[Mailman-Users] Mailman under attack

Fil fil at rezo.net
Thu Nov 14 19:50:53 CET 2013

The attachment was deleted, you can find it here:

zip containing the attacker's page source:

-- Fil

On Thu, Nov 14, 2013 at 7:32 PM, Fil <fil at rezo.net> wrote:

> Hello,
> I just noticed a lot of backscatter spam, my Mailman installation was
> starting to send subscription verifications to a lot of
> ALLCAPS at hotmail.com addresses, on a test list that no one is supposed to
> be using.
> I traced it to this site :
> http://4478.a.hostable.me/vinabot/bommail/Boom.html
> if you view source you will see that it opens a lot of iframes on 284
> Mailman installations, and tries to auto-subscribe its victims email
> adresses to different lists (392 in total).
> I have put the page HTML source as well as the list of targeted servers
> and lists in the attached zip file.
> Do you know how to stop this efficiently?
>  -- Fil

More information about the Mailman-Users mailing list