On Sun, 1 Apr 2001, Susan Minaker wrote:
> Date: Sun, 1 Apr 2001 08:12:25 -0700
> From: Susan Minaker <minaker@vcn.bc.ca>
> To: majordomo-users@GreatCircle.COM
> Subject: which
>
> Hi all. I have several lists on a server, and I want people to be able
> to get a list of which lists they are subscribed to, without being able
> to see who else is subscribed. Is this possible to set up?
>
> Thanks, Sue
There is a gaping hole in Majordomo "which" command, which spammers can
easily exploit to harvest all email addresses in all mailing lists
that have which_access set to open.
If you are not running Majordomo 1.94.5, upgrade. It fixes many bugs in
the previous versions, but not the which hole. Apply the following
patch to close the which hole:
ftp://ftp.ccsf.org/majordomo-patches/1.94.5/majordomo.1
for added security set the which_access in your lists to list, rather that
open:
which_access = list
Regards,
Joe
--
_/ _/_/_/ _/ ____________ __o
_/ _/ _/ _/ ______________ _-\<,_
_/ _/ _/_/_/ _/ _/ ......(_)/ (_)
_/_/ oe _/ _/. _/_/ ah jjah@cloud.ccsf.cc.ca.us
Follow-Ups:
-
Re: which
From: Susan Minaker <minaker@vcn.bc.ca>
-
RE: which
From: "David B. Thompson" <r1100ra@home.com>
References:
-
which
From: Susan Minaker <minaker@vcn.bc.ca>
|
|
