At 8:24 PM -0800 3/21/97, Ken Parker wrote:
> I'm not sure WHAT'S going on! I've been recently getting some
>people from AOL who have been acting rather abusive in their
>attempts to leave my list: One sending a post to the list with
>"REMOVE, REMOVE, REMOVE!!!" in the body.
Oh, yeah. There's a lot of spam going down, and a lot of users,
including many AOL users, being forged onto list. Not all of those
users react rationally. At one level I understand -- if you suddenly
appear on 100 mail lists, you might not react rationally, either, but
they hurt their own purposes.
Especially with the abusive ones, I send them a note on how to do this
right, and Cc: the AOL postmasters. Many times I get abuse back, but
then, since most spamm-ees are folks who p*ss someone off on usenet,
another mail list or IRC or some other chat, you don't get many polite
spammees in the first place...
I've had a bunch of activity today coming from tesser.com and
iglou.com. Fortunately, the tesser.com one was DNS trackable back to a
PPP dialup port, so I've sent a note to the postmaster there, because
he can find out who was logged on at the time. The stuff coming from
iglou.com was clearly the same guy, so he's playing from multiple
accounts. I also had some lesser spam from nlights.net.
I'm still looking for a clean way to put a procmail filter in front of
my server and trap this until I can get majordomo up and upgrade all my
stuff. thought I had one today, but it didn't quite work. It's
unfortunately tough without just wiring in known sites, and those
change constantly.
Out there, somewhere, are scripts that these brownshirts are using to
do this. Someone's put together some tools, and others are just using
them -- the attack mode on my site is too similar for different people
to be doing the same thing (among other things, same pattern of lists;
they don't use all, but they all tend ot use the same subset of lists
on my site, more or less based on when they last looked at my site and
grabbed a site listing...). Some of the comment field stuff is also
fairly standard (but not standard enough to trap by.
If this current rate of this stuff keeps up (I'm seeing a spike the
last couple of days), I'm probably going to put in a kicker that'll
stop the spammers, which I won't mention because I don't want them to
know what I've got planned and I assume they're listening... (hi,
guys... how's the wife and kids? Oh, yeah, spammers have no life...). I
haven't to date because it'll cause some user inconvenience....
sigh. With any luck, I have enough info to nail that one twit on
tesser, and the postmaster will nail him to a wall for me. If so,
that'll be #6 in the last year.
--
Chuq Von Rospach (chuq@apple.com) Apple IS&T Mail List Gnome
<http://www.solutions.apple.com/>
Plaidworks Consulting (chuqui@plaidworks.com) <http://www.plaidworks.com/>
(<http://www.plaidworks.com/hockey/> +-+ The home for Hockey on the net)
References:
|
|
