Q: What is SpamVampire?
A: SpamVampire is a spam abatement tool. It is an image rotator on steroids, basically downloading images from spamvertised websites repeatedly, running up the hosting costs of the spammer who owns the spamvertised domain.

Q: But why would you want to repeatedly download images from a spammer's website?
A: Doing so causes the costs associated with hosting that spamvertised website to increase. Most bandwidth consumers are subject to purchasing bandwidth on what is known as the 95/5 plan. This is the way most ISPs purchase their bandwidth and they pass the same scheme on to their customers. Read Item 4 on this page ... http://www.colomax.com/colocation/faq/billing.aspx

What this means is that to totally "hose" the economics of a web site customer who is on this plan, 37 hours of high bandwidth utilization will cause them to be billed as if the entire MONTH of 720 hours was used at this super-high rate. That immediately changes the entire economic outlook for anyone hosting a web site. Since it is probably possible to deliberately pull several hundred times more bandwidth than normal from a site, it is possible -- in less than just two days -- to cause the bandwidth charges for an entire MONTH of a 95/5 billed site to be several hundred times higher than usual. Since the ISP has to pay their peering partner for this usage, so does the ISP's customer.

Q: OK, so you increase the spammers' costs associated with sending spam to reduce the incentive to send the spam. But what do you hope to accomplish?
A: It is hoped (in a best-case scenario) that the spammers will get the message that their spam is unwanted by anyone, and they quit spamming. Being firmly grounded in reality, we all know this will most likely not occur. So, our next best scenario is that the spammers learn that there are certain domains protected by the SpamVampire, and spamming those domains is a negative-income endeavor. Thus, they will learn to avoid sending spam to those domains.

Q: So, does it work?
A: Indeed, it does. We have experienced a significant decrease in our rolling monthly spam receival rate.

Q: How do I put SpamVampire to work for me?
A: If you wish, you can run SpamVampire directly from the links above. It is highly recommended, however, that you grab the source code of the SpamVampire, edit the source code to reflect the spammers that are bothering you, and run it to increase the hosting costs of those spammers. SpamVampire runs just as well from your desktop as it does from a website, so even if you don't have a website, you can run it.

Q: How much data should I drain from a spamvertised website, in order to make the SpamVampire effective?
A: That depends upon how much bandwidth you wish to devote to abating spam... a good round number is 25 GB (GigaBytes) of data per spamvertised website per spam received. You can, of course, take more... but 25 GB is a good starting point. The more people who use the SpamVampire, the less data each person would need to drain, in order to make the SpamVampire effective for everyone. So, tell your friends about the SpamVampire!

There is one setting you should change if you want to run SpamVampire using Internet Explorer.
Go to Start » Settings » Control Panel » Internet Options » Advanced (tab) » Multimedia » "Play animations in web pages" (uncheck).

If you wish to run SpamVampire using Firefox, you should do the following:
Start Firefox » type "about:config" in the Address Bar » enter or change the following settings to what you see below:
browser.cache.disk.capacity | 0 (integer)
browser.cache.disk.enable | false (boolean)
browser.cache.memory.capacity | 0 (integer)
browser.cache.memory.enable | false (boolean)

For additional security when running either Internet Explorer (IE) or Firefox (or any other application accessing the internet, for that matter), if you are running as an Administrator in Windows XP (unless you've changed this, you are running as an Administrator), you should implement the DropMyRights program to lower the system permissions that the browser has:

1. Download the DropMyRights program and install it to 'C:\Program Files\DropMyRights\'.
   (It installs to a different directory by default, so be sure to specify this path.)
   
   
2. Create a shortcut icon on your desktop for IE. Rename it "SAFER Internet Explorer"
   
   
3. Right-click the icon, and select 'Properties'.
   
   
4. In the 'Target' line, add the following (including the quotes) in front of the existing text:
   "C:\Program Files\DropMyRights\DropMyRights.exe"
   
   So, the new 'Target' line (for IE) should read (including the quotes and the space between the two text blurbs):
   "C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Internet Explorer\iexplore.exe"
   
   Click the "Ok" button.
   
   
5. You'll probably notice that the icon is no longer showing correctly (since it is trying to pull the icon from the DropMyRights program now). Fix this by right-clicking the "SAFER Internet Explorer" shortcut icon, selecting "Properties", and clicking on the "Change Icon" button. Browse to the following:
   C:\Program Files\Internet Explorer\iexplore.exe
   and click the "Open" button, then click the "Ok" button.

For a detailed explanation of what this does, please see the link above. Quoting from that site:
"DropMyRights is a very simple application to help users who must run as an administrator run applications in a much safer context - that of a non-administrator. It does this by taking the current user's token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla's Firefox, Eudora, or Lotus Notes e-mail."

[ NOTE #1: There is a known memory leak in Firefox (prior to version 1.5), related to image loading. Because of this memory leak, you will have to shut down and reload the Firefox browser every few hours to keep it from taking all your memory. This appears to be fixed in version 1.5 of Firefox. ]

[ NOTE #2: If you experience high CPU usage while heavily using the alternate image loading mechanism (indicated by a light green image container), try disabling Remote Access Auto Connection Manager. For some reason, every time a new third level domain URL is created and accessed via SpamVampire, Process Explorer showed rasauto.dll, running under svchost.exe (as the Remote Access Auto Connection Manager) taking a lot of the CPU time. Disabling that service via Start » Settings » Control Panel » Administrative Tools » Services seems to have fixed it. If your WAN or LAN connections break as a result of disabling that service, set it back to Automatic and start the service. ]

First, change the TCPIP.SYS file so it allows more than the default 10 simultaneous connections. It is recommended to set this to 50 simultaneous connections.

You can change yours with a program located here:
http://www.lvllord.de/
The program is called "Patcher".

Make a copy of your original TCPIP.SYS file, renaming it to TCPIP.SYS_OLD. If anything goes wrong in changing the file, you can simply delete the changed file, rename the original file to its original name, reboot, and you're up and running again.

--------------------

Next, increase the number of simultaneous connections IE can handle. It is recommended to set these settings at 50.

1. Start the Registry Editor
2. Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings
3. Select New > DWORD Value from the Edit menu
4. Name the new value MaxConnectionsPer1_0Server
5. Right-click the MaxConnectionsPer1_0Server value and choose Modify
6. Under Base, click the radio button next to Decimal
7. In the Value Data: box enter the number of simultaneous connections you want to set, and click OK
8. Repeat steps 3 - 7 using the new value MaxConnectionsPerServer
9. Exit the registry editor
10. Reboot your computer

The SpamVampire uses cookies to save and set the state of the data-draining session. This allows you to quit data-draining, come back to it at a later time, and not have to start over at zero images and zero bytes.

The specific data saved in the cookie is as follows:

1. dSpeed - The throttle setting.
2. saveProgress - The state of the 'Stats' checkbox.
3. AutoUpdate - The state of the 'Auto-Update' checkbox.
4. ExpertMode - The state of the 'Expert Mode' checkbox.
5. LoadCounter - The counter added to the end of the image URL.
6. iBytes - The total number of bytes data-drained.
7. fSRunning - The total running time of all data-draining sessions.
8. iImagesLoaded - The total number of images loaded.
9. iImageLoadFailures - The total number of image load failures.
10. ThrottleRate - The image load timeout period used to bring the image loading rate to equal dSpeed.
11. imageAvg - The images / sec average.
12. bytesAvg - The average data rate.

The SpamVampire can be set up to auto-run and automatically exit on a schedule. Go here for the steps to do so.

The SpamVampire can auto-reload. This allows you to run SpamVampire 24/7 and it will automatically start data-draining newly added sites as they are added to the source code.

You can disable the auto-reload by unchecking the 'Auto-Update' checkbox in SpamVampire.

Fiddler is an HTTP Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP Traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler is designed to be much simpler than using NetMon or Achilles, and includes a simple but powerful JScript.NET event-based scripting subsystem.

Using Fiddler, you can dynamically rewrite the Referer header, inspect packets and do pretty much anything any other packet sniffer can do, and a lot more. This comes in handy when inspecting a spamvertised site, as well as when a site being data-drained is blocking or redirecting by Referer (keep in mind that you can also get around Referer blocking by running SpamVampire from your local computer, rather than from a website).

The specific Fiddler code to use for rewriting and / or removing Referer:
Under class Handlers:
public static RulesOption("Spoof Referer")
var m_RefererSpoof: boolean = false;

public static RulesOption("Strip Referer")
var m_RefererStrip: boolean = true;


Under static function OnBeforeRequest(oSession:Fiddler.Session)
if (m_RefererSpoof){
oSession.oRequest["Referer"] = oSession.host;
}

if (m_RefererStrip){
oSession.oRequest["Referer"] = "";
}

RefControl does the same as Fiddler above, without having to know any code. It can either block or rewrite the Referer, so spammers cannot block or redirect traffic based upon the Referer. RefControl is for Firefox only.

The spammers have escalated the situation once again, not only by refusing to remove email addresses of people who do not wish to receive their junk, but by blocking the IP addresses of those people from visiting their sites. Consider the insanity of spamming a person, while blocking that person from visiting the sites advertised via that spam.

Two programs are called for... one to find anonymous proxies, and one to utilize them.

To find anonymous proxies, there is Charon. To use the anonymous proxies, there is MultiProxy.

Charon will search for the proxies, test them for speed, content filtering and anonymity, filter out the proxies that are run by educational, law enforcement, government and military organizations, and list the remaining proxies. You then save that list to a text file, which you import into MultiProxy.

When using Charon, you can check that the proxies are actually loading in web pages like they are supposed to, by putting the URL of a spammer's web page into the 'Site Options' list, and grabbing a bit of text from that page for Charon to search for.

If you have a website, and want to set up your own IP address verification web page to use with Charon's ProxyJudge capabilities, you can't go wrong with AZenv. It's small and very light on server CPU resources, unlike ProxyJudge (which I had to remove from our server because it was maxing out the CPU).

Simply install AZenv per the instructions, then in Charon go to "Connect Options" >> Check "Use External Proxy Judge", and enter the URL to your AZenv.

1. AA419.ORG (LadVampire)
2. AA419.ORG (Mugu Marauder)
3. AB8 SpamVampire
4. AcmePrice SuperLeech (SpamVampire)
5. AFI Bandwidth Hog
6. All Things Inconsiderate SpamVampire
7. Artists Against Spammers (SpamVampire)
8. BlackVespers SpamVampire
9. BudgieSoft SpamVampire
10. ByTheDrop.com SpamVampire
11. Chez.com SpamVampire
12. Chris Granger's SpamVampire
13. Distributed SPAMvertised-Website Visiting (SpamVampire)
14. DJCF SpamVampire
15. Dracil Cegon's SpamVampire
16. Dr. Who SpamVampire
17. Evil Dragon SpamVampire
18. Falling Bullets SpamVampire
19. Firefox 'Reload Every' extension
20. FreeWebs WSXEDC SpamVampire
21. FriedSpam.net
22. Greg Padberg's SpamVampire
23. HealthSuite / MedicSuite Spammer Take-Down (SpamVampire)
24. Idle Threat Google search page SpamVampire
25. Ivanleo SpamVampire
26. Kwok SpamVampire
27. LimeLyte SpamVampire
28. MCraigWeaver SpamVampire
29. MyTempDir (SpamVampire)
30. Payola (SpamVampire)
31. PriceWrongPhoto (SpamVampire)
32. Spam and Scam Vampire
33. SpamDot
34. Spam Fryer by The Lumber Cartel
35. SpamKiller
36. Spam Research Tool (SpamVampire)
37. TheScamBaiter LadLeech
38. ThePediatric.net SpamVampire
39. Toni Kranjec's SLO Vampire
40. The vLeech (Flash-based Vampire)
41. William Keeley's SpammerSlapper

Simply enter the Second Level Domain (example: SpamSite.com) into the text box, and click the button.