- - - - - - Original message: - - - - - - >Date: Thu, 30 Nov 2023 10:06:10 -0500 >From: Rich Kulawiec <r...@gsp.org> > >Over the past couple of months, I've observed a series of attacks >against Mailman that are likely related because they use the same >tactic every time.
Hi Rich, attacks against mailman usually come without a referer, so I have found the following approach to work: I create a landing page for the mailing list that introduces the list, explains the signup process, and contains a button with a link to the list interface. Via the ".htaccess" file I ensure that the list interface itself can only be accessed if there is a referer that contains the domain of the landing page - any other access will causes a blank page to be served. Result: no spam. The same approach also works with blogs and keeps search engines at bay. Humans can (and, if motivated, will) go beyond the landing page but machines will be blocked. HTH Ian -- ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
