Tue, 18 Nov 1997 10:41:10 -0500
|
On 18 Nov 97 at 10:10, Jim Bradley wrote:
> I have two open, confidential=no lists here (COASTNET and
> COASTALP) that do not show up in the output of a list
> command if that command does not originate on URIACC.
> They are in the output of a 'list global coast' command
> sent from the same source. Can anyone explain?
The following exerpt from the 1.8c release notes
(ftp://ftp.lsoft.com/documents/v18c-own.relnotes)
should explain.
Francoise
---------------------------------------------
LISTS command now restricted to local users
-------------------------------------------
Another popular method for collecting information about available lists
was to send a LISTS commands to individual LISTSERV (and non-LISTSERV)
sites. While this required more programming work for the spammer, it also
gave better results as the LISTS command would also list local lists
("Confidential= Service"), which outnumber public lists 3:1. The LISTS
command has been changed in version 1.8c to only return information to
local users, ie users whose hostname matches one of the patterns in the
LOCAL configuration variable. Typically, if the server is running on a
machine called LISTSERV.XYZ.EDU, the LOCAL variable will have been
defined as *.XYZ.EDU. This allows any user in the XYZ.EDU domain to send
a LISTS command to the server, while preventing spammers from getting any
useful information. To clarify:
- This change has no impact on local users, who can still access the same
information as before. It may be necessary for the LISTSERV maintainer
to review the setting of the LOCAL configuration variable to make sure
that all local domains are properly identified.
- This change prevents non-local users from obtaining information about
local ("Confidential= Service") lists. This change will completely
protect local lists from spam (both direct and indirect) as there will
be no way for the spammers to get information about them.
- "Confidential= Yes" lists remain completely hidden as before.
- Non-local users must now use the LIST GLOBAL command or the CataList to
search for public lists of interest.
The LIST GLOBAL command was also changed so that you can no longer ask
for a list of all the lists hosted on a particular server, as this would
defeat the purpose of the LISTS command change.
|
|
|