[sf-lug] MEGA Invitation

[Rick Moen]

Quoting Jim Stockford (jim at well.com):

>     I see that I've just gotten an invitation to
> MEGA.nz from JasonEdwardKirk, too.

I don't know what 'gotten' means in this context, as you have provided
none of the necessary details, e.g. no header information.

>     My guess is that Jason had nothing to do with the invitation either.

Your guess is mistaken.

mega.nz appears to be one of those sites very like LinkedIn in the sense
of conning its users into permitting it to mass-send 'invite' notices on
behalf of the user to everyone in the user's local address book or past
recipients (sometimes harvested via MAPI calls, or some similar means).
This is a frequent ploy by social-networking sites to leverage users to
build a larger userbase, and is one of the more obnoxious trends in
Internet marketing over the last decade or so.

> He subscribes to this list, so I imagine he'll pipe up.

Typically, the users who get fooled in this fashion had no clear idea
what was going to happen when they said 'yes' to a Web site prompt that
looked innocuous, and are usually a good bit embarrassed and don't care
to talk about it much.  Invariably, they are a pretty poor source of
details, because they're a little unclear on what happened, and didn't
really follow what occurred.



>     Lately we've been getting spam from various names @linuxmafia.com.

I'm sorry, but who is 'we'?  And _what_ spam?  And have you looked at the
headers to make sure it _actually_ arrived from linuxmafia.com, i.e.,
from IP address 198.144.195.186, as opposed to having forged headers?

Please send me copies with full headers, without delay.  (Please do not
send copies with truncated headers, as commonly displayed by e-mail
programs to users, as that is useless for investigation.)

If you believe yourself (or 'we') to have been 'getting spam from
various names @linuxmafia.com', why is this the first time you've
mentioned this?  This should be immediately brought to the host owner's
attention immediately, if you are serious and not just talking about
forgeries.

In my experience, many such claims are made by people who do not look at
headers, do not understand how to interpret them, and cannot distinguish
forged from non-forged mail.

Also, I will note in passing that you as listadmin receive large numbers
of held-mail advisories from Mailman, and this includes a large number
of spams that make it past the MTA and lodge in the Mailman admin queue:
This is normal and does not mean you are 'getting spam from 
linuxmafia.com', if that's what you're thinking of.  That is an inherent
part of what you signed up for when you asked me to host
sf-lug at linuxmafia.com and agreed to handle listadmin duty.  It comes
with the job.



> Is it possible that the linuxmafia box is exposed or that someone's
> capturing streaming in and out of that host?

This question is so incredibly vague that it's pretty much impossible to
answer without writing a small novel on the several things you _could_
be talking about.

If by 'exposed' you mean security-compromised, yes, linuxmafia.com could
be security-compromised, in pretty much the exact way that any other
server on the Internet might be.

If by 'captured streaming in and out of the host' you mean someone has
placed a nearby host on the same network or on the routing path in and
out between my house and the Internet, that is pretty far-fetched
(where?  in my garage?  in Raw Bandwidth's NOC?), and also that would
not easily permit easy complete masquerading as my machine and
rewriting traffic as a man-in-the-middle imposter.

Anyhow, if you're serious abount 'getting spam from various names
@linuxmafia.com', please forward offlist some examples with full SMTP
headers _now_.  Thank you.