At 12:59 24/10/2003 +1300, Tikiri Wicks wrote:

This one is more alarming

Cloaked SPAM hosting via hijacked computers It's being sold by a Polish Hacker group http://www.wired.com/news/business/0,1367,60747,00.html

Hmm, Correct me if I'm wrong but isn't this idea just a reverse proxy farm ? Sounds like the author of the article doesn't understand round robin dns, expressing surprise that every time they checked the site the ip address was different...(well duh :) In other words said spammers host the actual site on a real server somewhere, use round robin dns with hundreds (?) of dns entries pointing to different hijacked computers, that then forward the requests to the real servers as a reverse proxy. Looks hard to trace back to the real server at first glance, but as far as I can see, all it would take is being able to get in contact with ONE of the hijacked machines owners, and setting up some kind of packet sniffing to see where the requests were forwarded to, and the cover of the "secret" backend server is blown. Or am I missing something ? Also, all you need to know is the address of a site that is being hosted in this fashion and you can *automatically* get a list of all the hijacked machines ip addresses simply by doing enough dns queries... Either way it doesn't seem quite as clever and unbreakable as they make out. Regards, Simon