Vitor Buitoni wrote:
Yes, surely it's a vulnerability in this system.
Perhaps the subscription confirmation should include something else besides just a single reply...
Is it possible to use the system that sends the user an image containing some text, and to confirm the user have to type what he sees in the image? Or some kind of control like this, that would make it difficult for machines to confirm the subscription automatically.
Thanks!
Vitor
Giuliano Gavazzi wrote:
At 9:37 am -0800 2004/01/30, David Rees wrote:
Vitor Buitoni wrote, On 1/30/2004 3:50 AM:
Maybe some admin could unsubscribe this annoying guy?
The real question is how are these guys getting subscribed? It appears that someone has figured out a way to subscribe random addresses to the list without validation.
I'm guessing that it works because someone spoofs a subscribe request, and ezmlm responds to the spoofed address with the confirmation. These autoresponders which include the whole message reply, and voila, they have been subscribed to the list.
well, but this also means that ezmlm sucks, or that it should be configured in a different way. I guess that during this storm subscriptions, (but not un-subscriptions please!) should be stopped. I not want to check my mail the morning after some virus manage to subscribe a few autoresponders to the list.
Giuliano
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Thanks, Josh Rehman Citysearch Toolsdev, 3559
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
