Put the SUBSCRIBED address on moderation and that will solve the problem of spam hitting the list. Write directly to the subscriber and let them know that their OTHER address that they are posting from is hacked and that they need to change their password and contact the provider about any other action they need to take to fix the problem. Joan In a message dated 7/10/2012 8:56:53 P.M. Eastern Daylight Time, mbousman7@cox.net writes: You called it Joan. Drat. Just saw another one from the same person hit my list. Then scrolled down and saw this from you, I missed it this morning. I’ll see what I can figure out and if not send the headers this way. Thanks!! I just switched back to Outlook from Mircosoft and have I swear they have changed stuff. I like my stuff the way I what it ;). Margy

You called it Joan. Drat. Just saw another one from the same person hit my list. Then scrolled down and saw this from you, I missed it this morning. I'll see what I can figure out and if not send the headers this way. Thanks!! I just switched back to Outlook from Mircosoft and have I swear they have changed stuff. I like my stuff the way I what it ;). Margy From: JYoung6180@aol.com [mailto:JYoung6180@aol.com] Sent: Tuesday, July 10, 2012 4:25 AM To: mbousman7@cox.net; darrellm@sprynet.com; listowners@rootsweb.com Subject: Re: [LO] Will this be removed automatically? Margy- Remember that a quirk of MailMan is that the person can "post" to the list from an address that isn't subscribed to the list provided the REPLY TO address IS subscribed. I've seen this several times in the past week. In my cases the compromised addresses were Yahoo address the spam was being sent from but the subscribed address was the person's actual ISP in the REPLY TO address. Check to be sure you don't need to moderate a REPLY TO address in the spam message. Joan In a message dated 7/10/2012 3:44:54 A.M. Eastern Daylight Time, mbousman7@cox.net writes: Hi, I just did an archive removal for this same address for one of my lists, plus another address for another list just a minute ago. What is weird, in both cases I couldn't put them on moderate because they were already gone...but I received no unsubscribe message for them and I didn't get the usual message stating they had been removed and the lists they were removed from. I notified help desk in both cases from RootsWeb's site and in both messages gave the link and said I had used the removal from archive form and pasted a copy of it, but forgot to say why, I always say spam etc. yikes! Maybe something is not working right or turned off from listmaster... Margy

I usta do that. Then I had a head crash. The /grief/ I went through to get access to all my sites, shouldn't happen to a dawg. In fact, I never DID get access to one site ... It's now a cobweb emeritus. ;) My point being, that if your passwords aren't written down, and your computer dies, password manager may not do you a lot of good. Cheryl Diana Gale Matthiesen wrote: > Good grief, those statistics are appalling. I sympathize with what a > PITA it is to have many passwords, but that's a good reason to use a > password manager. I log in once, at the beginning of each computer > session, then my password manager automatically fills in my passwords, > all of which are quite strong (12 or more characters long, with a mix > of lower case and capital letters, numbers, and at least one symbol). > The only password I use in more than one place is the one to my > RootsWeb mailing lists - I use one for all of them. The only > passwords I do not allow my password manager to handle are the ones to > my bank and PayPal. Those are committed to memory and not written > down, anywhere. > > Diana > >> -----Original Message----- >> From: listowners-bounces@rootsweb.com [mailto:listowners- >> bounces@rootsweb.com] On Behalf Of W David Samuelsen >> Sent: Tuesday, July 10, 2012 6:43 PM >> To: listowners@rootsweb.com >> Subject: [LO] Secure Passwords >> >> http://csis.org/blog/large-e-mail-phishing-scheme-continues-unfold >> - >> this was dated June 25, 2012. >> >> "A researcher who examined the list of stolen accounts found that >> the >> most commonly used password was "123456." Further, 42% used >> lowercase >> letters a-z and only 6% mixed alpha-numeric characters with other >> characters. 20% of the passwords were only 6 letters long. A >> recent >> report by the security firm Sophos found that 40% of people used the >> same password for every website. While phishing schemes prey on all >> users, these statistics strongly demonstrate that internet-users >> need to >> be smarter and more aware in choosing passwords that are more >> difficult >> to crack (using capitalized letters, symbols, and numbers together), >> and >> to vary the passwords they use on the internet." >> >> W. David Samuelsen

Good grief, those statistics are appalling. I sympathize with what a PITA it is to have many passwords, but that's a good reason to use a password manager. I log in once, at the beginning of each computer session, then my password manager automatically fills in my passwords, all of which are quite strong (12 or more characters long, with a mix of lower case and capital letters, numbers, and at least one symbol). The only password I use in more than one place is the one to my RootsWeb mailing lists - I use one for all of them. The only passwords I do not allow my password manager to handle are the ones to my bank and PayPal. Those are committed to memory and not written down, anywhere. Diana > -----Original Message----- > From: listowners-bounces@rootsweb.com [mailto:listowners- > bounces@rootsweb.com] On Behalf Of W David Samuelsen > Sent: Tuesday, July 10, 2012 6:43 PM > To: listowners@rootsweb.com > Subject: [LO] Secure Passwords > > http://csis.org/blog/large-e-mail-phishing-scheme-continues-unfold > - > this was dated June 25, 2012. > > "A researcher who examined the list of stolen accounts found that > the > most commonly used password was "123456." Further, 42% used > lowercase > letters a-z and only 6% mixed alpha-numeric characters with other > characters. 20% of the passwords were only 6 letters long. A > recent > report by the security firm Sophos found that 40% of people used the > same password for every website. While phishing schemes prey on all > users, these statistics strongly demonstrate that internet-users > need to > be smarter and more aware in choosing passwords that are more > difficult > to crack (using capitalized letters, symbols, and numbers together), > and > to vary the passwords they use on the internet." > > W. David Samuelsen > > ------------------------------- > To unsubscribe from the list, please send an email to LISTOWNERS- > request@rootsweb.com with the word 'unsubscribe' without the quotes > in the subject and the body of the message

http://csis.org/blog/large-e-mail-phishing-scheme-continues-unfold - this was dated June 25, 2012. "A researcher who examined the list of stolen accounts found that the most commonly used password was “123456.” Further, 42% used lowercase letters a-z and only 6% mixed alpha-numeric characters with other characters. 20% of the passwords were only 6 letters long. A recent report by the security firm Sophos found that 40% of people used the same password for every website. While phishing schemes prey on all users, these statistics strongly demonstrate that internet-users need to be smarter and more aware in choosing passwords that are more difficult to crack (using capitalized letters, symbols, and numbers together), and to vary the passwords they use on the internet." W. David Samuelsen

Margy- Remember that a quirk of MailMan is that the person can "post" to the list from an address that isn't subscribed to the list provided the REPLY TO address IS subscribed. I've seen this several times in the past week. In my cases the compromised addresses were Yahoo address the spam was being sent from but the subscribed address was the person's actual ISP in the REPLY TO address. Check to be sure you don't need to moderate a REPLY TO address in the spam message. Joan In a message dated 7/10/2012 3:44:54 A.M. Eastern Daylight Time, mbousman7@cox.net writes: Hi, I just did an archive removal for this same address for one of my lists, plus another address for another list just a minute ago. What is weird, in both cases I couldn't put them on moderate because they were already gone...but I received no unsubscribe message for them and I didn't get the usual message stating they had been removed and the lists they were removed from. I notified help desk in both cases from RootsWeb's site and in both messages gave the link and said I had used the removal from archive form and pasted a copy of it, but forgot to say why, I always say spam etc. yikes! Maybe something is not working right or turned off from listmaster... Margy

Hi, I just did an archive removal for this same address for one of my lists, plus another address for another list just a minute ago. What is weird, in both cases I couldn't put them on moderate because they were already gone...but I received no unsubscribe message for them and I didn't get the usual message stating they had been removed and the lists they were removed from. I notified help desk in both cases from RootsWeb's site and in both messages gave the link and said I had used the removal from archive form and pasted a copy of it, but forgot to say why, I always say spam etc. yikes! Maybe something is not working right or turned off from listmaster... Margy -----Original Message----- From: listowners-bounces@rootsweb.com [mailto:listowners-bounces@rootsweb.com] On Behalf Of JYoung6180@aol.com Sent: Monday, July 09, 2012 3:23 PM To: darrellm@sprynet.com; listowners@rootsweb.com Subject: Re: [LO] Will this be removed automatically? Darrell- It saves listmaster a lot of work for you to initiate the removal and report to the HelpDesl what you have done and why. My advice is to put the address on moderated status and wait to see what listmaster does as a result of your notice. Usually, he will check to see if there are OTHER instances (other lists) that this address has hit with the spam and, if so, listmaster will unsub the person globally and let all of the admins know of his action. This is probably the best way to proceed. Let listmaster what is best under each circumstance. The time I deviate from this protocol is if the person contacts me that they know they were hacked and have fixed the problem. If that happens they usually will cooperate and complete the spam removal themselves and they don't need to be unsubbed from other lists. Joan In a message dated 7/9/2012 1:33:45 P.M. Eastern Daylight Time, darrellm@sprynet.com writes: Greetings: I just got a message which made it to the VERMONT list, as confirmed in the archives, that consists only of a presumably malicious link (no, I didn't check it out!) and the RW added footer. The From address -- gstove9999 at aol dot com -- is not (now?) subscribed to the list. I know how to request removal, and am going to proceed to do exactly that. However, as much from curiosity as anything, does anyone have an idea whether the subscriber was removed by RW? Does this mean the message might be removed by them even if I did not request removal? Darrell ------------------------------- To unsubscribe from the list, please send an email to LISTOWNERS-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message

On 7/9/2012 1:25 PM, Paul L LeBlanc wrote: > I would check and if it still there request removal. > I know when I request spam removal "they" check across lists for others. > Why not spend 2 mins of your time to be sure. Paul: The message is gone, as expected, since I requested removal before I posted. Darrell

On 7/9/2012 1:08 PM, David E. Cann wrote: > Darrell, > > No, not unless correctly reported or if RW becomes aware of it by some > means. I have "properly reported" it this morning though, so it should come > out of the archives and appropriate action be taken on the subscribed > account soon, but that doesn't prevent someone else from reporting it as > well or the Admin on the list doing something. > > > David E. Cann David: I had already requested removal before I posted my question. Thanks for the answer. Darrell

Darrell- It saves listmaster a lot of work for you to initiate the removal and report to the HelpDesl what you have done and why. My advice is to put the address on moderated status and wait to see what listmaster does as a result of your notice. Usually, he will check to see if there are OTHER instances (other lists) that this address has hit with the spam and, if so, listmaster will unsub the person globally and let all of the admins know of his action. This is probably the best way to proceed. Let listmaster what is best under each circumstance. The time I deviate from this protocol is if the person contacts me that they know they were hacked and have fixed the problem. If that happens they usually will cooperate and complete the spam removal themselves and they don't need to be unsubbed from other lists. Joan In a message dated 7/9/2012 1:33:45 P.M. Eastern Daylight Time, darrellm@sprynet.com writes: Greetings: I just got a message which made it to the VERMONT list, as confirmed in the archives, that consists only of a presumably malicious link (no, I didn't check it out!) and the RW added footer. The From address -- gstove9999 at aol dot com -- is not (now?) subscribed to the list. I know how to request removal, and am going to proceed to do exactly that. However, as much from curiosity as anything, does anyone have an idea whether the subscriber was removed by RW? Does this mean the message might be removed by them even if I did not request removal? Darrell

Yes, most of the time. After being hijacked last week I automatically got unsubed from all my lists after 8PM Central without notification. I still have about three dozen lists where I am not the Admin I am trying to resub. -----Original Message----- From: Lainee Denton-Jones lainee@earthlink.net Darrell, I know when someone on any of my lists have been removed by Rootsweb I get a copy of the notification with subject line "You have been removed from your list(s)" and giving the reason. Lainee

I would check and if it still there request removal. I know when I request spam removal "they" check across lists for others. Why not spend 2 mins of your time to be sure.

Darrell, No, not unless correctly reported or if RW becomes aware of it by some means. I have "properly reported" it this morning though, so it should come out of the archives and appropriate action be taken on the subscribed account soon, but that doesn't prevent someone else from reporting it as well or the Admin on the list doing something. David E. Cann decann@infionline.net or on Skype at "david.e.cann" -----Original Message----- From: listowners-bounces@rootsweb.com [mailto:listowners-bounces@rootsweb.com] On Behalf Of Darrell A. Martin Sent: Monday, July 09, 2012 1:31 PM To: 'Listowners List Posting' Subject: [LO] Will this be removed automatically? Greetings: I just got a message which made it to the VERMONT list, as confirmed in the archives, that consists only of a presumably malicious link (no, I didn't check it out!) and the RW added footer. The From address -- gstove9999 at aol dot com -- is not (now?) subscribed to the list. I know how to request removal, and am going to proceed to do exactly that. However, as much from curiosity as anything, does anyone have an idea whether the subscriber was removed by RW? Does this mean the message might be removed by them even if I did not request removal? Darrell

Darrell, I know when someone on any of my lists have been removed by Rootsweb I get a copy of the notification with subject line "You have been removed from your list(s)" and giving the reason. Lainee -----Original Message----- From: Darrell A. Martin Sent: Monday, July 09, 2012 12:30 PM To: 'Listowners List Posting' Subject: [LO] Will this be removed automatically? Greetings: I just got a message which made it to the VERMONT list, as confirmed in the archives, that consists only of a presumably malicious link (no, I didn't check it out!) and the RW added footer. The From address -- gstove9999 at aol dot com -- is not (now?) subscribed to the list. I know how to request removal, and am going to proceed to do exactly that. However, as much from curiosity as anything, does anyone have an idea whether the subscriber was removed by RW? Does this mean the message might be removed by them even if I did not request removal? Darrell

Greetings: I just got a message which made it to the VERMONT list, as confirmed in the archives, that consists only of a presumably malicious link (no, I didn't check it out!) and the RW added footer. The From address -- gstove9999 at aol dot com -- is not (now?) subscribed to the list. I know how to request removal, and am going to proceed to do exactly that. However, as much from curiosity as anything, does anyone have an idea whether the subscriber was removed by RW? Does this mean the message might be removed by them even if I did not request removal? Darrell

If you are list admin of the list in question, you do the ultimate step - unsubscribe that subscriber. As for message removal, send via archival remover and send msg to listmaster@rootsweb.com for removal. Right now many lists are under attack from HACKED, not hijacked aol.com accounts TODAY. I counted at least 20 this morning alone. One already hit three times same lists. I can tell the difference - due to sheer number of Cc being attacked, and several actually have names. David Samuelsen On 7/9/2012 11:30 AM, Darrell A. Martin wrote: > Greetings: > > I just got a message which made it to the VERMONT list, as confirmed in > the archives, that consists only of a presumably malicious link (no, I > didn't check it out!) and the RW added footer. The From address -- > gstove9999 at aol dot com -- is not (now?) subscribed to the list. > > I know how to request removal, and am going to proceed to do exactly > that. However, as much from curiosity as anything, does anyone have an > idea whether the subscriber was removed by RW? Does this mean the > message might be removed by them even if I did not request removal? > > Darrell > > > ------------------------------- > To unsubscribe from the list, please send an email to LISTOWNERS-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message >

Thanks so much everyone.  Darrell, thanks for your advice - I was leaning that way because it wasn't genealogy related, but I needed a second opinion.  :) Kind regards, Dee

I though this topic was closed. But any how, since I started it, I will comment once. I was using MY cell phone and FWD some one else's message, I DID not notice the misspelled word. I did change it later in the sub line. How ever since a few want to be picky, some one could look back in their own messages and find item they them selves misspelled. As for Ancestry, selling or not is moot but I thought since its a rumor they are trying to sell OUR HOME, the rest of us might like to know. Now, if I wanted to be a literary and spell perfectly I would take more time. As I see it, LO is like a club of people with similar interests and could be polite to each other. My thoughts were * dumb me * when I noticed the Ancestry was spelled wrong and it was to late, I usually dont post a lot here. But once in a while, I like to be a part of the whole since this is about the only active list I am on any more. Sure nothing on the groups, seems like most moved to the message boards. As for OE - I know many people dont like it, that is fine, I dont like Outlook, thunderbird or Eudora and others, I dont like mail washer and other like prgs, I use gmail not saying I like it or the new policy, but it saves time by filtering spam, I was a beta tester 3 times with MS when they changed internet mail to Outlook and OE, I have a couple 2000 page reference books on OE, there are settings in Internet explorer that control OE and O that stop a lot of what people complain about, I have messages date back to 1998 on here, never had a virus, never lost a message or a message store location. I have several filters that work very well and file those topics in the designated folders where I can check whats going on it a sec. Never had a problem, I also do not get popups and I do not use a pop up blocker, I use a script setting. For those with regular ISP and OE as a possible use, you can use it once its set up right, as for those who just want email with out studying or hassle I would not recommend OE, so it is very fine each to their own. We all get used to how we want our PC to work, its fine, its just part of understanding the whole of a group, every one is different. I respect difference. I dont go hammering on folks because they like this or dont like that. Just understand that and why I like what I do, I made it my comfort zone, it works for me. Dont work for others and I am not running win 7 like some and OE was supposed to be an advanced OE. Some say its to hard to use. I dont know. But I do know, I am sticking with XP as my last upgrade. When it stops working, I stop. My wife is laughing, she thinks I am hooked and will get a new pc with a new oS. Well LO folks, I am just a cool nice guy with a lot of humor and outgoing personality who just likes sharing, on that note, I am outta here, but remember - I dont heckle and laugh at others errors. Dan M = off grid on the desert. ----- Original Message ----- From: "Darrell A. Martin" <darrellm@sprynet.com> To: <listowners@rootsweb.com> Sent: Saturday, July 07, 2012 12:40 PM Subject: Re: [LO] I understand *typos*

Yes, this is a real issue. I work for a state government, and the following is the email we received. I checked my home computers, and I'm fine. > For the past few weeks there have been many stories in the media about computers connectivity to Internet being impacted by a computer virus on July 9th. It is a true story. The FBI has launched an awareness campaign to scan computers for signs of the infection. Visit theFBI website for more information. > The probability of home computer’s infection is higher than work computers. BITS have taken the necessary precautionary steps, and will be monitoring the issue closely. > > For more information please visit www.dcwg.org. This site helps you to test your home computer as well. > > Click on “Detect” in the upper left corner > You will be directed to a new page. Follow the instruction. > If your computer is not infected, you will see a green logo. No additional action is required. > If you see a red logo, you will be directed to tools that can remove the malware. On Jul 8, 2012, at 3:00 AM, listowners-request@rootsweb.com wrote: > > > Today's Topics: > > 1. Question re: DNSChanger Alert (Dee Ferris) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 7 Jul 2012 14:56:58 -0700 (PDT) > From: Dee Ferris <dferris1999@yahoo.com> > Subject: [LO] Question re: DNSChanger Alert > To: "listowners@rootsweb.com" <listowners@rootsweb.com> > Message-ID: > <1341698218.54198.YahooMailNeo@web130206.mail.mud.yahoo.com> > Content-Type: text/plain; charset=iso-8859-1 > > Hi All, > > > > I recently saw an article regarding an internet security issue and a DNS Changer malware alert, that some people may lose their internet service on Monday.?? There is apparently a simple way to check and if affected to remove the problem without losing service.?? It is true, and not a hoax per snopes.com. > > > I will post the link to the article under my signature, if anyone should want to check it.? > > > My question is - should we post this to our lists?? It's not genealogy related, and therefore would of course normally be inappropriate.? But this could be an issue for some of our subscribers. > > I would appreciate your input.? Thanks so much! > > Kind regards, > > Dee > > http://finance.yahoo.com/news/malware-may-knock-thousands-off-063924736.html > http://www.snopes.com/computer/virus/dnschanger.asp >

The quickest way to check your computer is to go directly to the test site. For English, in the U.S., the link is http://www.dns-ok.us/ It will immediately tell you if you are infected or not. Hopefully everyone will get the green light. From: Linnea Miller Sent: Sunday, July 08, 2012 7:18 AM To: listowners@rootsweb.com Subject: Re: [LO] DNSChanger Alert Yes, this is a real issue. I work for a state government, and the following is the email we received. I checked my home computers, and I'm fine. > For the past few weeks there have been many stories in the media about computers connectivity to Internet being impacted by a computer virus on July 9th. It is a true story. The FBI has launched an awareness campaign to scan computers for signs of the infection. Visit theFBI website for more information. > The probability of home computer’s infection is higher than work computers. BITS have taken the necessary precautionary steps, and will be monitoring the issue closely. > > For more information please visit www.dcwg.org. This site helps you to test your home computer as well. > > Click on “Detect” in the upper left corner > You will be directed to a new page. Follow the instruction. > If your computer is not infected, you will see a green logo. No additional action is required. > If you see a red logo, you will be directed to tools that can remove the malware.