/*
* Cc'd to the postmasters of the sites being abused as a "heads up"
*
* Summary for them: a lot of forged subscribe messages for various
* users around the net have been issued using your sites as convenient
* staging posts due to the mail software you use. This is not intended
* as a flame at all, just as some information in case you were not aware.
*/
Here are the edited highlights of a selection of the forged subscription
messages I received, fortunately the majordomo-owner of mono.org has hacked
the code to include potentially useful information after the last round.
Thanks Dave!
The hosts malasada.lava.net and iquest.net seem to be implicated, but I
suspect that is merely because they are running versions of SMail that
don't appear to bother doing any checking on the name presented at the
initial SMTP HELO greeting, and thus cannot be traced any further.
Chris
------- Forwarded Messages
Header information below:
date : Sun, 3 Mar 96 15:43 EST
from : markoff <markoff@nyt.com>
from majordomo-owner@mono.org mon mar 4 11 : 43:12 1996
message-id : <m0ttKch-004XYHC@iquest.net>
received : from netmail.city.ac.uk (netmail.city.ac.uk [138.40.12.1]) by tachyo
n.mono.org (8.6.12/8.6.12) with ESMTP id LAA01596 for <majordomo@mono.org>; Mon
, 4 Mar 1996 11:43:07 GMT, from iquest.net (dorite1.iquest.net [206.27.192.75])
by netmail.city.ac.uk (/City/2.1) with SMTP id FAA12355 for <majordomo@mono.o
rg>; Mon, 4 Mar 1996 05:54:00 GMT, from nyt.com by iquest.net with smtp (Smail3
.1.29.1 #15) id m0ttKch-004XYHC; Sun, 3 Mar 96 15:43 EST
subject : subscribe
to : majordomo@mono.org
------- Message 2
Header information below:
date : Sun, 3 Mar 96 15:32 EST
from : mikenmaty <mikenmaty@aol.com>
from majordomo-owner@mono.org mon mar 4 11 : 43:34 1996
message-id : <m0ttKSG-004XW9C@iquest.net>
received : from netmail.city.ac.uk (netmail.city.ac.uk [138.40.12.1]) by tachyo
n.mono.org (8.6.12/8.6.12) with ESMTP id LAA01791 for <majordomo@mono.org>; Mon
, 4 Mar 1996 11:43:33 GMT, from iquest.net (dorite1.iquest.net [206.27.192.75])
by netmail.city.ac.uk (/City/2.1) with SMTP id FAA11811 for <majordomo@mono.o
rg>; Mon, 4 Mar 1996 05:22:49 GMT, from aol.com by iquest.net with smtp (Smail3
.1.29.1 #15) id m0ttKSG-004XW9C; Sun, 3 Mar 96 15:32 EST
subject : subscribe
to : majordomo@mono.org
------- Message 3
Header information below:
date : Sun, 3 Mar 96 15:05 WET
from : president <president@whitehouse.gov>
from majordomo-owner@mono.org mon mar 4 13 : 49:16 1996
message-id : <m0ttOip-000A6LC@malasada.lava.net>
received : from netmail.city.ac.uk (netmail.city.ac.uk [138.40.12.1]) by tachyo
n.mono.org (8.6.12/8.6.12) with ESMTP id NAA04908 for <majordomo@mono.org>; Mon
, 4 Mar 1996 13:49:16 GMT, from malasada.lava.net (root@malasada.lava.net [199.
222.42.2]) by netmail.city.ac.uk (/City/2.1) with SMTP id BAA07187 for <majord
omo@mono.org>; Mon, 4 Mar 1996 01:40:38 GMT, from whitehouse.gov by malasada.la
va.net with smtp (Smail3.1.28.1 #9) id m0ttOip-000A6LC; Sun, 3 Mar 96 15:05 WET
subject : subscribe
to : majordomo@mono.org
------- Message 4
Header information below:
date : Sun, 3 Mar 96 14:40 WET
from : gene <gene@aol.com>
from majordomo-owner@mono.org mon mar 4 13 : 49:24 1996
message-id : <m0ttOK7-000ABBC@malasada.lava.net>
received : from netmail.city.ac.uk (netmail.city.ac.uk [138.40.12.1]) by tachyo
n.mono.org (8.6.12/8.6.12) with ESMTP id NAA04940 for <majordomo@mono.org>; Mon
, 4 Mar 1996 13:49:24 GMT, from malasada.lava.net (root@malasada.lava.net [199.
222.42.2]) by netmail.city.ac.uk (/City/2.1) with SMTP id BAA06991 for <majord
omo@mono.org>; Mon, 4 Mar 1996 01:27:04 GMT, from aol.com by malasada.lava.net
with smtp (Smail3.1.28.1 #9) id m0ttOK7-000ABBC; Sun, 3 Mar 96 14:40 WET
subject : subscribe
to : majordomo@mono.org
------- End of Forwarded Messages
Follow-Ups:
|
|
