Re: alfaBB.com spam??

To: "'alfa-digest@domain.elided'" <alfa-digest@domain.elided>
Subject: Re: alfaBB.com spam??
From: Richard Welty <rwelty@domain.elided>
Date: Wed, 27 Nov 2002 16:42:06 -0500 (EST)
Content-disposition: INLINE
Content-type: TEXT/PLAIN; CHARSET=US-ASCII
In-reply-to: <2E01795CC681D411BB970008C7F48AD46C7F56@HOUXML03>
References: <2E01795CC681D411BB970008C7F48AD46C7F56@HOUXML03>
Reply-to: Richard Welty <rwelty@domain.elided>
Sender: owner-alfa@domain.elided

On Wed, 27 Nov 2002 13:22:17 -0600 "Keith, Michael S" <Michael_Keith@domain.elided> wrote:

> I've been to the site (curiosity got the better of me), & it seems like
> an
> ordinary internet forum.  However, there does seem to be a large blank
> space
> at the top of the page.  I would think that once they have a certain
> number
> of registered members, they'll start trying to sell banner adds.  I
> posted a
> questions asking who started it, but I haven't received a reply.

"simon" started it (or at least, "simon" fetched the email addresses).

i have the smoking gun, excerpted from the majordomo Log file on krusty.
it is at the end of this posting. simon subscribes on November 11th,
takes a brief look about. on November 27th, he issues a who commands to
get member's email addresses (who is unavailable to non-members, but
available to members. i guess i should shut it down completely.) he
then subscribes to all the other mailing lists on the server and sends
who commands for those lists too.

regardless of the commercial/noncommercial nature of the alfabb effort,
this is way over the line into network abuse. for those who wish to
complain, simon send the email from a pacbell.net dsl line (complain to
abuse@domain.elided) and relayed it off of an ipowerweb.com server (don't
know for sure what the abuse address will be, try abuse@domain.elided, if
that fails, try postmaster@domain.elided, if that fails, see if
ipowerweb.com@domain.elided does anything useful. you do have to register to
use abuse.net, but it's safe; john levine who runs it is a good guy, even
if he did write one of those "for dummies" books.)

the following headers show the path that the email passed through. for
everyone who wishes to complain, you'll need a complete copy of the message
that offended, including the receive headers. getting the full headers out
of an M$ product can be challenging, but i assure you that it's possible.

Received: from [12.129.198.128] (helo=host28.ipowerweb.com)
        by krusty1.krusty-motorsports.com with esmtp (TLSv1:DES-CBC3-SHA:168)
        (Exim 4.10)
        id 18H0dg-0004hC-00
        for rwelty@domain.elided; Wed, 27 Nov 2002 11:45:56 +0000
Received: from adsl-63-204-177-81.dsl.lsan03.pacbell.net ([63.204.177.81] helo=MTMlaptop)
        by host28.ipowerweb.com with esmtp (Exim 3.36 #1)
        id 18GytT-0008P2-00; Wed, 27 Nov 2002 01:54:08 -0800

here are the majordomo log lines:

Nov 11 21:56:00 digest.net majordomo[30877] {<simon@domain.elided>} send_confirm subscribe alfa-digest simon@domain.elided
Nov 11 22:40:51 digest.net majordomo[428] {<simon@domain.elided>} subscribe alfa-digest simon@domain.elided
Nov 11 22:40:51 digest.net majordomo[428] {<simon@domain.elided>} help
Nov 11 23:15:18 digest.net majordomo[2407] {<simon@domain.elided>} index alfa-digest
Nov 27 11:20:10 digest.net majordomo[17102] {<simon@domain.elided>} help
Nov 27 11:25:10 digest.net majordomo[17292] {<simon@domain.elided>} who alfa-digest
Nov 27 11:29:56 digest.net majordomo[17690] {<simon@domain.elided>} lists
Nov 27 11:35:06 digest.net majordomo[17904] {<simon@domain.elided>} who alfa
Nov 27 11:41:24 digest.net majordomo[17976] {<simon@domain.elided>} help
Nov 27 11:41:53 digest.net majordomo[17985] {<simon@domain.elided>} send_confirm subscribe alfa-db simon@domain.elided
Nov 27 11:44:47 digest.net majordomo[18034] {<simon@domain.elided>} send_confirm subscribe aroc-kc simon@domain.elided
Nov 27 11:45:40 digest.net majordomo[18059] {<simon@domain.elided>} send_confirm subscribe aroc-kc-digest simon@domain.elided
Nov 27 11:50:33 digest.net majordomo[18220] {<simon@domain.elided>} subscribe alfa-db simon@domain.elided
Nov 27 11:51:01 digest.net majordomo[18242] {<simon@domain.elided>} subscribe aroc-kc simon@domain.elided
Nov 27 11:51:22 digest.net majordomo[18258] {<simon@domain.elided>} subscribe aroc-kc-digest simon@domain.elided
Nov 27 11:56:02 digest.net majordomo[18566] {<simon@domain.elided>} who alfa-db
Nov 27 11:56:22 digest.net majordomo[18575] {<simon@domain.elided>} who aroc-kc-digest
Nov 27 11:58:33 digest.net majordomo[18591] {<simon@domain.elided>} who aroc-kc-digest
Nov 27 11:59:37 digest.net majordomo[18936] {<simon@domain.elided>} who aroc-kc
Nov 27 22:13:24 digest.net majordomo[16379] {simon@domain.elided} send_confirm subscribe alfa-digest simon@domain.elided
Nov 27 22:13:24 digest.net majordomo[16379] {simon@domain.elided} help

--
Richard Welty                                         rwelty@domain.elided
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security
--
to be removed from alfa, see /bin/digest-subs.cgi
or email "unsubscribe alfa" to majordomo@domain.elided

Follow-Ups:
- Re: alfaBB.com spam??
  - From: "Gregory S. Youngblood" <greg@domain.elided>

References:
- Re: alfaBB.com spam??
  - From: "Keith, Michael S" <Michael_Keith@domain.elided>

Prev by Date: Original Alfa Recaro cloth material
Next by Date: Slow starting Motronic
Previous by thread: Re: alfaBB.com spam??
Next by thread: Re: alfaBB.com spam??
Index(es):
- Date
- Thread

Home | Archive | Main Index | Thread Index