[sf-lug] Bot-generated nonsense

Todd Hawley celticdm at gmail.com
Fri Dec 30 15:08:38 PST 2022 

On Thu, Dec 29, 2022 at 6:11 PM Rick Moen <rick at linuxmafia.com> wrote:

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
>
> Date: Thu, 29 Dec 2022 18:09:20 -0800
> From: Rick Moen <rick at linuxmafia.com>
> To: Bobbie Sellers <bliss-sf4ever at dslextreme.com>
> Subject: Re: No request for password on linuxmafia.com
> Organization: If you lived here, you'd be $HOME already.
>
> Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):
>
> >       I got a big stack of emails over about a 5 minute period.
> >
> > Two topics seemed to predominate, One was seeking confirmation for
> > an unsubscribe and Two was seeking a password to change my account.
> >
> >       I do not need a password and I do not want to unsubscribe.
> >
> >       I assume this is a automatic reaction by the software.
>
> I have no idea what that is, but it's highly _highly_ likely some bot
> out there, at some random location on the Internet, is trying to probe
> linuxmafia.com's GNU Mailman to find security weakneses.  Which is to
> say, the bot is guessing who _might_ be subscribed to linuxmafia.com
> mailing lists, and attempting to abuse the admin WebUI to send
> "unsubscribe me" and "change my subscription password" commands
> purporting to be from your address.
>
> linuxmafia.com's GNU Mailman then dutifully attempts to vet those
> attempts for authenticity by checking them with the purported submitter,
> in this case you.  And thus, here we are.
>
> If you can forward one of those with _full SMTP headers_,
> I might be able to say more.  (If you are not sure you
> know what "full SMTP headers" means and how to achieve that, then that
> means you don't know how.)
>

I'm not sure what "full SMTP header" means myself, but I'm going to guess
you are referring to the relay points any email takes in its journey from
the
originator to its end point. I'm also going to guess that since the
originator
email addy can be munged, that any relay point can also be munged. And if
I'm wrong about any of this, all I can say is "not the first time I've been
wrong about
something, nor will it be the last."  As that old gas station commercial
used
to say, "your mileage may vary." :p

Happy New Year all,
-th
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20221230/8f513bbb/attachment.html>

More information about the sf-lug mailing list