[feature request] git-daemon http connection filtering of client types
Hey folks, When I checked for false positives in my spam this morning, I spotted an interesting malformed img link at the top of a spam message. {snip} http://git.{snip}.n2.nabble.com/file/{snip}/t3.jpg Employ a medal tiffany bracelet {snip} a is {snip} So, apparently git-daemon's http features are being used by spammers. In most cases, spam filters will correctly identify this junk. I wonder if there is a better way... In my mental sandbox, git-daemon http could have a set of deny/allow rules for incoming connection client types. e.g.: git: allow git-http: allow thunderbird: deny outlook express: replace linked file with rickroll.jpg and so on.. An out-of-the-box install probably should default to allow all to keep backward compatibility. While I'd love a chance to hack something out, I sadly doubt I'll ever have the time for it. Perhaps there is a student hacker looking for a project. Cheers! -phil p.s. appologies to anyone who now has Astley's song stuck in their head. This was not intentional. -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [feature request] git-daemon http connection filtering of client types
On Thu, Jan 31, 2013 at 1:46 PM, porpen+...@gmail.com wrote: Hey folks, When I checked for false positives in my spam this morning, I spotted an interesting malformed img link at the top of a spam message. {snip} http://git.{snip}.n2.nabble.com/file/{snip}/t3.jpg Employ a medal tiffany bracelet {snip} a is {snip} So, apparently git-daemon's http features are being used by spammers. Not at all. You appear to be referring to the message from http://git.661346.n2.nabble.com/tiffany-bracelet-On-your-Significant-other-td7575440.html This isn't a running instance of git-daemon, it's a web front-end for the mailing list. It seems nabble allows image-attachments, and that's what you're seeing; an attached image to a spam-email that was sent to the git-mailing list through nabble. The message contains HTML to display the image, and the git mailing list rejects HTML messages. So the only ones who should be able to get these spam-emails are users who subscribe through nabble. If you subscribe through vger instead (http://vger.kernel.org/vger-lists.html#git), you should get less spam. In most cases, spam filters will correctly identify this junk. I wonder if there is a better way... In my mental sandbox, git-daemon http could have a set of deny/allow rules for incoming connection client types. e.g.: git: allow git-http: allow thunderbird: deny outlook express: replace linked file with rickroll.jpg and so on.. An out-of-the-box install probably should default to allow all to keep backward compatibility. Git-daemon doesn't have an http-feature. You are probably thinking about git-http-backend, but that's an CGI; the http-daemon invoking it should already be able to filter connections. So, I don't think there's anything that needs to be done to be able to block spammers from git-servers. Blocking spammers from nabble is a different manner, and is something you'll have to take up with the nabble staff. -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [feature request] git-daemon http connection filtering of client types
Hey folks, On 31 January 2013 08:22, Erik Faye-Lund kusmab...@gmail.com wrote: This isn't a running instance of git-daemon, it's a web front-end for the mailing list. It seems nabble allows image-attachments, and that's what you're seeing; an attached image to a spam-email that was sent to the git-mailing list through nabble. oops.. yes, I see it now. I should have spotted that earlier. Sorry about the list noise. The message contains HTML to display the image, and the git mailing list rejects HTML messages. So the only ones who should be able to get these spam-emails are users who subscribe through nabble. If you subscribe through vger instead (http://vger.kernel.org/vger-lists.html#git), you should get less spam. I have never subscribed to anything via nabble. ^Zcat blessings | wc -l Git-daemon doesn't have an http-feature. You are probably thinking about git-http-backend, but that's an CGI; the http-daemon invoking it should already be able to filter connections. So, I don't think there's anything that needs to be done to be able to block spammers from git-servers. Blocking spammers from nabble is a different manner, and is something you'll have to take up with the nabble staff. Agreed.. and I won't waste my time with nabble. I'll just set procmeil to file new threads from nabble into a penalty box for now and start a whitelist. Perhaps I'll come up with something more elegant/automated later. So, I guess my feature request is resolved. Cheers! -phil -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html