tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: Spam vulnerability at apache (was: Re: Photo document [TID#4977])
Date Tue, 13 Apr 2004 20:38:52 GMT
Actually I have found the spam resulting from this list to be 
negligible. That includes the user list.

On 04/13/2004 06:13 PM Jeff Tulley wrote:
> If I am not mistaken, this email probably results from somebody on the
> list having one of the many recent viruses.  An email is being sent from
> somebody's computer, with the "From" or "Reply-to" being "tomcat-dev",
> and the "To" being the Russian place.  The russian site has an
> auto-responder, and so it sends back an email to the list.    Yes, this
> is a mail software problem in that the russian place was automatically
> subscribed earlier probably from a similar virus email with a "reply-to"
> being something like tomcat-dev-subscribe at jakarta....   
> 
> The point is that nobody necessarily has your address.  But, being on
> such a large public list, you definitely put yourself at risk at getting
> more virus and spam emails.  If this concerns you greatly, I'd advise
> getting a secondary, "junk" email account for posts to this list, one
> that you could kill someday and be done with any spam or virus mails
> brought to you by participation here.  I myself wish I had done so.
> (probably too late to do much good now!)
> 
> 
>>>>sabiq@csociety.org 4/12/04 9:20:31 PM >>>
> 
> Hi,
> 
> I extremely apologize for this message, but i think this needs to be 
> figured out. I just yesterday registered my new email address with 
> tomcat-dev, and i received the spam below almost immediately
> thereafter. 
> Only a few people are aware of this email address, so the origin of
> spam 
> info 99% appears to be tomcat-dev registration. Is there any chance
> that 
> DNS gets resolved to one of several IPs, one of which collects these 
> emails and uses them for spam (or perhaps is infected with a virus)? I
> 
> would look for any IPs based in russia as the prime suspects, because 
> this email contains russian text and appears to be originated there.
> 
> What's worse is that 25 minutes after this spam, i received another one
> 
> of similar content. Please help save me and others from this plague of
> 
> the Internet.
> I entrusted apache.org with this address, and hope we can keep it 
> between us.
> 
> P.S. If there are other people who received similar emails, please let
> 
> me, the admins, or the list know. If you let only me know, i will 
> accumulate the number of people affected and forward this to an admin.
> P.P.S. I see that emails are protected in the archives publicly 
> published, and i think this issue is in the same category.
> 
> Thanks,
> <rsa/>
> 
> =?windows-1251?Q?Support=20M-10=20@csociety.ecn.purdue.edu wrote:
> 
> 
>>russian(win-1251):
>>
>>????????????!
>>
>>?????? ??????????? ????????????? ??????? ? ????? ?? ???? ?????? ??
> 
> ????
> 
>>"Photo document", ??????????? ????. ??? ?? ???? ???????? ?? ????.
>>?????? ????????? ???????? ???????? ???? ??????, ? ??? ????????
> 
> ?????????????
> 
>>[TID#4977]. ??????????, ????????? ????????? ????:
>>
>>     [TID#4977]
>>
>>? ????????? (subject) ???? ??????????? ??????????????? ?? ??? ????. 
>>??? ????? ??????? ??????? ?? ??? ?????? (reply).
>>
>>C ?????????,
>>?????? ??????????? ????????? ????????
>>??????? ???????? ?-10
>>http://www.m-10.ru 
>>------------------------------------------------------------------------
>>english:
>>
>>Greetings,
>>
>>This message has been automatically generated in response to your
> 
> message
> 
>>regarding "Photo document", the content of which appears below. 
> 
> There
> 
>>is no need to reply to it now. Support has received your message and
> 
> it has
> 
>>been assigned a ticket ID of [TID#4977]. Please include the string:
>>
>>     [TID#4977]
>>
>>in the subject line of all future correspondence about this problem. 
>>To do so, you may reply to this message.
>>
>>WBR,
>>Support Team
>>Hosting Operator M-10 
>>http://www.m-10.ru 
>>----------------------------Original
> 
> Message-----------------------------
> 
>>Please, photo document.
>>Yours sincerely
>>
>>+++ X-Attachment-Type: document
>>+++ X-Attachment-Status: no virus found
>>+++ Powered by the new F-Secure OnlineAntiVirus
>>+++ Visit us: www.f-secure.com 
>>
>>
>>
>>-----------------------------Headers
> 
> Follow------------------------------
> 
>>Received: from support_grp@office.m-10.ru 
>> by office.m-10.ru (CommuniGate Pro GROUP 4.1.8)
>> with GROUP id 1745058; Mon, 12 Apr 2004 17:13:05 +0400
>>Received: from [62.5.188.222] (HELO office.m-10.ru)
>> by office.m-10.ru (CommuniGate Pro SMTP 4.1.8)
>> with ESMTP id 1745042 for support_grp@office.m-10.ru; Mon, 12 Apr
> 
> 2004 17:12:58 +0400
> 
>>X-Antivirus: Checked by Dr.Web (http://www.drweb.net)
>>From: tomcat-dev@jakarta.apache.org 
>>To: support_grp@office.m-10.ru 
>>Subject: Photo document
>>Date: Mon, 12 Apr 2004 17:11:48 +0400
>>MIME-Version: 1.0
>>Content-Type: multipart/mixed;
>>	boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
>>X-Priority: 3
>>X-Msmail-Priority: Normal
>>Message-Id: <auto-000001745042@office.m-10.ru>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org 
>>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org 
>> 
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> 


-- 
struts 1.2 + tomcat 5.0.19 + java 1.4.2
Linux 2.4.20 Debian


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message