Mark Sapiro writes: > They probably aren't using the subscribe form on the listinfo page but > rather posting the data directly to the subscribe CGI. Try moving > mailman's cgi-bin/subscribe aside to totally disable web subscribe.
Yeah, this seems like a different attack from the last one I heard about (a CGI on a 3rd party site that would sign the victim up for about 400 *different* MLs), but that one also hit the subscribe URL directly. How hard would it be to use security-by-obscurity, ie, to just move the subscribe URL to a different location and change the links on the subscribe pages? ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
