Very wide. Vietnam, China, New York, France just at a quick look. I'm looking into fail2ban now. Thanks to those of you who have mentioned it.
On Tue, May 13, 2014 at 3:12 PM, Robert Heller <hel...@deepsoft.com> wrote: > At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen < > billc_li...@greenbuilder.com> wrote: > > > > > I finally got a chance to look over the logs today; this is a widely > > distributed attack, so address blocking is probably futile. > > How widely? It *could* be a /16 subnet (eg distributed over 2^^16 address) > somewhere in an 'odd' part of the world (somewhere your potential > subscriber > base is not likely to be from). > > Even if it is widely distributed, fail2ban might do what you need. The > *worst* the fail2ban would do is make things difficult for a *few* legit > subscription requesters. > > > > > Sorry to be dense, but how do I apply that patch? > > > > Thanks > > > > > > On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro <m...@msapiro.net> wrote: > > > > > On 05/09/2014 12:12 PM, Bill Christensen wrote: > > > > > > > > Is there a way that I can just have it affect this one problematic > > > > list? If I change the name of cgi-bin/subscribe and any references > to > > > > it (at least until the next update), do you think that will make a > > > > difference? > > > > > > > > > It seems to me the easiest way to do this is to apply the attached > patch > > > to Mailman/Cgi/subscribe.py. Change problem_list to the actual list > name > > > and if you don't want the logging, remove the syslog line. > > > > > > But as others have suggested, look at your web server logs (or the > > > subscribe confirmation emails) to get the IP address(es) that are > > > submitting them. If they all come from a single IP or netblock, block > > > that with iptables or whatever firewall you have. > > > > > > -- > > > Mark Sapiro <m...@msapiro.net> The highway is for gamblers, > > > San Francisco Bay Area, California better use your sense - B. Dylan > > > > > > ------------------------------------------------------ > > > Mailman-Users mailing list Mailman-Users@python.org > > > https://mail.python.org/mailman/listinfo/mailman-users > > > Mailman FAQ: http://wiki.list.org/x/AgA3 > > > Security Policy: http://wiki.list.org/x/QIA9 > > > Searchable Archives: > > > http://www.mail-archive.com/mailman-users%40python.org/ > > > Unsubscribe: > > > > https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com > > > > > ------------------------------------------------------ > > Mailman-Users mailing list Mailman-Users@python.org > > https://mail.python.org/mailman/listinfo/mailman-users > > Mailman FAQ: http://wiki.list.org/x/AgA3 > > Security Policy: http://wiki.list.org/x/QIA9 > > Searchable Archives: > http://www.mail-archive.com/mailman-users%40python.org/ > > Unsubscribe: > https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com > > > > > > -- > Robert Heller -- 978-544-6933 / hel...@deepsoft.com > Deepwoods Software -- http://www.deepsoft.com/ > () ascii ribbon campaign -- against html e-mail > /\ www.asciiribbon.org -- against proprietary attachments > > > > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
