[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spammed by ICQ ???



 >> No, it's EXACTLY what's going on. I only posted ONE of the logs
 >> (namely the error log), but others proove that ICQ's little toy
 >> automatically sends mail to root@dynamic-port.domain as SPAM if
 >> someone is trying to reach a netizen who isn't using ICQ.
 >
 >The essence of ICQ is being able to work out your dynamic hostname
 >How did they work out yours when you don't have ICQ? 
 
You don't need to have ICQ to allow people to figure out your IP.
When this happened, I asked my ISP if he had any holes.  He said
something about one of the basic system tools allowing anyone who
sends the right command to parse the user list from outside.

Also, some providers have a user detection script and allow users
to access it publicly.  Primenet has a Perl script called wwwhome.pl
that reroutes an HTTP link on your regular web to your dynamic IP.

 >Again, it's theoretically impossible that they worked out your 
 >dynamic hostname as long as you don't run ICQ, (and why would 
 >they go through the trouble if they can simply send you a mail
 >the normal way).

All they do is send mail to whoever@ip999.domain as a promo.
I NEVER received anything from them through regular e-mail.

 >They [Mirabilis] just sent you a mail (as ordered by whoever
 >tried to page you btw!!) and your smtpd went bananas after 
 >it somehow ended up in the wrong place (atfer deliverance).

Oddly enough, I don't even have a clue WHO this bozo who tried
paging me using ICQ is.

 >And btw, I don't know if the log you posted was complete, 
 >but I didn't see a host from mirabilis at the top of the
 >list sending it to you over smail. 

Here's the whole header again (quoted from my original posting):

#Received: from free.mirabilis.com by TT030 with smtp
#(Smail3.1.29.5 #1) id m0yC6ck-0001SHC; Mon, 9 Mar 98 12:46 EST
#Received: from wwp.mirabilis.com (ftp.mirabilis.com [208.202.84.44]) by free.mirabilis.com (8.8.3/8.8.3) with SMTP id XAA26581 for 7thsphere@dial81.megacom.net; Thu, 5 Mar 1998 23:23:39 -0500 (EST)
#Date: Thu, 5 Mar 1998 23:23:39 -0500 (EST)
#From: ICQ Account <icq@icq.com>
#Message-Id: <199803060423.XAA26581@free.mirabilis.com>
#To: 7thsphere@dial81.megacom.net
#MIME-Version: 1.0
#Content-Type: text/html; charset=us-ascii
#Subject: Eric Hébert <hellfier@geocities.com> wishes to contact you on the ICQ Network.
#Content-Transfer-Encoding: quoted-printable
#X-MIME-Autoconverted: from 8bit to quoted-printable by free.mirabilis.com id XAA26581

 >> My only mistake was leaving SMPTD enabled after installing KGMD.
 >> It's now disabled for good.
 >
 >Btw, you're right that the doc should include a clear warning to browse
 >through your inetd.conf and switch off any daemon you don't need. 
 
There are MANY thing that are not properly documented.
Knarf's package is great, but it assumes WAY too much
familiarity with the whole Unix universe. 

Maybe that's why Average Joe finds it easier to install
MagiC instead of MiNT...

-----------------------------------------------------------------
From: Martin-Eric Racine FUNKYWARE http://www.megacom.net/~q-funk
Atari TT030 12/48 NVDI 4.11r0, MiNT 1.14.5, N.AES 1.1.0, GlueSTiK
-----------------------------------------------------------------
 Unsollicited material will be proof-read for $100 USD per word,
 payable within 10 days.  Submission of your advertisement to my
 address constitutes your formal acceptance of these terms.
-----------------------------------------------------------------
 <TITLE><BLINK><H1>No HTML Messages Please!</H1></BLINK></TITLE>