Writing

Feed Software, technology, sysadmin war stories, and more.

Sunday, January 15, 2012

Rogue user spams entire userbase; I fire back

I used to run Unix systems and networks for a public school district. For those who aren't familiar with this sort of situation, this meant that taxpayer money paid my salary (or consulting fees) and bought all of the equipment we were using. It also kept the lights on.

As a result, you weren't allowed to do various things with it, like using it for your own commercial gain, or electioneering, or sending around other political garbage. Now, with that said, some of our users did that anyway. One time, one of my users did something particularly evil which demanded an appropriately evil response from me.

We had this mailing list which would go to the entire group of local users. It was about 1,500 users in all: faculty, staff, administrators, janitors, and so on, across all of our locations. It was auto-generated every night and ran via majordomo (yes, this was a long time ago). I had set up some restrictions so that only the superintendent and his official PR person could mail it directly. Anyone else would be rejected.

The reason for something like this should be obvious, but for those who haven't experienced the joy of what happens, I will explain why. All it takes is one person to push out a mail to a list like this which does not belong, and then a bunch of people will "reply all" which goes back to the list itself, and it will just go around and around. Pretty soon you have a full-fledged idiot convention on your hands.

For years, this worked fine. You couldn't use the wide-distribution list to mail everyone. There were plenty of smaller lists which could be used to reach groups of people: English teachers, math teachers, just the teachers at school X or Y, and so on. Life was good.

Then, one day, this one user decided to get clever. I pieced together what happened from the logs. She tried to mail the "all" list. majordomo did its job and rejected it.

This didn't stop my twit. The next thing she did was to mail majordomo itself and sent the command to list everyone who happened to be subscribed to a list. I think I had the system configured to only give that sort of info to other subscribers, and since she was a subscriber, it gladly supplied it.

She then took this list, loaded it into Outlook or Eudora or whatever, and proceeded to send out her own mail with 1500 recipients. It was some ridiculous chain letter thing which had no business being on this system.

I decided to teach her a little lesson about why we don't abuse e-mail systems, and how useless they can become when people poop in the shared well. I went digging through my mail archives and got a bunch of "From:" lines from the past half-decade or so of messages. Then I split them out and broke them into first names and last names.

Next, I put together a bunch of adjectives like important, delayed, executive, official and persistent. After that, I had nouns: book, tv show, suspension, account, paradigm, picnic, analysis and so on.

This plus a bunch of mixed up components obtained from real e-mail addresses (plus a little fuzzing) gave me things like this:

  From: Dirk-Willem Xian <ximage@patch.example.com>
  Subject: Marketing TV show

  From: Bob Dilger <Tangui@bizarre.example.net>
  Subject: Unresolved get-together

After that, I wrote a date generator. It would make up dates in the past week or so, all with different time zones.

Finally, I needed something to generate the body of the mail. I decided to use\ dadadodo on an archive of mail from various mailing lists. dadadodo is a fun little toy by jwz which will learn from a bunch of text and will generate more text which resembles it.

The resulting mails look reasonable in your mailer where you see subjects and sender information, but as soon as you open it, you are confronted with insanity.

I rigged this up to dump directly into her mailbox in exactly the same quantity as her own spew run: 1,500 mails. Also, instead of just dumping it all out at once, I spread it out. After all, if it came in at once, she could just declare e-mail bankruptcy and delete everything in that span of time.

By having it run for several days, it would keep her mailbox infected with useless stuff which all had to be manually dispatched and cleaned up. Otherwise, she'd lose too much "real" mail.

That's probably the most BOFHly thing I ever did.

And you thought xkcd 705 was just a comic.


January 16, 2012: This post has an update.