You are not logged in.

#1 2019-10-25 07:54:25

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 529
Website

[SOLVED] Has the arch-announce mailing list been hacked?

Today I got an email from the arch-announce mailing list:

Вас интересуют базы данных?
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announce

Did anybody else get this?
Was the mailing list system compromised?
Has data been leaked?

Last edited by schard (2019-10-25 23:37:01)

Offline

#2 2019-10-25 08:26:40

thewall
Member
Registered: 2012-09-17
Posts: 17

Re: [SOLVED] Has the arch-announce mailing list been hacked?

Hello. I came here this morning to write the same. I received that weird email as well. The 'from' address is prodawez [at] teleworm [dot] us .

PS. The Russian message says something like: 'Are you interested in databases?'

Offline

#3 2019-10-25 09:04:53

Lupo Alberto
Member
From: Gomel, Belarus
Registered: 2013-11-25
Posts: 71

Re: [SOLVED] Has the arch-announce mailing list been hacked?

I've gotten this spam too.

Offline

#4 2019-10-25 09:13:16

thewall
Member
Registered: 2012-09-17
Posts: 17

Re: [SOLVED] Has the arch-announce mailing list been hacked?

There an email address to contact the owner: arch-announce-owner@archlinux.org
Do you think it is safe to contact him? Or we could expose our email addresses to the spammer?

Offline

#5 2019-10-25 09:46:09

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 529
Website

Re: [SOLVED] Has the arch-announce mailing list been hacked?

thewall wrote:

There an email address to contact the owner: arch-announce-owner@archlinux.org
Do you think it is safe to contact him? Or we could expose our email addresses to the spammer?

If the mailing list indeed has been compromised, this is surely a possiblility.
You could write an email there from a burner address.

Offline

#6 2019-10-25 11:35:43

mxfm
Member
Registered: 2015-10-23
Posts: 113

Re: [SOLVED] Has the arch-announce mailing list been hacked?

schard wrote:

Today I got an email from the arch-announce mailing list:

Вас интересуют базы данных?
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announce

Did anybody else get this?
Was the mailing list system compromised?
Has data been leaked?

There is nothing suprising here, this is just a regular spam. There is no point in creating forum thread and replying to spam in mailing list.

This type of spam is quite common. I am subscriber of 5-7 technical mailing lists and I received this message ("Вас интересуют базы данных") almost at each list approximately 1-2 times in a month.

Offline

#7 2019-10-25 11:41:02

mxfm
Member
Registered: 2015-10-23
Posts: 113

Re: [SOLVED] Has the arch-announce mailing list been hacked?

thewall wrote:

Hello. I came here this morning to write the same. I received that weird email as well. The 'from' address is prodawez [at] teleworm [dot] us .

PS. The Russian message says something like: 'Are you interested in databases?'

'prodawez' is transliteration of russian world 'merchandiser'. Your translation is correct. By 'databases' he means either client (commercial) databases, or leaked databased containing personal information (Russia is bad in keeping personal information undisclosed).

schard wrote:

If the mailing list indeed has been compromised, this is surely a possiblility.
You could write an email there from a burner address.

I don't remember whether unsubscribers are allowed to post to the list. Anyway, since list is free, such restriction can be easily circumvented.

Since there is nothing really here, this thread can be closed.

Last edited by mxfm (2019-10-25 11:43:47)

Offline

#8 2019-10-25 12:18:04

progandy
Member
Registered: 2012-05-17
Posts: 3,580

Re: [SOLVED] Has the arch-announce mailing list been hacked?

mxfm wrote:

There is nothing suprising here, this is just a regular spam. There is no point in creating forum thread and replying to spam in mailing list.

The surprising thing is that sending mail via arch-announce should be restricted to selected mail addresses and it still happened.

Last edited by progandy (2019-10-25 14:03:24)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#9 2019-10-25 12:20:08

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 529
Website

Re: [SOLVED] Has the arch-announce mailing list been hacked?

mxfm wrote:

I don't remember whether unsubscribers are allowed to post to the list.

No, only authorized personnell can send emails to that mailing list.
Which suggests that either a security vulnerability of the mailing list system has been exploited or one of the authorized accounts has been compromised.

mxfm wrote:

Anyway, since list is free, such restriction can be easily circumvented.

I call bullshit. If the email addresses are securely stored and emails can be sent only with prior authentication, either there's a security issue or credentials have been leaked.
If it is just one of those spam systems, that check the sending authorization by only checking the sender email, it should be migrated to a more secure solution in order to mitigate spam.
I did not subscribe to the mailing lists to receive spam.

mxfm wrote:

Since there is nothing really here, this thread can be closed.

Let's let the moderators decide this, shall we?

Offline

#10 2019-10-25 13:40:18

mxfm
Member
Registered: 2015-10-23
Posts: 113

Re: [SOLVED] Has the arch-announce mailing list been hacked?

schard wrote:

No, only authorized personnell can send emails to that mailing list.
Which suggests that either a security vulnerability of the mailing list system has been exploited or one of the authorized accounts has been compromised.

Then spammers have found the loophole.

schard wrote:

I call bullshit. If the email addresses are securely stored and emails can be sent only with prior authentication, either there's a security issue or credentials have been leaked.
If it is just one of those spam systems, that check the sending authorization by only checking the sender email, it should be migrated to a more secure solution in order to mitigate spam.
I did not subscribe to the mailing lists to receive spam.

Anyway, I see little sense in discussing this issue at forum.

schard wrote:

Let's let the moderators decide this, shall we?

... which does not prohibit to ask mods to close the the thread.

Offline

#11 2019-10-25 15:31:59

DevAlone
Member
Registered: 2018-10-31
Posts: 20

Re: [SOLVED] Has the arch-announce mailing list been hacked?

I got the same message too

Offline

#12 2019-10-25 17:12:55

loqs
Member
Registered: 2014-03-06
Posts: 9,062

Re: [SOLVED] Has the arch-announce mailing list been hacked?

Offline

#13 2019-10-25 19:16:16

Makersmarx
Member
From: Costa Rica
Registered: 2018-04-17
Posts: 23

Re: [SOLVED] Has the arch-announce mailing list been hacked?

Well hopefully its addressed, I didn't sign up to get "spam" mail from an email that is only utilized for news alerts etc...Just got a second one titled "poster password test" It also includes a link that I would suggest no one to click

Offline

#14 2019-10-25 19:18:47

theodore
Member
Registered: 2008-09-09
Posts: 111

Re: [SOLVED] Has the arch-announce mailing list been hacked?

got the initial mail here as well

and just now I got another one with the following message:

definitely there is something wrong.

Last edited by theodore (2019-10-25 19:22:09)

Offline

#15 2019-10-25 20:29:44

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 28,113
Website

Re: [SOLVED] Has the arch-announce mailing list been hacked?

Its been fixed. The second email was testing the fix.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Online

#16 2019-10-25 21:14:35

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 9,139
Website

Re: [SOLVED] Has the arch-announce mailing list been hacked?


Sakura:-
Mobo: MSI X299 TOMAHAWK ARCTIC // Processor: Intel Core i7-7820X 3.6GHz // GFX: nVidia GeForce GTX 970 // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 5x 1TB HDD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#17 2019-10-25 23:36:41

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 529
Website

Re: [SOLVED] Has the arch-announce mailing list been hacked?

@jasonwryan,wormzy
Thanks for the follow up.

Offline

Board footer

Powered by FluxBB