All the Perl that's Practical to Extract and Report

Mail attack

Matts on 2002-03-02T09:31:27

Yuck - yesterday I ended up being a part of an attack on someone's mail server. I got over 100 emails in my spam trap box (because none were addressed to me directly), from someone's hacked mail server at lusopeople.com. A portugese (I think) web site where they've now put up an apology on the site. Very frustrating. But it does make me wonder if the site is a spammer themselves, because it was all coming to one of my trap emails that I never use.

The humourous thing was that some of the emails actually came from where I work, telling me I tried to send a virus, which of course I had no hand in. Intruiging - I'm going to have to talk to the admins about this one, because there's been a few problems in the past with sending our "You tried to send a virus" to mailing lists, rather than to the original author - which gets us into deep shit (understandably, of course - very bad juju to do that).

That's interesting

Elian on 2002-03-02T17:22:26

Since the same thing happened to me yesterday. Lots of bounce mail, subscription confirmation requests, and some "You sent us a virus" mail, all apparently originating from their webmaster account.

Wonder if someone's using CPAN e-mail addresses or something.

Re:That's interesting

Matts on 2002-03-02T17:53:50

Nope. Mine were to modperl @ sergeant.org, whereas my CPAN stuff comes direct to matt @ sergeant.org. I've never used modperl in direct mailings, so it must have been picked up by some crawler. Maybe the site deserved the attack, but I (and everyone else) certainly didn't.

Intruigingly there's an article at the top of Slashdot right now talking about a very similar incident, but not the same.

Re:That's interesting

pudge on 2002-03-03T13:14:16

For a few weeks, I've been getting occasional messages "from" perl5-porters-subscribe, Tim Bunce, and others in the Perl community that really aren't from them at all, but from mail servers in Poland and Russia, often containing viruses. I've even gotten a few bounces (and stories from other people) of messages I've apparently "sent" to others, showing similar characteristics.

lusospam

gnat on 2002-03-02T21:32:27

I added this to my .procmailrc:

:0
* lusoglobal
  IN/spam
That caught it. Yesterday was a bad day for email for me too--tchrist fixed a config bug on one of his training machines that caused it to finally be able to deliver about 9 months of 6-hourly cron messages on CPAN updates. I filtered those from my mailbox after 250ish and then added another procmail entry to shitcan the rest.

I love procmail. Between procmail and spamassassin, I'm a happy bunny boy.

--Nat