
How I got tech support scammers infected with Locky - semanser
https://blog.kwiatkowski.fr/?q=en%2Fnode%2F30
======
justicerage
Hey everyone, blog owner here. It's hosted in my cupboard and the HN/Reddit
traffic is killing my bandwidth :) Here are some alternate links if the site
is down:

[https://archive.is/NRcnQ](https://archive.is/NRcnQ)
[https://i.imgur.com/NR6pvkn.png](https://i.imgur.com/NR6pvkn.png)
[http://webcache.googleusercontent.com/search?q=cache:https:/...](http://webcache.googleusercontent.com/search?q=cache:https://blog.kwiatkowski.fr/%3Fq%3Den/node/30&num=1&strip=1&vwsrc=0)

~~~
nalllar
I use "cupboard hosting" too, but behind cloudflare free tier with aggressive
caching.

~~~
justicerage
I do not condone of Cloudflare and their way of making life impossible for Tor
users.

~~~
toomuchtodo
Consider running Varnish on a Digital Ocean node, pointing at your cupboard
origin.

~~~
justicerage
That's a great suggestion. I'll definitely set this up.

~~~
nalllar
I suggested a free caching solution specifically because you are using
"cupboard hosting". This usually means you're trying to keep costs as low as
possible.

You can whitelist TOR users on cloudflare by setting up a rule for it, it's
quite easy to do.

Of course, you're free to choose not to support them/use their product as the
default behaviour is to aggressively shove captchas ato TOR users.

------
th0ma5
While I personally agree with your actions, I do wonder if it really is
ethical to hack them back. Anyway, thanks, the more awareness of this BS, the
better.

~~~
mannykannot
I am interested in what the ethical argument against hacking them back is,
unless it is simply 'hacking someone is on the list of things that are bad.'
My attitude is basically one of 'implicit consent' \- if you have done
something bad, you have given implicit consent for something similar to be
done to you. I like the symmetry, as it simplifies the argument, just as the
Golden Rule does.

~~~
scarmig
Ethical argument against it: these companies are deeply unethical actors. The
necessary and sufficient condition for their existence is their ability to
take advantage of the gullible. But there is not and never will be the ability
to swamp the gullibles' time with the time of highly paid professionals
volunteering to troll. So it's really just a petty attempt to score internet
points while not improving anything and selling/promoting an assumed moral
high ground. I'm pretty sure that a majority of these moral attempts at
trollsling end up being posted as a blog post, which itself is indicative of
the real motivation.

One might compare it to a school encouraging an environment where a heinous
bully can do something really bad, and then an internet mob retaliates by
making the bully's life a living hell. Yeah, you're hurting someone bad, but
don't pretend it's motivated by trying to improve the world.

~~~
justicerage
I think intent is irrelevant here. I did it in the spur of the moment, because
it was funny and because in my eyes they deserve it - it's not like it was a
premeditated attempt in the hopes of writing a blog post.

In any case, I think acts are best judged based on their impact of the world,
and not on random people's understanding of why they were performed. Here, we
have (possibly) one less scammer on the job today, and more importantly, maybe
a dozen or so new people who thought this was a good idea and will in turn try
to make scammers' lives harder.

So what if there'll never be enough people to totally wreck their business
model? I think the world is a little bit better now, and that's good enough
for me. Even if I had done it all just for a minute of fame, I don't think
that would matter and/or change any of this.

------
knodi123
mirror, anyone?

~~~
awqrre
[http://archive.is/NRcnQ](http://archive.is/NRcnQ)

