On 06/09/2014 04:11 PM, Rich Kulawiec wrote: > > This is a first-cut, mildly sloppy script that will try to match some > patterns of interest that I've noticed in my "subscribe" log and that > might be in yours. ... > > Here is what the last 10 lines of its output look like on my system: > > Jun 06 00:14:32 2014 ehkfioxlkrr <[email protected]> 62.210.226.131 > Jun 06 13:23:16 2014 norchmecn <[email protected]> 86.51.26.20 > Jun 07 02:06:20 2014 eljult <[email protected]> 86.51.26.11 > Jun 07 13:21:20 2014 dvlevbpj <[email protected]> 210.14.138.102 > Jun 07 15:41:10 2014 sdbdelkv <[email protected]> 86.51.26.18 > Jun 07 16:17:10 2014 yqrebrgipo <[email protected]> 86.51.26.20 > Jun 08 06:37:12 2014 cihjwn <[email protected]> 202.143.148.58 > Jun 08 06:55:47 2014 ehxvwgrboo <[email protected]> 86.51.26.21 > Jun 08 23:47:58 2014 qqpluym <[email protected]> 190.14.219.166 > Jun 09 16:44:15 2014 mloepuj <[email protected]> 172.245.142.194 > > This is forged gibberish, of course. ... > I'm curious. First, is anybody else seeing these?
Some people are. > Second, does2.1.16 or later > anyone have a theory as to their purpose? They are spammers attempting to subscribe to your list(s) via POSTs to the web subscribe CGI. Presumably if they successfully subscribe, they will then spam the list. If you have Mailman 2.1.16 or later, you can mitigate this by setting SUBSCRIBE_FORM_SECRET = "Some site specific string" in mm_cfg.py. See <https://bugs.launchpad.net/mailman/+bug/1082746>. This is from the NEWS file: There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put a dynamically generated, hidden hash in the listinfo subscribe form and check it upon submission. Setting this will prevent automated processes (bots) from successfully POSTing web subscribes without first retrieving and parsing the form from the listinfo page. The form must also be submitted no later than FORM_LIFETIME nor no earlier than SUBSCRIBE_FORM_MIN_TIME after retrieval. Note that enabling this will break any static subscribe forms on your site. See the description in Defaults.py for more info. (LP: #1082746) -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
