
To Catch a Spammer - tehguy
http://blackhat.me/to-catch-a-spammer/
======
losvedir
Interesting, though I'm a bit confused: Does the "Supporting DOX" section
represent a bunch of actions the author doesn't spell out in detail?

It seems like a bunch of easy Google searches and whois looks-up, which I
followed along with ("Oh, sure, okay. Yep, easy, that makes sense.") And then
out of nowhere: Bank document? Passport?

~~~
kragniz
From the article, it would appear he found these images from a "Lativan photo
blogging site used by him". Why would he upload an image of his passport to a
photo blog?

~~~
davweb
It's possible he's using the photo sharing site along with Twitter or
something similar and doesn't realise that images attached to private message
are still become public.

------
markokocic
This whole story reads was interesting as a reminder of what public
information people leave on the internet unconsciously, and how to find it.
More interesting than most crime stories :)

And best of all, blog author didn't do any wrong, except maybe violating SOPA.
He just published information that is already publicly available all over the
internet, and thus can't be accused of harassment.

------
omgtehlion
> Lativa

First I thought it was a typo, but then this guy repeated more than 5 times.
Such ignorance...

------
soult
I have the same problem sometimes. I run a small wiki and wikis are pretty
popular with spammers since there are lots of abandoned wikis at well-ranking
domains that can easily be spammed.

I followed the links and they obviously didn't care much for their privacy
either. Using a combination of Whois and some private information database I
could easily figure out the people behind it, including lots of their private
information, pictures of them and their family members, etc. But now what?
They are operating from the United Kingdom and Poland and I have no idea how
to proceed.

Anybody who does this (chasing spammers) more often know what to do after you
have all their private information?

~~~
pronoiac
I help run a couple of wikis, and I think another reason they're a target is
that the available third-party Akismet plugin doesn't "close the loop" -
there's no "mark as spam" option to help fix the oversight.

------
TomGullen
I enjoyed the post in a pitchfork waving sort of way but I really don't think
publishing this guys full details and passport is fair game.

Xrumer spam is a huge problem for a lot of webmasters. It's the same level as
email spam, only the people that pay for it seem to kid themselves into
thinking it's not.

If you have a good quality site, play to your strengths. You don't need to
adopt junk techniques like Xrumer.

------
kristsk
Author's (maybe intentional?) misspelling of Latvia to "Lativa" makes me
cringe, badly.

------
kristofferR
This is stupid. Not only is publishing private info like this immoral
(probably even illegal, which comment-spamming isn't), way more immoral than
auto-posting some annoying comments, but it doesn't serve a purpose.

It may stop this guy, but it won't stop blackhat SEO. Blackhat SEO is done
because it works.

It's actually often a neccesity for small business owners who have to spend
their time running their small online store and supporting their customers
instead of writing a blog about their products that nobody but Google will
ever read.

This is a huge problem with the current Google algorithm - if information
isn't your business you shouldn't have to spend your days writing just to
please Google. Until Google somehow can determine not only what information is
best, but also which businesses, products and services are best, Blackhat SEO
will be rampant.

~~~
TomGullen
If small businesses are spending time writing articles that only Google will
read - they are doing it wrong.

I imagine the problem with most of these small struggling businesses isn't a
bias in Google's algorithm, but rather they have entered a highly saturated
market with a mundane/unmemorable/uncreative website that no one wants to
visit.

~~~
kristofferR
My point is that they shouldn't have to write articles at all if that's not
what their business is about. How good you are at writing (or how much you
have to spend on it) and how much you've written isn't a good indicator at all
for judging how good your product and customer service is. It's actually a
pretty horrible one.

The Google algorithm is heavily biased towards the big guys who can afford to
buy content, publicity and links. I'm obviously not talking about
content/information businesses (where content obviously should be king), I'm
talking about the small businesses who are creating small niche products.

There's only so much you can write about door stoppers for example until you
start repeating yourself. Then you're already in greyhat territory since
you're essensially spinning content. After a while you start realizing that
nobody is ever going to link to your articles about door stoppers, so you
start building links manually. Then you're already blackhat.

For a lot of small non-content businesses the choice is often between blackhat
or not making any money (from the internet at least). You can't blame them
from chosing the first option.

~~~
TomGullen
As the other commenter said, not making money isn't an excuse to start
spamming people. It's a greedy response, profiteering off dishonest practises
that waste other peoples time who have to spend time cleaning up all this
stuff.

Also if I want to buy door stoppers, I'd much rather Amazon came up in my
search than a small site I've never heard of which I'm far less likely to
spend money on. Trust is a big part of search results.

If a company tells me they can't outrank Amazon or some other big popular site
for door stoppers I would ask them why they are trying to sell the same door
stoppers as Amazon is, you're competing with a giant on a product no one will
want to buy from you. You need to offer something Amazon doesn't. Maybe this
is hand painted door stoppers, funny shaped ones, those are actual niches you
can profit off. Door stoppers shouldn't be considered a niche in my opinion,
it's far too broad.

In regards to the lazy trend of 'niche information sites' that have low
quality content and adverts to make money from, aimed to be the middle man
between a search and a product sale, these are the bottom of the barrel
websites and I hope every time I search in Google that these sites don't come
up. They also waste everyone's time, are extremely uncreative and are diluting
quality in the general web experience for everyone.

------
joshu
Where does one get xrumer? It would be interesting to analyze the data. Or is
that traded separately?

~~~
danneu
It's sold on its website.

------
ricardobeat
Almost couldn't finish :/

    
    
        L-A-T-V-I-A

------
tehguy
Interesting write up on a admin who tracked down a spammer and published there
details on the internet. Only if it was this easy all the time?

------
chris_gogreen
Good, that guy wasted your time, bandwidth, annoyed your real customers and
users. This amounts to money out of your pocket, it's only fair he see some
sort of money out of his, hopefully the release of his info will cause this.
But more likely you have trained him how not to get caught the second time
around. I doubt he will face any penalty, as he is in LATVIA!!! If you really
wanted to stop him you should board a plane and show up at his door.

