Why not redirect to 127.0.0.1 or localhost?

GeorgeGG

GeorgeGG:

Since scumware firms are taking money out of our pockets by hijacking our traffic, I think it is our duty to return the favor by having bad bots eat up their bandwidth.

Ted

It seems like a way to kill two birds with one stone

Get it now.

Georgegg

I was thinking about someone running a script on a ISP
to hit your site and redirect it to the localhost so
they might try to find out who has a runaway script :)

<snip>Just wondering if it is feasible to redirect</snip>

Have you both read and would it abide by the "Terms of Use" for both your website host/server and your internet provider?

It doesn't seem like a cure to me personally. Because it doesn't solve anything. It just attempts to perpetuate the problem and make somebody else upset or even worse, vindictive :(

wilderness:

As far as I know there are no rules against sending someone traffic. This would not be spreading a virus or starting a DOS attack which would clearly be TOS violations.

But you are right. Proceeding with such a plan would only bring me down to their level. Thanks for putting things in perspective and reminding me to beat 'em playing by the rules. There really is more satisfaction that way.

Ted

<snip>As far as I know there are no rules<snip/>

Ted
At times it's quite odd how a provider or host might interpet their own "Terms of Use Agreemnts."

For a couple of years I had a verly reliable internet provider in a very rural area. I decided to give mail washer a go in an attempt to not see all the spam coming on from many places. The documentation from mw failed to state that mails rejected under SMTP accounts were associated with your main IP account. When I began MW'ing (bouncing) spam my internet provider contacted me and told me I was spamming :) Since I had spoken the technician at some length previously, I contacted him. Eventually the IP added MW to their local software downloads. However I still could not use it on my SMTP acconts.

A web host could possibly interpet directed redirected traffic as spam as well.

Don

I like the concept, but I think in practice, there are a couple of grey areas.

I do HALF of the above... take the incoming traffic are redirect.... but to nothing. So they listen (and wait) for 20 seconds for an answer, and nothing comes.... then they move on. Twenty seconds isn't much, but it slows them down a little!

There is something that will slow them down more, but it looked a little complicated to set up. I think it is called Labreat::Tarpit. Basically, it replies to the spammer with an ACK, and a wait a second. Keeps the guy on the line for hours! But- obviously- it takes some of your CPU cycles. But a great idea!

I would just forward you baddies to a black hole and be done with them.

dave

I wrote a small cgi program to grab email addresses out of a file and dump them to the spammer. i use it in 2 ways.

odd UA's that arent what i consider normal (still building that idea) get the email addresses as html comments as part of my incoming pages. it doesnt show on the page but does in the source as comments. regular users wont see them unless they view the page source. i include a little message about what it is just incase. as i build a list of regular UA's i feel are valid users those users stop getting the addresses.

also, when anything trips my spam trap it displays them at that point too, and also on my 403 page.

i also have a few set abuse addresses that it displays at the top along with a portion of code i grabbed (probably from here somewhere) that hunts down the spammer's addresses and abuse addresses from their isp then displays those.

The file of email addresses i fill with addresses from spam i have received. i have about 150 of them in there. particularly those (nigerian et al) multi-million dollar wire transfer requests.

i am not sure if this does any good but figure i would give it a shot anyway for a while.

I personally want to know what makes you qualified to determine which services are ethical and which are not.

Bad bots, I just send them to a directory on my server with a text html file so I don't pay for the bandwidth. The html file just says No Entry. I guess though you could take an html file like that and just put links on it to all the sites you wanted to redirect to. Then YOU would not be redirecting them and if they follow the links, well nothing you can do about that.

You could do what Brett does here. It caught me out once, I was looking at someones profile and my machine name was the reply to address. I wrote a concerned sticky and was told about the periodical times the visitors isp abuse address is returned so they end up spamming themselves.

I believe it has worked quite well.

cheers

<snip>I personally want to know what makes you qualified</snip>

pctech
Your inquiry was not to me. However :)
Perhaps your etical standards are not as narrow as others?
I don't mean that bad in ANY way rather, do you percieve that ethics should be compliant with a governing body?

IMO, any visitor who violates my TOS (whether they have taken the time to read it or are even aware of its existence) are unethical, malicious, intruders and quite a few other names.

However past experience has shown (when corresponding with back bones) that they (backbones) don't accept violation of a webmasters TOS and the backbones own Terms Of Use as either unethical or malacious.
A few of these extensive correspondence with back bones has taught me very fast that the person I email with has neither the experience or perception to interpete traffic in visitor logs. (In most instances.)

Don

Well, I was really referring to the posts originator's comment calling Kazaa unethical, to which I greatly disagree. I look at the outrageous prices of CD's (compared to what theyre worth)that contain few good songs, that get producers rich (while in 95% of the cases the artists get little to nothing) as unethical and kazaa simply retrobution for years of raping consumers. Besides, no one cried for all the IT guys when the stock market came crashing down and the tech sector crumbled and we all had to look for new jobs amidst layoffs and downsizing. So they want me to cry about them going from making more in a year than any of us will make in our lives to actually making a normal salary? I think not...
As for your question about reposting TOS...I dont think the ISP should be involved. You should have the ability to block troublemakers. In the case where they are disrupting the network of the ISP (in the case of this posts originator where you are bouncing traffic needlessly back across the internet) I can see it, but if they are just not posting to topic or whatever, you can remove their membership or block their IP. But, yes, if they violate the TOS, whether aware of it or not, they should be accountable, but in most cases, other than disrupting network traffic, i think the ISP should not be involved.

I think nativenewyorker meant their spyware.

Craig

I use different redirects. To banned IP's I simply serve a 403. To email harvesters, I re-direct via a spider trap to a long list of email addresses of people I can't stand (known spammers and those who have done me dirty), and to would-be formmail hijackers I log their info into a datafile and send them to a reverse DNS lookup page to display their own information to them via an auto-propogated query.

<snip>i think the ISP should not be involved</snip>

I'm not attempting to dispute what works for you.
Only attempting to offer some "food for thought"

I've a visitor enters my/your site and acts malicious in what ever way that may be percieved.
The visit violates the sites TOS.
The webmaster does a WHOIS on the IP.
Gathers both the IP and the backbone.
Takes further effort to determine URL, then visits both IP and Backbone websites reading their User agreements, then follows both the IP's and the Backbones accepted method of submitting violations?
Hasn't the webmaster gone above and beyond the call?

For this effort the webmaster in generally rewarded in three ways :(
The first is an automated response from the backbone.
The second is that NOTHING is done to inform the webmaster of enforcement of either the IP or Backbones "Terms."
And finally unless some corrective action is taking? The malicious visitor returns because neither his IP or backone have informed the user that he cannot irresponsibly traverse the internet doing as he pleases :(

Why shouldn't both Internet Providers and Back Bone providers to Internet providers have the morality to enforce their own User Agreements?

"It's not their content" is the reason. And non-compliane of violations of user agreements promote band-width which is what most backbones are in business for.

Don

and to would-be formmail hijackers I log their info into a datafile and send them to a reverse DNS lookup page to display their own information to them via an auto-propogated query.

Does anyone redirect them to [ftc.gov...] and let the FTC deal with it?

pctechguy said:

what makes you qualified to determine which services are ethical and which are not.

and

I was really referring to the posts originator's comment

If you read the title of the discussion, you will realize that I am referring to scumware. The money made by record producers, artists, distributors, etc is not my concern. As a webmaster, it concerns me what software out there steals my traffic. As a webmaster, that gives me the right to call whatever software out there that steals traffic from me unethical.

If you disagree with me, then please add links to Kazaa, Ezula and Gator from your website to enhance your visitors' experiences.

Ted

Does anyone redirect them to [ftc.gov...] and let the FTC deal with it?

The bigger question is, would the FTC do anything? With all the anti-spam and scumware hooplah I have yet to see any agency do anything that had substantial impact on the persistent day-to-day problems we are faced with. Most do nothing. That pretty much leaves webmasters to figure out their own ways to deal with situations as they arise.

While we may not agree on the manner that we deal with these obnoxious intruders, I believe we would probably agree we can't trust that someone else (i.e. an agency or ISP) will handle it for us.