[sf-lug] (forw) Bot-generated nonsense

Rick Moen rick at linuxmafia.com
Thu Jun 1 03:02:33 PDT 2023


Gosh, Bobbie, I checked the archives + my local copies of sent mail, and
see that I already explained to you the bot mischief then attempting to
programmatically unsubscribe you from Test, last _December_.

I don't know why you got freaked out and confused in May 2023 about
something you asked me about, and I already answered about, in December
2022.

And, yep!  I said in December that I would really need to see full SMTP
headers to tell you more, and yet here we are five months later, and
you're still forwarding stuff with abbreviated SMTP headers.

*sigh*


----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Thu, 29 Dec 2022 18:10:12 -0800
From: Rick Moen <rick at linuxmafia.com>
To: sf-lug at linuxmafia.com
Subject: Bot-generated nonsense
Organization: If you lived here, you'd be $HOME already.

Be advised.

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Thu, 29 Dec 2022 18:09:20 -0800
From: Rick Moen <rick at linuxmafia.com>
To: Bobbie Sellers <bliss-sf4ever at dslextreme.com>
Subject: Re: No request for password on linuxmafia.com
Organization: If you lived here, you'd be $HOME already.

Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> 	I got a big stack of emails over about a 5 minute period.
> 
> Two topics seemed to predominate, One was seeking confirmation for
> an unsubscribe and Two was seeking a password to change my account.
> 
> 	I do not need a password and I do not want to unsubscribe.
> 
> 	I assume this is a automatic reaction by the software.

I have no idea what that is, but it's highly _highly_ likely some bot
out there, at some random location on the Internet, is trying to probe
linuxmafia.com's GNU Mailman to find security weakneses.  Which is to 
say, the bot is guessing who _might_ be subscribed to linuxmafia.com
mailing lists, and attempting to abuse the admin WebUI to send 
"unsubscribe me" and "change my subscription password" commands 
purporting to be from your address.

linuxmafia.com's GNU Mailman then dutifully attempts to vet those 
attempts for authenticity by checking them with the purported submitter,
in this case you.  And thus, here we are.

If you can forward one of those with _full SMTP headers_, 
I might be able to say more.  (If you are not sure you 
know what "full SMTP headers" means and how to achieve that, then that
means you don't know how.)

I cannot really analyse the situation further without such a copy.

Judging by the fact that you sent this mail to
"test-owner at linuxmafia.com", I gather that the bot was trying to unsub
you from mailing list test at linuxmafia.com, and/or change your
subscription password.  Which is of course inane because you're not even
on that mailing list -- but these bots tend to try a lot of crazy
things, hoping something will hit.



----- End forwarded message -----

----- End forwarded message -----



More information about the sf-lug mailing list