LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Spammers bypassing moderation?

Janice Frasche <[log in to unmask]>

Fri, 4 Mar 2016 19:31:51 -0800

text/plain (57 lines)

Since the announcement of the Drown vulneratibility a couple days
ago, I thought I'd mention Drown here..... while I have no idea if
this would be the cause of spammer's bypassing a Univ moderation
team, according to one site test, ou.edu has a lot of
vulnerabilities.

https://test.drownattack.com/?site=OU.EDU

Janice


On Thu, Mar 03, 2016 at 02:55:39PM -0600, Hal Keen [[log in to unmask]] wrote (in part):
| >>>And do you see approval requests for the spam messages, before the
| >>>"ghost" approves them and they are distributed to your list?
| >
| >No. We're supposed to, but we don't.
|
| Curiouser and curiouser! The "Approved-By" header lines indicate the
| message WAS on the moderation queue, but you don't see a notice that should
| be generated in the process of getting it off.
|
| I see you're in a .edu environment. It's been my experience that
| spam-checking arrangements in such environments are often wildly rapacious,
| possibly because they're maintained and improved by particularly
| imaginative staff. Is it possible those approval requests are being eaten
| by the spam checker before they reach you?
|
| The other alternative, it seems to me, is that whoever is managing your
| moderation queue on behalf of the spammers is also blocking the approval
| notices from getting out--which would imply a VERY inside job in the list
| server.
|
| Section 4 of the LISTSERV Advanced Topics Manual, on List Exits, might be
| relevant. Do you use any? If not, another way to interfere with email to
| list editors would probably be to hack the email system itself.
|
| >(By the way, we've all changed our passwords to the web interface.)
|
| Wise move! But it adds to my suspicions about an inside job: someone who's
| obtained access to your moderation queue outside of normal vetting
| procedures.
|
| I don't know if this makes a difference or not, but are the spammer
| addresses the usual random-seeming collection of non-functioning fakes? Or
| is there a narrower set of spammer addresses that get access? And are there
| others that do get handled correctly?
|
| Hal Keen
|

############################

To unsubscribe from the LSTOWN-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTOWN-L&A=1

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM