insight Eye

You misinterpreted what I meant. Im not saying they shouldn't provide a good level of support...of course they should....and I have to say updates are extremely simple to install on XP and the majority are downloaded in the background without you having to lift a finger....all Im saying is that when you don't bother to keep your software up to date and then get a virus or something when a patch has been available for months then you shouldn't start whining at Microsoft. How do you expect them to tell you about updates other than post it on their site and provide you with an updates facility on your desktop?...you want them to make a personal phone call to 50 million people?

It yanks my chain when people using Windows95 or Windows98 complain about all the security problems....umm try upgrading...things have come on along way since like 1996 or whatever ;) (Im not referring to you specifically Eraser).

Disagree with what I've just said if you like...Im sure you will :) ....I don't mind as Im going to bed.

Would you recall an entire line of cars and loose $M before knowing for sure that model is faulty as well? Appearently, you would. By that reasoning, you seem to expect MS to patch bugs and security holes before they know they exist.

I agree with Paul. It is entirely up to the end-user to keep their software up to date. You can't expect the software company to call you every time a fix was released, or send a new version in the mail.

--Philip
Links 2.0 moderator

Personally, I think Microsoft just needs to put a greater emphasis on security, something they haven't done in previous releases. Some of my all time favorite ms bugs include (all fixed now):

IIS: Ability to view source of ASP pages by going to http://site/page.asp. (trailing dot). You could also do http://site/page.asp::$DATA I believe.

IE: Ability to run arbitrary code by sending a cookie with Javascript as the contents. The JS would get evaluated in the local security settings -- my god, why anyone would want to have a browser that runs the javascript contained inside cookies is beyond me. This one is really nasty, as for a while, any site that sent you a cookie could wipe your hard drive.

IE: Ability to auto run downloadable programs due to IE not properly checking content type headers.

Outlook: auto running attached files - about 20+ variations on this.

Outlook: displaying html mail leads to running code automatically - about 20+ variation on this as well.

Most of these can be summed up with "don't trust user input". Maybe perl -T might help. =)

Cheers,

Alex
--
Gossamer Threads Inc.

And you misunderstood my point sponge. I dont expect MS to tell me personally about every fix, or send me an update - my post is in reference to the office update facility that Microsoft provide as part of the ongoing security awareness. This facility excludes older version (pre-2000) and with no indication that such software is excluded from such a security/update scan. I know this based on trying to make such an update. And your bit about expecting a patch before knowing the problem is just nonsense. Blimy, I didn't suggest that at all!

~ ERASER

---

Free JavaScripts @ Insight Eye

ugh... maybe I should drop English as my primary language. what do you think?

--Philip
Links 2.0 moderator

Maybe I should unload XP and put Linux on this laptop!

Very informative Alex. I never realised you could see ASP contents that easily... yikes!

That one is about 2 years old, pretty rare to find IIS servers that still have that bug, but I've seen a couple (the code red virus caused a lot of servers to get updated).

Cheers,

Alex
--
Gossamer Threads Inc.

Yep, code red certainly did a lot of "good" in that sense as well.

If anyone has Windows (any version) and uses it on a somewhat professional basis, I would recommend that you subscribe to Microsoft's Technet. You'll get security warnings such as the one I received this morning:

http://www.microsoft.com/...ulletin/MS02-021.asp

Regarding Outlook allowing scripts to execute upon editing/replying/forwarding of malicious email.

again...

- wil