Re: Spam vulnerability at apache (was: Re: Photo document [TID#4977])
Actually I have found the spam resulting from this list to be negligible. That includes the user list. On 04/13/2004 06:13 PM Jeff Tulley wrote: If I am not mistaken, this email probably results from somebody on the list having one of the many recent viruses. An email is being sent from somebody's computer, with the "From" or "Reply-to" being "tomcat-dev", and the "To" being the Russian place. The russian site has an auto-responder, and so it sends back an email to the list.Yes, this is a mail software problem in that the russian place was automatically subscribed earlier probably from a similar virus email with a "reply-to" being something like tomcat-dev-subscribe at jakarta The point is that nobody necessarily has your address. But, being on such a large public list, you definitely put yourself at risk at getting more virus and spam emails. If this concerns you greatly, I'd advise getting a secondary, "junk" email account for posts to this list, one that you could kill someday and be done with any spam or virus mails brought to you by participation here. I myself wish I had done so. (probably too late to do much good now!) [EMAIL PROTECTED] 4/12/04 9:20:31 PM >>> Hi, I extremely apologize for this message, but i think this needs to be figured out. I just yesterday registered my new email address with tomcat-dev, and i received the spam below almost immediately thereafter. Only a few people are aware of this email address, so the origin of spam info 99% appears to be tomcat-dev registration. Is there any chance that DNS gets resolved to one of several IPs, one of which collects these emails and uses them for spam (or perhaps is infected with a virus)? I would look for any IPs based in russia as the prime suspects, because this email contains russian text and appears to be originated there. What's worse is that 25 minutes after this spam, i received another one of similar content. Please help save me and others from this plague of the Internet. I entrusted apache.org with this address, and hope we can keep it between us. P.S. If there are other people who received similar emails, please let me, the admins, or the list know. If you let only me know, i will accumulate the number of people affected and forward this to an admin. P.P.S. I see that emails are protected in the archives publicly published, and i think this issue is in the same category. Thanks, [EMAIL PROTECTED] wrote: russian(win-1251): ! ?? ??? ? ??? ? ? ?? ?? ?? "Photo document", ??? . ??? ?? ?? . ?? ? ??, ? ??? ? [TID#4977]. ??, ? ? : [TID#4977] ? ? (subject) ??? ??? ?? ??? . ??? ? ??? ??? ?? ??? ?? (reply). C ?, ?? ??? ? ??? ?-10 http://www.m-10.ru english: Greetings, This message has been automatically generated in response to your message regarding "Photo document", the content of which appears below. There is no need to reply to it now. Support has received your message and it has been assigned a ticket ID of [TID#4977]. Please include the string: [TID#4977] in the subject line of all future correspondence about this problem. To do so, you may reply to this message. WBR, Support Team Hosting Operator M-10 http://www.m-10.ru Original Message- Please, photo document. Yours sincerely +++ X-Attachment-Type: document +++ X-Attachment-Status: no virus found +++ Powered by the new F-Secure OnlineAntiVirus +++ Visit us: www.f-secure.com -Headers Follow-- Received: from [EMAIL PROTECTED] by office.m-10.ru (CommuniGate Pro GROUP 4.1.8) with GROUP id 1745058; Mon, 12 Apr 2004 17:13:05 +0400 Received: from [62.5.188.222] (HELO office.m-10.ru) by office.m-10.ru (CommuniGate Pro SMTP 4.1.8) with ESMTP id 1745042 for [EMAIL PROTECTED]; Mon, 12 Apr 2004 17:12:58 +0400 X-Antivirus: Checked by Dr.Web (http://www.drweb.net) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Photo document Date: Mon, 12 Apr 2004 17:11:48 +0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0016=_NextPart_000_0016" X-Priority: 3 X-Msmail-Priority: Normal Message-Id: <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian --
Re: Spam vulnerability at apache (was: Re: Photo document [TID#4977])
Quite correct, though usually it IS the case that they are a subscriber, and that is why they have the address in their book. I personally am quite surprised that a group of individuals technical enough to participate in these forums would be falling prey to the viruses so often, so maybe you are correct and they are really non-subscribers. I HAVE noticed though a high occurrence of jakarta (tomcat _AND_ Ant) email addresses in all of the virus emails that I receive, so it seems lke they are coming from somebody on these lists. >>> [EMAIL PROTECTED] 4/13/04 10:46:46 AM >>> Jeff Tulley wrote: >If I am not mistaken, this email probably results from somebody on the >list having one of the many recent viruses. > Actually, that is not necessary to see messages like this. All that needs to happen is that someone who is infected has both the email address of a subscriber and the email address of the mailing list visible (in an address book or something). The infected party does *not* have to be a subscriber himself or herself. Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Spam vulnerability at apache (was: Re: Photo document [TID#4977])
Jeff Tulley wrote: If I am not mistaken, this email probably results from somebody on the list having one of the many recent viruses. Actually, that is not necessary to see messages like this. All that needs to happen is that someone who is infected has both the email address of a subscriber and the email address of the mailing list visible (in an address book or something). The infected party does *not* have to be a subscriber himself or herself. Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Spam vulnerability at apache (was: Re: Photo document [TID#4977])
If I am not mistaken, this email probably results from somebody on the list having one of the many recent viruses. An email is being sent from somebody's computer, with the "From" or "Reply-to" being "tomcat-dev", and the "To" being the Russian place. The russian site has an auto-responder, and so it sends back an email to the list.Yes, this is a mail software problem in that the russian place was automatically subscribed earlier probably from a similar virus email with a "reply-to" being something like tomcat-dev-subscribe at jakarta The point is that nobody necessarily has your address. But, being on such a large public list, you definitely put yourself at risk at getting more virus and spam emails. If this concerns you greatly, I'd advise getting a secondary, "junk" email account for posts to this list, one that you could kill someday and be done with any spam or virus mails brought to you by participation here. I myself wish I had done so. (probably too late to do much good now!) >>> [EMAIL PROTECTED] 4/12/04 9:20:31 PM >>> Hi, I extremely apologize for this message, but i think this needs to be figured out. I just yesterday registered my new email address with tomcat-dev, and i received the spam below almost immediately thereafter. Only a few people are aware of this email address, so the origin of spam info 99% appears to be tomcat-dev registration. Is there any chance that DNS gets resolved to one of several IPs, one of which collects these emails and uses them for spam (or perhaps is infected with a virus)? I would look for any IPs based in russia as the prime suspects, because this email contains russian text and appears to be originated there. What's worse is that 25 minutes after this spam, i received another one of similar content. Please help save me and others from this plague of the Internet. I entrusted apache.org with this address, and hope we can keep it between us. P.S. If there are other people who received similar emails, please let me, the admins, or the list know. If you let only me know, i will accumulate the number of people affected and forward this to an admin. P.P.S. I see that emails are protected in the archives publicly published, and i think this issue is in the same category. Thanks, [EMAIL PROTECTED] wrote: >russian(win-1251): > >! > >?? ??? ? ??? ? ? ?? ?? ?? >"Photo document", ??? . ??? ?? ?? . >?? ? ??, ? ??? ? >[TID#4977]. ??, ? ? : > > [TID#4977] > >? ? (subject) ??? ??? ?? ??? . >??? ? ??? ??? ?? ??? ?? (reply). > >C ?, >?? ??? ? >??? ?-10 >http://www.m-10.ru > >english: > >Greetings, > >This message has been automatically generated in response to your message >regarding "Photo document", the content of which appears below. There >is no need to reply to it now. Support has received your message and it has >been assigned a ticket ID of [TID#4977]. Please include the string: > > [TID#4977] > >in the subject line of all future correspondence about this problem. >To do so, you may reply to this message. > >WBR, >Support Team >Hosting Operator M-10 >http://www.m-10.ru >Original Message- > >Please, photo document. >Yours sincerely > >+++ X-Attachment-Type: document >+++ X-Attachment-Status: no virus found >+++ Powered by the new F-Secure OnlineAntiVirus >+++ Visit us: www.f-secure.com > > > >-Headers Follow-- >Received: from [EMAIL PROTECTED] > by office.m-10.ru (CommuniGate Pro GROUP 4.1.8) > with GROUP id 1745058; Mon, 12 Apr 2004 17:13:05 +0400 >Received: from [62.5.188.222] (HELO office.m-10.ru) > by office.m-10.ru (CommuniGate Pro SMTP 4.1.8) > with ESMTP id 1745042 for [EMAIL PROTECTED]; Mon, 12 Apr 2004 17:12:58 +0400 >X-Antivirus: Checked by Dr.Web (http://www.drweb.net) >From: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Photo document >Date: Mon, 12 Apr 2004 17:11:48 +0400 >MIME-Version: 1.0 >Content-Type: multipart/mixed; > boundary="=_NextPart_000_0016=_NextPart_000_0016" >X-Priority: 3 >X-Msmail-Priority: Normal >Message-Id: <[EMAIL PROTECTED]> > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Spam vulnerability at apache (was: Re: Photo document [TID#4977])
Hi, I extremely apologize for this message, but i think this needs to be figured out. I just yesterday registered my new email address with tomcat-dev, and i received the spam below almost immediately thereafter. Only a few people are aware of this email address, so the origin of spam info 99% appears to be tomcat-dev registration. Is there any chance that DNS gets resolved to one of several IPs, one of which collects these emails and uses them for spam (or perhaps is infected with a virus)? I would look for any IPs based in russia as the prime suspects, because this email contains russian text and appears to be originated there. What's worse is that 25 minutes after this spam, i received another one of similar content. Please help save me and others from this plague of the Internet. I entrusted apache.org with this address, and hope we can keep it between us. P.S. If there are other people who received similar emails, please let me, the admins, or the list know. If you let only me know, i will accumulate the number of people affected and forward this to an admin. P.P.S. I see that emails are protected in the archives publicly published, and i think this issue is in the same category. Thanks, [EMAIL PROTECTED] wrote: russian(win-1251): Приветствуем! Данное уведомление автоматически создано в ответ на Ваше письмо на тему "Photo document", приведенное ниже. Вам не надо отвечать на него. Служба поддержки клиентов получила Ваше письмо, и ему присвоен идентификатор [TID#4977]. Пожалуйста, включайте следующий блок: [TID#4977] в заголовок (subject) всей последующей корреспонденции на эту тему. Это можно сделать отвечая на это письмо (reply). C уважением, служба технической поддержки клиентов Хостинг оператор М-10 http://www.m-10.ru english: Greetings, This message has been automatically generated in response to your message regarding "Photo document", the content of which appears below. There is no need to reply to it now. Support has received your message and it has been assigned a ticket ID of [TID#4977]. Please include the string: [TID#4977] in the subject line of all future correspondence about this problem. To do so, you may reply to this message. WBR, Support Team Hosting Operator M-10 http://www.m-10.ru Original Message- Please, photo document. Yours sincerely +++ X-Attachment-Type: document +++ X-Attachment-Status: no virus found +++ Powered by the new F-Secure OnlineAntiVirus +++ Visit us: www.f-secure.com -Headers Follow-- Received: from [EMAIL PROTECTED] by office.m-10.ru (CommuniGate Pro GROUP 4.1.8) with GROUP id 1745058; Mon, 12 Apr 2004 17:13:05 +0400 Received: from [62.5.188.222] (HELO office.m-10.ru) by office.m-10.ru (CommuniGate Pro SMTP 4.1.8) with ESMTP id 1745042 for [EMAIL PROTECTED]; Mon, 12 Apr 2004 17:12:58 +0400 X-Antivirus: Checked by Dr.Web (http://www.drweb.net) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Photo document Date: Mon, 12 Apr 2004 17:11:48 +0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0016=_NextPart_000_0016" X-Priority: 3 X-Msmail-Priority: Normal Message-Id: <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
