Hi All,
I've not posted here in quite a while. I'm coming out of a light-lurk mode
to ask for some help.
Assistance on some investigation, prevention, retribution and such. The fine
post-master at Univ. of Pittsburgh (happens to be a local guy too) did a
good amount of investigationon this matter when it happened a few weeks ago.
Same actions are being repeated again, it seems. Then, a number of rounds of
hundreds of messages went out. Reasons are unknown to me.
The only silver-lining and irony in this all -- at least I'm in good company
-- with Berkley, Oregon and then comes the one-man, hobby, advocate,
SportSurf.Net. :)
Well, thanks for any Hand-Holding as to how to understand what is going on
here. I don't have a real "emergency action plan" for what to do, what to
check, what to disable, and how -- and how to further investigate so as
elimintate these type of PUSS-HEAD actions from hitting the net again.
Since the action -- starting again on Friday night after 9 pm eastern USA
time. I took out my cgi-bin folder on the web site -- and I changed the
majordomo entry in the aliases file. That is how I caught this message to my
list-clerk address. I didn't catch those entries the last time -- only saw
log files -- and the aftermath. So, what is the best way to log as well.
Tips and long-winded advice welcomed....
Mark Rauterkus
List-Clerk@SportSurf.Net
MRauterkus@SportSurf.Net
Details in snips below ------
This is the header for a BAD, BAD Boy Message that was attempted to POUND my
majordomo server.
-------
Received: from MAIL2 (dns2.cvtci.com.ar [24.232.0.18]) by sportsurf.net
(8.8.5) id JAA12281; Sun, 9 Jan 2000 09:39:49 -0700 (MST)
Received: from huiyang - 207.59.71.188 by cvtci.com.ar with Microsoft
SMTPSVC;
Sun, 9 Jan 2000 13:38:33 -0300
From: "chacabuconews@hotmail.com" <chacabuconews@hotmail.com>
To: major <majordomo@lists.uoregon.edu>, major <Majordomo@clas.ufl.edu>,
major <Majordomo@uclink4.Berkeley.EDU>,
major <Majordomo@list.pitt.edu>, major <Majordomo@SportSurf.Net>
Date: Sun, 09 Jan 2000 16:41:56 "GMT"
X-MSMail-Priority: Normal
X-mailer: AspMail 3.03 (SMTP98F9DD)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <0bc813338160910MAIL2@cvtci.com.ar>
X-UIDL: 854600eba7656062cc689dc21d2635f6
---- end header snip
--- snip of HEADER #2 showing differences from above only ---
From: "gerencia@copel.com.ar" <gerencia@copel.com.ar>
Message-ID: <0c0161841160910MAIL2@cvtci.com.ar>
X-UIDL: 85fdc389fd0ac31136cb7ef52bdcb1a0
---- End snip of header #2 ----
The message had one-email with about 500 lines of subcribe messages. Here is
just a part of it.
-- snip of body ---
subscribe 11amhc102
subscribe 121wall1
subscribe 121wall2
subscribe 121wall3
subscribe 121wall4
subscribe 173discussion
subscribe 1999fig12
subscribe 2000
subscribe 201tutorial
subscribe 220str
subscribe 275teach
subscribe 2pmhc102
subscribe 317list
subscribe 399me
subscribe 635
subscribe 98fig4
subscribe 98grads
subscribe 9amhc102
subscribe aaascommunity
subscribe aagsofficers
subscribe acm-catdept
subscribe actingi
end snip ---- It continued. The subscribe listnames are from out of
nowwhere...
Thanks in advance!
Mark R.
mrauterkus@sportsurf.net
|
|
