Re: [CenterIM-devel] Request for Discussion: How to handle unwanted contacts

Frank Altpeter Tue, 19 May 2009 06:11:52 -0700

Hi again,

Hmmm, one more fact (sorry for the almost-spamming). The lastly added
unwanted user, 578243406, is protocolled like that in my log:


Tue May 19 11:42:50 2009: incoming authorization from [icq] 578243406
Tue May 19 11:42:50 2009: outgoing message to [icq] 578243406 (578243406)
Tue May 19 11:42:50 2009: incoming message from [icq] 578243406
Tue May 19 11:42:50 2009: outgoing message to [icq] 578243406 (578243406)
Tue May 19 11:42:57 2009: incoming authorization from [icq] 578243406
Tue May 19 11:42:57 2009: outgoing message to [icq] 578243406 (578243406)

AFAIK, this seems to be like that:

User 578243406 sends an AUTH request. Captcha sends back its question.
User is a bot and sends his spam message because it's triggered by the
captcha question. This triggers a new "wrong answer" captcha question.
This "conversation" makes ICQ server think that the user is valid and adds
him to the server-side contact list.

Would someone cross-check this possible reason?


on 2009-05-19 at 15:05:07 CEST, I wrote:
> Hi,
> 
> What's making me think about the online/offline issue, is the fact that
> the unwanted users are all created when going online again, like this scan
> shows:
> 
> cd ~/.centerim
> find . -name "[0-9]*" -type d | while read dir; do d="$( basename $dir )" ; 
> ls -la ${d}/history >/dev/null 2>&1 || ls -lad $d; done | sort
> 
> (This query finds all ICQ contacts and prints a list of directories that
> don't contain a history file)
> 
> 
> This results in output like this (shortened):
> 
> drwx------ 2 freddy wheel 4096 May 14 11:31 356128260
> drwx------ 2 freddy wheel 4096 May 14 11:31 362156623
> drwx------ 2 freddy wheel 4096 May 14 11:31 383250210
> drwx------ 2 freddy wheel 4096 May 14 11:31 428803396
> drwx------ 2 freddy wheel 4096 May 14 11:31 434874756
> drwx------ 2 freddy wheel 4096 May 14 11:31 473328620
> 
> drwx------ 2 freddy wheel 4096 May 15 11:05 123751698
> drwx------ 2 freddy wheel 4096 May 15 11:05 357404121
> drwx------ 2 freddy wheel 4096 May 15 11:05 433986205
> drwx------ 2 freddy wheel 4096 May 15 11:05 499096463
> drwx------ 2 freddy wheel 4096 May 15 11:05 499134953
> drwx------ 2 freddy wheel 4096 May 15 11:05 550017105
> 
> drwx------ 2 freddy wheel 4096 May 19 14:54 420378522
> drwx------ 2 freddy wheel 4096 May 19 14:54 429832960
> drwx------ 2 freddy wheel 4096 May 19 14:54 447471792
> drwx------ 2 freddy wheel 4096 May 19 14:54 496852448
> drwx------ 2 freddy wheel 4096 May 19 14:54 578243406
> 
> These are all the times when I started centerim. Not sure how to debug
> this further but I'm quite sure that the users are put on your server-side
> contact list while being offline and then synchronized. For whatever reason.
> 
> 
>  
> Le deagh dhùraghd,
> 
>       Frank Altpeter
> 
> -- 
> FA-RIPE || http://www.altpeter.de/
> http://www.xing.com/go/invite/27666.2a971e
> | "It means that doctors are practicing what they call preventative medicine. 
> In
> | other words, if you think somebody's going to sue you, if you're in a
> | litigious society, then you'll take extra care by prescribing more and more
> | either procedures, or whatever it may be."
> | 
> | George W. Bush
> | June 30, 2003
> | Miami, Florida.
> 

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> 
> iQEVAwUBShKug55PsxDxKK3zAQKDGwgAmfZf3WV11Z/zRc6Tuihb5QoYjxhxWU7+
> vl6qtk03Wpuu2af5BPjVKavLwDTS77WBkXv2Y7fidUSKi50CZvZ7//BEJZDfWs2I
> Ia7gXD4uWTYoTmaJLposPYkGqzocf84feqYk1Jtjp4YraDi5gHovmafiuutxLwlV
> gMOTB89rHbzzT/YPWbbKsSV7+Geyu94PaWLM8Jw3Uq8uWAQXbRmxVNPi/U2CHUw/
> KgOAzPzE95TFk77OUasgzH/aifLdV67eYbZOGPmrdpusNfndMkNbnQdYL8mPr3RM
> VitYelNaw5k3JcBAFJAdioelEPrUGu5e+U8eyQN8kBiDpA0Wo94udA==
> =kn+u
> -----END PGP SIGNATURE-----


> --
> _______________________________________________
> Centerim-devel mailing list
> Centerim-devel@centerim.org
> http://centerim.org/mailman/listinfo/centerim-devel
> http://www.centerim.org/


 
Tìoraidh an-dràsda,

        Frank Altpeter

-- 
FA-RIPE || http://www.altpeter.de/
http://www.xing.com/go/invite/27666.2a971e
| ARTHUR        It's not a question of whose habitat it is, it's a 
|       question of how hard you hit it.
| 
| - Arthur pointing out one of the disadvantages of gravity, Fit the Tenth.

pgpF7L4Tnd0Ck.pgp
Description: PGP signature

--
_______________________________________________
Centerim-devel mailing list
Centerim-devel@centerim.org
http://centerim.org/mailman/listinfo/centerim-devel
http://www.centerim.org/

Re: [CenterIM-devel] Request for Discussion: How to handle unwanted contacts

Reply via email to