[feature request] git-daemon http connection filtering of client types
Hey folks,
When I checked for false positives in my spam this morning, I spotted
an interesting malformed img link at the top of a spam message.
{snip}
http://git.{snip}.n2.nabble.com/file/{snip}/t3.jpg
Employ a medal tiffany bracelet {snip} a is
{snip}
So, apparently git-daemon's http features are being used by spammers.
In most cases, spam filters will correctly identify this junk.
I wonder if there is a better way... In my mental sandbox, git-daemon
http could have a set of deny/allow rules for incoming connection
client types.
e.g.:
git: allow
git-http: allow
thunderbird: deny
outlook express: replace linked file with rickroll.jpg
and so on.. An out-of-the-box install probably should default to
allow all to keep backward compatibility.
While I'd love a chance to hack something out, I sadly doubt I'll ever
have the time for it. Perhaps there is a student hacker looking for a
project.
Cheers!
-phil
p.s. appologies to anyone who now has Astley's song stuck in their
head. This was not intentional.
--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [feature request] git-daemon http connection filtering of client types
On Thu, Jan 31, 2013 at 1:46 PM, porpen+...@gmail.com wrote:
Hey folks,
When I checked for false positives in my spam this morning, I spotted
an interesting malformed img link at the top of a spam message.
{snip}
http://git.{snip}.n2.nabble.com/file/{snip}/t3.jpg
Employ a medal tiffany bracelet {snip} a is
{snip}
So, apparently git-daemon's http features are being used by spammers.
Not at all. You appear to be referring to the message from
http://git.661346.n2.nabble.com/tiffany-bracelet-On-your-Significant-other-td7575440.html
This isn't a running instance of git-daemon, it's a web front-end for
the mailing list. It seems nabble allows image-attachments, and that's
what you're seeing; an attached image to a spam-email that was sent to
the git-mailing list through nabble.
The message contains HTML to display the image, and the git mailing
list rejects HTML messages. So the only ones who should be able to get
these spam-emails are users who subscribe through nabble. If you
subscribe through vger instead
(http://vger.kernel.org/vger-lists.html#git), you should get less
spam.
In most cases, spam filters will correctly identify this junk.
I wonder if there is a better way... In my mental sandbox, git-daemon
http could have a set of deny/allow rules for incoming connection
client types.
e.g.:
git: allow
git-http: allow
thunderbird: deny
outlook express: replace linked file with rickroll.jpg
and so on.. An out-of-the-box install probably should default to
allow all to keep backward compatibility.
Git-daemon doesn't have an http-feature. You are probably thinking
about git-http-backend, but that's an CGI; the http-daemon invoking it
should already be able to filter connections. So, I don't think
there's anything that needs to be done to be able to block spammers
from git-servers. Blocking spammers from nabble is a different manner,
and is something you'll have to take up with the nabble staff.
--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [feature request] git-daemon http connection filtering of client types
Hey folks, On 31 January 2013 08:22, Erik Faye-Lund kusmab...@gmail.com wrote: This isn't a running instance of git-daemon, it's a web front-end for the mailing list. It seems nabble allows image-attachments, and that's what you're seeing; an attached image to a spam-email that was sent to the git-mailing list through nabble. oops.. yes, I see it now. I should have spotted that earlier. Sorry about the list noise. The message contains HTML to display the image, and the git mailing list rejects HTML messages. So the only ones who should be able to get these spam-emails are users who subscribe through nabble. If you subscribe through vger instead (http://vger.kernel.org/vger-lists.html#git), you should get less spam. I have never subscribed to anything via nabble. ^Zcat blessings | wc -l Git-daemon doesn't have an http-feature. You are probably thinking about git-http-backend, but that's an CGI; the http-daemon invoking it should already be able to filter connections. So, I don't think there's anything that needs to be done to be able to block spammers from git-servers. Blocking spammers from nabble is a different manner, and is something you'll have to take up with the nabble staff. Agreed.. and I won't waste my time with nabble. I'll just set procmeil to file new threads from nabble into a penalty box for now and start a whitelist. Perhaps I'll come up with something more elegant/automated later. So, I guess my feature request is resolved. Cheers! -phil -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
