This happened two or three weeks ago and it's happening again. Spammers are using Nabble to attack R-Help. The psts are signed radhi and the posts' titles are taken from previous posts and therefore seem authentic but all messages end with "click here". I suggest you don't. And don't rply to this "radhi" And again on a weekend. Rui Barradas
Spammer radhi
3 messages · Rui Barradas, Duncan Murdoch, Martin Maechler
On 23/12/2012 1:46 PM, Rui Barradas wrote:
This happened two or three weeks ago and it's happening again. Spammers are using Nabble to attack R-Help. The psts are signed radhi and the posts' titles are taken from previous posts and therefore seem authentic but all messages end with "click here". I suggest you don't. And don't rply to this "radhi"
A simple solution to the Nabble problem is to filter on the "Message-ID" and "References" header. If either of them contains the string "nabble.com", then the message was either posted from Nabble or is a reply to a message that was posted from Nabble. Delete both types, and Nabble ceases to be a problem. Duncan Murdoch
Duncan Murdoch <murdoch.duncan at gmail.com>
on Sun, 23 Dec 2012 13:59:08 -0500 writes:
> On 23/12/2012 1:46 PM, Rui Barradas wrote:
>> This happened two or three weeks ago and it's happening
>> again. Spammers are using Nabble to attack R-Help.
indeed. What a bad way to misuse Christmas holidays..
>> The psts are signed radhi and the posts' titles are taken
>> from previous posts and therefore seem authentic but all
>> messages end with "click here". I suggest you don't. And
>> don't rply to this "radhi"
> A simple solution to the Nabble problem is to filter on
> the "Message-ID" and "References" header. If either of
> them contains the string "nabble.com", then the message
> was either posted from Nabble or is a reply to a message
> that was posted from Nabble. Delete both types, and Nabble
> ceases to be a problem.
> Duncan Murdoch
Indeed.
... and we could do this on the R-help server side already.
After the last attack, we already took quite some effort to
still use our spam filter results and combine with the fact that
a posting came from Nabble, and then directly *rejected* the
message when it was looked ``possibly like spam'' and was from
Nabble.
As the new attack seems to have been smarter even, we must
consider to become even harder, and completely disallow posting
from Nabble.
This would be somewhat a problem: I had been told that some
people use Nabble in order to be able to reply to messages "in
the correct thread" (which is good), which they cannot easily otherwise.
At the moment, I tighten the filters but do not yet
completely stop Nabble.
Martin Maechler, ETH Zurich