On 25 Nov 2003, at 17:46, Bernhard Kuemel wrote:
David Champion wrote:* On 2003.11.16, in <[EMAIL PROTECTED]>,This test may disable users of non graphical web browers or email only subscribers to subscribe.I've generally found that encoding the address as HTML character
entities works fine. I've had a bait address on my web page for quite
some time, and it's never received any spam. It's readable to text
browsers, it doesn't affect readability with unexpected font sizes, it
takes little computation, and it's trivial to write.
My address would become:
dgc@uchicago .edu
While this approach may work in individual cases it is trivially and quite likely defeatet when the prize is 100,000 mailing lists with 1 to 5 million (!) high quality email addresses.
Since your answer is the only one and the problem does not appear to be addressed sufficiently I wrote an example exploit program that finds mailman lists and harvests their email addresses. After about 20 minutes it collected about 30.000 email addresses: http://bksys.at/bernhard/30,000%20email%20addresses.gz
The program can be further improved. It can be a little parallelized. It can check a site for further mailing lists (the admin overview has a more complete list than the listinfo overview). And it can be made to subscribe to mailing lists where the member list is only available to the list members.
If you think the problem is worth fixing please estimate how long it will take and I will wait a reasonable time for a fix before I post the problem and the exploit code to bugtraq. Otherwise I will post to bugtraq in about 1 week.
I am just a spectator but this doesn't look like a major contribution to the Open Source movement by you.
As a way of getting your code and ideas adopted it is one hell of an approach.
A better approach might be to work up a patch for the current Mailman release that will demonstrably function in practice (how are we going to manage all those images your original "Turing test" proposal will lead to) and submit that like any other contributor. You can program in Perl so using Python should be a snap for a clever fellow like you.
But I confess if it were for me to decide on a response to your threats, which it is not, I'd say sex and travel fits the bill.
Here is the exploit code:
------------------------------------------------------------- #!/usr/bin/perl -w
$n=0;
$u=0;
for ($i=0;1;$i+=10) {
$#urls=-1;
$google=`lynx --dump 'http://www.google.com/search? q=%22Click+here+for+the+list%22+%22batched+in+a+daily+digest%22&start=$ i'`;
# print $google;
@urls=$google=~/cache:.{12}:(.*?)\+%22/g;
if ($#urls==-1) {last;}
# print join("\n",@urls);
# print "\naoeu $#urls\n";
foreach $url (@urls) { $u++; $url=~s*/listinfo/*/roster/*; print "$url...\n"; $roster=`lynx -connect_timeout=10 -dump $url`; # print $roster; @mails=$roster=~/^ +\* \(?\[\d+\](.* at .*?)\)?$/mgo; foreach $mail (@mails) { $mail=~s/ at /@/; print "$mail\n"; $n++; } print "mails=".($#mails+1).", total=$n, url=$u, google=$i\n"; # exit; } #foreach url
} #while google -----------------------------------------------------------
Have a nice day,
There's irony for you.
Bernhard
-- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html
----------------------------------------------------------------------- Richard Barrett http://www.openinfo.co.uk
_______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
