To start out the new year, at 9:00 AM, everybody in my Gmail contacts was treated to a nice spam from www.fly6688.com aka forestdj168.com. Sorry about that. You’re not the 1,000,000th visitor to the site, and no, you didn’t punch the monkey.
I couldn’t do any investigation because we were just about to get on a plane.
But last night at the hotel when I was browsing fly6688’s dvd players I managed to get this little treat:
I won’t be able to do any real testing to deconstruct how fly got my account until I return, or even look into this lame stack overflow.
Instead, I was wondering what is the current ethics regarding DOS-ing sites that highjack your email to spam your contacts? I’m not sure, but it seems reasonable to shut offenders down. Of course that’s just vigilante justice, but what are the legal alternatives?
For reference, here’s my favorite way we made up back in the day to craft requests which beat firewalls and trivially topple servers. I’m naming it in honor of the “Happiest Place on Earth” being also one of the most crowded.
They’re just legal requests, so FWs don’t block them. And unlike junior pingfloods of yore, it hardly takes any client side bandwidth to take down a reasonably large farm. Just find a large page and the watch the server’s memory fill up like a tick before falling over. Note: this is strictly for security research only. Strictly.
Greetings from Disneyland!
P.S. Thanks to everyone who wrote about our daughter’s health. Thank God she’s fine now.
Time to go meet Buzz in person.