Re: The spam is real
On 10/26/2015 22:16, Randy Bush wrote: now that the number of messages discussing the spam has exceed the number of spam messages, perhaps we can get back to work and hope that the list admins have learned something. A couple of factoids that might be useful in realizing the hope. The mail handler at Cox cable correctly binned about 600 of them--I don't remember setting relevant customization, but I can check if anybody cares. And I found messages reporting the problem Saturday. And one that said the problem (as my failing memory wants to believe) started about a month ago. -- sed quis custodiet ipsos custodes? (Juvenal)
Re: The spam is real
now that the number of messages discussing the spam has exceed the number of spam messages, perhaps we can get back to work and hope that the list admins have learned something. randy
Re: The spam is real
There's also probably a large number of people gnashing their teeth that all of these compromised sites have been so readily identified by a very basic spam scam. A massive waste of opportunity for real black hats alan
Re: The spam is real
On 10/26/2015 3:25 PM, William Allen Simpson wrote: What's the exploit that corrupted the sites? ... All the sites that I checked (without the added suffix) seem legit. But maybe they are spammer sites? How do we know? Most involve wordpress vulnerabilities that a spammer exploited, where the spammer then installed their spammy content on someone else's otherwise legit website. (other vulnerabilities happen too.) NOTE: Anyone using wordpress need to be vigilante about keeping it updated (and associated plugins updated)! That makes these particularly hard to blacklist because they always involve SOME amount of "collateral damage" (though often a small and well-justified amount) AND the same algorithms that help URI/domain blacklists to not have FPs, likewise often (and often mistakenly) prevent many of these from getting blacklisted... which explains why many of these were not on very many URI or domain blacklists. -- Rob McEwen
Re: The spam is real
On 10/26/15 1:10 PM, Pablo Lucena wrote: On Sun, Oct 25, 2015 at 12:22 AM, Josh Luthman wrote: Can we please get a filter for messages with the subject "Fw: new message" ??? So far I've dealt with it via Gmail's 'mute conversation' setting somewhat effectively. Gmail was smart enough to put those addressed directly to me into the spam folder -- and let those via nanog through. It's been trained well! Let's look at this as an opportunity. We have a relatively small set of websites that have been corrupted with additional links (presumably unknown to the owner), that then redirect one or more times. What's the exploit that corrupted the sites? Have the site owners been contacted? All the sites that I checked (without the added suffix) seem legit. But maybe they are spammer sites? How do we know?
Re: The spam is real
On Mon, Oct 26, 2015 at 9:10 AM, Pablo Lucena wrote: > On Sun, Oct 25, 2015 at 12:22 AM, Josh Luthman < > j...@imaginenetworksllc.com> > wrote: > > > Can we please get a filter for messages with the subject "Fw: new > message" > > ??? > > > So far I've dealt with it via Gmail's 'mute conversation' setting somewhat > effectively. > Unfortunately, the 'mute conversation' feature only works for threads that are in the inbox. I filter all lists into their own subfolders, reserving the inbox for real people. So the 'mute conversation' feature is useless for most conversations that I actually want to mute. Royce
Re: The spam is real
I have to hand it to EdgeWave (with whom I have a very tumultuous love/hate relationship) for catching this flood from the very first message. thanks, -Randy - On Oct 25, 2015, at 12:22 AM, Josh Luthman j...@imaginenetworksllc.com wrote: > Can we please get a filter for messages with the subject "Fw: new message" > ??? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373
Re: The spam is real
I did the same with Gmail. Has the words - listid:nanog@nanog.org and matching subject. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Oct 26, 2015 at 12:53 PM, Marcin Cieslak wrote: > On Sun, 25 Oct 2015, Josh Luthman wrote: > > > Can we please get a filter for messages with the subject "Fw: new > message" > > ??? > > I have this in my $HOME/.procmailrc: > > :0: > * ^List-ID:.*nanog.nanog.org> > * ^Subject: Fw: new message > nanog-junk > > 355 pieces since I put this rule (only two or so missed). > > Marcin >
Re: The spam is real
On Sun, 25 Oct 2015, Josh Luthman wrote: > Can we please get a filter for messages with the subject "Fw: new message" > ??? I have this in my $HOME/.procmailrc: :0: * ^List-ID:.*nanog.nanog.org> * ^Subject: Fw: new message nanog-junk 355 pieces since I put this rule (only two or so missed). Marcin
Re: The spam is real
On Sun, Oct 25, 2015 at 12:22 AM, Josh Luthman wrote: > Can we please get a filter for messages with the subject "Fw: new message" > ??? > > So far I've dealt with it via Gmail's 'mute conversation' setting somewhat effectively.
The spam is real
Can we please get a filter for messages with the subject "Fw: new message" ??? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
