On 12/22/2016 01:53 PM, Jim Popovitch wrote:
>
> I know the GLOBAL_BAN_LIST is for email addrs, but what would it take
> to implement the same (or some field validation logic) for the
> "fullname" field of the subscription page. I'm still seeing a ton of
> subscribe spam attempts, and the fullname field is consistently not a
> text name.
>
>>From nginx log:
>
> [email protected]&fullname=58562fbb70e22...
> [email protected]&fullname=5856315b5b695...
> [email protected]&fullname=5856372a4e2f1...
> [email protected]&fullname=58563aa6664bf...
> [email protected]&fullname=58563ab925ac7...
> [email protected]&fullname=58564566dc31b...
> [email protected]&fullname=5856456df0b96...
> [email protected]&fullname=58564b85ccf98...
If you only want to target user subscribes and not things like admin
mass subscribes and invitations, you could modify Mailman/MailList.py in
the AddMember() method around line 894
pattern = self.GetBannedPattern(email)
change that to
pattern = (self.GetBannedPattern(email) or
self.GetBannedPattern(realname))
Then you could add patterns like, e.g., '^[0-9af]{10,}' to the
GLOBAL_BAN_LIST to match those real names.
--
Mark Sapiro <[email protected]> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list [email protected]
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
