On 01/18/2018 06:19 AM, João Sá Marta wrote:
> There’s the code of that page that sends a subscription request to one of my
> mailing lists
> :document.write(“<iframe frameborder=‘0’
> src=‘http://ml.ci.uc.pt/mailman/subscribe/archport?email="+spam_id+"&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe'
> width='0' height='0'></iframe>");
>
> I am going to put some apache rewrite rules to prevent this, but I don’t know
> if this is the best way to prevent that kind of spam.
>
> Please let me know if you have a better way to deal with this spam.
We have seen some of this in the past. If the subscribed addresses
("+spam_id+" in the above) are such that you can create a regexp to
match them and not match potential real subscribers, you can add such
regexps to GLOBAL_BAN_LIST. Some that we have used in the past are:
^.*\+.*\d{3,}@
^.*@kezukaya\.com$
^[.a-z0-9]{8,}\+[0-9]{4,}@gmail\.com$
^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com
^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com
^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com
Also, you need to set SUBSCRIBE_FORM_SECRET in mm_cfg.py to some string
unique to your site to force a GET of the listinfo page to get a hidden
token that needs to be submitted along with the other data to the
'subscribe' URL. See the documentation of SUBSCRIBE_FORM_SECRET in
Defaults.py
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
