Kalbfleisch, Gary writes: > Kalbfleisch, Gary responds: > > Messages are batchable, but administrative tasks are not. As you > noted you must tick each box, and yes I'm talking pages and pages > of bogus subscription requests. Quite tedious.
This would be a bigger problem than losing valid requests if it was frequent. > I think these too should be batchable but perhaps separately. What > I would like to be able to do is to change all administrative > messages to discard (or whatever) with one click, then go back and > change the legitimate subscription requests back to accept. I regularly lose posts to mailing lists because of this way of doing things. > After analyzing the httpd logs I have identified three primary > sources of the bogus subscription requests, the most predominant > being associated with http://mailbait.info. Wonderful. Not much Mailman can do about the network-level DoS, but I suppose the web interface could filter on referrers. If mailbait.info is in the Referrer header, return a 404. ;-) > > If you have suggestions for the admin interface, that would be very > > helpful. Even if you don't have a lot of confidence in them, this is > > a hard problem that requires wild ideas. > > > > CAPTCHA for subscription requests would go a long way in preventing > this type of exploitation. I'm pretty sure there are third-party extensions for this. I'm dubious about the net value of CAPTCHAs. Personally, I generally take a CAPTCHA as a "NO TRESPASSING -- THIS MEANS YOU!" sign, and don't go back. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
