[Mailman-Users] Mailman under attack
Fil
fil at rezo.net
Thu Nov 14 19:50:53 CET 2013
The attachment was deleted, you can find it here:
targets:
https://www.dropbox.com/s/d6ddmgx3iljubot/boom-backscatter-targets.txt
zip containing the attacker's page source:
https://www.dropbox.com/s/tlofz5wg8l8w47a/boom-backscatter.zip
-- Fil
On Thu, Nov 14, 2013 at 7:32 PM, Fil <fil at rezo.net> wrote:
> Hello,
>
> I just noticed a lot of backscatter spam, my Mailman installation was
> starting to send subscription verifications to a lot of
> ALLCAPS at hotmail.com addresses, on a test list that no one is supposed to
> be using.
>
> I traced it to this site :
>
> http://4478.a.hostable.me/vinabot/bommail/Boom.html
>
> if you view source you will see that it opens a lot of iframes on 284
> Mailman installations, and tries to auto-subscribe its victims email
> adresses to different lists (392 in total).
>
> I have put the page HTML source as well as the list of targeted servers
> and lists in the attached zip file.
>
> Do you know how to stop this efficiently?
>
> -- Fil
>
More information about the Mailman-Users
mailing list