A week or so ago, one of the lists on our server started receiving
bogus subscription requests (the list was open subscription, we're
running a slightly modified version of CREN's Listproc 7.2).
Looking at the Received: headers on the subscription requests, the
logs show a cluster of them being sent through one host within an hour
or so, then nothing for a while (maybe even a day), then another
cluster coming from another host. The person(s) doing this have used
quite a variety of hosts to pass the requests through. Sometimes the
address subscribed is invalid, sometimes it's not. The owner of the
list has heard from some of the people subscribed and it appears that
they're being added to lists on other servers too.
I had hoped that whomever was doing this maybe had some vendetta
against this particular list and this would just go away once the
owner changed to approved subscriptions. Unfortunately, I discovered
that a couple of other lists on our server are experiencing the same
I've been requesting log information from the administration of hosts
through which the forgeries are being sent. I've received three
responses, all saying it looks like the forgeries are being sent by a
valid user at their host.
I'm thinking that these forgeries may be being sent as a test for some
type of automated subscription bomb program, like the "flame thrower"
program somebody mentioned earlier. Is anyone experiencing the same
thing or know more about what's going on?