At 09:58 PM 2/19/01, Peter Losher wrote:
>Thanks & Best Wishes - Peter
>(whose nightmare is to find some "scorned" user somewhere who gets
>banned, signs up to the list w/ multiple addresses and causes havoc)
"Just because you're paranoid doesn't mean they're not out to get you."
I had exactly what you describe happen to me... it lasted TWO YEARS,
included throw-away account subscriptions from dozens of freebie ISPs,
and was ultimately resolved by changing all lists on my server to
require list owner permission before a subscription was completed.
I also implemented per-day and per-week posting limits in software.
In one respect, "[EMAIL PROTECTED]" won. (I'm posting that address
here so you'll all be on notice that he's bad news.) All users of my
dozens of lists are impacted by the subscription monitoring. Many of
the lists were spammed repeatedly by Calliger using aliases.
NOTE: There is a HUGE security hole in some list server software.
If you have your lists set up to require "accepting a token" style
confirmation, the spammer can fire off a bunch of subscribe requests,
then spam your list, then be kicked off and locked out... and even
with domain blocks in place can accept the pending tokens and spam
again. Not the garden-variety spammer, this one.
Have a look at
http://www.climber.org/eckert/allegations/
to see the lengths he went to... and the lies he told.
The final resolution was to go to the organization where we "met",
and get them to vote sanctions on him that had nothing to do with
my server. He no longer has an audience that can be fooled, but
weeks of several people's time was wasted in the process.
If a similar thing happens in the future, I will boot the offender
MUCH SOONER. Waiting and hoping they will change is dumb.
SRE
mailto:[EMAIL PROTECTED] | http://www.climber.org/eckert/
Info on peak climbing email lists mailto:[EMAIL PROTECTED]
"If you pick up a starving dog and make him prosperous, he will not
bite you. This is the principal difference between a dog and a man."
-- Mark Twain
