Feedback: January 2004, Published: February 2004
This month (January), the increasing incidence of spam from organisations has prompted a new article on the topic of "Organised Spam". (To be published February).
I have volunteered to be a Distributed Server Boycott List (DSBL) tester. I encountered a few minor problems installing the DSBL software on my mailhub, which is not Linux, but BSD. I have posted details in the hints section.
Feedback:
Hints for this month:
- FreeBSD: pkg_create: only one package name allowed ('to' extraneous)
- FreeBSD: -e: not found
- FreeBSD: Installing DSBL Software
Spam Diaries:
FreeBSD: pkg_create: only one package name allowed ('to' extraneous)
Date: Sun, 11 Jan 2004 11:57:37 +1100 From: Gerry Patterson Recently I downloaded the firestring package for BSD. I found a copy on the web which was called firesting.tar.gz. This has to be unloaded into /usr/ports/misc I entered "make" which seemed to work ok. However when I typed "make install", the following error appeared on the console: ------------------ Console output begins ------------------ ./copy.sh firestring.h /usr/local/include root wheel 0644 ===> Generating temporary packing list [: library: unexpected operator ===> Compressing manual pages for firestring-0.9.6 ===> Running ldconfig /sbin/ldconfig -m /usr/local/lib ===> Registering installation for firestring-0.9.6 pkg_create: only one package name allowed ('to' extraneous) usage: pkg_create [-YNOhvy] [-P pkgs] [-p prefix] [-f contents] [-i iscript] [-I piscript] [-k dscript] [-K pdscript] [-r rscript] [-t template] [-X excludefile] [-D displayfile] [-m mtreefile] [-o origin] -c comment -d description -f packlist pkg-name *** Error code 1 Stop in /usr/ports/misc/firestring. *** Error code 1 ------------------ Console output ends ------------------- When I looked in the Makefile I found the following line: COMMENT= A library to make string handling easier in C I changed this to: COMMENT= pkg_comment I then created the file pkg_comment and placed this line in it: A library to make string handling easier in C I ran "make install" and it seemed ok. I have notified the maintainer mentioned in the README. In the meantime anyone else who has this problem can use the temporary fix above.
FreeBSD: -e: not found
Date: Mon, 12 Jan 2004 04:51:44 +1100 From: Gerry Patterson While attempting to install the firedns package the following error appeared when I cd to /usr/ports/dns/firedns and enter "make": ------------------ Console output begins ------------------ ===> Extracting for firedns-0.1.30 >> Checksum OK for firedns-0.1.30.tar.gz. ===> firedns-0.1.30 depends on file: /usr/local/include/firestring.h - found ===> Patching for firedns-0.1.30 ===> Applying FreeBSD patches for firedns-0.1.30 -e 's|/usr/local|/usr/local|' /usr/ports/dns/firedns/work/firedns/firemake.cflags /usr/ports/dns/firedns/work/firedns/firemake.ldflags -e: not found *** Error code 127 Stop in /usr/ports/dns/firedns. *** Error code 1 ------------------ Console output ends -------------------- The Makefile contained the lines: post-patch: ${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' \ ${WRKSRC}/firemake.cflags ${WRKSRC}/firemake.ldflags The string ${REINPLACE_CMD} was replaced with the ${SED}, so that the lines now look like the following: post-patch: ${SED} -e 's|/usr/local|${LOCALBASE}|' \ ${WRKSRC}/firemake.cflags ${WRKSRC}/firemake.ldflags Also in order to get the package registered, the category "dns" had to be added to VALID_CATEGORIES in the file /usr/ports/Mk/bsd.port.mk. Once again the Makefile contained the line: COMMENT= A C library for handling asynchronous DNS queries This was changed to: COMMENT= pkg_comment And the file pkg_comment was created with the single line: A C library for handling asynchronous DNS queries I will notify the maintainer mentioned in the README.
FreeBSD: Installing DSBL Software
Date: Mon, 12 Jan 2004 13:53:45 +1100 From: Gerry Patterson The firestring and firedns packages were both required for the dsbl-testers software. Also required was the MySQL client library. The MySQL client is available on the ports collection CD. However, as described previously, the firestring and firedns packages had a couple of small problems. These were the packages that were downloaded from http://ares.penguinhosting.net/~ian/ I have modified these packages and made them available at: http://www.pgts.com.au/download/misc/ The two files are firestring.dns.gz and firedns.tar.gz After I got the firestring and firedns packages working, I tried building the dsbl-testers software. It worked ok, except for the following little problem. It created man files as follows: /usr/share/man/man/man1/auth-relaytest.1 /usr/share/man/man/man1/socks5test.1 /usr/share/man/man/man1/socks4test.1 /usr/share/man/man/man1/relaytest.1 /usr/share/man/man/man1/httptest.1 /usr/share/man/man/man1/getcookie.1 /usr/share/man/man/man1/formmailtest.1 /usr/share/man/man/man1/spamtrap.1 /usr/share/man/man/man5/dsbl.conf.5 These need to be zipped and moved into their respective man folders (i.e. /usr/share/man/man1 and /usr/share/man/man5), in order to be usable. This may have arisen because of something I overlooked in the installation process. If anyone knows what causes this send me an e-mail with details.
Is this fraud?
Date: Tue, 13 Jan 2004 17:17:57 +1100 From: Tamara Saavedra Dear Webmaster, As Brian Robson, I have received a similar message, which I answered to the person indicated. I do not know how exactly could this thing be a fraud, but I am really interested in knowing to which extent this is false and what I should do or if this a genuine winning. Thanks for your attention, you can answer me to the e-mail address indicated or to saavedra1@xxxxxxx.com If you wish, I can send you the text which was sent to me but, I can tell you that it is excatly like the one Mr Robson received. Thanks again Tamara Ed: Tamara sent this e-mail from 203.45.80.98, after searching NineMSN for Mega+international+lottery+promotion and being referred to the PGTS site. The IP address is part of the Big Pond network for NSW. I was a little puzzled by the fact that she had not heard of "The 419 Scam" and yet she operated two e-mail accounts with Big Pond. Even more worrisome was the fact that two nearby addresses (203.45.80.104, and 203.45.80.174), had been used to send e-mail. In fact, one of them (203.45.80.104) had sent quite a lot of email! I decided to take her e-mail on face value and sent the following: Tamara, You should know that no-one sends you e-mail with offers of money for no reason (especially unbelievable six figure amounts). If you have received such an e-mail, it is an attempt to commit fraud. If you answer the e-mail, the perpetrator will attempt to engage you in an e-mail dialogue, with the purpose of defrauding you. The sting is an old one and actually pre-dates The Internet when it used to be known as "Mail Fraud". These days it is often referred to as "Nigerian Spam" or "The 419 Scam". There is a lot of information about this on The Internet. If you want to send me a copy of the mail you can. However, I will not be able to take any action regarding the perpetrator unless you also supply "The Headers". To date, I have received no reply
Wants to do business in Bondi?
From: Sandy Date: Wed, 14 Jan 2004 16:21:43 +1100 (EST) Dear Webmaster, Hi, I am wondering if i want to do business in the bondi beach market, what should I do? Who should i contact to?? and how much for rental?? Thks for yr help.. Ed: Sandy sent me an e-mail from hotmail.com after being referred to "Brian's Blurb". Sandy dialed in from the a netblock owned by Flow Communications. I sent the following e-mail Sandy, I am located in Melbourne. However if you want information regarding the Bondi site, I suggest you check the website http://www.bondivillage.com/
More grist for the mill
From: reeceandkyla@optusnet.com.au Date: Fri, 23 Jan 2004 09:25:53 +1100 (EST) Hi, I have just read your article on Lottery Scam.... I have also received the same e-mail stating that I had won US$500,000. I did send back some details - name,adress and phone number etc... Subsequently I received a phone call in the middle of the night, from a so called Dr Dean O-Neal requesting a copy of my passport, bank account details and of course 740euro as a processing fee. Of course when he told me that I needed to send money... Alarm bells rang... But now I am concern that because I responded to his E-mail, that they now could be accessing information from my computer... I am not sure if you can give me some advise at all, on what I should do... It is just that when searching for the lottery's name, your site came up with your article. Any advise would be greatly appreciated... Kind regards Kyla Mortensen. Ed: I wrote to Kyla as follows: I'm glad to hear that you were alarmed about being asked for money. That is exactly how the fraud works! If anyone were foolish enough to send money, the perpertrator would ask for more ... and more ... and more etc. Look for "419 scam" in Google, you will see it explained there. You probably do not have to worry about your computer being attacked by this particular person. This is not to say that you should not be vigilent ... Microsoft software is very vulnerable to all manner of attacks! But this type of criminal is a con-man who is trying to swindle money from his victims. You certainly should not supply him with any more details about yourself or agree to meet (IRL) with him or his associates. Generally the accepted wisdom is not to make contact with the would be perpertrator. Although if you intended to report the matter to the authorities it might help if you could give some information about him (her). However it might be perilous to embark on such an exercise by yourself. Whether the authorities actually do anything about the attempted fraud is another matter. It seems that while legislators are busy passing laws against "spam", the many thousands of cases of attempted fraud, such as this one, which occur daily, are not being pursued. You might wonder if these obvious attempted criminal actions are not being prosecuted, how then will the new laws against spam be enforced? And, well you might wonder that ...
SPAM: Use this patch immediately !
From admin@duma.gov.ru Wed Jan 28 23:34:34 2004 Return-Path: <admin@duma.gov.ru> Received: from gizmo02bw.bigpond.com (gizmo02bw.bigpond.com [144.140.70.12]) by pgts04.xxxx.com.au (8.11.6/8.11.6) with SMTP id i0SCYVd38381 for <admin@pgts04.xxxx.com.au>; Wed, 28 Jan 2004 23:34:31 +1100 (EST) (envelope-from admin@duma.gov.ru) Date: Wed, 28 Jan 2004 23:34:31 +1100 (EST) Message-Id: <200401281234.i0SCYVd38381@pgts04.xxxx.com.au> Received: (qmail 28295 invoked from network); 28 Jan 2004 12:29:37 -0000 Received: from unknown (HELO bwmam03.bigpond.com) (144.135.24.75) by gizmo02bw.bigpond.com with SMTP; 28 Jan 2004 12:29:37 -0000 Received: from cpe-203-45-80-98.nsw.bigpond.net.au ([203.45.80.98]) by bwmam03.bigpond.com(MAM REL_3_4_2 20/83347055) with SMTP id 83347055; Wed, 28 Jan 2004 22:29:44 +1000 From: "Microsoft" <security@microsoft.com> To: <admin@pgts04.xxxx.com.au> Subject: Use this patch immediately ! MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="xxxx" Content-Length: 785 Lines: 26 --xxxx Content-Type: text/plain; Content-Transfer-Encoding: 7bit Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected! --xxxx Content-Type: application/download Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=patch.exe -- MIME encoded attachement was included here -- --xxxx --xxxx-- Ed: There have been three of these in fairly quick succession from BigPond. Eventually I decided to ban BigPond dial-in. Some sites ban all dial-in networks. The reasoning behind this is that: legitimate e-mailers will relay via the ISP's MX rather than posting straight away from the client dial-in. Once this virus thing goes away I will remove some of the bans on dial-in networks.