[Koha] WARNING! DO NOT REPLY TO THIS (was Re: Sai Bhalaji D sent you a Friend Request on Yaari)

John Wesley Simpson Hibbs john at swajime.com
Sun Jan 11 04:29:28 NZDT 2009


-------- Forwarded Message --------
From: John Simpson <jms1 at jms1.net>
Reply-to: qmail-patch at jms1.net
To: qmail-patch at jms1.net
Subject: Re: [qmail-patch] Reminder: Please Respond to jaspal's
Invitation
Date: Wed, 7 Jan 2009 06:59:48 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2009-01-07, at 0134, jaspal singla wrote:
>
> jaspal singla wants you to join Yaari!

i doubt it.

this "yaari.com" site is known for highjacking peoples' gmail address  
books.

	http://blogs.sun.com/arungupta/entry/boycott_yaari_com_spam_2

i did some digging through the logs on my own server (which was kind  
of interesting because i try to keep as few logs as possible.)

the address "jaspal at tetrain.com" subscribed to the list on 2008-08-17,  
but has never posted.

the "jaspal.singla at gmail.com" address tried to subscribe at the same  
time, but never finished the process. google's outbound mail doesn't  
always use the same source IP address, and at the time i had been  
testing the "grey3" idea and hadn't whitelisted messages sent to the  
list, so the retries never happened (or they did, but because they  
happened "from" a different IP address, grey3 thought it was another  
"first" message.)

i think what happened here is that this person signed up for this  
"yaari.com" web site, and in the process of his signing up, that web  
site stole his gmail address book (which contained the "qmail-patch"  
and "qmail-patch-subscribe" addresses) without his knowledge, and  
these "yaari.com" a**holes are trying to spam every email address they  
found.

the spam message itself was sent from the IP address 63.167.241.174,  
which is "yaariinvites.com". rather STUPID for a spammer to use his  
own server, unless they truly are trying to be legitimate in how they  
do business... but of course if that were the case, they wouldn't be  
sending unsolicited advertisements in the first place. and given the  
fact that they're stealing peoples' address books, i think we can  
assume that these people are scumbags and deserve to die a slow  
painful death.

i have added 63.167.241.0/24 to my private blacklist, and i recommend  
that others do the same. a scan of the reverse-DNS names in that block  
leads me to believe that the entire block is used for hosting spam  
services. even the name of the company who "owns" it, "frontier vision  
technologies", sounds like a made-up name to try and make a spamming  
company sound legitimate. and their upstream provider, sprint, has a  
history of not caring what their customers do, so long as the bill  
gets paid and the phone doesn't ring constantly for support.

unfortunately, the damage is done. the list address is now on their  
spamming list, which means we'll probably see more of these messages,  
and if they're true scumbags, they'll give or sell those addresses to  
other spammers and we'll start seeing more random addresses subscribe  
and start sending spam.

if this happens, i will switch the list policy to "subscription  
moderated", and require a turing test (i.e. prove to me that you're  
human and you're not a spammer) before approving any new  
subscriptions. i hate to have to do it, but i happen to think that  
having a spam-free list is a good thing.

i also have reason to suspect that the "jaspal.singla at gmail.com" email  
address has been compromised, or that its owner did this deliberately.  
this address subscribed to both the qmail-patch and qmail-patch- 
announce lists on 2009-01-06, and then this spam was sent the very  
next day. as a precaution, i am manually removing this email address  
from the list after sending this message, and adding it to my  
badmailfrom file. i'm pretty sure the legitimate owner, if there is  
one, has the other email address- if they really need for this gmail  
address to be on the list, they can contact me directly, using the  
email address at the bottom of every page on my web site.

for those of you who are curious, THIS is ultimately the responsible  
party, the woman who owns "yaari.com".

	http://www.theculturalconnect.com/magazines/desi/2006-12-12/pro

if anybody is in atlanta, "358 angier av" is the registered address of  
"Yaari Inc.", and is also the address listed in the state filings for  
"Prerna Gupta" and "Parag Chordia", the officers in that corporation.  
it's about two blocks east of the civic center- according to google  
maps' street view it's a little yellow house with a driveway leading  
up to the side of the building. if you get a chance to go by there,  
knock on the door and see if she's there. if so, tell her i said to  
kiss my a**.


>  If you have any concerns
> regarding the content of this message, please email abuse at yaari.com.
> Yaari LLC, 358 Angier Ave, Atlanta, GA 30312

there really IS a "Yaari LLC", or at least there was. the state of  
georgia has a web site where you can check the details, and download  
copies of the actual filing documents involved in creating and  
maintaining a corporation. i have done this, and it turns out that on  
2008-08-12, "Yaari LLC" was converted to "Yaari Inc." (i.e. it's now a  
for-profit corporation.) which means that the required legal notices  
in the message (and on the web site) are WRONG, they identify the  
message as having been sent by a non-existent entity. which means they  
have zero protection under the "you CAN-SPAM" act.

i don't want to spend the time going after these people and having  
charges brought up against them... i've done it before (successfully)  
and i know it to be a major headache, with little or no satisfaction  
to be found at the end of the process, especially if the scumbag  
you're suing is able to just dissolve an LLC and walk away without  
ever having to pay a dime of the court-ordered award and fees.

i just want them to never send spam to my server again.


- ----------------------------------------------------------------
| John M. Simpson    ---   KG4ZOW   ---    Programmer At Large |
| http://www.jms1.net/                         <jms1 at jms1.net> |
- ----------------------------------------------------------------
| http://video.google.com/videoplay?docid=-1656880303867390173 |
- ----------------------------------------------------------------





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAklkmTQACgkQj42MmpAUrRpwuQCgisFGp9gLuF2igNERfILqnULH
5RIAn2QyA8iQ1Tyvx132U8E1zxfUekGc
=MkA/
-----END PGP SIGNATURE-----

-- 
John Wesley Simpson Hibbs <john at swajime.com>
SwaJime's Cove
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20090110/c04ff3ad/attachment.htm 


More information about the Koha mailing list