Data Center operations mail list?

Thu Aug 13 00:36:24 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

De-lurking

Hi Rafael and everyone else :}( sorry the cross-post )

	You should really have captcha's configured for your mailman lists

	Some shady actors out there are using mailman lists to target certain
email addresses.  Its a pretty dumb attack, but its annoying :}

	The target will be hit by hundreds ( if not thousands ) of subscribe
confirmation requests.

	We changed to captcha's a month or more ago, we still get an average
of 300 od IP's trying to do this in period of a few hours.

	Keep an eye out in your logfiles for some of the strings below ( they
all seem to try to use the same password ), if you have any issues
with getting captcha's to work properly, drop me an email :}

	Below is an sanitised ( list name and target) entry from the Apache
logs ( the IP is real, screw em :} )

64.234.104.150 - - [13/Aug/2015:08:15:54 +0800] "GET
/mailman/subscribe/<<Sanitised list name >>?email=<< Sanitised_TARGET
>> @YAHOO.COM&fullname=&pw=123456789&pw-conf=123456789&language=en&diges
t=0&email-button=Subscribe
HTTP/1.1"
>> 
301 801 "http://tools.vietche.biz/Boom/" "Mozilla/5.0
(Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0"

	
	Regards

	Phill Twiss


On 13/08/2015 4:19 AM, Rafael Possamai wrote:
> Robert, the first few people who expressed interested were
> subscribed manually. Everyone else has been using the list website
> to subscribe! There should have been a message sent out with the
> subscription email explaining it :)
> 
> 
> 
> On Wed, Aug 12, 2015 at 10:28 AM, Robert Webb <rwebb at ropeguru.com>
> wrote:
> 
>> Interesting... I just went to the web site to subscribe and I
>> received an email that I was already subscribed.
>> 
>> I don't remember doing that... So how did this happen??
>> 
>> Robert
>> 
>> 
>> On Wed, 12 Aug 2015 07:33:05 -0500 Rafael Possamai
>> <rafael at gav.ufsc.br> wrote:
>> 
>>> I was actually surprised with how many people subscribed
>>> already. I think we are close to 100 already in less than 24
>>> hours.
>>> 
>>> I could use some help drafting some basic mailing list rules
>>> (no spam, no soliciting, etc) and if anyone has any
>>> suggestions, please let me know.
>>> 
>>> 
>>> On Wed, Aug 12, 2015 at 1:34 AM, Mark Tinka
>>> <mark.tinka at seacom.mu> wrote:
>>> 
>>> 
>>>> On 11/Aug/15 17:46, Alex Brooks wrote:
>>>>> With the lack of interest compared to NANOG (especially
>>>>> seeing how the old list simply dried up) it might be best
>>>>> making the list global rather than North America only to
>>>>> get the traffic levels up a bit.
>>>> 
>>>> Tend to agree that a list with global scope might be more
>>>> useful.
>>>> 
>>>> Mark.
>>>> 
>>>> 
>> 
>> 
> 

- -- 
Phill Twiss | IT Manager | Consultant Software Engineer
Data Analysis Australia Pty Ltd | STRATEGIC INFORMATION CONSULTANTS
97 Broadway, Nedlands, Western Australia, 6009 | PO Box 3258, Broadway
Nedlands, WA, 6009
T: +61 8 9468 2523 (Direct) | +61 8 9468 2533 or +61 8 9386 3304
(Reception)
F: +61 8 9386 3202 | E: phill at daa.com.au <mailto:phill at daa.com.au> | I:
http://www.daa.com.au <http://www.daa.com.au/>
This e-mail message and its attachments are privileged and confidential.
If you are not the intended recipient, please delete the message and
notify the sender.
While every care is taken, it is recommended that you scan any
attachments for viruses.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVy+aHAAoJEGwAYdQtPZ9OLAwP/0/9A1zyYpFNDzIr4uHbPfcW
C0qJK+65xuKdoQ6nGV0bm7g8Ve82+YQta90LNggm6ncl9hKH5G6fShF+e09h54FJ
o+iDBAgOyhk1HjsGw7/fVMpVm9CILgjSV1tgA/HM66YGIOglslv8B10UBT9CJELD
JZ0Bzo3OPkTOUA/+casK3ydUn1Dpuaol4/i5iR/G7Td+F0oY3qyiXDUXVjMaN4MX
XzTRi6Luf+tS/agwnPYpX96vZ17xRn5/OVHwUSjTsnPQTUTuyTKm+S9rvuUBIawQ
qAv9sdyAVEH6IbdpQfv7hzmlm8Qj29VlyfT9Em6WEpBcDCph5GcFewEXLu4gajUI
dlj1n20W7NDb/bPnFUkgH0Nx6ZYV6mn9HzE29L2vnQWYN/EMdc3q5s7P1JYOe0u2
7e9xB6W0ZINPEVh4XS6HYtolYdXxD2oGRKi1suAXwUtO8gtBxonvGE5T7KbtM2WG
XSzR61dMZdBcBXGMSQvdU3nPgddbiV39tSwq7XhnPbu+JH0HjVYXM+CsP9hvT2zl
dKKDa7CTmjHH6yr1jlMDUP92i9OOMXVSW4l8pVFBKBJRduqGZiSArSMYpY1ADjID
iIO7qw2bCdClNiWaQ1JrdaZnKZQZ8nk2G679GY7XNUm9dxz8WBvErmWMzWp/xxwQ
a/7piwQb0C5+7jblAB23
=anjV
-----END PGP SIGNATURE-----