PGTS PGTS Pty. Ltd.   ACN: 007 008 568               Mobile Version Coming Soon

point Site Navigation







Valid HTML 4.01!






   Stop The Internet Filter!

   No Clean Feed

   The Internet Filter Is An Ex-parrot!





Feedback: January 2004, Published: February 2004

This month (January), the increasing incidence of spam from organisations has prompted a new article on the topic of "Organised Spam". (To be published February).

I have volunteered to be a Distributed Server Boycott List (DSBL) tester. I encountered a few minor problems installing the DSBL software on my mailhub, which is not Linux, but BSD. I have posted details in the hints section.

Feedback:

Hints for this month:

Spam Diaries:

FreeBSD: pkg_create: only one package name allowed ('to' extraneous)

Date: Sun, 11 Jan 2004 11:57:37 +1100
From: Gerry Patterson

Recently I downloaded the firestring package for BSD. I found a copy on
the web which was called firesting.tar.gz. This has to be unloaded into
/usr/ports/misc

I entered "make" which seemed to work ok. However when I typed "make install",
the following error appeared on the console:

------------------ Console output begins ------------------
./copy.sh firestring.h /usr/local/include root wheel 0644
===>   Generating temporary packing list
[: library: unexpected operator
===>   Compressing manual pages for firestring-0.9.6
===>   Running ldconfig
/sbin/ldconfig -m /usr/local/lib
===>   Registering installation for firestring-0.9.6
pkg_create: only one package name allowed ('to' extraneous)
usage: pkg_create [-YNOhvy] [-P pkgs] [-p prefix] [-f contents] [-i iscript]
                  [-I piscript] [-k dscript] [-K pdscript] [-r rscript]
                  [-t template] [-X excludefile] [-D displayfile]
                  [-m mtreefile] [-o origin] -c comment -d description
                  -f packlist pkg-name
*** Error code 1

Stop in /usr/ports/misc/firestring.
*** Error code 1
------------------ Console output ends -------------------

When I looked in the Makefile I found the following line:
COMMENT=        A library to make string handling easier in C

I changed this to:
COMMENT=        pkg_comment

I then created the file pkg_comment and placed this line in it:
A library to make string handling easier in C

I ran "make install" and it seemed ok.

I have notified the maintainer mentioned in the README. In the meantime
anyone else who has this problem can use the temporary fix above.

Back To Index

FreeBSD: -e: not found

Date: Mon, 12 Jan 2004 04:51:44 +1100
From: Gerry Patterson

While attempting to install the firedns package the following error
appeared when I cd to /usr/ports/dns/firedns and enter "make":

------------------ Console output begins ------------------
===>  Extracting for firedns-0.1.30
>> Checksum OK for firedns-0.1.30.tar.gz.
===>   firedns-0.1.30 depends on file: /usr/local/include/firestring.h - found
===>  Patching for firedns-0.1.30
===>  Applying FreeBSD patches for firedns-0.1.30
-e 's|/usr/local|/usr/local|'  /usr/ports/dns/firedns/work/firedns/firemake.cflags /usr/ports/dns/firedns/work/firedns/firemake.ldflags
-e: not found
*** Error code 127

Stop in /usr/ports/dns/firedns.
*** Error code 1
------------------ Console output ends --------------------

The Makefile contained the lines:
post-patch:
        ${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' \
                ${WRKSRC}/firemake.cflags ${WRKSRC}/firemake.ldflags

The string ${REINPLACE_CMD} was replaced with the ${SED}, so that the
lines now look like the following:
post-patch:
        ${SED} -e 's|/usr/local|${LOCALBASE}|' \
                ${WRKSRC}/firemake.cflags ${WRKSRC}/firemake.ldflags

Also in order to get the package registered, the category "dns" had to
be added to VALID_CATEGORIES in the file /usr/ports/Mk/bsd.port.mk.

Once again the Makefile contained the line:
COMMENT=        A C library for handling asynchronous DNS queries

This was changed to:
COMMENT=        pkg_comment

And the file pkg_comment was created with the single line:
A C library for handling asynchronous DNS queries

I will notify the maintainer mentioned in the README.

Back To Index

FreeBSD: Installing DSBL Software

Date: Mon, 12 Jan 2004 13:53:45 +1100
From: Gerry Patterson

The firestring and firedns packages were both required for the
dsbl-testers software. Also required was the MySQL client library. The
MySQL client is available on the ports collection CD. However, as
described previously, the firestring and firedns packages had a couple
of small problems. These were the packages that were downloaded from
http://ares.penguinhosting.net/~ian/

I have modified these packages and made them available at:
http://www.pgts.com.au/download/misc/ The two files are
firestring.dns.gz and firedns.tar.gz

After I got the firestring and firedns packages working, I tried
building the dsbl-testers software. It worked ok, except for the
following little problem. It created man files as follows:

/usr/share/man/man/man1/auth-relaytest.1
/usr/share/man/man/man1/socks5test.1
/usr/share/man/man/man1/socks4test.1
/usr/share/man/man/man1/relaytest.1
/usr/share/man/man/man1/httptest.1
/usr/share/man/man/man1/getcookie.1
/usr/share/man/man/man1/formmailtest.1
/usr/share/man/man/man1/spamtrap.1
/usr/share/man/man/man5/dsbl.conf.5

These need to be zipped and moved into their respective man folders
(i.e. /usr/share/man/man1 and /usr/share/man/man5), in order to be
usable. This may have arisen because of something I overlooked in
the installation process. If anyone knows what causes this send me an
e-mail with details.

Back To Index

Is this fraud?

Date: Tue, 13 Jan 2004 17:17:57 +1100
From: Tamara Saavedra

Dear Webmaster,

As Brian Robson, I have received a similar message, which I answered
to the person indicated. I do not know how exactly could this thing be a
fraud, but I am really interested in knowing to which extent this is
false and what I should do or if this a genuine winning. Thanks for your
attention, you can answer me to the e-mail address indicated or to
saavedra1@xxxxxxx.com

If you wish, I can send you the text which was sent to me but, I can
tell you that it is excatly like the one Mr Robson received.

Thanks again
Tamara

Ed: Tamara sent this e-mail from 203.45.80.98, after searching NineMSN
for Mega+international+lottery+promotion and being referred to the PGTS
site. The IP address is part of the Big Pond network for NSW. I was a
little puzzled by the fact that she had not heard of "The 419 Scam" and
yet she operated two e-mail accounts with Big Pond. Even more worrisome
was the fact that two nearby addresses (203.45.80.104, and
203.45.80.174), had been used to send e-mail. In fact, one of them
(203.45.80.104) had sent quite a lot of email!

I decided to take her e-mail on face value and sent the following:

Tamara,

You should know that no-one sends you e-mail with offers of money for no
reason (especially unbelievable six figure amounts).

If you have received such an e-mail, it is an attempt to commit fraud.
If you answer the e-mail, the perpetrator will attempt to engage you in
an e-mail dialogue, with the purpose of defrauding you. The sting is an
old one and actually pre-dates The Internet when it used to be known as
"Mail Fraud". These days it is often referred to as "Nigerian Spam" or
"The 419 Scam". There is a lot of information about this on The
Internet.

If you want to send me a copy of the mail you can. However, I will not
be able to take any action regarding the perpetrator unless you also
supply "The Headers".

To date, I have received no reply

Back To Index

Wants to do business in Bondi?

From: Sandy
Date: Wed, 14 Jan 2004 16:21:43 +1100 (EST)

Dear Webmaster,

Hi,

I am wondering if i want to do business in the bondi beach market, what
should I do? Who should i contact to?? and how much for rental??

Thks for yr help..

Ed: Sandy sent me an e-mail from hotmail.com after being referred to
"Brian's Blurb". Sandy dialed in from the a netblock owned by Flow
Communications. I sent the following e-mail

Sandy,

I am located in Melbourne. However if you want information regarding the
Bondi site, I suggest you check the website http://www.bondivillage.com/

Back To Index

More grist for the mill

From: reeceandkyla@optusnet.com.au
Date: Fri, 23 Jan 2004 09:25:53 +1100 (EST)

Hi,

I have just read your article on Lottery Scam....

I have also received the same e-mail stating that I had won US$500,000.
I did send back some details - name,adress and phone number etc...

Subsequently I received a phone call in the middle of the night, from a
so called Dr Dean O-Neal requesting a copy of my passport, bank account
details and of course 740euro as a processing fee.

Of course when he told me that I needed to send money... Alarm bells
rang...

But now I am concern that because I responded to his E-mail, that they
now could be accessing information from my computer...

I am not sure if you can give me some advise at all, on what I should
do... It is just that when searching for the lottery's name, your site
came up with your article.

Any advise would be greatly appreciated...

Kind regards
Kyla Mortensen.

Ed: I wrote to Kyla as follows:

    I'm glad to hear that you were alarmed about being asked for money.
    That is exactly how the fraud works! If anyone were foolish enough
    to send money, the perpertrator would ask for more ... and more ...
    and more etc.

    Look for "419 scam" in Google, you will see it explained there.

    You probably do not have to worry about your computer being attacked
    by this particular person. This is not to say that you should not be
    vigilent ... Microsoft software is very vulnerable to all manner of
    attacks! But this type of criminal is a con-man who is trying to
    swindle money from his victims. You certainly should not supply him
    with any more details about yourself or agree to meet (IRL) with him
    or his associates.

Generally the accepted wisdom is not to make contact with the would be
perpertrator. Although if you intended to report the matter to the
authorities it might help if you could give some information about him
(her). However it might be perilous to embark on such an exercise by
yourself.

Whether the authorities actually do anything about the attempted fraud
is another matter. It seems that while legislators are busy passing laws
against "spam", the many thousands of cases of attempted fraud, such as
this one, which occur daily, are not being pursued. You might wonder if
these obvious attempted criminal actions are not being prosecuted, how
then will the new laws against spam be enforced?

And, well you might wonder that ...

Back To Index

SPAM: Use this patch immediately !

From admin@duma.gov.ru Wed Jan 28 23:34:34 2004
Return-Path: <admin@duma.gov.ru>
Received: from gizmo02bw.bigpond.com (gizmo02bw.bigpond.com [144.140.70.12])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with SMTP id i0SCYVd38381
	for <admin@pgts04.xxxx.com.au>; Wed, 28 Jan 2004 23:34:31 +1100 (EST)
	(envelope-from admin@duma.gov.ru)
Date: Wed, 28 Jan 2004 23:34:31 +1100 (EST)
Message-Id: <200401281234.i0SCYVd38381@pgts04.xxxx.com.au>
Received: (qmail 28295 invoked from network); 28 Jan 2004 12:29:37 -0000
Received: from unknown (HELO bwmam03.bigpond.com) (144.135.24.75)
  by gizmo02bw.bigpond.com with SMTP; 28 Jan 2004 12:29:37 -0000
Received: from cpe-203-45-80-98.nsw.bigpond.net.au ([203.45.80.98]) by bwmam03.bigpond.com(MAM REL_3_4_2 20/83347055) with SMTP id 83347055; Wed, 28 Jan 2004 22:29:44 +1000
From: "Microsoft" <security@microsoft.com>
To: <admin@pgts04.xxxx.com.au>
Subject: Use this patch immediately !
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx"
Content-Length: 785
Lines: 26

--xxxx
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

--xxxx
Content-Type: application/download
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=patch.exe

-- MIME encoded attachement was included here --

--xxxx


--xxxx--

Ed: There have been three of these in fairly quick succession from
BigPond. Eventually I decided to ban BigPond dial-in. Some sites ban all
dial-in networks. The reasoning behind this is that: legitimate
e-mailers will relay via the ISP's MX rather than posting straight away
from the client dial-in. Once this virus thing goes away I will remove
some of the bans on dial-in networks.

Back To Index