Hi again,
Thanks for this information. However, I'm not sure this type of CAPTCHA
is very effective any more. The problem is that LLM's can, in my
experience, effortlessly answer the types of self-referencing questions
that have been quite popular with these types of challenges in the past
(What is Virgil's first name? What color is a red dress? If today is
Friday, what is tomorrow? Piano, toothbrush, garbage truck—which of
these do you put in your mouth?). Knowledge-based questions present some
problems as well. Something like "What is the name of this list?" would
be easy for any spammer to answer, since they're subscribing to that
very list. "Who runs this list?" is problematic if someone genuinely
doesn't know. What seems to be getting more popular is proof of work
based CAPTCHAs where your computer has to solve some type of
mathematical problem which takes a certain amount of time, then prove to
the web server that it found the correct solution, or CAPTCHAs based on
heuristics that try to determine if someone is more likely to be a real
human or a bot. I totally get that Mailman version 2 is end of life at
this point, so nothing like this will be implemented, it's just some
thoughts.
I also don't quite understand the motivation for subscribe form
flooding. What does the bad actor gain from sending out tons of
subscribe requests to seemingly random people? Or are they just being
malicious for no reason than that they can?
Thanks,
Jayson
On 6/23/2025 9:47 PM, Mark Sapiro wrote:
On 6/23/25 19:19, Jayson Smith wrote:
I know there's been lots of discussion about the topic of malicious
web subscribes in the past. However, with the two lists I run,
there's a special situation. Almost all people subscribing to these
lists are blind, so a visual CAPTCHA is entirely inappropriate. Are
there any other countermeasures I can take?
Mailman >= 2.1.30 has the ability to add text based captchas to the
subscribe form. If your Mailman 2.1 version is 2.1.30 or later, see
the section beginning with the line
```
# Use a custom question-answer CAPTCHA to protect against subscription
spam.
```
in Defaults.py.
------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/
Member address: arch...@mail-archive.com
