> > Any opinions on the policy of carrying out sign-off requests that
> > are sent to mailing lists?
>
> Given that all my lists include instructions for leaving at the bottom of
> every posting that goes out over them, I generally ignore them. But in the
> case you describe I'd certainly encourage a list admin to do the right thing
> and honor the requests, however misdirected -- the admin is at least partially
> at fault for leaving their list open to this kind of abuse in the first place.
>
> > Any thoughts about the best way for a list administrator to reduce or
> > avoid such situations [...?]
>
> Force confirmation on all subscription requests. The current version of
> majordomo makes this easy; I assume other list packages do as well.
Given the fact that the subscription attacks we are experiencing right now
take different forms, it is not as easy as that (although it helps):
1. I have several cases where the account of a user was violated overnight
(bad choice of password?) and the hackers subscribed the user from his/her
OWN account to thousands of lists.
2. The subscription address that is forged is not always the same as the
From: address of the user. It might be an alias, there might be some
extra machine names inbetween, that do not influence the delivery of the
e-mail but do make the sign off very difficult for the ordinary user.
3. There is a shift now from just subscribing to subscription AND requesting
all kinds of help-files, archives, welcome messages, information on
lists, etc. Although the subscription itself is not carried out, the
user still has hundreds to thousands of mail messages to wade through.
So, subscription requests is one, active monitoring of the traffic for the
list itself and the listserver, majordomo or other processor is another,
if necessary followed by more extensive filtering. I scan the ENTIRE e-mail
messages now automatically for dangerous addresses/domains and for typical
wording of users that want off the list asap. All end up in my personal e-mail
box, so I can take care of it immediately if necessary.
I found out that the worst thing that can happen is that hackers are able
to affect the actual discussions on the list (directly by spam messages
or indirectly by users screaming to be taken off the list). So if taking
off users that have unwillingly be subscribed to lots of lists (some of them
have been subscribed to hundreds -- think about the time to personally sign
off to all of them) helps to reduce the unwanted postings to the list,
just do it.
A last tip that might be useful (it helped me) is to make a copy of the
subscriber file every day or every few days (depending on the frequency
of changes) and display the differences between the current file and
the last one saved (i.e. with diff on a Unix system) and look for strange
additions.
Kind regards,
Alexander Verbraeck
List Manager BPR-L, DYNMOD-L
-----------------------------------------------------------------
Dr. Alexander Verbraeck Delft University of Technology
Department of Systems Engineering, Policy Analysis and Management
Jaffalaan 5 P.O. Box 5015, 2600 GA Delft The Netherlands
Tel: +31 15 2783805 Secr: +31 15 2788380 Fax: +31 15 2783429
e-mail: A.Verbraeck@sepa.tudelft.nl List manager BPR-L, DYNMOD-L
http://www.sepa.tudelft.nl/~alexandv/ See also ..../bpr-l.html
-----------------------------------------------------------------
References:
|
|
