[clug] Re: Killing SPAMER/lurker - been there, want to do that...
Kim Holburn
kim.holburn at nicta.com.au
Fri Apr 21 02:15:28 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Paul,
After a couple of false starts I sent an individual email to everyone
on the list (including digest readers which I see in hindsight was
unnecessesary (sorry guys)) with their individual email address in
the subject line. This worked, bingo I got the spammer's address.
Yes, I talked to someone who administers the debian lists and he
recognised the name petsupermarket straight away. Their problem ie
their membership numbers are much larger than ours though. Your
solutions 2 and 3 were nice but I went for the blanket approach which
was much less work for me and more hassle for everyone else (sorry).
The address was removed yesterday although may have been added back
(I guess this post will test that!!!) maybe we should keep logs of
member lists so we can narrow this down if it happens again!!!
The address was found on other samba lists which have also suffered
from this problem.
Kim
On 2006 Apr 21, at 11:23 AM, Paul Wayper wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> steve jenkin wrote:
>> Could we collectively apply ourselves to solving this problem - for
>> these guys and for any future spamers?
Yes
> I hate to say this, but I posted a/my solution to this to Tim
> Potter and
> another guy who runs the Debian development lists (who have the
> same problem)
> a while back now. It was:
>
> 1) petsupermarket is not on the list; so mail to the list must be
> forwarded to
> it by another address. It's reasonable to assume that no person
> that has
> posted to the list (excluding spammers) is doing this forwarding.
>
> 2) So I went through the entire logs of the list and collected
> every address
> that had sent at least two messages to the list. I then removed
> duplicates
> (and any obvious spammer addresses) from this list. This gives us
> a list of
> 'known good' addresses, which I forwarded to Tim.
>
> 3) Only they have access to the full subscriber list. Subtract the
> known good
> list from the address list and you have the people who haven't
> posted at least
> twice to the list - a list of addresses that are potentially
> forwarding mail
> to petsupermarket.
>
> 4) The mail people get back from petsupermarket includes the
> subject line of
> the message you sent. Therefore, all you have to do is send each
> of the
> suspect addresses an email with an individual subject line - e.g. a
> unique
> identifier like a 32-bit number. Store identifiers keyed to email
> addresses
> in a separate file, and when you get your bounce, the subject line
> will tell
> you which email address it was forwarded from. I also supplied Tim
> et al with
> a program that I'd tested that would do just this.
>
> 5) I'm quite willing to do step 4 myself from my own account, but I
> do not
> have the one thing that I need to do this all myself: the list of
> subscribers.
> If someone trusts me enough to forward me this, I will do the
> whole thing
> myself and report back to everyone.
>
> I'm a little disappointed that (what I see as) the solution to this
> problem
> has been in the hands of the people who can actually do something
> about it,
> and nothing has actually been done. I've also made the offer in
> item 5
> before, too.
The list of subscribers is available to all list members. I just did
it as a list member and because I hate spammers... mumble mumble
mumble....
Maybe the list admins have lots of other things to do and let the
situation stand but I didn't like it. Sometimes we all may have to
work together to act in these things, not wait for someone else to do
it!!!!
> Have fun,
>
> Paul
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFESDQmu7W0U8VsXYIRAsW/AKDCkiwn5tpCuW1+PRzSOOQ+CrNtIwCfaFdK
> xy3Wv2VyvoJrvnHidIzFub0=
> =kfJI
> -----END PGP SIGNATURE-----
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
- --
Kim Holburn
Security Manager, National ICT Australia Ltd.
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121
mailto:kim.holburn at nicta.com.au aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/
datefmt.htm
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFESEBF38zqvCNRL3YRAvr6AKCwk5WgOyhI+PDowWWKxUtrATXJqgCgxfJ1
/LlRJFNeWRmJt3g5h8JafjE=
=tTw8
-----END PGP SIGNATURE-----
More information about the linux
mailing list