[CW] Phishing/Spam (was: Re: Important notice to All Amazon Customers)

D.J.J. Ring, Jr. n1ea at arrl.net
Sun Aug 6 19:07:46 EDT 2017 

Hello Scott,

The hacking  - in the  common way it's understood - involves more than
forced entry into web sites, it involves manipulation of programs:  The
hacker arranged his email program to spoof the moderators of various
QSL.net email accounts.  I wouldn't have suspected that such was possible
without hacking something, either the qth or qsl web sites, mail servers,
or something - and the most probable was that the hacker set up a script to
copy the administrators of  the various lists and send emails with that
address.

I'd call that "hacking" but maybe I use the term incorrectly, if so I
apologize for any inaccuracy, my intention was only to help you and head
off any problems.

I thought you'd like to know about it - maybe block emails from the senders
IP address, or check the moderator's addresses against their correct IP
addresses.

I was trying  to do a good thing for you.

Best wishes and thanks for all you do for us,

David N1EA


On Sun, Aug 6, 2017 at 4:54 PM, Scott Neader <scott at qth.com> wrote:

> As Fabian has mentioned, the behavior is perfectly normal, there is no
> "hacking" going on.
>
> As a list administrator, if you are subscribed using the same email as you
> use to administer the list, you can set your own email as "moderated",
> requiring admin approval before you post.
>
> Or, you can use a different email for administration, as you do for
> posting (thus, the public admin email would not be able to post)
>
> - Scott KA9FOX
>
> On Sat, Aug 5, 2017 at 11:07 AM, D.J.J. Ring, Jr. <n1ea at arrl.net> wrote:
>
>> Thank you. Fabian.  I have contacted Scott Neader KA9FOX who runs these
>> groups.
>>
>> 73
>>
>> DR
>>
>>
>>
>> On Aug 5, 2017 11:53 AM, "Fabian Kurz" <fabian at fkurz.net> wrote:
>>
>>> On Sat, Aug 05, 2017 at 11:39:12AM -0400, D.J.J. Ring, Jr. wrote:
>>> > Agreed.  Someone has hacked QSL.net and posted  messages as  if  they
>>> were
>>> > from the owners of this group, N4XY and  myself.
>>>
>>> No worries, this doesn't look like a security breach / hack.
>>>
>>> Anyone can simply look up the list owners at the publicly available
>>> list info (http://mailman.qth.net/mailman/listinfo/cw) and it's fair
>>> to assume that the owners of the group are allowed to post; therefore
>>> spammers use these addresses to send spam/phishing etc. to the list.
>>>
>>> I see this pattern a lot on mailman lists. Annoying, indeed.
>>>
>>> 73
>>> Fabian, DJ1YFK
>>>
>>> --
>>> Fabian Kurz, DJ1YFK      Munich, Germany
>>> fabian at fkurz.net         +49(176)24079617 <+49%20176%2024079617>
>>> https://fkurz.net/       Go Vegan!
>>> ______________________________________________________________
>>> CW mailing list
>>> Home: http://mailman.qth.net/mailman/listinfo/cw
>>> Help: http://mailman.qth.net/mmfaq.htm
>>> Post: mailto:CW at mailman.qth.net
>>> CW List ARCHIVES: http://mailman.qth.net/pipermail/cw/
>>> Unsubcribe send email to
>>> cw-unsubscribe at mailman.qth.net
>>> Subscribe send email to cw-subscribe at mailman.qth.net
>>> Support this email list: http://www.qsl.net/donate.html
>>>
>>> =30=
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/cw/attachments/20170806/118f8b86/attachment-0001.html>

More information about the CW mailing list