[tor-bugs] #34256 [Internal Services/Tor Sysadmin Team]: jerks using our mailman to spam people

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 20 18:57:18 UTC 2020 

#34256: jerks using our mailman to spam people
-----------------------------------------------------+-----------------
     Reporter:  arma                                 |      Owner:  tpa
         Type:  defect                               |     Status:  new
     Priority:  Medium                               |  Milestone:
    Component:  Internal Services/Tor Sysadmin Team  |    Version:
     Severity:  Normal                               |   Keywords:
Actual Points:                                       |  Parent ID:
       Points:                                       |   Reviewer:
      Sponsor:                                       |
-----------------------------------------------------+-----------------
 There are repeated patterns, and repeated complaints especially lately, of
 jerks signing up "victim" addresses to dozens of mailing lists. In our
 case, the victims don't actually end up on the list, because they don't
 confirm the subscription. But they get dozens of "reply to confirm!"
 mails, which causes stress and confusion and anger.

 /var/log/mailman/subscribe on eugeni is where the interesting info is.

 You can see clear patterns of some jerk trying to subscribe target
 addresses to a half dozen Tor lists at once. It happens again and again
 and again.

 Each request comes from a different address around the internet. It looks
 like a standard botnet. I hear from the victims that they're being
 subscribed to other non-Tor lists too, so we are just one piece of the
 mess.

 One distinguishing pattern seems to be that their subscribe attempts come
 with a random two word name before the email address. "Who does that?"

 We've handled (responded to) almost 55000 subscription attempts in May
 so far, and I'd wager that 90+% of them are malicious.

 I imagine the primary goal is to harm the victims, but there is secondary
 harm, where eugeni ends up in more blacklists. And also many people have
 their first introduction to Tor being this abuse.

 Maybe we can hack mailman to discard attempts that include a two-word
 name? Is there some way to moderate the subscription attempts? Do we even
 want that? Maybe we should disable email subscription interactions with
 mailman entirely?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34256>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list