Mark's fix: If your Mailman is at least 2.1.16, all you need to do is set
SUBSCRIBE_FORM_SECRET = 'Some string unique to your site" in mm_cfg.py, and that attack will no longer work. Is working fine. But thanks for the alternative suggestions. I've got a copy of fail2ban ready to install but just haven't had time to configure it yet. On Wed, May 20, 2015 at 9:07 AM, Adam McGreggor <adam-mail...@amyl.org.uk> wrote: > On Wed, May 20, 2015 at 02:38:01PM +0100, David Osborne wrote: > > On 15/05/15 05:32, Bill Christensen wrote: > > >I long ago routed real users to an alternative signup, but the spam > > >keeps coming, unrelenting, and are now anywhere between 1k and 10k per > day. > > > > One of our lists was spammed in a similar way. The approach I took > > was to configure Apache to allow requests to /mailman/subscribe only > > when the referring page was on our server: > > I've used mod_security/fail2ban in the past, both work as well as > might be expected. > > […] > > > This message and any attachment are intended solely for the addressee > > and may contain confidential information. If you have received this > > message in error, please send it back to me, and immediately delete > > it. > > Hum. > > > -- > "Celebrity can be malign in that it becomes a form of idolatry, and > people live their lives vicariously through the rich and famous rather > than attending to their own lives." > -- John Sentamu > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users@python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: > http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
