On 10/07/2015 08:15 AM, Rich Kulawiec wrote: > > There are multiple approaches to this: > > 1. Look at the logs. Find out where the subscriptions are coming from, > and firewall out the appropriate network(s) or countries. (See ipdeny.com > for country IP ranges.) > > or > > 2. If you only expect to receive subscriptions from one or a few countries, > then firewall out the entire world and only allow connections from that > small set. > > and/or > > 3. Use the Spamhaus DROP and EDROP lists in your firewall and drop > *all* inbound traffic from and *all* outbound traffic to those ranges. > This achieves lossless compression. (This should be done whether you > do 1 or 2 or neither. It's basic network self-defense.) > > and/or
Except these come from botnets and the IPs are all over the world. > > 4. Collect all the forged subscriptions and have a chat with the email > people at Gmail. It's possible that they can do something about this > on their side. I can put you in touch with someone if need be. And Gmail has nothing to do with this. This is a DOS attack. There may be some intent to harass various gmail users with backscatter, but none of this originates from gmail and the addresses being subscribed may not even be valid gmail addresses, but if they are, I doubt their owners are more than victims. By globally banning the addresses at mail.python.org, we have no backscatter and we block subscription and only say so in the web response to the subscribe form submission. Thus whoever is behind this gains nothing and only causes us the web processing to process their GET and POST. It's hard to see why they continue to hammer us, but we see ever increasing numbers of these, 17341 on Oct 5, 17882 on Oct 6 and 19927 on Oct 7, CEST. These are the number of subscribe attempts that got far enough to be banned. Significant numbers are blocked via IP block lists and some fail because the POST comes too soon after the GET. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
