[axxs-sysadmin] samizdat/borg - people registering with spam email addresses

Cameron Gregg cam at earthanarchy.org
Fri May 30 07:22:17 PDT 2008 

boud wrote:
> hi cam, everyone,
> 
> cam - you quoted on irc some emails sitting in the borg mail queue
> from the apache user to people with either obvious or suspicious
> looking email addresses, asking them to confirm their registration.
> 
> i don't expect that this is a serious problem, and if it is, then the
> problem is presumably common to samizdat and dupal.
> 
> For someone to have certain rights on the samizdat site, such as
> editing messages (= articles and/or comments and/or topic definitions
> etc.) which are marked by the original author (or a moderator) as
> editable, s/he must register using a login, a "full name" and a valid
> email address. If s/he reads her email and follows the instructions,
> then his/her account is confirmed (it can later on be blocked by a
> moderator, but this blocking action itself is logged in the public
> log: www.site.org/moderation and so is subject to community
> consensus.)
> 
> The emails you saw are examples when spammers try registering with
> a spam type email address, probably in the hope that they do not need
> to actually read their email and confirm their registration.
> 
> Sending confirmation information to spammers' apparent email addresses
> is an expected behaviour of the code - unless we introduce spam
> filtering on people's email addresses, which could be dangerous, and
> not necessarily solve any serious problem.
> 
> 
> Is there any problem with this?

Spammers are always a problem, but if it's just a few then it's not a 
serious one. I'd like to know how many the sites I'm administering are 
sending out. Whats good for logging this sort of stuff?



Currently borg is on a blacklist at tpgi, the ISP I'm using to connect 
to the net. Discussion with the techs haven't yielded much action yet. 
But they did say they banned a range of IP's, not borg in particular. I 
was hunting round for any signs of serious abusage on borg, that's why I 
  alerted borg when I found some logs coming from samizdat.

Cam


> 
> - user point of view - most users, who read samizdat generated
> webpages, will not realise that spammers have tried to create logins
> 
> - moderator point of view - if you see someone with an obvious spam
> type login name doing obviously spam type edits, then it should be
> uncontroversial to block that user.
> 
> - server point of view - the server at most sends out one message with
> confirmation info for each attempted registration, and sends it to the
> address typed in - this is surely useless for serious spamming - at
> worst, you could get a few people annoyed by causing them to receive
> frequent messages in their mailboxes with content like "you tried to
> register on the samizdat site ABCDEF.org - if you wish to confirm
> this, then please do XYZ." [i won't give details on the public list,
> though of course it's in the source code.] However, i don't see why a
> spammer would have any motivation to enter what s/he thinks are real
> email addresses of other people into the registration system.
> 
> - server mail queue point of view - emails sent from the apache user
> to fake addresses will presumably sit in the queue, be retried after
> 30 min, a few hours, 24 hours, 48 hours, 1 week, and then be bounced
> back to the apache user.  i guess someone would have to clean out the
> apache user's email box once a year or so, or filter it or logrotate
> it or whatever. At the moment it seems to me at most a handful of
> registration attempts per week, if we get 365 short emails in a year
> sitting in the apache user's box, that shouldn't hurt too much...
> 
> 
> 
> horizontalidad
> boud
> _______________________________________________
> axxs-sysadmin mailing list
> axxs-sysadmin at lists.indymedia.org
> http://lists.indymedia.org/mailman/listinfo/axxs-sysadmin
>

More information about the axxs-sysadmin mailing list