[Box-Admins] [Board] Recent spam on the lists

David T. Lewis lewis at mail.msen.com
Mon Aug 7 11:48:56 UTC 2017 

CC box-admins

Hi Marcel,

I am quite sure that our lists are under attack, but as far as I know nothing
bad is actually getting getting distributed to list subscribers.

Which lists do you see this on? I am not seeing anything that reaches the archives
on http://lists.squeakfoundation.org/pipermail/ (but maybe someone already
deleted things?).

For what it's worth, the vm-dev-owner at lists.squeakfoundation.org address (which
is redirected to me) has again been under attack for the last serveral days. This
happened once before (around July 20). Levente reduced the problem by blocking
a range of addresses:

  http://lists.squeakfoundation.org/pipermail/box-admins/2017-July/002427.html

And the attacks stopped entirely after a week or so, then resumed a few days ago.
I am attaching an example of one of the recent spam emails.

I am not sure if this is related to whatever problem you are seeing on forum.world.st,
but my assumption is that someone is attempting to gain access to mailing lists
in order to use them for distributing spam. Presumably the source is a bot of
some kind.

Dave


On Mon, Aug 07, 2017 at 10:41:48AM +0200, Marcel Taeumel wrote:
> Hi, there.
> 
> Could somebody block this user "pfizerobataborsi" and delete all its postings (Aug 1 - 6)?
> http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370940 [http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370940]
> 
> Same for users "eyangsemar004" and??"eyangsemar003":
> http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370954 [http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370954]
> http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370946 [http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370946]
> 
> Same for user "dion":
> http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370800 [http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=370800]
> 
> Same for user "kusmiati88":
> http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=a135323403%7Ekusmiati88 [http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=a135323403%7Ekusmiati88]
> 
> Same for user "BASERRR888":
> http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=a135289409%7EBASERRR888 [http://forum.world.st/template/NamlServlet.jtp?macro=user_nodes&user=a135289409%7EBASERRR888]
> 
> ... Wait ... Basically all users that posted on this "global" location here, which dates back to June 5:
> http://forum.world.st/Smalltalk-f1294792.standard.html [http://forum.world.st/Smalltalk-f1294792.standard.html]
> 
> Woah, what's happening? :-/
> 
> Best,
> Marcel

>From SRS0=9hiW=7J=lists.squeak.org=mailman-bounces at squeak.org  Sun Aug  6 22:49:19 2017
Return-Path: <SRS0=9hiW=7J=lists.squeak.org=mailman-bounces at squeak.org>
Received: from mail.squeak.org (mail.squeak.org [162.242.237.43])
	by shell.msen.com (8.14.3/8.14.3) with ESMTP id v772nJ2D079063;
	Sun, 6 Aug 2017 22:49:19 -0400 (EDT)
	(envelope-from SRS0=9hiW=7J=lists.squeak.org=mailman-bounces at squeak.org)
Received: from localhost (localhost [127.0.0.1])
	by mail.squeak.org (Postfix) with ESMTP id 5AED7BD9F0
	for <lewis at mail.msen.com>; Mon,  7 Aug 2017 02:49:13 +0000 (UTC)
Received: from mail.squeak.org ([127.0.0.1])
	by localhost (mail.squeak.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id uuqRI-hyB5s3 for <lewis at mail.msen.com>;
	Mon,  7 Aug 2017 02:49:13 +0000 (UTC)
Received: from mail.squeak.org (localhost [IPv6:::1])
	by mail.squeak.org (Postfix) with ESMTP id 4B4C3BC63C
	for <lewis at mail.msen.com>; Mon,  7 Aug 2017 02:49:13 +0000 (UTC)
X-Original-To: vm-dev-owner at lists.squeakfoundation.org
Delivered-To: vm-dev-owner at mail.squeak.org
Received: from localhost (localhost [127.0.0.1])
 by mail.squeak.org (Postfix) with ESMTP id 5B754BD9F0
 for <vm-dev-owner at lists.squeakfoundation.org>;
 Mon,  7 Aug 2017 02:49:12 +0000 (UTC)
Received: from mail.squeak.org ([127.0.0.1])
 by localhost (mail.squeak.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id DCNKtbN7Tchy
 for <vm-dev-owner at lists.squeakfoundation.org>;
 Mon,  7 Aug 2017 02:49:12 +0000 (UTC)
Received: from cl68.com (unknown [IPv6:240e:f2:c001:eab6:1885:1ccf:2215:7cda])
 by mail.squeak.org (Postfix) with ESMTP id 5048ABC63C
 for <vm-dev-owner at lists.squeakfoundation.org>;
 Mon,  7 Aug 2017 02:49:11 +0000 (UTC)
MIME-Version: 1.0
Date: Mon, 07 Aug 2017 10:49:05 +0800
Message-ID: <875a72865f1358a5 at 8f5598c8031dbf91>
Subject: =?utf-8?Q?------=E9=9A=A9=E9=97=A8=E5=A8=81=E5=B0=BC=E6=96=AF=E4=BA=BA=E5=AE=98=E7=BD=91336468=E3=80=82C0M=E9=82=80=E6=82=A8=E4=BD=8F=E5=86=8A=E5=B6=BA=E2=91=B6?=
 =?utf-8?Q?=E2=92=8F=E7=80=9B38O=E6=8F=90=E7=8E=B0=EE=A0=BE=E4=BC=BD=E7=A2=A6=E6=9C=8D=E6=89=A3:2855592926=E5=B6=BA=EE=A0=BE=E7=BA=A2=E5=AE=9D=E5=A4=A9=E5=A4=A9=E6=8A=A2?=
 =?utf-8?Q?=EE=A0=BE=EE=A0=BE=E5=91=A8=E5=91=A8=E9=A2=86=E5=B7=A5=E8=B5=80=EE=A0=BE=E6=9C=88=E6=9C=88=E7=BB=99=E4=BF=B8=E7=A6=84=EF=BC=8C=E5=85=A5=E7=AA=BE=E9=A4=B82%=E9=A6=96=E5=AD=98=E5=8F=AF=E8=8E=B7=E6=9C=80=E9=AB=983888=E5=85=83?=
 =?utf-8?Q?=EE=A0=BE-----?=
To: vm-dev-owner at lists.squeakfoundation.org
Received: from cl68.com (unknown (247.81.36.233])
 by cl68.com with SMTP id 6bb1d819-dd40-4468-9bd1-6e016a726446;
 for <vm-dev-owner at lists.squeakfoundation.org>; Mon, 07 Aug 2017 10:49:05 +08:00
From: =?utf-8?Q?=E6=88=90=E5=BF=A0?= <824498549 at qq.com>
Content-Type: multipart/alternative;
 boundary="f763a86d-162b-4b5f-bece-83f669b2bb79"
Errors-To: mailman-bounces at lists.squeak.org
Sender: "Vm-dev" <mailman-bounces at lists.squeak.org>
Received-SPF: Pass; receiver=msen.com; client-ip=162.242.237.43; envelope-from=<SRS0=9hiW=7J=lists.squeak.org=mailman-bounces at squeak.org>
Received-SPF: Pass; receiver=msen.com; client-ip=162.242.237.43; helo=mail.squeak.org
X-Keywords:                  
X-UID: 3332
Status: RO
Content-Length: 220
Lines: 7

--f763a86d-162b-4b5f-bece-83f669b2bb79
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<p>=e8=bb=ba=e6=a5=82=e5=94=af=e6=a4=92=e8=96=88</p>
--f763a86d-162b-4b5f-bece-83f669b2bb79--

More information about the Box-Admins mailing list