Hi, On the Spanish mail list, I added a header check. All mail which have user-agent=HyperKitty on https://lists.opensuse.org/ are now moderated. Reason is that the list has got recently (September) a dozen or more English language spam, all coming via that interface, from "non members" apparently. Somehow spammers found a hole and they are exploiting it. Interesting thing is, the first hit provoked a reply from the spammer, sent to users-es-owner@lists.opensuse.org. It is possible that they interpret the rejection post as a "reply to our spam" that triggers a "reply to customer" automatically. If that is so, I may eventually have to silently reject or delete all email from hiperkitty. It would then be preferable to simply close the page, in order to not confuse possible good faith posters. Curio: https://lists.opensuse.org/manage/lists/users-es.lists.opensuse.org/members/... has 9491 entries including this last attempt. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
On Do, Sep 14 2023 at 07:58:53 -0400, Carlos E. R.
Hi,
On the Spanish mail list, I added a header check. All mail which have user-agent=HyperKitty on https://lists.opensuse.org/ are now moderated.
Reason is that the list has got recently (September) a dozen or more English language spam, all coming via that interface, from "non members" apparently. Somehow spammers found a hole and they are exploiting it.
Would you be able to compile a list of addresses of the spammers? I would like to see if maybe removing some login provider would let us avoid this situation. The last attempt I can see came from google login and a gmail address, which are well known for being simple for spammers to set up. That being said, it's not like SUSE Community Accounts are any harder to set up anyway.
Interesting thing is, the first hit provoked a reply from the spammer, sent to users-es-owner@lists.opensuse.org. It is possible that they interpret the rejection post as a "reply to our spam" that triggers a "reply to customer" automatically.
If that is so, I may eventually have to silently reject or delete all email from hiperkitty. It would then be preferable to simply close the page, in order to not confuse possible good faith posters.
Feel free to suggest that as a feature to hyperkitty upstream, we don't really have a way to do that right now. LCP [Jake] https://lcp.world/
On 2023-09-14 08:09, Jacob Michalskie wrote:
On Do, Sep 14 2023 at 07:58:53 -0400, Carlos E. R.
wrote: Hi,
On the Spanish mail list, I added a header check. All mail which have user-agent=HyperKitty on https://lists.opensuse.org/ are now moderated.
Reason is that the list has got recently (September) a dozen or more English language spam, all coming via that interface, from "non members" apparently. Somehow spammers found a hole and they are exploiting it.
Would you be able to compile a list of addresses of the spammers? I would like to see if maybe removing some login provider would let us avoid this situation. The last attempt I can see came from google login and a gmail address, which are well known for being simple for spammers to set up. That being said, it's not like SUSE Community Accounts are any harder to set up anyway.
I will look at it later, yes. Maybe this evening. (huh, "members" above I understand means list subscribers) I suspect that such a list could be grepped from the mail archive looking for the user-agent string, though. I will instead search my spam folder.
Interesting thing is, the first hit provoked a reply from the spammer, sent to users-es-owner@lists.opensuse.org. It is possible that they interpret the rejection post as a "reply to our spam" that triggers a "reply to customer" automatically.
If that is so, I may eventually have to silently reject or delete all email from hiperkitty. It would then be preferable to simply close the page, in order to not confuse possible good faith posters.
Feel free to suggest that as a feature to hyperkitty upstream, we don't really have a way to do that right now.
Ah, ok. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
On 2023-09-14 09:04, Carlos E. R. wrote:
On 2023-09-14 08:09, Jacob Michalskie wrote:
On Do, Sep 14 2023 at 07:58:53 -0400, Carlos E. R.
wrote: Hi,
On the Spanish mail list, I added a header check. All mail which have user-agent=HyperKitty on https://lists.opensuse.org/ are now moderated.
Reason is that the list has got recently (September) a dozen or more English language spam, all coming via that interface, from "non members" apparently. Somehow spammers found a hole and they are exploiting it.
Would you be able to compile a list of addresses of the spammers? I would like to see if maybe removing some login provider would let us avoid this situation. The last attempt I can see came from google login and a gmail address, which are well known for being simple for spammers to set up. That being said, it's not like SUSE Community Accounts are any harder to set up anyway.
I forgot about login providers! So that's how they can gain access.
I will look at it later, yes. Maybe this evening.
Currently held messages:
Currently held Messages:
Sender: drewroy0031@gmail.com
Subject: mrhealthfitness
Sender: adomosalvis@gmail.com
Subject: diggblog
Sender: adomosalvis@gmail.com
Subject: diggblog
Day before:
esha noor
On Fr, Sep 15 2023 at 08:25:51 -0400, Carlos E. R.
So, yes, mostly from gmail, but there is one from protonmail.
There was a bunch of spam about QuickBooks, so there is a rule in place for that subject since then.
Is the Spanish mail list the only one affected? The spam itself is in English.
Yeah, it seems like the spanish ml is the most affected one. Thanks for compiling that, I will have a look at this later LCP [Jake] https://lcp.world/
On 2023-09-14 15:04, Carlos E. R. wrote:
On 2023-09-14 08:09, Jacob Michalskie wrote:
On Do, Sep 14 2023 at 07:58:53 -0400, Carlos E. R.
wrote: Hi,
On the Spanish mail list, I added a header check. All mail which have user-agent=HyperKitty on https://lists.opensuse.org/ are now moderated.
Reason is that the list has got recently (September) a dozen or more English language spam, all coming via that interface, from "non members" apparently. Somehow spammers found a hole and they are exploiting it.
Just to mention that we get one or two hits daily. Someone must have a script for this hole. Not a problem, I just have to click "discard", just makes life a bit more entertaining ;-) Still curious why only the Spanish list is hit. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
On Mi, Sep 27 2023 at 12:36:02 +02:00:00, Carlos E. R.
Just to mention that we get one or two hits daily. Someone must have a script for this hole.
Not a problem, I just have to click "discard", just makes life a bit more entertaining ;-)
Still curious why only the Spanish list is hit.
I temporarily removed the ability to log in with google, let's see if we get any more of the spam and reports of genuine users trying to log in. LCP [Jake] https://lcp.world/
On 2023-09-27 12:39, Jacob Michalskie wrote:
On Mi, Sep 27 2023 at 12:36:02 +02:00:00, Carlos E. R.
wrote: Just to mention that we get one or two hits daily. Someone must have a script for this hole.
Not a problem, I just have to click "discard", just makes life a bit more entertaining ;-)
Still curious why only the Spanish list is hit.
I temporarily removed the ability to log in with google, let's see if we get any more of the spam and reports of genuine users trying to log in.
LCP [Jake] https://lcp.world/
Ah! Interesting. We'll see. Last hit was this morning at 12:06 CEST. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))
participants (3)
-
Carlos E. R.
-
Carlos E. R.
-
Jacob Michalskie