On 10/08/2015 07:51 AM, Rich Kulawiec wrote: > > I'd be curiously to see the logs for these. (I intend to check > them against various address range lists to see if the originating > IP addresses correlate with anything else I'm tracking.)
The results from grep -E 'GET /mailman/listinfo|POST /mailman/subscribe' mail.python.org-ssl_access.log are available at <https://drive.google.com/file/d/0B6k7rjr_EKxzc2wtYWJjQ2s3V2M/view?usp=sharing> This covers from Oct 4 to date CEST and is over 70 MB. Some of the GETs are legitimate retrievals of listinfo pages, but most are associated with these subscribe attempts. And, of course a few GET/POST sequences are legitimate subscribe requests, but the vast majority are these bogus ones. A large number of POSTs have 401 status. These are generated by mod-spamhaus which applies to MS_METHODS POST,PUT,OPTIONS,CONNECT and uses MS_Dns list.blogspambl.com > If they're > coming from botted hosts, then (as noted in the thread) using the XBL > or similar may help. If they're coming from hijacked networks, then > the DROP/EDROP lists may help. If they're coming from...well, without > analyzing the data and looking for patterns, it's hard to say what > will help. But I'm certainly willing to put in some time scripting > and eyeballing even though the most likely outcome is nothing useful. Thank you. Your help will be appreciated. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
